projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Use LE connection parameters if known
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
730f091b 38#define MGMT_REVISION 7
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
e70bb2e8
JH		 89};
90
91static const u16 mgmt_events[] = {
92 MGMT_EV_CONTROLLER_ERROR,
93 MGMT_EV_INDEX_ADDED,
94 MGMT_EV_INDEX_REMOVED,
95 MGMT_EV_NEW_SETTINGS,
96 MGMT_EV_CLASS_OF_DEV_CHANGED,
97 MGMT_EV_LOCAL_NAME_CHANGED,
98 MGMT_EV_NEW_LINK_KEY,
99 MGMT_EV_NEW_LONG_TERM_KEY,
100 MGMT_EV_DEVICE_CONNECTED,
101 MGMT_EV_DEVICE_DISCONNECTED,
102 MGMT_EV_CONNECT_FAILED,
103 MGMT_EV_PIN_CODE_REQUEST,
104 MGMT_EV_USER_CONFIRM_REQUEST,
105 MGMT_EV_USER_PASSKEY_REQUEST,
106 MGMT_EV_AUTH_FAILED,
107 MGMT_EV_DEVICE_FOUND,
108 MGMT_EV_DISCOVERING,
109 MGMT_EV_DEVICE_BLOCKED,
110 MGMT_EV_DEVICE_UNBLOCKED,
111 MGMT_EV_DEVICE_UNPAIRED,
92a25256 112 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 113 MGMT_EV_NEW_IRK,
7ee4ea36 114 MGMT_EV_NEW_CSRK,
e70bb2e8
JH		 115};
116
17b02e62 117#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 118
4b34ee78
JH		 119#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
120 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
121
eec8d2bc
JH		 122struct pending_cmd {
123 struct list_head list;
fc2f4b13 124 u16 opcode;
eec8d2bc 125 int index;
c68fb7ff 126 void *param;
eec8d2bc 127 struct sock *sk;
e9a416b5 128 void *user_data;
eec8d2bc
JH		 129};
130
ca69b795
JH		 131/* HCI to MGMT error code conversion table */
132static u8 mgmt_status_table[] = {
133 MGMT_STATUS_SUCCESS,
134 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
135 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
136 MGMT_STATUS_FAILED, /* Hardware Failure */
137 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
138 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 139 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 140 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
141 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
142 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
144 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
145 MGMT_STATUS_BUSY, /* Command Disallowed */
146 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
147 MGMT_STATUS_REJECTED, /* Rejected Security */
148 MGMT_STATUS_REJECTED, /* Rejected Personal */
149 MGMT_STATUS_TIMEOUT, /* Host Timeout */
150 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
151 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
152 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
153 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
154 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
155 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
156 MGMT_STATUS_BUSY, /* Repeated Attempts */
157 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
158 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
159 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
160 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
161 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
162 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
163 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
164 MGMT_STATUS_FAILED, /* Unspecified Error */
165 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
166 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
167 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
168 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
169 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
170 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
171 MGMT_STATUS_FAILED, /* Unit Link Key Used */
172 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
173 MGMT_STATUS_TIMEOUT, /* Instant Passed */
174 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
175 MGMT_STATUS_FAILED, /* Transaction Collision */
176 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
177 MGMT_STATUS_REJECTED, /* QoS Rejected */
178 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
179 MGMT_STATUS_REJECTED, /* Insufficient Security */
180 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
181 MGMT_STATUS_BUSY, /* Role Switch Pending */
182 MGMT_STATUS_FAILED, /* Slot Violation */
183 MGMT_STATUS_FAILED, /* Role Switch Failed */
184 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
185 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
186 MGMT_STATUS_BUSY, /* Host Busy Pairing */
187 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
188 MGMT_STATUS_BUSY, /* Controller Busy */
189 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
190 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
191 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
192 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
193 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
194};
195
196static u8 mgmt_status(u8 hci_status)
197{
198 if (hci_status < ARRAY_SIZE(mgmt_status_table))
199 return mgmt_status_table[hci_status];
200
201 return MGMT_STATUS_FAILED;
202}
203
4e51eae9 204static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 205{
206 struct sk_buff *skb;
207 struct mgmt_hdr *hdr;
208 struct mgmt_ev_cmd_status *ev;
56b7d137 209 int err;
f7b64e69 210
34eb525c 211 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 212
790eff44 213 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 214 if (!skb)
215 return -ENOMEM;
216
217 hdr = (void *) skb_put(skb, sizeof(*hdr));
218
dcf4adbf 219 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 220 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 221 hdr->len = cpu_to_le16(sizeof(*ev));
222
223 ev = (void *) skb_put(skb, sizeof(*ev));
224 ev->status = status;
eb55ef07 225 ev->opcode = cpu_to_le16(cmd);
f7b64e69 226
56b7d137
GP		 227 err = sock_queue_rcv_skb(sk, skb);
228 if (err < 0)
f7b64e69
JH		 229 kfree_skb(skb);
230
56b7d137 231 return err;
f7b64e69
JH		 232}
233
aee9b218 234static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 235 void *rp, size_t rp_len)
02d98129
JH		 236{
237 struct sk_buff *skb;
238 struct mgmt_hdr *hdr;
239 struct mgmt_ev_cmd_complete *ev;
56b7d137 240 int err;
02d98129
JH		 241
242 BT_DBG("sock %p", sk);
243
790eff44 244 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 245 if (!skb)
246 return -ENOMEM;
247
248 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 249
dcf4adbf 250 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 251 hdr->index = cpu_to_le16(index);
a38528f1 252 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 253
a38528f1 254 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 255 ev->opcode = cpu_to_le16(cmd);
aee9b218 256 ev->status = status;
8020c16a
SJ		 257
258 if (rp)
259 memcpy(ev->data, rp, rp_len);
02d98129 260
56b7d137
GP		 261 err = sock_queue_rcv_skb(sk, skb);
262 if (err < 0)
02d98129
JH		 263 kfree_skb(skb);
264
e5f0e151 265 return err;
02d98129
JH		 266}
267
04124681
GP		 268static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
269 u16 data_len)
a38528f1
JH		 270{
271 struct mgmt_rp_read_version rp;
272
273 BT_DBG("sock %p", sk);
274
275 rp.version = MGMT_VERSION;
dcf4adbf 276 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 277
aee9b218 278 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 279 sizeof(rp));
a38528f1
JH		 280}
281
04124681
GP		 282static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
283 u16 data_len)
e70bb2e8
JH		 284{
285 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 286 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
287 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 288 __le16 *opcode;
e70bb2e8
JH		 289 size_t rp_size;
290 int i, err;
291
292 BT_DBG("sock %p", sk);
293
294 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
295
296 rp = kmalloc(rp_size, GFP_KERNEL);
297 if (!rp)
298 return -ENOMEM;
299
dcf4adbf
JP		 300 rp->num_commands = cpu_to_le16(num_commands);
301 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 302
303 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
304 put_unaligned_le16(mgmt_commands[i], opcode);
305
306 for (i = 0; i < num_events; i++, opcode++)
307 put_unaligned_le16(mgmt_events[i], opcode);
308
aee9b218 309 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 310 rp_size);
e70bb2e8
JH		 311 kfree(rp);
312
313 return err;
314}
315
04124681
GP		 316static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
317 u16 data_len)
faba42eb 318{
faba42eb 319 struct mgmt_rp_read_index_list *rp;
8035ded4 320 struct hci_dev *d;
a38528f1 321 size_t rp_len;
faba42eb 322 u16 count;
476e44cb 323 int err;
faba42eb
JH		 324
325 BT_DBG("sock %p", sk);
326
327 read_lock(&hci_dev_list_lock);
328
329 count = 0;
bb4b2a9a 330 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 331 if (d->dev_type == HCI_BREDR)
332 count++;
faba42eb
JH		 333 }
334
a38528f1
JH		 335 rp_len = sizeof(*rp) + (2 * count);
336 rp = kmalloc(rp_len, GFP_ATOMIC);
337 if (!rp) {
b2c60d42 338 read_unlock(&hci_dev_list_lock);
faba42eb 339 return -ENOMEM;
b2c60d42 340 }
faba42eb 341
476e44cb 342 count = 0;
8035ded4 343 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 344 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 345 continue;
346
0736cfa8
MH		 347 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
348 continue;
349
fee746b0
MH		 350 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
351 continue;
352
1514b892
MH		 353 if (d->dev_type == HCI_BREDR) {
354 rp->index[count++] = cpu_to_le16(d->id);
355 BT_DBG("Added hci%u", d->id);
356 }
faba42eb
JH		 357 }
358
476e44cb
JH		 359 rp->num_controllers = cpu_to_le16(count);
360 rp_len = sizeof(*rp) + (2 * count);
361
faba42eb
JH		 362 read_unlock(&hci_dev_list_lock);
363
aee9b218 364 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 365 rp_len);
faba42eb 366
a38528f1
JH		 367 kfree(rp);
368
369 return err;
faba42eb
JH		 370}
371
69ab39ea
JH		 372static u32 get_supported_settings(struct hci_dev *hdev)
373{
374 u32 settings = 0;
375
376 settings |= MGMT_SETTING_POWERED;
69ab39ea 377 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 378 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 379
ed3fa31f 380 if (lmp_bredr_capable(hdev)) {
33c525c0 381 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 382 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
383 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 384 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 385 settings |= MGMT_SETTING_BREDR;
386 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 387
388 if (lmp_ssp_capable(hdev)) {
389 settings |= MGMT_SETTING_SSP;
390 settings |= MGMT_SETTING_HS;
391 }
e98d2ce2 392
5afeac14 393 if (lmp_sc_capable(hdev) ||
111902f7 394 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 395 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 396 }
d7b7e796 397
eeca6f89 398 if (lmp_le_capable(hdev)) {
9d42820f 399 settings |= MGMT_SETTING_LE;
eeca6f89 400 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 401 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 402 }
69ab39ea
JH		 403
404 return settings;
405}
406
407static u32 get_current_settings(struct hci_dev *hdev)
408{
409 u32 settings = 0;
410
f1f0eb02 411 if (hdev_is_powered(hdev))
f0d4b78a
MH		 412 settings |= MGMT_SETTING_POWERED;
413
5e5282bb 414 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_CONNECTABLE;
416
1a4d3c4b
JH		 417 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
418 settings |= MGMT_SETTING_FAST_CONNECTABLE;
419
5e5282bb 420 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 421 settings |= MGMT_SETTING_DISCOVERABLE;
422
a8b2d5c2 423 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 424 settings |= MGMT_SETTING_PAIRABLE;
425
56f87901 426 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 427 settings |= MGMT_SETTING_BREDR;
428
06199cf8 429 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 430 settings |= MGMT_SETTING_LE;
431
47990ea0 432 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 433 settings |= MGMT_SETTING_LINK_SECURITY;
434
84bde9d6 435 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 436 settings |= MGMT_SETTING_SSP;
437
6d80dfd0
JH		 438 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
439 settings |= MGMT_SETTING_HS;
440
f3d3444a 441 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 442 settings |= MGMT_SETTING_ADVERTISING;
443
e98d2ce2
MH		 444 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
445 settings |= MGMT_SETTING_SECURE_CONN;
446
0663b297 447 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 448 settings |= MGMT_SETTING_DEBUG_KEYS;
449
0f4bd942
JH		 450 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
451 settings |= MGMT_SETTING_PRIVACY;
452
69ab39ea
JH		 453 return settings;
454}
455
ef580372
JH		 456#define PNP_INFO_SVCLASS_ID 0x1200
457
213202ed
JH		 458static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
459{
460 u8 *ptr = data, *uuids_start = NULL;
461 struct bt_uuid *uuid;
462
463 if (len < 4)
464 return ptr;
465
466 list_for_each_entry(uuid, &hdev->uuids, list) {
467 u16 uuid16;
468
469 if (uuid->size != 16)
470 continue;
471
472 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
473 if (uuid16 < 0x1100)
474 continue;
475
476 if (uuid16 == PNP_INFO_SVCLASS_ID)
477 continue;
478
479 if (!uuids_start) {
480 uuids_start = ptr;
481 uuids_start[0] = 1;
482 uuids_start[1] = EIR_UUID16_ALL;
483 ptr += 2;
484 }
485
486 /* Stop if not enough space to put next UUID */
487 if ((ptr - data) + sizeof(u16) > len) {
488 uuids_start[1] = EIR_UUID16_SOME;
489 break;
490 }
491
492 *ptr++ = (uuid16 & 0x00ff);
493 *ptr++ = (uuid16 & 0xff00) >> 8;
494 uuids_start[0] += sizeof(uuid16);
495 }
496
497 return ptr;
498}
499
cdf1963f
JH		 500static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
501{
502 u8 *ptr = data, *uuids_start = NULL;
503 struct bt_uuid *uuid;
504
505 if (len < 6)
506 return ptr;
507
508 list_for_each_entry(uuid, &hdev->uuids, list) {
509 if (uuid->size != 32)
510 continue;
511
512 if (!uuids_start) {
513 uuids_start = ptr;
514 uuids_start[0] = 1;
515 uuids_start[1] = EIR_UUID32_ALL;
516 ptr += 2;
517 }
518
519 /* Stop if not enough space to put next UUID */
520 if ((ptr - data) + sizeof(u32) > len) {
521 uuids_start[1] = EIR_UUID32_SOME;
522 break;
523 }
524
525 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
526 ptr += sizeof(u32);
527 uuids_start[0] += sizeof(u32);
528 }
529
530 return ptr;
531}
532
c00d575b
JH		 533static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
534{
535 u8 *ptr = data, *uuids_start = NULL;
536 struct bt_uuid *uuid;
537
538 if (len < 18)
539 return ptr;
540
541 list_for_each_entry(uuid, &hdev->uuids, list) {
542 if (uuid->size != 128)
543 continue;
544
545 if (!uuids_start) {
546 uuids_start = ptr;
547 uuids_start[0] = 1;
548 uuids_start[1] = EIR_UUID128_ALL;
549 ptr += 2;
550 }
551
552 /* Stop if not enough space to put next UUID */
553 if ((ptr - data) + 16 > len) {
554 uuids_start[1] = EIR_UUID128_SOME;
555 break;
556 }
557
558 memcpy(ptr, uuid->uuid, 16);
559 ptr += 16;
560 uuids_start[0] += 16;
561 }
562
563 return ptr;
564}
565
eb2a8d20
JH		 566static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
567{
568 struct pending_cmd *cmd;
569
570 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
571 if (cmd->opcode == opcode)
572 return cmd;
573 }
574
575 return NULL;
576}
577
95868426
JH		 578static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
579 struct hci_dev *hdev,
580 const void *data)
581{
582 struct pending_cmd *cmd;
583
584 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
585 if (cmd->user_data != data)
586 continue;
587 if (cmd->opcode == opcode)
588 return cmd;
589 }
590
591 return NULL;
592}
593
f14d8f64
MH		 594static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
595{
7a5f4990
MH		 596 u8 ad_len = 0;
597 size_t name_len;
598
599 name_len = strlen(hdev->dev_name);
600 if (name_len > 0) {
601 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
602
603 if (name_len > max_len) {
604 name_len = max_len;
605 ptr[1] = EIR_NAME_SHORT;
606 } else
607 ptr[1] = EIR_NAME_COMPLETE;
608
609 ptr[0] = name_len + 1;
610
611 memcpy(ptr + 2, hdev->dev_name, name_len);
612
613 ad_len += (name_len + 2);
614 ptr += (name_len + 2);
615 }
616
617 return ad_len;
f14d8f64
MH		 618}
619
620static void update_scan_rsp_data(struct hci_request *req)
621{
622 struct hci_dev *hdev = req->hdev;
623 struct hci_cp_le_set_scan_rsp_data cp;
624 u8 len;
625
7751ef1b 626 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 627 return;
628
629 memset(&cp, 0, sizeof(cp));
630
631 len = create_scan_rsp_data(hdev, cp.data);
632
eb438b5f
JH		 633 if (hdev->scan_rsp_data_len == len &&
634 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 635 return;
636
eb438b5f
JH		 637 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
638 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 639
640 cp.length = len;
641
642 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
643}
644
9a43e25f
JH		 645static u8 get_adv_discov_flags(struct hci_dev *hdev)
646{
647 struct pending_cmd *cmd;
648
649 /* If there's a pending mgmt command the flags will not yet have
650 * their final values, so check for this first.
651 */
652 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
653 if (cmd) {
654 struct mgmt_mode *cp = cmd->param;
655 if (cp->val == 0x01)
656 return LE_AD_GENERAL;
657 else if (cp->val == 0x02)
658 return LE_AD_LIMITED;
659 } else {
660 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
661 return LE_AD_LIMITED;
662 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
663 return LE_AD_GENERAL;
664 }
665
666 return 0;
667}
668
46cad2ed 669static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 670{
671 u8 ad_len = 0, flags = 0;
441ad2d0 672
9a43e25f 673 flags |= get_adv_discov_flags(hdev);
441ad2d0 674
e834004b 675 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 676 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 677
678 if (flags) {
679 BT_DBG("adv flags 0x%02x", flags);
680
681 ptr[0] = 2;
682 ptr[1] = EIR_FLAGS;
683 ptr[2] = flags;
684
685 ad_len += 3;
686 ptr += 3;
687 }
688
689 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
690 ptr[0] = 2;
691 ptr[1] = EIR_TX_POWER;
692 ptr[2] = (u8) hdev->adv_tx_power;
693
694 ad_len += 3;
695 ptr += 3;
696 }
697
441ad2d0
MH		 698 return ad_len;
699}
700
5947f4bc 701static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 702{
703 struct hci_dev *hdev = req->hdev;
704 struct hci_cp_le_set_adv_data cp;
705 u8 len;
706
10994ce6 707 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 708 return;
709
710 memset(&cp, 0, sizeof(cp));
711
46cad2ed 712 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 713
714 if (hdev->adv_data_len == len &&
715 memcmp(cp.data, hdev->adv_data, len) == 0)
716 return;
717
718 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
719 hdev->adv_data_len = len;
720
721 cp.length = len;
722
723 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
724}
725
ef580372
JH		 726static void create_eir(struct hci_dev *hdev, u8 *data)
727{
728 u8 *ptr = data;
ef580372
JH		 729 size_t name_len;
730
731 name_len = strlen(hdev->dev_name);
732
733 if (name_len > 0) {
734 /* EIR Data type */
735 if (name_len > 48) {
736 name_len = 48;
737 ptr[1] = EIR_NAME_SHORT;
738 } else
739 ptr[1] = EIR_NAME_COMPLETE;
740
741 /* EIR Data length */
742 ptr[0] = name_len + 1;
743
744 memcpy(ptr + 2, hdev->dev_name, name_len);
745
ef580372
JH		 746 ptr += (name_len + 2);
747 }
748
bbaf444a 749 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 750 ptr[0] = 2;
751 ptr[1] = EIR_TX_POWER;
752 ptr[2] = (u8) hdev->inq_tx_power;
753
91c4e9b1
MH		 754 ptr += 3;
755 }
756
2b9be137
MH		 757 if (hdev->devid_source > 0) {
758 ptr[0] = 9;
759 ptr[1] = EIR_DEVICE_ID;
760
761 put_unaligned_le16(hdev->devid_source, ptr + 2);
762 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
763 put_unaligned_le16(hdev->devid_product, ptr + 6);
764 put_unaligned_le16(hdev->devid_version, ptr + 8);
765
2b9be137
MH		 766 ptr += 10;
767 }
768
213202ed 769 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 770 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 771 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 772}
773
890ea898 774static void update_eir(struct hci_request *req)
ef580372 775{
890ea898 776 struct hci_dev *hdev = req->hdev;
ef580372
JH		 777 struct hci_cp_write_eir cp;
778
504c8dcd 779 if (!hdev_is_powered(hdev))
890ea898 780 return;
7770c4aa 781
976eb20e 782 if (!lmp_ext_inq_capable(hdev))
890ea898 783 return;
ef580372 784
84bde9d6 785 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 786 return;
ef580372 787
a8b2d5c2 788 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 789 return;
ef580372
JH		 790
791 memset(&cp, 0, sizeof(cp));
792
793 create_eir(hdev, cp.data);
794
795 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 796 return;
ef580372
JH		 797
798 memcpy(hdev->eir, cp.data, sizeof(cp.data));
799
890ea898 800 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 801}
802
803static u8 get_service_classes(struct hci_dev *hdev)
804{
805 struct bt_uuid *uuid;
806 u8 val = 0;
807
808 list_for_each_entry(uuid, &hdev->uuids, list)
809 val |= uuid->svc_hint;
810
811 return val;
812}
813
890ea898 814static void update_class(struct hci_request *req)
ef580372 815{
890ea898 816 struct hci_dev *hdev = req->hdev;
ef580372
JH		 817 u8 cod[3];
818
819 BT_DBG("%s", hdev->name);
820
504c8dcd 821 if (!hdev_is_powered(hdev))
890ea898 822 return;
7770c4aa 823
f87ea1da
JH		 824 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
825 return;
826
a8b2d5c2 827 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 828 return;
ef580372
JH		 829
830 cod[0] = hdev->minor_class;
831 cod[1] = hdev->major_class;
832 cod[2] = get_service_classes(hdev);
833
6acd7db4
MH		 834 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
835 cod[1] |= 0x20;
836
ef580372 837 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 838 return;
ef580372 839
890ea898 840 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 841}
842
a4858cb9 843static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 844{
845 struct pending_cmd *cmd;
199a2fb1
JH		 846
847 /* If there's a pending mgmt command the flag will not yet have
848 * it's final value, so check for this first.
