projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Change eir_has_data_type() to more generic eir_get_data()
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
0381101f 39
2da9c55c 40#define MGMT_VERSION 1
dc4270c0 41#define MGMT_REVISION 11
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 50 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
4375f103 82 MGMT_OP_SET_ADVERTISING,
0663ca2a 83 MGMT_OP_SET_BREDR,
d13eafce 84 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 85 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 86 MGMT_OP_SET_SECURE_CONN,
4e39ac81 87 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 88 MGMT_OP_SET_PRIVACY,
41edf160 89 MGMT_OP_LOAD_IRKS,
dd983808 90 MGMT_OP_GET_CONN_INFO,
95868426 91 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 94 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 95 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 96 MGMT_OP_READ_CONFIG_INFO,
dbece37a 97 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 98 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 99 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 101 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 102 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 103 MGMT_OP_ADD_ADVERTISING,
da929335 104 MGMT_OP_REMOVE_ADVERTISING,
40b25fe5 105 MGMT_OP_GET_ADV_SIZE_INFO,
e70bb2e8
JH		 106};
107
108static const u16 mgmt_events[] = {
109 MGMT_EV_CONTROLLER_ERROR,
110 MGMT_EV_INDEX_ADDED,
111 MGMT_EV_INDEX_REMOVED,
112 MGMT_EV_NEW_SETTINGS,
113 MGMT_EV_CLASS_OF_DEV_CHANGED,
114 MGMT_EV_LOCAL_NAME_CHANGED,
115 MGMT_EV_NEW_LINK_KEY,
116 MGMT_EV_NEW_LONG_TERM_KEY,
117 MGMT_EV_DEVICE_CONNECTED,
118 MGMT_EV_DEVICE_DISCONNECTED,
119 MGMT_EV_CONNECT_FAILED,
120 MGMT_EV_PIN_CODE_REQUEST,
121 MGMT_EV_USER_CONFIRM_REQUEST,
122 MGMT_EV_USER_PASSKEY_REQUEST,
123 MGMT_EV_AUTH_FAILED,
124 MGMT_EV_DEVICE_FOUND,
125 MGMT_EV_DISCOVERING,
126 MGMT_EV_DEVICE_BLOCKED,
127 MGMT_EV_DEVICE_UNBLOCKED,
128 MGMT_EV_DEVICE_UNPAIRED,
92a25256 129 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 130 MGMT_EV_NEW_IRK,
7ee4ea36 131 MGMT_EV_NEW_CSRK,
8afef092
MH		 132 MGMT_EV_DEVICE_ADDED,
133 MGMT_EV_DEVICE_REMOVED,
ffb5a827 134 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 135 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 136 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 137 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 138 MGMT_EV_EXT_INDEX_ADDED,
139 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 140 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 141 MGMT_EV_ADVERTISING_ADDED,
142 MGMT_EV_ADVERTISING_REMOVED,
e70bb2e8
JH		 143};
144
99c679ac
MH		 145static const u16 mgmt_untrusted_commands[] = {
146 MGMT_OP_READ_INDEX_LIST,
147 MGMT_OP_READ_INFO,
148 MGMT_OP_READ_UNCONF_INDEX_LIST,
149 MGMT_OP_READ_CONFIG_INFO,
150 MGMT_OP_READ_EXT_INDEX_LIST,
151};
152
153static const u16 mgmt_untrusted_events[] = {
154 MGMT_EV_INDEX_ADDED,
155 MGMT_EV_INDEX_REMOVED,
156 MGMT_EV_NEW_SETTINGS,
157 MGMT_EV_CLASS_OF_DEV_CHANGED,
158 MGMT_EV_LOCAL_NAME_CHANGED,
159 MGMT_EV_UNCONF_INDEX_ADDED,
160 MGMT_EV_UNCONF_INDEX_REMOVED,
161 MGMT_EV_NEW_CONFIG_OPTIONS,
162 MGMT_EV_EXT_INDEX_ADDED,
163 MGMT_EV_EXT_INDEX_REMOVED,
164};
165
17b02e62 166#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 167
d25b78e2
JH		 168#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
169 "\x00\x00\x00\x00\x00\x00\x00\x00"
170
ca69b795
JH		 171/* HCI to MGMT error code conversion table */
172static u8 mgmt_status_table[] = {
173 MGMT_STATUS_SUCCESS,
174 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
175 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
176 MGMT_STATUS_FAILED, /* Hardware Failure */
177 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
178 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 179 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 180 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
181 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
182 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
183 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
184 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
185 MGMT_STATUS_BUSY, /* Command Disallowed */
186 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
187 MGMT_STATUS_REJECTED, /* Rejected Security */
188 MGMT_STATUS_REJECTED, /* Rejected Personal */
189 MGMT_STATUS_TIMEOUT, /* Host Timeout */
190 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
191 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
192 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
193 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
194 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
195 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
196 MGMT_STATUS_BUSY, /* Repeated Attempts */
197 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
198 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
199 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
200 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
201 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
202 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
203 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
204 MGMT_STATUS_FAILED, /* Unspecified Error */
205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
206 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
207 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
208 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
209 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
210 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
211 MGMT_STATUS_FAILED, /* Unit Link Key Used */
212 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
213 MGMT_STATUS_TIMEOUT, /* Instant Passed */
214 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
215 MGMT_STATUS_FAILED, /* Transaction Collision */
216 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
217 MGMT_STATUS_REJECTED, /* QoS Rejected */
218 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
219 MGMT_STATUS_REJECTED, /* Insufficient Security */
220 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
221 MGMT_STATUS_BUSY, /* Role Switch Pending */
222 MGMT_STATUS_FAILED, /* Slot Violation */
223 MGMT_STATUS_FAILED, /* Role Switch Failed */
224 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
225 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
226 MGMT_STATUS_BUSY, /* Host Busy Pairing */
227 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
228 MGMT_STATUS_BUSY, /* Controller Busy */
229 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
230 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
231 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
232 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
233 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
234};
235
236static u8 mgmt_status(u8 hci_status)
237{
238 if (hci_status < ARRAY_SIZE(mgmt_status_table))
239 return mgmt_status_table[hci_status];
240
241 return MGMT_STATUS_FAILED;
242}
243
c08b1a1d
MH		 244static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
245 u16 len, int flag)
f9207338 246{
c08b1a1d
MH		 247 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
248 flag, NULL);
f9207338
MH		 249}
250
72000df2
MH		 251static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
252 u16 len, int flag, struct sock *skip_sk)
253{
254 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
255 flag, skip_sk);
256}
257
f6b7712e
MH		 258static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
259 u16 len, struct sock *skip_sk)
260{
261 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
262 HCI_MGMT_GENERIC_EVENTS, skip_sk);
263}
264
7a00ff44
JH		 265static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
266 struct sock *skip_sk)
267{
268 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 269 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 270}
271
85813a7e
JH		 272static u8 le_addr_type(u8 mgmt_addr_type)
273{
274 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
275 return ADDR_LE_DEV_PUBLIC;
276 else
277 return ADDR_LE_DEV_RANDOM;
278}
279
04124681
GP		 280static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
281 u16 data_len)
a38528f1
JH		 282{
283 struct mgmt_rp_read_version rp;
284
285 BT_DBG("sock %p", sk);
286
287 rp.version = MGMT_VERSION;
dcf4adbf 288 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 289
2a1afb5a
JH		 290 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
291 &rp, sizeof(rp));
a38528f1
JH		 292}
293
04124681
GP		 294static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
295 u16 data_len)
e70bb2e8
JH		 296{
297 struct mgmt_rp_read_commands *rp;
99c679ac 298 u16 num_commands, num_events;
e70bb2e8
JH		 299 size_t rp_size;
300 int i, err;
301
302 BT_DBG("sock %p", sk);
303
99c679ac
MH		 304 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
305 num_commands = ARRAY_SIZE(mgmt_commands);
306 num_events = ARRAY_SIZE(mgmt_events);
307 } else {
308 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
309 num_events = ARRAY_SIZE(mgmt_untrusted_events);
310 }
311
e70bb2e8
JH		 312 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
313
314 rp = kmalloc(rp_size, GFP_KERNEL);
315 if (!rp)
316 return -ENOMEM;
317
dcf4adbf
JP		 318 rp->num_commands = cpu_to_le16(num_commands);
319 rp->num_events = cpu_to_le16(num_events);
e70bb2e8 320
99c679ac
MH		 321 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
322 __le16 *opcode = rp->opcodes;
323
324 for (i = 0; i < num_commands; i++, opcode++)
325 put_unaligned_le16(mgmt_commands[i], opcode);
e70bb2e8 326
99c679ac
MH		 327 for (i = 0; i < num_events; i++, opcode++)
328 put_unaligned_le16(mgmt_events[i], opcode);
329 } else {
330 __le16 *opcode = rp->opcodes;
331
332 for (i = 0; i < num_commands; i++, opcode++)
333 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
334
335 for (i = 0; i < num_events; i++, opcode++)
336 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
337 }
e70bb2e8 338
2a1afb5a
JH		 339 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
340 rp, rp_size);
e70bb2e8
JH		 341 kfree(rp);
342
343 return err;
344}
345
04124681
GP		 346static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
347 u16 data_len)
faba42eb 348{
faba42eb 349 struct mgmt_rp_read_index_list *rp;
8035ded4 350 struct hci_dev *d;
a38528f1 351 size_t rp_len;
faba42eb 352 u16 count;
476e44cb 353 int err;
faba42eb
JH		 354
355 BT_DBG("sock %p", sk);
356
357 read_lock(&hci_dev_list_lock);
358
359 count = 0;
bb4b2a9a 360 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 361 if (d->dev_type == HCI_BREDR &&
d7a5a11d 362 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 363 count++;
faba42eb
JH		 364 }
365
a38528f1
JH		 366 rp_len = sizeof(*rp) + (2 * count);
367 rp = kmalloc(rp_len, GFP_ATOMIC);
368 if (!rp) {
b2c60d42 369 read_unlock(&hci_dev_list_lock);
faba42eb 370 return -ENOMEM;
b2c60d42 371 }
faba42eb 372
476e44cb 373 count = 0;
8035ded4 374 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 375 if (hci_dev_test_flag(d, HCI_SETUP) ||
376 hci_dev_test_flag(d, HCI_CONFIG) ||
377 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 378 continue;
379
73d1df2a
MH		 380 /* Devices marked as raw-only are neither configured
381 * nor unconfigured controllers.
382 */
383 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 384 continue;
385
73d1df2a 386 if (d->dev_type == HCI_BREDR &&
d7a5a11d 387 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 388 rp->index[count++] = cpu_to_le16(d->id);
389 BT_DBG("Added hci%u", d->id);
390 }
faba42eb
JH		 391 }
392
476e44cb
JH		 393 rp->num_controllers = cpu_to_le16(count);
394 rp_len = sizeof(*rp) + (2 * count);
395
faba42eb
JH		 396 read_unlock(&hci_dev_list_lock);
397
2a1afb5a
JH		 398 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
399 0, rp, rp_len);
faba42eb 400
a38528f1
JH		 401 kfree(rp);
402
403 return err;
faba42eb
JH		 404}
405
73d1df2a
MH		 406static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
407 void *data, u16 data_len)
408{
409 struct mgmt_rp_read_unconf_index_list *rp;
410 struct hci_dev *d;
411 size_t rp_len;
412 u16 count;
413 int err;
414
415 BT_DBG("sock %p", sk);
416
417 read_lock(&hci_dev_list_lock);
418
419 count = 0;
420 list_for_each_entry(d, &hci_dev_list, list) {
421 if (d->dev_type == HCI_BREDR &&
d7a5a11d 422 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 423 count++;
424 }
425
426 rp_len = sizeof(*rp) + (2 * count);
427 rp = kmalloc(rp_len, GFP_ATOMIC);
428 if (!rp) {
429 read_unlock(&hci_dev_list_lock);
430 return -ENOMEM;
431 }
432
433 count = 0;
434 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 435 if (hci_dev_test_flag(d, HCI_SETUP) ||
436 hci_dev_test_flag(d, HCI_CONFIG) ||
437 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 438 continue;
439
440 /* Devices marked as raw-only are neither configured
441 * nor unconfigured controllers.
442 */
443 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
444 continue;
445
446 if (d->dev_type == HCI_BREDR &&
d7a5a11d 447 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 448 rp->index[count++] = cpu_to_le16(d->id);
449 BT_DBG("Added hci%u", d->id);
450 }
451 }
452
453 rp->num_controllers = cpu_to_le16(count);
454 rp_len = sizeof(*rp) + (2 * count);
455
456 read_unlock(&hci_dev_list_lock);
457
2a1afb5a
JH		 458 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
459 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 460
461 kfree(rp);
462
463 return err;
464}
465
96f1474a
MH		 466static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
467 void *data, u16 data_len)
468{
469 struct mgmt_rp_read_ext_index_list *rp;
470 struct hci_dev *d;
471 size_t rp_len;
472 u16 count;
473 int err;
474
475 BT_DBG("sock %p", sk);
476
477 read_lock(&hci_dev_list_lock);
478
479 count = 0;
480 list_for_each_entry(d, &hci_dev_list, list) {
481 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
482 count++;
483 }
484
485 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
486 rp = kmalloc(rp_len, GFP_ATOMIC);
487 if (!rp) {
488 read_unlock(&hci_dev_list_lock);
489 return -ENOMEM;
490 }
491
492 count = 0;
493 list_for_each_entry(d, &hci_dev_list, list) {
494 if (hci_dev_test_flag(d, HCI_SETUP) ||
495 hci_dev_test_flag(d, HCI_CONFIG) ||
496 hci_dev_test_flag(d, HCI_USER_CHANNEL))
497 continue;
498
499 /* Devices marked as raw-only are neither configured
500 * nor unconfigured controllers.
501 */
502 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
503 continue;
504
505 if (d->dev_type == HCI_BREDR) {
506 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
507 rp->entry[count].type = 0x01;
508 else
509 rp->entry[count].type = 0x00;
510 } else if (d->dev_type == HCI_AMP) {
511 rp->entry[count].type = 0x02;
512 } else {
513 continue;
514 }
515
516 rp->entry[count].bus = d->bus;
517 rp->entry[count++].index = cpu_to_le16(d->id);
518 BT_DBG("Added hci%u", d->id);
519 }
520
521 rp->num_controllers = cpu_to_le16(count);
522 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
523
524 read_unlock(&hci_dev_list_lock);
525
526 /* If this command is called at least once, then all the
527 * default index and unconfigured index events are disabled
528 * and from now on only extended index events are used.
529 */
530 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
531 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
532 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
533
534 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
535 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
536
537 kfree(rp);
538
539 return err;
540}
541
dbece37a
MH		 542static bool is_configured(struct hci_dev *hdev)
543{
544 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 545 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 546 return false;
547
548 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
549 !bacmp(&hdev->public_addr, BDADDR_ANY))
550 return false;
551
552 return true;
553}
554
89bc22d2
MH		 555static __le32 get_missing_options(struct hci_dev *hdev)
556{
557 u32 options = 0;
558
dbece37a 559 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 560 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 561 options |= MGMT_OPTION_EXTERNAL_CONFIG;
562
89bc22d2
MH		 563 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
564 !bacmp(&hdev->public_addr, BDADDR_ANY))
565 options |= MGMT_OPTION_PUBLIC_ADDRESS;
566
567 return cpu_to_le32(options);
568}
569
f4537c04
MH		 570static int new_options(struct hci_dev *hdev, struct sock *skip)
571{
572 __le32 options = get_missing_options(hdev);
573
f6b7712e
MH		 574 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
575 sizeof(options), skip);
f4537c04
MH		 576}
577
dbece37a
MH		 578static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
579{
580 __le32 options = get_missing_options(hdev);
581
2a1afb5a
JH		 582 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
583 sizeof(options));
dbece37a
MH		 584}
585
9fc3bfb6
MH		 586static int read_config_info(struct sock *sk, struct hci_dev *hdev,
587 void *data, u16 data_len)
588{
589 struct mgmt_rp_read_config_info rp;
89bc22d2 590 u32 options = 0;
9fc3bfb6
MH		 591
592 BT_DBG("sock %p %s", sk, hdev->name);
593
594 hci_dev_lock(hdev);
595
596 memset(&rp, 0, sizeof(rp));
597 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 598
eb1904f4
MH		 599 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
600 options |= MGMT_OPTION_EXTERNAL_CONFIG;
601
9fc3bfb6 602 if (hdev->set_bdaddr)
89bc22d2
MH		 603 options |= MGMT_OPTION_PUBLIC_ADDRESS;
604
605 rp.supported_options = cpu_to_le32(options);
606 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 607
608 hci_dev_unlock(hdev);
609
2a1afb5a
JH		 610 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
611 &rp, sizeof(rp));
9fc3bfb6
MH		 612}
613
69ab39ea
JH		 614static u32 get_supported_settings(struct hci_dev *hdev)
615{
616 u32 settings = 0;
617
618 settings |= MGMT_SETTING_POWERED;
b2939475 619 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 620 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 621 settings |= MGMT_SETTING_CONNECTABLE;
622 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 623
ed3fa31f 624 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 625 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
626 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 627 settings |= MGMT_SETTING_BREDR;
628 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 629
630 if (lmp_ssp_capable(hdev)) {
631 settings |= MGMT_SETTING_SSP;
632 settings |= MGMT_SETTING_HS;
633 }
e98d2ce2 634
05b3c3e7 635 if (lmp_sc_capable(hdev))
e98d2ce2 636 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 637 }
d7b7e796 638
eeca6f89 639 if (lmp_le_capable(hdev)) {
9d42820f 640 settings |= MGMT_SETTING_LE;
eeca6f89 641 settings |= MGMT_SETTING_ADVERTISING;
a3209694 642 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 643 settings |= MGMT_SETTING_PRIVACY;
93690c22 644 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 645 }
69ab39ea 646
eb1904f4
MH		 647 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
648 hdev->set_bdaddr)
9fc3bfb6
MH		 649 settings |= MGMT_SETTING_CONFIGURATION;
650
69ab39ea
JH		 651 return settings;
652}
653
654static u32 get_current_settings(struct hci_dev *hdev)
655{
656 u32 settings = 0;
657
f1f0eb02 658 if (hdev_is_powered(hdev))
f0d4b78a
MH		 659 settings |= MGMT_SETTING_POWERED;
660
d7a5a11d 661 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 662 settings |= MGMT_SETTING_CONNECTABLE;
663
d7a5a11d 664 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 665 settings |= MGMT_SETTING_FAST_CONNECTABLE;
666
d7a5a11d 667 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 668 settings |= MGMT_SETTING_DISCOVERABLE;
669
d7a5a11d 670 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 671 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 672
d7a5a11d 673 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 674 settings |= MGMT_SETTING_BREDR;
675
d7a5a11d 676 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 677 settings |= MGMT_SETTING_LE;
678
d7a5a11d 679 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 680 settings |= MGMT_SETTING_LINK_SECURITY;
681
d7a5a11d 682 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 683 settings |= MGMT_SETTING_SSP;
684
d7a5a11d 685 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 686 settings |= MGMT_SETTING_HS;
687
d7a5a11d 688 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 689 settings |= MGMT_SETTING_ADVERTISING;
690
d7a5a11d 691 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 692 settings |= MGMT_SETTING_SECURE_CONN;
693
d7a5a11d 694 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 695 settings |= MGMT_SETTING_DEBUG_KEYS;
696
d7a5a11d 697 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 698 settings |= MGMT_SETTING_PRIVACY;
699
93690c22
MH		 700 /* The current setting for static address has two purposes. The
701 * first is to indicate if the static address will be used and
702 * the second is to indicate if it is actually set.
