projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix skb allocation check for A2MP
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
40456644 37#define MGMT_REVISION 5
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 82 MGMT_OP_SET_SECURE_CONN,
4e39ac81 83 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 84 MGMT_OP_SET_PRIVACY,
41edf160 85 MGMT_OP_LOAD_IRKS,
e70bb2e8
JH		 86};
87
88static const u16 mgmt_events[] = {
89 MGMT_EV_CONTROLLER_ERROR,
90 MGMT_EV_INDEX_ADDED,
91 MGMT_EV_INDEX_REMOVED,
92 MGMT_EV_NEW_SETTINGS,
93 MGMT_EV_CLASS_OF_DEV_CHANGED,
94 MGMT_EV_LOCAL_NAME_CHANGED,
95 MGMT_EV_NEW_LINK_KEY,
96 MGMT_EV_NEW_LONG_TERM_KEY,
97 MGMT_EV_DEVICE_CONNECTED,
98 MGMT_EV_DEVICE_DISCONNECTED,
99 MGMT_EV_CONNECT_FAILED,
100 MGMT_EV_PIN_CODE_REQUEST,
101 MGMT_EV_USER_CONFIRM_REQUEST,
102 MGMT_EV_USER_PASSKEY_REQUEST,
103 MGMT_EV_AUTH_FAILED,
104 MGMT_EV_DEVICE_FOUND,
105 MGMT_EV_DISCOVERING,
106 MGMT_EV_DEVICE_BLOCKED,
107 MGMT_EV_DEVICE_UNBLOCKED,
108 MGMT_EV_DEVICE_UNPAIRED,
92a25256 109 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 110 MGMT_EV_NEW_IRK,
e70bb2e8
JH		 111};
112
17b02e62 113#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 114
4b34ee78
JH		 115#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
116 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
117
eec8d2bc
JH		 118struct pending_cmd {
119 struct list_head list;
fc2f4b13 120 u16 opcode;
eec8d2bc 121 int index;
c68fb7ff 122 void *param;
eec8d2bc 123 struct sock *sk;
e9a416b5 124 void *user_data;
eec8d2bc
JH		 125};
126
ca69b795
JH		 127/* HCI to MGMT error code conversion table */
128static u8 mgmt_status_table[] = {
129 MGMT_STATUS_SUCCESS,
130 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
131 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
132 MGMT_STATUS_FAILED, /* Hardware Failure */
133 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
134 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 135 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 136 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
137 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
138 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
139 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
140 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
141 MGMT_STATUS_BUSY, /* Command Disallowed */
142 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
143 MGMT_STATUS_REJECTED, /* Rejected Security */
144 MGMT_STATUS_REJECTED, /* Rejected Personal */
145 MGMT_STATUS_TIMEOUT, /* Host Timeout */
146 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
147 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
148 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
149 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
150 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
151 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
152 MGMT_STATUS_BUSY, /* Repeated Attempts */
153 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
154 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
155 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
156 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
157 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
158 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
159 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
160 MGMT_STATUS_FAILED, /* Unspecified Error */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
162 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
163 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
164 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
165 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
166 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
167 MGMT_STATUS_FAILED, /* Unit Link Key Used */
168 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
169 MGMT_STATUS_TIMEOUT, /* Instant Passed */
170 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
171 MGMT_STATUS_FAILED, /* Transaction Collision */
172 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
173 MGMT_STATUS_REJECTED, /* QoS Rejected */
174 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
175 MGMT_STATUS_REJECTED, /* Insufficient Security */
176 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
177 MGMT_STATUS_BUSY, /* Role Switch Pending */
178 MGMT_STATUS_FAILED, /* Slot Violation */
179 MGMT_STATUS_FAILED, /* Role Switch Failed */
180 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
181 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
182 MGMT_STATUS_BUSY, /* Host Busy Pairing */
183 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
184 MGMT_STATUS_BUSY, /* Controller Busy */
185 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
186 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
187 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
188 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
189 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
190};
191
192static u8 mgmt_status(u8 hci_status)
193{
194 if (hci_status < ARRAY_SIZE(mgmt_status_table))
195 return mgmt_status_table[hci_status];
196
197 return MGMT_STATUS_FAILED;
198}
199
4e51eae9 200static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 201{
202 struct sk_buff *skb;
203 struct mgmt_hdr *hdr;
204 struct mgmt_ev_cmd_status *ev;
56b7d137 205 int err;
f7b64e69 206
34eb525c 207 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 208
790eff44 209 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 210 if (!skb)
211 return -ENOMEM;
212
213 hdr = (void *) skb_put(skb, sizeof(*hdr));
214
612dfce9 215 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 216 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 217 hdr->len = cpu_to_le16(sizeof(*ev));
218
219 ev = (void *) skb_put(skb, sizeof(*ev));
220 ev->status = status;
eb55ef07 221 ev->opcode = cpu_to_le16(cmd);
f7b64e69 222
56b7d137
GP		 223 err = sock_queue_rcv_skb(sk, skb);
224 if (err < 0)
f7b64e69
JH		 225 kfree_skb(skb);
226
56b7d137 227 return err;
f7b64e69
JH		 228}
229
aee9b218 230static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 231 void *rp, size_t rp_len)
02d98129
JH		 232{
233 struct sk_buff *skb;
234 struct mgmt_hdr *hdr;
235 struct mgmt_ev_cmd_complete *ev;
56b7d137 236 int err;
02d98129
JH		 237
238 BT_DBG("sock %p", sk);
239
790eff44 240 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 241 if (!skb)
242 return -ENOMEM;
243
244 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 245
612dfce9 246 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 247 hdr->index = cpu_to_le16(index);
a38528f1 248 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 249
a38528f1 250 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 251 ev->opcode = cpu_to_le16(cmd);
aee9b218 252 ev->status = status;
8020c16a
SJ		 253
254 if (rp)
255 memcpy(ev->data, rp, rp_len);
02d98129 256
56b7d137
GP		 257 err = sock_queue_rcv_skb(sk, skb);
258 if (err < 0)
02d98129
JH		 259 kfree_skb(skb);
260
e5f0e151 261 return err;
02d98129
JH		 262}
263
04124681
GP		 264static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
265 u16 data_len)
a38528f1
JH		 266{
267 struct mgmt_rp_read_version rp;
268
269 BT_DBG("sock %p", sk);
270
271 rp.version = MGMT_VERSION;
eb55ef07 272 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 273
aee9b218 274 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 275 sizeof(rp));
a38528f1
JH		 276}
277
04124681
GP		 278static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
279 u16 data_len)
e70bb2e8
JH		 280{
281 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 282 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
283 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 284 __le16 *opcode;
e70bb2e8
JH		 285 size_t rp_size;
286 int i, err;
287
288 BT_DBG("sock %p", sk);
289
290 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
291
292 rp = kmalloc(rp_size, GFP_KERNEL);
293 if (!rp)
294 return -ENOMEM;
295
eb55ef07
MH		 296 rp->num_commands = __constant_cpu_to_le16(num_commands);
297 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 298
299 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
300 put_unaligned_le16(mgmt_commands[i], opcode);
301
302 for (i = 0; i < num_events; i++, opcode++)
303 put_unaligned_le16(mgmt_events[i], opcode);
304
aee9b218 305 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 306 rp_size);
e70bb2e8
JH		 307 kfree(rp);
308
309 return err;
310}
311
04124681
GP		 312static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
313 u16 data_len)
faba42eb 314{
faba42eb 315 struct mgmt_rp_read_index_list *rp;
8035ded4 316 struct hci_dev *d;
a38528f1 317 size_t rp_len;
faba42eb 318 u16 count;
476e44cb 319 int err;
faba42eb
JH		 320
321 BT_DBG("sock %p", sk);
322
323 read_lock(&hci_dev_list_lock);
324
325 count = 0;
bb4b2a9a 326 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 327 if (d->dev_type == HCI_BREDR)
328 count++;
faba42eb
JH		 329 }
330
a38528f1
JH		 331 rp_len = sizeof(*rp) + (2 * count);
332 rp = kmalloc(rp_len, GFP_ATOMIC);
333 if (!rp) {
b2c60d42 334 read_unlock(&hci_dev_list_lock);
faba42eb 335 return -ENOMEM;
b2c60d42 336 }
faba42eb 337
476e44cb 338 count = 0;
8035ded4 339 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 340 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 341 continue;
342
0736cfa8
MH		 343 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
344 continue;
345
1514b892
MH		 346 if (d->dev_type == HCI_BREDR) {
347 rp->index[count++] = cpu_to_le16(d->id);
348 BT_DBG("Added hci%u", d->id);
349 }
faba42eb
JH		 350 }
351
476e44cb
JH		 352 rp->num_controllers = cpu_to_le16(count);
353 rp_len = sizeof(*rp) + (2 * count);
354
faba42eb
JH		 355 read_unlock(&hci_dev_list_lock);
356
aee9b218 357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 358 rp_len);
faba42eb 359
a38528f1
JH		 360 kfree(rp);
361
362 return err;
faba42eb
JH		 363}
364
69ab39ea
JH		 365static u32 get_supported_settings(struct hci_dev *hdev)
366{
367 u32 settings = 0;
368
369 settings |= MGMT_SETTING_POWERED;
69ab39ea 370 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 371 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 372
ed3fa31f 373 if (lmp_bredr_capable(hdev)) {
33c525c0 374 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 375 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
376 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 377 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 378 settings |= MGMT_SETTING_BREDR;
379 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 380
381 if (lmp_ssp_capable(hdev)) {
382 settings |= MGMT_SETTING_SSP;
383 settings |= MGMT_SETTING_HS;
384 }
e98d2ce2 385
5afeac14
MH		 386 if (lmp_sc_capable(hdev) ||
387 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
e98d2ce2 388 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 389 }
d7b7e796 390
eeca6f89 391 if (lmp_le_capable(hdev)) {
9d42820f 392 settings |= MGMT_SETTING_LE;
eeca6f89 393 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 394 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 395 }
69ab39ea
JH		 396
397 return settings;
398}
399
400static u32 get_current_settings(struct hci_dev *hdev)
401{
402 u32 settings = 0;
403
f1f0eb02 404 if (hdev_is_powered(hdev))
f0d4b78a
MH		 405 settings |= MGMT_SETTING_POWERED;
406
5e5282bb 407 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 408 settings |= MGMT_SETTING_CONNECTABLE;
409
1a4d3c4b
JH		 410 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
411 settings |= MGMT_SETTING_FAST_CONNECTABLE;
412
5e5282bb 413 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 414 settings |= MGMT_SETTING_DISCOVERABLE;
415
a8b2d5c2 416 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_PAIRABLE;
418
56f87901 419 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_BREDR;
421
06199cf8 422 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 423 settings |= MGMT_SETTING_LE;
424
47990ea0 425 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 426 settings |= MGMT_SETTING_LINK_SECURITY;
427
84bde9d6 428 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 429 settings |= MGMT_SETTING_SSP;
430
6d80dfd0
JH		 431 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
432 settings |= MGMT_SETTING_HS;
433
f3d3444a 434 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 435 settings |= MGMT_SETTING_ADVERTISING;
436
e98d2ce2
MH		 437 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
438 settings |= MGMT_SETTING_SECURE_CONN;
439
b1de97d8
MH		 440 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
441 settings |= MGMT_SETTING_DEBUG_KEYS;
442
0f4bd942
JH		 443 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
444 settings |= MGMT_SETTING_PRIVACY;
445
69ab39ea
JH		 446 return settings;
447}
448
ef580372
JH		 449#define PNP_INFO_SVCLASS_ID 0x1200
450
213202ed
JH		 451static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
452{
453 u8 *ptr = data, *uuids_start = NULL;
454 struct bt_uuid *uuid;
455
456 if (len < 4)
457 return ptr;
458
459 list_for_each_entry(uuid, &hdev->uuids, list) {
460 u16 uuid16;
461
462 if (uuid->size != 16)
463 continue;
464
465 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
466 if (uuid16 < 0x1100)
467 continue;
468
469 if (uuid16 == PNP_INFO_SVCLASS_ID)
470 continue;
471
472 if (!uuids_start) {
473 uuids_start = ptr;
474 uuids_start[0] = 1;
475 uuids_start[1] = EIR_UUID16_ALL;
476 ptr += 2;
477 }
478
479 /* Stop if not enough space to put next UUID */
480 if ((ptr - data) + sizeof(u16) > len) {
481 uuids_start[1] = EIR_UUID16_SOME;
482 break;
483 }
484
485 *ptr++ = (uuid16 & 0x00ff);
486 *ptr++ = (uuid16 & 0xff00) >> 8;
487 uuids_start[0] += sizeof(uuid16);
488 }
489
490 return ptr;
491}
492
cdf1963f
JH		 493static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
494{
495 u8 *ptr = data, *uuids_start = NULL;
496 struct bt_uuid *uuid;
497
498 if (len < 6)
499 return ptr;
500
501 list_for_each_entry(uuid, &hdev->uuids, list) {
502 if (uuid->size != 32)
503 continue;
504
505 if (!uuids_start) {
506 uuids_start = ptr;
507 uuids_start[0] = 1;
508 uuids_start[1] = EIR_UUID32_ALL;
509 ptr += 2;
510 }
511
512 /* Stop if not enough space to put next UUID */
513 if ((ptr - data) + sizeof(u32) > len) {
514 uuids_start[1] = EIR_UUID32_SOME;
515 break;
516 }
517
518 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
519 ptr += sizeof(u32);
520 uuids_start[0] += sizeof(u32);
521 }
522
523 return ptr;
524}
525
c00d575b
JH		 526static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
527{
528 u8 *ptr = data, *uuids_start = NULL;
529 struct bt_uuid *uuid;
530
531 if (len < 18)
532 return ptr;
533
534 list_for_each_entry(uuid, &hdev->uuids, list) {
535 if (uuid->size != 128)
536 continue;
537
538 if (!uuids_start) {
539 uuids_start = ptr;
540 uuids_start[0] = 1;
541 uuids_start[1] = EIR_UUID128_ALL;
542 ptr += 2;
543 }
544
545 /* Stop if not enough space to put next UUID */
546 if ((ptr - data) + 16 > len) {
547 uuids_start[1] = EIR_UUID128_SOME;
548 break;
549 }
550
551 memcpy(ptr, uuid->uuid, 16);
552 ptr += 16;
553 uuids_start[0] += 16;
554 }
555
556 return ptr;
557}
558
eb2a8d20
JH		 559static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
560{
561 struct pending_cmd *cmd;
562
563 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
564 if (cmd->opcode == opcode)
565 return cmd;
566 }
567
568 return NULL;
569}
570
f14d8f64
MH		 571static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
572{
7a5f4990
MH		 573 u8 ad_len = 0;
574 size_t name_len;
575
576 name_len = strlen(hdev->dev_name);
577 if (name_len > 0) {
578 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
579
580 if (name_len > max_len) {
581 name_len = max_len;
582 ptr[1] = EIR_NAME_SHORT;
583 } else
584 ptr[1] = EIR_NAME_COMPLETE;
585
586 ptr[0] = name_len + 1;
587
588 memcpy(ptr + 2, hdev->dev_name, name_len);
589
590 ad_len += (name_len + 2);
591 ptr += (name_len + 2);
592 }
593
594 return ad_len;
f14d8f64
MH		 595}
596
597static void update_scan_rsp_data(struct hci_request *req)
598{
599 struct hci_dev *hdev = req->hdev;
600 struct hci_cp_le_set_scan_rsp_data cp;
601 u8 len;
602
7751ef1b 603 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 604 return;
605
606 memset(&cp, 0, sizeof(cp));
607
608 len = create_scan_rsp_data(hdev, cp.data);
609
eb438b5f
JH		 610 if (hdev->scan_rsp_data_len == len &&
611 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 612 return;
613
eb438b5f
JH		 614 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
615 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 616
617 cp.length = len;
618
619 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
620}
621
9a43e25f
JH		 622static u8 get_adv_discov_flags(struct hci_dev *hdev)
623{
624 struct pending_cmd *cmd;
625
626 /* If there's a pending mgmt command the flags will not yet have
627 * their final values, so check for this first.
628 */
629 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
630 if (cmd) {
631 struct mgmt_mode *cp = cmd->param;
632 if (cp->val == 0x01)
633 return LE_AD_GENERAL;
634 else if (cp->val == 0x02)
635 return LE_AD_LIMITED;
636 } else {
637 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
638 return LE_AD_LIMITED;
639 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
640 return LE_AD_GENERAL;
641 }
642
643 return 0;
644}
645
46cad2ed 646static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 647{
648 u8 ad_len = 0, flags = 0;
441ad2d0 649
9a43e25f 650 flags |= get_adv_discov_flags(hdev);
441ad2d0 651
e834004b 652 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 653 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 654
655 if (flags) {
656 BT_DBG("adv flags 0x%02x", flags);
657
658 ptr[0] = 2;
659 ptr[1] = EIR_FLAGS;
660 ptr[2] = flags;
661
662 ad_len += 3;
663 ptr += 3;
664 }
665
666 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
667 ptr[0] = 2;
668 ptr[1] = EIR_TX_POWER;
669 ptr[2] = (u8) hdev->adv_tx_power;
670
671 ad_len += 3;
672 ptr += 3;
673 }
674
441ad2d0
MH		 675 return ad_len;
676}
677
5947f4bc 678static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 679{
680 struct hci_dev *hdev = req->hdev;
681 struct hci_cp_le_set_adv_data cp;
682 u8 len;
683
10994ce6 684 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 685 return;
686
687 memset(&cp, 0, sizeof(cp));
688
46cad2ed 689 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 690
691 if (hdev->adv_data_len == len &&
692 memcmp(cp.data, hdev->adv_data, len) == 0)
693 return;
694
695 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
696 hdev->adv_data_len = len;
697
698 cp.length = len;
699
700 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
701}
702
ef580372
JH		 703static void create_eir(struct hci_dev *hdev, u8 *data)
704{
705 u8 *ptr = data;
ef580372
JH		 706 size_t name_len;
707
708 name_len = strlen(hdev->dev_name);
709
710 if (name_len > 0) {
711 /* EIR Data type */
712 if (name_len > 48) {
713 name_len = 48;
714 ptr[1] = EIR_NAME_SHORT;
715 } else
716 ptr[1] = EIR_NAME_COMPLETE;
717
718 /* EIR Data length */
719 ptr[0] = name_len + 1;
720
721 memcpy(ptr + 2, hdev->dev_name, name_len);
722
ef580372
JH		 723 ptr += (name_len + 2);
724 }
725
bbaf444a 726 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 727 ptr[0] = 2;
728 ptr[1] = EIR_TX_POWER;
729 ptr[2] = (u8) hdev->inq_tx_power;
730
91c4e9b1
MH		 731 ptr += 3;
732 }
733
2b9be137
MH		 734 if (hdev->devid_source > 0) {
735 ptr[0] = 9;
736 ptr[1] = EIR_DEVICE_ID;
737
738 put_unaligned_le16(hdev->devid_source, ptr + 2);
739 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
740 put_unaligned_le16(hdev->devid_product, ptr + 6);
741 put_unaligned_le16(hdev->devid_version, ptr + 8);
742
2b9be137
MH		 743 ptr += 10;
744 }
745
213202ed 746 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 747 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 748 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 749}
750
890ea898 751static void update_eir(struct hci_request *req)
ef580372 752{
890ea898 753 struct hci_dev *hdev = req->hdev;
ef580372
JH		 754 struct hci_cp_write_eir cp;
755
504c8dcd 756 if (!hdev_is_powered(hdev))
890ea898 757 return;
7770c4aa 758
976eb20e 759 if (!lmp_ext_inq_capable(hdev))
890ea898 760 return;
ef580372 761
84bde9d6 762 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 763 return;
ef580372 764
a8b2d5c2 765 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 766 return;
ef580372
JH		 767
768 memset(&cp, 0, sizeof(cp));
769
770 create_eir(hdev, cp.data);
771
772 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 773 return;
ef580372
JH		 774
775 memcpy(hdev->eir, cp.data, sizeof(cp.data));
776
890ea898 777 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 778}
779
780static u8 get_service_classes(struct hci_dev *hdev)
781{
782 struct bt_uuid *uuid;
783 u8 val = 0;
784
785 list_for_each_entry(uuid, &hdev->uuids, list)
786 val |= uuid->svc_hint;
787
788 return val;
789}
790
890ea898 791static void update_class(struct hci_request *req)
ef580372 792{
890ea898 793 struct hci_dev *hdev = req->hdev;
ef580372
JH		 794 u8 cod[3];
795
796 BT_DBG("%s", hdev->name);
797
504c8dcd 798 if (!hdev_is_powered(hdev))
890ea898 799 return;
7770c4aa 800
f87ea1da
JH		 801 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
802 return;
803
a8b2d5c2 804 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 805 return;
ef580372
JH		 806
807 cod[0] = hdev->minor_class;
808 cod[1] = hdev->major_class;
809 cod[2] = get_service_classes(hdev);
810
6acd7db4
MH		 811 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
812 cod[1] |= 0x20;
813
ef580372 814 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 815 return;
ef580372 816
890ea898 817 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 818}
819
a4858cb9 820static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 821{
822 struct pending_cmd *cmd;
199a2fb1
JH		 823
824 /* If there's a pending mgmt command the flag will not yet have
825 * it's final value, so check for this first.