849 */
850 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
851 if (cmd) {
852 struct mgmt_mode *cp = cmd->param;
a4858cb9 853 return cp->val;
199a2fb1
JH		 854 }
855
a4858cb9 856 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 857}
858
859static void enable_advertising(struct hci_request *req)
860{
861 struct hci_dev *hdev = req->hdev;
862 struct hci_cp_le_set_adv_param cp;
8f2a0601 863 u8 own_addr_type, enable = 0x01;
a4858cb9 864 bool connectable;
199a2fb1 865
8d97250e
JH		 866 /* Clear the HCI_ADVERTISING bit temporarily so that the
867 * hci_update_random_address knows that it's safe to go ahead
868 * and write a new random address. The flag will be set back on
869 * as soon as the SET_ADV_ENABLE HCI command completes.
870 */
871 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
872
a4858cb9 873 connectable = get_connectable(hdev);
8f2a0601 874
a4858cb9
JH		 875 /* Set require_privacy to true only when non-connectable
876 * advertising is used. In that case it is fine to use a
877 * non-resolvable private address.
878 */
879 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 880 return;
881
41c90c18 882 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 883 cp.min_interval = cpu_to_le16(0x0800);
884 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 885 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 886 cp.own_address_type = own_addr_type;
199a2fb1
JH		 887 cp.channel_map = hdev->le_adv_channel_map;
888
889 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
890
891 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
892}
893
894static void disable_advertising(struct hci_request *req)
895{
896 u8 enable = 0x00;
897
898 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
899}
900
7d78525d
JH		 901static void service_cache_off(struct work_struct *work)
902{
903 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 904 service_cache.work);
890ea898 905 struct hci_request req;
7d78525d 906
a8b2d5c2 907 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 908 return;
909
890ea898
JH		 910 hci_req_init(&req, hdev);
911
7d78525d
JH		 912 hci_dev_lock(hdev);
913
890ea898
JH		 914 update_eir(&req);
915 update_class(&req);
7d78525d
JH		 916
917 hci_dev_unlock(hdev);
890ea898
JH		 918
919 hci_req_run(&req, NULL);
7d78525d
JH		 920}
921
d6bfd59c
JH		 922static void rpa_expired(struct work_struct *work)
923{
924 struct hci_dev *hdev = container_of(work, struct hci_dev,
925 rpa_expired.work);
926 struct hci_request req;
927
928 BT_DBG("");
929
930 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
931
932 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
933 hci_conn_num(hdev, LE_LINK) > 0)
934 return;
935
936 /* The generation of a new RPA and programming it into the
937 * controller happens in the enable_advertising() function.
938 */
939
940 hci_req_init(&req, hdev);
941
942 disable_advertising(&req);
943 enable_advertising(&req);
944
945 hci_req_run(&req, NULL);
946}
947
6a919082 948static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 949{
4f87da80 950 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 951 return;
952
4f87da80 953 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 954 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 955
4f87da80
JH		 956 /* Non-mgmt controlled devices get this bit set
957 * implicitly so that pairing works for them, however
958 * for mgmt we require user-space to explicitly enable
959 * it
960 */
961 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 962}
963
0f4e68cf 964static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 965 void *data, u16 data_len)
0381101f 966{
a38528f1 967 struct mgmt_rp_read_info rp;
f7b64e69 968
bdb6d971 969 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 970
09fd0de5 971 hci_dev_lock(hdev);
f7b64e69 972
dc4fe30b
JH		 973 memset(&rp, 0, sizeof(rp));
974
69ab39ea 975 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 976
69ab39ea 977 rp.version = hdev->hci_ver;
eb55ef07 978 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 979
980 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
981 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 982
a38528f1 983 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 984
dc4fe30b 985 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 986 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 987
09fd0de5 988 hci_dev_unlock(hdev);
0381101f 989
bdb6d971 990 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 991 sizeof(rp));
0381101f
JH		 992}
993
eec8d2bc
JH		 994static void mgmt_pending_free(struct pending_cmd *cmd)
995{
996 sock_put(cmd->sk);
c68fb7ff 997 kfree(cmd->param);
eec8d2bc
JH		 998 kfree(cmd);
999}
1000
366a0336 1001static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1002 struct hci_dev *hdev, void *data,
1003 u16 len)
eec8d2bc
JH		 1004{
1005 struct pending_cmd *cmd;
1006
fca20018 1007 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1008 if (!cmd)
366a0336 1009 return NULL;
eec8d2bc
JH		 1010
1011 cmd->opcode = opcode;
2e58ef3e 1012 cmd->index = hdev->id;
eec8d2bc 1013
12b94565 1014 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 1015 if (!cmd->param) {
eec8d2bc 1016 kfree(cmd);
366a0336 1017 return NULL;
eec8d2bc
JH		 1018 }
1019
8fce6357
SJ		 1020 if (data)
1021 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1022
1023 cmd->sk = sk;
1024 sock_hold(sk);
1025
2e58ef3e 1026 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1027
366a0336 1028 return cmd;
eec8d2bc
JH		 1029}
1030
744cf19e 1031static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1032 void (*cb)(struct pending_cmd *cmd,
1033 void *data),
04124681 1034 void *data)
eec8d2bc 1035{
a3d09356 1036 struct pending_cmd *cmd, *tmp;
eec8d2bc 1037
a3d09356 1038 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1039 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1040 continue;
1041
eec8d2bc
JH		 1042 cb(cmd, data);
1043 }
1044}
1045
a664b5bc 1046static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1047{
73f22f62
JH		 1048 list_del(&cmd->list);
1049 mgmt_pending_free(cmd);
1050}
1051
69ab39ea 1052static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1053{
69ab39ea 1054 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1055
aee9b218 1056 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1057 sizeof(settings));
8680570b
JH		 1058}
1059
8b064a3a
JH		 1060static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1061{
1062 BT_DBG("%s status 0x%02x", hdev->name, status);
1063
a3172b7e
JH		 1064 if (hci_conn_count(hdev) == 0) {
1065 cancel_delayed_work(&hdev->power_off);
8b064a3a 1066 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1067 }
8b064a3a
JH		 1068}
1069
21a60d30
JH		 1070static void hci_stop_discovery(struct hci_request *req)
1071{
1072 struct hci_dev *hdev = req->hdev;
1073 struct hci_cp_remote_name_req_cancel cp;
1074 struct inquiry_entry *e;
1075
1076 switch (hdev->discovery.state) {
1077 case DISCOVERY_FINDING:
1078 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1079 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1080 } else {
1081 cancel_delayed_work(&hdev->le_scan_disable);
1082 hci_req_add_le_scan_disable(req);
1083 }
1084
1085 break;
1086
1087 case DISCOVERY_RESOLVING:
1088 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1089 NAME_PENDING);
1090 if (!e)
1091 return;
1092
1093 bacpy(&cp.bdaddr, &e->data.bdaddr);
1094 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1095 &cp);
1096
1097 break;
1098
1099 default:
1100 /* Passive scanning */
1101 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1102 hci_req_add_le_scan_disable(req);
1103 break;
1104 }
1105}
1106
8b064a3a
JH		 1107static int clean_up_hci_state(struct hci_dev *hdev)
1108{
1109 struct hci_request req;
1110 struct hci_conn *conn;
1111
1112 hci_req_init(&req, hdev);
1113
1114 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1115 test_bit(HCI_PSCAN, &hdev->flags)) {
1116 u8 scan = 0x00;
1117 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1118 }
1119
1120 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1121 disable_advertising(&req);
1122
f8680f12 1123 hci_stop_discovery(&req);
8b064a3a
JH		 1124
1125 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1126 struct hci_cp_disconnect dc;
c9910d0f
JH		 1127 struct hci_cp_reject_conn_req rej;
1128
1129 switch (conn->state) {
1130 case BT_CONNECTED:
1131 case BT_CONFIG:
1132 dc.handle = cpu_to_le16(conn->handle);
1133 dc.reason = 0x15; /* Terminated due to Power Off */
1134 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1135 break;
1136 case BT_CONNECT:
1137 if (conn->type == LE_LINK)
1138 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1139 0, NULL);
1140 else if (conn->type == ACL_LINK)
1141 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1142 6, &conn->dst);
1143 break;
1144 case BT_CONNECT2:
1145 bacpy(&rej.bdaddr, &conn->dst);
1146 rej.reason = 0x15; /* Terminated due to Power Off */
1147 if (conn->type == ACL_LINK)
1148 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1149 sizeof(rej), &rej);
1150 else if (conn->type == SCO_LINK)
1151 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1152 sizeof(rej), &rej);
1153 break;
1154 }
8b064a3a
JH		 1155 }
1156
1157 return hci_req_run(&req, clean_up_hci_complete);
1158}
1159
bdb6d971 1160static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1161 u16 len)
eec8d2bc 1162{
650f726d 1163 struct mgmt_mode *cp = data;
366a0336 1164 struct pending_cmd *cmd;
4b34ee78 1165 int err;
eec8d2bc 1166
bdb6d971 1167 BT_DBG("request for %s", hdev->name);
eec8d2bc 1168
a7e80f25
JH		 1169 if (cp->val != 0x00 && cp->val != 0x01)
1170 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1171 MGMT_STATUS_INVALID_PARAMS);
1172
09fd0de5 1173 hci_dev_lock(hdev);
eec8d2bc 1174
87b95ba6
JH		 1175 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1176 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1177 MGMT_STATUS_BUSY);
1178 goto failed;
1179 }
1180
f0d4b78a
MH		 1181 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1182 cancel_delayed_work(&hdev->power_off);
1183
1184 if (cp->val) {
a1d70450
JH		 1185 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1186 data, len);
1187 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1188 goto failed;
1189 }
1190 }
1191
4b34ee78 1192 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1193 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1194 goto failed;
1195 }
1196
2e58ef3e 1197 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1198 if (!cmd) {
1199 err = -ENOMEM;
eec8d2bc 1200 goto failed;
366a0336 1201 }
eec8d2bc 1202
8b064a3a 1203 if (cp->val) {
19202573 1204 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1205 err = 0;
1206 } else {
1207 /* Disconnect connections, stop scans, etc */
1208 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1209 if (!err)
1210 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1211 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1212
8b064a3a
JH		 1213 /* ENODATA means there were no HCI commands queued */
1214 if (err == -ENODATA) {
a3172b7e 1215 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1216 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1217 err = 0;
1218 }
1219 }
eec8d2bc
JH		 1220
1221failed:
09fd0de5 1222 hci_dev_unlock(hdev);
366a0336 1223 return err;
eec8d2bc
JH		 1224}
1225
04124681
GP		 1226static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1227 struct sock *skip_sk)
beadb2bd
JH		 1228{
1229 struct sk_buff *skb;
1230 struct mgmt_hdr *hdr;
1231
790eff44 1232 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1233 if (!skb)
1234 return -ENOMEM;
1235
1236 hdr = (void *) skb_put(skb, sizeof(*hdr));
1237 hdr->opcode = cpu_to_le16(event);
1238 if (hdev)
1239 hdr->index = cpu_to_le16(hdev->id);
1240 else
dcf4adbf 1241 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1242 hdr->len = cpu_to_le16(data_len);
1243
1244 if (data)
1245 memcpy(skb_put(skb, data_len), data, data_len);
1246
97e0bdeb
MH		 1247 /* Time stamp */
1248 __net_timestamp(skb);
1249
beadb2bd
JH		 1250 hci_send_to_control(skb, skip_sk);
1251 kfree_skb(skb);
1252
1253 return 0;
1254}
1255
1256static int new_settings(struct hci_dev *hdev, struct sock *skip)
1257{
1258 __le32 ev;
1259
1260 ev = cpu_to_le32(get_current_settings(hdev));
1261
1262 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1263}
1264
bd99abdd
JH		 1265struct cmd_lookup {
1266 struct sock *sk;
1267 struct hci_dev *hdev;
1268 u8 mgmt_status;
1269};
1270
1271static void settings_rsp(struct pending_cmd *cmd, void *data)
1272{
1273 struct cmd_lookup *match = data;
1274
1275 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1276
1277 list_del(&cmd->list);
1278
1279 if (match->sk == NULL) {
1280 match->sk = cmd->sk;
1281 sock_hold(match->sk);
1282 }
1283
1284 mgmt_pending_free(cmd);
1285}
1286
1287static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1288{
1289 u8 *status = data;
1290
1291 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1292 mgmt_pending_remove(cmd);
1293}
1294
e6fe7986
JH		 1295static u8 mgmt_bredr_support(struct hci_dev *hdev)
1296{
1297 if (!lmp_bredr_capable(hdev))
1298 return MGMT_STATUS_NOT_SUPPORTED;
1299 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1300 return MGMT_STATUS_REJECTED;
1301 else
1302 return MGMT_STATUS_SUCCESS;
1303}
1304
1305static u8 mgmt_le_support(struct hci_dev *hdev)
1306{
1307 if (!lmp_le_capable(hdev))
1308 return MGMT_STATUS_NOT_SUPPORTED;
1309 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1310 return MGMT_STATUS_REJECTED;
1311 else
1312 return MGMT_STATUS_SUCCESS;
1313}
1314
bfaf8c9f
JH		 1315static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1316{
1317 struct pending_cmd *cmd;
1318 struct mgmt_mode *cp;
970ba524 1319 struct hci_request req;
bfaf8c9f
JH		 1320 bool changed;
1321
1322 BT_DBG("status 0x%02x", status);
1323
1324 hci_dev_lock(hdev);
1325
1326 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1327 if (!cmd)
1328 goto unlock;
1329
1330 if (status) {
1331 u8 mgmt_err = mgmt_status(status);
1332 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1333 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1334 goto remove_cmd;
1335 }
1336
1337 cp = cmd->param;
d4462a07 1338 if (cp->val) {
bfaf8c9f
JH		 1339 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1340 &hdev->dev_flags);
d4462a07
MH		 1341
1342 if (hdev->discov_timeout > 0) {
1343 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1344 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1345 to);
1346 }
1347 } else {
bfaf8c9f
JH		 1348 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1349 &hdev->dev_flags);
d4462a07 1350 }
bfaf8c9f
JH		 1351
1352 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1353
1354 if (changed)
1355 new_settings(hdev, cmd->sk);
1356
970ba524
MH		 1357 /* When the discoverable mode gets changed, make sure
1358 * that class of device has the limited discoverable
1359 * bit correctly set.
1360 */
1361 hci_req_init(&req, hdev);
1362 update_class(&req);
1363 hci_req_run(&req, NULL);
1364
bfaf8c9f
JH		 1365remove_cmd:
1366 mgmt_pending_remove(cmd);
1367
1368unlock:
1369 hci_dev_unlock(hdev);
1370}
1371
bdb6d971 1372static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1373 u16 len)
73f22f62 1374{
650f726d 1375 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1376 struct pending_cmd *cmd;
bfaf8c9f 1377 struct hci_request req;
5e5282bb 1378 u16 timeout;
9a43e25f 1379 u8 scan;
73f22f62
JH		 1380 int err;
1381
bdb6d971 1382 BT_DBG("request for %s", hdev->name);
73f22f62 1383
9a43e25f
JH		 1384 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1385 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1386 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1387 MGMT_STATUS_REJECTED);
33c525c0 1388
310a3d48 1389 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1390 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1391 MGMT_STATUS_INVALID_PARAMS);
1392
1f350c87 1393 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1394
1395 /* Disabling discoverable requires that no timeout is set,
1396 * and enabling limited discoverable requires a timeout.
1397 */
1398 if ((cp->val == 0x00 && timeout > 0) ||
1399 (cp->val == 0x02 && timeout == 0))
bdb6d971 1400 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1401 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1402
09fd0de5 1403 hci_dev_lock(hdev);
73f22f62 1404
5e5282bb 1405 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1406 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1407 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1408 goto failed;
1409 }
1410
2e58ef3e 1411 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1412 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1413 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1414 MGMT_STATUS_BUSY);
73f22f62
JH		 1415 goto failed;
1416 }
1417
5e5282bb 1418 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1419 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1420 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1421 goto failed;
1422 }
1423
1424 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1425 bool changed = false;
1426
310a3d48
MH		 1427 /* Setting limited discoverable when powered off is
1428 * not a valid operation since it requires a timeout
1429 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1430 */
0224d2fa
JH		 1431 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1432 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1433 changed = true;
1434 }
1435
5e5282bb 1436 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1437 if (err < 0)
1438 goto failed;
1439
1440 if (changed)
1441 err = new_settings(hdev, sk);
1442
5e5282bb
JH		 1443 goto failed;
1444 }
1445
310a3d48
MH		 1446 /* If the current mode is the same, then just update the timeout
1447 * value with the new value. And if only the timeout gets updated,
1448 * then no need for any HCI transactions.
1449 */
1450 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1451 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1452 &hdev->dev_flags)) {
36261547
MH		 1453 cancel_delayed_work(&hdev->discov_off);
1454 hdev->discov_timeout = timeout;
955638ec 1455
36261547
MH		 1456 if (cp->val && hdev->discov_timeout > 0) {
1457 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1458 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1459 to);
955638ec
MH		 1460 }
1461
69ab39ea 1462 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1463 goto failed;
1464 }
1465
2e58ef3e 1466 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1467 if (!cmd) {
1468 err = -ENOMEM;
73f22f62 1469 goto failed;
366a0336 1470 }
73f22f62 1471
310a3d48
MH		 1472 /* Cancel any potential discoverable timeout that might be
1473 * still active and store new timeout value. The arming of
1474 * the timeout happens in the complete handler.
1475 */
1476 cancel_delayed_work(&hdev->discov_off);
1477 hdev->discov_timeout = timeout;
1478
b456f87c
JH		 1479 /* Limited discoverable mode */
1480 if (cp->val == 0x02)
1481 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1482 else
1483 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1484
bfaf8c9f
JH		 1485 hci_req_init(&req, hdev);
1486
9a43e25f
JH		 1487 /* The procedure for LE-only controllers is much simpler - just
1488 * update the advertising data.
1489 */
1490 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1491 goto update_ad;
1492
73f22f62
JH		 1493 scan = SCAN_PAGE;
1494
310a3d48
MH		 1495 if (cp->val) {
1496 struct hci_cp_write_current_iac_lap hci_cp;
1497
1498 if (cp->val == 0x02) {
1499 /* Limited discoverable mode */
33337dcb 1500 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1501 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1502 hci_cp.iac_lap[1] = 0x8b;
1503 hci_cp.iac_lap[2] = 0x9e;
1504 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1505 hci_cp.iac_lap[4] = 0x8b;
1506 hci_cp.iac_lap[5] = 0x9e;
1507 } else {
1508 /* General discoverable mode */
310a3d48
MH		 1509 hci_cp.num_iac = 1;
1510 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1511 hci_cp.iac_lap[1] = 0x8b;
1512 hci_cp.iac_lap[2] = 0x9e;
1513 }
1514
1515 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1516 (hci_cp.num_iac * 3) + 1, &hci_cp);
1517
73f22f62 1518 scan |= SCAN_INQUIRY;
310a3d48
MH		 1519 } else {
1520 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1521 }
73f22f62 1522
310a3d48 1523 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1524
9a43e25f
JH		 1525update_ad:
1526 update_adv_data(&req);
1527
bfaf8c9f 1528 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1529 if (err < 0)
a664b5bc 1530 mgmt_pending_remove(cmd);
73f22f62
JH		 1531
1532failed:
09fd0de5 1533 hci_dev_unlock(hdev);
73f22f62
JH		 1534 return err;
1535}
1536
406d7804
JH		 1537static void write_fast_connectable(struct hci_request *req, bool enable)
1538{
bd98b996 1539 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1540 struct hci_cp_write_page_scan_activity acp;
1541 u8 type;
1542
547003b1
JH		 1543 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1544 return;
1545
4c01f8b8
JH		 1546 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1547 return;
1548
406d7804
JH		 1549 if (enable) {
1550 type = PAGE_SCAN_TYPE_INTERLACED;
1551
1552 /* 160 msec page scan interval */
dcf4adbf 1553 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1554 } else {
1555 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1556
1557 /* default 1.28 sec page scan */
dcf4adbf 1558 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1559 }
1560
dcf4adbf 1561 acp.window = cpu_to_le16(0x0012);
406d7804 1562
bd98b996
JH		 1563 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1564 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1565 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1566 sizeof(acp), &acp);
1567
1568 if (hdev->page_scan_type != type)
1569 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1570}
1571
2b76f453
JH		 1572static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1573{
1574 struct pending_cmd *cmd;
d7b856f9
JH		 1575 struct mgmt_mode *cp;
1576 bool changed;
2b76f453
JH		 1577
1578 BT_DBG("status 0x%02x", status);
1579
1580 hci_dev_lock(hdev);
1581
1582 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1583 if (!cmd)
1584 goto unlock;
1585
37438c1f
JH		 1586 if (status) {
1587 u8 mgmt_err = mgmt_status(status);
1588 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1589 goto remove_cmd;
1590 }
1591
d7b856f9
JH		 1592 cp = cmd->param;
1593 if (cp->val)
1594 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1595 else
1596 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1597
2b76f453
JH		 1598 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1599
d7b856f9
JH		 1600 if (changed)
1601 new_settings(hdev, cmd->sk);
1602
37438c1f 1603remove_cmd:
2b76f453
JH		 1604 mgmt_pending_remove(cmd);
1605
1606unlock:
1607 hci_dev_unlock(hdev);
1608}
1609
e8ba3a1f
JH		 1610static int set_connectable_update_settings(struct hci_dev *hdev,
1611 struct sock *sk, u8 val)
1612{
1613 bool changed = false;
1614 int err;
1615
1616 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1617 changed = true;
1618
1619 if (val) {
1620 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1621 } else {
1622 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1623 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1624 }
1625
1626 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1627 if (err < 0)
1628 return err;
1629
1630 if (changed)
1631 return new_settings(hdev, sk);
1632
1633 return 0;
1634}
1635
bdb6d971 1636static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1637 u16 len)
9fbcbb45 1638{
650f726d 1639 struct mgmt_mode *cp = data;
366a0336 1640 struct pending_cmd *cmd;
2b76f453 1641 struct hci_request req;
1987fdc7 1642 u8 scan;
9fbcbb45
JH		 1643 int err;
1644
bdb6d971 1645 BT_DBG("request for %s", hdev->name);
9fbcbb45 1646
1987fdc7
JH		 1647 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1648 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1649 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1650 MGMT_STATUS_REJECTED);
33c525c0 1651
a7e80f25
JH		 1652 if (cp->val != 0x00 && cp->val != 0x01)
1653 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1654 MGMT_STATUS_INVALID_PARAMS);
1655
09fd0de5 1656 hci_dev_lock(hdev);
9fbcbb45 1657
4b34ee78 1658 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1659 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1660 goto failed;
1661 }
1662
2e58ef3e 1663 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1664 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1665 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1666 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1667 goto failed;
1668 }
1669
2e58ef3e 1670 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1671 if (!cmd) {
1672 err = -ENOMEM;
9fbcbb45 1673 goto failed;
366a0336 1674 }
9fbcbb45 1675
9b74246f 1676 hci_req_init(&req, hdev);
9fbcbb45 1677
9a43e25f
JH		 1678 /* If BR/EDR is not enabled and we disable advertising as a
1679 * by-product of disabling connectable, we need to update the
1680 * advertising flags.