703 *
704 * This means if the static address is not configured, this flag
08dc0e98 705 * will never be set. If the address is configured, then if the
93690c22
MH		 706 * address is actually used decides if the flag is set or not.
707 *
708 * For single mode LE only controllers and dual-mode controllers
709 * with BR/EDR disabled, the existence of the static address will
710 * be evaluated.
711 */
b7cb93e5 712 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 713 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 714 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
715 if (bacmp(&hdev->static_addr, BDADDR_ANY))
716 settings |= MGMT_SETTING_STATIC_ADDRESS;
717 }
718
69ab39ea
JH		 719 return settings;
720}
721
333ae95d
JH		 722static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
723{
724 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
725}
726
333ae95d
JH		 727static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
728 struct hci_dev *hdev,
729 const void *data)
730{
731 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
732}
733
f2252570 734u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
9a43e25f 735{
3b0602cd 736 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 737
738 /* If there's a pending mgmt command the flags will not yet have
739 * their final values, so check for this first.
740 */
333ae95d 741 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 742 if (cmd) {
743 struct mgmt_mode *cp = cmd->param;
744 if (cp->val == 0x01)
745 return LE_AD_GENERAL;
746 else if (cp->val == 0x02)
747 return LE_AD_LIMITED;
748 } else {
d7a5a11d 749 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 750 return LE_AD_LIMITED;
d7a5a11d 751 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 752 return LE_AD_GENERAL;
753 }
754
755 return 0;
756}
757
f2252570 758bool mgmt_get_connectable(struct hci_dev *hdev)
fdf51784
AU		 759{
760 struct mgmt_pending_cmd *cmd;
441ad2d0 761
fdf51784
AU		 762 /* If there's a pending mgmt command the flag will not yet have
763 * it's final value, so check for this first.
764 */
765 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
766 if (cmd) {
767 struct mgmt_mode *cp = cmd->param;
441ad2d0 768
fdf51784 769 return cp->val;
441ad2d0
MH		 770 }
771
fdf51784
AU		 772 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
773}
441ad2d0 774
7d78525d
JH		 775static void service_cache_off(struct work_struct *work)
776{
777 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 778 service_cache.work);
890ea898 779 struct hci_request req;
7d78525d 780
a69d8927 781 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 782 return;
783
890ea898
JH		 784 hci_req_init(&req, hdev);
785
7d78525d
JH		 786 hci_dev_lock(hdev);
787
b1a8917c 788 __hci_req_update_eir(&req);
14bf5eac 789 __hci_req_update_class(&req);
7d78525d
JH		 790
791 hci_dev_unlock(hdev);
890ea898
JH		 792
793 hci_req_run(&req, NULL);
7d78525d
JH		 794}
795
d6bfd59c
JH		 796static void rpa_expired(struct work_struct *work)
797{
798 struct hci_dev *hdev = container_of(work, struct hci_dev,
799 rpa_expired.work);
800 struct hci_request req;
801
802 BT_DBG("");
803
a1536da2 804 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 805
d7a5a11d 806 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 807 return;
808
809 /* The generation of a new RPA and programming it into the
f2252570
JH		 810 * controller happens in the hci_req_enable_advertising()
811 * function.
d6bfd59c 812 */
d6bfd59c 813 hci_req_init(&req, hdev);
f2252570 814 __hci_req_enable_advertising(&req);
d6bfd59c
JH		 815 hci_req_run(&req, NULL);
816}
817
6a919082 818static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 819{
238be788 820 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 821 return;
822
4f87da80 823 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 824 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 825
4f87da80
JH		 826 /* Non-mgmt controlled devices get this bit set
827 * implicitly so that pairing works for them, however
828 * for mgmt we require user-space to explicitly enable
829 * it
830 */
a358dc11 831 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 832}
833
0f4e68cf 834static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 835 void *data, u16 data_len)
0381101f 836{
a38528f1 837 struct mgmt_rp_read_info rp;
f7b64e69 838
bdb6d971 839 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 840
09fd0de5 841 hci_dev_lock(hdev);
f7b64e69 842
dc4fe30b
JH		 843 memset(&rp, 0, sizeof(rp));
844
69ab39ea 845 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 846
69ab39ea 847 rp.version = hdev->hci_ver;
eb55ef07 848 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 849
850 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
851 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 852
a38528f1 853 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 854
dc4fe30b 855 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 856 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 857
09fd0de5 858 hci_dev_unlock(hdev);
0381101f 859
2a1afb5a
JH		 860 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
861 sizeof(rp));
0381101f
JH		 862}
863
69ab39ea 864static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 865{
69ab39ea 866 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 867
2a1afb5a
JH		 868 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
869 sizeof(settings));
8680570b
JH		 870}
871
1904a853 872static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 873{
874 BT_DBG("%s status 0x%02x", hdev->name, status);
875
a3172b7e
JH		 876 if (hci_conn_count(hdev) == 0) {
877 cancel_delayed_work(&hdev->power_off);
8b064a3a 878 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 879 }
8b064a3a
JH		 880}
881
f2252570 882void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
912098a6
AU		 883{
884 struct mgmt_ev_advertising_added ev;
885
886 ev.instance = instance;
887
888 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
889}
890
f2252570
JH		 891void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
892 u8 instance)
912098a6
AU		 893{
894 struct mgmt_ev_advertising_removed ev;
895
896 ev.instance = instance;
897
898 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
899}
900
7816b820
FG		 901static void cancel_adv_timeout(struct hci_dev *hdev)
902{
903 if (hdev->adv_instance_timeout) {
904 hdev->adv_instance_timeout = 0;
905 cancel_delayed_work(&hdev->adv_instance_expire);
906 }
907}
908
8b064a3a
JH		 909static int clean_up_hci_state(struct hci_dev *hdev)
910{
911 struct hci_request req;
912 struct hci_conn *conn;
23a48093
JH		 913 bool discov_stopped;
914 int err;
8b064a3a
JH		 915
916 hci_req_init(&req, hdev);
917
918 if (test_bit(HCI_ISCAN, &hdev->flags) ||
919 test_bit(HCI_PSCAN, &hdev->flags)) {
920 u8 scan = 0x00;
921 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
922 }
923
f2252570 924 hci_req_clear_adv_instance(hdev, NULL, 0x00, false);
912098a6 925
d7a5a11d 926 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 927 __hci_req_disable_advertising(&req);
8b064a3a 928
2154d3f4 929 discov_stopped = hci_req_stop_discovery(&req);
8b064a3a
JH		 930
931 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
89e0ccc8
JH		 932 /* 0x15 == Terminated due to Power Off */
933 __hci_abort_conn(&req, conn, 0x15);
8b064a3a
JH		 934 }
935
23a48093
JH		 936 err = hci_req_run(&req, clean_up_hci_complete);
937 if (!err && discov_stopped)
938 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
939
940 return err;
8b064a3a
JH		 941}
942
bdb6d971 943static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 944 u16 len)
eec8d2bc 945{
650f726d 946 struct mgmt_mode *cp = data;
3b0602cd 947 struct mgmt_pending_cmd *cmd;
4b34ee78 948 int err;
eec8d2bc 949
bdb6d971 950 BT_DBG("request for %s", hdev->name);
eec8d2bc 951
a7e80f25 952 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 953 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
954 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 955
09fd0de5 956 hci_dev_lock(hdev);
eec8d2bc 957
333ae95d 958 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 959 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
960 MGMT_STATUS_BUSY);
87b95ba6
JH		 961 goto failed;
962 }
963
4b34ee78 964 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 965 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 966 goto failed;
967 }
968
2e58ef3e 969 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 970 if (!cmd) {
971 err = -ENOMEM;
eec8d2bc 972 goto failed;
366a0336 973 }
eec8d2bc 974
8b064a3a 975 if (cp->val) {
19202573 976 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 977 err = 0;
978 } else {
979 /* Disconnect connections, stop scans, etc */
980 err = clean_up_hci_state(hdev);
a3172b7e
JH		 981 if (!err)
982 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
983 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 984
8b064a3a
JH		 985 /* ENODATA means there were no HCI commands queued */
986 if (err == -ENODATA) {
a3172b7e 987 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 988 queue_work(hdev->req_workqueue, &hdev->power_off.work);
989 err = 0;
990 }
991 }
eec8d2bc
JH		 992
993failed:
09fd0de5 994 hci_dev_unlock(hdev);
366a0336 995 return err;
eec8d2bc
JH		 996}
997
beadb2bd
JH		 998static int new_settings(struct hci_dev *hdev, struct sock *skip)
999{
f6b7712e 1000 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1001
f6b7712e
MH		 1002 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1003 sizeof(ev), skip);
beadb2bd
JH		 1004}
1005
91a668b0
JH		 1006int mgmt_new_settings(struct hci_dev *hdev)
1007{
1008 return new_settings(hdev, NULL);
1009}
1010
bd99abdd
JH		 1011struct cmd_lookup {
1012 struct sock *sk;
1013 struct hci_dev *hdev;
1014 u8 mgmt_status;
1015};
1016
3b0602cd 1017static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1018{
1019 struct cmd_lookup *match = data;
1020
1021 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1022
1023 list_del(&cmd->list);
1024
1025 if (match->sk == NULL) {
1026 match->sk = cmd->sk;
1027 sock_hold(match->sk);
1028 }
1029
1030 mgmt_pending_free(cmd);
1031}
1032
3b0602cd 1033static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1034{
1035 u8 *status = data;
1036
a69e8375 1037 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1038 mgmt_pending_remove(cmd);
1039}
1040
3b0602cd 1041static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1042{
1043 if (cmd->cmd_complete) {
1044 u8 *status = data;
1045
1046 cmd->cmd_complete(cmd, *status);
1047 mgmt_pending_remove(cmd);
1048
1049 return;
1050 }
1051
1052 cmd_status_rsp(cmd, data);
1053}
1054
3b0602cd 1055static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1056{
2a1afb5a
JH		 1057 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1058 cmd->param, cmd->param_len);
f5818c22
JH		 1059}
1060
3b0602cd 1061static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1062{
2a1afb5a
JH		 1063 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1064 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1065}
1066
e6fe7986
JH		 1067static u8 mgmt_bredr_support(struct hci_dev *hdev)
1068{
1069 if (!lmp_bredr_capable(hdev))
1070 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1071 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1072 return MGMT_STATUS_REJECTED;
1073 else
1074 return MGMT_STATUS_SUCCESS;
1075}
1076
1077static u8 mgmt_le_support(struct hci_dev *hdev)
1078{
1079 if (!lmp_le_capable(hdev))
1080 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1081 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1082 return MGMT_STATUS_REJECTED;
1083 else
1084 return MGMT_STATUS_SUCCESS;
1085}
1086
aed1a885 1087void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
bfaf8c9f 1088{
3b0602cd 1089 struct mgmt_pending_cmd *cmd;
bfaf8c9f
JH		 1090
1091 BT_DBG("status 0x%02x", status);
1092
1093 hci_dev_lock(hdev);
1094
333ae95d 1095 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1096 if (!cmd)
1097 goto unlock;
1098
1099 if (status) {
1100 u8 mgmt_err = mgmt_status(status);
a69e8375 1101 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1102 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1103 goto remove_cmd;
1104 }
1105
aed1a885
JH		 1106 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1107 hdev->discov_timeout > 0) {
1108 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1109 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
d4462a07 1110 }
bfaf8c9f
JH		 1111
1112 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
aed1a885 1113 new_settings(hdev, cmd->sk);
970ba524 1114
bfaf8c9f
JH		 1115remove_cmd:
1116 mgmt_pending_remove(cmd);
1117
1118unlock:
1119 hci_dev_unlock(hdev);
1120}
1121
bdb6d971 1122static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1123 u16 len)
73f22f62 1124{
650f726d 1125 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1126 struct mgmt_pending_cmd *cmd;
5e5282bb 1127 u16 timeout;
73f22f62
JH		 1128 int err;
1129
bdb6d971 1130 BT_DBG("request for %s", hdev->name);
73f22f62 1131
d7a5a11d
MH		 1132 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1133 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1134 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1135 MGMT_STATUS_REJECTED);
33c525c0 1136
310a3d48 1137 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1138 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1139 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1140
1f350c87 1141 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1142
1143 /* Disabling discoverable requires that no timeout is set,
1144 * and enabling limited discoverable requires a timeout.
1145 */
1146 if ((cp->val == 0x00 && timeout > 0) ||
1147 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1148 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1149 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1150
09fd0de5 1151 hci_dev_lock(hdev);
73f22f62 1152
5e5282bb 1153 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1154 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1155 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1156 goto failed;
1157 }
1158
333ae95d
JH		 1159 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1160 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1161 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1162 MGMT_STATUS_BUSY);
73f22f62
JH		 1163 goto failed;
1164 }
1165
d7a5a11d 1166 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1167 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1168 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1169 goto failed;
1170 }
1171
1172 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1173 bool changed = false;
1174
310a3d48
MH		 1175 /* Setting limited discoverable when powered off is
1176 * not a valid operation since it requires a timeout
1177 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1178 */
d7a5a11d 1179 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1180 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1181 changed = true;
1182 }
1183
5e5282bb 1184 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1185 if (err < 0)
1186 goto failed;
1187
1188 if (changed)
1189 err = new_settings(hdev, sk);
1190
5e5282bb
JH		 1191 goto failed;
1192 }
1193
310a3d48
MH		 1194 /* If the current mode is the same, then just update the timeout
1195 * value with the new value. And if only the timeout gets updated,
1196 * then no need for any HCI transactions.
1197 */
d7a5a11d
MH		 1198 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1199 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1200 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1201 cancel_delayed_work(&hdev->discov_off);
1202 hdev->discov_timeout = timeout;
955638ec 1203
36261547
MH		 1204 if (cp->val && hdev->discov_timeout > 0) {
1205 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
c366f555
JH		 1206 queue_delayed_work(hdev->req_workqueue,
1207 &hdev->discov_off, to);
955638ec
MH		 1208 }
1209
69ab39ea 1210 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1211 goto failed;
1212 }
1213
2e58ef3e 1214 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1215 if (!cmd) {
1216 err = -ENOMEM;
73f22f62 1217 goto failed;
366a0336 1218 }
73f22f62 1219
310a3d48
MH		 1220 /* Cancel any potential discoverable timeout that might be
1221 * still active and store new timeout value. The arming of
1222 * the timeout happens in the complete handler.