826 */
827 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
828 if (cmd) {
829 struct mgmt_mode *cp = cmd->param;
a4858cb9 830 return cp->val;
199a2fb1
JH		 831 }
832
a4858cb9 833 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 834}
835
836static void enable_advertising(struct hci_request *req)
837{
838 struct hci_dev *hdev = req->hdev;
839 struct hci_cp_le_set_adv_param cp;
8f2a0601 840 u8 own_addr_type, enable = 0x01;
a4858cb9 841 bool connectable;
199a2fb1 842
8d97250e
JH		 843 /* Clear the HCI_ADVERTISING bit temporarily so that the
844 * hci_update_random_address knows that it's safe to go ahead
845 * and write a new random address. The flag will be set back on
846 * as soon as the SET_ADV_ENABLE HCI command completes.
847 */
848 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
849
a4858cb9 850 connectable = get_connectable(hdev);
8f2a0601 851
a4858cb9
JH		 852 /* Set require_privacy to true only when non-connectable
853 * advertising is used. In that case it is fine to use a
854 * non-resolvable private address.
855 */
856 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 857 return;
858
41c90c18 859 memset(&cp, 0, sizeof(cp));
199a2fb1
JH		 860 cp.min_interval = __constant_cpu_to_le16(0x0800);
861 cp.max_interval = __constant_cpu_to_le16(0x0800);
a4858cb9 862 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 863 cp.own_address_type = own_addr_type;
199a2fb1
JH		 864 cp.channel_map = hdev->le_adv_channel_map;
865
866 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
867
868 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
869}
870
871static void disable_advertising(struct hci_request *req)
872{
873 u8 enable = 0x00;
874
875 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
876}
877
7d78525d
JH		 878static void service_cache_off(struct work_struct *work)
879{
880 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 881 service_cache.work);
890ea898 882 struct hci_request req;
7d78525d 883
a8b2d5c2 884 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 885 return;
886
890ea898
JH		 887 hci_req_init(&req, hdev);
888
7d78525d
JH		 889 hci_dev_lock(hdev);
890
890ea898
JH		 891 update_eir(&req);
892 update_class(&req);
7d78525d
JH		 893
894 hci_dev_unlock(hdev);
890ea898
JH		 895
896 hci_req_run(&req, NULL);
7d78525d
JH		 897}
898
d6bfd59c
JH		 899static void rpa_expired(struct work_struct *work)
900{
901 struct hci_dev *hdev = container_of(work, struct hci_dev,
902 rpa_expired.work);
903 struct hci_request req;
904
905 BT_DBG("");
906
907 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
908
909 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
910 hci_conn_num(hdev, LE_LINK) > 0)
911 return;
912
913 /* The generation of a new RPA and programming it into the
914 * controller happens in the enable_advertising() function.
915 */
916
917 hci_req_init(&req, hdev);
918
919 disable_advertising(&req);
920 enable_advertising(&req);
921
922 hci_req_run(&req, NULL);
923}
924
6a919082 925static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 926{
4f87da80 927 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 928 return;
929
4f87da80 930 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 931 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 932
4f87da80
JH		 933 /* Non-mgmt controlled devices get this bit set
934 * implicitly so that pairing works for them, however
935 * for mgmt we require user-space to explicitly enable
936 * it
937 */
938 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 939}
940
0f4e68cf 941static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 942 void *data, u16 data_len)
0381101f 943{
a38528f1 944 struct mgmt_rp_read_info rp;
f7b64e69 945
bdb6d971 946 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 947
09fd0de5 948 hci_dev_lock(hdev);
f7b64e69 949
dc4fe30b
JH		 950 memset(&rp, 0, sizeof(rp));
951
69ab39ea 952 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 953
69ab39ea 954 rp.version = hdev->hci_ver;
eb55ef07 955 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 956
957 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
958 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 959
a38528f1 960 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 961
dc4fe30b 962 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 963 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 964
09fd0de5 965 hci_dev_unlock(hdev);
0381101f 966
bdb6d971 967 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 968 sizeof(rp));
0381101f
JH		 969}
970
eec8d2bc
JH		 971static void mgmt_pending_free(struct pending_cmd *cmd)
972{
973 sock_put(cmd->sk);
c68fb7ff 974 kfree(cmd->param);
eec8d2bc
JH		 975 kfree(cmd);
976}
977
366a0336 978static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 979 struct hci_dev *hdev, void *data,
980 u16 len)
eec8d2bc
JH		 981{
982 struct pending_cmd *cmd;
983
12b94565 984 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 985 if (!cmd)
366a0336 986 return NULL;
eec8d2bc
JH		 987
988 cmd->opcode = opcode;
2e58ef3e 989 cmd->index = hdev->id;
eec8d2bc 990
12b94565 991 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 992 if (!cmd->param) {
eec8d2bc 993 kfree(cmd);
366a0336 994 return NULL;
eec8d2bc
JH		 995 }
996
8fce6357
SJ		 997 if (data)
998 memcpy(cmd->param, data, len);
eec8d2bc
JH		 999
1000 cmd->sk = sk;
1001 sock_hold(sk);
1002
2e58ef3e 1003 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1004
366a0336 1005 return cmd;
eec8d2bc
JH		 1006}
1007
744cf19e 1008static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1009 void (*cb)(struct pending_cmd *cmd,
1010 void *data),
04124681 1011 void *data)
eec8d2bc 1012{
a3d09356 1013 struct pending_cmd *cmd, *tmp;
eec8d2bc 1014
a3d09356 1015 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1016 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1017 continue;
1018
eec8d2bc
JH		 1019 cb(cmd, data);
1020 }
1021}
1022
a664b5bc 1023static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1024{
73f22f62
JH		 1025 list_del(&cmd->list);
1026 mgmt_pending_free(cmd);
1027}
1028
69ab39ea 1029static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1030{
69ab39ea 1031 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1032
aee9b218 1033 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1034 sizeof(settings));
8680570b
JH		 1035}
1036
8b064a3a
JH		 1037static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1038{
1039 BT_DBG("%s status 0x%02x", hdev->name, status);
1040
a3172b7e
JH		 1041 if (hci_conn_count(hdev) == 0) {
1042 cancel_delayed_work(&hdev->power_off);
8b064a3a 1043 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1044 }
8b064a3a
JH		 1045}
1046
1047static int clean_up_hci_state(struct hci_dev *hdev)
1048{
1049 struct hci_request req;
1050 struct hci_conn *conn;
1051
1052 hci_req_init(&req, hdev);
1053
1054 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1055 test_bit(HCI_PSCAN, &hdev->flags)) {
1056 u8 scan = 0x00;
1057 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1058 }
1059
1060 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1061 disable_advertising(&req);
1062
1063 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
b1efcc28 1064 hci_req_add_le_scan_disable(&req);
8b064a3a
JH		 1065 }
1066
1067 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1068 struct hci_cp_disconnect dc;
c9910d0f
JH		 1069 struct hci_cp_reject_conn_req rej;
1070
1071 switch (conn->state) {
1072 case BT_CONNECTED:
1073 case BT_CONFIG:
1074 dc.handle = cpu_to_le16(conn->handle);
1075 dc.reason = 0x15; /* Terminated due to Power Off */
1076 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1077 break;
1078 case BT_CONNECT:
1079 if (conn->type == LE_LINK)
1080 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1081 0, NULL);
1082 else if (conn->type == ACL_LINK)
1083 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1084 6, &conn->dst);
1085 break;
1086 case BT_CONNECT2:
1087 bacpy(&rej.bdaddr, &conn->dst);
1088 rej.reason = 0x15; /* Terminated due to Power Off */
1089 if (conn->type == ACL_LINK)
1090 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1091 sizeof(rej), &rej);
1092 else if (conn->type == SCO_LINK)
1093 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1094 sizeof(rej), &rej);
1095 break;
1096 }
8b064a3a
JH		 1097 }
1098
1099 return hci_req_run(&req, clean_up_hci_complete);
1100}
1101
bdb6d971 1102static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1103 u16 len)
eec8d2bc 1104{
650f726d 1105 struct mgmt_mode *cp = data;
366a0336 1106 struct pending_cmd *cmd;
4b34ee78 1107 int err;
eec8d2bc 1108
bdb6d971 1109 BT_DBG("request for %s", hdev->name);
eec8d2bc 1110
a7e80f25
JH		 1111 if (cp->val != 0x00 && cp->val != 0x01)
1112 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1113 MGMT_STATUS_INVALID_PARAMS);
1114
09fd0de5 1115 hci_dev_lock(hdev);
eec8d2bc 1116
87b95ba6
JH		 1117 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1118 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1119 MGMT_STATUS_BUSY);
1120 goto failed;
1121 }
1122
f0d4b78a
MH		 1123 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1124 cancel_delayed_work(&hdev->power_off);
1125
1126 if (cp->val) {
a1d70450
JH		 1127 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1128 data, len);
1129 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1130 goto failed;
1131 }
1132 }
1133
4b34ee78 1134 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1135 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1136 goto failed;
1137 }
1138
2e58ef3e 1139 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1140 if (!cmd) {
1141 err = -ENOMEM;
eec8d2bc 1142 goto failed;
366a0336 1143 }
eec8d2bc 1144
8b064a3a 1145 if (cp->val) {
19202573 1146 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1147 err = 0;
1148 } else {
1149 /* Disconnect connections, stop scans, etc */
1150 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1151 if (!err)
1152 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1153 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1154
8b064a3a
JH		 1155 /* ENODATA means there were no HCI commands queued */
1156 if (err == -ENODATA) {
a3172b7e 1157 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1158 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1159 err = 0;
1160 }
1161 }
eec8d2bc
JH		 1162
1163failed:
09fd0de5 1164 hci_dev_unlock(hdev);
366a0336 1165 return err;
eec8d2bc
JH		 1166}
1167
04124681
GP		 1168static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1169 struct sock *skip_sk)
beadb2bd
JH		 1170{
1171 struct sk_buff *skb;
1172 struct mgmt_hdr *hdr;
1173
790eff44 1174 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1175 if (!skb)
1176 return -ENOMEM;
1177
1178 hdr = (void *) skb_put(skb, sizeof(*hdr));
1179 hdr->opcode = cpu_to_le16(event);
1180 if (hdev)
1181 hdr->index = cpu_to_le16(hdev->id);
1182 else
612dfce9 1183 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1184 hdr->len = cpu_to_le16(data_len);
1185
1186 if (data)
1187 memcpy(skb_put(skb, data_len), data, data_len);
1188
97e0bdeb
MH		 1189 /* Time stamp */
1190 __net_timestamp(skb);
1191
beadb2bd
JH		 1192 hci_send_to_control(skb, skip_sk);
1193 kfree_skb(skb);
1194
1195 return 0;
1196}
1197
1198static int new_settings(struct hci_dev *hdev, struct sock *skip)
1199{
1200 __le32 ev;
1201
1202 ev = cpu_to_le32(get_current_settings(hdev));
1203
1204 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1205}
1206
bd99abdd
JH		 1207struct cmd_lookup {
1208 struct sock *sk;
1209 struct hci_dev *hdev;
1210 u8 mgmt_status;
1211};
1212
1213static void settings_rsp(struct pending_cmd *cmd, void *data)
1214{
1215 struct cmd_lookup *match = data;
1216
1217 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1218
1219 list_del(&cmd->list);
1220
1221 if (match->sk == NULL) {
1222 match->sk = cmd->sk;
1223 sock_hold(match->sk);
1224 }
1225
1226 mgmt_pending_free(cmd);
1227}
1228
1229static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1230{
1231 u8 *status = data;
1232
1233 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1234 mgmt_pending_remove(cmd);
1235}
1236
e6fe7986
JH		 1237static u8 mgmt_bredr_support(struct hci_dev *hdev)
1238{
1239 if (!lmp_bredr_capable(hdev))
1240 return MGMT_STATUS_NOT_SUPPORTED;
1241 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1242 return MGMT_STATUS_REJECTED;
1243 else
1244 return MGMT_STATUS_SUCCESS;
1245}
1246
1247static u8 mgmt_le_support(struct hci_dev *hdev)
1248{
1249 if (!lmp_le_capable(hdev))
1250 return MGMT_STATUS_NOT_SUPPORTED;
1251 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1252 return MGMT_STATUS_REJECTED;
1253 else
1254 return MGMT_STATUS_SUCCESS;
1255}
1256
bfaf8c9f
JH		 1257static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1258{
1259 struct pending_cmd *cmd;
1260 struct mgmt_mode *cp;
970ba524 1261 struct hci_request req;
bfaf8c9f
JH		 1262 bool changed;
1263
1264 BT_DBG("status 0x%02x", status);
1265
1266 hci_dev_lock(hdev);
1267
1268 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1269 if (!cmd)
1270 goto unlock;
1271
1272 if (status) {
1273 u8 mgmt_err = mgmt_status(status);
1274 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1275 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1276 goto remove_cmd;
1277 }
1278
1279 cp = cmd->param;
d4462a07 1280 if (cp->val) {
bfaf8c9f
JH		 1281 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1282 &hdev->dev_flags);
d4462a07
MH		 1283
1284 if (hdev->discov_timeout > 0) {
1285 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1286 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1287 to);
1288 }
1289 } else {
bfaf8c9f
JH		 1290 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1291 &hdev->dev_flags);
d4462a07 1292 }
bfaf8c9f
JH		 1293
1294 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1295
1296 if (changed)
1297 new_settings(hdev, cmd->sk);
1298
970ba524
MH		 1299 /* When the discoverable mode gets changed, make sure
1300 * that class of device has the limited discoverable
1301 * bit correctly set.
1302 */
1303 hci_req_init(&req, hdev);
1304 update_class(&req);
1305 hci_req_run(&req, NULL);
1306
bfaf8c9f
JH		 1307remove_cmd:
1308 mgmt_pending_remove(cmd);
1309
1310unlock:
1311 hci_dev_unlock(hdev);
1312}
1313
bdb6d971 1314static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1315 u16 len)
73f22f62 1316{
650f726d 1317 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1318 struct pending_cmd *cmd;
bfaf8c9f 1319 struct hci_request req;
5e5282bb 1320 u16 timeout;
9a43e25f 1321 u8 scan;
73f22f62
JH		 1322 int err;
1323
bdb6d971 1324 BT_DBG("request for %s", hdev->name);
73f22f62 1325
9a43e25f
JH		 1326 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1327 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1328 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1329 MGMT_STATUS_REJECTED);
33c525c0 1330
310a3d48 1331 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1332 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1333 MGMT_STATUS_INVALID_PARAMS);
1334
1f350c87 1335 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1336
1337 /* Disabling discoverable requires that no timeout is set,
1338 * and enabling limited discoverable requires a timeout.
1339 */
1340 if ((cp->val == 0x00 && timeout > 0) ||
1341 (cp->val == 0x02 && timeout == 0))
bdb6d971 1342 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1343 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1344
09fd0de5 1345 hci_dev_lock(hdev);
73f22f62 1346
5e5282bb 1347 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1348 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1349 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1350 goto failed;
1351 }
1352
2e58ef3e 1353 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1354 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1355 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1356 MGMT_STATUS_BUSY);
73f22f62
JH		 1357 goto failed;
1358 }
1359
5e5282bb 1360 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1361 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1362 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1363 goto failed;
1364 }
1365
1366 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1367 bool changed = false;
1368
310a3d48
MH		 1369 /* Setting limited discoverable when powered off is
1370 * not a valid operation since it requires a timeout
1371 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1372 */
0224d2fa
JH		 1373 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1374 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1375 changed = true;
1376 }
1377
5e5282bb 1378 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1379 if (err < 0)
1380 goto failed;
1381
1382 if (changed)
1383 err = new_settings(hdev, sk);
1384
5e5282bb
JH		 1385 goto failed;
1386 }
1387
310a3d48
MH		 1388 /* If the current mode is the same, then just update the timeout
1389 * value with the new value. And if only the timeout gets updated,
1390 * then no need for any HCI transactions.
1391 */
1392 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1393 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1394 &hdev->dev_flags)) {
36261547
MH		 1395 cancel_delayed_work(&hdev->discov_off);
1396 hdev->discov_timeout = timeout;
955638ec 1397
36261547
MH		 1398 if (cp->val && hdev->discov_timeout > 0) {
1399 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1400 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1401 to);
955638ec
MH		 1402 }
1403
69ab39ea 1404 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1405 goto failed;
1406 }
1407
2e58ef3e 1408 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1409 if (!cmd) {
1410 err = -ENOMEM;
73f22f62 1411 goto failed;
366a0336 1412 }
73f22f62 1413
310a3d48
MH		 1414 /* Cancel any potential discoverable timeout that might be
1415 * still active and store new timeout value. The arming of
1416 * the timeout happens in the complete handler.
1417 */
1418 cancel_delayed_work(&hdev->discov_off);
1419 hdev->discov_timeout = timeout;
1420
b456f87c
JH		 1421 /* Limited discoverable mode */
1422 if (cp->val == 0x02)
1423 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1424 else
1425 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1426
bfaf8c9f
JH		 1427 hci_req_init(&req, hdev);
1428
9a43e25f
JH		 1429 /* The procedure for LE-only controllers is much simpler - just
1430 * update the advertising data.