1681 */
1682 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1683 if (!cp->val) {
1684 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1685 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1686 }
1687 update_adv_data(&req);
1688 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1689 if (cp->val) {
1690 scan = SCAN_PAGE;
1691 } else {
1692 scan = 0;
1693
1694 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1695 hdev->discov_timeout > 0)
9b74246f
JH		 1696 cancel_delayed_work(&hdev->discov_off);
1697 }
2b76f453 1698
9b74246f
JH		 1699 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1700 }
2b76f453 1701
4c01f8b8
JH		 1702 /* If we're going from non-connectable to connectable or
1703 * vice-versa when fast connectable is enabled ensure that fast
1704 * connectable gets disabled. write_fast_connectable won't do
1705 * anything if the page scan parameters are already what they
1706 * should be.
1707 */
1708 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1709 write_fast_connectable(&req, false);
1710
1987fdc7
JH		 1711 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1712 hci_conn_num(hdev, LE_LINK) == 0) {
1713 disable_advertising(&req);
1714 enable_advertising(&req);
1715 }
1716
2b76f453 1717 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1718 if (err < 0) {
a664b5bc 1719 mgmt_pending_remove(cmd);
9b74246f 1720 if (err == -ENODATA)
a81070ba
JH		 1721 err = set_connectable_update_settings(hdev, sk,
1722 cp->val);
9b74246f
JH		 1723 goto failed;
1724 }
9fbcbb45
JH		 1725
1726failed:
09fd0de5 1727 hci_dev_unlock(hdev);
9fbcbb45
JH		 1728 return err;
1729}
1730
bdb6d971 1731static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1732 u16 len)
c542a06c 1733{
650f726d 1734 struct mgmt_mode *cp = data;
55594356 1735 bool changed;
c542a06c
JH		 1736 int err;
1737
bdb6d971 1738 BT_DBG("request for %s", hdev->name);
c542a06c 1739
a7e80f25
JH		 1740 if (cp->val != 0x00 && cp->val != 0x01)
1741 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1742 MGMT_STATUS_INVALID_PARAMS);
1743
09fd0de5 1744 hci_dev_lock(hdev);
c542a06c
JH		 1745
1746 if (cp->val)
55594356 1747 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1748 else
55594356 1749 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1750
69ab39ea 1751 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1752 if (err < 0)
55594356 1753 goto unlock;
c542a06c 1754
55594356
MH		 1755 if (changed)
1756 err = new_settings(hdev, sk);
c542a06c 1757
55594356 1758unlock:
09fd0de5 1759 hci_dev_unlock(hdev);
c542a06c
JH		 1760 return err;
1761}
1762
04124681
GP		 1763static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1764 u16 len)
33ef95ed
JH		 1765{
1766 struct mgmt_mode *cp = data;
1767 struct pending_cmd *cmd;
e6fe7986 1768 u8 val, status;
33ef95ed
JH		 1769 int err;
1770
bdb6d971 1771 BT_DBG("request for %s", hdev->name);
33ef95ed 1772
e6fe7986
JH		 1773 status = mgmt_bredr_support(hdev);
1774 if (status)
33c525c0 1775 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1776 status);
33c525c0 1777
a7e80f25
JH		 1778 if (cp->val != 0x00 && cp->val != 0x01)
1779 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1780 MGMT_STATUS_INVALID_PARAMS);
1781
33ef95ed
JH		 1782 hci_dev_lock(hdev);
1783
4b34ee78 1784 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1785 bool changed = false;
1786
1787 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1788 &hdev->dev_flags)) {
47990ea0
JH		 1789 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1790 changed = true;
1791 }
1792
1793 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1794 if (err < 0)
1795 goto failed;
1796
1797 if (changed)
1798 err = new_settings(hdev, sk);
1799
33ef95ed
JH		 1800 goto failed;
1801 }
1802
1803 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1804 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1805 MGMT_STATUS_BUSY);
33ef95ed
JH		 1806 goto failed;
1807 }
1808
1809 val = !!cp->val;
1810
1811 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1812 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1813 goto failed;
1814 }
1815
1816 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1817 if (!cmd) {
1818 err = -ENOMEM;
1819 goto failed;
1820 }
1821
1822 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1823 if (err < 0) {
1824 mgmt_pending_remove(cmd);
1825 goto failed;
1826 }
1827
1828failed:
1829 hci_dev_unlock(hdev);
33ef95ed
JH		 1830 return err;
1831}
1832
bdb6d971 1833static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1834{
1835 struct mgmt_mode *cp = data;
1836 struct pending_cmd *cmd;
72ef0c1a 1837 u8 status;
ed2c4ee3
JH		 1838 int err;
1839
bdb6d971 1840 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1841
cdba5281
MH		 1842 status = mgmt_bredr_support(hdev);
1843 if (status)
1844 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1845
13ecd8b6
JH		 1846 if (!lmp_ssp_capable(hdev))
1847 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1848 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1849
a7e80f25
JH		 1850 if (cp->val != 0x00 && cp->val != 0x01)
1851 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1852 MGMT_STATUS_INVALID_PARAMS);
1853
13ecd8b6 1854 hci_dev_lock(hdev);
6c8f12c1 1855
4b34ee78 1856 if (!hdev_is_powered(hdev)) {
9ecb3e24 1857 bool changed;
c0ecddc2 1858
9ecb3e24
MH		 1859 if (cp->val) {
1860 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1861 &hdev->dev_flags);
1862 } else {
1863 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1864 &hdev->dev_flags);
1865 if (!changed)
1866 changed = test_and_clear_bit(HCI_HS_ENABLED,
1867 &hdev->dev_flags);
1868 else
1869 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1870 }
1871
1872 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1873 if (err < 0)
1874 goto failed;
1875
1876 if (changed)
1877 err = new_settings(hdev, sk);
1878
ed2c4ee3
JH		 1879 goto failed;
1880 }
1881
9ecb3e24
MH		 1882 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1883 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1884 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1885 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1886 goto failed;
1887 }
1888
72ef0c1a 1889 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1890 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1891 goto failed;
1892 }
1893
1894 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1895 if (!cmd) {
1896 err = -ENOMEM;
1897 goto failed;
1898 }
1899
3769972b
JH		 1900 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
1901 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1902 sizeof(cp->val), &cp->val);
1903
72ef0c1a 1904 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1905 if (err < 0) {
1906 mgmt_pending_remove(cmd);
1907 goto failed;
1908 }
1909
1910failed:
1911 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1912 return err;
1913}
1914
bdb6d971 1915static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1916{
1917 struct mgmt_mode *cp = data;
ee392693 1918 bool changed;
e6fe7986 1919 u8 status;
ee392693 1920 int err;
6d80dfd0 1921
bdb6d971 1922 BT_DBG("request for %s", hdev->name);
6d80dfd0 1923
e6fe7986
JH		 1924 status = mgmt_bredr_support(hdev);
1925 if (status)
1926 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1927
9ecb3e24
MH		 1928 if (!lmp_ssp_capable(hdev))
1929 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1930 MGMT_STATUS_NOT_SUPPORTED);
1931
1932 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1933 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1934 MGMT_STATUS_REJECTED);
1935
a7e80f25
JH		 1936 if (cp->val != 0x00 && cp->val != 0x01)
1937 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1938 MGMT_STATUS_INVALID_PARAMS);
1939
ee392693
MH		 1940 hci_dev_lock(hdev);
1941
a0cdf960 1942 if (cp->val) {
ee392693 1943 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1944 } else {
1945 if (hdev_is_powered(hdev)) {
1946 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1947 MGMT_STATUS_REJECTED);
1948 goto unlock;
1949 }
1950
ee392693 1951 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1952 }
ee392693
MH		 1953
1954 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1955 if (err < 0)
1956 goto unlock;
1957
1958 if (changed)
1959 err = new_settings(hdev, sk);
6d80dfd0 1960
ee392693
MH		 1961unlock:
1962 hci_dev_unlock(hdev);
1963 return err;
6d80dfd0
JH		 1964}
1965
416a4ae5
JH		 1966static void le_enable_complete(struct hci_dev *hdev, u8 status)
1967{
1968 struct cmd_lookup match = { NULL, hdev };
1969
1970 if (status) {
1971 u8 mgmt_err = mgmt_status(status);
1972
1973 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1974 &mgmt_err);
1975 return;
1976 }
1977
1978 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1979
1980 new_settings(hdev, match.sk);
1981
1982 if (match.sk)
1983 sock_put(match.sk);
441ad2d0
MH		 1984
1985 /* Make sure the controller has a good default for
1986 * advertising data. Restrict the update to when LE
1987 * has actually been enabled. During power on, the
1988 * update in powered_update_hci will take care of it.
1989 */
1990 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1991 struct hci_request req;
1992
1993 hci_dev_lock(hdev);
1994
1995 hci_req_init(&req, hdev);
5947f4bc 1996 update_adv_data(&req);
f14d8f64 1997 update_scan_rsp_data(&req);
441ad2d0
MH		 1998 hci_req_run(&req, NULL);
1999
2000 hci_dev_unlock(hdev);
2001 }
416a4ae5
JH		 2002}
2003
bdb6d971 2004static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2005{
2006 struct mgmt_mode *cp = data;
2007 struct hci_cp_write_le_host_supported hci_cp;
2008 struct pending_cmd *cmd;
416a4ae5 2009 struct hci_request req;
06199cf8 2010 int err;
0b60eba1 2011 u8 val, enabled;
06199cf8 2012
bdb6d971 2013 BT_DBG("request for %s", hdev->name);
06199cf8 2014
13ecd8b6
JH		 2015 if (!lmp_le_capable(hdev))
2016 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2017 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2018
a7e80f25
JH		 2019 if (cp->val != 0x00 && cp->val != 0x01)
2020 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2021 MGMT_STATUS_INVALID_PARAMS);
2022
c73eee91 2023 /* LE-only devices do not allow toggling LE on/off */
56f87901 2024 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2025 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2026 MGMT_STATUS_REJECTED);
2027
13ecd8b6 2028 hci_dev_lock(hdev);
06199cf8
JH		 2029
2030 val = !!cp->val;
ffa88e02 2031 enabled = lmp_host_le_capable(hdev);
06199cf8 2032
0b60eba1 2033 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2034 bool changed = false;
2035
2036 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2037 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2038 changed = true;
2039 }
2040
f3d3444a
JH		 2041 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2042 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2043 changed = true;
2044 }
2045
06199cf8
JH		 2046 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2047 if (err < 0)
1de028ce 2048 goto unlock;
06199cf8
JH		 2049
2050 if (changed)
2051 err = new_settings(hdev, sk);
2052
1de028ce 2053 goto unlock;
06199cf8
JH		 2054 }
2055
4375f103
JH		 2056 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2057 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2058 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2059 MGMT_STATUS_BUSY);
1de028ce 2060 goto unlock;
06199cf8
JH		 2061 }
2062
2063 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2064 if (!cmd) {
2065 err = -ENOMEM;
1de028ce 2066 goto unlock;
06199cf8
JH		 2067 }
2068
441ad2d0
MH		 2069 hci_req_init(&req, hdev);
2070
06199cf8
JH		 2071 memset(&hci_cp, 0, sizeof(hci_cp));
2072
2073 if (val) {
2074 hci_cp.le = val;
ffa88e02 2075 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2076 } else {
2077 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2078 disable_advertising(&req);
06199cf8
JH		 2079 }
2080
416a4ae5
JH		 2081 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2082 &hci_cp);
2083
2084 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2085 if (err < 0)
06199cf8 2086 mgmt_pending_remove(cmd);
06199cf8 2087
1de028ce
JH		 2088unlock:
2089 hci_dev_unlock(hdev);
06199cf8
JH		 2090 return err;
2091}
2092
0cab9c80
JH		 2093/* This is a helper function to test for pending mgmt commands that can
2094 * cause CoD or EIR HCI commands. We can only allow one such pending
2095 * mgmt command at a time since otherwise we cannot easily track what
2096 * the current values are, will be, and based on that calculate if a new
2097 * HCI command needs to be sent and if yes with what value.
2098 */
2099static bool pending_eir_or_class(struct hci_dev *hdev)
2100{
2101 struct pending_cmd *cmd;
2102
2103 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2104 switch (cmd->opcode) {
2105 case MGMT_OP_ADD_UUID:
2106 case MGMT_OP_REMOVE_UUID:
2107 case MGMT_OP_SET_DEV_CLASS:
2108 case MGMT_OP_SET_POWERED:
2109 return true;
2110 }
2111 }
2112
2113 return false;
2114}
2115
83be8eca
JH		 2116static const u8 bluetooth_base_uuid[] = {
2117 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2118 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2119};
2120
2121static u8 get_uuid_size(const u8 *uuid)
2122{
2123 u32 val;
2124
2125 if (memcmp(uuid, bluetooth_base_uuid, 12))
2126 return 128;
2127
2128 val = get_unaligned_le32(&uuid[12]);
2129 if (val > 0xffff)
2130 return 32;
2131
2132 return 16;
2133}
2134
92da6097
JH		 2135static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2136{
2137 struct pending_cmd *cmd;
2138
2139 hci_dev_lock(hdev);
2140
2141 cmd = mgmt_pending_find(mgmt_op, hdev);
2142 if (!cmd)
2143 goto unlock;
2144
2145 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2146 hdev->dev_class, 3);
2147
2148 mgmt_pending_remove(cmd);
2149
2150unlock:
2151 hci_dev_unlock(hdev);
2152}
2153
2154static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2155{
2156 BT_DBG("status 0x%02x", status);
2157
2158 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2159}
2160
bdb6d971 2161static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2162{
650f726d 2163 struct mgmt_cp_add_uuid *cp = data;
90e70454 2164 struct pending_cmd *cmd;
890ea898 2165 struct hci_request req;
2aeb9a1a 2166 struct bt_uuid *uuid;
2aeb9a1a
JH		 2167 int err;
2168
bdb6d971 2169 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2170
09fd0de5 2171 hci_dev_lock(hdev);
2aeb9a1a 2172
0cab9c80 2173 if (pending_eir_or_class(hdev)) {
bdb6d971 2174 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2175 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2176 goto failed;
2177 }
2178
92c4c204 2179 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2180 if (!uuid) {
2181 err = -ENOMEM;
2182 goto failed;
2183 }
2184
2185 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2186 uuid->svc_hint = cp->svc_hint;
83be8eca 2187 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2188
de66aa63 2189 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2190
890ea898 2191 hci_req_init(&req, hdev);
1aff6f09 2192
890ea898
JH		 2193 update_class(&req);
2194 update_eir(&req);
2195
92da6097
JH		 2196 err = hci_req_run(&req, add_uuid_complete);
2197 if (err < 0) {
2198 if (err != -ENODATA)
2199 goto failed;
80a1e1db 2200
bdb6d971 2201 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2202 hdev->dev_class, 3);
90e70454
JH		 2203 goto failed;
2204 }
2205
2206 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2207 if (!cmd) {
90e70454 2208 err = -ENOMEM;
890ea898
JH		 2209 goto failed;
2210 }
2211
2212 err = 0;
2aeb9a1a
JH		 2213
2214failed:
09fd0de5 2215 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2216 return err;
2217}
2218
24b78d0f
JH		 2219static bool enable_service_cache(struct hci_dev *hdev)
2220{
2221 if (!hdev_is_powered(hdev))
2222 return false;
2223
2224 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2225 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2226 CACHE_TIMEOUT);
24b78d0f
JH		 2227 return true;
2228 }
2229
2230 return false;
2231}
2232
92da6097
JH		 2233static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2234{
2235 BT_DBG("status 0x%02x", status);
2236
2237 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2238}
2239
bdb6d971 2240static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2241 u16 len)
2aeb9a1a 2242{
650f726d 2243 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2244 struct pending_cmd *cmd;
056341c8 2245 struct bt_uuid *match, *tmp;
2aeb9a1a 2246 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2247 struct hci_request req;
2aeb9a1a
JH		 2248 int err, found;
2249
bdb6d971 2250 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2251
09fd0de5 2252 hci_dev_lock(hdev);
2aeb9a1a 2253
0cab9c80 2254 if (pending_eir_or_class(hdev)) {
bdb6d971 2255 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2256 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2257 goto unlock;
2258 }
2259
2aeb9a1a 2260 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2261 hci_uuids_clear(hdev);
4004b6d9 2262
24b78d0f 2263 if (enable_service_cache(hdev)) {
bdb6d971 2264 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2265 0, hdev->dev_class, 3);
24b78d0f
JH		 2266 goto unlock;
2267 }
4004b6d9 2268
9246a869 2269 goto update_class;
2aeb9a1a
JH		 2270 }
2271
2272 found = 0;
2273
056341c8 2274 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2275 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2276 continue;
2277
2278 list_del(&match->list);
482049f7 2279 kfree(match);
2aeb9a1a
JH		 2280 found++;
2281 }
2282
2283 if (found == 0) {
bdb6d971 2284 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2285 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2286 goto unlock;
2287 }
2288
9246a869 2289update_class:
890ea898 2290 hci_req_init(&req, hdev);
1aff6f09 2291
890ea898
JH		 2292 update_class(&req);
2293 update_eir(&req);
2294
92da6097
JH		 2295 err = hci_req_run(&req, remove_uuid_complete);
2296 if (err < 0) {
2297 if (err != -ENODATA)
2298 goto unlock;
80a1e1db 2299
bdb6d971 2300 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2301 hdev->dev_class, 3);
90e70454
JH		 2302 goto unlock;
2303 }
2304
2305 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2306 if (!cmd) {
90e70454 2307 err = -ENOMEM;
890ea898
JH		 2308 goto unlock;
2309 }
2310
2311 err = 0;
2aeb9a1a
JH		 2312
2313unlock:
09fd0de5 2314 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2315 return err;
2316}
2317
92da6097
JH		 2318static void set_class_complete(struct hci_dev *hdev, u8 status)
2319{
2320 BT_DBG("status 0x%02x", status);
2321
2322 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2323}
2324
bdb6d971 2325static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2326 u16 len)
1aff6f09 2327{
650f726d 2328 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2329 struct pending_cmd *cmd;
890ea898 2330 struct hci_request req;
1aff6f09
JH		 2331 int err;
2332
bdb6d971 2333 BT_DBG("request for %s", hdev->name);
1aff6f09 2334
6203fc98 2335 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2336 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2337 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2338
0cab9c80 2339 hci_dev_lock(hdev);
ee98f473 2340
0cab9c80
JH		 2341 if (pending_eir_or_class(hdev)) {
2342 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2343 MGMT_STATUS_BUSY);
2344 goto unlock;
2345 }
c95f0ba7 2346
0cab9c80
JH		 2347 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2348 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2349 MGMT_STATUS_INVALID_PARAMS);
2350 goto unlock;
2351 }
575b3a02 2352
932f5ff5
JH		 2353 hdev->major_class = cp->major;
2354 hdev->minor_class = cp->minor;
2355
b5235a65 2356 if (!hdev_is_powered(hdev)) {
bdb6d971 2357 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2358 hdev->dev_class, 3);
b5235a65
JH		 2359 goto unlock;
2360 }
2361
890ea898
JH		 2362 hci_req_init(&req, hdev);
2363
a8b2d5c2 2364 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2365 hci_dev_unlock(hdev);
2366 cancel_delayed_work_sync(&hdev->service_cache);
2367 hci_dev_lock(hdev);
890ea898 2368 update_eir(&req);
7d78525d 2369 }
14c0b608 2370
890ea898
JH		 2371 update_class(&req);
2372
92da6097
JH		 2373 err = hci_req_run(&req, set_class_complete);
2374 if (err < 0) {
2375 if (err != -ENODATA)
2376 goto unlock;
1aff6f09 2377
bdb6d971 2378 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2379 hdev->dev_class, 3);
90e70454
JH		 2380 goto unlock;
2381 }
2382
2383 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2384 if (!cmd) {
90e70454 2385 err = -ENOMEM;
890ea898
JH		 2386 goto unlock;
2387 }
2388
2389 err = 0;
1aff6f09 2390
b5235a65 2391unlock:
09fd0de5 2392 hci_dev_unlock(hdev);
1aff6f09
JH		 2393 return err;
2394}
2395
bdb6d971 2396static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2397 u16 len)
55ed8ca1 2398{
650f726d 2399 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2400 u16 key_count, expected_len;
b1de97d8 2401 bool changed;
a492cd52 2402 int i;
55ed8ca1 2403
9060d5cf
MH		 2404 BT_DBG("request for %s", hdev->name);
2405
2406 if (!lmp_bredr_capable(hdev))
2407 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2408 MGMT_STATUS_NOT_SUPPORTED);
2409
1f350c87 2410 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2411
86742e1e
JH		 2412 expected_len = sizeof(*cp) + key_count *
2413 sizeof(struct mgmt_link_key_info);
a492cd52 2414 if (expected_len != len) {
86742e1e 2415 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2416 expected_len, len);
bdb6d971 2417 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2418 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2419 }
2420
4ae14301
JH		 2421 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2422 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2423 MGMT_STATUS_INVALID_PARAMS);
2424
bdb6d971 2425 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2426 key_count);
55ed8ca1 2427
4ee71b20
JH		 2428 for (i = 0; i < key_count; i++) {
2429 struct mgmt_link_key_info *key = &cp->keys[i];
2430
8e991132 2431 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2432 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2433 MGMT_STATUS_INVALID_PARAMS);
2434 }
2435
09fd0de5 2436 hci_dev_lock(hdev);
55ed8ca1
JH		 2437
2438 hci_link_keys_clear(hdev);
2439
55ed8ca1 2440 if (cp->debug_keys)
0663b297
JH		 2441 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2442 &hdev->dev_flags);
55ed8ca1 2443 else
0663b297
JH		 2444 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2445 &hdev->dev_flags);
b1de97d8
MH		 2446
2447 if (changed)
2448 new_settings(hdev, NULL);
55ed8ca1 2449
a492cd52 2450 for (i = 0; i < key_count; i++) {
86742e1e 2451 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2452
58e9293c
JH		 2453 /* Always ignore debug keys and require a new pairing if
2454 * the user wants to use them.