1223 */
1224 cancel_delayed_work(&hdev->discov_off);
1225 hdev->discov_timeout = timeout;
1226
aed1a885
JH		 1227 if (cp->val)
1228 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1229 else
1230 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1231
b456f87c
JH		 1232 /* Limited discoverable mode */
1233 if (cp->val == 0x02)
a1536da2 1234 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1235 else
a358dc11 1236 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1237
aed1a885
JH		 1238 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1239 err = 0;
73f22f62
JH		 1240
1241failed:
09fd0de5 1242 hci_dev_unlock(hdev);
73f22f62
JH		 1243 return err;
1244}
1245
53c0ba74 1246void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
2b76f453 1247{
3b0602cd 1248 struct mgmt_pending_cmd *cmd;
2b76f453
JH		 1249
1250 BT_DBG("status 0x%02x", status);
1251
1252 hci_dev_lock(hdev);
1253
333ae95d 1254 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 1255 if (!cmd)
1256 goto unlock;
1257
37438c1f
JH		 1258 if (status) {
1259 u8 mgmt_err = mgmt_status(status);
a69e8375 1260 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1261 goto remove_cmd;
1262 }
1263
2b76f453 1264 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
53c0ba74 1265 new_settings(hdev, cmd->sk);
d7b856f9 1266
37438c1f 1267remove_cmd:
2b76f453
JH		 1268 mgmt_pending_remove(cmd);
1269
1270unlock:
1271 hci_dev_unlock(hdev);
1272}
1273
e8ba3a1f
JH		 1274static int set_connectable_update_settings(struct hci_dev *hdev,
1275 struct sock *sk, u8 val)
1276{
1277 bool changed = false;
1278 int err;
1279
d7a5a11d 1280 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1281 changed = true;
1282
1283 if (val) {
a1536da2 1284 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1285 } else {
a358dc11
MH		 1286 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1287 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1288 }
1289
1290 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1291 if (err < 0)
1292 return err;
1293
562064e6 1294 if (changed) {
01b1cb87 1295 hci_req_update_scan(hdev);
562064e6 1296 hci_update_background_scan(hdev);
e8ba3a1f 1297 return new_settings(hdev, sk);
562064e6 1298 }
e8ba3a1f
JH		 1299
1300 return 0;
1301}
1302
bdb6d971 1303static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1304 u16 len)
9fbcbb45 1305{
650f726d 1306 struct mgmt_mode *cp = data;
3b0602cd 1307 struct mgmt_pending_cmd *cmd;
9fbcbb45
JH		 1308 int err;
1309
bdb6d971 1310 BT_DBG("request for %s", hdev->name);
9fbcbb45 1311
d7a5a11d
MH		 1312 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1313 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1314 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1315 MGMT_STATUS_REJECTED);
33c525c0 1316
a7e80f25 1317 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1318 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1319 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1320
09fd0de5 1321 hci_dev_lock(hdev);
9fbcbb45 1322
4b34ee78 1323 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1324 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1325 goto failed;
1326 }
1327
333ae95d
JH		 1328 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1329 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1330 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1331 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1332 goto failed;
1333 }
1334
2e58ef3e 1335 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1336 if (!cmd) {
1337 err = -ENOMEM;
9fbcbb45 1338 goto failed;
366a0336 1339 }
9fbcbb45 1340
53c0ba74
JH		 1341 if (cp->val) {
1342 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1343 } else {
1344 if (hdev->discov_timeout > 0)
1345 cancel_delayed_work(&hdev->discov_off);
2b76f453 1346
53c0ba74
JH		 1347 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1348 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1349 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
9b74246f 1350 }
2b76f453 1351
53c0ba74
JH		 1352 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1353 err = 0;
9fbcbb45
JH		 1354
1355failed:
09fd0de5 1356 hci_dev_unlock(hdev);
9fbcbb45
JH		 1357 return err;
1358}
1359
b2939475 1360static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1361 u16 len)
c542a06c 1362{
650f726d 1363 struct mgmt_mode *cp = data;
55594356 1364 bool changed;
c542a06c
JH		 1365 int err;
1366
bdb6d971 1367 BT_DBG("request for %s", hdev->name);
c542a06c 1368
a7e80f25 1369 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1370 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1371 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1372
09fd0de5 1373 hci_dev_lock(hdev);
c542a06c
JH		 1374
1375 if (cp->val)
238be788 1376 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 1377 else
a69d8927 1378 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 1379
b2939475 1380 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1381 if (err < 0)
55594356 1382 goto unlock;
c542a06c 1383
55594356
MH		 1384 if (changed)
1385 err = new_settings(hdev, sk);
c542a06c 1386
55594356 1387unlock:
09fd0de5 1388 hci_dev_unlock(hdev);
c542a06c
JH		 1389 return err;
1390}
1391
04124681
GP		 1392static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1393 u16 len)
33ef95ed
JH		 1394{
1395 struct mgmt_mode *cp = data;
3b0602cd 1396 struct mgmt_pending_cmd *cmd;
e6fe7986 1397 u8 val, status;
33ef95ed
JH		 1398 int err;
1399
bdb6d971 1400 BT_DBG("request for %s", hdev->name);
33ef95ed 1401
e6fe7986
JH		 1402 status = mgmt_bredr_support(hdev);
1403 if (status)
a69e8375
JH		 1404 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1405 status);
33c525c0 1406
a7e80f25 1407 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1408 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1409 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1410
33ef95ed
JH		 1411 hci_dev_lock(hdev);
1412
4b34ee78 1413 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1414 bool changed = false;
1415
d7a5a11d 1416 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 1417 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 1418 changed = true;
1419 }
1420
1421 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1422 if (err < 0)
1423 goto failed;
1424
1425 if (changed)
1426 err = new_settings(hdev, sk);
1427
33ef95ed
JH		 1428 goto failed;
1429 }
1430
333ae95d 1431 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 1432 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1433 MGMT_STATUS_BUSY);
33ef95ed
JH		 1434 goto failed;
1435 }
1436
1437 val = !!cp->val;
1438
1439 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1440 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1441 goto failed;
1442 }
1443
1444 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1445 if (!cmd) {
1446 err = -ENOMEM;
1447 goto failed;
1448 }
1449
1450 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1451 if (err < 0) {
1452 mgmt_pending_remove(cmd);
1453 goto failed;
1454 }
1455
1456failed:
1457 hci_dev_unlock(hdev);
33ef95ed
JH		 1458 return err;
1459}
1460
bdb6d971 1461static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1462{
1463 struct mgmt_mode *cp = data;
3b0602cd 1464 struct mgmt_pending_cmd *cmd;
72ef0c1a 1465 u8 status;
ed2c4ee3
JH		 1466 int err;
1467
bdb6d971 1468 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1469
cdba5281
MH		 1470 status = mgmt_bredr_support(hdev);
1471 if (status)
a69e8375 1472 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 1473
13ecd8b6 1474 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1475 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1476 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1477
a7e80f25 1478 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1479 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1480 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1481
13ecd8b6 1482 hci_dev_lock(hdev);
6c8f12c1 1483
4b34ee78 1484 if (!hdev_is_powered(hdev)) {
9ecb3e24 1485 bool changed;
c0ecddc2 1486
9ecb3e24 1487 if (cp->val) {
238be788
MH		 1488 changed = !hci_dev_test_and_set_flag(hdev,
1489 HCI_SSP_ENABLED);
9ecb3e24 1490 } else {
a69d8927
MH		 1491 changed = hci_dev_test_and_clear_flag(hdev,
1492 HCI_SSP_ENABLED);
9ecb3e24 1493 if (!changed)
a69d8927
MH		 1494 changed = hci_dev_test_and_clear_flag(hdev,
1495 HCI_HS_ENABLED);
9ecb3e24 1496 else
a358dc11 1497 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 1498 }
1499
1500 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1501 if (err < 0)
1502 goto failed;
1503
1504 if (changed)
1505 err = new_settings(hdev, sk);
1506
ed2c4ee3
JH		 1507 goto failed;
1508 }
1509
333ae95d 1510 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1511 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1512 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1513 goto failed;
1514 }
1515
d7a5a11d 1516 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 1517 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1518 goto failed;
1519 }
1520
1521 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1522 if (!cmd) {
1523 err = -ENOMEM;
1524 goto failed;
1525 }
1526
d7a5a11d 1527 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 1528 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1529 sizeof(cp->val), &cp->val);
1530
72ef0c1a 1531 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1532 if (err < 0) {
1533 mgmt_pending_remove(cmd);
1534 goto failed;
1535 }
1536
1537failed:
1538 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1539 return err;
1540}
1541
bdb6d971 1542static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1543{
1544 struct mgmt_mode *cp = data;
ee392693 1545 bool changed;
e6fe7986 1546 u8 status;
ee392693 1547 int err;
6d80dfd0 1548
bdb6d971 1549 BT_DBG("request for %s", hdev->name);
6d80dfd0 1550
e6fe7986
JH		 1551 status = mgmt_bredr_support(hdev);
1552 if (status)
a69e8375 1553 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1554
9ecb3e24 1555 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1556 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1557 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 1558
d7a5a11d 1559 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 1560 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1561 MGMT_STATUS_REJECTED);
9ecb3e24 1562
a7e80f25 1563 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1564 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1565 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1566
ee392693
MH		 1567 hci_dev_lock(hdev);
1568
333ae95d 1569 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1570 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1571 MGMT_STATUS_BUSY);
a2cb01de
JH		 1572 goto unlock;
1573 }
1574
a0cdf960 1575 if (cp->val) {
238be788 1576 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 1577 } else {
1578 if (hdev_is_powered(hdev)) {
a69e8375
JH		 1579 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1580 MGMT_STATUS_REJECTED);
a0cdf960
MH		 1581 goto unlock;
1582 }
1583
a69d8927 1584 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 1585 }
ee392693
MH		 1586
1587 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1588 if (err < 0)
1589 goto unlock;
1590
1591 if (changed)
1592 err = new_settings(hdev, sk);
6d80dfd0 1593
ee392693
MH		 1594unlock:
1595 hci_dev_unlock(hdev);
1596 return err;
6d80dfd0
JH		 1597}
1598
1904a853 1599static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 1600{
1601 struct cmd_lookup match = { NULL, hdev };
1602
3ad67582
JK		 1603 hci_dev_lock(hdev);
1604
416a4ae5
JH		 1605 if (status) {
1606 u8 mgmt_err = mgmt_status(status);
1607
1608 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1609 &mgmt_err);
3ad67582 1610 goto unlock;
416a4ae5
JH		 1611 }
1612
1613 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1614
1615 new_settings(hdev, match.sk);
1616
1617 if (match.sk)
1618 sock_put(match.sk);
441ad2d0
MH		 1619
1620 /* Make sure the controller has a good default for
1621 * advertising data. Restrict the update to when LE
1622 * has actually been enabled. During power on, the
1623 * update in powered_update_hci will take care of it.
1624 */
d7a5a11d 1625 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 1626 struct hci_request req;
1627
441ad2d0 1628 hci_req_init(&req, hdev);
cab054ab
JH		 1629 __hci_req_update_adv_data(&req, 0x00);
1630 __hci_req_update_scan_rsp_data(&req, 0x00);
441ad2d0 1631 hci_req_run(&req, NULL);
2e93e53b 1632 hci_update_background_scan(hdev);
441ad2d0 1633 }
3ad67582
JK		 1634
1635unlock:
1636 hci_dev_unlock(hdev);
416a4ae5
JH		 1637}
1638
bdb6d971 1639static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1640{
1641 struct mgmt_mode *cp = data;
1642 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 1643 struct mgmt_pending_cmd *cmd;
416a4ae5 1644 struct hci_request req;
06199cf8 1645 int err;
0b60eba1 1646 u8 val, enabled;
06199cf8 1647
bdb6d971 1648 BT_DBG("request for %s", hdev->name);
06199cf8 1649
13ecd8b6 1650 if (!lmp_le_capable(hdev))
a69e8375
JH		 1651 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1652 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1653
a7e80f25 1654 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1655 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1656 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1657
e7844ee5
MH		 1658 /* Bluetooth single mode LE only controllers or dual-mode
1659 * controllers configured as LE only devices, do not allow
1660 * switching LE off. These have either LE enabled explicitly
1661 * or BR/EDR has been previously switched off.
1662 *
1663 * When trying to enable an already enabled LE, then gracefully
1664 * send a positive response. Trying to disable it however will
1665 * result into rejection.
1666 */
1667 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1668 if (cp->val == 0x01)
1669 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1670
a69e8375
JH		 1671 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1672 MGMT_STATUS_REJECTED);
e7844ee5 1673 }
c73eee91 1674
13ecd8b6 1675 hci_dev_lock(hdev);
06199cf8
JH		 1676
1677 val = !!cp->val;
ffa88e02 1678 enabled = lmp_host_le_capable(hdev);
06199cf8 1679
847818d9 1680 if (!val)
f2252570 1681 hci_req_clear_adv_instance(hdev, NULL, 0x00, true);
847818d9 1682
0b60eba1 1683 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1684 bool changed = false;
1685
d7a5a11d 1686 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 1687 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 1688 changed = true;
1689 }
1690
d7a5a11d 1691 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 1692 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 1693 changed = true;
1694 }
1695
06199cf8
JH		 1696 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1697 if (err < 0)
1de028ce 1698 goto unlock;
06199cf8
JH		 1699
1700 if (changed)
1701 err = new_settings(hdev, sk);
1702
1de028ce 1703 goto unlock;
06199cf8
JH		 1704 }
1705
333ae95d
JH		 1706 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1707 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 1708 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1709 MGMT_STATUS_BUSY);
1de028ce 1710 goto unlock;
06199cf8
JH		 1711 }
1712
1713 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1714 if (!cmd) {
1715 err = -ENOMEM;
1de028ce 1716 goto unlock;
06199cf8
JH		 1717 }
1718
441ad2d0
MH		 1719 hci_req_init(&req, hdev);
1720
06199cf8
JH		 1721 memset(&hci_cp, 0, sizeof(hci_cp));
1722
1723 if (val) {
1724 hci_cp.le = val;
32226e4f 1725 hci_cp.simul = 0x00;
441ad2d0 1726 } else {
d7a5a11d 1727 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 1728 __hci_req_disable_advertising(&req);
06199cf8
JH		 1729 }
1730
416a4ae5
JH		 1731 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1732 &hci_cp);
1733
1734 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1735 if (err < 0)
06199cf8 1736 mgmt_pending_remove(cmd);
06199cf8 1737
1de028ce
JH		 1738unlock:
1739 hci_dev_unlock(hdev);
06199cf8
JH		 1740 return err;
1741}
1742
0cab9c80
JH		 1743/* This is a helper function to test for pending mgmt commands that can
1744 * cause CoD or EIR HCI commands. We can only allow one such pending
1745 * mgmt command at a time since otherwise we cannot easily track what
1746 * the current values are, will be, and based on that calculate if a new
1747 * HCI command needs to be sent and if yes with what value.