1431 */
1432 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1433 goto update_ad;
1434
73f22f62
JH		 1435 scan = SCAN_PAGE;
1436
310a3d48
MH		 1437 if (cp->val) {
1438 struct hci_cp_write_current_iac_lap hci_cp;
1439
1440 if (cp->val == 0x02) {
1441 /* Limited discoverable mode */
33337dcb 1442 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1443 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1444 hci_cp.iac_lap[1] = 0x8b;
1445 hci_cp.iac_lap[2] = 0x9e;
1446 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1447 hci_cp.iac_lap[4] = 0x8b;
1448 hci_cp.iac_lap[5] = 0x9e;
1449 } else {
1450 /* General discoverable mode */
310a3d48
MH		 1451 hci_cp.num_iac = 1;
1452 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1453 hci_cp.iac_lap[1] = 0x8b;
1454 hci_cp.iac_lap[2] = 0x9e;
1455 }
1456
1457 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1458 (hci_cp.num_iac * 3) + 1, &hci_cp);
1459
73f22f62 1460 scan |= SCAN_INQUIRY;
310a3d48
MH		 1461 } else {
1462 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1463 }
73f22f62 1464
310a3d48 1465 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1466
9a43e25f
JH		 1467update_ad:
1468 update_adv_data(&req);
1469
bfaf8c9f 1470 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1471 if (err < 0)
a664b5bc 1472 mgmt_pending_remove(cmd);
73f22f62
JH		 1473
1474failed:
09fd0de5 1475 hci_dev_unlock(hdev);
73f22f62
JH		 1476 return err;
1477}
1478
406d7804
JH		 1479static void write_fast_connectable(struct hci_request *req, bool enable)
1480{
bd98b996 1481 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1482 struct hci_cp_write_page_scan_activity acp;
1483 u8 type;
1484
547003b1
JH		 1485 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1486 return;
1487
4c01f8b8
JH		 1488 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1489 return;
1490
406d7804
JH		 1491 if (enable) {
1492 type = PAGE_SCAN_TYPE_INTERLACED;
1493
1494 /* 160 msec page scan interval */
1495 acp.interval = __constant_cpu_to_le16(0x0100);
1496 } else {
1497 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1498
1499 /* default 1.28 sec page scan */
1500 acp.interval = __constant_cpu_to_le16(0x0800);
1501 }
1502
1503 acp.window = __constant_cpu_to_le16(0x0012);
1504
bd98b996
JH		 1505 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1506 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1507 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1508 sizeof(acp), &acp);
1509
1510 if (hdev->page_scan_type != type)
1511 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1512}
1513
2b76f453
JH		 1514static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1515{
1516 struct pending_cmd *cmd;
d7b856f9
JH		 1517 struct mgmt_mode *cp;
1518 bool changed;
2b76f453
JH		 1519
1520 BT_DBG("status 0x%02x", status);
1521
1522 hci_dev_lock(hdev);
1523
1524 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1525 if (!cmd)
1526 goto unlock;
1527
37438c1f
JH		 1528 if (status) {
1529 u8 mgmt_err = mgmt_status(status);
1530 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1531 goto remove_cmd;
1532 }
1533
d7b856f9
JH		 1534 cp = cmd->param;
1535 if (cp->val)
1536 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1537 else
1538 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1539
2b76f453
JH		 1540 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1541
d7b856f9
JH		 1542 if (changed)
1543 new_settings(hdev, cmd->sk);
1544
37438c1f 1545remove_cmd:
2b76f453
JH		 1546 mgmt_pending_remove(cmd);
1547
1548unlock:
1549 hci_dev_unlock(hdev);
1550}
1551
e8ba3a1f
JH		 1552static int set_connectable_update_settings(struct hci_dev *hdev,
1553 struct sock *sk, u8 val)
1554{
1555 bool changed = false;
1556 int err;
1557
1558 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1559 changed = true;
1560
1561 if (val) {
1562 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1563 } else {
1564 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1565 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1566 }
1567
1568 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1569 if (err < 0)
1570 return err;
1571
1572 if (changed)
1573 return new_settings(hdev, sk);
1574
1575 return 0;
1576}
1577
bdb6d971 1578static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1579 u16 len)
9fbcbb45 1580{
650f726d 1581 struct mgmt_mode *cp = data;
366a0336 1582 struct pending_cmd *cmd;
2b76f453 1583 struct hci_request req;
1987fdc7 1584 u8 scan;
9fbcbb45
JH		 1585 int err;
1586
bdb6d971 1587 BT_DBG("request for %s", hdev->name);
9fbcbb45 1588
1987fdc7
JH		 1589 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1590 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1591 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1592 MGMT_STATUS_REJECTED);
33c525c0 1593
a7e80f25
JH		 1594 if (cp->val != 0x00 && cp->val != 0x01)
1595 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1596 MGMT_STATUS_INVALID_PARAMS);
1597
09fd0de5 1598 hci_dev_lock(hdev);
9fbcbb45 1599
4b34ee78 1600 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1601 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1602 goto failed;
1603 }
1604
2e58ef3e 1605 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1606 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1607 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1608 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1609 goto failed;
1610 }
1611
2e58ef3e 1612 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1613 if (!cmd) {
1614 err = -ENOMEM;
9fbcbb45 1615 goto failed;
366a0336 1616 }
9fbcbb45 1617
9b74246f 1618 hci_req_init(&req, hdev);
9fbcbb45 1619
9a43e25f
JH		 1620 /* If BR/EDR is not enabled and we disable advertising as a
1621 * by-product of disabling connectable, we need to update the
1622 * advertising flags.
1623 */
1624 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1625 if (!cp->val) {
1626 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1627 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1628 }
1629 update_adv_data(&req);
1630 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1631 if (cp->val) {
1632 scan = SCAN_PAGE;
1633 } else {
1634 scan = 0;
1635
1636 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1637 hdev->discov_timeout > 0)
9b74246f
JH		 1638 cancel_delayed_work(&hdev->discov_off);
1639 }
2b76f453 1640
9b74246f
JH		 1641 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1642 }
2b76f453 1643
4c01f8b8
JH		 1644 /* If we're going from non-connectable to connectable or
1645 * vice-versa when fast connectable is enabled ensure that fast
1646 * connectable gets disabled. write_fast_connectable won't do
1647 * anything if the page scan parameters are already what they
1648 * should be.
1649 */
1650 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1651 write_fast_connectable(&req, false);
1652
1987fdc7
JH		 1653 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1654 hci_conn_num(hdev, LE_LINK) == 0) {
1655 disable_advertising(&req);
1656 enable_advertising(&req);
1657 }
1658
2b76f453 1659 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1660 if (err < 0) {
a664b5bc 1661 mgmt_pending_remove(cmd);
9b74246f 1662 if (err == -ENODATA)
a81070ba
JH		 1663 err = set_connectable_update_settings(hdev, sk,
1664 cp->val);
9b74246f
JH		 1665 goto failed;
1666 }
9fbcbb45
JH		 1667
1668failed:
09fd0de5 1669 hci_dev_unlock(hdev);
9fbcbb45
JH		 1670 return err;
1671}
1672
bdb6d971 1673static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1674 u16 len)
c542a06c 1675{
650f726d 1676 struct mgmt_mode *cp = data;
55594356 1677 bool changed;
c542a06c
JH		 1678 int err;
1679
bdb6d971 1680 BT_DBG("request for %s", hdev->name);
c542a06c 1681
a7e80f25
JH		 1682 if (cp->val != 0x00 && cp->val != 0x01)
1683 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1684 MGMT_STATUS_INVALID_PARAMS);
1685
09fd0de5 1686 hci_dev_lock(hdev);
c542a06c
JH		 1687
1688 if (cp->val)
55594356 1689 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1690 else
55594356 1691 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1692
69ab39ea 1693 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1694 if (err < 0)
55594356 1695 goto unlock;
c542a06c 1696
55594356
MH		 1697 if (changed)
1698 err = new_settings(hdev, sk);
c542a06c 1699
55594356 1700unlock:
09fd0de5 1701 hci_dev_unlock(hdev);
c542a06c
JH		 1702 return err;
1703}
1704
04124681
GP		 1705static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1706 u16 len)
33ef95ed
JH		 1707{
1708 struct mgmt_mode *cp = data;
1709 struct pending_cmd *cmd;
e6fe7986 1710 u8 val, status;
33ef95ed
JH		 1711 int err;
1712
bdb6d971 1713 BT_DBG("request for %s", hdev->name);
33ef95ed 1714
e6fe7986
JH		 1715 status = mgmt_bredr_support(hdev);
1716 if (status)
33c525c0 1717 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1718 status);
33c525c0 1719
a7e80f25
JH		 1720 if (cp->val != 0x00 && cp->val != 0x01)
1721 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1722 MGMT_STATUS_INVALID_PARAMS);
1723
33ef95ed
JH		 1724 hci_dev_lock(hdev);
1725
4b34ee78 1726 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1727 bool changed = false;
1728
1729 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1730 &hdev->dev_flags)) {
47990ea0
JH		 1731 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1732 changed = true;
1733 }
1734
1735 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1736 if (err < 0)
1737 goto failed;
1738
1739 if (changed)
1740 err = new_settings(hdev, sk);
1741
33ef95ed
JH		 1742 goto failed;
1743 }
1744
1745 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1746 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1747 MGMT_STATUS_BUSY);
33ef95ed
JH		 1748 goto failed;
1749 }
1750
1751 val = !!cp->val;
1752
1753 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1754 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1755 goto failed;
1756 }
1757
1758 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1759 if (!cmd) {
1760 err = -ENOMEM;
1761 goto failed;
1762 }
1763
1764 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1765 if (err < 0) {
1766 mgmt_pending_remove(cmd);
1767 goto failed;
1768 }
1769
1770failed:
1771 hci_dev_unlock(hdev);
33ef95ed
JH		 1772 return err;
1773}
1774
bdb6d971 1775static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1776{
1777 struct mgmt_mode *cp = data;
1778 struct pending_cmd *cmd;
72ef0c1a 1779 u8 status;
ed2c4ee3
JH		 1780 int err;
1781
bdb6d971 1782 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1783
cdba5281
MH		 1784 status = mgmt_bredr_support(hdev);
1785 if (status)
1786 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1787
13ecd8b6
JH		 1788 if (!lmp_ssp_capable(hdev))
1789 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1790 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1791
a7e80f25
JH		 1792 if (cp->val != 0x00 && cp->val != 0x01)
1793 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1794 MGMT_STATUS_INVALID_PARAMS);
1795
13ecd8b6 1796 hci_dev_lock(hdev);
6c8f12c1 1797
4b34ee78 1798 if (!hdev_is_powered(hdev)) {
9ecb3e24 1799 bool changed;
c0ecddc2 1800
9ecb3e24
MH		 1801 if (cp->val) {
1802 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1803 &hdev->dev_flags);
1804 } else {
1805 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1806 &hdev->dev_flags);
1807 if (!changed)
1808 changed = test_and_clear_bit(HCI_HS_ENABLED,
1809 &hdev->dev_flags);
1810 else
1811 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1812 }
1813
1814 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1815 if (err < 0)
1816 goto failed;
1817
1818 if (changed)
1819 err = new_settings(hdev, sk);
1820
ed2c4ee3
JH		 1821 goto failed;
1822 }
1823
9ecb3e24
MH		 1824 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1825 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1826 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1827 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1828 goto failed;
1829 }
1830
72ef0c1a 1831 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1832 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1833 goto failed;
1834 }
1835
1836 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1837 if (!cmd) {
1838 err = -ENOMEM;
1839 goto failed;
1840 }
1841
72ef0c1a 1842 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1843 if (err < 0) {
1844 mgmt_pending_remove(cmd);
1845 goto failed;
1846 }
1847
1848failed:
1849 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1850 return err;
1851}
1852
bdb6d971 1853static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1854{
1855 struct mgmt_mode *cp = data;
ee392693 1856 bool changed;
e6fe7986 1857 u8 status;
ee392693 1858 int err;
6d80dfd0 1859
bdb6d971 1860 BT_DBG("request for %s", hdev->name);
6d80dfd0 1861
e6fe7986
JH		 1862 status = mgmt_bredr_support(hdev);
1863 if (status)
1864 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1865
9ecb3e24
MH		 1866 if (!lmp_ssp_capable(hdev))
1867 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1868 MGMT_STATUS_NOT_SUPPORTED);
1869
1870 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1871 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1872 MGMT_STATUS_REJECTED);
1873
a7e80f25
JH		 1874 if (cp->val != 0x00 && cp->val != 0x01)
1875 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1876 MGMT_STATUS_INVALID_PARAMS);
1877
ee392693
MH		 1878 hci_dev_lock(hdev);
1879
a0cdf960 1880 if (cp->val) {
ee392693 1881 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1882 } else {
1883 if (hdev_is_powered(hdev)) {
1884 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1885 MGMT_STATUS_REJECTED);
1886 goto unlock;
1887 }
1888
ee392693 1889 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1890 }
ee392693
MH		 1891
1892 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1893 if (err < 0)
1894 goto unlock;
1895
1896 if (changed)
1897 err = new_settings(hdev, sk);
6d80dfd0 1898
ee392693
MH		 1899unlock:
1900 hci_dev_unlock(hdev);
1901 return err;
6d80dfd0
JH		 1902}
1903
416a4ae5
JH		 1904static void le_enable_complete(struct hci_dev *hdev, u8 status)
1905{
1906 struct cmd_lookup match = { NULL, hdev };
1907
1908 if (status) {
1909 u8 mgmt_err = mgmt_status(status);
1910
1911 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1912 &mgmt_err);
1913 return;
1914 }
1915
1916 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1917
1918 new_settings(hdev, match.sk);
1919
1920 if (match.sk)
1921 sock_put(match.sk);
441ad2d0
MH		 1922
1923 /* Make sure the controller has a good default for
1924 * advertising data. Restrict the update to when LE
1925 * has actually been enabled. During power on, the
1926 * update in powered_update_hci will take care of it.
1927 */
1928 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1929 struct hci_request req;
1930
1931 hci_dev_lock(hdev);
1932
1933 hci_req_init(&req, hdev);
5947f4bc 1934 update_adv_data(&req);
f14d8f64 1935 update_scan_rsp_data(&req);
441ad2d0
MH		 1936 hci_req_run(&req, NULL);
1937
1938 hci_dev_unlock(hdev);
1939 }
416a4ae5
JH		 1940}
1941
bdb6d971 1942static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1943{
1944 struct mgmt_mode *cp = data;
1945 struct hci_cp_write_le_host_supported hci_cp;
1946 struct pending_cmd *cmd;
416a4ae5 1947 struct hci_request req;
06199cf8 1948 int err;
0b60eba1 1949 u8 val, enabled;
06199cf8 1950
bdb6d971 1951 BT_DBG("request for %s", hdev->name);
06199cf8 1952
13ecd8b6
JH		 1953 if (!lmp_le_capable(hdev))
1954 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1955 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1956
a7e80f25
JH		 1957 if (cp->val != 0x00 && cp->val != 0x01)
1958 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1959 MGMT_STATUS_INVALID_PARAMS);
1960
c73eee91 1961 /* LE-only devices do not allow toggling LE on/off */
56f87901 1962 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1963 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1964 MGMT_STATUS_REJECTED);
1965
13ecd8b6 1966 hci_dev_lock(hdev);
06199cf8
JH		 1967
1968 val = !!cp->val;
ffa88e02 1969 enabled = lmp_host_le_capable(hdev);
06199cf8 1970
0b60eba1 1971 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1972 bool changed = false;
1973
1974 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1975 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1976 changed = true;
1977 }
1978
f3d3444a
JH		 1979 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1980 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1981 changed = true;
1982 }
1983
06199cf8
JH		 1984 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1985 if (err < 0)
1de028ce 1986 goto unlock;
06199cf8
JH		 1987
1988 if (changed)
1989 err = new_settings(hdev, sk);
1990
1de028ce 1991 goto unlock;
06199cf8
JH		 1992 }
1993
4375f103
JH		 1994 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1995 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1996 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1997 MGMT_STATUS_BUSY);
1de028ce 1998 goto unlock;
06199cf8
JH		 1999 }
2000
2001 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2002 if (!cmd) {
2003 err = -ENOMEM;
1de028ce 2004 goto unlock;
06199cf8
JH		 2005 }
2006
441ad2d0
MH		 2007 hci_req_init(&req, hdev);
2008
06199cf8
JH		 2009 memset(&hci_cp, 0, sizeof(hci_cp));
2010
2011 if (val) {
2012 hci_cp.le = val;
ffa88e02 2013 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2014 } else {
2015 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2016 disable_advertising(&req);
06199cf8
JH		 2017 }
2018
416a4ae5
JH		 2019 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2020 &hci_cp);
2021
2022 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2023 if (err < 0)
06199cf8 2024 mgmt_pending_remove(cmd);
06199cf8 2025
1de028ce
JH		 2026unlock:
2027 hci_dev_unlock(hdev);
06199cf8
JH		 2028 return err;
2029}
2030
0cab9c80
JH		 2031/* This is a helper function to test for pending mgmt commands that can
2032 * cause CoD or EIR HCI commands. We can only allow one such pending
2033 * mgmt command at a time since otherwise we cannot easily track what
2034 * the current values are, will be, and based on that calculate if a new
2035 * HCI command needs to be sent and if yes with what value.