2455 */
2456 if (key->type == HCI_LK_DEBUG_COMBINATION)
2457 continue;
2458
7652ff6a
JH		 2459 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2460 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2461 }
2462
bdb6d971 2463 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2464
09fd0de5 2465 hci_dev_unlock(hdev);
55ed8ca1 2466
a492cd52 2467 return 0;
55ed8ca1
JH		 2468}
2469
b1078ad0 2470static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2471 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2472{
2473 struct mgmt_ev_device_unpaired ev;
2474
2475 bacpy(&ev.addr.bdaddr, bdaddr);
2476 ev.addr.type = addr_type;
2477
2478 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2479 skip_sk);
b1078ad0
JH		 2480}
2481
bdb6d971 2482static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2483 u16 len)
55ed8ca1 2484{
124f6e35
JH		 2485 struct mgmt_cp_unpair_device *cp = data;
2486 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2487 struct hci_cp_disconnect dc;
2488 struct pending_cmd *cmd;
55ed8ca1 2489 struct hci_conn *conn;
55ed8ca1
JH		 2490 int err;
2491
a8a1d19e 2492 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2493 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2494 rp.addr.type = cp->addr.type;
a8a1d19e 2495
4ee71b20
JH		 2496 if (!bdaddr_type_is_valid(cp->addr.type))
2497 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2498 MGMT_STATUS_INVALID_PARAMS,
2499 &rp, sizeof(rp));
2500
118da70b
JH		 2501 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2502 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2503 MGMT_STATUS_INVALID_PARAMS,
2504 &rp, sizeof(rp));
2505
4ee71b20
JH		 2506 hci_dev_lock(hdev);
2507
86a8cfc6 2508 if (!hdev_is_powered(hdev)) {
bdb6d971 2509 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2510 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2511 goto unlock;
2512 }
2513
e0b2b27e 2514 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2515 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2516 } else {
2517 u8 addr_type;
2518
2519 if (cp->addr.type == BDADDR_LE_PUBLIC)
2520 addr_type = ADDR_LE_DEV_PUBLIC;
2521 else
2522 addr_type = ADDR_LE_DEV_RANDOM;
2523
a7ec7338
JH		 2524 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2525
a9b0a04c
AG		 2526 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2527
e0b2b27e
JH		 2528 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2529 }
b0dbfb46 2530
55ed8ca1 2531 if (err < 0) {
bdb6d971 2532 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2533 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2534 goto unlock;
2535 }
2536
86a8cfc6 2537 if (cp->disconnect) {
591f47f3 2538 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2539 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2540 &cp->addr.bdaddr);
86a8cfc6
JH		 2541 else
2542 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2543 &cp->addr.bdaddr);
86a8cfc6
JH		 2544 } else {
2545 conn = NULL;
2546 }
124f6e35 2547
a8a1d19e 2548 if (!conn) {
bdb6d971 2549 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2550 &rp, sizeof(rp));
b1078ad0 2551 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2552 goto unlock;
2553 }
55ed8ca1 2554
124f6e35 2555 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2556 sizeof(*cp));
a8a1d19e
JH		 2557 if (!cmd) {
2558 err = -ENOMEM;
2559 goto unlock;
55ed8ca1
JH		 2560 }
2561
eb55ef07 2562 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2563 dc.reason = 0x13; /* Remote User Terminated Connection */
2564 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2565 if (err < 0)
2566 mgmt_pending_remove(cmd);
2567
55ed8ca1 2568unlock:
09fd0de5 2569 hci_dev_unlock(hdev);
55ed8ca1
JH		 2570 return err;
2571}
2572
bdb6d971 2573static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2574 u16 len)
8962ee74 2575{
650f726d 2576 struct mgmt_cp_disconnect *cp = data;
06a63b19 2577 struct mgmt_rp_disconnect rp;
8962ee74 2578 struct hci_cp_disconnect dc;
366a0336 2579 struct pending_cmd *cmd;
8962ee74 2580 struct hci_conn *conn;
8962ee74
JH		 2581 int err;
2582
2583 BT_DBG("");
2584
06a63b19
JH		 2585 memset(&rp, 0, sizeof(rp));
2586 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2587 rp.addr.type = cp->addr.type;
2588
4ee71b20 2589 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2590 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2591 MGMT_STATUS_INVALID_PARAMS,
2592 &rp, sizeof(rp));
4ee71b20 2593
09fd0de5 2594 hci_dev_lock(hdev);
8962ee74
JH		 2595
2596 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2597 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2598 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2599 goto failed;
2600 }
2601
2e58ef3e 2602 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2603 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2604 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2605 goto failed;
2606 }
2607
591f47f3 2608 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2609 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2610 &cp->addr.bdaddr);
88c3df13
JH		 2611 else
2612 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2613
f960727e 2614 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2615 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2616 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2617 goto failed;
2618 }
2619
2e58ef3e 2620 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2621 if (!cmd) {
2622 err = -ENOMEM;
8962ee74 2623 goto failed;
366a0336 2624 }
8962ee74 2625
eb55ef07 2626 dc.handle = cpu_to_le16(conn->handle);
3701f944 2627 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2628
2629 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2630 if (err < 0)
a664b5bc 2631 mgmt_pending_remove(cmd);
8962ee74
JH		 2632
2633failed:
09fd0de5 2634 hci_dev_unlock(hdev);
8962ee74
JH		 2635 return err;
2636}
2637
57c1477c 2638static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2639{
2640 switch (link_type) {
2641 case LE_LINK:
48264f06
JH		 2642 switch (addr_type) {
2643 case ADDR_LE_DEV_PUBLIC:
591f47f3 2644 return BDADDR_LE_PUBLIC;
0ed09148 2645
48264f06 2646 default:
0ed09148 2647 /* Fallback to LE Random address type */
591f47f3 2648 return BDADDR_LE_RANDOM;
48264f06 2649 }
0ed09148 2650
4c659c39 2651 default:
0ed09148 2652 /* Fallback to BR/EDR type */
591f47f3 2653 return BDADDR_BREDR;
4c659c39
JH		 2654 }
2655}
2656
04124681
GP		 2657static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2658 u16 data_len)
2784eb41 2659{
2784eb41 2660 struct mgmt_rp_get_connections *rp;
8035ded4 2661 struct hci_conn *c;
a38528f1 2662 size_t rp_len;
60fc5fb6
JH		 2663 int err;
2664 u16 i;
2784eb41
JH		 2665
2666 BT_DBG("");
2667
09fd0de5 2668 hci_dev_lock(hdev);
2784eb41 2669
5f97c1df 2670 if (!hdev_is_powered(hdev)) {
bdb6d971 2671 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2672 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2673 goto unlock;
2674 }
2675
60fc5fb6 2676 i = 0;
b644ba33
JH		 2677 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2678 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2679 i++;
2784eb41
JH		 2680 }
2681
60fc5fb6 2682 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2683 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2684 if (!rp) {
2784eb41
JH		 2685 err = -ENOMEM;
2686 goto unlock;
2687 }
2688
2784eb41 2689 i = 0;
4c659c39 2690 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2691 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2692 continue;
4c659c39 2693 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2694 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2695 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2696 continue;
2697 i++;
2698 }
2699
eb55ef07 2700 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2701
4c659c39
JH		 2702 /* Recalculate length in case of filtered SCO connections, etc */
2703 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2704
bdb6d971 2705 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2706 rp_len);
2784eb41 2707
a38528f1 2708 kfree(rp);
5f97c1df
JH		 2709
2710unlock:
09fd0de5 2711 hci_dev_unlock(hdev);
2784eb41
JH		 2712 return err;
2713}
2714
bdb6d971 2715static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2716 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2717{
2718 struct pending_cmd *cmd;
2719 int err;
2720
2e58ef3e 2721 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2722 sizeof(*cp));
96d97a67
WR		 2723 if (!cmd)
2724 return -ENOMEM;
2725
d8457698 2726 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2727 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2728 if (err < 0)
2729 mgmt_pending_remove(cmd);
2730
2731 return err;
2732}
2733
bdb6d971 2734static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2735 u16 len)
980e1a53 2736{
96d97a67 2737 struct hci_conn *conn;
650f726d 2738 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2739 struct hci_cp_pin_code_reply reply;
366a0336 2740 struct pending_cmd *cmd;
980e1a53
JH		 2741 int err;
2742
2743 BT_DBG("");
2744
09fd0de5 2745 hci_dev_lock(hdev);
980e1a53 2746
4b34ee78 2747 if (!hdev_is_powered(hdev)) {
bdb6d971 2748 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2749 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2750 goto failed;
2751 }
2752
d8457698 2753 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2754 if (!conn) {
bdb6d971 2755 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2756 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2757 goto failed;
2758 }
2759
2760 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2761 struct mgmt_cp_pin_code_neg_reply ncp;
2762
2763 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2764
2765 BT_ERR("PIN code is not 16 bytes long");
2766
bdb6d971 2767 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2768 if (err >= 0)
bdb6d971 2769 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2770 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2771
2772 goto failed;
2773 }
2774
00abfe44 2775 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2776 if (!cmd) {
2777 err = -ENOMEM;
980e1a53 2778 goto failed;
366a0336 2779 }
980e1a53 2780
d8457698 2781 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2782 reply.pin_len = cp->pin_len;
24718ca5 2783 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2784
2785 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2786 if (err < 0)
a664b5bc 2787 mgmt_pending_remove(cmd);
980e1a53
JH		 2788
2789failed:
09fd0de5 2790 hci_dev_unlock(hdev);
980e1a53
JH		 2791 return err;
2792}
2793
04124681
GP		 2794static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2795 u16 len)
17fa4b9d 2796{
650f726d 2797 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2798
2799 BT_DBG("");
2800
4ec86d4c
JH		 2801 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2802 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2803 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
2804
09fd0de5 2805 hci_dev_lock(hdev);
17fa4b9d
JH		 2806
2807 hdev->io_capability = cp->io_capability;
2808
2809 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2810 hdev->io_capability);
17fa4b9d 2811
09fd0de5 2812 hci_dev_unlock(hdev);
17fa4b9d 2813
04124681
GP		 2814 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2815 0);
17fa4b9d
JH		 2816}
2817
6039aa73 2818static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2819{
2820 struct hci_dev *hdev = conn->hdev;
8035ded4 2821 struct pending_cmd *cmd;
e9a416b5 2822
2e58ef3e 2823 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2824 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2825 continue;
2826
e9a416b5
JH		 2827 if (cmd->user_data != conn)
2828 continue;
2829
2830 return cmd;
2831 }
2832
2833 return NULL;
2834}
2835
2836static void pairing_complete(struct pending_cmd *cmd, u8 status)
2837{
2838 struct mgmt_rp_pair_device rp;
2839 struct hci_conn *conn = cmd->user_data;
2840
61b1a7fb
JH		 2841 bacpy(&rp.addr.bdaddr, &conn->dst);
2842 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2843
aee9b218 2844 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2845 &rp, sizeof(rp));
e9a416b5
JH		 2846
2847 /* So we don't get further callbacks for this connection */
2848 conn->connect_cfm_cb = NULL;
2849 conn->security_cfm_cb = NULL;
2850 conn->disconn_cfm_cb = NULL;
2851
76a68ba0 2852 hci_conn_drop(conn);
e9a416b5 2853
a664b5bc 2854 mgmt_pending_remove(cmd);
e9a416b5
JH		 2855}
2856
f4a407be
JH		 2857void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2858{
2859 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2860 struct pending_cmd *cmd;
2861
2862 cmd = find_pairing(conn);
2863 if (cmd)
2864 pairing_complete(cmd, status);
2865}
2866
e9a416b5
JH		 2867static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2868{
2869 struct pending_cmd *cmd;
2870
2871 BT_DBG("status %u", status);
2872
2873 cmd = find_pairing(conn);
56e5cb86 2874 if (!cmd)
e9a416b5 2875 BT_DBG("Unable to find a pending command");
56e5cb86 2876 else
e211326c 2877 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2878}
2879
f4a407be 2880static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2881{
2882 struct pending_cmd *cmd;
2883
2884 BT_DBG("status %u", status);
2885
2886 if (!status)
2887 return;
2888
2889 cmd = find_pairing(conn);
2890 if (!cmd)
2891 BT_DBG("Unable to find a pending command");
2892 else
2893 pairing_complete(cmd, mgmt_status(status));
2894}
2895
bdb6d971 2896static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2897 u16 len)
e9a416b5 2898{
650f726d 2899 struct mgmt_cp_pair_device *cp = data;
1425acb7 2900 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2901 struct pending_cmd *cmd;
2902 u8 sec_level, auth_type;
2903 struct hci_conn *conn;
e9a416b5
JH		 2904 int err;
2905
2906 BT_DBG("");
2907
f950a30e
SJ		 2908 memset(&rp, 0, sizeof(rp));
2909 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2910 rp.addr.type = cp->addr.type;
2911
4ee71b20
JH		 2912 if (!bdaddr_type_is_valid(cp->addr.type))
2913 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2914 MGMT_STATUS_INVALID_PARAMS,
2915 &rp, sizeof(rp));
2916
4ec86d4c
JH		 2917 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2918 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2919 MGMT_STATUS_INVALID_PARAMS,
2920 &rp, sizeof(rp));
2921
09fd0de5 2922 hci_dev_lock(hdev);
e9a416b5 2923
5f97c1df 2924 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2925 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2926 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2927 goto unlock;
2928 }
2929
c908df36 2930 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2931 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2932
6f77d8c7 2933 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2934 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2935 auth_type);
6f77d8c7
AG		 2936 } else {
2937 u8 addr_type;
2938
2939 /* Convert from L2CAP channel address type to HCI address type
2940 */
2941 if (cp->addr.type == BDADDR_LE_PUBLIC)
2942 addr_type = ADDR_LE_DEV_PUBLIC;
2943 else
2944 addr_type = ADDR_LE_DEV_RANDOM;
2945
2946 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 2947 sec_level, auth_type);
6f77d8c7 2948 }
7a512d01 2949
30e76272 2950 if (IS_ERR(conn)) {
489dc48e
AK		 2951 int status;
2952
2953 if (PTR_ERR(conn) == -EBUSY)
2954 status = MGMT_STATUS_BUSY;
2955 else
2956 status = MGMT_STATUS_CONNECT_FAILED;
2957
bdb6d971 2958 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2959 status, &rp,
04124681 2960 sizeof(rp));
e9a416b5
JH		 2961 goto unlock;
2962 }
2963
2964 if (conn->connect_cfm_cb) {
76a68ba0 2965 hci_conn_drop(conn);
bdb6d971 2966 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2967 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2968 goto unlock;
2969 }
2970
2e58ef3e 2971 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2972 if (!cmd) {
2973 err = -ENOMEM;
76a68ba0 2974 hci_conn_drop(conn);
e9a416b5
JH		 2975 goto unlock;
2976 }
2977
7a512d01 2978 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2979 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2980 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2981 conn->security_cfm_cb = pairing_complete_cb;
2982 conn->disconn_cfm_cb = pairing_complete_cb;
2983 } else {
2984 conn->connect_cfm_cb = le_pairing_complete_cb;
2985 conn->security_cfm_cb = le_pairing_complete_cb;
2986 conn->disconn_cfm_cb = le_pairing_complete_cb;
2987 }
7a512d01 2988
e9a416b5
JH		 2989 conn->io_capability = cp->io_cap;
2990 cmd->user_data = conn;
2991
2992 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2993 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2994 pairing_complete(cmd, 0);
2995
2996 err = 0;
2997
2998unlock:
09fd0de5 2999 hci_dev_unlock(hdev);
e9a416b5
JH		 3000 return err;
3001}
3002
04124681
GP		 3003static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3004 u16 len)
28424707 3005{
0f4e68cf 3006 struct mgmt_addr_info *addr = data;
28424707
JH		 3007 struct pending_cmd *cmd;
3008 struct hci_conn *conn;
3009 int err;
3010
3011 BT_DBG("");
3012
28424707
JH		 3013 hci_dev_lock(hdev);
3014
5f97c1df 3015 if (!hdev_is_powered(hdev)) {
bdb6d971 3016 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3017 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3018 goto unlock;
3019 }
3020
28424707
JH		 3021 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3022 if (!cmd) {
bdb6d971 3023 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3024 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3025 goto unlock;
3026 }
3027
3028 conn = cmd->user_data;
3029
3030 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3031 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3032 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3033 goto unlock;
3034 }
3035
3036 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3037
bdb6d971 3038 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3039 addr, sizeof(*addr));
28424707
JH		 3040unlock:
3041 hci_dev_unlock(hdev);
28424707
JH		 3042 return err;
3043}
3044
bdb6d971 3045static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3046 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3047 u16 hci_op, __le32 passkey)
a5c29683 3048{
a5c29683 3049 struct pending_cmd *cmd;
0df4c185 3050 struct hci_conn *conn;
a5c29683
JH		 3051 int err;
3052
09fd0de5 3053 hci_dev_lock(hdev);
08ba5382 3054
4b34ee78 3055 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3056 err = cmd_complete(sk, hdev->id, mgmt_op,
3057 MGMT_STATUS_NOT_POWERED, addr,
3058 sizeof(*addr));
0df4c185 3059 goto done;
a5c29683
JH		 3060 }
3061
1707c60e
JH		 3062 if (addr->type == BDADDR_BREDR)
3063 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3064 else
1707c60e 3065 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3066
3067 if (!conn) {
feb94d3d
JH		 3068 err = cmd_complete(sk, hdev->id, mgmt_op,
3069 MGMT_STATUS_NOT_CONNECTED, addr,
3070 sizeof(*addr));
272d90df
JH		 3071 goto done;
3072 }
47c15e2b 3073
1707c60e 3074 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3075 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3076 if (!err)
feb94d3d
JH		 3077 err = cmd_complete(sk, hdev->id, mgmt_op,
3078 MGMT_STATUS_SUCCESS, addr,
3079 sizeof(*addr));
5fe57d9e 3080 else
feb94d3d
JH		 3081 err = cmd_complete(sk, hdev->id, mgmt_op,
3082 MGMT_STATUS_FAILED, addr,
3083 sizeof(*addr));
47c15e2b 3084
47c15e2b
BG		 3085 goto done;
3086 }
3087
1707c60e 3088 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3089 if (!cmd) {
3090 err = -ENOMEM;
0df4c185 3091 goto done;
a5c29683
JH		 3092 }
3093
0df4c185 3094 /* Continue with pairing via HCI */
604086b7
BG		 3095 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3096 struct hci_cp_user_passkey_reply cp;
3097
1707c60e 3098 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3099 cp.passkey = passkey;
3100 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3101 } else
1707c60e
JH		 3102 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3103 &addr->bdaddr);
604086b7 3104
a664b5bc
JH		 3105 if (err < 0)
3106 mgmt_pending_remove(cmd);
a5c29683 3107
0df4c185 3108done:
09fd0de5 3109 hci_dev_unlock(hdev);
a5c29683
JH		 3110 return err;
3111}
3112
afeb019d
JK		 3113static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3114 void *data, u16 len)
3115{
3116 struct mgmt_cp_pin_code_neg_reply *cp = data;
3117
3118 BT_DBG("");
3119
1707c60e 3120 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3121 MGMT_OP_PIN_CODE_NEG_REPLY,
3122 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3123}
3124
04124681
GP		 3125static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3126 u16 len)
0df4c185 3127{
650f726d 3128 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3129
3130 BT_DBG("");
3131
3132 if (len != sizeof(*cp))
bdb6d971 3133 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3134 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3135
1707c60e 3136 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3137 MGMT_OP_USER_CONFIRM_REPLY,
3138 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3139}
3140
bdb6d971 3141static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3142 void *data, u16 len)
0df4c185 3143{
c9c2659f 3144 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3145
3146 BT_DBG("");
3147
1707c60e 3148 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3149 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3150 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3151}
3152
04124681
GP		 3153static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3154 u16 len)
604086b7 3155{
650f726d 3156 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3157
3158 BT_DBG("");
3159
1707c60e 3160 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3161 MGMT_OP_USER_PASSKEY_REPLY,
3162 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3163}
3164
bdb6d971 3165static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3166 void *data, u16 len)
604086b7 3167{
650f726d 3168 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3169
3170 BT_DBG("");
3171
1707c60e 3172 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3173 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3174 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3175}
3176
13928971 3177static void update_name(struct hci_request *req)
2b4bf397 3178{
13928971 3179 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3180 struct hci_cp_write_local_name cp;
3181
13928971 3182 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3183
890ea898 3184 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3185}
3186
13928971
JH		 3187static void set_name_complete(struct hci_dev *hdev, u8 status)
3188{
3189 struct mgmt_cp_set_local_name *cp;
3190 struct pending_cmd *cmd;
3191
3192 BT_DBG("status 0x%02x", status);
3193
3194 hci_dev_lock(hdev);
3195
3196 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3197 if (!cmd)
3198 goto unlock;
3199
3200 cp = cmd->param;
3201
3202 if (status)
3203 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3204 mgmt_status(status));
3205 else
3206 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3207 cp, sizeof(*cp));
3208
3209 mgmt_pending_remove(cmd);
3210
3211unlock:
3212 hci_dev_unlock(hdev);
3213}
3214
bdb6d971 3215static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3216 u16 len)
b312b161 3217{
2b4bf397 3218 struct mgmt_cp_set_local_name *cp = data;
b312b161 3219 struct pending_cmd *cmd;
890ea898 3220 struct hci_request req;
b312b161
JH		 3221 int err;
3222
3223 BT_DBG("");
3224
09fd0de5 3225 hci_dev_lock(hdev);
b312b161 3226
b3f2ca94
JH		 3227 /* If the old values are the same as the new ones just return a
3228 * direct command complete event.