1748 */
1749static bool pending_eir_or_class(struct hci_dev *hdev)
1750{
3b0602cd 1751 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 1752
1753 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1754 switch (cmd->opcode) {
1755 case MGMT_OP_ADD_UUID:
1756 case MGMT_OP_REMOVE_UUID:
1757 case MGMT_OP_SET_DEV_CLASS:
1758 case MGMT_OP_SET_POWERED:
1759 return true;
1760 }
1761 }
1762
1763 return false;
1764}
1765
83be8eca
JH		 1766static const u8 bluetooth_base_uuid[] = {
1767 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1768 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1769};
1770
1771static u8 get_uuid_size(const u8 *uuid)
1772{
1773 u32 val;
1774
1775 if (memcmp(uuid, bluetooth_base_uuid, 12))
1776 return 128;
1777
1778 val = get_unaligned_le32(&uuid[12]);
1779 if (val > 0xffff)
1780 return 32;
1781
1782 return 16;
1783}
1784
92da6097
JH		 1785static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1786{
3b0602cd 1787 struct mgmt_pending_cmd *cmd;
92da6097
JH		 1788
1789 hci_dev_lock(hdev);
1790
333ae95d 1791 cmd = pending_find(mgmt_op, hdev);
92da6097
JH		 1792 if (!cmd)
1793 goto unlock;
1794
2a1afb5a
JH		 1795 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
1796 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 1797
1798 mgmt_pending_remove(cmd);
1799
1800unlock:
1801 hci_dev_unlock(hdev);
1802}
1803
1904a853 1804static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 1805{
1806 BT_DBG("status 0x%02x", status);
1807
1808 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1809}
1810
bdb6d971 1811static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1812{
650f726d 1813 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 1814 struct mgmt_pending_cmd *cmd;
890ea898 1815 struct hci_request req;
2aeb9a1a 1816 struct bt_uuid *uuid;
2aeb9a1a
JH		 1817 int err;
1818
bdb6d971 1819 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1820
09fd0de5 1821 hci_dev_lock(hdev);
2aeb9a1a 1822
0cab9c80 1823 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 1824 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1825 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1826 goto failed;
1827 }
1828
92c4c204 1829 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1830 if (!uuid) {
1831 err = -ENOMEM;
1832 goto failed;
1833 }
1834
1835 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1836 uuid->svc_hint = cp->svc_hint;
83be8eca 1837 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1838
de66aa63 1839 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1840
890ea898 1841 hci_req_init(&req, hdev);
1aff6f09 1842
14bf5eac 1843 __hci_req_update_class(&req);
b1a8917c 1844 __hci_req_update_eir(&req);
890ea898 1845
92da6097
JH		 1846 err = hci_req_run(&req, add_uuid_complete);
1847 if (err < 0) {
1848 if (err != -ENODATA)
1849 goto failed;
80a1e1db 1850
2a1afb5a
JH		 1851 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1852 hdev->dev_class, 3);
90e70454
JH		 1853 goto failed;
1854 }
1855
1856 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1857 if (!cmd) {
90e70454 1858 err = -ENOMEM;
890ea898
JH		 1859 goto failed;
1860 }
1861
1862 err = 0;
2aeb9a1a
JH		 1863
1864failed:
09fd0de5 1865 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1866 return err;
1867}
1868
24b78d0f
JH		 1869static bool enable_service_cache(struct hci_dev *hdev)
1870{
1871 if (!hdev_is_powered(hdev))
1872 return false;
1873
238be788 1874 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 1875 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1876 CACHE_TIMEOUT);
24b78d0f
JH		 1877 return true;
1878 }
1879
1880 return false;
1881}
1882
1904a853 1883static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 1884{
1885 BT_DBG("status 0x%02x", status);
1886
1887 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1888}
1889
bdb6d971 1890static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1891 u16 len)
2aeb9a1a 1892{
650f726d 1893 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 1894 struct mgmt_pending_cmd *cmd;
056341c8 1895 struct bt_uuid *match, *tmp;
2aeb9a1a 1896 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1897 struct hci_request req;
2aeb9a1a
JH		 1898 int err, found;
1899
bdb6d971 1900 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1901
09fd0de5 1902 hci_dev_lock(hdev);
2aeb9a1a 1903
0cab9c80 1904 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 1905 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1906 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1907 goto unlock;
1908 }
1909
2aeb9a1a 1910 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 1911 hci_uuids_clear(hdev);
4004b6d9 1912
24b78d0f 1913 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 1914 err = mgmt_cmd_complete(sk, hdev->id,
1915 MGMT_OP_REMOVE_UUID,
1916 0, hdev->dev_class, 3);
24b78d0f
JH		 1917 goto unlock;
1918 }
4004b6d9 1919
9246a869 1920 goto update_class;
2aeb9a1a
JH		 1921 }
1922
1923 found = 0;
1924
056341c8 1925 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1926 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1927 continue;
1928
1929 list_del(&match->list);
482049f7 1930 kfree(match);
2aeb9a1a
JH		 1931 found++;
1932 }
1933
1934 if (found == 0) {
a69e8375
JH		 1935 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1936 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1937 goto unlock;
1938 }
1939
9246a869 1940update_class:
890ea898 1941 hci_req_init(&req, hdev);
1aff6f09 1942
14bf5eac 1943 __hci_req_update_class(&req);
b1a8917c 1944 __hci_req_update_eir(&req);
890ea898 1945
92da6097
JH		 1946 err = hci_req_run(&req, remove_uuid_complete);
1947 if (err < 0) {
1948 if (err != -ENODATA)
1949 goto unlock;
80a1e1db 1950
2a1afb5a
JH		 1951 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1952 hdev->dev_class, 3);
90e70454
JH		 1953 goto unlock;
1954 }
1955
1956 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1957 if (!cmd) {
90e70454 1958 err = -ENOMEM;
890ea898
JH		 1959 goto unlock;
1960 }
1961
1962 err = 0;
2aeb9a1a
JH		 1963
1964unlock:
09fd0de5 1965 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1966 return err;
1967}
1968
1904a853 1969static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 1970{
1971 BT_DBG("status 0x%02x", status);
1972
1973 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1974}
1975
bdb6d971 1976static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1977 u16 len)
1aff6f09 1978{
650f726d 1979 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 1980 struct mgmt_pending_cmd *cmd;
890ea898 1981 struct hci_request req;
1aff6f09
JH		 1982 int err;
1983
bdb6d971 1984 BT_DBG("request for %s", hdev->name);
1aff6f09 1985
6203fc98 1986 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 1987 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1988 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1989
0cab9c80 1990 hci_dev_lock(hdev);
ee98f473 1991
0cab9c80 1992 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 1993 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1994 MGMT_STATUS_BUSY);
0cab9c80
JH		 1995 goto unlock;
1996 }
c95f0ba7 1997
0cab9c80 1998 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 1999 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2000 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2001 goto unlock;
2002 }
575b3a02 2003
932f5ff5
JH		 2004 hdev->major_class = cp->major;
2005 hdev->minor_class = cp->minor;
2006
b5235a65 2007 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2008 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2009 hdev->dev_class, 3);
b5235a65
JH		 2010 goto unlock;
2011 }
2012
890ea898
JH		 2013 hci_req_init(&req, hdev);
2014
a69d8927 2015 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2016 hci_dev_unlock(hdev);
2017 cancel_delayed_work_sync(&hdev->service_cache);
2018 hci_dev_lock(hdev);
b1a8917c 2019 __hci_req_update_eir(&req);
7d78525d 2020 }
14c0b608 2021
14bf5eac 2022 __hci_req_update_class(&req);
890ea898 2023
92da6097
JH		 2024 err = hci_req_run(&req, set_class_complete);
2025 if (err < 0) {
2026 if (err != -ENODATA)
2027 goto unlock;
1aff6f09 2028
2a1afb5a
JH		 2029 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2030 hdev->dev_class, 3);
90e70454
JH		 2031 goto unlock;
2032 }
2033
2034 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2035 if (!cmd) {
90e70454 2036 err = -ENOMEM;
890ea898
JH		 2037 goto unlock;
2038 }
2039
2040 err = 0;
1aff6f09 2041
b5235a65 2042unlock:
09fd0de5 2043 hci_dev_unlock(hdev);
1aff6f09
JH		 2044 return err;
2045}
2046
bdb6d971 2047static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2048 u16 len)
55ed8ca1 2049{
650f726d 2050 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2051 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2052 sizeof(struct mgmt_link_key_info));
4e51eae9 2053 u16 key_count, expected_len;
b1de97d8 2054 bool changed;
a492cd52 2055 int i;
55ed8ca1 2056
9060d5cf
MH		 2057 BT_DBG("request for %s", hdev->name);
2058
2059 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2060 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2061 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2062
1f350c87 2063 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2064 if (key_count > max_key_count) {
2065 BT_ERR("load_link_keys: too big key_count value %u",
2066 key_count);
a69e8375
JH		 2067 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2068 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2069 }
55ed8ca1 2070
86742e1e
JH		 2071 expected_len = sizeof(*cp) + key_count *
2072 sizeof(struct mgmt_link_key_info);
a492cd52 2073 if (expected_len != len) {
86742e1e 2074 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2075 expected_len, len);
a69e8375
JH		 2076 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2077 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2078 }
2079
4ae14301 2080 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2081 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2082 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2083
bdb6d971 2084 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2085 key_count);
55ed8ca1 2086
4ee71b20
JH		 2087 for (i = 0; i < key_count; i++) {
2088 struct mgmt_link_key_info *key = &cp->keys[i];
2089
8e991132 2090 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2091 return mgmt_cmd_status(sk, hdev->id,
2092 MGMT_OP_LOAD_LINK_KEYS,
2093 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2094 }
2095
09fd0de5 2096 hci_dev_lock(hdev);
55ed8ca1
JH		 2097
2098 hci_link_keys_clear(hdev);
2099
55ed8ca1 2100 if (cp->debug_keys)
238be788 2101 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2102 else
a69d8927
MH		 2103 changed = hci_dev_test_and_clear_flag(hdev,
2104 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2105
2106 if (changed)
2107 new_settings(hdev, NULL);
55ed8ca1 2108
a492cd52 2109 for (i = 0; i < key_count; i++) {
86742e1e 2110 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2111
58e9293c
JH		 2112 /* Always ignore debug keys and require a new pairing if
2113 * the user wants to use them.
2114 */
2115 if (key->type == HCI_LK_DEBUG_COMBINATION)
2116 continue;
2117
7652ff6a
JH		 2118 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2119 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2120 }
2121
2a1afb5a 2122 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2123
09fd0de5 2124 hci_dev_unlock(hdev);
55ed8ca1 2125
a492cd52 2126 return 0;
55ed8ca1
JH		 2127}
2128
b1078ad0 2129static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2130 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2131{
2132 struct mgmt_ev_device_unpaired ev;
2133
2134 bacpy(&ev.addr.bdaddr, bdaddr);
2135 ev.addr.type = addr_type;
2136
2137 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2138 skip_sk);
b1078ad0
JH		 2139}
2140
bdb6d971 2141static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2142 u16 len)
55ed8ca1 2143{
124f6e35
JH		 2144 struct mgmt_cp_unpair_device *cp = data;
2145 struct mgmt_rp_unpair_device rp;
fc64361a 2146 struct hci_conn_params *params;
3b0602cd 2147 struct mgmt_pending_cmd *cmd;
55ed8ca1 2148 struct hci_conn *conn;
ec182f03 2149 u8 addr_type;
55ed8ca1
JH		 2150 int err;
2151
a8a1d19e 2152 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2153 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2154 rp.addr.type = cp->addr.type;
a8a1d19e 2155
4ee71b20 2156 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2157 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2158 MGMT_STATUS_INVALID_PARAMS,
2159 &rp, sizeof(rp));
4ee71b20 2160
118da70b 2161 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2162 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2163 MGMT_STATUS_INVALID_PARAMS,
2164 &rp, sizeof(rp));
118da70b 2165
4ee71b20
JH		 2166 hci_dev_lock(hdev);
2167
86a8cfc6 2168 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2169 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2170 MGMT_STATUS_NOT_POWERED, &rp,
2171 sizeof(rp));
86a8cfc6
JH		 2172 goto unlock;
2173 }
2174
e0b2b27e 2175 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2176 /* If disconnection is requested, then look up the
2177 * connection. If the remote device is connected, it
2178 * will be later used to terminate the link.
2179 *
2180 * Setting it to NULL explicitly will cause no
2181 * termination of the link.
2182 */
2183 if (cp->disconnect)
2184 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2185 &cp->addr.bdaddr);
2186 else
2187 conn = NULL;
2188
124f6e35 2189 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
ec182f03
JH		 2190 if (err < 0) {
2191 err = mgmt_cmd_complete(sk, hdev->id,
2192 MGMT_OP_UNPAIR_DEVICE,
2193 MGMT_STATUS_NOT_PAIRED, &rp,
2194 sizeof(rp));
2195 goto unlock;
89cbb063
AA		 2196 }
2197
ec182f03 2198 goto done;
e0b2b27e 2199 }
b0dbfb46 2200
ec182f03
JH		 2201 /* LE address type */
2202 addr_type = le_addr_type(cp->addr.type);
2203
2204 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2205
2206 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
55ed8ca1 2207 if (err < 0) {
2a1afb5a
JH		 2208 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2209 MGMT_STATUS_NOT_PAIRED, &rp,
2210 sizeof(rp));
55ed8ca1
JH		 2211 goto unlock;
2212 }
2213
ec182f03
JH		 2214 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2215 if (!conn) {
2216 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2217 goto done;
2218 }
2219
c81d555a
JH		 2220 /* Abort any ongoing SMP pairing */
2221 smp_cancel_pairing(conn);
2222
ec182f03
JH		 2223 /* Defer clearing up the connection parameters until closing to
2224 * give a chance of keeping them if a repairing happens.
2225 */
2226 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2227
fc64361a
JH		 2228 /* Disable auto-connection parameters if present */
2229 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2230 if (params) {
2231 if (params->explicit_connect)
2232 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2233 else
2234 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2235 }
2236
ec182f03
JH		 2237 /* If disconnection is not requested, then clear the connection
2238 * variable so that the link is not terminated.
2239 */
2240 if (!cp->disconnect)
2241 conn = NULL;
2242
2243done:
89cbb063
AA		 2244 /* If the connection variable is set, then termination of the
2245 * link is requested.
2246 */
a8a1d19e 2247 if (!conn) {
2a1afb5a
JH		 2248 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2249 &rp, sizeof(rp));
b1078ad0 2250 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2251 goto unlock;
2252 }
55ed8ca1 2253
124f6e35 2254 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2255 sizeof(*cp));
a8a1d19e
JH		 2256 if (!cmd) {
2257 err = -ENOMEM;
2258 goto unlock;
55ed8ca1
JH		 2259 }
2260
d8b7b1e4
JH		 2261 cmd->cmd_complete = addr_cmd_complete;
2262
89e0ccc8 2263 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
a8a1d19e
JH		 2264 if (err < 0)
2265 mgmt_pending_remove(cmd);
2266
55ed8ca1 2267unlock:
09fd0de5 2268 hci_dev_unlock(hdev);
55ed8ca1
JH		 2269 return err;
2270}
2271
bdb6d971 2272static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2273 u16 len)
8962ee74 2274{
650f726d 2275 struct mgmt_cp_disconnect *cp = data;
06a63b19 2276 struct mgmt_rp_disconnect rp;
3b0602cd 2277 struct mgmt_pending_cmd *cmd;
8962ee74 2278 struct hci_conn *conn;
8962ee74
JH		 2279 int err;
2280
2281 BT_DBG("");
2282
06a63b19
JH		 2283 memset(&rp, 0, sizeof(rp));
2284 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2285 rp.addr.type = cp->addr.type;
2286
4ee71b20 2287 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2288 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2289 MGMT_STATUS_INVALID_PARAMS,
2290 &rp, sizeof(rp));
4ee71b20 2291
09fd0de5 2292 hci_dev_lock(hdev);
8962ee74
JH		 2293
2294 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2295 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2296 MGMT_STATUS_NOT_POWERED, &rp,
2297 sizeof(rp));
8962ee74
JH		 2298 goto failed;
2299 }
2300
333ae95d 2301 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2302 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2303 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2304 goto failed;
2305 }
2306
591f47f3 2307 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2308 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2309 &cp->addr.bdaddr);
88c3df13 2310 else
9d4c1cc1
JH		 2311 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2312 le_addr_type(cp->addr.type));
365227e5 2313
f960727e 2314 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2315 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2316 MGMT_STATUS_NOT_CONNECTED, &rp,
2317 sizeof(rp));
8962ee74
JH		 2318 goto failed;
2319 }
2320
2e58ef3e 2321 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2322 if (!cmd) {
2323 err = -ENOMEM;
8962ee74 2324 goto failed;
366a0336 2325 }
8962ee74 2326
f5818c22
JH		 2327 cmd->cmd_complete = generic_cmd_complete;
2328
e3f2f92a 2329 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2330 if (err < 0)
a664b5bc 2331 mgmt_pending_remove(cmd);
8962ee74
JH		 2332
2333failed:
09fd0de5 2334 hci_dev_unlock(hdev);
8962ee74
JH		 2335 return err;
2336}
2337
57c1477c 2338static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2339{
2340 switch (link_type) {
2341 case LE_LINK:
48264f06
JH		 2342 switch (addr_type) {
2343 case ADDR_LE_DEV_PUBLIC:
591f47f3 2344 return BDADDR_LE_PUBLIC;
0ed09148 2345
48264f06 2346 default:
0ed09148 2347 /* Fallback to LE Random address type */
591f47f3 2348 return BDADDR_LE_RANDOM;
48264f06 2349 }
0ed09148 2350
4c659c39 2351 default:
0ed09148 2352 /* Fallback to BR/EDR type */
591f47f3 2353 return BDADDR_BREDR;
4c659c39
JH		 2354 }
2355}
2356
04124681
GP		 2357static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2358 u16 data_len)
2784eb41 2359{
2784eb41 2360 struct mgmt_rp_get_connections *rp;
8035ded4 2361 struct hci_conn *c;
a38528f1 2362 size_t rp_len;
60fc5fb6
JH		 2363 int err;
2364 u16 i;
2784eb41
JH		 2365
2366 BT_DBG("");
2367
09fd0de5 2368 hci_dev_lock(hdev);
2784eb41 2369
5f97c1df 2370 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2371 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2372 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2373 goto unlock;
2374 }
2375
60fc5fb6 2376 i = 0;
b644ba33
JH		 2377 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2378 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2379 i++;
2784eb41
JH		 2380 }
2381
60fc5fb6 2382 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2383 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2384 if (!rp) {
2784eb41
JH		 2385 err = -ENOMEM;
2386 goto unlock;
2387 }
2388
2784eb41 2389 i = 0;
4c659c39 2390 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2391 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2392 continue;
4c659c39 2393 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2394 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2395 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2396 continue;
2397 i++;
2398 }
2399
eb55ef07 2400 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2401
4c659c39
JH		 2402 /* Recalculate length in case of filtered SCO connections, etc */
2403 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2404
2a1afb5a
JH		 2405 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2406 rp_len);
2784eb41 2407
a38528f1 2408 kfree(rp);
5f97c1df
JH		 2409
2410unlock:
09fd0de5 2411 hci_dev_unlock(hdev);
2784eb41
JH		 2412 return err;
2413}
2414
bdb6d971 2415static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2416 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 2417{
3b0602cd 2418 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 2419 int err;
2420
2e58ef3e 2421 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2422 sizeof(*cp));
96d97a67
WR		 2423 if (!cmd)
2424 return -ENOMEM;
2425
d8457698 2426 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2427 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2428 if (err < 0)
2429 mgmt_pending_remove(cmd);
2430
2431 return err;
2432}
2433
bdb6d971 2434static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2435 u16 len)
980e1a53 2436{
96d97a67 2437 struct hci_conn *conn;
650f726d 2438 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2439 struct hci_cp_pin_code_reply reply;
3b0602cd 2440 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 2441 int err;
2442
2443 BT_DBG("");
2444
09fd0de5 2445 hci_dev_lock(hdev);
980e1a53 2446
4b34ee78 2447 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2448 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2449 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2450 goto failed;
2451 }
2452
d8457698 2453 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2454 if (!conn) {
a69e8375
JH		 2455 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2456 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2457 goto failed;
2458 }
2459
2460 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2461 struct mgmt_cp_pin_code_neg_reply ncp;
2462
2463 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2464
2465 BT_ERR("PIN code is not 16 bytes long");
2466
bdb6d971 2467 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2468 if (err >= 0)
a69e8375
JH		 2469 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2470 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2471
2472 goto failed;
2473 }
2474
00abfe44 2475 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2476 if (!cmd) {
2477 err = -ENOMEM;
980e1a53 2478 goto failed;
366a0336 2479 }
980e1a53 2480
7776d1d8
JH		 2481 cmd->cmd_complete = addr_cmd_complete;
2482
d8457698 2483 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2484 reply.pin_len = cp->pin_len;
24718ca5 2485 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2486
2487 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2488 if (err < 0)
a664b5bc 2489 mgmt_pending_remove(cmd);
980e1a53
JH		 2490
2491failed:
09fd0de5 2492 hci_dev_unlock(hdev);
980e1a53
JH		 2493 return err;
2494}
2495
04124681
GP		 2496static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2497 u16 len)
17fa4b9d 2498{
650f726d 2499 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2500
2501 BT_DBG("");
2502
4ec86d4c 2503 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 2504 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2505 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 2506
09fd0de5 2507 hci_dev_lock(hdev);
17fa4b9d
JH		 2508
2509 hdev->io_capability = cp->io_capability;
2510
2511 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2512 hdev->io_capability);
17fa4b9d 2513
09fd0de5 2514 hci_dev_unlock(hdev);
17fa4b9d 2515
2a1afb5a
JH		 2516 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2517 NULL, 0);
17fa4b9d
JH		 2518}
2519
3b0602cd 2520static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2521{
2522 struct hci_dev *hdev = conn->hdev;
3b0602cd 2523 struct mgmt_pending_cmd *cmd;
e9a416b5 2524
2e58ef3e 2525 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2526 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2527 continue;
2528
e9a416b5
JH		 2529 if (cmd->user_data != conn)
2530 continue;
2531
2532 return cmd;
2533 }
2534
2535 return NULL;
2536}
2537
3b0602cd 2538static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 2539{
2540 struct mgmt_rp_pair_device rp;
2541 struct hci_conn *conn = cmd->user_data;
9df74653 2542 int err;
e9a416b5 2543
61b1a7fb
JH		 2544 bacpy(&rp.addr.bdaddr, &conn->dst);
2545 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2546
2a1afb5a
JH		 2547 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2548 status, &rp, sizeof(rp));
e9a416b5
JH		 2549
2550 /* So we don't get further callbacks for this connection */
2551 conn->connect_cfm_cb = NULL;
2552 conn->security_cfm_cb = NULL;
2553 conn->disconn_cfm_cb = NULL;
2554
76a68ba0 2555 hci_conn_drop(conn);
89cbb063
AA		 2556
2557 /* The device is paired so there is no need to remove
2558 * its connection parameters anymore.