2036 */
2037static bool pending_eir_or_class(struct hci_dev *hdev)
2038{
2039 struct pending_cmd *cmd;
2040
2041 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2042 switch (cmd->opcode) {
2043 case MGMT_OP_ADD_UUID:
2044 case MGMT_OP_REMOVE_UUID:
2045 case MGMT_OP_SET_DEV_CLASS:
2046 case MGMT_OP_SET_POWERED:
2047 return true;
2048 }
2049 }
2050
2051 return false;
2052}
2053
83be8eca
JH		 2054static const u8 bluetooth_base_uuid[] = {
2055 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2056 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2057};
2058
2059static u8 get_uuid_size(const u8 *uuid)
2060{
2061 u32 val;
2062
2063 if (memcmp(uuid, bluetooth_base_uuid, 12))
2064 return 128;
2065
2066 val = get_unaligned_le32(&uuid[12]);
2067 if (val > 0xffff)
2068 return 32;
2069
2070 return 16;
2071}
2072
92da6097
JH		 2073static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2074{
2075 struct pending_cmd *cmd;
2076
2077 hci_dev_lock(hdev);
2078
2079 cmd = mgmt_pending_find(mgmt_op, hdev);
2080 if (!cmd)
2081 goto unlock;
2082
2083 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2084 hdev->dev_class, 3);
2085
2086 mgmt_pending_remove(cmd);
2087
2088unlock:
2089 hci_dev_unlock(hdev);
2090}
2091
2092static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2093{
2094 BT_DBG("status 0x%02x", status);
2095
2096 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2097}
2098
bdb6d971 2099static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2100{
650f726d 2101 struct mgmt_cp_add_uuid *cp = data;
90e70454 2102 struct pending_cmd *cmd;
890ea898 2103 struct hci_request req;
2aeb9a1a 2104 struct bt_uuid *uuid;
2aeb9a1a
JH		 2105 int err;
2106
bdb6d971 2107 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2108
09fd0de5 2109 hci_dev_lock(hdev);
2aeb9a1a 2110
0cab9c80 2111 if (pending_eir_or_class(hdev)) {
bdb6d971 2112 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2113 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2114 goto failed;
2115 }
2116
92c4c204 2117 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2118 if (!uuid) {
2119 err = -ENOMEM;
2120 goto failed;
2121 }
2122
2123 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2124 uuid->svc_hint = cp->svc_hint;
83be8eca 2125 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2126
de66aa63 2127 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2128
890ea898 2129 hci_req_init(&req, hdev);
1aff6f09 2130
890ea898
JH		 2131 update_class(&req);
2132 update_eir(&req);
2133
92da6097
JH		 2134 err = hci_req_run(&req, add_uuid_complete);
2135 if (err < 0) {
2136 if (err != -ENODATA)
2137 goto failed;
80a1e1db 2138
bdb6d971 2139 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2140 hdev->dev_class, 3);
90e70454
JH		 2141 goto failed;
2142 }
2143
2144 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2145 if (!cmd) {
90e70454 2146 err = -ENOMEM;
890ea898
JH		 2147 goto failed;
2148 }
2149
2150 err = 0;
2aeb9a1a
JH		 2151
2152failed:
09fd0de5 2153 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2154 return err;
2155}
2156
24b78d0f
JH		 2157static bool enable_service_cache(struct hci_dev *hdev)
2158{
2159 if (!hdev_is_powered(hdev))
2160 return false;
2161
2162 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2163 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2164 CACHE_TIMEOUT);
24b78d0f
JH		 2165 return true;
2166 }
2167
2168 return false;
2169}
2170
92da6097
JH		 2171static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2172{
2173 BT_DBG("status 0x%02x", status);
2174
2175 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2176}
2177
bdb6d971 2178static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2179 u16 len)
2aeb9a1a 2180{
650f726d 2181 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2182 struct pending_cmd *cmd;
056341c8 2183 struct bt_uuid *match, *tmp;
2aeb9a1a 2184 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2185 struct hci_request req;
2aeb9a1a
JH		 2186 int err, found;
2187
bdb6d971 2188 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2189
09fd0de5 2190 hci_dev_lock(hdev);
2aeb9a1a 2191
0cab9c80 2192 if (pending_eir_or_class(hdev)) {
bdb6d971 2193 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2194 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2195 goto unlock;
2196 }
2197
2aeb9a1a 2198 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2199 hci_uuids_clear(hdev);
4004b6d9 2200
24b78d0f 2201 if (enable_service_cache(hdev)) {
bdb6d971 2202 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2203 0, hdev->dev_class, 3);
24b78d0f
JH		 2204 goto unlock;
2205 }
4004b6d9 2206
9246a869 2207 goto update_class;
2aeb9a1a
JH		 2208 }
2209
2210 found = 0;
2211
056341c8 2212 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2213 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2214 continue;
2215
2216 list_del(&match->list);
482049f7 2217 kfree(match);
2aeb9a1a
JH		 2218 found++;
2219 }
2220
2221 if (found == 0) {
bdb6d971 2222 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2223 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2224 goto unlock;
2225 }
2226
9246a869 2227update_class:
890ea898 2228 hci_req_init(&req, hdev);
1aff6f09 2229
890ea898
JH		 2230 update_class(&req);
2231 update_eir(&req);
2232
92da6097
JH		 2233 err = hci_req_run(&req, remove_uuid_complete);
2234 if (err < 0) {
2235 if (err != -ENODATA)
2236 goto unlock;
80a1e1db 2237
bdb6d971 2238 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2239 hdev->dev_class, 3);
90e70454
JH		 2240 goto unlock;
2241 }
2242
2243 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2244 if (!cmd) {
90e70454 2245 err = -ENOMEM;
890ea898
JH		 2246 goto unlock;
2247 }
2248
2249 err = 0;
2aeb9a1a
JH		 2250
2251unlock:
09fd0de5 2252 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2253 return err;
2254}
2255
92da6097
JH		 2256static void set_class_complete(struct hci_dev *hdev, u8 status)
2257{
2258 BT_DBG("status 0x%02x", status);
2259
2260 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2261}
2262
bdb6d971 2263static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2264 u16 len)
1aff6f09 2265{
650f726d 2266 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2267 struct pending_cmd *cmd;
890ea898 2268 struct hci_request req;
1aff6f09
JH		 2269 int err;
2270
bdb6d971 2271 BT_DBG("request for %s", hdev->name);
1aff6f09 2272
6203fc98 2273 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2274 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2275 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2276
0cab9c80 2277 hci_dev_lock(hdev);
ee98f473 2278
0cab9c80
JH		 2279 if (pending_eir_or_class(hdev)) {
2280 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2281 MGMT_STATUS_BUSY);
2282 goto unlock;
2283 }
c95f0ba7 2284
0cab9c80
JH		 2285 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2286 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2287 MGMT_STATUS_INVALID_PARAMS);
2288 goto unlock;
2289 }
575b3a02 2290
932f5ff5
JH		 2291 hdev->major_class = cp->major;
2292 hdev->minor_class = cp->minor;
2293
b5235a65 2294 if (!hdev_is_powered(hdev)) {
bdb6d971 2295 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2296 hdev->dev_class, 3);
b5235a65
JH		 2297 goto unlock;
2298 }
2299
890ea898
JH		 2300 hci_req_init(&req, hdev);
2301
a8b2d5c2 2302 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2303 hci_dev_unlock(hdev);
2304 cancel_delayed_work_sync(&hdev->service_cache);
2305 hci_dev_lock(hdev);
890ea898 2306 update_eir(&req);
7d78525d 2307 }
14c0b608 2308
890ea898
JH		 2309 update_class(&req);
2310
92da6097
JH		 2311 err = hci_req_run(&req, set_class_complete);
2312 if (err < 0) {
2313 if (err != -ENODATA)
2314 goto unlock;
1aff6f09 2315
bdb6d971 2316 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2317 hdev->dev_class, 3);
90e70454
JH		 2318 goto unlock;
2319 }
2320
2321 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2322 if (!cmd) {
90e70454 2323 err = -ENOMEM;
890ea898
JH		 2324 goto unlock;
2325 }
2326
2327 err = 0;
1aff6f09 2328
b5235a65 2329unlock:
09fd0de5 2330 hci_dev_unlock(hdev);
1aff6f09
JH		 2331 return err;
2332}
2333
bdb6d971 2334static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2335 u16 len)
55ed8ca1 2336{
650f726d 2337 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2338 u16 key_count, expected_len;
b1de97d8 2339 bool changed;
a492cd52 2340 int i;
55ed8ca1 2341
9060d5cf
MH		 2342 BT_DBG("request for %s", hdev->name);
2343
2344 if (!lmp_bredr_capable(hdev))
2345 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2346 MGMT_STATUS_NOT_SUPPORTED);
2347
1f350c87 2348 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2349
86742e1e
JH		 2350 expected_len = sizeof(*cp) + key_count *
2351 sizeof(struct mgmt_link_key_info);
a492cd52 2352 if (expected_len != len) {
86742e1e 2353 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2354 expected_len, len);
bdb6d971 2355 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2356 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2357 }
2358
4ae14301
JH		 2359 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2360 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2361 MGMT_STATUS_INVALID_PARAMS);
2362
bdb6d971 2363 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2364 key_count);
55ed8ca1 2365
4ee71b20
JH		 2366 for (i = 0; i < key_count; i++) {
2367 struct mgmt_link_key_info *key = &cp->keys[i];
2368
8e991132 2369 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2370 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2371 MGMT_STATUS_INVALID_PARAMS);
2372 }
2373
09fd0de5 2374 hci_dev_lock(hdev);
55ed8ca1
JH		 2375
2376 hci_link_keys_clear(hdev);
2377
55ed8ca1 2378 if (cp->debug_keys)
b1de97d8 2379 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2380 else
b1de97d8
MH		 2381 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2382
2383 if (changed)
2384 new_settings(hdev, NULL);
55ed8ca1 2385
a492cd52 2386 for (i = 0; i < key_count; i++) {
86742e1e 2387 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2388
d753fdc4 2389 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2390 key->type, key->pin_len);
55ed8ca1
JH		 2391 }
2392
bdb6d971 2393 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2394
09fd0de5 2395 hci_dev_unlock(hdev);
55ed8ca1 2396
a492cd52 2397 return 0;
55ed8ca1
JH		 2398}
2399
b1078ad0 2400static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2401 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2402{
2403 struct mgmt_ev_device_unpaired ev;
2404
2405 bacpy(&ev.addr.bdaddr, bdaddr);
2406 ev.addr.type = addr_type;
2407
2408 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2409 skip_sk);
b1078ad0
JH		 2410}
2411
bdb6d971 2412static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2413 u16 len)
55ed8ca1 2414{
124f6e35
JH		 2415 struct mgmt_cp_unpair_device *cp = data;
2416 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2417 struct hci_cp_disconnect dc;
2418 struct pending_cmd *cmd;
55ed8ca1 2419 struct hci_conn *conn;
55ed8ca1
JH		 2420 int err;
2421
a8a1d19e 2422 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2423 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2424 rp.addr.type = cp->addr.type;
a8a1d19e 2425
4ee71b20
JH		 2426 if (!bdaddr_type_is_valid(cp->addr.type))
2427 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2428 MGMT_STATUS_INVALID_PARAMS,
2429 &rp, sizeof(rp));
2430
118da70b
JH		 2431 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2432 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2433 MGMT_STATUS_INVALID_PARAMS,
2434 &rp, sizeof(rp));
2435
4ee71b20
JH		 2436 hci_dev_lock(hdev);
2437
86a8cfc6 2438 if (!hdev_is_powered(hdev)) {
bdb6d971 2439 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2440 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2441 goto unlock;
2442 }
2443
e0b2b27e 2444 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2445 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2446 } else {
2447 u8 addr_type;
2448
2449 if (cp->addr.type == BDADDR_LE_PUBLIC)
2450 addr_type = ADDR_LE_DEV_PUBLIC;
2451 else
2452 addr_type = ADDR_LE_DEV_RANDOM;
2453
a7ec7338
JH		 2454 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2455
a9b0a04c
AG		 2456 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2457
e0b2b27e
JH		 2458 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2459 }
b0dbfb46 2460
55ed8ca1 2461 if (err < 0) {
bdb6d971 2462 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2463 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2464 goto unlock;
2465 }
2466
86a8cfc6 2467 if (cp->disconnect) {
591f47f3 2468 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2469 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2470 &cp->addr.bdaddr);
86a8cfc6
JH		 2471 else
2472 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2473 &cp->addr.bdaddr);
86a8cfc6
JH		 2474 } else {
2475 conn = NULL;
2476 }
124f6e35 2477
a8a1d19e 2478 if (!conn) {
bdb6d971 2479 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2480 &rp, sizeof(rp));
b1078ad0 2481 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2482 goto unlock;
2483 }
55ed8ca1 2484
124f6e35 2485 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2486 sizeof(*cp));
a8a1d19e
JH		 2487 if (!cmd) {
2488 err = -ENOMEM;
2489 goto unlock;
55ed8ca1
JH		 2490 }
2491
eb55ef07 2492 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2493 dc.reason = 0x13; /* Remote User Terminated Connection */
2494 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2495 if (err < 0)
2496 mgmt_pending_remove(cmd);
2497
55ed8ca1 2498unlock:
09fd0de5 2499 hci_dev_unlock(hdev);
55ed8ca1
JH		 2500 return err;
2501}
2502
bdb6d971 2503static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2504 u16 len)
8962ee74 2505{
650f726d 2506 struct mgmt_cp_disconnect *cp = data;
06a63b19 2507 struct mgmt_rp_disconnect rp;
8962ee74 2508 struct hci_cp_disconnect dc;
366a0336 2509 struct pending_cmd *cmd;
8962ee74 2510 struct hci_conn *conn;
8962ee74
JH		 2511 int err;
2512
2513 BT_DBG("");
2514
06a63b19
JH		 2515 memset(&rp, 0, sizeof(rp));
2516 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2517 rp.addr.type = cp->addr.type;
2518
4ee71b20 2519 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2520 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2521 MGMT_STATUS_INVALID_PARAMS,
2522 &rp, sizeof(rp));
4ee71b20 2523
09fd0de5 2524 hci_dev_lock(hdev);
8962ee74
JH		 2525
2526 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2527 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2528 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2529 goto failed;
2530 }
2531
2e58ef3e 2532 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2533 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2534 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2535 goto failed;
2536 }
2537
591f47f3 2538 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2539 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2540 &cp->addr.bdaddr);
88c3df13
JH		 2541 else
2542 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2543
f960727e 2544 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2545 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2546 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2547 goto failed;
2548 }
2549
2e58ef3e 2550 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2551 if (!cmd) {
2552 err = -ENOMEM;
8962ee74 2553 goto failed;
366a0336 2554 }
8962ee74 2555
eb55ef07 2556 dc.handle = cpu_to_le16(conn->handle);
3701f944 2557 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2558
2559 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2560 if (err < 0)
a664b5bc 2561 mgmt_pending_remove(cmd);
8962ee74
JH		 2562
2563failed:
09fd0de5 2564 hci_dev_unlock(hdev);
8962ee74
JH		 2565 return err;
2566}
2567
57c1477c 2568static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2569{
2570 switch (link_type) {
2571 case LE_LINK:
48264f06
JH		 2572 switch (addr_type) {
2573 case ADDR_LE_DEV_PUBLIC:
591f47f3 2574 return BDADDR_LE_PUBLIC;
0ed09148 2575
48264f06 2576 default:
0ed09148 2577 /* Fallback to LE Random address type */
591f47f3 2578 return BDADDR_LE_RANDOM;
48264f06 2579 }
0ed09148 2580
4c659c39 2581 default:
0ed09148 2582 /* Fallback to BR/EDR type */
591f47f3 2583 return BDADDR_BREDR;
4c659c39
JH		 2584 }
2585}
2586
04124681
GP		 2587static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2588 u16 data_len)
2784eb41 2589{
2784eb41 2590 struct mgmt_rp_get_connections *rp;
8035ded4 2591 struct hci_conn *c;
a38528f1 2592 size_t rp_len;
60fc5fb6
JH		 2593 int err;
2594 u16 i;
2784eb41
JH		 2595
2596 BT_DBG("");
2597
09fd0de5 2598 hci_dev_lock(hdev);
2784eb41 2599
5f97c1df 2600 if (!hdev_is_powered(hdev)) {
bdb6d971 2601 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2602 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2603 goto unlock;
2604 }
2605
60fc5fb6 2606 i = 0;
b644ba33
JH		 2607 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2608 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2609 i++;
2784eb41
JH		 2610 }
2611
60fc5fb6 2612 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2613 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2614 if (!rp) {
2784eb41
JH		 2615 err = -ENOMEM;
2616 goto unlock;
2617 }
2618
2784eb41 2619 i = 0;
4c659c39 2620 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2621 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2622 continue;
4c659c39 2623 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2624 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2625 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2626 continue;
2627 i++;
2628 }
2629
eb55ef07 2630 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2631
4c659c39
JH		 2632 /* Recalculate length in case of filtered SCO connections, etc */
2633 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2634
bdb6d971 2635 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2636 rp_len);
2784eb41 2637
a38528f1 2638 kfree(rp);
5f97c1df
JH		 2639
2640unlock:
09fd0de5 2641 hci_dev_unlock(hdev);
2784eb41
JH		 2642 return err;
2643}
2644
bdb6d971 2645static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2646 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2647{
2648 struct pending_cmd *cmd;
2649 int err;
2650
2e58ef3e 2651 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2652 sizeof(*cp));
96d97a67
WR		 2653 if (!cmd)
2654 return -ENOMEM;
2655
d8457698 2656 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2657 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2658 if (err < 0)
2659 mgmt_pending_remove(cmd);
2660
2661 return err;
2662}
2663
bdb6d971 2664static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2665 u16 len)
980e1a53 2666{
96d97a67 2667 struct hci_conn *conn;
650f726d 2668 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2669 struct hci_cp_pin_code_reply reply;
366a0336 2670 struct pending_cmd *cmd;
980e1a53
JH		 2671 int err;
2672
2673 BT_DBG("");
2674
09fd0de5 2675 hci_dev_lock(hdev);
980e1a53 2676
4b34ee78 2677 if (!hdev_is_powered(hdev)) {
bdb6d971 2678 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2679 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2680 goto failed;
2681 }
2682
d8457698 2683 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2684 if (!conn) {
bdb6d971 2685 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2686 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2687 goto failed;
2688 }
2689
2690 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2691 struct mgmt_cp_pin_code_neg_reply ncp;
2692
2693 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2694
2695 BT_ERR("PIN code is not 16 bytes long");
2696
bdb6d971 2697 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2698 if (err >= 0)
bdb6d971 2699 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2700 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2701
2702 goto failed;
2703 }
2704
00abfe44 2705 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2706 if (!cmd) {
2707 err = -ENOMEM;
980e1a53 2708 goto failed;
366a0336 2709 }
980e1a53 2710
d8457698 2711 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2712 reply.pin_len = cp->pin_len;
24718ca5 2713 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2714
2715 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2716 if (err < 0)
a664b5bc 2717 mgmt_pending_remove(cmd);
980e1a53
JH		 2718
2719failed:
09fd0de5 2720 hci_dev_unlock(hdev);
980e1a53
JH		 2721 return err;
2722}
2723
04124681
GP		 2724static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2725 u16 len)
17fa4b9d 2726{
650f726d 2727 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2728
2729 BT_DBG("");
2730
09fd0de5 2731 hci_dev_lock(hdev);
17fa4b9d
JH		 2732
2733 hdev->io_capability = cp->io_capability;
2734
2735 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2736 hdev->io_capability);
17fa4b9d 2737
09fd0de5 2738 hci_dev_unlock(hdev);
17fa4b9d 2739
04124681
GP		 2740 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2741 0);
17fa4b9d
JH		 2742}
2743
6039aa73 2744static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2745{
2746 struct hci_dev *hdev = conn->hdev;
8035ded4 2747 struct pending_cmd *cmd;
e9a416b5 2748
2e58ef3e 2749 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2750 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2751 continue;
2752
e9a416b5
JH		 2753 if (cmd->user_data != conn)
2754 continue;
2755
2756 return cmd;
2757 }
2758
2759 return NULL;
2760}
2761
2762static void pairing_complete(struct pending_cmd *cmd, u8 status)
2763{
2764 struct mgmt_rp_pair_device rp;
2765 struct hci_conn *conn = cmd->user_data;
2766
ba4e564f 2767 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2768 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2769