3229 */
3230 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3231 !memcmp(hdev->short_name, cp->short_name,
3232 sizeof(hdev->short_name))) {
3233 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3234 data, len);
3235 goto failed;
3236 }
3237
2b4bf397 3238 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3239
b5235a65 3240 if (!hdev_is_powered(hdev)) {
2b4bf397 3241 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3242
3243 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3244 data, len);
28cc7bde
JH		 3245 if (err < 0)
3246 goto failed;
3247
3248 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3249 sk);
28cc7bde 3250
b5235a65
JH		 3251 goto failed;
3252 }
3253
28cc7bde 3254 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3255 if (!cmd) {
3256 err = -ENOMEM;
3257 goto failed;
3258 }
3259
13928971
JH		 3260 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3261
890ea898 3262 hci_req_init(&req, hdev);
3f985050
JH		 3263
3264 if (lmp_bredr_capable(hdev)) {
3265 update_name(&req);
3266 update_eir(&req);
3267 }
3268
7a5f4990
MH		 3269 /* The name is stored in the scan response data and so
3270 * no need to udpate the advertising data here.
3271 */
3f985050 3272 if (lmp_le_capable(hdev))
7a5f4990 3273 update_scan_rsp_data(&req);
3f985050 3274
13928971 3275 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3276 if (err < 0)
3277 mgmt_pending_remove(cmd);
3278
3279failed:
09fd0de5 3280 hci_dev_unlock(hdev);
b312b161
JH		 3281 return err;
3282}
3283
0f4e68cf 3284static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3285 void *data, u16 data_len)
c35938b2 3286{
c35938b2
SJ		 3287 struct pending_cmd *cmd;
3288 int err;
3289
bdb6d971 3290 BT_DBG("%s", hdev->name);
c35938b2 3291
09fd0de5 3292 hci_dev_lock(hdev);
c35938b2 3293
4b34ee78 3294 if (!hdev_is_powered(hdev)) {
bdb6d971 3295 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3296 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3297 goto unlock;
3298 }
3299
9a1a1996 3300 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3301 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3302 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3303 goto unlock;
3304 }
3305
2e58ef3e 3306 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3307 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3308 MGMT_STATUS_BUSY);
c35938b2
SJ		 3309 goto unlock;
3310 }
3311
2e58ef3e 3312 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3313 if (!cmd) {
3314 err = -ENOMEM;
3315 goto unlock;
3316 }
3317
4d2d2796
MH		 3318 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3319 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3320 0, NULL);
3321 else
3322 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3323
c35938b2
SJ		 3324 if (err < 0)
3325 mgmt_pending_remove(cmd);
3326
3327unlock:
09fd0de5 3328 hci_dev_unlock(hdev);
c35938b2
SJ		 3329 return err;
3330}
3331
bdb6d971 3332static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3333 void *data, u16 len)
2763eda6 3334{
2763eda6
SJ		 3335 int err;
3336
bdb6d971 3337 BT_DBG("%s ", hdev->name);
2763eda6 3338
09fd0de5 3339 hci_dev_lock(hdev);
2763eda6 3340
ec109113
MH		 3341 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3342 struct mgmt_cp_add_remote_oob_data *cp = data;
3343 u8 status;
bf1e3541 3344
ec109113
MH		 3345 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3346 cp->hash, cp->randomizer);
3347 if (err < 0)
3348 status = MGMT_STATUS_FAILED;
3349 else
3350 status = MGMT_STATUS_SUCCESS;
3351
3352 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3353 status, &cp->addr, sizeof(cp->addr));
3354 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3355 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3356 u8 status;
3357
3358 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3359 cp->hash192,
3360 cp->randomizer192,
3361 cp->hash256,
3362 cp->randomizer256);
3363 if (err < 0)
3364 status = MGMT_STATUS_FAILED;
3365 else
3366 status = MGMT_STATUS_SUCCESS;
3367
3368 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3369 status, &cp->addr, sizeof(cp->addr));
3370 } else {
3371 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3372 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3373 MGMT_STATUS_INVALID_PARAMS);
3374 }
2763eda6 3375
09fd0de5 3376 hci_dev_unlock(hdev);
2763eda6
SJ		 3377 return err;
3378}
3379
bdb6d971 3380static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3381 void *data, u16 len)
2763eda6 3382{
650f726d 3383 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3384 u8 status;
2763eda6
SJ		 3385 int err;
3386
bdb6d971 3387 BT_DBG("%s", hdev->name);
2763eda6 3388
09fd0de5 3389 hci_dev_lock(hdev);
2763eda6 3390
664ce4cc 3391 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3392 if (err < 0)
bf1e3541 3393 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3394 else
a6785be2 3395 status = MGMT_STATUS_SUCCESS;
bf1e3541 3396
bdb6d971 3397 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3398 status, &cp->addr, sizeof(cp->addr));
2763eda6 3399
09fd0de5 3400 hci_dev_unlock(hdev);
2763eda6
SJ		 3401 return err;
3402}
3403
41dc2bd6
AG		 3404static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3405{
3406 struct pending_cmd *cmd;
3407 u8 type;
3408 int err;
3409
3410 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3411
3412 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3413 if (!cmd)
3414 return -ENOENT;
3415
3416 type = hdev->discovery.type;
3417
3418 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3419 &type, sizeof(type));
3420 mgmt_pending_remove(cmd);
3421
3422 return err;
3423}
3424
7c307720
AG		 3425static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3426{
ae55f598
LR		 3427 unsigned long timeout = 0;
3428
7c307720
AG		 3429 BT_DBG("status %d", status);
3430
3431 if (status) {
3432 hci_dev_lock(hdev);
3433 mgmt_start_discovery_failed(hdev, status);
3434 hci_dev_unlock(hdev);
3435 return;
3436 }
3437
3438 hci_dev_lock(hdev);
3439 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3440 hci_dev_unlock(hdev);
3441
3442 switch (hdev->discovery.type) {
3443 case DISCOV_TYPE_LE:
3d5a76f0 3444 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3445 break;
3446
3447 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3448 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3449 break;
3450
3451 case DISCOV_TYPE_BREDR:
3452 break;
3453
3454 default:
3455 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3456 }
ae55f598
LR		 3457
3458 if (!timeout)
3459 return;
3460
3461 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3462}
3463
bdb6d971 3464static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3465 void *data, u16 len)
14a53664 3466{
650f726d 3467 struct mgmt_cp_start_discovery *cp = data;
14a53664 3468 struct pending_cmd *cmd;
7c307720
AG		 3469 struct hci_cp_le_set_scan_param param_cp;
3470 struct hci_cp_le_set_scan_enable enable_cp;
3471 struct hci_cp_inquiry inq_cp;
3472 struct hci_request req;
3473 /* General inquiry access code (GIAC) */
3474 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3475 u8 status, own_addr_type;
14a53664
JH		 3476 int err;
3477
bdb6d971 3478 BT_DBG("%s", hdev->name);
14a53664 3479
09fd0de5 3480 hci_dev_lock(hdev);
14a53664 3481
4b34ee78 3482 if (!hdev_is_powered(hdev)) {
bdb6d971 3483 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3484 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3485 goto failed;
3486 }
3487
642be6c7
AG		 3488 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3489 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3490 MGMT_STATUS_BUSY);
3491 goto failed;
3492 }
3493
ff9ef578 3494 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3495 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3496 MGMT_STATUS_BUSY);
ff9ef578
JH		 3497 goto failed;
3498 }
3499
2e58ef3e 3500 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3501 if (!cmd) {
3502 err = -ENOMEM;
3503 goto failed;
3504 }
3505
4aab14e5
AG		 3506 hdev->discovery.type = cp->type;
3507
7c307720
AG		 3508 hci_req_init(&req, hdev);
3509
4aab14e5 3510 switch (hdev->discovery.type) {
f39799f5 3511 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3512 status = mgmt_bredr_support(hdev);
3513 if (status) {
04106755 3514 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3515 status);
04106755
JH		 3516 mgmt_pending_remove(cmd);
3517 goto failed;
3518 }
3519
7c307720
AG		 3520 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3521 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3522 MGMT_STATUS_BUSY);
3523 mgmt_pending_remove(cmd);
3524 goto failed;
3525 }
3526
3527 hci_inquiry_cache_flush(hdev);
3528
3529 memset(&inq_cp, 0, sizeof(inq_cp));
3530 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3531 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3532 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3533 break;
3534
3535 case DISCOV_TYPE_LE:
7c307720 3536 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3537 status = mgmt_le_support(hdev);
3538 if (status) {
04106755 3539 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3540 status);
04106755
JH		 3541 mgmt_pending_remove(cmd);
3542 goto failed;
3543 }
3544
7c307720 3545 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3546 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3547 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3548 MGMT_STATUS_NOT_SUPPORTED);
3549 mgmt_pending_remove(cmd);
3550 goto failed;
3551 }
3552
f3d3444a 3553 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3554 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3555 MGMT_STATUS_REJECTED);
3556 mgmt_pending_remove(cmd);
3557 goto failed;
3558 }
3559
c54c3860
AG		 3560 /* If controller is scanning, it means the background scanning
3561 * is running. Thus, we should temporarily stop it in order to
3562 * set the discovery scanning parameters.
3563 */
3564 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3565 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3566
3567 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3568
94b1fc92
MH		 3569 /* All active scans will be done with either a resolvable
3570 * private address (when privacy feature has been enabled)
3571 * or unresolvable private address.
3572 */
3573 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3574 if (err < 0) {
3575 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3576 MGMT_STATUS_FAILED);
3577 mgmt_pending_remove(cmd);
3578 goto failed;
3579 }
3580
7c307720 3581 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3582 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3583 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3584 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3585 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3586 &param_cp);
3587
3588 memset(&enable_cp, 0, sizeof(enable_cp));
3589 enable_cp.enable = LE_SCAN_ENABLE;
3590 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3591 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3592 &enable_cp);
5e0452c0
AG		 3593 break;
3594
f39799f5 3595 default:
04106755
JH		 3596 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3597 MGMT_STATUS_INVALID_PARAMS);
3598 mgmt_pending_remove(cmd);
3599 goto failed;
f39799f5 3600 }
3fd24153 3601
7c307720 3602 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3603 if (err < 0)
3604 mgmt_pending_remove(cmd);
ff9ef578
JH		 3605 else
3606 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3607
3608failed:
09fd0de5 3609 hci_dev_unlock(hdev);
14a53664
JH		 3610 return err;
3611}
3612
1183fdca
AG		 3613static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3614{
3615 struct pending_cmd *cmd;
3616 int err;
3617
3618 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3619 if (!cmd)
3620 return -ENOENT;
3621
3622 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3623 &hdev->discovery.type, sizeof(hdev->discovery.type));
3624 mgmt_pending_remove(cmd);
3625
3626 return err;
3627}
3628
0e05bba6
AG		 3629static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3630{
3631 BT_DBG("status %d", status);
3632
3633 hci_dev_lock(hdev);
3634
3635 if (status) {
3636 mgmt_stop_discovery_failed(hdev, status);
3637 goto unlock;
3638 }
3639
3640 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3641
3642unlock:
3643 hci_dev_unlock(hdev);
3644}
3645
bdb6d971 3646static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3647 u16 len)
14a53664 3648{
d930650b 3649 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3650 struct pending_cmd *cmd;
0e05bba6 3651 struct hci_request req;
14a53664
JH		 3652 int err;
3653
bdb6d971 3654 BT_DBG("%s", hdev->name);
14a53664 3655
09fd0de5 3656 hci_dev_lock(hdev);
14a53664 3657
30dc78e1 3658 if (!hci_discovery_active(hdev)) {
bdb6d971 3659 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3660 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3661 sizeof(mgmt_cp->type));
d930650b
JH		 3662 goto unlock;
3663 }
3664
3665 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3666 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3667 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3668 sizeof(mgmt_cp->type));
30dc78e1 3669 goto unlock;
ff9ef578
JH		 3670 }
3671
2e58ef3e 3672 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3673 if (!cmd) {
3674 err = -ENOMEM;
30dc78e1
JH		 3675 goto unlock;
3676 }
3677
0e05bba6
AG		 3678 hci_req_init(&req, hdev);
3679
21a60d30 3680 hci_stop_discovery(&req);
e0d9727e 3681
21a60d30
JH		 3682 err = hci_req_run(&req, stop_discovery_complete);
3683 if (!err) {
3684 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3685 goto unlock;
14a53664
JH		 3686 }
3687
21a60d30
JH		 3688 mgmt_pending_remove(cmd);
3689
3690 /* If no HCI commands were sent we're done */
3691 if (err == -ENODATA) {
3692 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3693 &mgmt_cp->type, sizeof(mgmt_cp->type));
3694 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3695 }
14a53664 3696
30dc78e1 3697unlock:
09fd0de5 3698 hci_dev_unlock(hdev);
14a53664
JH		 3699 return err;
3700}
3701
bdb6d971 3702static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3703 u16 len)
561aafbc 3704{
650f726d 3705 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3706 struct inquiry_entry *e;
561aafbc
JH		 3707 int err;
3708
bdb6d971 3709 BT_DBG("%s", hdev->name);
561aafbc 3710
561aafbc
JH		 3711 hci_dev_lock(hdev);
3712
30dc78e1 3713 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3714 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3715 MGMT_STATUS_FAILED, &cp->addr,
3716 sizeof(cp->addr));
30dc78e1
JH		 3717 goto failed;
3718 }
3719
a198e7b1 3720 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3721 if (!e) {
d3a2541d
LR		 3722 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3723 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3724 sizeof(cp->addr));
561aafbc
JH		 3725 goto failed;
3726 }
3727
3728 if (cp->name_known) {
3729 e->name_state = NAME_KNOWN;
3730 list_del(&e->list);
3731 } else {
3732 e->name_state = NAME_NEEDED;
a3d4e20a 3733 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3734 }
3735
e384662b
JH		 3736 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3737 sizeof(cp->addr));
561aafbc
JH		 3738
3739failed:
3740 hci_dev_unlock(hdev);
561aafbc
JH		 3741 return err;
3742}
3743
bdb6d971 3744static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3745 u16 len)
7fbec224 3746{
650f726d 3747 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3748 u8 status;
7fbec224
AJ		 3749 int err;
3750
bdb6d971 3751 BT_DBG("%s", hdev->name);
7fbec224 3752
4ee71b20 3753 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3754 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3755 MGMT_STATUS_INVALID_PARAMS,
3756 &cp->addr, sizeof(cp->addr));
4ee71b20 3757
09fd0de5 3758 hci_dev_lock(hdev);
5e762444 3759
88c1fe4b 3760 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3761 if (err < 0)
f0eeea8b 3762 status = MGMT_STATUS_FAILED;
7fbec224 3763 else
a6785be2 3764 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3765
bdb6d971 3766 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3767 &cp->addr, sizeof(cp->addr));
5e762444 3768
09fd0de5 3769 hci_dev_unlock(hdev);
7fbec224
AJ		 3770
3771 return err;
3772}
3773
bdb6d971 3774static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3775 u16 len)
7fbec224 3776{
650f726d 3777 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3778 u8 status;
7fbec224
AJ		 3779 int err;
3780
bdb6d971 3781 BT_DBG("%s", hdev->name);
7fbec224 3782
4ee71b20 3783 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3784 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3785 MGMT_STATUS_INVALID_PARAMS,
3786 &cp->addr, sizeof(cp->addr));
4ee71b20 3787
09fd0de5 3788 hci_dev_lock(hdev);
5e762444 3789
88c1fe4b 3790 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3791 if (err < 0)
f0eeea8b 3792 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3793 else
a6785be2 3794 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3795
bdb6d971 3796 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3797 &cp->addr, sizeof(cp->addr));
5e762444 3798
09fd0de5 3799 hci_dev_unlock(hdev);
7fbec224
AJ		 3800
3801 return err;
3802}
3803
cdbaccca
MH		 3804static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3805 u16 len)
3806{
3807 struct mgmt_cp_set_device_id *cp = data;
890ea898 3808 struct hci_request req;
cdbaccca 3809 int err;
c72d4b8a 3810 __u16 source;
cdbaccca
MH		 3811
3812 BT_DBG("%s", hdev->name);
3813
c72d4b8a
SJ		 3814 source = __le16_to_cpu(cp->source);
3815
3816 if (source > 0x0002)
3817 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3818 MGMT_STATUS_INVALID_PARAMS);
3819
cdbaccca
MH		 3820 hci_dev_lock(hdev);
3821
c72d4b8a 3822 hdev->devid_source = source;
cdbaccca
MH		 3823 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3824 hdev->devid_product = __le16_to_cpu(cp->product);
3825 hdev->devid_version = __le16_to_cpu(cp->version);
3826
3827 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3828
890ea898
JH		 3829 hci_req_init(&req, hdev);
3830 update_eir(&req);
3831 hci_req_run(&req, NULL);
cdbaccca
MH		 3832
3833 hci_dev_unlock(hdev);
3834
3835 return err;
3836}
3837
4375f103
JH		 3838static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3839{
3840 struct cmd_lookup match = { NULL, hdev };
3841
3842 if (status) {
3843 u8 mgmt_err = mgmt_status(status);
3844
3845 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3846 cmd_status_rsp, &mgmt_err);
3847 return;
3848 }
3849
3850 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3851 &match);
3852
3853 new_settings(hdev, match.sk);
3854
3855 if (match.sk)
3856 sock_put(match.sk);
3857}
3858
21b5187f
MH		 3859static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3860 u16 len)
4375f103
JH		 3861{
3862 struct mgmt_mode *cp = data;
3863 struct pending_cmd *cmd;
3864 struct hci_request req;
e6fe7986 3865 u8 val, enabled, status;
4375f103
JH		 3866 int err;
3867
3868 BT_DBG("request for %s", hdev->name);
3869
e6fe7986
JH		 3870 status = mgmt_le_support(hdev);
3871 if (status)
4375f103 3872 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3873 status);
4375f103
JH		 3874
3875 if (cp->val != 0x00 && cp->val != 0x01)
3876 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3877 MGMT_STATUS_INVALID_PARAMS);
3878
3879 hci_dev_lock(hdev);
3880
3881 val = !!cp->val;
f3d3444a 3882 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3883
f74ca9b8
JH		 3884 /* The following conditions are ones which mean that we should
3885 * not do any HCI communication but directly send a mgmt
3886 * response to user space (after toggling the flag if
3887 * necessary).
3888 */
3889 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3890 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3891 bool changed = false;
3892
f3d3444a
JH		 3893 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3894 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3895 changed = true;
3896 }
3897
3898 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3899 if (err < 0)
3900 goto unlock;
3901
3902 if (changed)
3903 err = new_settings(hdev, sk);
3904
3905 goto unlock;
3906 }
3907
3908 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3909 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3910 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3911 MGMT_STATUS_BUSY);
3912 goto unlock;
3913 }
3914
3915 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3916 if (!cmd) {
3917 err = -ENOMEM;
3918 goto unlock;
3919 }
3920
3921 hci_req_init(&req, hdev);
3922
bba3aa55
MH		 3923 if (val)
3924 enable_advertising(&req);
3925 else
3926 disable_advertising(&req);
4375f103
JH		 3927
3928 err = hci_req_run(&req, set_advertising_complete);
3929 if (err < 0)
3930 mgmt_pending_remove(cmd);
3931
3932unlock:
3933 hci_dev_unlock(hdev);
3934 return err;
3935}
3936
d13eafce
MH		 3937static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3938 void *data, u16 len)
3939{
3940 struct mgmt_cp_set_static_address *cp = data;
3941 int err;
3942
3943 BT_DBG("%s", hdev->name);
3944
62af4443 3945 if (!lmp_le_capable(hdev))
d13eafce 3946 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3947 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3948
3949 if (hdev_is_powered(hdev))
3950 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3951 MGMT_STATUS_REJECTED);
3952
3953 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3954 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3955 return cmd_status(sk, hdev->id,
3956 MGMT_OP_SET_STATIC_ADDRESS,
3957 MGMT_STATUS_INVALID_PARAMS);
3958
3959 /* Two most significant bits shall be set */
3960 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3961 return cmd_status(sk, hdev->id,
3962 MGMT_OP_SET_STATIC_ADDRESS,
3963 MGMT_STATUS_INVALID_PARAMS);
3964 }
3965
3966 hci_dev_lock(hdev);
3967
3968 bacpy(&hdev->static_addr, &cp->bdaddr);
3969
3970 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3971
3972 hci_dev_unlock(hdev);
3973
3974 return err;
3975}
3976
14b49b9a
MH		 3977static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3978 void *data, u16 len)
3979{
3980 struct mgmt_cp_set_scan_params *cp = data;
3981 __u16 interval, window;
3982 int err;
3983
3984 BT_DBG("%s", hdev->name);
3985
3986 if (!lmp_le_capable(hdev))
3987 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3988 MGMT_STATUS_NOT_SUPPORTED);
3989
3990 interval = __le16_to_cpu(cp->interval);
3991
3992 if (interval < 0x0004 || interval > 0x4000)
3993 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3994 MGMT_STATUS_INVALID_PARAMS);
3995
3996 window = __le16_to_cpu(cp->window);
3997
3998 if (window < 0x0004 || window > 0x4000)
3999 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4000 MGMT_STATUS_INVALID_PARAMS);
4001
899e1075
MH		 4002 if (window > interval)
4003 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4004 MGMT_STATUS_INVALID_PARAMS);
4005
14b49b9a
MH		 4006 hci_dev_lock(hdev);
4007
4008 hdev->le_scan_interval = interval;
4009 hdev->le_scan_window = window;
4010
4011 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4012
dd2ef8e2
AG		 4013 /* If background scan is running, restart it so new parameters are
4014 * loaded.