2559 */
2560 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 2561
2562 hci_conn_put(conn);
9df74653
JH		 2563
2564 return err;
e9a416b5
JH		 2565}
2566
f4a407be
JH		 2567void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2568{
2569 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 2570 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 2571
2572 cmd = find_pairing(conn);
a511b35b 2573 if (cmd) {
04ab2749 2574 cmd->cmd_complete(cmd, status);
a511b35b
JH		 2575 mgmt_pending_remove(cmd);
2576 }
f4a407be
JH		 2577}
2578
e9a416b5
JH		 2579static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2580{
3b0602cd 2581 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2582
2583 BT_DBG("status %u", status);
2584
2585 cmd = find_pairing(conn);
a511b35b 2586 if (!cmd) {
e9a416b5 2587 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2588 return;
2589 }
2590
2591 cmd->cmd_complete(cmd, mgmt_status(status));
2592 mgmt_pending_remove(cmd);
e9a416b5
JH		 2593}
2594
f4a407be 2595static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 2596{
3b0602cd 2597 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 2598
2599 BT_DBG("status %u", status);
2600
2601 if (!status)
2602 return;
2603
2604 cmd = find_pairing(conn);
a511b35b 2605 if (!cmd) {
4c47d739 2606 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2607 return;
2608 }
2609
2610 cmd->cmd_complete(cmd, mgmt_status(status));
2611 mgmt_pending_remove(cmd);
4c47d739
VA		 2612}
2613
bdb6d971 2614static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2615 u16 len)
e9a416b5 2616{
650f726d 2617 struct mgmt_cp_pair_device *cp = data;
1425acb7 2618 struct mgmt_rp_pair_device rp;
3b0602cd 2619 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2620 u8 sec_level, auth_type;
2621 struct hci_conn *conn;
e9a416b5
JH		 2622 int err;
2623
2624 BT_DBG("");
2625
f950a30e
SJ		 2626 memset(&rp, 0, sizeof(rp));
2627 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2628 rp.addr.type = cp->addr.type;
2629
4ee71b20 2630 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2631 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2632 MGMT_STATUS_INVALID_PARAMS,
2633 &rp, sizeof(rp));
4ee71b20 2634
4ec86d4c 2635 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 2636 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2637 MGMT_STATUS_INVALID_PARAMS,
2638 &rp, sizeof(rp));
4ec86d4c 2639
09fd0de5 2640 hci_dev_lock(hdev);
e9a416b5 2641
5f97c1df 2642 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2643 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2644 MGMT_STATUS_NOT_POWERED, &rp,
2645 sizeof(rp));
5f97c1df
JH		 2646 goto unlock;
2647 }
2648
55e76b38
JH		 2649 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2650 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2651 MGMT_STATUS_ALREADY_PAIRED, &rp,
2652 sizeof(rp));
2653 goto unlock;
2654 }
2655
c908df36 2656 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2657 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2658
6f77d8c7 2659 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2660 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2661 auth_type);
6f77d8c7 2662 } else {
85813a7e 2663 u8 addr_type = le_addr_type(cp->addr.type);
5157b8a5 2664 struct hci_conn_params *p;
6f77d8c7 2665
7c264b10
MH		 2666 /* When pairing a new device, it is expected to remember
2667 * this device for future connections. Adding the connection
2668 * parameter information ahead of time allows tracking
2669 * of the slave preferred values and will speed up any
2670 * further connection establishment.
2671 *
2672 * If connection parameters already exist, then they
2673 * will be kept and this function does nothing.
2674 */
5157b8a5
JP		 2675 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2676
2677 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2678 p->auto_connect = HCI_AUTO_CONN_DISABLED;
7c264b10 2679
fa142220
JP		 2680 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2681 addr_type, sec_level,
0ad06aa6 2682 HCI_LE_CONN_TIMEOUT);
6f77d8c7 2683 }
7a512d01 2684
30e76272 2685 if (IS_ERR(conn)) {
489dc48e
AK		 2686 int status;
2687
2688 if (PTR_ERR(conn) == -EBUSY)
2689 status = MGMT_STATUS_BUSY;
faa81030
LR		 2690 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2691 status = MGMT_STATUS_NOT_SUPPORTED;
2692 else if (PTR_ERR(conn) == -ECONNREFUSED)
2693 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 2694 else
2695 status = MGMT_STATUS_CONNECT_FAILED;
2696
2a1afb5a
JH		 2697 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2698 status, &rp, sizeof(rp));
e9a416b5
JH		 2699 goto unlock;
2700 }
2701
2702 if (conn->connect_cfm_cb) {
76a68ba0 2703 hci_conn_drop(conn);
2a1afb5a
JH		 2704 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2705 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2706 goto unlock;
2707 }
2708
2e58ef3e 2709 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2710 if (!cmd) {
2711 err = -ENOMEM;
76a68ba0 2712 hci_conn_drop(conn);
e9a416b5
JH		 2713 goto unlock;
2714 }
2715
04ab2749
JH		 2716 cmd->cmd_complete = pairing_complete;
2717
7a512d01 2718 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2719 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2720 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2721 conn->security_cfm_cb = pairing_complete_cb;
2722 conn->disconn_cfm_cb = pairing_complete_cb;
2723 } else {
2724 conn->connect_cfm_cb = le_pairing_complete_cb;
2725 conn->security_cfm_cb = le_pairing_complete_cb;
2726 conn->disconn_cfm_cb = le_pairing_complete_cb;
2727 }
7a512d01 2728
e9a416b5 2729 conn->io_capability = cp->io_cap;
f8aaf9b6 2730 cmd->user_data = hci_conn_get(conn);
e9a416b5 2731
6f78fd4b 2732 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 2733 hci_conn_security(conn, sec_level, auth_type, true)) {
2734 cmd->cmd_complete(cmd, 0);
2735 mgmt_pending_remove(cmd);
2736 }
e9a416b5
JH		 2737
2738 err = 0;
2739
2740unlock:
09fd0de5 2741 hci_dev_unlock(hdev);
e9a416b5
JH		 2742 return err;
2743}
2744
04124681
GP		 2745static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2746 u16 len)
28424707 2747{
0f4e68cf 2748 struct mgmt_addr_info *addr = data;
3b0602cd 2749 struct mgmt_pending_cmd *cmd;
28424707
JH		 2750 struct hci_conn *conn;
2751 int err;
2752
2753 BT_DBG("");
2754
28424707
JH		 2755 hci_dev_lock(hdev);
2756
5f97c1df 2757 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2758 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2759 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2760 goto unlock;
2761 }
2762
333ae95d 2763 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 2764 if (!cmd) {
a69e8375
JH		 2765 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2766 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2767 goto unlock;
2768 }
2769
2770 conn = cmd->user_data;
2771
2772 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 2773 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2774 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2775 goto unlock;
2776 }
2777
a511b35b
JH		 2778 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
2779 mgmt_pending_remove(cmd);
28424707 2780
2a1afb5a
JH		 2781 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2782 addr, sizeof(*addr));
28424707
JH		 2783unlock:
2784 hci_dev_unlock(hdev);
28424707
JH		 2785 return err;
2786}
2787
bdb6d971 2788static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2789 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2790 u16 hci_op, __le32 passkey)
a5c29683 2791{
3b0602cd 2792 struct mgmt_pending_cmd *cmd;
0df4c185 2793 struct hci_conn *conn;
a5c29683
JH		 2794 int err;
2795
09fd0de5 2796 hci_dev_lock(hdev);
08ba5382 2797
4b34ee78 2798 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2799 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2800 MGMT_STATUS_NOT_POWERED, addr,
2801 sizeof(*addr));
0df4c185 2802 goto done;
a5c29683
JH		 2803 }
2804
1707c60e
JH		 2805 if (addr->type == BDADDR_BREDR)
2806 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2807 else
9d4c1cc1
JH		 2808 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
2809 le_addr_type(addr->type));
272d90df
JH		 2810
2811 if (!conn) {
2a1afb5a
JH		 2812 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2813 MGMT_STATUS_NOT_CONNECTED, addr,
2814 sizeof(*addr));
272d90df
JH		 2815 goto done;
2816 }
47c15e2b 2817
1707c60e 2818 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 2819 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 2820 if (!err)
2a1afb5a
JH		 2821 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2822 MGMT_STATUS_SUCCESS, addr,
2823 sizeof(*addr));
5fe57d9e 2824 else
2a1afb5a
JH		 2825 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2826 MGMT_STATUS_FAILED, addr,
2827 sizeof(*addr));
47c15e2b 2828
47c15e2b
BG		 2829 goto done;
2830 }
2831
1707c60e 2832 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2833 if (!cmd) {
2834 err = -ENOMEM;
0df4c185 2835 goto done;
a5c29683
JH		 2836 }
2837
7776d1d8
JH		 2838 cmd->cmd_complete = addr_cmd_complete;
2839
0df4c185 2840 /* Continue with pairing via HCI */
604086b7
BG		 2841 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2842 struct hci_cp_user_passkey_reply cp;
2843
1707c60e 2844 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2845 cp.passkey = passkey;
2846 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2847 } else
1707c60e
JH		 2848 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2849 &addr->bdaddr);
604086b7 2850
a664b5bc
JH		 2851 if (err < 0)
2852 mgmt_pending_remove(cmd);
a5c29683 2853
0df4c185 2854done:
09fd0de5 2855 hci_dev_unlock(hdev);
a5c29683
JH		 2856 return err;
2857}
2858
afeb019d
JK		 2859static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2860 void *data, u16 len)
2861{
2862 struct mgmt_cp_pin_code_neg_reply *cp = data;
2863
2864 BT_DBG("");
2865
1707c60e 2866 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2867 MGMT_OP_PIN_CODE_NEG_REPLY,
2868 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2869}
2870
04124681
GP		 2871static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2872 u16 len)
0df4c185 2873{
650f726d 2874 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2875
2876 BT_DBG("");
2877
2878 if (len != sizeof(*cp))
a69e8375
JH		 2879 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2880 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2881
1707c60e 2882 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2883 MGMT_OP_USER_CONFIRM_REPLY,
2884 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2885}
2886
bdb6d971 2887static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2888 void *data, u16 len)
0df4c185 2889{
c9c2659f 2890 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2891
2892 BT_DBG("");
2893
1707c60e 2894 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2895 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2896 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2897}
2898
04124681
GP		 2899static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2900 u16 len)
604086b7 2901{
650f726d 2902 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2903
2904 BT_DBG("");
2905
1707c60e 2906 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2907 MGMT_OP_USER_PASSKEY_REPLY,
2908 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2909}
2910
bdb6d971 2911static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2912 void *data, u16 len)
604086b7 2913{
650f726d 2914 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2915
2916 BT_DBG("");
2917
1707c60e 2918 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2919 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2920 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2921}
2922
1904a853 2923static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 2924{
2925 struct mgmt_cp_set_local_name *cp;
3b0602cd 2926 struct mgmt_pending_cmd *cmd;
13928971
JH		 2927
2928 BT_DBG("status 0x%02x", status);
2929
2930 hci_dev_lock(hdev);
2931
333ae95d 2932 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 2933 if (!cmd)
2934 goto unlock;
2935
2936 cp = cmd->param;
2937
2938 if (status)
a69e8375
JH		 2939 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2940 mgmt_status(status));
13928971 2941 else
2a1afb5a
JH		 2942 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2943 cp, sizeof(*cp));
13928971
JH		 2944
2945 mgmt_pending_remove(cmd);
2946
2947unlock:
2948 hci_dev_unlock(hdev);
2949}
2950
bdb6d971 2951static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2952 u16 len)
b312b161 2953{
2b4bf397 2954 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 2955 struct mgmt_pending_cmd *cmd;
890ea898 2956 struct hci_request req;
b312b161
JH		 2957 int err;
2958
2959 BT_DBG("");
2960
09fd0de5 2961 hci_dev_lock(hdev);
b312b161 2962
b3f2ca94
JH		 2963 /* If the old values are the same as the new ones just return a
2964 * direct command complete event.
2965 */
2966 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2967 !memcmp(hdev->short_name, cp->short_name,
2968 sizeof(hdev->short_name))) {
2a1afb5a
JH		 2969 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2970 data, len);
b3f2ca94
JH		 2971 goto failed;
2972 }
2973
2b4bf397 2974 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2975
b5235a65 2976 if (!hdev_is_powered(hdev)) {
2b4bf397 2977 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 2978
2a1afb5a
JH		 2979 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2980 data, len);
28cc7bde
JH		 2981 if (err < 0)
2982 goto failed;
2983
f6b7712e
MH		 2984 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
2985 data, len, sk);
28cc7bde 2986
b5235a65
JH		 2987 goto failed;
2988 }
2989
28cc7bde 2990 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2991 if (!cmd) {
2992 err = -ENOMEM;
2993 goto failed;
2994 }
2995
13928971
JH		 2996 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2997
890ea898 2998 hci_req_init(&req, hdev);
3f985050
JH		 2999
3000 if (lmp_bredr_capable(hdev)) {
00cf5040 3001 __hci_req_update_name(&req);
b1a8917c 3002 __hci_req_update_eir(&req);
3f985050
JH		 3003 }
3004
7a5f4990
MH		 3005 /* The name is stored in the scan response data and so
3006 * no need to udpate the advertising data here.
3007 */
3f985050 3008 if (lmp_le_capable(hdev))
cab054ab 3009 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3f985050 3010
13928971 3011 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3012 if (err < 0)
3013 mgmt_pending_remove(cmd);
3014
3015failed:
09fd0de5 3016 hci_dev_unlock(hdev);
b312b161
JH		 3017 return err;
3018}
3019
1b9441f8
JH		 3020static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3021 u16 opcode, struct sk_buff *skb)
3022{
3023 struct mgmt_rp_read_local_oob_data mgmt_rp;
3024 size_t rp_size = sizeof(mgmt_rp);
3025 struct mgmt_pending_cmd *cmd;
3026
3027 BT_DBG("%s status %u", hdev->name, status);
3028
3029 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3030 if (!cmd)
3031 return;
3032
3033 if (status || !skb) {
3034 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3035 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3036 goto remove;
3037 }
3038
3039 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3040
3041 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3042 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3043
3044 if (skb->len < sizeof(*rp)) {
3045 mgmt_cmd_status(cmd->sk, hdev->id,
3046 MGMT_OP_READ_LOCAL_OOB_DATA,
3047 MGMT_STATUS_FAILED);
3048 goto remove;
3049 }
3050
3051 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3052 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3053
3054 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3055 } else {
3056 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3057
3058 if (skb->len < sizeof(*rp)) {
3059 mgmt_cmd_status(cmd->sk, hdev->id,
3060 MGMT_OP_READ_LOCAL_OOB_DATA,
3061 MGMT_STATUS_FAILED);
3062 goto remove;
3063 }
3064
3065 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3066 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3067
3068 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3069 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3070 }
3071
3072 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3073 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3074
3075remove:
3076 mgmt_pending_remove(cmd);
3077}
3078
0f4e68cf 3079static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3080 void *data, u16 data_len)
c35938b2 3081{
3b0602cd 3082 struct mgmt_pending_cmd *cmd;
1b9441f8 3083 struct hci_request req;
c35938b2
SJ		 3084 int err;
3085
bdb6d971 3086 BT_DBG("%s", hdev->name);
c35938b2 3087
09fd0de5 3088 hci_dev_lock(hdev);
c35938b2 3089
4b34ee78 3090 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3091 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3092 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3093 goto unlock;
3094 }
3095
9a1a1996 3096 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3097 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3098 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3099 goto unlock;
3100 }
3101
333ae95d 3102 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3103 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3104 MGMT_STATUS_BUSY);
c35938b2
SJ		 3105 goto unlock;
3106 }
3107
2e58ef3e 3108 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3109 if (!cmd) {
3110 err = -ENOMEM;
3111 goto unlock;
3112 }
3113
1b9441f8
JH		 3114 hci_req_init(&req, hdev);
3115
710f11c0 3116 if (bredr_sc_enabled(hdev))
1b9441f8 3117 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4d2d2796 3118 else
1b9441f8 3119 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4d2d2796 3120
1b9441f8 3121 err = hci_req_run_skb(&req, read_local_oob_data_complete);
c35938b2
SJ		 3122 if (err < 0)
3123 mgmt_pending_remove(cmd);
3124
3125unlock:
09fd0de5 3126 hci_dev_unlock(hdev);
c35938b2
SJ		 3127 return err;
3128}
3129
bdb6d971 3130static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3131 void *data, u16 len)
2763eda6 3132{
5d57e796 3133 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3134 int err;
3135
bdb6d971 3136 BT_DBG("%s ", hdev->name);
2763eda6 3137
5d57e796 3138 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3139 return mgmt_cmd_complete(sk, hdev->id,
3140 MGMT_OP_ADD_REMOTE_OOB_DATA,
3141 MGMT_STATUS_INVALID_PARAMS,
3142 addr, sizeof(*addr));
5d57e796 3143
09fd0de5 3144 hci_dev_lock(hdev);
2763eda6 3145
ec109113
MH		 3146 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3147 struct mgmt_cp_add_remote_oob_data *cp = data;
3148 u8 status;
bf1e3541 3149
c19a495c 3150 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3151 err = mgmt_cmd_complete(sk, hdev->id,
3152 MGMT_OP_ADD_REMOTE_OOB_DATA,
3153 MGMT_STATUS_INVALID_PARAMS,
3154 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3155 goto unlock;
3156 }
3157
ec109113 3158 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3159 cp->addr.type, cp->hash,
3160 cp->rand, NULL, NULL);
ec109113
MH		 3161 if (err < 0)
3162 status = MGMT_STATUS_FAILED;
3163 else
3164 status = MGMT_STATUS_SUCCESS;
3165
2a1afb5a
JH		 3166 err = mgmt_cmd_complete(sk, hdev->id,
3167 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3168 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3169 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3170 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3171 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3172 u8 status;
3173
86df9200 3174 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3175 /* Enforce zero-valued 192-bit parameters as
3176 * long as legacy SMP OOB isn't implemented.