aee9b218 2770 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2771 &rp, sizeof(rp));
e9a416b5
JH		 2772
2773 /* So we don't get further callbacks for this connection */
2774 conn->connect_cfm_cb = NULL;
2775 conn->security_cfm_cb = NULL;
2776 conn->disconn_cfm_cb = NULL;
2777
76a68ba0 2778 hci_conn_drop(conn);
e9a416b5 2779
a664b5bc 2780 mgmt_pending_remove(cmd);
e9a416b5
JH		 2781}
2782
f4a407be
JH		 2783void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2784{
2785 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2786 struct pending_cmd *cmd;
2787
2788 cmd = find_pairing(conn);
2789 if (cmd)
2790 pairing_complete(cmd, status);
2791}
2792
e9a416b5
JH		 2793static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2794{
2795 struct pending_cmd *cmd;
2796
2797 BT_DBG("status %u", status);
2798
2799 cmd = find_pairing(conn);
56e5cb86 2800 if (!cmd)
e9a416b5 2801 BT_DBG("Unable to find a pending command");
56e5cb86 2802 else
e211326c 2803 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2804}
2805
f4a407be 2806static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2807{
2808 struct pending_cmd *cmd;
2809
2810 BT_DBG("status %u", status);
2811
2812 if (!status)
2813 return;
2814
2815 cmd = find_pairing(conn);
2816 if (!cmd)
2817 BT_DBG("Unable to find a pending command");
2818 else
2819 pairing_complete(cmd, mgmt_status(status));
2820}
2821
bdb6d971 2822static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2823 u16 len)
e9a416b5 2824{
650f726d 2825 struct mgmt_cp_pair_device *cp = data;
1425acb7 2826 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2827 struct pending_cmd *cmd;
2828 u8 sec_level, auth_type;
2829 struct hci_conn *conn;
e9a416b5
JH		 2830 int err;
2831
2832 BT_DBG("");
2833
f950a30e
SJ		 2834 memset(&rp, 0, sizeof(rp));
2835 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2836 rp.addr.type = cp->addr.type;
2837
4ee71b20
JH		 2838 if (!bdaddr_type_is_valid(cp->addr.type))
2839 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2840 MGMT_STATUS_INVALID_PARAMS,
2841 &rp, sizeof(rp));
2842
09fd0de5 2843 hci_dev_lock(hdev);
e9a416b5 2844
5f97c1df 2845 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2846 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2847 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2848 goto unlock;
2849 }
2850
c908df36
VCG		 2851 sec_level = BT_SECURITY_MEDIUM;
2852 if (cp->io_cap == 0x03)
e9a416b5 2853 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2854 else
e9a416b5 2855 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2856
6f77d8c7 2857 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2858 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2859 auth_type);
6f77d8c7
AG		 2860 } else {
2861 u8 addr_type;
2862
2863 /* Convert from L2CAP channel address type to HCI address type
2864 */
2865 if (cp->addr.type == BDADDR_LE_PUBLIC)
2866 addr_type = ADDR_LE_DEV_PUBLIC;
2867 else
2868 addr_type = ADDR_LE_DEV_RANDOM;
2869
2870 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 2871 sec_level, auth_type);
6f77d8c7 2872 }
7a512d01 2873
30e76272 2874 if (IS_ERR(conn)) {
489dc48e
AK		 2875 int status;
2876
2877 if (PTR_ERR(conn) == -EBUSY)
2878 status = MGMT_STATUS_BUSY;
2879 else
2880 status = MGMT_STATUS_CONNECT_FAILED;
2881
bdb6d971 2882 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2883 status, &rp,
04124681 2884 sizeof(rp));
e9a416b5
JH		 2885 goto unlock;
2886 }
2887
2888 if (conn->connect_cfm_cb) {
76a68ba0 2889 hci_conn_drop(conn);
bdb6d971 2890 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2891 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2892 goto unlock;
2893 }
2894
2e58ef3e 2895 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2896 if (!cmd) {
2897 err = -ENOMEM;
76a68ba0 2898 hci_conn_drop(conn);
e9a416b5
JH		 2899 goto unlock;
2900 }
2901
7a512d01 2902 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2903 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2904 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2905 conn->security_cfm_cb = pairing_complete_cb;
2906 conn->disconn_cfm_cb = pairing_complete_cb;
2907 } else {
2908 conn->connect_cfm_cb = le_pairing_complete_cb;
2909 conn->security_cfm_cb = le_pairing_complete_cb;
2910 conn->disconn_cfm_cb = le_pairing_complete_cb;
2911 }
7a512d01 2912
e9a416b5
JH		 2913 conn->io_capability = cp->io_cap;
2914 cmd->user_data = conn;
2915
2916 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2917 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2918 pairing_complete(cmd, 0);
2919
2920 err = 0;
2921
2922unlock:
09fd0de5 2923 hci_dev_unlock(hdev);
e9a416b5
JH		 2924 return err;
2925}
2926
04124681
GP		 2927static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2928 u16 len)
28424707 2929{
0f4e68cf 2930 struct mgmt_addr_info *addr = data;
28424707
JH		 2931 struct pending_cmd *cmd;
2932 struct hci_conn *conn;
2933 int err;
2934
2935 BT_DBG("");
2936
28424707
JH		 2937 hci_dev_lock(hdev);
2938
5f97c1df 2939 if (!hdev_is_powered(hdev)) {
bdb6d971 2940 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2941 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2942 goto unlock;
2943 }
2944
28424707
JH		 2945 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2946 if (!cmd) {
bdb6d971 2947 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2948 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2949 goto unlock;
2950 }
2951
2952 conn = cmd->user_data;
2953
2954 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2955 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2956 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2957 goto unlock;
2958 }
2959
2960 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2961
bdb6d971 2962 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2963 addr, sizeof(*addr));
28424707
JH		 2964unlock:
2965 hci_dev_unlock(hdev);
28424707
JH		 2966 return err;
2967}
2968
bdb6d971 2969static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2970 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2971 u16 hci_op, __le32 passkey)
a5c29683 2972{
a5c29683 2973 struct pending_cmd *cmd;
0df4c185 2974 struct hci_conn *conn;
a5c29683
JH		 2975 int err;
2976
09fd0de5 2977 hci_dev_lock(hdev);
08ba5382 2978
4b34ee78 2979 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2980 err = cmd_complete(sk, hdev->id, mgmt_op,
2981 MGMT_STATUS_NOT_POWERED, addr,
2982 sizeof(*addr));
0df4c185 2983 goto done;
a5c29683
JH		 2984 }
2985
1707c60e
JH		 2986 if (addr->type == BDADDR_BREDR)
2987 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2988 else
1707c60e 2989 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2990
2991 if (!conn) {
feb94d3d
JH		 2992 err = cmd_complete(sk, hdev->id, mgmt_op,
2993 MGMT_STATUS_NOT_CONNECTED, addr,
2994 sizeof(*addr));
272d90df
JH		 2995 goto done;
2996 }
47c15e2b 2997
1707c60e 2998 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2999 /* Continue with pairing via SMP */
5fe57d9e
BG		 3000 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3001
3002 if (!err)
feb94d3d
JH		 3003 err = cmd_complete(sk, hdev->id, mgmt_op,
3004 MGMT_STATUS_SUCCESS, addr,
3005 sizeof(*addr));
5fe57d9e 3006 else
feb94d3d
JH		 3007 err = cmd_complete(sk, hdev->id, mgmt_op,
3008 MGMT_STATUS_FAILED, addr,
3009 sizeof(*addr));
47c15e2b 3010
47c15e2b
BG		 3011 goto done;
3012 }
3013
1707c60e 3014 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3015 if (!cmd) {
3016 err = -ENOMEM;
0df4c185 3017 goto done;
a5c29683
JH		 3018 }
3019
0df4c185 3020 /* Continue with pairing via HCI */
604086b7
BG		 3021 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3022 struct hci_cp_user_passkey_reply cp;
3023
1707c60e 3024 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3025 cp.passkey = passkey;
3026 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3027 } else
1707c60e
JH		 3028 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3029 &addr->bdaddr);
604086b7 3030
a664b5bc
JH		 3031 if (err < 0)
3032 mgmt_pending_remove(cmd);
a5c29683 3033
0df4c185 3034done:
09fd0de5 3035 hci_dev_unlock(hdev);
a5c29683
JH		 3036 return err;
3037}
3038
afeb019d
JK		 3039static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3040 void *data, u16 len)
3041{
3042 struct mgmt_cp_pin_code_neg_reply *cp = data;
3043
3044 BT_DBG("");
3045
1707c60e 3046 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3047 MGMT_OP_PIN_CODE_NEG_REPLY,
3048 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3049}
3050
04124681
GP		 3051static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3052 u16 len)
0df4c185 3053{
650f726d 3054 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3055
3056 BT_DBG("");
3057
3058 if (len != sizeof(*cp))
bdb6d971 3059 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3060 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3061
1707c60e 3062 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3063 MGMT_OP_USER_CONFIRM_REPLY,
3064 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3065}
3066
bdb6d971 3067static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3068 void *data, u16 len)
0df4c185 3069{
c9c2659f 3070 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3071
3072 BT_DBG("");
3073
1707c60e 3074 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3075 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3076 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3077}
3078
04124681
GP		 3079static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3080 u16 len)
604086b7 3081{
650f726d 3082 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3083
3084 BT_DBG("");
3085
1707c60e 3086 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3087 MGMT_OP_USER_PASSKEY_REPLY,
3088 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3089}
3090
bdb6d971 3091static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3092 void *data, u16 len)
604086b7 3093{
650f726d 3094 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3095
3096 BT_DBG("");
3097
1707c60e 3098 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3099 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3100 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3101}
3102
13928971 3103static void update_name(struct hci_request *req)
2b4bf397 3104{
13928971 3105 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3106 struct hci_cp_write_local_name cp;
3107
13928971 3108 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3109
890ea898 3110 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3111}
3112
13928971
JH		 3113static void set_name_complete(struct hci_dev *hdev, u8 status)
3114{
3115 struct mgmt_cp_set_local_name *cp;
3116 struct pending_cmd *cmd;
3117
3118 BT_DBG("status 0x%02x", status);
3119
3120 hci_dev_lock(hdev);
3121
3122 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3123 if (!cmd)
3124 goto unlock;
3125
3126 cp = cmd->param;
3127
3128 if (status)
3129 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3130 mgmt_status(status));
3131 else
3132 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3133 cp, sizeof(*cp));
3134
3135 mgmt_pending_remove(cmd);
3136
3137unlock:
3138 hci_dev_unlock(hdev);
3139}
3140
bdb6d971 3141static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3142 u16 len)
b312b161 3143{
2b4bf397 3144 struct mgmt_cp_set_local_name *cp = data;
b312b161 3145 struct pending_cmd *cmd;
890ea898 3146 struct hci_request req;
b312b161
JH		 3147 int err;
3148
3149 BT_DBG("");
3150
09fd0de5 3151 hci_dev_lock(hdev);
b312b161 3152
b3f2ca94
JH		 3153 /* If the old values are the same as the new ones just return a
3154 * direct command complete event.
3155 */
3156 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3157 !memcmp(hdev->short_name, cp->short_name,
3158 sizeof(hdev->short_name))) {
3159 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3160 data, len);
3161 goto failed;
3162 }
3163
2b4bf397 3164 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3165
b5235a65 3166 if (!hdev_is_powered(hdev)) {
2b4bf397 3167 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3168
3169 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3170 data, len);
28cc7bde
JH		 3171 if (err < 0)
3172 goto failed;
3173
3174 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3175 sk);
28cc7bde 3176
b5235a65
JH		 3177 goto failed;
3178 }
3179
28cc7bde 3180 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3181 if (!cmd) {
3182 err = -ENOMEM;
3183 goto failed;
3184 }
3185
13928971
JH		 3186 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3187
890ea898 3188 hci_req_init(&req, hdev);
3f985050
JH		 3189
3190 if (lmp_bredr_capable(hdev)) {
3191 update_name(&req);
3192 update_eir(&req);
3193 }
3194
7a5f4990
MH		 3195 /* The name is stored in the scan response data and so
3196 * no need to udpate the advertising data here.
3197 */
3f985050 3198 if (lmp_le_capable(hdev))
7a5f4990 3199 update_scan_rsp_data(&req);
3f985050 3200
13928971 3201 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3202 if (err < 0)
3203 mgmt_pending_remove(cmd);
3204
3205failed:
09fd0de5 3206 hci_dev_unlock(hdev);
b312b161
JH		 3207 return err;
3208}
3209
0f4e68cf 3210static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3211 void *data, u16 data_len)
c35938b2 3212{
c35938b2
SJ		 3213 struct pending_cmd *cmd;
3214 int err;
3215
bdb6d971 3216 BT_DBG("%s", hdev->name);
c35938b2 3217
09fd0de5 3218 hci_dev_lock(hdev);
c35938b2 3219
4b34ee78 3220 if (!hdev_is_powered(hdev)) {
bdb6d971 3221 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3222 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3223 goto unlock;
3224 }
3225
9a1a1996 3226 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3227 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3228 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3229 goto unlock;
3230 }
3231
2e58ef3e 3232 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3233 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3234 MGMT_STATUS_BUSY);
c35938b2
SJ		 3235 goto unlock;
3236 }
3237
2e58ef3e 3238 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3239 if (!cmd) {
3240 err = -ENOMEM;
3241 goto unlock;
3242 }
3243
4d2d2796
MH		 3244 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3245 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3246 0, NULL);
3247 else
3248 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3249
c35938b2
SJ		 3250 if (err < 0)
3251 mgmt_pending_remove(cmd);
3252
3253unlock:
09fd0de5 3254 hci_dev_unlock(hdev);
c35938b2
SJ		 3255 return err;
3256}
3257
bdb6d971 3258static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3259 void *data, u16 len)
2763eda6 3260{
2763eda6
SJ		 3261 int err;
3262
bdb6d971 3263 BT_DBG("%s ", hdev->name);
2763eda6 3264
09fd0de5 3265 hci_dev_lock(hdev);
2763eda6 3266
ec109113
MH		 3267 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3268 struct mgmt_cp_add_remote_oob_data *cp = data;
3269 u8 status;
bf1e3541 3270
ec109113
MH		 3271 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3272 cp->hash, cp->randomizer);
3273 if (err < 0)
3274 status = MGMT_STATUS_FAILED;
3275 else
3276 status = MGMT_STATUS_SUCCESS;
3277
3278 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3279 status, &cp->addr, sizeof(cp->addr));
3280 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3281 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3282 u8 status;
3283
3284 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3285 cp->hash192,
3286 cp->randomizer192,
3287 cp->hash256,
3288 cp->randomizer256);
3289 if (err < 0)
3290 status = MGMT_STATUS_FAILED;
3291 else
3292 status = MGMT_STATUS_SUCCESS;
3293
3294 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3295 status, &cp->addr, sizeof(cp->addr));
3296 } else {
3297 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3298 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3299 MGMT_STATUS_INVALID_PARAMS);
3300 }
2763eda6 3301
09fd0de5 3302 hci_dev_unlock(hdev);
2763eda6
SJ		 3303 return err;
3304}
3305
bdb6d971 3306static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3307 void *data, u16 len)
2763eda6 3308{
650f726d 3309 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3310 u8 status;
2763eda6
SJ		 3311 int err;
3312
bdb6d971 3313 BT_DBG("%s", hdev->name);
2763eda6 3314
09fd0de5 3315 hci_dev_lock(hdev);
2763eda6 3316
664ce4cc 3317 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3318 if (err < 0)
bf1e3541 3319 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3320 else
a6785be2 3321 status = MGMT_STATUS_SUCCESS;
bf1e3541 3322
bdb6d971 3323 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3324 status, &cp->addr, sizeof(cp->addr));
2763eda6 3325
09fd0de5 3326 hci_dev_unlock(hdev);
2763eda6
SJ		 3327 return err;
3328}
3329
41dc2bd6
AG		 3330static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3331{
3332 struct pending_cmd *cmd;
3333 u8 type;
3334 int err;
3335
3336 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3337
3338 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3339 if (!cmd)
3340 return -ENOENT;
3341
3342 type = hdev->discovery.type;
3343
3344 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3345 &type, sizeof(type));
3346 mgmt_pending_remove(cmd);
3347
3348 return err;
3349}
3350
7c307720
AG		 3351static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3352{
3353 BT_DBG("status %d", status);
3354
3355 if (status) {
3356 hci_dev_lock(hdev);
3357 mgmt_start_discovery_failed(hdev, status);
3358 hci_dev_unlock(hdev);
3359 return;
3360 }
3361
3362 hci_dev_lock(hdev);
3363 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3364 hci_dev_unlock(hdev);
3365
3366 switch (hdev->discovery.type) {
3367 case DISCOV_TYPE_LE:
3368 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3369 DISCOV_LE_TIMEOUT);
7c307720
AG		 3370 break;
3371
3372 case DISCOV_TYPE_INTERLEAVED:
3373 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3374 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 3375 break;
3376
3377 case DISCOV_TYPE_BREDR:
3378 break;
3379
3380 default:
3381 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3382 }
3383}
3384
bdb6d971 3385static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3386 void *data, u16 len)
14a53664 3387{
650f726d 3388 struct mgmt_cp_start_discovery *cp = data;
14a53664 3389 struct pending_cmd *cmd;
7c307720
AG		 3390 struct hci_cp_le_set_scan_param param_cp;
3391 struct hci_cp_le_set_scan_enable enable_cp;
3392 struct hci_cp_inquiry inq_cp;
3393 struct hci_request req;
3394 /* General inquiry access code (GIAC) */
3395 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3396 u8 status, own_addr_type;
14a53664
JH		 3397 int err;
3398
bdb6d971 3399 BT_DBG("%s", hdev->name);
14a53664 3400
09fd0de5 3401 hci_dev_lock(hdev);
14a53664 3402
4b34ee78 3403 if (!hdev_is_powered(hdev)) {
bdb6d971 3404 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3405 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3406 goto failed;
3407 }
3408
642be6c7
AG		 3409 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3410 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3411 MGMT_STATUS_BUSY);
3412 goto failed;
3413 }
3414
ff9ef578 3415 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3416 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3417 MGMT_STATUS_BUSY);
ff9ef578
JH		 3418 goto failed;
3419 }
3420
2e58ef3e 3421 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3422 if (!cmd) {
3423 err = -ENOMEM;
3424 goto failed;
3425 }
3426
4aab14e5
AG		 3427 hdev->discovery.type = cp->type;
3428
7c307720
AG		 3429 hci_req_init(&req, hdev);
3430
4aab14e5 3431 switch (hdev->discovery.type) {
f39799f5 3432 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3433 status = mgmt_bredr_support(hdev);
3434 if (status) {
04106755 3435 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3436 status);
04106755
JH		 3437 mgmt_pending_remove(cmd);
3438 goto failed;
3439 }
3440
7c307720
AG		 3441 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3442 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3443 MGMT_STATUS_BUSY);
3444 mgmt_pending_remove(cmd);
3445 goto failed;
3446 }
3447
3448 hci_inquiry_cache_flush(hdev);
3449
3450 memset(&inq_cp, 0, sizeof(inq_cp));
3451 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3452 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3453 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3454 break;
3455
3456 case DISCOV_TYPE_LE:
7c307720 3457 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3458 status = mgmt_le_support(hdev);
3459 if (status) {
04106755 3460 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3461 status);
04106755
JH		 3462 mgmt_pending_remove(cmd);
3463 goto failed;
3464 }
3465
7c307720 3466 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3467 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3468 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3469 MGMT_STATUS_NOT_SUPPORTED);
3470 mgmt_pending_remove(cmd);
3471 goto failed;
3472 }
3473
f3d3444a 3474 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3475 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3476 MGMT_STATUS_REJECTED);
3477 mgmt_pending_remove(cmd);
3478 goto failed;
3479 }
3480
c54c3860
AG		 3481 /* If controller is scanning, it means the background scanning
3482 * is running. Thus, we should temporarily stop it in order to
3483 * set the discovery scanning parameters.
3484 */
3485 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3486 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3487
3488 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3489
94b1fc92
MH		 3490 /* All active scans will be done with either a resolvable
3491 * private address (when privacy feature has been enabled)
3492 * or unresolvable private address.