4015 */
4016 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4017 hdev->discovery.state == DISCOVERY_STOPPED) {
4018 struct hci_request req;
4019
4020 hci_req_init(&req, hdev);
4021
4022 hci_req_add_le_scan_disable(&req);
4023 hci_req_add_le_passive_scan(&req);
4024
4025 hci_req_run(&req, NULL);
4026 }
4027
14b49b9a
MH		 4028 hci_dev_unlock(hdev);
4029
4030 return err;
4031}
4032
33e38b3e
JH		 4033static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4034{
4035 struct pending_cmd *cmd;
4036
4037 BT_DBG("status 0x%02x", status);
4038
4039 hci_dev_lock(hdev);
4040
4041 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4042 if (!cmd)
4043 goto unlock;
4044
4045 if (status) {
4046 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4047 mgmt_status(status));
4048 } else {
1a4d3c4b
JH		 4049 struct mgmt_mode *cp = cmd->param;
4050
4051 if (cp->val)
4052 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4053 else
4054 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4055
33e38b3e
JH		 4056 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4057 new_settings(hdev, cmd->sk);
4058 }
4059
4060 mgmt_pending_remove(cmd);
4061
4062unlock:
4063 hci_dev_unlock(hdev);
4064}
4065
bdb6d971 4066static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4067 void *data, u16 len)
f6422ec6 4068{
650f726d 4069 struct mgmt_mode *cp = data;
33e38b3e
JH		 4070 struct pending_cmd *cmd;
4071 struct hci_request req;
f6422ec6
AJ		 4072 int err;
4073
bdb6d971 4074 BT_DBG("%s", hdev->name);
f6422ec6 4075
56f87901
JH		 4076 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4077 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4078 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4079 MGMT_STATUS_NOT_SUPPORTED);
4080
a7e80f25
JH		 4081 if (cp->val != 0x00 && cp->val != 0x01)
4082 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4083 MGMT_STATUS_INVALID_PARAMS);
4084
5400c044 4085 if (!hdev_is_powered(hdev))
bdb6d971 4086 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4087 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4088
4089 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4090 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4091 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4092
4093 hci_dev_lock(hdev);
4094
05cbf29f
JH		 4095 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4096 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4097 MGMT_STATUS_BUSY);
4098 goto unlock;
4099 }
4100
1a4d3c4b
JH		 4101 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4102 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4103 hdev);
4104 goto unlock;
4105 }
4106
33e38b3e
JH		 4107 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4108 data, len);
4109 if (!cmd) {
4110 err = -ENOMEM;
4111 goto unlock;
f6422ec6
AJ		 4112 }
4113
33e38b3e
JH		 4114 hci_req_init(&req, hdev);
4115
406d7804 4116 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4117
4118 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4119 if (err < 0) {
bdb6d971 4120 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4121 MGMT_STATUS_FAILED);
33e38b3e 4122 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4123 }
4124
33e38b3e 4125unlock:
f6422ec6 4126 hci_dev_unlock(hdev);
33e38b3e 4127
f6422ec6
AJ		 4128 return err;
4129}
4130
67e5a7a3
JH		 4131static void set_bredr_scan(struct hci_request *req)
4132{
4133 struct hci_dev *hdev = req->hdev;
4134 u8 scan = 0;
4135
4136 /* Ensure that fast connectable is disabled. This function will
4137 * not do anything if the page scan parameters are already what
4138 * they should be.
4139 */
4140 write_fast_connectable(req, false);
4141
4142 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4143 scan |= SCAN_PAGE;
4144 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4145 scan |= SCAN_INQUIRY;
4146
4147 if (scan)
4148 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4149}
4150
0663ca2a
JH		 4151static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4152{
4153 struct pending_cmd *cmd;
4154
4155 BT_DBG("status 0x%02x", status);
4156
4157 hci_dev_lock(hdev);
4158
4159 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4160 if (!cmd)
4161 goto unlock;
4162
4163 if (status) {
4164 u8 mgmt_err = mgmt_status(status);
4165
4166 /* We need to restore the flag if related HCI commands
4167 * failed.
4168 */
4169 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4170
4171 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4172 } else {
4173 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4174 new_settings(hdev, cmd->sk);
4175 }
4176
4177 mgmt_pending_remove(cmd);
4178
4179unlock:
4180 hci_dev_unlock(hdev);
4181}
4182
4183static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4184{
4185 struct mgmt_mode *cp = data;
4186 struct pending_cmd *cmd;
4187 struct hci_request req;
4188 int err;
4189
4190 BT_DBG("request for %s", hdev->name);
4191
4192 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4193 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4194 MGMT_STATUS_NOT_SUPPORTED);
4195
4196 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4197 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4198 MGMT_STATUS_REJECTED);
4199
4200 if (cp->val != 0x00 && cp->val != 0x01)
4201 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4202 MGMT_STATUS_INVALID_PARAMS);
4203
4204 hci_dev_lock(hdev);
4205
4206 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4207 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4208 goto unlock;
4209 }
4210
4211 if (!hdev_is_powered(hdev)) {
4212 if (!cp->val) {
0663ca2a
JH		 4213 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4214 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4215 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4216 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4217 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4218 }
4219
4220 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4221
4222 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4223 if (err < 0)
4224 goto unlock;
4225
4226 err = new_settings(hdev, sk);
4227 goto unlock;
4228 }
4229
4230 /* Reject disabling when powered on */
4231 if (!cp->val) {
4232 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4233 MGMT_STATUS_REJECTED);
4234 goto unlock;
4235 }
4236
4237 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4238 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4239 MGMT_STATUS_BUSY);
4240 goto unlock;
4241 }
4242
4243 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4244 if (!cmd) {
4245 err = -ENOMEM;
4246 goto unlock;
4247 }
4248
5947f4bc 4249 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4250 * generates the correct flags.
4251 */
4252 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4253
4254 hci_req_init(&req, hdev);
aa8af46e
JH		 4255
4256 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4257 set_bredr_scan(&req);
4258
f14d8f64
MH		 4259 /* Since only the advertising data flags will change, there
4260 * is no need to update the scan response data.
4261 */
5947f4bc 4262 update_adv_data(&req);
aa8af46e 4263
0663ca2a
JH		 4264 err = hci_req_run(&req, set_bredr_complete);
4265 if (err < 0)
4266 mgmt_pending_remove(cmd);
4267
4268unlock:
4269 hci_dev_unlock(hdev);
4270 return err;
4271}
4272
eac83dc6
MH		 4273static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4274 void *data, u16 len)
4275{
4276 struct mgmt_mode *cp = data;
4277 struct pending_cmd *cmd;
0ab04a9c 4278 u8 val, status;
eac83dc6
MH		 4279 int err;
4280
4281 BT_DBG("request for %s", hdev->name);
4282
4283 status = mgmt_bredr_support(hdev);
4284 if (status)
4285 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4286 status);
4287
5afeac14 4288 if (!lmp_sc_capable(hdev) &&
111902f7 4289 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4290 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4291 MGMT_STATUS_NOT_SUPPORTED);
4292
0ab04a9c 4293 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4294 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4295 MGMT_STATUS_INVALID_PARAMS);
4296
4297 hci_dev_lock(hdev);
4298
4299 if (!hdev_is_powered(hdev)) {
4300 bool changed;
4301
0ab04a9c 4302 if (cp->val) {
eac83dc6
MH		 4303 changed = !test_and_set_bit(HCI_SC_ENABLED,
4304 &hdev->dev_flags);
0ab04a9c
MH		 4305 if (cp->val == 0x02)
4306 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4307 else
4308 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4309 } else {
eac83dc6
MH		 4310 changed = test_and_clear_bit(HCI_SC_ENABLED,
4311 &hdev->dev_flags);
0ab04a9c
MH		 4312 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4313 }
eac83dc6
MH		 4314
4315 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4316 if (err < 0)
4317 goto failed;
4318
4319 if (changed)
4320 err = new_settings(hdev, sk);
4321
4322 goto failed;
4323 }
4324
4325 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4326 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4327 MGMT_STATUS_BUSY);
4328 goto failed;
4329 }
4330
0ab04a9c
MH		 4331 val = !!cp->val;
4332
4333 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4334 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4335 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4336 goto failed;
4337 }
4338
4339 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4340 if (!cmd) {
4341 err = -ENOMEM;
4342 goto failed;
4343 }
4344
0ab04a9c 4345 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4346 if (err < 0) {
4347 mgmt_pending_remove(cmd);
4348 goto failed;
4349 }
4350
0ab04a9c
MH		 4351 if (cp->val == 0x02)
4352 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4353 else
4354 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4355
eac83dc6
MH		 4356failed:
4357 hci_dev_unlock(hdev);
4358 return err;
4359}
4360
4e39ac81
MH		 4361static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4362 void *data, u16 len)
4363{
4364 struct mgmt_mode *cp = data;
b9710979 4365 bool changed, use_changed;
4e39ac81
MH		 4366 int err;
4367
4368 BT_DBG("request for %s", hdev->name);
4369
b9710979 4370 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4371 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4372 MGMT_STATUS_INVALID_PARAMS);
4373
4374 hci_dev_lock(hdev);
4375
4376 if (cp->val)
0663b297
JH		 4377 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4378 &hdev->dev_flags);
4e39ac81 4379 else
0663b297
JH		 4380 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4381 &hdev->dev_flags);
4e39ac81 4382
b9710979
JH		 4383 if (cp->val == 0x02)
4384 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4385 &hdev->dev_flags);
4386 else
4387 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4388 &hdev->dev_flags);
4389
4390 if (hdev_is_powered(hdev) && use_changed &&
4391 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4392 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4393 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4394 sizeof(mode), &mode);
4395 }
4396
4e39ac81
MH		 4397 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4398 if (err < 0)
4399 goto unlock;
4400
4401 if (changed)
4402 err = new_settings(hdev, sk);
4403
4404unlock:
4405 hci_dev_unlock(hdev);
4406 return err;
4407}
4408
62b04cd1
JH		 4409static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4410 u16 len)
4411{
4412 struct mgmt_cp_set_privacy *cp = cp_data;
4413 bool changed;
4414 int err;
4415
4416 BT_DBG("request for %s", hdev->name);
4417
4418 if (!lmp_le_capable(hdev))
4419 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4420 MGMT_STATUS_NOT_SUPPORTED);
4421
4422 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4423 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4424 MGMT_STATUS_INVALID_PARAMS);
4425
4426 if (hdev_is_powered(hdev))
4427 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4428 MGMT_STATUS_REJECTED);
4429
4430 hci_dev_lock(hdev);
4431
c21c0ea0
JH		 4432 /* If user space supports this command it is also expected to
4433 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4434 */
4435 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4436
62b04cd1
JH		 4437 if (cp->privacy) {
4438 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4439 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4440 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4441 } else {
4442 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4443 memset(hdev->irk, 0, sizeof(hdev->irk));
4444 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4445 }
4446
4447 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4448 if (err < 0)
4449 goto unlock;
4450
4451 if (changed)
4452 err = new_settings(hdev, sk);
4453
4454unlock:
4455 hci_dev_unlock(hdev);
4456 return err;
4457}
4458
41edf160
JH		 4459static bool irk_is_valid(struct mgmt_irk_info *irk)
4460{
4461 switch (irk->addr.type) {
4462 case BDADDR_LE_PUBLIC:
4463 return true;
4464
4465 case BDADDR_LE_RANDOM:
4466 /* Two most significant bits shall be set */
4467 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4468 return false;
4469 return true;
4470 }
4471
4472 return false;
4473}
4474
4475static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4476 u16 len)
4477{
4478 struct mgmt_cp_load_irks *cp = cp_data;
4479 u16 irk_count, expected_len;
4480 int i, err;
4481
4482 BT_DBG("request for %s", hdev->name);
4483
4484 if (!lmp_le_capable(hdev))
4485 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4486 MGMT_STATUS_NOT_SUPPORTED);
4487
4488 irk_count = __le16_to_cpu(cp->irk_count);
4489
4490 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4491 if (expected_len != len) {
4492 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4493 expected_len, len);
41edf160
JH		 4494 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4495 MGMT_STATUS_INVALID_PARAMS);
4496 }
4497
4498 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4499
4500 for (i = 0; i < irk_count; i++) {
4501 struct mgmt_irk_info *key = &cp->irks[i];
4502
4503 if (!irk_is_valid(key))
4504 return cmd_status(sk, hdev->id,
4505 MGMT_OP_LOAD_IRKS,
4506 MGMT_STATUS_INVALID_PARAMS);
4507 }
4508
4509 hci_dev_lock(hdev);
4510
4511 hci_smp_irks_clear(hdev);
4512
4513 for (i = 0; i < irk_count; i++) {
4514 struct mgmt_irk_info *irk = &cp->irks[i];
4515 u8 addr_type;
4516
4517 if (irk->addr.type == BDADDR_LE_PUBLIC)
4518 addr_type = ADDR_LE_DEV_PUBLIC;
4519 else
4520 addr_type = ADDR_LE_DEV_RANDOM;
4521
4522 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4523 BDADDR_ANY);
4524 }
4525
4526 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4527
4528 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4529
4530 hci_dev_unlock(hdev);
4531
4532 return err;
4533}
4534
3f706b72
JH		 4535static bool ltk_is_valid(struct mgmt_ltk_info *key)
4536{
4537 if (key->master != 0x00 && key->master != 0x01)
4538 return false;
490cb0b3
MH		 4539
4540 switch (key->addr.type) {
4541 case BDADDR_LE_PUBLIC:
4542 return true;
4543
4544 case BDADDR_LE_RANDOM:
4545 /* Two most significant bits shall be set */
4546 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4547 return false;
4548 return true;
4549 }
4550
4551 return false;
3f706b72
JH		 4552}
4553
bdb6d971 4554static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4555 void *cp_data, u16 len)
346af67b 4556{
346af67b
VCG		 4557 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4558 u16 key_count, expected_len;
715a5bf2 4559 int i, err;
346af67b 4560
cf99ba13
MH		 4561 BT_DBG("request for %s", hdev->name);
4562
4563 if (!lmp_le_capable(hdev))
4564 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4565 MGMT_STATUS_NOT_SUPPORTED);
4566
1f350c87 4567 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4568
4569 expected_len = sizeof(*cp) + key_count *
4570 sizeof(struct mgmt_ltk_info);
4571 if (expected_len != len) {
4572 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4573 expected_len, len);
bdb6d971 4574 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4575 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4576 }
4577
bdb6d971 4578 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4579
54ad6d8a
JH		 4580 for (i = 0; i < key_count; i++) {
4581 struct mgmt_ltk_info *key = &cp->keys[i];
4582
3f706b72 4583 if (!ltk_is_valid(key))
54ad6d8a
JH		 4584 return cmd_status(sk, hdev->id,
4585 MGMT_OP_LOAD_LONG_TERM_KEYS,
4586 MGMT_STATUS_INVALID_PARAMS);
4587 }
4588
346af67b
VCG		 4589 hci_dev_lock(hdev);
4590
4591 hci_smp_ltks_clear(hdev);
4592
4593 for (i = 0; i < key_count; i++) {
4594 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4595 u8 type, addr_type, authenticated;
79d95a19
MH		 4596
4597 if (key->addr.type == BDADDR_LE_PUBLIC)
4598 addr_type = ADDR_LE_DEV_PUBLIC;
4599 else
4600 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4601
4602 if (key->master)
2ceba539 4603 type = SMP_LTK;
346af67b 4604 else
2ceba539 4605 type = SMP_LTK_SLAVE;
346af67b 4606
61b43357
JH		 4607 switch (key->type) {
4608 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4609 authenticated = 0x00;
61b43357
JH		 4610 break;
4611 case MGMT_LTK_AUTHENTICATED:
d7b25450 4612 authenticated = 0x01;
61b43357
JH		 4613 break;
4614 default:
4615 continue;
4616 }
d7b25450 4617
35d70271 4618 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4619 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4620 key->rand);
346af67b
VCG		 4621 }
4622
715a5bf2
JH		 4623 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4624 NULL, 0);
4625
346af67b 4626 hci_dev_unlock(hdev);
346af67b 4627
715a5bf2 4628 return err;
346af67b
VCG		 4629}
4630
dd983808
AK		 4631struct cmd_conn_lookup {
4632 struct hci_conn *conn;
4633 bool valid_tx_power;
4634 u8 mgmt_status;
4635};
4636
4637static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4638{
4639 struct cmd_conn_lookup *match = data;
4640 struct mgmt_cp_get_conn_info *cp;
4641 struct mgmt_rp_get_conn_info rp;
4642 struct hci_conn *conn = cmd->user_data;
4643
4644 if (conn != match->conn)
4645 return;
4646
4647 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4648
4649 memset(&rp, 0, sizeof(rp));
4650 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4651 rp.addr.type = cp->addr.type;
4652
4653 if (!match->mgmt_status) {
4654 rp.rssi = conn->rssi;
4655
eed5daf3 4656 if (match->valid_tx_power) {
dd983808 4657 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4658 rp.max_tx_power = conn->max_tx_power;
4659 } else {
dd983808 4660 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4661 rp.max_tx_power = HCI_TX_POWER_INVALID;
4662 }
dd983808
AK		 4663 }
4664
4665 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4666 match->mgmt_status, &rp, sizeof(rp));
4667
4668 hci_conn_drop(conn);
4669
4670 mgmt_pending_remove(cmd);
4671}
4672
4673static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4674{
4675 struct hci_cp_read_rssi *cp;
4676 struct hci_conn *conn;
4677 struct cmd_conn_lookup match;
4678 u16 handle;
4679
4680 BT_DBG("status 0x%02x", status);
4681
4682 hci_dev_lock(hdev);
4683
4684 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4685 * otherwise we assume it's not valid. At the moment we assume that
4686 * either both or none of current and max values are valid to keep code
4687 * simple.
dd983808
AK		 4688 */
4689 match.valid_tx_power = !status;
4690
4691 /* Commands sent in request are either Read RSSI or Read Transmit Power
4692 * Level so we check which one was last sent to retrieve connection
4693 * handle. Both commands have handle as first parameter so it's safe to
4694 * cast data on the same command struct.
4695 *
4696 * First command sent is always Read RSSI and we fail only if it fails.
4697 * In other case we simply override error to indicate success as we
4698 * already remembered if TX power value is actually valid.
4699 */
4700 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4701 if (!cp) {
4702 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4703 status = 0;
4704 }
4705
4706 if (!cp) {
4707 BT_ERR("invalid sent_cmd in response");
4708 goto unlock;
4709 }
4710
4711 handle = __le16_to_cpu(cp->handle);
4712 conn = hci_conn_hash_lookup_handle(hdev, handle);
4713 if (!conn) {
4714 BT_ERR("unknown handle (%d) in response", handle);
4715 goto unlock;
4716 }
4717
4718 match.conn = conn;
4719 match.mgmt_status = mgmt_status(status);
4720
4721 /* Cache refresh is complete, now reply for mgmt request for given
4722 * connection only.
4723 */
4724 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4725 get_conn_info_complete, &match);
4726
4727unlock:
4728 hci_dev_unlock(hdev);
4729}
4730
4731static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4732 u16 len)
4733{
4734 struct mgmt_cp_get_conn_info *cp = data;
4735 struct mgmt_rp_get_conn_info rp;
4736 struct hci_conn *conn;
4737 unsigned long conn_info_age;
4738 int err = 0;
4739
4740 BT_DBG("%s", hdev->name);
4741
4742 memset(&rp, 0, sizeof(rp));
4743 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4744 rp.addr.type = cp->addr.type;
4745
4746 if (!bdaddr_type_is_valid(cp->addr.type))
4747 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4748 MGMT_STATUS_INVALID_PARAMS,
4749 &rp, sizeof(rp));
4750
4751 hci_dev_lock(hdev);
4752
4753 if (!hdev_is_powered(hdev)) {
4754 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4755 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4756 goto unlock;
4757 }
4758
4759 if (cp->addr.type == BDADDR_BREDR)
4760 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4761 &cp->addr.bdaddr);
4762 else
4763 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4764
4765 if (!conn || conn->state != BT_CONNECTED) {
4766 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4767 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4768 goto unlock;
4769 }
4770
4771 /* To avoid client trying to guess when to poll again for information we
4772 * calculate conn info age as random value between min/max set in hdev.