3177 */
3178 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3179 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3180 err = mgmt_cmd_complete(sk, hdev->id,
3181 MGMT_OP_ADD_REMOTE_OOB_DATA,
3182 MGMT_STATUS_INVALID_PARAMS,
3183 addr, sizeof(*addr));
d25b78e2
JH		 3184 goto unlock;
3185 }
3186
86df9200
JH		 3187 rand192 = NULL;
3188 hash192 = NULL;
3189 } else {
41bcfd50
MH		 3190 /* In case one of the P-192 values is set to zero,
3191 * then just disable OOB data for P-192.
3192 */
3193 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3194 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3195 rand192 = NULL;
3196 hash192 = NULL;
3197 } else {
3198 rand192 = cp->rand192;
3199 hash192 = cp->hash192;
3200 }
3201 }
3202
3203 /* In case one of the P-256 values is set to zero, then just
3204 * disable OOB data for P-256.
3205 */
3206 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3207 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3208 rand256 = NULL;
3209 hash256 = NULL;
3210 } else {
3211 rand256 = cp->rand256;
3212 hash256 = cp->hash256;
86df9200
JH		 3213 }
3214
81328d5c 3215 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3216 cp->addr.type, hash192, rand192,
41bcfd50 3217 hash256, rand256);
ec109113
MH		 3218 if (err < 0)
3219 status = MGMT_STATUS_FAILED;
3220 else
3221 status = MGMT_STATUS_SUCCESS;
3222
2a1afb5a
JH		 3223 err = mgmt_cmd_complete(sk, hdev->id,
3224 MGMT_OP_ADD_REMOTE_OOB_DATA,
3225 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3226 } else {
3227 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3228 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3229 MGMT_STATUS_INVALID_PARAMS);
ec109113 3230 }
2763eda6 3231
c19a495c 3232unlock:
09fd0de5 3233 hci_dev_unlock(hdev);
2763eda6
SJ		 3234 return err;
3235}
3236
bdb6d971 3237static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3238 void *data, u16 len)
2763eda6 3239{
650f726d 3240 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3241 u8 status;
2763eda6
SJ		 3242 int err;
3243
bdb6d971 3244 BT_DBG("%s", hdev->name);
2763eda6 3245
c19a495c 3246 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3247 return mgmt_cmd_complete(sk, hdev->id,
3248 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3249 MGMT_STATUS_INVALID_PARAMS,
3250 &cp->addr, sizeof(cp->addr));
c19a495c 3251
09fd0de5 3252 hci_dev_lock(hdev);
2763eda6 3253
eedbd581
JH		 3254 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3255 hci_remote_oob_data_clear(hdev);
3256 status = MGMT_STATUS_SUCCESS;
3257 goto done;
3258 }
3259
6928a924 3260 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3261 if (err < 0)
bf1e3541 3262 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3263 else
a6785be2 3264 status = MGMT_STATUS_SUCCESS;
bf1e3541 3265
eedbd581 3266done:
2a1afb5a
JH		 3267 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3268 status, &cp->addr, sizeof(cp->addr));
2763eda6 3269
09fd0de5 3270 hci_dev_unlock(hdev);
2763eda6
SJ		 3271 return err;
3272}
3273
e68f072b 3274void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
7c307720 3275{
3b0602cd 3276 struct mgmt_pending_cmd *cmd;
ae55f598 3277
7c307720
AG		 3278 BT_DBG("status %d", status);
3279
11e6e25d 3280 hci_dev_lock(hdev);
41dc2bd6 3281
333ae95d 3282 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 3283 if (!cmd)
333ae95d 3284 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 3285
11e6e25d 3286 if (cmd) {
2922a94f 3287 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3288 mgmt_pending_remove(cmd);
3289 }
7c307720 3290
11e6e25d 3291 hci_dev_unlock(hdev);
7c307720
AG		 3292}
3293
591752af
JH		 3294static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3295 uint8_t *mgmt_status)
3296{
3297 switch (type) {
3298 case DISCOV_TYPE_LE:
3299 *mgmt_status = mgmt_le_support(hdev);
3300 if (*mgmt_status)
3301 return false;
3302 break;
3303 case DISCOV_TYPE_INTERLEAVED:
3304 *mgmt_status = mgmt_le_support(hdev);
3305 if (*mgmt_status)
3306 return false;
3307 /* Intentional fall-through */
3308 case DISCOV_TYPE_BREDR:
3309 *mgmt_status = mgmt_bredr_support(hdev);
3310 if (*mgmt_status)
3311 return false;
3312 break;
3313 default:
3314 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3315 return false;
3316 }
3317
3318 return true;
3319}
3320
bdb6d971 3321static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3322 void *data, u16 len)
14a53664 3323{
650f726d 3324 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 3325 struct mgmt_pending_cmd *cmd;
8019044d 3326 u8 status;
14a53664
JH		 3327 int err;
3328
bdb6d971 3329 BT_DBG("%s", hdev->name);
14a53664 3330
09fd0de5 3331 hci_dev_lock(hdev);
14a53664 3332
4b34ee78 3333 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3334 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3335 MGMT_STATUS_NOT_POWERED,
3336 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3337 goto failed;
3338 }
3339
f5a969f2 3340 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 3341 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 3342 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3343 MGMT_STATUS_BUSY, &cp->type,
3344 sizeof(cp->type));
642be6c7
AG		 3345 goto failed;
3346 }
3347
591752af
JH		 3348 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3349 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3350 status, &cp->type, sizeof(cp->type));
3351 goto failed;
3352 }
3353
22078800
MH		 3354 /* Clear the discovery filter first to free any previously
3355 * allocated memory for the UUID list.
3356 */
3357 hci_discovery_filter_clear(hdev);
3358
4aab14e5 3359 hdev->discovery.type = cp->type;
da25cf6a 3360 hdev->discovery.report_invalid_rssi = false;
4aab14e5 3361
e68f072b
JH		 3362 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
3363 if (!cmd) {
3364 err = -ENOMEM;
04106755 3365 goto failed;
f39799f5 3366 }
04106755 3367
e68f072b 3368 cmd->cmd_complete = generic_cmd_complete;
7c307720 3369
f5a969f2 3370 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 3371 queue_work(hdev->req_workqueue, &hdev->discov_update);
3372 err = 0;
7c307720 3373
14a53664 3374failed:
09fd0de5 3375 hci_dev_unlock(hdev);
14a53664
JH		 3376 return err;
3377}
f39799f5 3378
3b0602cd
JH		 3379static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3380 u8 status)
2922a94f 3381{
2a1afb5a
JH		 3382 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3383 cmd->param, 1);
2922a94f 3384}
04106755 3385
66ea9427
JP		 3386static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3387 void *data, u16 len)
3388{
3389 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 3390 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 3391 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3392 u16 uuid_count, expected_len;
3393 u8 status;
3394 int err;
04106755 3395
66ea9427 3396 BT_DBG("%s", hdev->name);
e8bb6b97 3397
66ea9427 3398 hci_dev_lock(hdev);
7c307720 3399
66ea9427 3400 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3401 err = mgmt_cmd_complete(sk, hdev->id,
3402 MGMT_OP_START_SERVICE_DISCOVERY,
3403 MGMT_STATUS_NOT_POWERED,
3404 &cp->type, sizeof(cp->type));
66ea9427
JP		 3405 goto failed;
3406 }
7c307720 3407
66ea9427 3408 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 3409 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 3410 err = mgmt_cmd_complete(sk, hdev->id,
3411 MGMT_OP_START_SERVICE_DISCOVERY,
3412 MGMT_STATUS_BUSY, &cp->type,
3413 sizeof(cp->type));
66ea9427
JP		 3414 goto failed;
3415 }
d9483943 3416
66ea9427
JP		 3417 uuid_count = __le16_to_cpu(cp->uuid_count);
3418 if (uuid_count > max_uuid_count) {
3419 BT_ERR("service_discovery: too big uuid_count value %u",
3420 uuid_count);
2a1afb5a
JH		 3421 err = mgmt_cmd_complete(sk, hdev->id,
3422 MGMT_OP_START_SERVICE_DISCOVERY,
3423 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3424 sizeof(cp->type));
66ea9427
JP		 3425 goto failed;
3426 }
3427
3428 expected_len = sizeof(*cp) + uuid_count * 16;
3429 if (expected_len != len) {
3430 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
3431 expected_len, len);
2a1afb5a
JH		 3432 err = mgmt_cmd_complete(sk, hdev->id,
3433 MGMT_OP_START_SERVICE_DISCOVERY,
3434 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3435 sizeof(cp->type));
66ea9427
JP		 3436 goto failed;
3437 }
3438
591752af
JH		 3439 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3440 err = mgmt_cmd_complete(sk, hdev->id,
3441 MGMT_OP_START_SERVICE_DISCOVERY,
3442 status, &cp->type, sizeof(cp->type));
3443 goto failed;
3444 }
3445
66ea9427 3446 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 3447 hdev, data, len);
66ea9427
JP		 3448 if (!cmd) {
3449 err = -ENOMEM;
3450 goto failed;
3451 }
3452
2922a94f
JH		 3453 cmd->cmd_complete = service_discovery_cmd_complete;
3454
22078800
MH		 3455 /* Clear the discovery filter first to free any previously
3456 * allocated memory for the UUID list.
3457 */
3458 hci_discovery_filter_clear(hdev);
3459
82f8b651 3460 hdev->discovery.result_filtering = true;
66ea9427
JP		 3461 hdev->discovery.type = cp->type;
3462 hdev->discovery.rssi = cp->rssi;
3463 hdev->discovery.uuid_count = uuid_count;
3464
3465 if (uuid_count > 0) {
3466 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
3467 GFP_KERNEL);
3468 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 3469 err = mgmt_cmd_complete(sk, hdev->id,
3470 MGMT_OP_START_SERVICE_DISCOVERY,
3471 MGMT_STATUS_FAILED,
3472 &cp->type, sizeof(cp->type));
d9483943
JH		 3473 mgmt_pending_remove(cmd);
3474 goto failed;
3475 }
66ea9427 3476 }
d9483943 3477
66ea9427 3478 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 3479 queue_work(hdev->req_workqueue, &hdev->discov_update);
3480 err = 0;
14a53664
JH		 3481
3482failed:
09fd0de5 3483 hci_dev_unlock(hdev);
14a53664
JH		 3484 return err;
3485}
3486
2154d3f4 3487void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca 3488{
3b0602cd 3489 struct mgmt_pending_cmd *cmd;
1183fdca 3490
0e05bba6
AG		 3491 BT_DBG("status %d", status);
3492
3493 hci_dev_lock(hdev);
3494
333ae95d 3495 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 3496 if (cmd) {
2922a94f 3497 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 3498 mgmt_pending_remove(cmd);
0e05bba6
AG		 3499 }
3500
0e05bba6
AG		 3501 hci_dev_unlock(hdev);
3502}
3503
bdb6d971 3504static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3505 u16 len)
14a53664 3506{
d930650b 3507 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 3508 struct mgmt_pending_cmd *cmd;
14a53664
JH		 3509 int err;
3510
bdb6d971 3511 BT_DBG("%s", hdev->name);
14a53664 3512
09fd0de5 3513 hci_dev_lock(hdev);
14a53664 3514
30dc78e1 3515 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 3516 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3517 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3518 sizeof(mgmt_cp->type));
d930650b
JH		 3519 goto unlock;
3520 }
3521
3522 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 3523 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3524 MGMT_STATUS_INVALID_PARAMS,
3525 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 3526 goto unlock;
ff9ef578
JH		 3527 }
3528
2922a94f 3529 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 3530 if (!cmd) {
3531 err = -ENOMEM;
30dc78e1
JH		 3532 goto unlock;
3533 }
3534
2922a94f
JH		 3535 cmd->cmd_complete = generic_cmd_complete;
3536
2154d3f4
JH		 3537 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3538 queue_work(hdev->req_workqueue, &hdev->discov_update);
3539 err = 0;
14a53664 3540
30dc78e1 3541unlock:
09fd0de5 3542 hci_dev_unlock(hdev);
14a53664
JH		 3543 return err;
3544}
3545
bdb6d971 3546static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3547 u16 len)
561aafbc 3548{
650f726d 3549 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3550 struct inquiry_entry *e;
561aafbc
JH		 3551 int err;
3552
bdb6d971 3553 BT_DBG("%s", hdev->name);
561aafbc 3554
561aafbc
JH		 3555 hci_dev_lock(hdev);
3556
30dc78e1 3557 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 3558 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3559 MGMT_STATUS_FAILED, &cp->addr,
3560 sizeof(cp->addr));
30dc78e1
JH		 3561 goto failed;
3562 }
3563
a198e7b1 3564 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3565 if (!e) {
2a1afb5a
JH		 3566 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3567 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3568 sizeof(cp->addr));
561aafbc
JH		 3569 goto failed;
3570 }
3571
3572 if (cp->name_known) {
3573 e->name_state = NAME_KNOWN;
3574 list_del(&e->list);
3575 } else {
3576 e->name_state = NAME_NEEDED;
a3d4e20a 3577 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3578 }
3579
2a1afb5a
JH		 3580 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
3581 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 3582
3583failed:
3584 hci_dev_unlock(hdev);
561aafbc
JH		 3585 return err;
3586}
3587
bdb6d971 3588static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3589 u16 len)
7fbec224 3590{
650f726d 3591 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3592 u8 status;
7fbec224
AJ		 3593 int err;
3594
bdb6d971 3595 BT_DBG("%s", hdev->name);
7fbec224 3596
4ee71b20 3597 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3598 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3599 MGMT_STATUS_INVALID_PARAMS,
3600 &cp->addr, sizeof(cp->addr));
4ee71b20 3601
09fd0de5 3602 hci_dev_lock(hdev);
5e762444 3603
dcc36c16
JH		 3604 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3605 cp->addr.type);
2a8357f2 3606 if (err < 0) {
f0eeea8b 3607 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3608 goto done;
3609 }
3610
3611 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3612 sk);
3613 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3614
2a8357f2 3615done:
2a1afb5a
JH		 3616 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3617 &cp->addr, sizeof(cp->addr));
5e762444 3618
09fd0de5 3619 hci_dev_unlock(hdev);
7fbec224
AJ		 3620
3621 return err;
3622}
3623
bdb6d971 3624static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3625 u16 len)
7fbec224 3626{
650f726d 3627 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3628 u8 status;
7fbec224
AJ		 3629 int err;
3630
bdb6d971 3631 BT_DBG("%s", hdev->name);
7fbec224 3632
4ee71b20 3633 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3634 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3635 MGMT_STATUS_INVALID_PARAMS,
3636 &cp->addr, sizeof(cp->addr));
4ee71b20 3637
09fd0de5 3638 hci_dev_lock(hdev);
5e762444 3639
dcc36c16
JH		 3640 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
3641 cp->addr.type);
2a8357f2 3642 if (err < 0) {
f0eeea8b 3643 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 3644 goto done;
3645 }
3646
3647 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3648 sk);
3649 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3650
2a8357f2 3651done:
2a1afb5a
JH		 3652 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3653 &cp->addr, sizeof(cp->addr));
5e762444 3654
09fd0de5 3655 hci_dev_unlock(hdev);
7fbec224
AJ		 3656
3657 return err;
3658}
3659
cdbaccca
MH		 3660static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3661 u16 len)
3662{
3663 struct mgmt_cp_set_device_id *cp = data;
890ea898 3664 struct hci_request req;
cdbaccca 3665 int err;
c72d4b8a 3666 __u16 source;
cdbaccca
MH		 3667
3668 BT_DBG("%s", hdev->name);
3669
c72d4b8a
SJ		 3670 source = __le16_to_cpu(cp->source);
3671
3672 if (source > 0x0002)
a69e8375
JH		 3673 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3674 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 3675
cdbaccca
MH		 3676 hci_dev_lock(hdev);
3677
c72d4b8a 3678 hdev->devid_source = source;
cdbaccca
MH		 3679 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3680 hdev->devid_product = __le16_to_cpu(cp->product);
3681 hdev->devid_version = __le16_to_cpu(cp->version);
3682
2a1afb5a
JH		 3683 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
3684 NULL, 0);
cdbaccca 3685
890ea898 3686 hci_req_init(&req, hdev);
b1a8917c 3687 __hci_req_update_eir(&req);
890ea898 3688 hci_req_run(&req, NULL);
cdbaccca
MH		 3689
3690 hci_dev_unlock(hdev);
3691
3692 return err;
3693}
3694
24b4f38f
AU		 3695static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
3696 u16 opcode)
3697{
3698 BT_DBG("status %d", status);
3699}
3700
1904a853
MH		 3701static void set_advertising_complete(struct hci_dev *hdev, u8 status,
3702 u16 opcode)
4375f103
JH		 3703{
3704 struct cmd_lookup match = { NULL, hdev };
24b4f38f 3705 struct hci_request req;
7816b820
FG		 3706 u8 instance;
3707 struct adv_info *adv_instance;
3708 int err;
4375f103 3709
3ad67582
JK		 3710 hci_dev_lock(hdev);
3711
4375f103
JH		 3712 if (status) {
3713 u8 mgmt_err = mgmt_status(status);
3714
3715 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3716 cmd_status_rsp, &mgmt_err);
3ad67582 3717 goto unlock;
4375f103
JH		 3718 }
3719
d7a5a11d 3720 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 3721 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 3722 else
a358dc11 3723 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 3724
4375f103
JH		 3725 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3726 &match);
3727
3728 new_settings(hdev, match.sk);
3729
3730 if (match.sk)
3731 sock_put(match.sk);
3ad67582 3732
24b4f38f 3733 /* If "Set Advertising" was just disabled and instance advertising was
7816b820 3734 * set up earlier, then re-enable multi-instance advertising.