3493 */
3494 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3495 if (err < 0) {
3496 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3497 MGMT_STATUS_FAILED);
3498 mgmt_pending_remove(cmd);
3499 goto failed;
3500 }
3501
7c307720 3502 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3503 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3504 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3505 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3506 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3507 &param_cp);
3508
3509 memset(&enable_cp, 0, sizeof(enable_cp));
3510 enable_cp.enable = LE_SCAN_ENABLE;
3511 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3512 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3513 &enable_cp);
5e0452c0
AG		 3514 break;
3515
f39799f5 3516 default:
04106755
JH		 3517 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3518 MGMT_STATUS_INVALID_PARAMS);
3519 mgmt_pending_remove(cmd);
3520 goto failed;
f39799f5 3521 }
3fd24153 3522
7c307720 3523 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3524 if (err < 0)
3525 mgmt_pending_remove(cmd);
ff9ef578
JH		 3526 else
3527 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3528
3529failed:
09fd0de5 3530 hci_dev_unlock(hdev);
14a53664
JH		 3531 return err;
3532}
3533
1183fdca
AG		 3534static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3535{
3536 struct pending_cmd *cmd;
3537 int err;
3538
3539 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3540 if (!cmd)
3541 return -ENOENT;
3542
3543 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3544 &hdev->discovery.type, sizeof(hdev->discovery.type));
3545 mgmt_pending_remove(cmd);
3546
3547 return err;
3548}
3549
0e05bba6
AG		 3550static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3551{
3552 BT_DBG("status %d", status);
3553
3554 hci_dev_lock(hdev);
3555
3556 if (status) {
3557 mgmt_stop_discovery_failed(hdev, status);
3558 goto unlock;
3559 }
3560
3561 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3562
3563unlock:
3564 hci_dev_unlock(hdev);
3565}
3566
bdb6d971 3567static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3568 u16 len)
14a53664 3569{
d930650b 3570 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3571 struct pending_cmd *cmd;
30dc78e1
JH		 3572 struct hci_cp_remote_name_req_cancel cp;
3573 struct inquiry_entry *e;
0e05bba6 3574 struct hci_request req;
14a53664
JH		 3575 int err;
3576
bdb6d971 3577 BT_DBG("%s", hdev->name);
14a53664 3578
09fd0de5 3579 hci_dev_lock(hdev);
14a53664 3580
30dc78e1 3581 if (!hci_discovery_active(hdev)) {
bdb6d971 3582 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3583 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3584 sizeof(mgmt_cp->type));
d930650b
JH		 3585 goto unlock;
3586 }
3587
3588 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3589 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3590 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3591 sizeof(mgmt_cp->type));
30dc78e1 3592 goto unlock;
ff9ef578
JH		 3593 }
3594
2e58ef3e 3595 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3596 if (!cmd) {
3597 err = -ENOMEM;
30dc78e1
JH		 3598 goto unlock;
3599 }
3600
0e05bba6
AG		 3601 hci_req_init(&req, hdev);
3602
e0d9727e
AG		 3603 switch (hdev->discovery.state) {
3604 case DISCOVERY_FINDING:
0e05bba6
AG		 3605 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3606 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3607 } else {
3608 cancel_delayed_work(&hdev->le_scan_disable);
3609
b1efcc28 3610 hci_req_add_le_scan_disable(&req);
0e05bba6 3611 }
c9ecc48e 3612
e0d9727e
AG		 3613 break;
3614
3615 case DISCOVERY_RESOLVING:
3616 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3617 NAME_PENDING);
e0d9727e 3618 if (!e) {
30dc78e1 3619 mgmt_pending_remove(cmd);
e0d9727e
AG		 3620 err = cmd_complete(sk, hdev->id,
3621 MGMT_OP_STOP_DISCOVERY, 0,
3622 &mgmt_cp->type,
3623 sizeof(mgmt_cp->type));
3624 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3625 goto unlock;
3626 }
30dc78e1 3627
e0d9727e 3628 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3629 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3630 &cp);
e0d9727e
AG		 3631
3632 break;
3633
3634 default:
3635 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3636
3637 mgmt_pending_remove(cmd);
3638 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3639 MGMT_STATUS_FAILED, &mgmt_cp->type,
3640 sizeof(mgmt_cp->type));
3641 goto unlock;
14a53664
JH		 3642 }
3643
0e05bba6 3644 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3645 if (err < 0)
3646 mgmt_pending_remove(cmd);
ff9ef578
JH		 3647 else
3648 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3649
30dc78e1 3650unlock:
09fd0de5 3651 hci_dev_unlock(hdev);
14a53664
JH		 3652 return err;
3653}
3654
bdb6d971 3655static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3656 u16 len)
561aafbc 3657{
650f726d 3658 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3659 struct inquiry_entry *e;
561aafbc
JH		 3660 int err;
3661
bdb6d971 3662 BT_DBG("%s", hdev->name);
561aafbc 3663
561aafbc
JH		 3664 hci_dev_lock(hdev);
3665
30dc78e1 3666 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3667 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3668 MGMT_STATUS_FAILED, &cp->addr,
3669 sizeof(cp->addr));
30dc78e1
JH		 3670 goto failed;
3671 }
3672
a198e7b1 3673 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3674 if (!e) {
d3a2541d
LR		 3675 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3676 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3677 sizeof(cp->addr));
561aafbc
JH		 3678 goto failed;
3679 }
3680
3681 if (cp->name_known) {
3682 e->name_state = NAME_KNOWN;
3683 list_del(&e->list);
3684 } else {
3685 e->name_state = NAME_NEEDED;
a3d4e20a 3686 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3687 }
3688
e384662b
JH		 3689 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3690 sizeof(cp->addr));
561aafbc
JH		 3691
3692failed:
3693 hci_dev_unlock(hdev);
561aafbc
JH		 3694 return err;
3695}
3696
bdb6d971 3697static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3698 u16 len)
7fbec224 3699{
650f726d 3700 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3701 u8 status;
7fbec224
AJ		 3702 int err;
3703
bdb6d971 3704 BT_DBG("%s", hdev->name);
7fbec224 3705
4ee71b20 3706 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3707 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3708 MGMT_STATUS_INVALID_PARAMS,
3709 &cp->addr, sizeof(cp->addr));
4ee71b20 3710
09fd0de5 3711 hci_dev_lock(hdev);
5e762444 3712
88c1fe4b 3713 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3714 if (err < 0)
f0eeea8b 3715 status = MGMT_STATUS_FAILED;
7fbec224 3716 else
a6785be2 3717 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3718
bdb6d971 3719 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3720 &cp->addr, sizeof(cp->addr));
5e762444 3721
09fd0de5 3722 hci_dev_unlock(hdev);
7fbec224
AJ		 3723
3724 return err;
3725}
3726
bdb6d971 3727static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3728 u16 len)
7fbec224 3729{
650f726d 3730 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3731 u8 status;
7fbec224
AJ		 3732 int err;
3733
bdb6d971 3734 BT_DBG("%s", hdev->name);
7fbec224 3735
4ee71b20 3736 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3737 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3738 MGMT_STATUS_INVALID_PARAMS,
3739 &cp->addr, sizeof(cp->addr));
4ee71b20 3740
09fd0de5 3741 hci_dev_lock(hdev);
5e762444 3742
88c1fe4b 3743 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3744 if (err < 0)
f0eeea8b 3745 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3746 else
a6785be2 3747 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3748
bdb6d971 3749 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3750 &cp->addr, sizeof(cp->addr));
5e762444 3751
09fd0de5 3752 hci_dev_unlock(hdev);
7fbec224
AJ		 3753
3754 return err;
3755}
3756
cdbaccca
MH		 3757static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3758 u16 len)
3759{
3760 struct mgmt_cp_set_device_id *cp = data;
890ea898 3761 struct hci_request req;
cdbaccca 3762 int err;
c72d4b8a 3763 __u16 source;
cdbaccca
MH		 3764
3765 BT_DBG("%s", hdev->name);
3766
c72d4b8a
SJ		 3767 source = __le16_to_cpu(cp->source);
3768
3769 if (source > 0x0002)
3770 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3771 MGMT_STATUS_INVALID_PARAMS);
3772
cdbaccca
MH		 3773 hci_dev_lock(hdev);
3774
c72d4b8a 3775 hdev->devid_source = source;
cdbaccca
MH		 3776 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3777 hdev->devid_product = __le16_to_cpu(cp->product);
3778 hdev->devid_version = __le16_to_cpu(cp->version);
3779
3780 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3781
890ea898
JH		 3782 hci_req_init(&req, hdev);
3783 update_eir(&req);
3784 hci_req_run(&req, NULL);
cdbaccca
MH		 3785
3786 hci_dev_unlock(hdev);
3787
3788 return err;
3789}
3790
4375f103
JH		 3791static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3792{
3793 struct cmd_lookup match = { NULL, hdev };
3794
3795 if (status) {
3796 u8 mgmt_err = mgmt_status(status);
3797
3798 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3799 cmd_status_rsp, &mgmt_err);
3800 return;
3801 }
3802
3803 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3804 &match);
3805
3806 new_settings(hdev, match.sk);
3807
3808 if (match.sk)
3809 sock_put(match.sk);
3810}
3811
21b5187f
MH		 3812static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3813 u16 len)
4375f103
JH		 3814{
3815 struct mgmt_mode *cp = data;
3816 struct pending_cmd *cmd;
3817 struct hci_request req;
e6fe7986 3818 u8 val, enabled, status;
4375f103
JH		 3819 int err;
3820
3821 BT_DBG("request for %s", hdev->name);
3822
e6fe7986
JH		 3823 status = mgmt_le_support(hdev);
3824 if (status)
4375f103 3825 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3826 status);
4375f103
JH		 3827
3828 if (cp->val != 0x00 && cp->val != 0x01)
3829 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3830 MGMT_STATUS_INVALID_PARAMS);
3831
3832 hci_dev_lock(hdev);
3833
3834 val = !!cp->val;
f3d3444a 3835 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3836
f74ca9b8
JH		 3837 /* The following conditions are ones which mean that we should
3838 * not do any HCI communication but directly send a mgmt
3839 * response to user space (after toggling the flag if
3840 * necessary).
3841 */
3842 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3843 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3844 bool changed = false;
3845
f3d3444a
JH		 3846 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3847 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3848 changed = true;
3849 }
3850
3851 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3852 if (err < 0)
3853 goto unlock;
3854
3855 if (changed)
3856 err = new_settings(hdev, sk);
3857
3858 goto unlock;
3859 }
3860
3861 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3862 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3863 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3864 MGMT_STATUS_BUSY);
3865 goto unlock;
3866 }
3867
3868 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3869 if (!cmd) {
3870 err = -ENOMEM;
3871 goto unlock;
3872 }
3873
3874 hci_req_init(&req, hdev);
3875
bba3aa55
MH		 3876 if (val)
3877 enable_advertising(&req);
3878 else
3879 disable_advertising(&req);
4375f103
JH		 3880
3881 err = hci_req_run(&req, set_advertising_complete);
3882 if (err < 0)
3883 mgmt_pending_remove(cmd);
3884
3885unlock:
3886 hci_dev_unlock(hdev);
3887 return err;
3888}
3889
d13eafce
MH		 3890static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3891 void *data, u16 len)
3892{
3893 struct mgmt_cp_set_static_address *cp = data;
3894 int err;
3895
3896 BT_DBG("%s", hdev->name);
3897
62af4443 3898 if (!lmp_le_capable(hdev))
d13eafce 3899 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3900 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3901
3902 if (hdev_is_powered(hdev))
3903 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3904 MGMT_STATUS_REJECTED);
3905
3906 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3907 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3908 return cmd_status(sk, hdev->id,
3909 MGMT_OP_SET_STATIC_ADDRESS,
3910 MGMT_STATUS_INVALID_PARAMS);
3911
3912 /* Two most significant bits shall be set */
3913 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3914 return cmd_status(sk, hdev->id,
3915 MGMT_OP_SET_STATIC_ADDRESS,
3916 MGMT_STATUS_INVALID_PARAMS);
3917 }
3918
3919 hci_dev_lock(hdev);
3920
3921 bacpy(&hdev->static_addr, &cp->bdaddr);
3922
3923 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3924
3925 hci_dev_unlock(hdev);
3926
3927 return err;
3928}
3929
14b49b9a
MH		 3930static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3931 void *data, u16 len)
3932{
3933 struct mgmt_cp_set_scan_params *cp = data;
3934 __u16 interval, window;
3935 int err;
3936
3937 BT_DBG("%s", hdev->name);
3938
3939 if (!lmp_le_capable(hdev))
3940 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3941 MGMT_STATUS_NOT_SUPPORTED);
3942
3943 interval = __le16_to_cpu(cp->interval);
3944
3945 if (interval < 0x0004 || interval > 0x4000)
3946 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3947 MGMT_STATUS_INVALID_PARAMS);
3948
3949 window = __le16_to_cpu(cp->window);
3950
3951 if (window < 0x0004 || window > 0x4000)
3952 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3953 MGMT_STATUS_INVALID_PARAMS);
3954
899e1075
MH		 3955 if (window > interval)
3956 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3957 MGMT_STATUS_INVALID_PARAMS);
3958
14b49b9a
MH		 3959 hci_dev_lock(hdev);
3960
3961 hdev->le_scan_interval = interval;
3962 hdev->le_scan_window = window;
3963
3964 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3965
dd2ef8e2
AG		 3966 /* If background scan is running, restart it so new parameters are
3967 * loaded.
3968 */
3969 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
3970 hdev->discovery.state == DISCOVERY_STOPPED) {
3971 struct hci_request req;
3972
3973 hci_req_init(&req, hdev);
3974
3975 hci_req_add_le_scan_disable(&req);
3976 hci_req_add_le_passive_scan(&req);
3977
3978 hci_req_run(&req, NULL);
3979 }
3980
14b49b9a
MH		 3981 hci_dev_unlock(hdev);
3982
3983 return err;
3984}
3985
33e38b3e
JH		 3986static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3987{
3988 struct pending_cmd *cmd;
3989
3990 BT_DBG("status 0x%02x", status);
3991
3992 hci_dev_lock(hdev);
3993
3994 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3995 if (!cmd)
3996 goto unlock;
3997
3998 if (status) {
3999 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4000 mgmt_status(status));
4001 } else {
1a4d3c4b
JH		 4002 struct mgmt_mode *cp = cmd->param;
4003
4004 if (cp->val)
4005 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4006 else
4007 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4008
33e38b3e
JH		 4009 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4010 new_settings(hdev, cmd->sk);
4011 }
4012
4013 mgmt_pending_remove(cmd);
4014
4015unlock:
4016 hci_dev_unlock(hdev);
4017}
4018
bdb6d971 4019static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4020 void *data, u16 len)
f6422ec6 4021{
650f726d 4022 struct mgmt_mode *cp = data;
33e38b3e
JH		 4023 struct pending_cmd *cmd;
4024 struct hci_request req;
f6422ec6
AJ		 4025 int err;
4026
bdb6d971 4027 BT_DBG("%s", hdev->name);
f6422ec6 4028
56f87901
JH		 4029 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4030 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4031 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4032 MGMT_STATUS_NOT_SUPPORTED);
4033
a7e80f25
JH		 4034 if (cp->val != 0x00 && cp->val != 0x01)
4035 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4036 MGMT_STATUS_INVALID_PARAMS);
4037
5400c044 4038 if (!hdev_is_powered(hdev))
bdb6d971 4039 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4040 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4041
4042 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4043 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4044 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4045
4046 hci_dev_lock(hdev);
4047
05cbf29f
JH		 4048 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4049 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4050 MGMT_STATUS_BUSY);
4051 goto unlock;
4052 }
4053
1a4d3c4b
JH		 4054 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4055 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4056 hdev);
4057 goto unlock;
4058 }
4059
33e38b3e
JH		 4060 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4061 data, len);
4062 if (!cmd) {
4063 err = -ENOMEM;
4064 goto unlock;
f6422ec6
AJ		 4065 }
4066
33e38b3e
JH		 4067 hci_req_init(&req, hdev);
4068
406d7804 4069 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4070
4071 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4072 if (err < 0) {
bdb6d971 4073 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4074 MGMT_STATUS_FAILED);
33e38b3e 4075 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4076 }
4077
33e38b3e 4078unlock:
f6422ec6 4079 hci_dev_unlock(hdev);
33e38b3e 4080
f6422ec6
AJ		 4081 return err;
4082}
4083
67e5a7a3
JH		 4084static void set_bredr_scan(struct hci_request *req)
4085{
4086 struct hci_dev *hdev = req->hdev;
4087 u8 scan = 0;
4088
4089 /* Ensure that fast connectable is disabled. This function will
4090 * not do anything if the page scan parameters are already what
4091 * they should be.
4092 */
4093 write_fast_connectable(req, false);
4094
4095 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4096 scan |= SCAN_PAGE;
4097 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4098 scan |= SCAN_INQUIRY;
4099
4100 if (scan)
4101 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4102}
4103
0663ca2a
JH		 4104static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4105{
4106 struct pending_cmd *cmd;
4107
4108 BT_DBG("status 0x%02x", status);
4109
4110 hci_dev_lock(hdev);
4111
4112 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4113 if (!cmd)
4114 goto unlock;
4115
4116 if (status) {
4117 u8 mgmt_err = mgmt_status(status);
4118
4119 /* We need to restore the flag if related HCI commands
4120 * failed.
4121 */
4122 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4123
4124 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4125 } else {
4126 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4127 new_settings(hdev, cmd->sk);
4128 }
4129
4130 mgmt_pending_remove(cmd);
4131
4132unlock:
4133 hci_dev_unlock(hdev);
4134}
4135
4136static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4137{
4138 struct mgmt_mode *cp = data;
4139 struct pending_cmd *cmd;
4140 struct hci_request req;
4141 int err;
4142
4143 BT_DBG("request for %s", hdev->name);
4144
4145 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4146 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4147 MGMT_STATUS_NOT_SUPPORTED);
4148
4149 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4150 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4151 MGMT_STATUS_REJECTED);
4152
4153 if (cp->val != 0x00 && cp->val != 0x01)
4154 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4155 MGMT_STATUS_INVALID_PARAMS);
4156
4157 hci_dev_lock(hdev);
4158
4159 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4160 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4161 goto unlock;
4162 }
4163
4164 if (!hdev_is_powered(hdev)) {
4165 if (!cp->val) {
0663ca2a
JH		 4166 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4167 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4168 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4169 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4170 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4171 }
4172
4173 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4174
4175 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4176 if (err < 0)
4177 goto unlock;
4178
4179 err = new_settings(hdev, sk);
4180 goto unlock;
4181 }
4182
4183 /* Reject disabling when powered on */
4184 if (!cp->val) {
4185 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4186 MGMT_STATUS_REJECTED);
4187 goto unlock;
4188 }
4189
4190 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4191 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4192 MGMT_STATUS_BUSY);
4193 goto unlock;
4194 }
4195
4196 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4197 if (!cmd) {
4198 err = -ENOMEM;
4199 goto unlock;
4200 }
4201
5947f4bc 4202 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4203 * generates the correct flags.
4204 */
4205 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4206
4207 hci_req_init(&req, hdev);
aa8af46e
JH		 4208
4209 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4210 set_bredr_scan(&req);
4211
f14d8f64
MH		 4212 /* Since only the advertising data flags will change, there
4213 * is no need to update the scan response data.