4773 */
4774 conn_info_age = hdev->conn_info_min_age +
4775 prandom_u32_max(hdev->conn_info_max_age -
4776 hdev->conn_info_min_age);
4777
4778 /* Query controller to refresh cached values if they are too old or were
4779 * never read.
4780 */
f4e2dd53
AK		 4781 if (time_after(jiffies, conn->conn_info_timestamp +
4782 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4783 !conn->conn_info_timestamp) {
4784 struct hci_request req;
4785 struct hci_cp_read_tx_power req_txp_cp;
4786 struct hci_cp_read_rssi req_rssi_cp;
4787 struct pending_cmd *cmd;
4788
4789 hci_req_init(&req, hdev);
4790 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4791 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4792 &req_rssi_cp);
4793
f7faab0c
AK		 4794 /* For LE links TX power does not change thus we don't need to
4795 * query for it once value is known.
4796 */
4797 if (!bdaddr_type_is_le(cp->addr.type) ||
4798 conn->tx_power == HCI_TX_POWER_INVALID) {
4799 req_txp_cp.handle = cpu_to_le16(conn->handle);
4800 req_txp_cp.type = 0x00;
4801 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4802 sizeof(req_txp_cp), &req_txp_cp);
4803 }
dd983808 4804
eed5daf3
AK		 4805 /* Max TX power needs to be read only once per connection */
4806 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4807 req_txp_cp.handle = cpu_to_le16(conn->handle);
4808 req_txp_cp.type = 0x01;
4809 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4810 sizeof(req_txp_cp), &req_txp_cp);
4811 }
4812
dd983808
AK		 4813 err = hci_req_run(&req, conn_info_refresh_complete);
4814 if (err < 0)
4815 goto unlock;
4816
4817 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4818 data, len);
4819 if (!cmd) {
4820 err = -ENOMEM;
4821 goto unlock;
4822 }
4823
4824 hci_conn_hold(conn);
4825 cmd->user_data = conn;
4826
4827 conn->conn_info_timestamp = jiffies;
4828 } else {
4829 /* Cache is valid, just reply with values cached in hci_conn */
4830 rp.rssi = conn->rssi;
4831 rp.tx_power = conn->tx_power;
eed5daf3 4832 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 4833
4834 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4835 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
4836 }
4837
4838unlock:
4839 hci_dev_unlock(hdev);
4840 return err;
4841}
4842
95868426
JH		 4843static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
4844{
4845 struct mgmt_cp_get_clock_info *cp;
4846 struct mgmt_rp_get_clock_info rp;
4847 struct hci_cp_read_clock *hci_cp;
4848 struct pending_cmd *cmd;
4849 struct hci_conn *conn;
4850
4851 BT_DBG("%s status %u", hdev->name, status);
4852
4853 hci_dev_lock(hdev);
4854
4855 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
4856 if (!hci_cp)
4857 goto unlock;
4858
4859 if (hci_cp->which) {
4860 u16 handle = __le16_to_cpu(hci_cp->handle);
4861 conn = hci_conn_hash_lookup_handle(hdev, handle);
4862 } else {
4863 conn = NULL;
4864 }
4865
4866 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
4867 if (!cmd)
4868 goto unlock;
4869
4870 cp = cmd->param;
4871
4872 memset(&rp, 0, sizeof(rp));
4873 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
4874
4875 if (status)
4876 goto send_rsp;
4877
4878 rp.local_clock = cpu_to_le32(hdev->clock);
4879
4880 if (conn) {
4881 rp.piconet_clock = cpu_to_le32(conn->clock);
4882 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
4883 }
4884
4885send_rsp:
4886 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
4887 &rp, sizeof(rp));
4888 mgmt_pending_remove(cmd);
4889 if (conn)
4890 hci_conn_drop(conn);
4891
4892unlock:
4893 hci_dev_unlock(hdev);
4894}
4895
4896static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
4897 u16 len)
4898{
4899 struct mgmt_cp_get_clock_info *cp = data;
4900 struct mgmt_rp_get_clock_info rp;
4901 struct hci_cp_read_clock hci_cp;
4902 struct pending_cmd *cmd;
4903 struct hci_request req;
4904 struct hci_conn *conn;
4905 int err;
4906
4907 BT_DBG("%s", hdev->name);
4908
4909 memset(&rp, 0, sizeof(rp));
4910 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4911 rp.addr.type = cp->addr.type;
4912
4913 if (cp->addr.type != BDADDR_BREDR)
4914 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4915 MGMT_STATUS_INVALID_PARAMS,
4916 &rp, sizeof(rp));
4917
4918 hci_dev_lock(hdev);
4919
4920 if (!hdev_is_powered(hdev)) {
4921 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4922 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4923 goto unlock;
4924 }
4925
4926 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4927 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4928 &cp->addr.bdaddr);
4929 if (!conn || conn->state != BT_CONNECTED) {
4930 err = cmd_complete(sk, hdev->id,
4931 MGMT_OP_GET_CLOCK_INFO,
4932 MGMT_STATUS_NOT_CONNECTED,
4933 &rp, sizeof(rp));
4934 goto unlock;
4935 }
4936 } else {
4937 conn = NULL;
4938 }
4939
4940 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
4941 if (!cmd) {
4942 err = -ENOMEM;
4943 goto unlock;
4944 }
4945
4946 hci_req_init(&req, hdev);
4947
4948 memset(&hci_cp, 0, sizeof(hci_cp));
4949 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
4950
4951 if (conn) {
4952 hci_conn_hold(conn);
4953 cmd->user_data = conn;
4954
4955 hci_cp.handle = cpu_to_le16(conn->handle);
4956 hci_cp.which = 0x01; /* Piconet clock */
4957 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
4958 }
4959
4960 err = hci_req_run(&req, get_clock_info_complete);
4961 if (err < 0)
4962 mgmt_pending_remove(cmd);
4963
4964unlock:
4965 hci_dev_unlock(hdev);
4966 return err;
4967}
4968
2e3c35ea 4969static const struct mgmt_handler {
04124681
GP		 4970 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4971 u16 data_len);
be22b54e
JH		 4972 bool var_len;
4973 size_t data_len;
0f4e68cf
JH		 4974} mgmt_handlers[] = {
4975 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4976 { read_version, false, MGMT_READ_VERSION_SIZE },
4977 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4978 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4979 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4980 { set_powered, false, MGMT_SETTING_SIZE },
4981 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4982 { set_connectable, false, MGMT_SETTING_SIZE },
4983 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4984 { set_pairable, false, MGMT_SETTING_SIZE },
4985 { set_link_security, false, MGMT_SETTING_SIZE },
4986 { set_ssp, false, MGMT_SETTING_SIZE },
4987 { set_hs, false, MGMT_SETTING_SIZE },
4988 { set_le, false, MGMT_SETTING_SIZE },
4989 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4990 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4991 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4992 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4993 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4994 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4995 { disconnect, false, MGMT_DISCONNECT_SIZE },
4996 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4997 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4998 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4999 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5000 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5001 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5002 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5003 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5004 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5005 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5006 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5007 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5008 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5009 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5010 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5011 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5012 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5013 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5014 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5015 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5016 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5017 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5018 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5019 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5020 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5021 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5022 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5023 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5024 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5025 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
0f4e68cf
JH		 5026};
5027
5028
0381101f
JH		 5029int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5030{
650f726d
VCG		 5031 void *buf;
5032 u8 *cp;
0381101f 5033 struct mgmt_hdr *hdr;
4e51eae9 5034 u16 opcode, index, len;
bdb6d971 5035 struct hci_dev *hdev = NULL;
2e3c35ea 5036 const struct mgmt_handler *handler;
0381101f
JH		 5037 int err;
5038
5039 BT_DBG("got %zu bytes", msglen);
5040
5041 if (msglen < sizeof(*hdr))
5042 return -EINVAL;
5043
e63a15ec 5044 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5045 if (!buf)
5046 return -ENOMEM;
5047
5048 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5049 err = -EFAULT;
5050 goto done;
5051 }
5052
650f726d 5053 hdr = buf;
1f350c87
MH		 5054 opcode = __le16_to_cpu(hdr->opcode);
5055 index = __le16_to_cpu(hdr->index);
5056 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5057
5058 if (len != msglen - sizeof(*hdr)) {
5059 err = -EINVAL;
5060 goto done;
5061 }
5062
0f4e68cf 5063 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5064 hdev = hci_dev_get(index);
5065 if (!hdev) {
5066 err = cmd_status(sk, index, opcode,
04124681 5067 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5068 goto done;
5069 }
0736cfa8 5070
cebf4cfd 5071 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
fee746b0
MH		 5072 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) ||
5073 test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) {
0736cfa8
MH		 5074 err = cmd_status(sk, index, opcode,
5075 MGMT_STATUS_INVALID_INDEX);
5076 goto done;
5077 }
bdb6d971
JH		 5078 }
5079
0f4e68cf 5080 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5081 mgmt_handlers[opcode].func == NULL) {
0381101f 5082 BT_DBG("Unknown op %u", opcode);
ca69b795 5083 err = cmd_status(sk, index, opcode,
04124681 5084 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5085 goto done;
5086 }
5087
5088 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 5089 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 5090 err = cmd_status(sk, index, opcode,
04124681 5091 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5092 goto done;
0381101f
JH		 5093 }
5094
be22b54e
JH		 5095 handler = &mgmt_handlers[opcode];
5096
5097 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5098 (!handler->var_len && len != handler->data_len)) {
be22b54e 5099 err = cmd_status(sk, index, opcode,
04124681 5100 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5101 goto done;
5102 }
5103
0f4e68cf
JH		 5104 if (hdev)
5105 mgmt_init_hdev(sk, hdev);
5106
5107 cp = buf + sizeof(*hdr);
5108
be22b54e 5109 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5110 if (err < 0)
5111 goto done;
5112
0381101f
JH		 5113 err = msglen;
5114
5115done:
bdb6d971
JH		 5116 if (hdev)
5117 hci_dev_put(hdev);
5118
0381101f
JH		 5119 kfree(buf);
5120 return err;
5121}
c71e97bf 5122
bf6b56db 5123void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 5124{
1514b892 5125 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5126 return;
bb4b2a9a 5127
bf6b56db 5128 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 5129}
5130
bf6b56db 5131void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 5132{
5f159032 5133 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 5134
1514b892 5135 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5136 return;
bb4b2a9a 5137
744cf19e 5138 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 5139
bf6b56db 5140 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 5141}
5142
6046dc3e
AG		 5143/* This function requires the caller holds hdev->lock */
5144static void restart_le_auto_conns(struct hci_dev *hdev)
5145{
5146 struct hci_conn_params *p;
5147
5148 list_for_each_entry(p, &hdev->le_conn_params, list) {
5149 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS)
5150 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
5151 }
5152}
5153
229ab39c
JH		 5154static void powered_complete(struct hci_dev *hdev, u8 status)
5155{
5156 struct cmd_lookup match = { NULL, hdev };
5157
5158 BT_DBG("status 0x%02x", status);
5159
5160 hci_dev_lock(hdev);
5161
6046dc3e
AG		 5162 restart_le_auto_conns(hdev);
5163
229ab39c
JH		 5164 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5165
5166 new_settings(hdev, match.sk);
5167
5168 hci_dev_unlock(hdev);
5169
5170 if (match.sk)
5171 sock_put(match.sk);
5172}
5173
70da6243 5174static int powered_update_hci(struct hci_dev *hdev)
5add6af8 5175{
890ea898 5176 struct hci_request req;
70da6243 5177 u8 link_sec;
5add6af8 5178
890ea898
JH		 5179 hci_req_init(&req, hdev);
5180
70da6243
JH		 5181 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5182 !lmp_host_ssp_capable(hdev)) {
5183 u8 ssp = 1;
5e5282bb 5184
890ea898 5185 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5186 }
5add6af8 5187
c73eee91
JH		 5188 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5189 lmp_bredr_capable(hdev)) {
70da6243 5190 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5191
70da6243
JH		 5192 cp.le = 1;
5193 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 5194
70da6243
JH		 5195 /* Check first if we already have the right
5196 * host state (host features set)
5197 */
5198 if (cp.le != lmp_host_le_capable(hdev) ||
5199 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5200 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5201 sizeof(cp), &cp);
70da6243 5202 }
3d1cbdd6 5203
d13eafce 5204 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5205 /* Make sure the controller has a good default for
5206 * advertising data. This also applies to the case
5207 * where BR/EDR was toggled during the AUTO_OFF phase.
5208 */
f14d8f64 5209 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5210 update_adv_data(&req);
f14d8f64
MH		 5211 update_scan_rsp_data(&req);
5212 }
441ad2d0 5213
bba3aa55
MH		 5214 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5215 enable_advertising(&req);
eeca6f89
JH		 5216 }
5217
70da6243
JH		 5218 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5219 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5220 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5221 sizeof(link_sec), &link_sec);
562fcc24 5222
70da6243 5223 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5224 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5225 set_bredr_scan(&req);
890ea898 5226 update_class(&req);
13928971 5227 update_name(&req);
890ea898 5228 update_eir(&req);
70da6243 5229 }
562fcc24 5230
229ab39c 5231 return hci_req_run(&req, powered_complete);
70da6243 5232}
562fcc24 5233
70da6243
JH		 5234int mgmt_powered(struct hci_dev *hdev, u8 powered)
5235{
5236 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5237 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5238 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5239 int err;
f0ff92fb 5240
70da6243
JH		 5241 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5242 return 0;
5243
70da6243 5244 if (powered) {
229ab39c
JH		 5245 if (powered_update_hci(hdev) == 0)
5246 return 0;
fe038884 5247
229ab39c
JH		 5248 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5249 &match);
5250 goto new_settings;
b24752fe
JH		 5251 }
5252
229ab39c
JH		 5253 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5254 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5255
5256 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5257 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5258 zero_cod, sizeof(zero_cod), NULL);
5259
5260new_settings:
beadb2bd 5261 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5262
5263 if (match.sk)
5264 sock_put(match.sk);
5265
7bb895d6 5266 return err;
5add6af8 5267}
73f22f62 5268
3eec705e 5269void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5270{
5271 struct pending_cmd *cmd;
5272 u8 status;
5273
5274 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5275 if (!cmd)
3eec705e 5276 return;
96570ffc
JH		 5277
5278 if (err == -ERFKILL)
5279 status = MGMT_STATUS_RFKILLED;
5280 else
5281 status = MGMT_STATUS_FAILED;
5282
3eec705e 5283 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5284
5285 mgmt_pending_remove(cmd);
96570ffc
JH		 5286}
5287
d1967ff8
MH		 5288void mgmt_discoverable_timeout(struct hci_dev *hdev)
5289{
5290 struct hci_request req;
d1967ff8
MH		 5291
5292 hci_dev_lock(hdev);
5293
5294 /* When discoverable timeout triggers, then just make sure
5295 * the limited discoverable flag is cleared. Even in the case
5296 * of a timeout triggered from general discoverable, it is
5297 * safe to unconditionally clear the flag.
5298 */
5299 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 5300 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 5301
5302 hci_req_init(&req, hdev);
4b580614
JH		 5303 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5304 u8 scan = SCAN_PAGE;
5305 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5306 sizeof(scan), &scan);
5307 }
d1967ff8 5308 update_class(&req);
9a43e25f 5309 update_adv_data(&req);
d1967ff8
MH		 5310 hci_req_run(&req, NULL);
5311
5312 hdev->discov_timeout = 0;
5313
9a43e25f
JH		 5314 new_settings(hdev, NULL);
5315
d1967ff8
MH		 5316 hci_dev_unlock(hdev);
5317}
5318
86a75645 5319void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 5320{
86a75645 5321 bool changed;
73f22f62 5322
bfaf8c9f
JH		 5323 /* Nothing needed here if there's a pending command since that
5324 * commands request completion callback takes care of everything
5325 * necessary.
5326 */
5327 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 5328 return;
bfaf8c9f 5329
bd107999
JH		 5330 /* Powering off may clear the scan mode - don't let that interfere */
5331 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5332 return;
5333
9a43e25f 5334 if (discoverable) {
86a75645 5335 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5336 } else {
5337 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 5338 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5339 }
5340
5341 if (changed) {
5342 struct hci_request req;
5343
5344 /* In case this change in discoverable was triggered by
5345 * a disabling of connectable there could be a need to
5346 * update the advertising flags.
5347 */
5348 hci_req_init(&req, hdev);
5349 update_adv_data(&req);
5350 hci_req_run(&req, NULL);
73f22f62 5351
86a75645 5352 new_settings(hdev, NULL);
9a43e25f 5353 }
73f22f62 5354}
9fbcbb45 5355
a330916c 5356void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 5357{
a330916c 5358 bool changed;
9fbcbb45 5359
d7b856f9
JH		 5360 /* Nothing needed here if there's a pending command since that
5361 * commands request completion callback takes care of everything
5362 * necessary.
5363 */
5364 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 5365 return;
d7b856f9 5366
ce3f24cf
JH		 5367 /* Powering off may clear the scan mode - don't let that interfere */
5368 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5369 return;
5370
a330916c
MH		 5371 if (connectable)
5372 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5373 else
5374 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 5375
beadb2bd 5376 if (changed)
a330916c 5377 new_settings(hdev, NULL);
9fbcbb45 5378}
55ed8ca1 5379
778b235a
JH		 5380void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
5381{
7c4cfab8
JH		 5382 /* Powering off may stop advertising - don't let that interfere */
5383 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5384 return;
5385
778b235a
JH		 5386 if (advertising)
5387 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
5388 else
5389 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5390}
5391
4796e8af 5392void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 5393{
ca69b795
JH		 5394 u8 mgmt_err = mgmt_status(status);
5395
2d7cee58 5396 if (scan & SCAN_PAGE)
744cf19e 5397 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 5398 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5399
5400 if (scan & SCAN_INQUIRY)
744cf19e 5401 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 5402 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5403}
5404
dc4a5ee2
MH		 5405void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
5406 bool persistent)
55ed8ca1 5407{
86742e1e 5408 struct mgmt_ev_new_link_key ev;
55ed8ca1 5409
a492cd52 5410 memset(&ev, 0, sizeof(ev));
55ed8ca1 5411
a492cd52 5412 ev.store_hint = persistent;
d753fdc4 5413 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 5414 ev.key.addr.type = BDADDR_BREDR;
a492cd52 5415 ev.key.type = key->type;
9b3b4460 5416 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 5417 ev.key.pin_len = key->pin_len;
55ed8ca1 5418
dc4a5ee2 5419 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 5420}
f7520543 5421
d7b25450
JH		 5422static u8 mgmt_ltk_type(struct smp_ltk *ltk)
5423{
5424 if (ltk->authenticated)
5425 return MGMT_LTK_AUTHENTICATED;
5426
5427 return MGMT_LTK_UNAUTHENTICATED;
5428}
5429
53ac6ab6 5430void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 5431{
5432 struct mgmt_ev_new_long_term_key ev;
5433
5434 memset(&ev, 0, sizeof(ev));
5435
5192d301
MH		 5436 /* Devices using resolvable or non-resolvable random addresses
5437 * without providing an indentity resolving key don't require
5438 * to store long term keys. Their addresses will change the
5439 * next time around.
5440 *
5441 * Only when a remote device provides an identity address
5442 * make sure the long term key is stored. If the remote
5443 * identity is known, the long term keys are internally
5444 * mapped to the identity address. So allow static random
5445 * and public addresses here.
5446 */
ba74b666
JH		 5447 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5448 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5449 ev.store_hint = 0x00;
5450 else
53ac6ab6 5451 ev.store_hint = persistent;
ba74b666 5452
346af67b 5453 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 5454 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 5455 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 5456 ev.key.enc_size = key->enc_size;
5457 ev.key.ediv = key->ediv;
fe39c7b2 5458 ev.key.rand = key->rand;
346af67b 5459
2ceba539 5460 if (key->type == SMP_LTK)
346af67b
VCG		 5461 ev.key.master = 1;
5462
346af67b
VCG		 5463 memcpy(ev.key.val, key->val, sizeof(key->val));
5464
083368f7 5465 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 5466}
5467
95fbac8a
JH		 5468void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5469{
5470 struct mgmt_ev_new_irk ev;
5471
5472 memset(&ev, 0, sizeof(ev));
5473
bab6d1e5
MH		 5474 /* For identity resolving keys from devices that are already
5475 * using a public address or static random address, do not
5476 * ask for storing this key. The identity resolving key really
5477 * is only mandatory for devices using resovlable random
5478 * addresses.
5479 *
5480 * Storing all identity resolving keys has the downside that
5481 * they will be also loaded on next boot of they system. More
5482 * identity resolving keys, means more time during scanning is
5483 * needed to actually resolve these addresses.
5484 */
5485 if (bacmp(&irk->rpa, BDADDR_ANY))
5486 ev.store_hint = 0x01;
5487 else
5488 ev.store_hint = 0x00;
5489
95fbac8a
JH		 5490 bacpy(&ev.rpa, &irk->rpa);
5491 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5492 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5493 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5494
5495 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5496}
5497
53ac6ab6
MH		 5498void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
5499 bool persistent)
7ee4ea36
MH		 5500{
5501 struct mgmt_ev_new_csrk ev;
5502
5503 memset(&ev, 0, sizeof(ev));
5504
5505 /* Devices using resolvable or non-resolvable random addresses
5506 * without providing an indentity resolving key don't require
5507 * to store signature resolving keys. Their addresses will change
5508 * the next time around.
5509 *
5510 * Only when a remote device provides an identity address
5511 * make sure the signature resolving key is stored. So allow
5512 * static random and public addresses here.