24b4f38f
AU		 3735 */
3736 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7816b820 3737 list_empty(&hdev->adv_instances))
24b4f38f
AU		 3738 goto unlock;
3739
7816b820
FG		 3740 instance = hdev->cur_adv_instance;
3741 if (!instance) {
3742 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
3743 struct adv_info, list);
3744 if (!adv_instance)
3745 goto unlock;
3746
3747 instance = adv_instance->instance;
3748 }
3749
24b4f38f
AU		 3750 hci_req_init(&req, hdev);
3751
f2252570 3752 err = __hci_req_schedule_adv_instance(&req, instance, true);
7816b820
FG		 3753
3754 if (!err)
3755 err = hci_req_run(&req, enable_advertising_instance);
24b4f38f 3756
7816b820 3757 if (err)
24b4f38f
AU		 3758 BT_ERR("Failed to re-configure advertising");
3759
3ad67582
JK		 3760unlock:
3761 hci_dev_unlock(hdev);
4375f103
JH		 3762}
3763
21b5187f
MH		 3764static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3765 u16 len)
4375f103
JH		 3766{
3767 struct mgmt_mode *cp = data;
3b0602cd 3768 struct mgmt_pending_cmd *cmd;
4375f103 3769 struct hci_request req;
cc91cb04 3770 u8 val, status;
4375f103
JH		 3771 int err;
3772
3773 BT_DBG("request for %s", hdev->name);
3774
e6fe7986
JH		 3775 status = mgmt_le_support(hdev);
3776 if (status)
a69e8375
JH		 3777 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3778 status);
4375f103 3779
cc91cb04 3780 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 3781 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3782 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 3783
3784 hci_dev_lock(hdev);
3785
3786 val = !!cp->val;
4375f103 3787
f74ca9b8
JH		 3788 /* The following conditions are ones which mean that we should
3789 * not do any HCI communication but directly send a mgmt
3790 * response to user space (after toggling the flag if
3791 * necessary).
3792 */
cc91cb04 3793 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 3794 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
3795 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 3796 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 3797 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 3798 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 3799 bool changed;
4375f103 3800
cc91cb04 3801 if (cp->val) {
cab054ab 3802 hdev->cur_adv_instance = 0x00;
238be788 3803 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 3804 if (cp->val == 0x02)
a1536da2 3805 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3806 else
a358dc11 3807 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3808 } else {
a69d8927 3809 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 3810 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 3811 }
3812
3813 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3814 if (err < 0)
3815 goto unlock;
3816
3817 if (changed)
3818 err = new_settings(hdev, sk);
3819
3820 goto unlock;
3821 }
3822
333ae95d
JH		 3823 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3824 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 3825 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3826 MGMT_STATUS_BUSY);
4375f103
JH		 3827 goto unlock;
3828 }
3829
3830 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3831 if (!cmd) {
3832 err = -ENOMEM;
3833 goto unlock;
3834 }
3835
3836 hci_req_init(&req, hdev);
3837
cc91cb04 3838 if (cp->val == 0x02)
a1536da2 3839 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3840 else
a358dc11 3841 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3842
7816b820
FG		 3843 cancel_adv_timeout(hdev);
3844
24b4f38f 3845 if (val) {
7816b820
FG		 3846 /* Switch to instance "0" for the Set Advertising setting.
3847 * We cannot use update_[adv|scan_rsp]_data() here as the
3848 * HCI_ADVERTISING flag is not yet set.
3849 */
cab054ab 3850 hdev->cur_adv_instance = 0x00;
f2252570
JH		 3851 __hci_req_update_adv_data(&req, 0x00);
3852 __hci_req_update_scan_rsp_data(&req, 0x00);
3853 __hci_req_enable_advertising(&req);
24b4f38f 3854 } else {
f2252570 3855 __hci_req_disable_advertising(&req);
24b4f38f 3856 }
4375f103
JH		 3857
3858 err = hci_req_run(&req, set_advertising_complete);
3859 if (err < 0)
3860 mgmt_pending_remove(cmd);
3861
3862unlock:
3863 hci_dev_unlock(hdev);
3864 return err;
3865}
3866
d13eafce
MH		 3867static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3868 void *data, u16 len)
3869{
3870 struct mgmt_cp_set_static_address *cp = data;
3871 int err;
3872
3873 BT_DBG("%s", hdev->name);
3874
62af4443 3875 if (!lmp_le_capable(hdev))
a69e8375
JH		 3876 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3877 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3878
3879 if (hdev_is_powered(hdev))
a69e8375
JH		 3880 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3881 MGMT_STATUS_REJECTED);
d13eafce
MH		 3882
3883 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3884 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 3885 return mgmt_cmd_status(sk, hdev->id,
3886 MGMT_OP_SET_STATIC_ADDRESS,
3887 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 3888
3889 /* Two most significant bits shall be set */
3890 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 3891 return mgmt_cmd_status(sk, hdev->id,
3892 MGMT_OP_SET_STATIC_ADDRESS,
3893 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 3894 }
3895
3896 hci_dev_lock(hdev);
3897
3898 bacpy(&hdev->static_addr, &cp->bdaddr);
3899
93690c22
MH		 3900 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
3901 if (err < 0)
3902 goto unlock;
3903
3904 err = new_settings(hdev, sk);
d13eafce 3905
93690c22 3906unlock:
d13eafce 3907 hci_dev_unlock(hdev);
d13eafce
MH		 3908 return err;
3909}
3910
14b49b9a
MH		 3911static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3912 void *data, u16 len)
3913{
3914 struct mgmt_cp_set_scan_params *cp = data;
3915 __u16 interval, window;
3916 int err;
3917
3918 BT_DBG("%s", hdev->name);
3919
3920 if (!lmp_le_capable(hdev))
a69e8375
JH		 3921 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3922 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 3923
3924 interval = __le16_to_cpu(cp->interval);
3925
3926 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 3927 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3928 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 3929
3930 window = __le16_to_cpu(cp->window);
3931
3932 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 3933 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3934 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 3935
899e1075 3936 if (window > interval)
a69e8375
JH		 3937 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3938 MGMT_STATUS_INVALID_PARAMS);
899e1075 3939
14b49b9a
MH		 3940 hci_dev_lock(hdev);
3941
3942 hdev->le_scan_interval = interval;
3943 hdev->le_scan_window = window;
3944
2a1afb5a
JH		 3945 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
3946 NULL, 0);
14b49b9a 3947
dd2ef8e2
AG		 3948 /* If background scan is running, restart it so new parameters are
3949 * loaded.
3950 */
d7a5a11d 3951 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 3952 hdev->discovery.state == DISCOVERY_STOPPED) {
3953 struct hci_request req;
3954
3955 hci_req_init(&req, hdev);
3956
3957 hci_req_add_le_scan_disable(&req);
3958 hci_req_add_le_passive_scan(&req);
3959
3960 hci_req_run(&req, NULL);
3961 }
3962
14b49b9a
MH		 3963 hci_dev_unlock(hdev);
3964
3965 return err;
3966}
3967
1904a853
MH		 3968static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
3969 u16 opcode)
33e38b3e 3970{
3b0602cd 3971 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 3972
3973 BT_DBG("status 0x%02x", status);
3974
3975 hci_dev_lock(hdev);
3976
333ae95d 3977 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
33e38b3e
JH		 3978 if (!cmd)
3979 goto unlock;
3980
3981 if (status) {
a69e8375
JH		 3982 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3983 mgmt_status(status));
33e38b3e 3984 } else {
1a4d3c4b
JH		 3985 struct mgmt_mode *cp = cmd->param;
3986
3987 if (cp->val)
a1536da2 3988 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 3989 else
a358dc11 3990 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 3991
33e38b3e
JH		 3992 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3993 new_settings(hdev, cmd->sk);
3994 }
3995
3996 mgmt_pending_remove(cmd);
3997
3998unlock:
3999 hci_dev_unlock(hdev);
4000}
4001
bdb6d971 4002static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4003 void *data, u16 len)
f6422ec6 4004{
650f726d 4005 struct mgmt_mode *cp = data;
3b0602cd 4006 struct mgmt_pending_cmd *cmd;
33e38b3e 4007 struct hci_request req;
f6422ec6
AJ		 4008 int err;
4009
bdb6d971 4010 BT_DBG("%s", hdev->name);
f6422ec6 4011
d7a5a11d 4012 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4013 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4014 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4015 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4016
a7e80f25 4017 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4018 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4019 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4020
f6422ec6
AJ		 4021 hci_dev_lock(hdev);
4022
333ae95d 4023 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4024 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4025 MGMT_STATUS_BUSY);
05cbf29f
JH		 4026 goto unlock;
4027 }
4028
d7a5a11d 4029 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4030 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4031 hdev);
4032 goto unlock;
4033 }
4034
406ef2a6 4035 if (!hdev_is_powered(hdev)) {
ce05d603 4036 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4037 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4038 hdev);
4039 new_settings(hdev, sk);
4040 goto unlock;
4041 }
4042
33e38b3e
JH		 4043 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4044 data, len);
4045 if (!cmd) {
4046 err = -ENOMEM;
4047 goto unlock;
f6422ec6
AJ		 4048 }
4049
33e38b3e
JH		 4050 hci_req_init(&req, hdev);
4051
bf943cbf 4052 __hci_req_write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4053
4054 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4055 if (err < 0) {
a69e8375
JH		 4056 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4057 MGMT_STATUS_FAILED);
33e38b3e 4058 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4059 }
4060
33e38b3e 4061unlock:
f6422ec6 4062 hci_dev_unlock(hdev);
33e38b3e 4063
f6422ec6
AJ		 4064 return err;
4065}
4066
1904a853 4067static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4068{
3b0602cd 4069 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4070
4071 BT_DBG("status 0x%02x", status);
4072
4073 hci_dev_lock(hdev);
4074
333ae95d 4075 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
0663ca2a
JH		 4076 if (!cmd)
4077 goto unlock;
4078
4079 if (status) {
4080 u8 mgmt_err = mgmt_status(status);
4081
4082 /* We need to restore the flag if related HCI commands
4083 * failed.
4084 */
a358dc11 4085 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4086
a69e8375 4087 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4088 } else {
4089 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4090 new_settings(hdev, cmd->sk);
4091 }
4092
4093 mgmt_pending_remove(cmd);
4094
4095unlock:
4096 hci_dev_unlock(hdev);
4097}
4098
4099static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4100{
4101 struct mgmt_mode *cp = data;
3b0602cd 4102 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4103 struct hci_request req;
4104 int err;
4105
4106 BT_DBG("request for %s", hdev->name);
4107
4108 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4109 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4110 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4111
d7a5a11d 4112 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4113 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4114 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4115
4116 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4117 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4118 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4119
4120 hci_dev_lock(hdev);
4121
d7a5a11d 4122 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4123 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4124 goto unlock;
4125 }
4126
4127 if (!hdev_is_powered(hdev)) {
4128 if (!cp->val) {
a358dc11
MH		 4129 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4130 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4131 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4132 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4133 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4134 }
4135
ce05d603 4136 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4137
4138 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4139 if (err < 0)
4140 goto unlock;
4141
4142 err = new_settings(hdev, sk);
4143 goto unlock;
4144 }
4145
4146 /* Reject disabling when powered on */
4147 if (!cp->val) {
a69e8375
JH		 4148 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4149 MGMT_STATUS_REJECTED);
0663ca2a 4150 goto unlock;
111e4bcc
MH		 4151 } else {
4152 /* When configuring a dual-mode controller to operate
4153 * with LE only and using a static address, then switching
4154 * BR/EDR back on is not allowed.
4155 *
4156 * Dual-mode controllers shall operate with the public
4157 * address as its identity address for BR/EDR and LE. So
4158 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4159 *
4160 * The same restrictions applies when secure connections
4161 * has been enabled. For BR/EDR this is a controller feature
4162 * while for LE it is a host stack feature. This means that
4163 * switching BR/EDR back on when secure connections has been
4164 * enabled is not a supported transaction.
111e4bcc 4165 */
d7a5a11d 4166 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 4167 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 4168 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 4169 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4170 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4171 goto unlock;
4172 }
0663ca2a
JH		 4173 }
4174
333ae95d 4175 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4176 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4177 MGMT_STATUS_BUSY);
0663ca2a
JH		 4178 goto unlock;
4179 }
4180
4181 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4182 if (!cmd) {
4183 err = -ENOMEM;
4184 goto unlock;
4185 }
4186
f2252570
JH		 4187 /* We need to flip the bit already here so that
4188 * hci_req_update_adv_data generates the correct flags.
0663ca2a 4189 */
a1536da2 4190 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4191
4192 hci_req_init(&req, hdev);
aa8af46e 4193
bf943cbf 4194 __hci_req_write_fast_connectable(&req, false);
01b1cb87 4195 __hci_req_update_scan(&req);
aa8af46e 4196
f14d8f64
MH		 4197 /* Since only the advertising data flags will change, there
4198 * is no need to update the scan response data.