4214 */
5947f4bc 4215 update_adv_data(&req);
aa8af46e 4216
0663ca2a
JH		 4217 err = hci_req_run(&req, set_bredr_complete);
4218 if (err < 0)
4219 mgmt_pending_remove(cmd);
4220
4221unlock:
4222 hci_dev_unlock(hdev);
4223 return err;
4224}
4225
eac83dc6
MH		 4226static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4227 void *data, u16 len)
4228{
4229 struct mgmt_mode *cp = data;
4230 struct pending_cmd *cmd;
0ab04a9c 4231 u8 val, status;
eac83dc6
MH		 4232 int err;
4233
4234 BT_DBG("request for %s", hdev->name);
4235
4236 status = mgmt_bredr_support(hdev);
4237 if (status)
4238 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4239 status);
4240
5afeac14
MH		 4241 if (!lmp_sc_capable(hdev) &&
4242 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
eac83dc6
MH		 4243 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4244 MGMT_STATUS_NOT_SUPPORTED);
4245
0ab04a9c 4246 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4247 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4248 MGMT_STATUS_INVALID_PARAMS);
4249
4250 hci_dev_lock(hdev);
4251
4252 if (!hdev_is_powered(hdev)) {
4253 bool changed;
4254
0ab04a9c 4255 if (cp->val) {
eac83dc6
MH		 4256 changed = !test_and_set_bit(HCI_SC_ENABLED,
4257 &hdev->dev_flags);
0ab04a9c
MH		 4258 if (cp->val == 0x02)
4259 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4260 else
4261 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4262 } else {
eac83dc6
MH		 4263 changed = test_and_clear_bit(HCI_SC_ENABLED,
4264 &hdev->dev_flags);
0ab04a9c
MH		 4265 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4266 }
eac83dc6
MH		 4267
4268 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4269 if (err < 0)
4270 goto failed;
4271
4272 if (changed)
4273 err = new_settings(hdev, sk);
4274
4275 goto failed;
4276 }
4277
4278 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4279 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4280 MGMT_STATUS_BUSY);
4281 goto failed;
4282 }
4283
0ab04a9c
MH		 4284 val = !!cp->val;
4285
4286 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4287 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4288 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4289 goto failed;
4290 }
4291
4292 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4293 if (!cmd) {
4294 err = -ENOMEM;
4295 goto failed;
4296 }
4297
0ab04a9c 4298 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4299 if (err < 0) {
4300 mgmt_pending_remove(cmd);
4301 goto failed;
4302 }
4303
0ab04a9c
MH		 4304 if (cp->val == 0x02)
4305 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4306 else
4307 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4308
eac83dc6
MH		 4309failed:
4310 hci_dev_unlock(hdev);
4311 return err;
4312}
4313
4e39ac81
MH		 4314static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4315 void *data, u16 len)
4316{
4317 struct mgmt_mode *cp = data;
4318 bool changed;
4319 int err;
4320
4321 BT_DBG("request for %s", hdev->name);
4322
4323 if (cp->val != 0x00 && cp->val != 0x01)
4324 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4325 MGMT_STATUS_INVALID_PARAMS);
4326
4327 hci_dev_lock(hdev);
4328
4329 if (cp->val)
4330 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4331 else
4332 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4333
4334 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4335 if (err < 0)
4336 goto unlock;
4337
4338 if (changed)
4339 err = new_settings(hdev, sk);
4340
4341unlock:
4342 hci_dev_unlock(hdev);
4343 return err;
4344}
4345
62b04cd1
JH		 4346static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4347 u16 len)
4348{
4349 struct mgmt_cp_set_privacy *cp = cp_data;
4350 bool changed;
4351 int err;
4352
4353 BT_DBG("request for %s", hdev->name);
4354
4355 if (!lmp_le_capable(hdev))
4356 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4357 MGMT_STATUS_NOT_SUPPORTED);
4358
4359 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4360 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4361 MGMT_STATUS_INVALID_PARAMS);
4362
4363 if (hdev_is_powered(hdev))
4364 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4365 MGMT_STATUS_REJECTED);
4366
4367 hci_dev_lock(hdev);
4368
c21c0ea0
JH		 4369 /* If user space supports this command it is also expected to
4370 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4371 */
4372 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4373
62b04cd1
JH		 4374 if (cp->privacy) {
4375 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4376 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4377 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4378 } else {
4379 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4380 memset(hdev->irk, 0, sizeof(hdev->irk));
4381 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4382 }
4383
4384 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4385 if (err < 0)
4386 goto unlock;
4387
4388 if (changed)
4389 err = new_settings(hdev, sk);
4390
4391unlock:
4392 hci_dev_unlock(hdev);
4393 return err;
4394}
4395
41edf160
JH		 4396static bool irk_is_valid(struct mgmt_irk_info *irk)
4397{
4398 switch (irk->addr.type) {
4399 case BDADDR_LE_PUBLIC:
4400 return true;
4401
4402 case BDADDR_LE_RANDOM:
4403 /* Two most significant bits shall be set */
4404 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4405 return false;
4406 return true;
4407 }
4408
4409 return false;
4410}
4411
4412static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4413 u16 len)
4414{
4415 struct mgmt_cp_load_irks *cp = cp_data;
4416 u16 irk_count, expected_len;
4417 int i, err;
4418
4419 BT_DBG("request for %s", hdev->name);
4420
4421 if (!lmp_le_capable(hdev))
4422 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4423 MGMT_STATUS_NOT_SUPPORTED);
4424
4425 irk_count = __le16_to_cpu(cp->irk_count);
4426
4427 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4428 if (expected_len != len) {
4429 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4430 expected_len, len);
41edf160
JH		 4431 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4432 MGMT_STATUS_INVALID_PARAMS);
4433 }
4434
4435 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4436
4437 for (i = 0; i < irk_count; i++) {
4438 struct mgmt_irk_info *key = &cp->irks[i];
4439
4440 if (!irk_is_valid(key))
4441 return cmd_status(sk, hdev->id,
4442 MGMT_OP_LOAD_IRKS,
4443 MGMT_STATUS_INVALID_PARAMS);
4444 }
4445
4446 hci_dev_lock(hdev);
4447
4448 hci_smp_irks_clear(hdev);
4449
4450 for (i = 0; i < irk_count; i++) {
4451 struct mgmt_irk_info *irk = &cp->irks[i];
4452 u8 addr_type;
4453
4454 if (irk->addr.type == BDADDR_LE_PUBLIC)
4455 addr_type = ADDR_LE_DEV_PUBLIC;
4456 else
4457 addr_type = ADDR_LE_DEV_RANDOM;
4458
4459 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4460 BDADDR_ANY);
4461 }
4462
4463 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4464
4465 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4466
4467 hci_dev_unlock(hdev);
4468
4469 return err;
4470}
4471
3f706b72
JH		 4472static bool ltk_is_valid(struct mgmt_ltk_info *key)
4473{
4474 if (key->master != 0x00 && key->master != 0x01)
4475 return false;
490cb0b3
MH		 4476
4477 switch (key->addr.type) {
4478 case BDADDR_LE_PUBLIC:
4479 return true;
4480
4481 case BDADDR_LE_RANDOM:
4482 /* Two most significant bits shall be set */
4483 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4484 return false;
4485 return true;
4486 }
4487
4488 return false;
3f706b72
JH		 4489}
4490
bdb6d971 4491static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4492 void *cp_data, u16 len)
346af67b 4493{
346af67b
VCG		 4494 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4495 u16 key_count, expected_len;
715a5bf2 4496 int i, err;
346af67b 4497
cf99ba13
MH		 4498 BT_DBG("request for %s", hdev->name);
4499
4500 if (!lmp_le_capable(hdev))
4501 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4502 MGMT_STATUS_NOT_SUPPORTED);
4503
1f350c87 4504 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4505
4506 expected_len = sizeof(*cp) + key_count *
4507 sizeof(struct mgmt_ltk_info);
4508 if (expected_len != len) {
4509 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4510 expected_len, len);
bdb6d971 4511 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4512 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4513 }
4514
bdb6d971 4515 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4516
54ad6d8a
JH		 4517 for (i = 0; i < key_count; i++) {
4518 struct mgmt_ltk_info *key = &cp->keys[i];
4519
3f706b72 4520 if (!ltk_is_valid(key))
54ad6d8a
JH		 4521 return cmd_status(sk, hdev->id,
4522 MGMT_OP_LOAD_LONG_TERM_KEYS,
4523 MGMT_STATUS_INVALID_PARAMS);
4524 }
4525
346af67b
VCG		 4526 hci_dev_lock(hdev);
4527
4528 hci_smp_ltks_clear(hdev);
4529
4530 for (i = 0; i < key_count; i++) {
4531 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 4532 u8 type, addr_type;
4533
4534 if (key->addr.type == BDADDR_LE_PUBLIC)
4535 addr_type = ADDR_LE_DEV_PUBLIC;
4536 else
4537 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4538
4539 if (key->master)
4540 type = HCI_SMP_LTK;
4541 else
4542 type = HCI_SMP_LTK_SLAVE;
4543
35d70271
JH		 4544 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4545 key->type, key->val, key->enc_size, key->ediv,
4546 key->rand);
346af67b
VCG		 4547 }
4548
715a5bf2
JH		 4549 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4550 NULL, 0);
4551
346af67b 4552 hci_dev_unlock(hdev);
346af67b 4553
715a5bf2 4554 return err;
346af67b
VCG		 4555}
4556
2e3c35ea 4557static const struct mgmt_handler {
04124681
GP		 4558 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4559 u16 data_len);
be22b54e
JH		 4560 bool var_len;
4561 size_t data_len;
0f4e68cf
JH		 4562} mgmt_handlers[] = {
4563 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4564 { read_version, false, MGMT_READ_VERSION_SIZE },
4565 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4566 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4567 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4568 { set_powered, false, MGMT_SETTING_SIZE },
4569 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4570 { set_connectable, false, MGMT_SETTING_SIZE },
4571 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4572 { set_pairable, false, MGMT_SETTING_SIZE },
4573 { set_link_security, false, MGMT_SETTING_SIZE },
4574 { set_ssp, false, MGMT_SETTING_SIZE },
4575 { set_hs, false, MGMT_SETTING_SIZE },
4576 { set_le, false, MGMT_SETTING_SIZE },
4577 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4578 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4579 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4580 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4581 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4582 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4583 { disconnect, false, MGMT_DISCONNECT_SIZE },
4584 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4585 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4586 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4587 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4588 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4589 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4590 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4591 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4592 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4593 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4594 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4595 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 4596 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 4597 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4598 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4599 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4600 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4601 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4602 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4603 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4604 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4605 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4606 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4607 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 4608 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 4609 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 4610 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 4611 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
0f4e68cf
JH		 4612};
4613
4614
0381101f
JH		 4615int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4616{
650f726d
VCG		 4617 void *buf;
4618 u8 *cp;
0381101f 4619 struct mgmt_hdr *hdr;
4e51eae9 4620 u16 opcode, index, len;
bdb6d971 4621 struct hci_dev *hdev = NULL;
2e3c35ea 4622 const struct mgmt_handler *handler;
0381101f
JH		 4623 int err;
4624
4625 BT_DBG("got %zu bytes", msglen);
4626
4627 if (msglen < sizeof(*hdr))
4628 return -EINVAL;
4629
e63a15ec 4630 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4631 if (!buf)
4632 return -ENOMEM;
4633
4634 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4635 err = -EFAULT;
4636 goto done;
4637 }
4638
650f726d 4639 hdr = buf;
1f350c87
MH		 4640 opcode = __le16_to_cpu(hdr->opcode);
4641 index = __le16_to_cpu(hdr->index);
4642 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4643
4644 if (len != msglen - sizeof(*hdr)) {
4645 err = -EINVAL;
4646 goto done;
4647 }
4648
0f4e68cf 4649 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4650 hdev = hci_dev_get(index);
4651 if (!hdev) {
4652 err = cmd_status(sk, index, opcode,
04124681 4653 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4654 goto done;
4655 }
0736cfa8 4656
cebf4cfd
JH		 4657 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4658 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4659 err = cmd_status(sk, index, opcode,
4660 MGMT_STATUS_INVALID_INDEX);
4661 goto done;
4662 }
bdb6d971
JH		 4663 }
4664
0f4e68cf 4665 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4666 mgmt_handlers[opcode].func == NULL) {
0381101f 4667 BT_DBG("Unknown op %u", opcode);
ca69b795 4668 err = cmd_status(sk, index, opcode,
04124681 4669 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4670 goto done;
4671 }
4672
4673 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4674 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4675 err = cmd_status(sk, index, opcode,
04124681 4676 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4677 goto done;
0381101f
JH		 4678 }
4679
be22b54e
JH		 4680 handler = &mgmt_handlers[opcode];
4681
4682 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4683 (!handler->var_len && len != handler->data_len)) {
be22b54e 4684 err = cmd_status(sk, index, opcode,
04124681 4685 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4686 goto done;
4687 }
4688
0f4e68cf
JH		 4689 if (hdev)
4690 mgmt_init_hdev(sk, hdev);
4691
4692 cp = buf + sizeof(*hdr);
4693
be22b54e 4694 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4695 if (err < 0)
4696 goto done;
4697
0381101f
JH		 4698 err = msglen;
4699
4700done:
bdb6d971
JH		 4701 if (hdev)
4702 hci_dev_put(hdev);
4703
0381101f
JH		 4704 kfree(buf);
4705 return err;
4706}
c71e97bf 4707
bf6b56db 4708void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4709{
1514b892 4710 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4711 return;
bb4b2a9a 4712
bf6b56db 4713 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4714}
4715
bf6b56db 4716void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4717{
5f159032 4718 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4719
1514b892 4720 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4721 return;
bb4b2a9a 4722
744cf19e 4723 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4724
bf6b56db 4725 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4726}
4727
6046dc3e
AG		 4728/* This function requires the caller holds hdev->lock */
4729static void restart_le_auto_conns(struct hci_dev *hdev)
4730{
4731 struct hci_conn_params *p;
4732
4733 list_for_each_entry(p, &hdev->le_conn_params, list) {
4734 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS)
4735 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
4736 }
4737}
4738
229ab39c
JH		 4739static void powered_complete(struct hci_dev *hdev, u8 status)
4740{
4741 struct cmd_lookup match = { NULL, hdev };
4742
4743 BT_DBG("status 0x%02x", status);
4744
4745 hci_dev_lock(hdev);
4746
6046dc3e
AG		 4747 restart_le_auto_conns(hdev);
4748
229ab39c
JH		 4749 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4750
4751 new_settings(hdev, match.sk);
4752
4753 hci_dev_unlock(hdev);
4754
4755 if (match.sk)
4756 sock_put(match.sk);
4757}
4758
70da6243 4759static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4760{
890ea898 4761 struct hci_request req;
70da6243 4762 u8 link_sec;
5add6af8 4763
890ea898
JH		 4764 hci_req_init(&req, hdev);
4765
70da6243
JH		 4766 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4767 !lmp_host_ssp_capable(hdev)) {
4768 u8 ssp = 1;
5e5282bb 4769
890ea898 4770 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4771 }
5add6af8 4772
c73eee91
JH		 4773 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4774 lmp_bredr_capable(hdev)) {
70da6243 4775 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4776
70da6243
JH		 4777 cp.le = 1;
4778 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4779
70da6243
JH		 4780 /* Check first if we already have the right
4781 * host state (host features set)
4782 */
4783 if (cp.le != lmp_host_le_capable(hdev) ||
4784 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4785 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4786 sizeof(cp), &cp);
70da6243 4787 }
3d1cbdd6 4788
d13eafce 4789 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 4790 /* Make sure the controller has a good default for
4791 * advertising data. This also applies to the case
4792 * where BR/EDR was toggled during the AUTO_OFF phase.
4793 */
f14d8f64 4794 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 4795 update_adv_data(&req);
f14d8f64
MH		 4796 update_scan_rsp_data(&req);
4797 }
441ad2d0 4798
bba3aa55
MH		 4799 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4800 enable_advertising(&req);
eeca6f89
JH		 4801 }
4802
70da6243
JH		 4803 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4804 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4805 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4806 sizeof(link_sec), &link_sec);
562fcc24 4807
70da6243 4808 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4809 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4810 set_bredr_scan(&req);
890ea898 4811 update_class(&req);
13928971 4812 update_name(&req);
890ea898 4813 update_eir(&req);
70da6243 4814 }
562fcc24 4815
229ab39c 4816 return hci_req_run(&req, powered_complete);
70da6243 4817}
562fcc24 4818
70da6243
JH		 4819int mgmt_powered(struct hci_dev *hdev, u8 powered)
4820{
4821 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4822 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4823 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4824 int err;
f0ff92fb 4825
70da6243
JH		 4826 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4827 return 0;
4828
70da6243 4829 if (powered) {
229ab39c
JH		 4830 if (powered_update_hci(hdev) == 0)
4831 return 0;
fe038884 4832
229ab39c
JH		 4833 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4834 &match);
4835 goto new_settings;
b24752fe
JH		 4836 }
4837
229ab39c
JH		 4838 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4839 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4840
4841 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4842 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4843 zero_cod, sizeof(zero_cod), NULL);
4844
4845new_settings:
beadb2bd 4846 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4847
4848 if (match.sk)
4849 sock_put(match.sk);
4850
7bb895d6 4851 return err;
5add6af8 4852}
73f22f62 4853
3eec705e 4854void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4855{
4856 struct pending_cmd *cmd;
4857 u8 status;
4858
4859 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4860 if (!cmd)
3eec705e 4861 return;
96570ffc
JH		 4862
4863 if (err == -ERFKILL)
4864 status = MGMT_STATUS_RFKILLED;
4865 else
4866 status = MGMT_STATUS_FAILED;
4867
3eec705e 4868 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4869
4870 mgmt_pending_remove(cmd);
96570ffc
JH		 4871}
4872
d1967ff8
MH		 4873void mgmt_discoverable_timeout(struct hci_dev *hdev)
4874{
4875 struct hci_request req;
d1967ff8
MH		 4876
4877 hci_dev_lock(hdev);
4878
4879 /* When discoverable timeout triggers, then just make sure
4880 * the limited discoverable flag is cleared. Even in the case
4881 * of a timeout triggered from general discoverable, it is
4882 * safe to unconditionally clear the flag.
4883 */
4884 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 4885 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 4886
4887 hci_req_init(&req, hdev);
4b580614
JH		 4888 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4889 u8 scan = SCAN_PAGE;
4890 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4891 sizeof(scan), &scan);
4892 }
d1967ff8 4893 update_class(&req);
9a43e25f 4894 update_adv_data(&req);
d1967ff8
MH		 4895 hci_req_run(&req, NULL);
4896
4897 hdev->discov_timeout = 0;
4898
9a43e25f
JH		 4899 new_settings(hdev, NULL);
4900
d1967ff8
MH		 4901 hci_dev_unlock(hdev);
4902}
4903
86a75645 4904void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4905{
86a75645 4906 bool changed;
73f22f62 4907
bfaf8c9f
JH		 4908 /* Nothing needed here if there's a pending command since that
4909 * commands request completion callback takes care of everything
4910 * necessary.
4911 */
4912 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 4913 return;
bfaf8c9f 4914
bd107999
JH		 4915 /* Powering off may clear the scan mode - don't let that interfere */
4916 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4917 return;
4918
9a43e25f 4919 if (discoverable) {
86a75645 4920 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4921 } else {
4922 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 4923 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4924 }
4925
4926 if (changed) {
4927 struct hci_request req;
4928
4929 /* In case this change in discoverable was triggered by
4930 * a disabling of connectable there could be a need to
4931 * update the advertising flags.
4932 */
4933 hci_req_init(&req, hdev);
4934 update_adv_data(&req);
4935 hci_req_run(&req, NULL);
73f22f62 4936
86a75645 4937 new_settings(hdev, NULL);
9a43e25f 4938 }
73f22f62 4939}
9fbcbb45 4940
a330916c 4941void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4942{
a330916c 4943 bool changed;
9fbcbb45 4944
d7b856f9
JH		 4945 /* Nothing needed here if there's a pending command since that
4946 * commands request completion callback takes care of everything
4947 * necessary.
4948 */
4949 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 4950 return;
d7b856f9 4951
ce3f24cf
JH		 4952 /* Powering off may clear the scan mode - don't let that interfere */
4953 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4954 return;
4955
a330916c
MH		 4956 if (connectable)
4957 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4958 else
4959 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 4960
beadb2bd 4961 if (changed)
a330916c 4962 new_settings(hdev, NULL);
9fbcbb45 4963}
55ed8ca1 4964
778b235a
JH		 4965void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
4966{
7c4cfab8
JH		 4967 /* Powering off may stop advertising - don't let that interfere */
4968 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4969 return;
4970
778b235a
JH		 4971 if (advertising)
4972 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4973 else
4974 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4975}
4976
4796e8af 4977void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4978{
ca69b795
JH		 4979 u8 mgmt_err = mgmt_status(status);
4980
2d7cee58 4981 if (scan & SCAN_PAGE)
744cf19e 4982 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4983 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4984
4985 if (scan & SCAN_INQUIRY)
744cf19e 4986 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4987 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4988}
4989
dc4a5ee2
MH		 4990void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4991 bool persistent)
55ed8ca1 4992{
86742e1e 4993 struct mgmt_ev_new_link_key ev;
55ed8ca1 4994
a492cd52 4995 memset(&ev, 0, sizeof(ev));
55ed8ca1 4996
a492cd52 4997 ev.store_hint = persistent;
d753fdc4 4998 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4999 ev.key.addr.type = BDADDR_BREDR;
a492cd52 5000 ev.key.type = key->type;
9b3b4460 5001 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 5002 ev.key.pin_len = key->pin_len;
55ed8ca1 5003
dc4a5ee2 5004 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 5005}
f7520543 5006
ba74b666 5007void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key)
346af67b
VCG		 5008{
5009 struct mgmt_ev_new_long_term_key ev;
5010
5011 memset(&ev, 0, sizeof(ev));
5012
5192d301
MH		 5013 /* Devices using resolvable or non-resolvable random addresses
5014 * without providing an indentity resolving key don't require
5015 * to store long term keys. Their addresses will change the
5016 * next time around.
5017 *
5018 * Only when a remote device provides an identity address
5019 * make sure the long term key is stored. If the remote
5020 * identity is known, the long term keys are internally
5021 * mapped to the identity address. So allow static random
5022 * and public addresses here.
5023 */
ba74b666
JH		 5024 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5025 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5026 ev.store_hint = 0x00;
5027 else
5028 ev.store_hint = 0x01;
5029
346af67b 5030 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 5031 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d40f3eef 5032 ev.key.type = key->authenticated;
346af67b
VCG		 5033 ev.key.enc_size = key->enc_size;
5034 ev.key.ediv = key->ediv;
fe39c7b2 5035 ev.key.rand = key->rand;
346af67b
VCG		 5036
5037 if (key->type == HCI_SMP_LTK)
5038 ev.key.master = 1;
5039
346af67b
VCG		 5040 memcpy(ev.key.val, key->val, sizeof(key->val));
5041
083368f7 5042 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 5043}
5044
95fbac8a
JH		 5045void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5046{
5047 struct mgmt_ev_new_irk ev;
5048
5049 memset(&ev, 0, sizeof(ev));
5050
bab6d1e5
MH		 5051 /* For identity resolving keys from devices that are already
5052 * using a public address or static random address, do not
5053 * ask for storing this key. The identity resolving key really
5054 * is only mandatory for devices using resovlable random
5055 * addresses.
5056 *
5057 * Storing all identity resolving keys has the downside that
5058 * they will be also loaded on next boot of they system. More
5059 * identity resolving keys, means more time during scanning is
5060 * needed to actually resolve these addresses.
5061 */
5062 if (bacmp(&irk->rpa, BDADDR_ANY))
5063 ev.store_hint = 0x01;
5064 else
5065 ev.store_hint = 0x00;
5066
95fbac8a
JH		 5067 bacpy(&ev.rpa, &irk->rpa);
5068 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5069 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5070 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5071
5072 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5073}
5074
94933991
MH		 5075static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5076 u8 data_len)
5077{
5078 eir[eir_len++] = sizeof(type) + data_len;
5079 eir[eir_len++] = type;
5080 memcpy(&eir[eir_len], data, data_len);
5081 eir_len += data_len;
5082
5083 return eir_len;
5084}
5085
ecd90ae7
MH		 5086void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5087 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5088 u8 *dev_class)
f7520543 5089{
b644ba33
JH		 5090 char buf[512];
5091 struct mgmt_ev_device_connected *ev = (void *) buf;
5092 u16 eir_len = 0;
f7520543 5093
b644ba33 5094 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5095 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 5096
c95f0ba7 5097 ev->flags = __cpu_to_le32(flags);
08c79b61 5098
b644ba33
JH		 5099 if (name_len > 0)
5100 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 5101 name, name_len);
b644ba33
JH		 5102
5103 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 5104 eir_len = eir_append_data(ev->eir, eir_len,
04124681 5105 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 5106
eb55ef07 5107 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 5108
ecd90ae7
MH		 5109 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5110 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 5111}
5112
8962ee74
JH		 5113static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5114{
c68fb7ff 5115 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 5116 struct sock **sk = data;
a38528f1 5117 struct mgmt_rp_disconnect rp;
8962ee74 5118
88c3df13
JH		 5119 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5120 rp.addr.type = cp->addr.type;
8962ee74 5121
aee9b218 5122 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 5123 sizeof(rp));
8962ee74
JH		 5124
5125 *sk = cmd->sk;
5126 sock_hold(*sk);
5127
a664b5bc 5128 mgmt_pending_remove(cmd);
8962ee74
JH		 5129}
5130
124f6e35 5131static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 5132{
b1078ad0 5133 struct hci_dev *hdev = data;
124f6e35
JH		 5134 struct mgmt_cp_unpair_device *cp = cmd->param;
5135 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 5136
5137 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 5138 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5139 rp.addr.type = cp->addr.type;
a8a1d19e 5140
b1078ad0
JH		 5141 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5142
aee9b218 5143 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 5144
5145 mgmt_pending_remove(cmd);
5146}
5147
9b80ec5e 5148void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 5149 u8 link_type, u8 addr_type, u8 reason,
5150 bool mgmt_connected)
f7520543 5151{
f0d6a0ea 5152 struct mgmt_ev_device_disconnected ev;
8b064a3a 5153 struct pending_cmd *power_off;
8962ee74 5154 struct sock *sk = NULL;
8962ee74 5155
8b064a3a
JH		 5156 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5157 if (power_off) {
5158 struct mgmt_mode *cp = power_off->param;
5159
5160 /* The connection is still in hci_conn_hash so test for 1
5161 * instead of 0 to know if this is the last one.