5513 */
5514 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5515 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
5516 ev.store_hint = 0x00;
5517 else
53ac6ab6 5518 ev.store_hint = persistent;
7ee4ea36
MH		 5519
5520 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
5521 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
5522 ev.key.master = csrk->master;
5523 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
5524
5525 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
5526}
5527
94933991
MH		 5528static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5529 u8 data_len)
5530{
5531 eir[eir_len++] = sizeof(type) + data_len;
5532 eir[eir_len++] = type;
5533 memcpy(&eir[eir_len], data, data_len);
5534 eir_len += data_len;
5535
5536 return eir_len;
5537}
5538
ecd90ae7
MH		 5539void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5540 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5541 u8 *dev_class)
f7520543 5542{
b644ba33
JH		 5543 char buf[512];
5544 struct mgmt_ev_device_connected *ev = (void *) buf;
5545 u16 eir_len = 0;
f7520543 5546
b644ba33 5547 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5548 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 5549
c95f0ba7 5550 ev->flags = __cpu_to_le32(flags);
08c79b61 5551
b644ba33
JH		 5552 if (name_len > 0)
5553 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 5554 name, name_len);
b644ba33
JH		 5555
5556 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 5557 eir_len = eir_append_data(ev->eir, eir_len,
04124681 5558 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 5559
eb55ef07 5560 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 5561
ecd90ae7
MH		 5562 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5563 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 5564}
5565
8962ee74
JH		 5566static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5567{
c68fb7ff 5568 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 5569 struct sock **sk = data;
a38528f1 5570 struct mgmt_rp_disconnect rp;
8962ee74 5571
88c3df13
JH		 5572 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5573 rp.addr.type = cp->addr.type;
8962ee74 5574
aee9b218 5575 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 5576 sizeof(rp));
8962ee74
JH		 5577
5578 *sk = cmd->sk;
5579 sock_hold(*sk);
5580
a664b5bc 5581 mgmt_pending_remove(cmd);
8962ee74
JH		 5582}
5583
124f6e35 5584static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 5585{
b1078ad0 5586 struct hci_dev *hdev = data;
124f6e35
JH		 5587 struct mgmt_cp_unpair_device *cp = cmd->param;
5588 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 5589
5590 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 5591 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5592 rp.addr.type = cp->addr.type;
a8a1d19e 5593
b1078ad0
JH		 5594 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5595
aee9b218 5596 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 5597
5598 mgmt_pending_remove(cmd);
5599}
5600
9b80ec5e 5601void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 5602 u8 link_type, u8 addr_type, u8 reason,
5603 bool mgmt_connected)
f7520543 5604{
f0d6a0ea 5605 struct mgmt_ev_device_disconnected ev;
8b064a3a 5606 struct pending_cmd *power_off;
8962ee74 5607 struct sock *sk = NULL;
8962ee74 5608
8b064a3a
JH		 5609 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5610 if (power_off) {
5611 struct mgmt_mode *cp = power_off->param;
5612
5613 /* The connection is still in hci_conn_hash so test for 1
5614 * instead of 0 to know if this is the last one.
5615 */
a3172b7e
JH		 5616 if (!cp->val && hci_conn_count(hdev) == 1) {
5617 cancel_delayed_work(&hdev->power_off);
8b064a3a 5618 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5619 }
8b064a3a
JH		 5620 }
5621
12d4a3b2
JH		 5622 if (!mgmt_connected)
5623 return;
5624
57eb776f
AG		 5625 if (link_type != ACL_LINK && link_type != LE_LINK)
5626 return;
5627
744cf19e 5628 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5629
f0d6a0ea
MA		 5630 bacpy(&ev.addr.bdaddr, bdaddr);
5631 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5632 ev.reason = reason;
f7520543 5633
9b80ec5e 5634 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5635
5636 if (sk)
d97dcb66 5637 sock_put(sk);
8962ee74 5638
124f6e35 5639 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5640 hdev);
8962ee74
JH		 5641}
5642
7892924c
MH		 5643void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5644 u8 link_type, u8 addr_type, u8 status)
8962ee74 5645{
3655bba8
AG		 5646 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5647 struct mgmt_cp_disconnect *cp;
88c3df13 5648 struct mgmt_rp_disconnect rp;
8962ee74 5649 struct pending_cmd *cmd;
8962ee74 5650
36a75f1b
JD		 5651 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5652 hdev);
5653
2e58ef3e 5654 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5655 if (!cmd)
7892924c 5656 return;
8962ee74 5657
3655bba8
AG		 5658 cp = cmd->param;
5659
5660 if (bacmp(bdaddr, &cp->addr.bdaddr))
5661 return;
5662
5663 if (cp->addr.type != bdaddr_type)
5664 return;
5665
88c3df13 5666 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5667 rp.addr.type = bdaddr_type;
37d9ef76 5668
7892924c
MH		 5669 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5670 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5671
a664b5bc 5672 mgmt_pending_remove(cmd);
f7520543 5673}
17d5c04c 5674
445608d0
MH		 5675void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5676 u8 addr_type, u8 status)
17d5c04c
JH		 5677{
5678 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 5679 struct pending_cmd *power_off;
5680
5681 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5682 if (power_off) {
5683 struct mgmt_mode *cp = power_off->param;
5684
5685 /* The connection is still in hci_conn_hash so test for 1
5686 * instead of 0 to know if this is the last one.
5687 */
a3172b7e
JH		 5688 if (!cp->val && hci_conn_count(hdev) == 1) {
5689 cancel_delayed_work(&hdev->power_off);
c9910d0f 5690 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5691 }
c9910d0f 5692 }
17d5c04c 5693
4c659c39 5694 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5695 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5696 ev.status = mgmt_status(status);
17d5c04c 5697
445608d0 5698 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5699}
980e1a53 5700
ce0e4a0d 5701void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 5702{
5703 struct mgmt_ev_pin_code_request ev;
5704
d8457698 5705 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 5706 ev.addr.type = BDADDR_BREDR;
a770bb5a 5707 ev.secure = secure;
980e1a53 5708
ce0e4a0d 5709 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 5710}
5711
e669cf80
MH		 5712void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5713 u8 status)
980e1a53
JH		 5714{
5715 struct pending_cmd *cmd;
ac56fb13 5716 struct mgmt_rp_pin_code_reply rp;
980e1a53 5717
2e58ef3e 5718 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 5719 if (!cmd)
e669cf80 5720 return;
980e1a53 5721
d8457698 5722 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5723 rp.addr.type = BDADDR_BREDR;
ac56fb13 5724
e669cf80
MH		 5725 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5726 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5727
a664b5bc 5728 mgmt_pending_remove(cmd);
980e1a53
JH		 5729}
5730
3eb38528
MH		 5731void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5732 u8 status)
980e1a53
JH		 5733{
5734 struct pending_cmd *cmd;
ac56fb13 5735 struct mgmt_rp_pin_code_reply rp;
980e1a53 5736
2e58ef3e 5737 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 5738 if (!cmd)
3eb38528 5739 return;
980e1a53 5740
d8457698 5741 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5742 rp.addr.type = BDADDR_BREDR;
ac56fb13 5743
3eb38528
MH		 5744 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5745 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5746
a664b5bc 5747 mgmt_pending_remove(cmd);
980e1a53 5748}
a5c29683 5749
744cf19e 5750int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 5751 u8 link_type, u8 addr_type, u32 value,
04124681 5752 u8 confirm_hint)
a5c29683
JH		 5753{
5754 struct mgmt_ev_user_confirm_request ev;
5755
744cf19e 5756 BT_DBG("%s", hdev->name);
a5c29683 5757
272d90df 5758 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5759 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 5760 ev.confirm_hint = confirm_hint;
39adbffe 5761 ev.value = cpu_to_le32(value);
a5c29683 5762
744cf19e 5763 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 5764 NULL);
a5c29683
JH		 5765}
5766
272d90df 5767int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 5768 u8 link_type, u8 addr_type)
604086b7
BG		 5769{
5770 struct mgmt_ev_user_passkey_request ev;
5771
5772 BT_DBG("%s", hdev->name);
5773
272d90df 5774 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5775 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 5776
5777 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 5778 NULL);
604086b7
BG		 5779}
5780
0df4c185 5781static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 5782 u8 link_type, u8 addr_type, u8 status,
5783 u8 opcode)
a5c29683
JH		 5784{
5785 struct pending_cmd *cmd;
5786 struct mgmt_rp_user_confirm_reply rp;
5787 int err;
5788
2e58ef3e 5789 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 5790 if (!cmd)
5791 return -ENOENT;
5792
272d90df 5793 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 5794 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 5795 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 5796 &rp, sizeof(rp));
a5c29683 5797
a664b5bc 5798 mgmt_pending_remove(cmd);
a5c29683
JH		 5799
5800 return err;
5801}
5802
744cf19e 5803int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5804 u8 link_type, u8 addr_type, u8 status)
a5c29683 5805{
272d90df 5806 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5807 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 5808}
5809
272d90df 5810int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5811 u8 link_type, u8 addr_type, u8 status)
a5c29683 5812{
272d90df 5813 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5814 status,
5815 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 5816}
2a611692 5817
604086b7 5818int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5819 u8 link_type, u8 addr_type, u8 status)
604086b7 5820{
272d90df 5821 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5822 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 5823}
5824
272d90df 5825int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5826 u8 link_type, u8 addr_type, u8 status)
604086b7 5827{
272d90df 5828 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5829 status,
5830 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 5831}
5832
92a25256
JH		 5833int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5834 u8 link_type, u8 addr_type, u32 passkey,
5835 u8 entered)
5836{
5837 struct mgmt_ev_passkey_notify ev;
5838
5839 BT_DBG("%s", hdev->name);
5840
5841 bacpy(&ev.addr.bdaddr, bdaddr);
5842 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5843 ev.passkey = __cpu_to_le32(passkey);
5844 ev.entered = entered;
5845
5846 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5847}
5848
e546099c
MH		 5849void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5850 u8 addr_type, u8 status)
2a611692
JH		 5851{
5852 struct mgmt_ev_auth_failed ev;
5853
bab73cb6 5854 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5855 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5856 ev.status = mgmt_status(status);
2a611692 5857
e546099c 5858 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 5859}
b312b161 5860
464996ae 5861void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 5862{
5863 struct cmd_lookup match = { NULL, hdev };
464996ae 5864 bool changed;
33ef95ed
JH		 5865
5866 if (status) {
5867 u8 mgmt_err = mgmt_status(status);
5868 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 5869 cmd_status_rsp, &mgmt_err);
464996ae 5870 return;
33ef95ed
JH		 5871 }
5872
464996ae
MH		 5873 if (test_bit(HCI_AUTH, &hdev->flags))
5874 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5875 &hdev->dev_flags);
5876 else
5877 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5878 &hdev->dev_flags);
47990ea0 5879
33ef95ed 5880 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 5881 &match);
33ef95ed 5882
47990ea0 5883 if (changed)
464996ae 5884 new_settings(hdev, match.sk);
33ef95ed
JH		 5885
5886 if (match.sk)
5887 sock_put(match.sk);
33ef95ed
JH		 5888}
5889
890ea898 5890static void clear_eir(struct hci_request *req)
cacaf52f 5891{
890ea898 5892 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 5893 struct hci_cp_write_eir cp;
5894
976eb20e 5895 if (!lmp_ext_inq_capable(hdev))
890ea898 5896 return;
cacaf52f 5897
c80da27e
JH		 5898 memset(hdev->eir, 0, sizeof(hdev->eir));
5899
cacaf52f
JH		 5900 memset(&cp, 0, sizeof(cp));
5901
890ea898 5902 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 5903}
5904
3e248560 5905void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 5906{
5907 struct cmd_lookup match = { NULL, hdev };
890ea898 5908 struct hci_request req;
c0ecddc2 5909 bool changed = false;
ed2c4ee3
JH		 5910
5911 if (status) {
5912 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 5913
5914 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 5915 &hdev->dev_flags)) {
5916 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 5917 new_settings(hdev, NULL);
9ecb3e24 5918 }
c0ecddc2 5919
04124681
GP		 5920 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5921 &mgmt_err);
3e248560 5922 return;
c0ecddc2
JH		 5923 }
5924
5925 if (enable) {
9ecb3e24 5926 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 5927 } else {
9ecb3e24
MH		 5928 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5929 if (!changed)
5930 changed = test_and_clear_bit(HCI_HS_ENABLED,
5931 &hdev->dev_flags);
5932 else
5933 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 5934 }
5935
5936 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5937
c0ecddc2 5938 if (changed)
3e248560 5939 new_settings(hdev, match.sk);
ed2c4ee3 5940
5fc6ebb1 5941 if (match.sk)
ed2c4ee3
JH		 5942 sock_put(match.sk);
5943
890ea898
JH		 5944 hci_req_init(&req, hdev);
5945
3769972b
JH		 5946 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
5947 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
5948 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
5949 sizeof(enable), &enable);
890ea898 5950 update_eir(&req);
3769972b 5951 } else {
890ea898 5952 clear_eir(&req);
3769972b 5953 }
890ea898
JH		 5954
5955 hci_req_run(&req, NULL);
ed2c4ee3
JH		 5956}
5957
eac83dc6
MH		 5958void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5959{
5960 struct cmd_lookup match = { NULL, hdev };
5961 bool changed = false;
5962
5963 if (status) {
5964 u8 mgmt_err = mgmt_status(status);
5965
0ab04a9c
MH		 5966 if (enable) {
5967 if (test_and_clear_bit(HCI_SC_ENABLED,
5968 &hdev->dev_flags))
5969 new_settings(hdev, NULL);
5970 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5971 }
eac83dc6
MH		 5972
5973 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5974 cmd_status_rsp, &mgmt_err);
5975 return;
5976 }
5977
0ab04a9c 5978 if (enable) {
eac83dc6 5979 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 5980 } else {
eac83dc6 5981 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 5982 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5983 }
eac83dc6
MH		 5984
5985 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5986 settings_rsp, &match);
5987
5988 if (changed)
5989 new_settings(hdev, match.sk);
5990
5991 if (match.sk)
5992 sock_put(match.sk);
5993}
5994
92da6097 5995static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 5996{
5997 struct cmd_lookup *match = data;
5998
90e70454
JH		 5999 if (match->sk == NULL) {
6000 match->sk = cmd->sk;
6001 sock_hold(match->sk);
6002 }
90e70454
JH		 6003}
6004
4e1b0245
MH		 6005void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6006 u8 status)
7f9a903c 6007{
90e70454 6008 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6009
92da6097
JH		 6010 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6011 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6012 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6013
6014 if (!status)
4e1b0245
MH		 6015 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6016 NULL);
90e70454
JH		 6017
6018 if (match.sk)
6019 sock_put(match.sk);
7f9a903c
MH		 6020}
6021
7667da34 6022void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6023{
b312b161 6024 struct mgmt_cp_set_local_name ev;
13928971 6025 struct pending_cmd *cmd;
28cc7bde 6026
13928971 6027 if (status)
7667da34 6028 return;
b312b161
JH		 6029
6030 memset(&ev, 0, sizeof(ev));
6031 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6032 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6033
2e58ef3e 6034 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6035 if (!cmd) {
6036 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6037
13928971
JH		 6038 /* If this is a HCI command related to powering on the
6039 * HCI dev don't send any mgmt signals.
6040 */
6041 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6042 return;
890ea898 6043 }
b312b161 6044
7667da34
MH		 6045 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6046 cmd ? cmd->sk : NULL);
b312b161 6047}
c35938b2 6048
4d2d2796
MH		 6049void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6050 u8 *randomizer192, u8 *hash256,
6051 u8 *randomizer256, u8 status)
c35938b2
SJ		 6052{
6053 struct pending_cmd *cmd;
c35938b2 6054
744cf19e 6055 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6056
2e58ef3e 6057 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6058 if (!cmd)
3edaf092 6059 return;
c35938b2
SJ		 6060
6061 if (status) {
3edaf092
MH		 6062 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6063 mgmt_status(status));
c35938b2 6064 } else {
4d2d2796
MH		 6065 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6066 hash256 && randomizer256) {
6067 struct mgmt_rp_read_local_oob_ext_data rp;
6068
6069 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6070 memcpy(rp.randomizer192, randomizer192,
6071 sizeof(rp.randomizer192));
c35938b2 6072
4d2d2796
MH		 6073 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6074 memcpy(rp.randomizer256, randomizer256,
6075 sizeof(rp.randomizer256));
c35938b2 6076
4d2d2796
MH		 6077 cmd_complete(cmd->sk, hdev->id,
6078 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6079 &rp, sizeof(rp));
6080 } else {
6081 struct mgmt_rp_read_local_oob_data rp;
6082
6083 memcpy(rp.hash, hash192, sizeof(rp.hash));
6084 memcpy(rp.randomizer, randomizer192,
6085 sizeof(rp.randomizer));
6086
6087 cmd_complete(cmd->sk, hdev->id,
6088 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6089 &rp, sizeof(rp));
6090 }
c35938b2
SJ		 6091 }
6092
6093 mgmt_pending_remove(cmd);
c35938b2 6094}
e17acd40 6095
901801b9 6096void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
73cf71d9
JH		 6097 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name,
6098 u8 ssp, u8 *eir, u16 eir_len, u8 *scan_rsp,
5d2e9fad 6099 u8 scan_rsp_len)
e17acd40 6100{
e319d2e7
JH		 6101 char buf[512];
6102 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 6103 struct smp_irk *irk;
1dc06093 6104 size_t ev_size;
e17acd40 6105
12602d0c 6106 if (!hci_discovery_active(hdev))
901801b9 6107 return;
12602d0c 6108
5d2e9fad
JH		 6109 /* Make sure that the buffer is big enough. The 5 extra bytes
6110 * are for the potential CoD field.
6111 */
6112 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 6113 return;
7d262f86 6114
1dc06093
JH		 6115 memset(buf, 0, sizeof(buf));
6116
5cedbb8d
JH		 6117 irk = hci_get_irk(hdev, bdaddr, addr_type);
6118 if (irk) {
6119 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
6120 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
6121 } else {
6122 bacpy(&ev->addr.bdaddr, bdaddr);
6123 ev->addr.type = link_to_bdaddr(link_type, addr_type);
6124 }
6125
e319d2e7 6126 ev->rssi = rssi;
9a395a80 6127 if (cfm_name)
dcf4adbf 6128 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 6129 if (!ssp)
dcf4adbf 6130 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 6131
1dc06093 6132 if (eir_len > 0)
e319d2e7 6133 memcpy(ev->eir, eir, eir_len);
e17acd40 6134
1dc06093
JH		 6135 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6136 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 6137 dev_class, 3);
1dc06093 6138
5d2e9fad
JH		 6139 if (scan_rsp_len > 0)
6140 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6141
6142 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6143 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 6144
901801b9 6145 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 6146}
a88a9652 6147
9cf12aee
MH		 6148void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6149 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 6150{
b644ba33
JH		 6151 struct mgmt_ev_device_found *ev;
6152 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6153 u16 eir_len;
a88a9652 6154
b644ba33 6155 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 6156
b644ba33
JH		 6157 memset(buf, 0, sizeof(buf));
6158
6159 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6160 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 6161 ev->rssi = rssi;
6162
6163 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 6164 name_len);
b644ba33 6165
eb55ef07 6166 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 6167
9cf12aee 6168 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 6169}
314b2381 6170
2f1e063b 6171void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 6172{
f963e8e9 6173 struct mgmt_ev_discovering ev;
164a6e78
JH		 6174 struct pending_cmd *cmd;
6175
343fb145
AG		 6176 BT_DBG("%s discovering %u", hdev->name, discovering);
6177
164a6e78 6178 if (discovering)
2e58ef3e 6179 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 6180 else
2e58ef3e 6181 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6182
6183 if (cmd != NULL) {
f808e166
JH		 6184 u8 type = hdev->discovery.type;
6185
04124681
GP		 6186 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6187 sizeof(type));
164a6e78
JH		 6188 mgmt_pending_remove(cmd);
6189 }
6190
f963e8e9
JH		 6191 memset(&ev, 0, sizeof(ev));
6192 ev.type = hdev->discovery.type;
6193 ev.discovering = discovering;
6194
2f1e063b 6195 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6196}
5e762444 6197
88c1fe4b 6198int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 6199{
6200 struct pending_cmd *cmd;
6201 struct mgmt_ev_device_blocked ev;
6202
2e58ef3e 6203 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 6204
88c1fe4b
JH		 6205 bacpy(&ev.addr.bdaddr, bdaddr);
6206 ev.addr.type = type;
5e762444 6207
744cf19e 6208 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 6209 cmd ? cmd->sk : NULL);
5e762444
AJ		 6210}
6211
88c1fe4b 6212int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 6213{
6214 struct pending_cmd *cmd;
6215 struct mgmt_ev_device_unblocked ev;
6216
2e58ef3e 6217 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 6218
88c1fe4b
JH		 6219 bacpy(&ev.addr.bdaddr, bdaddr);
6220 ev.addr.type = type;
5e762444 6221
744cf19e 6222 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 6223 cmd ? cmd->sk : NULL);
5e762444 6224}
5976e608
MH		 6225
6226static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6227{
6228 BT_DBG("%s status %u", hdev->name, status);
6229
6230 /* Clear the advertising mgmt setting if we failed to re-enable it */
6231 if (status) {
6232 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6233 new_settings(hdev, NULL);
5976e608
MH		 6234 }
6235}
6236
6237void mgmt_reenable_advertising(struct hci_dev *hdev)
6238{
6239 struct hci_request req;
6240
b145edcd 6241 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 6242 return;
6243
6244 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6245 return;
6246
6247 hci_req_init(&req, hdev);
6248 enable_advertising(&req);
6249
6250 /* If this fails we have no option but to let user space know
6251 * that we've disabled advertising.
6252 */
6253 if (hci_req_run(&req, adv_enable_complete) < 0) {
6254 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6255 new_settings(hdev, NULL);
5976e608
MH		 6256 }
6257}
Linux kernel - Deliverables
This page took 0.674672 seconds and 5 git commands to generate.