5162 */
a3172b7e
JH		 5163 if (!cp->val && hci_conn_count(hdev) == 1) {
5164 cancel_delayed_work(&hdev->power_off);
8b064a3a 5165 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5166 }
8b064a3a
JH		 5167 }
5168
12d4a3b2
JH		 5169 if (!mgmt_connected)
5170 return;
5171
57eb776f
AG		 5172 if (link_type != ACL_LINK && link_type != LE_LINK)
5173 return;
5174
744cf19e 5175 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5176
f0d6a0ea
MA		 5177 bacpy(&ev.addr.bdaddr, bdaddr);
5178 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5179 ev.reason = reason;
f7520543 5180
9b80ec5e 5181 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5182
5183 if (sk)
d97dcb66 5184 sock_put(sk);
8962ee74 5185
124f6e35 5186 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5187 hdev);
8962ee74
JH		 5188}
5189
7892924c
MH		 5190void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5191 u8 link_type, u8 addr_type, u8 status)
8962ee74 5192{
3655bba8
AG		 5193 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5194 struct mgmt_cp_disconnect *cp;
88c3df13 5195 struct mgmt_rp_disconnect rp;
8962ee74 5196 struct pending_cmd *cmd;
8962ee74 5197
36a75f1b
JD		 5198 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5199 hdev);
5200
2e58ef3e 5201 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5202 if (!cmd)
7892924c 5203 return;
8962ee74 5204
3655bba8
AG		 5205 cp = cmd->param;
5206
5207 if (bacmp(bdaddr, &cp->addr.bdaddr))
5208 return;
5209
5210 if (cp->addr.type != bdaddr_type)
5211 return;
5212
88c3df13 5213 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5214 rp.addr.type = bdaddr_type;
37d9ef76 5215
7892924c
MH		 5216 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5217 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5218
a664b5bc 5219 mgmt_pending_remove(cmd);
f7520543 5220}
17d5c04c 5221
445608d0
MH		 5222void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5223 u8 addr_type, u8 status)
17d5c04c
JH		 5224{
5225 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 5226 struct pending_cmd *power_off;
5227
5228 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5229 if (power_off) {
5230 struct mgmt_mode *cp = power_off->param;
5231
5232 /* The connection is still in hci_conn_hash so test for 1
5233 * instead of 0 to know if this is the last one.
5234 */
a3172b7e
JH		 5235 if (!cp->val && hci_conn_count(hdev) == 1) {
5236 cancel_delayed_work(&hdev->power_off);
c9910d0f 5237 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5238 }
c9910d0f 5239 }
17d5c04c 5240
4c659c39 5241 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5242 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5243 ev.status = mgmt_status(status);
17d5c04c 5244
445608d0 5245 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5246}
980e1a53 5247
ce0e4a0d 5248void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 5249{
5250 struct mgmt_ev_pin_code_request ev;
5251
d8457698 5252 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 5253 ev.addr.type = BDADDR_BREDR;
a770bb5a 5254 ev.secure = secure;
980e1a53 5255
ce0e4a0d 5256 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 5257}
5258
e669cf80
MH		 5259void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5260 u8 status)
980e1a53
JH		 5261{
5262 struct pending_cmd *cmd;
ac56fb13 5263 struct mgmt_rp_pin_code_reply rp;
980e1a53 5264
2e58ef3e 5265 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 5266 if (!cmd)
e669cf80 5267 return;
980e1a53 5268
d8457698 5269 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5270 rp.addr.type = BDADDR_BREDR;
ac56fb13 5271
e669cf80
MH		 5272 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5273 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5274
a664b5bc 5275 mgmt_pending_remove(cmd);
980e1a53
JH		 5276}
5277
3eb38528
MH		 5278void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5279 u8 status)
980e1a53
JH		 5280{
5281 struct pending_cmd *cmd;
ac56fb13 5282 struct mgmt_rp_pin_code_reply rp;
980e1a53 5283
2e58ef3e 5284 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 5285 if (!cmd)
3eb38528 5286 return;
980e1a53 5287
d8457698 5288 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5289 rp.addr.type = BDADDR_BREDR;
ac56fb13 5290
3eb38528
MH		 5291 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5292 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5293
a664b5bc 5294 mgmt_pending_remove(cmd);
980e1a53 5295}
a5c29683 5296
744cf19e 5297int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 5298 u8 link_type, u8 addr_type, __le32 value,
5299 u8 confirm_hint)
a5c29683
JH		 5300{
5301 struct mgmt_ev_user_confirm_request ev;
5302
744cf19e 5303 BT_DBG("%s", hdev->name);
a5c29683 5304
272d90df 5305 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5306 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 5307 ev.confirm_hint = confirm_hint;
78e8098e 5308 ev.value = value;
a5c29683 5309
744cf19e 5310 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 5311 NULL);
a5c29683
JH		 5312}
5313
272d90df 5314int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 5315 u8 link_type, u8 addr_type)
604086b7
BG		 5316{
5317 struct mgmt_ev_user_passkey_request ev;
5318
5319 BT_DBG("%s", hdev->name);
5320
272d90df 5321 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5322 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 5323
5324 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 5325 NULL);
604086b7
BG		 5326}
5327
0df4c185 5328static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 5329 u8 link_type, u8 addr_type, u8 status,
5330 u8 opcode)
a5c29683
JH		 5331{
5332 struct pending_cmd *cmd;
5333 struct mgmt_rp_user_confirm_reply rp;
5334 int err;
5335
2e58ef3e 5336 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 5337 if (!cmd)
5338 return -ENOENT;
5339
272d90df 5340 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 5341 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 5342 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 5343 &rp, sizeof(rp));
a5c29683 5344
a664b5bc 5345 mgmt_pending_remove(cmd);
a5c29683
JH		 5346
5347 return err;
5348}
5349
744cf19e 5350int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5351 u8 link_type, u8 addr_type, u8 status)
a5c29683 5352{
272d90df 5353 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5354 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 5355}
5356
272d90df 5357int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5358 u8 link_type, u8 addr_type, u8 status)
a5c29683 5359{
272d90df 5360 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5361 status,
5362 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 5363}
2a611692 5364
604086b7 5365int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5366 u8 link_type, u8 addr_type, u8 status)
604086b7 5367{
272d90df 5368 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5369 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 5370}
5371
272d90df 5372int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5373 u8 link_type, u8 addr_type, u8 status)
604086b7 5374{
272d90df 5375 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5376 status,
5377 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 5378}
5379
92a25256
JH		 5380int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5381 u8 link_type, u8 addr_type, u32 passkey,
5382 u8 entered)
5383{
5384 struct mgmt_ev_passkey_notify ev;
5385
5386 BT_DBG("%s", hdev->name);
5387
5388 bacpy(&ev.addr.bdaddr, bdaddr);
5389 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5390 ev.passkey = __cpu_to_le32(passkey);
5391 ev.entered = entered;
5392
5393 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5394}
5395
e546099c
MH		 5396void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5397 u8 addr_type, u8 status)
2a611692
JH		 5398{
5399 struct mgmt_ev_auth_failed ev;
5400
bab73cb6 5401 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5402 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5403 ev.status = mgmt_status(status);
2a611692 5404
e546099c 5405 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 5406}
b312b161 5407
464996ae 5408void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 5409{
5410 struct cmd_lookup match = { NULL, hdev };
464996ae 5411 bool changed;
33ef95ed
JH		 5412
5413 if (status) {
5414 u8 mgmt_err = mgmt_status(status);
5415 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 5416 cmd_status_rsp, &mgmt_err);
464996ae 5417 return;
33ef95ed
JH		 5418 }
5419
464996ae
MH		 5420 if (test_bit(HCI_AUTH, &hdev->flags))
5421 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5422 &hdev->dev_flags);
5423 else
5424 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5425 &hdev->dev_flags);
47990ea0 5426
33ef95ed 5427 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 5428 &match);
33ef95ed 5429
47990ea0 5430 if (changed)
464996ae 5431 new_settings(hdev, match.sk);
33ef95ed
JH		 5432
5433 if (match.sk)
5434 sock_put(match.sk);
33ef95ed
JH		 5435}
5436
890ea898 5437static void clear_eir(struct hci_request *req)
cacaf52f 5438{
890ea898 5439 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 5440 struct hci_cp_write_eir cp;
5441
976eb20e 5442 if (!lmp_ext_inq_capable(hdev))
890ea898 5443 return;
cacaf52f 5444
c80da27e
JH		 5445 memset(hdev->eir, 0, sizeof(hdev->eir));
5446
cacaf52f
JH		 5447 memset(&cp, 0, sizeof(cp));
5448
890ea898 5449 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 5450}
5451
3e248560 5452void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 5453{
5454 struct cmd_lookup match = { NULL, hdev };
890ea898 5455 struct hci_request req;
c0ecddc2 5456 bool changed = false;
ed2c4ee3
JH		 5457
5458 if (status) {
5459 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 5460
5461 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 5462 &hdev->dev_flags)) {
5463 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 5464 new_settings(hdev, NULL);
9ecb3e24 5465 }
c0ecddc2 5466
04124681
GP		 5467 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5468 &mgmt_err);
3e248560 5469 return;
c0ecddc2
JH		 5470 }
5471
5472 if (enable) {
9ecb3e24 5473 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 5474 } else {
9ecb3e24
MH		 5475 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5476 if (!changed)
5477 changed = test_and_clear_bit(HCI_HS_ENABLED,
5478 &hdev->dev_flags);
5479 else
5480 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 5481 }
5482
5483 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5484
c0ecddc2 5485 if (changed)
3e248560 5486 new_settings(hdev, match.sk);
ed2c4ee3 5487
5fc6ebb1 5488 if (match.sk)
ed2c4ee3
JH		 5489 sock_put(match.sk);
5490
890ea898
JH		 5491 hci_req_init(&req, hdev);
5492
5fc6ebb1 5493 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 5494 update_eir(&req);
5fc6ebb1 5495 else
890ea898
JH		 5496 clear_eir(&req);
5497
5498 hci_req_run(&req, NULL);
ed2c4ee3
JH		 5499}
5500
eac83dc6
MH		 5501void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5502{
5503 struct cmd_lookup match = { NULL, hdev };
5504 bool changed = false;
5505
5506 if (status) {
5507 u8 mgmt_err = mgmt_status(status);
5508
0ab04a9c
MH		 5509 if (enable) {
5510 if (test_and_clear_bit(HCI_SC_ENABLED,
5511 &hdev->dev_flags))
5512 new_settings(hdev, NULL);
5513 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5514 }
eac83dc6
MH		 5515
5516 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5517 cmd_status_rsp, &mgmt_err);
5518 return;
5519 }
5520
0ab04a9c 5521 if (enable) {
eac83dc6 5522 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 5523 } else {
eac83dc6 5524 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 5525 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5526 }
eac83dc6
MH		 5527
5528 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5529 settings_rsp, &match);
5530
5531 if (changed)
5532 new_settings(hdev, match.sk);
5533
5534 if (match.sk)
5535 sock_put(match.sk);
5536}
5537
92da6097 5538static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 5539{
5540 struct cmd_lookup *match = data;
5541
90e70454
JH		 5542 if (match->sk == NULL) {
5543 match->sk = cmd->sk;
5544 sock_hold(match->sk);
5545 }
90e70454
JH		 5546}
5547
4e1b0245
MH		 5548void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5549 u8 status)
7f9a903c 5550{
90e70454 5551 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 5552
92da6097
JH		 5553 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5554 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5555 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 5556
5557 if (!status)
4e1b0245
MH		 5558 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5559 NULL);
90e70454
JH		 5560
5561 if (match.sk)
5562 sock_put(match.sk);
7f9a903c
MH		 5563}
5564
7667da34 5565void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 5566{
b312b161 5567 struct mgmt_cp_set_local_name ev;
13928971 5568 struct pending_cmd *cmd;
28cc7bde 5569
13928971 5570 if (status)
7667da34 5571 return;
b312b161
JH		 5572
5573 memset(&ev, 0, sizeof(ev));
5574 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 5575 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 5576
2e58ef3e 5577 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 5578 if (!cmd) {
5579 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 5580
13928971
JH		 5581 /* If this is a HCI command related to powering on the
5582 * HCI dev don't send any mgmt signals.
5583 */
5584 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 5585 return;
890ea898 5586 }
b312b161 5587
7667da34
MH		 5588 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5589 cmd ? cmd->sk : NULL);
b312b161 5590}
c35938b2 5591
4d2d2796
MH		 5592void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5593 u8 *randomizer192, u8 *hash256,
5594 u8 *randomizer256, u8 status)
c35938b2
SJ		 5595{
5596 struct pending_cmd *cmd;
c35938b2 5597
744cf19e 5598 BT_DBG("%s status %u", hdev->name, status);
c35938b2 5599
2e58ef3e 5600 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 5601 if (!cmd)
3edaf092 5602 return;
c35938b2
SJ		 5603
5604 if (status) {
3edaf092
MH		 5605 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5606 mgmt_status(status));
c35938b2 5607 } else {
4d2d2796
MH		 5608 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5609 hash256 && randomizer256) {
5610 struct mgmt_rp_read_local_oob_ext_data rp;
5611
5612 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5613 memcpy(rp.randomizer192, randomizer192,
5614 sizeof(rp.randomizer192));
c35938b2 5615
4d2d2796
MH		 5616 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5617 memcpy(rp.randomizer256, randomizer256,
5618 sizeof(rp.randomizer256));
c35938b2 5619
4d2d2796
MH		 5620 cmd_complete(cmd->sk, hdev->id,
5621 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5622 &rp, sizeof(rp));
5623 } else {
5624 struct mgmt_rp_read_local_oob_data rp;
5625
5626 memcpy(rp.hash, hash192, sizeof(rp.hash));
5627 memcpy(rp.randomizer, randomizer192,
5628 sizeof(rp.randomizer));
5629
5630 cmd_complete(cmd->sk, hdev->id,
5631 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5632 &rp, sizeof(rp));
5633 }
c35938b2
SJ		 5634 }
5635
5636 mgmt_pending_remove(cmd);
c35938b2 5637}
e17acd40 5638
901801b9
MH		 5639void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5640 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
5641 ssp, u8 *eir, u16 eir_len)
e17acd40 5642{
e319d2e7
JH		 5643 char buf[512];
5644 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 5645 struct smp_irk *irk;
1dc06093 5646 size_t ev_size;
e17acd40 5647
12602d0c 5648 if (!hci_discovery_active(hdev))
901801b9 5649 return;
12602d0c 5650
1dc06093
JH		 5651 /* Leave 5 bytes for a potential CoD field */
5652 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 5653 return;
7d262f86 5654
1dc06093
JH		 5655 memset(buf, 0, sizeof(buf));
5656
5cedbb8d
JH		 5657 irk = hci_get_irk(hdev, bdaddr, addr_type);
5658 if (irk) {
5659 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5660 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5661 } else {
5662 bacpy(&ev->addr.bdaddr, bdaddr);
5663 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5664 }
5665
e319d2e7 5666 ev->rssi = rssi;
9a395a80 5667 if (cfm_name)
612dfce9 5668 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 5669 if (!ssp)
612dfce9 5670 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 5671
1dc06093 5672 if (eir_len > 0)
e319d2e7 5673 memcpy(ev->eir, eir, eir_len);
e17acd40 5674
1dc06093
JH		 5675 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5676 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 5677 dev_class, 3);
1dc06093 5678
eb55ef07 5679 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 5680 ev_size = sizeof(*ev) + eir_len;
f8523598 5681
901801b9 5682 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 5683}
a88a9652 5684
9cf12aee
MH		 5685void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5686 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 5687{
b644ba33
JH		 5688 struct mgmt_ev_device_found *ev;
5689 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5690 u16 eir_len;
a88a9652 5691
b644ba33 5692 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 5693
b644ba33
JH		 5694 memset(buf, 0, sizeof(buf));
5695
5696 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5697 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 5698 ev->rssi = rssi;
5699
5700 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 5701 name_len);
b644ba33 5702
eb55ef07 5703 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 5704
9cf12aee 5705 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 5706}
314b2381 5707
2f1e063b 5708void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 5709{
f963e8e9 5710 struct mgmt_ev_discovering ev;
164a6e78
JH		 5711 struct pending_cmd *cmd;
5712
343fb145
AG		 5713 BT_DBG("%s discovering %u", hdev->name, discovering);
5714
164a6e78 5715 if (discovering)
2e58ef3e 5716 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 5717 else
2e58ef3e 5718 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 5719
5720 if (cmd != NULL) {
f808e166
JH		 5721 u8 type = hdev->discovery.type;
5722
04124681
GP		 5723 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5724 sizeof(type));
164a6e78
JH		 5725 mgmt_pending_remove(cmd);
5726 }
5727
f963e8e9
JH		 5728 memset(&ev, 0, sizeof(ev));
5729 ev.type = hdev->discovery.type;
5730 ev.discovering = discovering;
5731
2f1e063b 5732 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 5733}
5e762444 5734
88c1fe4b 5735int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5736{
5737 struct pending_cmd *cmd;
5738 struct mgmt_ev_device_blocked ev;
5739
2e58ef3e 5740 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 5741
88c1fe4b
JH		 5742 bacpy(&ev.addr.bdaddr, bdaddr);
5743 ev.addr.type = type;
5e762444 5744
744cf19e 5745 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 5746 cmd ? cmd->sk : NULL);
5e762444
AJ		 5747}
5748
88c1fe4b 5749int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5750{
5751 struct pending_cmd *cmd;
5752 struct mgmt_ev_device_unblocked ev;
5753
2e58ef3e 5754 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 5755
88c1fe4b
JH		 5756 bacpy(&ev.addr.bdaddr, bdaddr);
5757 ev.addr.type = type;
5e762444 5758
744cf19e 5759 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 5760 cmd ? cmd->sk : NULL);
5e762444 5761}
5976e608
MH		 5762
5763static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5764{
5765 BT_DBG("%s status %u", hdev->name, status);
5766
5767 /* Clear the advertising mgmt setting if we failed to re-enable it */
5768 if (status) {
5769 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5770 new_settings(hdev, NULL);
5976e608
MH		 5771 }
5772}
5773
5774void mgmt_reenable_advertising(struct hci_dev *hdev)
5775{
5776 struct hci_request req;
5777
b145edcd 5778 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 5779 return;
5780
5781 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5782 return;
5783
5784 hci_req_init(&req, hdev);
5785 enable_advertising(&req);
5786
5787 /* If this fails we have no option but to let user space know
5788 * that we've disabled advertising.
5789 */
5790 if (hci_req_run(&req, adv_enable_complete) < 0) {
5791 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5792 new_settings(hdev, NULL);
5976e608
MH		 5793 }
5794}
Linux kernel - Deliverables
This page took 0.604817 seconds and 5 git commands to generate.