4199 */
cab054ab 4200 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
aa8af46e 4201
0663ca2a
JH		 4202 err = hci_req_run(&req, set_bredr_complete);
4203 if (err < 0)
4204 mgmt_pending_remove(cmd);
4205
4206unlock:
4207 hci_dev_unlock(hdev);
4208 return err;
4209}
4210
a1443f5a
JH		 4211static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4212{
3b0602cd 4213 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4214 struct mgmt_mode *cp;
4215
4216 BT_DBG("%s status %u", hdev->name, status);
4217
4218 hci_dev_lock(hdev);
4219
333ae95d 4220 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
a1443f5a
JH		 4221 if (!cmd)
4222 goto unlock;
4223
4224 if (status) {
a69e8375
JH		 4225 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4226 mgmt_status(status));
a1443f5a
JH		 4227 goto remove;
4228 }
4229
4230 cp = cmd->param;
4231
4232 switch (cp->val) {
4233 case 0x00:
a358dc11
MH		 4234 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4235 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4236 break;
4237 case 0x01:
a1536da2 4238 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 4239 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4240 break;
4241 case 0x02:
a1536da2
MH		 4242 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4243 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4244 break;
4245 }
4246
4247 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4248 new_settings(hdev, cmd->sk);
4249
4250remove:
4251 mgmt_pending_remove(cmd);
4252unlock:
4253 hci_dev_unlock(hdev);
4254}
4255
eac83dc6
MH		 4256static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4257 void *data, u16 len)
4258{
4259 struct mgmt_mode *cp = data;
3b0602cd 4260 struct mgmt_pending_cmd *cmd;
a1443f5a 4261 struct hci_request req;
a3209694 4262 u8 val;
eac83dc6
MH		 4263 int err;
4264
4265 BT_DBG("request for %s", hdev->name);
4266
05b3c3e7 4267 if (!lmp_sc_capable(hdev) &&
d7a5a11d 4268 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4269 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4270 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 4271
d7a5a11d 4272 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 4273 lmp_sc_capable(hdev) &&
d7a5a11d 4274 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 4275 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4276 MGMT_STATUS_REJECTED);
ed93ec69 4277
0ab04a9c 4278 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 4279 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 4280 MGMT_STATUS_INVALID_PARAMS);
4281
4282 hci_dev_lock(hdev);
4283
05b3c3e7 4284 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 4285 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 4286 bool changed;
4287
0ab04a9c 4288 if (cp->val) {
238be788
MH		 4289 changed = !hci_dev_test_and_set_flag(hdev,
4290 HCI_SC_ENABLED);
0ab04a9c 4291 if (cp->val == 0x02)
a1536da2 4292 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4293 else
a358dc11 4294 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4295 } else {
a69d8927
MH		 4296 changed = hci_dev_test_and_clear_flag(hdev,
4297 HCI_SC_ENABLED);
a358dc11 4298 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4299 }
eac83dc6
MH		 4300
4301 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4302 if (err < 0)
4303 goto failed;
4304
4305 if (changed)
4306 err = new_settings(hdev, sk);
4307
4308 goto failed;
4309 }
4310
333ae95d 4311 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 4312 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4313 MGMT_STATUS_BUSY);
eac83dc6
MH		 4314 goto failed;
4315 }
4316
0ab04a9c
MH		 4317 val = !!cp->val;
4318
d7a5a11d
MH		 4319 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4320 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 4321 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4322 goto failed;
4323 }
4324
4325 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4326 if (!cmd) {
4327 err = -ENOMEM;
4328 goto failed;
4329 }
4330
a1443f5a
JH		 4331 hci_req_init(&req, hdev);
4332 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4333 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 4334 if (err < 0) {
4335 mgmt_pending_remove(cmd);
4336 goto failed;
4337 }
4338
4339failed:
4340 hci_dev_unlock(hdev);
4341 return err;
4342}
4343
4e39ac81
MH		 4344static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4345 void *data, u16 len)
4346{
4347 struct mgmt_mode *cp = data;
b9710979 4348 bool changed, use_changed;
4e39ac81
MH		 4349 int err;
4350
4351 BT_DBG("request for %s", hdev->name);
4352
b9710979 4353 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4354 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4355 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 4356
4357 hci_dev_lock(hdev);
4358
4359 if (cp->val)
238be788 4360 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 4361 else
a69d8927
MH		 4362 changed = hci_dev_test_and_clear_flag(hdev,
4363 HCI_KEEP_DEBUG_KEYS);
4e39ac81 4364
b9710979 4365 if (cp->val == 0x02)
238be788
MH		 4366 use_changed = !hci_dev_test_and_set_flag(hdev,
4367 HCI_USE_DEBUG_KEYS);
b9710979 4368 else
a69d8927
MH		 4369 use_changed = hci_dev_test_and_clear_flag(hdev,
4370 HCI_USE_DEBUG_KEYS);
b9710979
JH		 4371
4372 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 4373 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 4374 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4375 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4376 sizeof(mode), &mode);
4377 }
4378
4e39ac81
MH		 4379 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4380 if (err < 0)
4381 goto unlock;
4382
4383 if (changed)
4384 err = new_settings(hdev, sk);
4385
4386unlock:
4387 hci_dev_unlock(hdev);
4388 return err;
4389}
4390
62b04cd1
JH		 4391static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4392 u16 len)
4393{
4394 struct mgmt_cp_set_privacy *cp = cp_data;
4395 bool changed;
4396 int err;
4397
4398 BT_DBG("request for %s", hdev->name);
4399
4400 if (!lmp_le_capable(hdev))
a69e8375
JH		 4401 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4402 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 4403
4404 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 4405 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4406 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 4407
4408 if (hdev_is_powered(hdev))
a69e8375
JH		 4409 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4410 MGMT_STATUS_REJECTED);
62b04cd1
JH		 4411
4412 hci_dev_lock(hdev);
4413
c21c0ea0
JH		 4414 /* If user space supports this command it is also expected to
4415 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4416 */
a1536da2 4417 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 4418
62b04cd1 4419 if (cp->privacy) {
238be788 4420 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 4421 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 4422 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1 4423 } else {
a69d8927 4424 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 4425 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 4426 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 4427 }
4428
4429 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4430 if (err < 0)
4431 goto unlock;
4432
4433 if (changed)
4434 err = new_settings(hdev, sk);
4435
4436unlock:
4437 hci_dev_unlock(hdev);
4438 return err;
4439}
4440
41edf160
JH		 4441static bool irk_is_valid(struct mgmt_irk_info *irk)
4442{
4443 switch (irk->addr.type) {
4444 case BDADDR_LE_PUBLIC:
4445 return true;
4446
4447 case BDADDR_LE_RANDOM:
4448 /* Two most significant bits shall be set */
4449 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4450 return false;
4451 return true;
4452 }
4453
4454 return false;
4455}
4456
4457static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4458 u16 len)
4459{
4460 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4461 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4462 sizeof(struct mgmt_irk_info));
41edf160
JH		 4463 u16 irk_count, expected_len;
4464 int i, err;
4465
4466 BT_DBG("request for %s", hdev->name);
4467
4468 if (!lmp_le_capable(hdev))
a69e8375
JH		 4469 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4470 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 4471
4472 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4473 if (irk_count > max_irk_count) {
4474 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 4475 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4476 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 4477 }
41edf160
JH		 4478
4479 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4480 if (expected_len != len) {
4481 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4482 expected_len, len);
a69e8375
JH		 4483 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4484 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 4485 }
4486
4487 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4488
4489 for (i = 0; i < irk_count; i++) {
4490 struct mgmt_irk_info *key = &cp->irks[i];
4491
4492 if (!irk_is_valid(key))
a69e8375
JH		 4493 return mgmt_cmd_status(sk, hdev->id,
4494 MGMT_OP_LOAD_IRKS,
4495 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 4496 }
4497
4498 hci_dev_lock(hdev);
4499
4500 hci_smp_irks_clear(hdev);
4501
4502 for (i = 0; i < irk_count; i++) {
4503 struct mgmt_irk_info *irk = &cp->irks[i];
41edf160 4504
85813a7e
JH		 4505 hci_add_irk(hdev, &irk->addr.bdaddr,
4506 le_addr_type(irk->addr.type), irk->val,
41edf160
JH		 4507 BDADDR_ANY);
4508 }
4509
a1536da2 4510 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 4511
2a1afb5a 4512 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 4513
4514 hci_dev_unlock(hdev);
4515
4516 return err;
4517}
4518
3f706b72
JH		 4519static bool ltk_is_valid(struct mgmt_ltk_info *key)
4520{
4521 if (key->master != 0x00 && key->master != 0x01)
4522 return false;
490cb0b3
MH		 4523
4524 switch (key->addr.type) {
4525 case BDADDR_LE_PUBLIC:
4526 return true;
4527
4528 case BDADDR_LE_RANDOM:
4529 /* Two most significant bits shall be set */
4530 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4531 return false;
4532 return true;
4533 }
4534
4535 return false;
3f706b72
JH		 4536}
4537
bdb6d971 4538static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4539 void *cp_data, u16 len)
346af67b 4540{
346af67b 4541 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4542 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4543 sizeof(struct mgmt_ltk_info));
346af67b 4544 u16 key_count, expected_len;
715a5bf2 4545 int i, err;
346af67b 4546
cf99ba13
MH		 4547 BT_DBG("request for %s", hdev->name);
4548
4549 if (!lmp_le_capable(hdev))
a69e8375
JH		 4550 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4551 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 4552
1f350c87 4553 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4554 if (key_count > max_key_count) {
4555 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 4556 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4557 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 4558 }
346af67b
VCG		 4559
4560 expected_len = sizeof(*cp) + key_count *
4561 sizeof(struct mgmt_ltk_info);
4562 if (expected_len != len) {
4563 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4564 expected_len, len);
a69e8375
JH		 4565 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4566 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4567 }
4568
bdb6d971 4569 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4570
54ad6d8a
JH		 4571 for (i = 0; i < key_count; i++) {
4572 struct mgmt_ltk_info *key = &cp->keys[i];
4573
3f706b72 4574 if (!ltk_is_valid(key))
a69e8375
JH		 4575 return mgmt_cmd_status(sk, hdev->id,
4576 MGMT_OP_LOAD_LONG_TERM_KEYS,
4577 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 4578 }
4579
346af67b
VCG		 4580 hci_dev_lock(hdev);
4581
4582 hci_smp_ltks_clear(hdev);
4583
4584 for (i = 0; i < key_count; i++) {
4585 struct mgmt_ltk_info *key = &cp->keys[i];
85813a7e 4586 u8 type, authenticated;
346af67b 4587
61b43357
JH		 4588 switch (key->type) {
4589 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4590 authenticated = 0x00;
23fb8de3 4591 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 4592 break;
4593 case MGMT_LTK_AUTHENTICATED:
d7b25450 4594 authenticated = 0x01;
23fb8de3
JH		 4595 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4596 break;
4597 case MGMT_LTK_P256_UNAUTH:
4598 authenticated = 0x00;
4599 type = SMP_LTK_P256;
61b43357 4600 break;
23fb8de3
JH		 4601 case MGMT_LTK_P256_AUTH:
4602 authenticated = 0x01;
4603 type = SMP_LTK_P256;
61b43357 4604 break;
23fb8de3
JH		 4605 case MGMT_LTK_P256_DEBUG:
4606 authenticated = 0x00;
4607 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 4608 default:
4609 continue;
4610 }
d7b25450 4611
85813a7e
JH		 4612 hci_add_ltk(hdev, &key->addr.bdaddr,
4613 le_addr_type(key->addr.type), type, authenticated,
4614 key->val, key->enc_size, key->ediv, key->rand);
346af67b
VCG		 4615 }
4616
2a1afb5a 4617 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 4618 NULL, 0);
4619
346af67b 4620 hci_dev_unlock(hdev);
346af67b 4621
715a5bf2 4622 return err;
346af67b
VCG		 4623}
4624
3b0602cd 4625static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 4626{
dd983808 4627 struct hci_conn *conn = cmd->user_data;
9981bdb0 4628 struct mgmt_rp_get_conn_info rp;
9df74653 4629 int err;
dd983808 4630
9981bdb0 4631 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 4632
9981bdb0 4633 if (status == MGMT_STATUS_SUCCESS) {
dd983808 4634 rp.rssi = conn->rssi;
9981bdb0
JH		 4635 rp.tx_power = conn->tx_power;
4636 rp.max_tx_power = conn->max_tx_power;
4637 } else {
4638 rp.rssi = HCI_RSSI_INVALID;
4639 rp.tx_power = HCI_TX_POWER_INVALID;
4640 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 4641 }
4642
2a1afb5a
JH		 4643 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4644 status, &rp, sizeof(rp));
dd983808
AK		 4645
4646 hci_conn_drop(conn);
f8aaf9b6 4647 hci_conn_put(conn);
9df74653
JH		 4648
4649 return err;
dd983808
AK		 4650}
4651
1904a853
MH		 4652static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
4653 u16 opcode)
dd983808
AK		 4654{
4655 struct hci_cp_read_rssi *cp;
3b0602cd 4656 struct mgmt_pending_cmd *cmd;
dd983808 4657 struct hci_conn *conn;
dd983808 4658 u16 handle;
9981bdb0 4659 u8 status;
dd983808 4660
9981bdb0 4661 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 4662
4663 hci_dev_lock(hdev);
4664
dd983808
AK		 4665 /* Commands sent in request are either Read RSSI or Read Transmit Power
4666 * Level so we check which one was last sent to retrieve connection
4667 * handle. Both commands have handle as first parameter so it's safe to
4668 * cast data on the same command struct.
4669 *
4670 * First command sent is always Read RSSI and we fail only if it fails.
4671 * In other case we simply override error to indicate success as we
4672 * already remembered if TX power value is actually valid.
4673 */
4674 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4675 if (!cp) {
4676 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 4677 status = MGMT_STATUS_SUCCESS;
4678 } else {
4679 status = mgmt_status(hci_status);
dd983808
AK		 4680 }
4681
4682 if (!cp) {
9981bdb0 4683 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 4684 goto unlock;
4685 }
4686
4687 handle = __le16_to_cpu(cp->handle);
4688 conn = hci_conn_hash_lookup_handle(hdev, handle);
4689 if (!conn) {
9981bdb0 4690 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 4691 goto unlock;
4692 }
4693
333ae95d 4694 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
9981bdb0
JH		 4695 if (!cmd)
4696 goto unlock;
dd983808 4697
9981bdb0
JH		 4698 cmd->cmd_complete(cmd, status);
4699 mgmt_pending_remove(cmd);
dd983808
AK		 4700
4701unlock:
4702 hci_dev_unlock(hdev);
4703}
4704
4705static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4706 u16 len)
4707{
4708 struct mgmt_cp_get_conn_info *cp = data;
4709 struct mgmt_rp_get_conn_info rp;
4710 struct hci_conn *conn;
4711 unsigned long conn_info_age;
4712 int err = 0;
4713
4714 BT_DBG("%s", hdev->name);
4715
4716 memset(&rp, 0, sizeof(rp));
4717 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4718 rp.addr.type = cp->addr.type;
4719
4720 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4721 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4722 MGMT_STATUS_INVALID_PARAMS,
4723 &rp, sizeof(rp));
dd983808
AK		 4724
4725 hci_dev_lock(hdev);
4726
4727 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4728 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4729 MGMT_STATUS_NOT_POWERED, &rp,
4730 sizeof(rp));
dd983808
AK		 4731 goto unlock;
4732 }
4733
4734 if (cp->addr.type == BDADDR_BREDR)
4735 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4736 &cp->addr.bdaddr);
4737 else
4738 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4739
4740 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 4741 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4742 MGMT_STATUS_NOT_CONNECTED, &rp,
4743 sizeof(rp));
dd983808
AK		 4744 goto unlock;
4745 }
4746
333ae95d 4747 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 4748 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4749 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 4750 goto unlock;
4751 }
4752
dd983808
AK		 4753 /* To avoid client trying to guess when to poll again for information we
4754 * calculate conn info age as random value between min/max set in hdev.
4755 */
4756 conn_info_age = hdev->conn_info_min_age +
4757 prandom_u32_max(hdev->conn_info_max_age -
4758 hdev->conn_info_min_age);
4759
4760 /* Query controller to refresh cached values if they are too old or were
4761 * never read.
4762 */
f4e2dd53
AK		 4763 if (time_after(jiffies, conn->conn_info_timestamp +
4764 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4765 !conn->conn_info_timestamp) {
4766 struct hci_request req;
4767 struct hci_cp_read_tx_power req_txp_cp;
4768 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 4769 struct mgmt_pending_cmd *cmd;
dd983808
AK		 4770
4771 hci_req_init(&req, hdev);
4772 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4773 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4774 &req_rssi_cp);
4775
f7faab0c
AK		 4776 /* For LE links TX power does not change thus we don't need to
4777 * query for it once value is known.
4778 */
4779 if (!bdaddr_type_is_le(cp->addr.type) ||
4780 conn->tx_power == HCI_TX_POWER_INVALID) {
4781 req_txp_cp.handle = cpu_to_le16(conn->handle);
4782 req_txp_cp.type = 0x00;
4783 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4784 sizeof(req_txp_cp), &req_txp_cp);
4785 }
dd983808 4786
eed5daf3
AK		 4787 /* Max TX power needs to be read only once per connection */
4788 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4789 req_txp_cp.handle = cpu_to_le16(conn->handle);
4790 req_txp_cp.type = 0x01;
4791 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4792 sizeof(req_txp_cp), &req_txp_cp);
4793 }
4794
dd983808
AK		 4795 err = hci_req_run(&req, conn_info_refresh_complete);
4796 if (err < 0)
4797 goto unlock;
4798
4799 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4800 data, len);
4801 if (!cmd) {
4802 err = -ENOMEM;
4803 goto unlock;
4804 }
4805
4806 hci_conn_hold(conn);
f8aaf9b6 4807 cmd->user_data = hci_conn_get(conn);
9981bdb0 4808 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 4809
4810 conn->conn_info_timestamp = jiffies;
4811 } else {
4812 /* Cache is valid, just reply with values cached in hci_conn */
4813 rp.rssi = conn->rssi;
4814 rp.tx_power = conn->tx_power;
eed5daf3 4815 rp.max_tx_power = conn->max_tx_power;
dd983808 4816
2a1afb5a
JH		 4817 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4818 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 4819 }
4820
4821unlock:
4822 hci_dev_unlock(hdev);
4823 return err;
4824}
4825
3b0602cd 4826static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 4827{
69487371 4828 struct hci_conn *conn = cmd->user_data;
95868426 4829 struct mgmt_rp_get_clock_info rp;
69487371 4830 struct hci_dev *hdev;
9df74653 4831 int err;
69487371
JH		 4832
4833 memset(&rp, 0, sizeof(rp));
4834 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
4835
4836 if (status)
4837 goto complete;
4838
4839 hdev = hci_dev_get(cmd->index);
4840 if (hdev) {
4841 rp.local_clock = cpu_to_le32(hdev->clock);
4842 hci_dev_put(hdev);
4843 }
4844
4845 if (conn) {
4846 rp.piconet_clock = cpu_to_le32(conn->clock);
4847 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
4848 }
4849
4850complete:
2a1afb5a
JH		 4851 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
4852 sizeof(rp));
69487371
JH		 4853
4854 if (conn) {
4855 hci_conn_drop(conn);
4856 hci_conn_put(conn);
4857 }
9df74653
JH		 4858
4859 return err;
69487371
JH		 4860}
4861
1904a853 4862static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 4863{
95868426 4864 struct hci_cp_read_clock *hci_cp;
3b0602cd 4865 struct mgmt_pending_cmd *cmd;
95868426
JH		 4866 struct hci_conn *conn;
4867
4868 BT_DBG("%s status %u", hdev->name, status);
4869
4870 hci_dev_lock(hdev);
4871
4872 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
4873 if (!hci_cp)
4874 goto unlock;
4875
4876 if (hci_cp->which) {
4877 u16 handle = __le16_to_cpu(hci_cp->handle);
4878 conn = hci_conn_hash_lookup_handle(hdev, handle);
4879 } else {
4880 conn = NULL;
4881 }
4882
333ae95d 4883 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
95868426
JH		 4884 if (!cmd)
4885 goto unlock;
4886
69487371 4887 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 4888 mgmt_pending_remove(cmd);
95868426
JH		 4889
4890unlock:
4891 hci_dev_unlock(hdev);
4892}
4893
4894static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
4895 u16 len)
4896{
4897 struct mgmt_cp_get_clock_info *cp = data;
4898 struct mgmt_rp_get_clock_info rp;
4899 struct hci_cp_read_clock hci_cp;
3b0602cd 4900 struct mgmt_pending_cmd *cmd;
95868426
JH		 4901 struct hci_request req;
4902 struct hci_conn *conn;
4903 int err;
4904
4905 BT_DBG("%s", hdev->name);
4906
4907 memset(&rp, 0, sizeof(rp));
4908 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4909 rp.addr.type = cp->addr.type;
4910
4911 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 4912 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4913 MGMT_STATUS_INVALID_PARAMS,
4914 &rp, sizeof(rp));
95868426
JH		 4915
4916 hci_dev_lock(hdev);
4917
4918 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4919 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4920 MGMT_STATUS_NOT_POWERED, &rp,
4921 sizeof(rp));
95868426
JH		 4922 goto unlock;
4923 }
4924
4925 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4926 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4927 &cp->addr.bdaddr);
4928 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 4929 err = mgmt_cmd_complete(sk, hdev->id,
4930 MGMT_OP_GET_CLOCK_INFO,
4931 MGMT_STATUS_NOT_CONNECTED,
4932 &rp, sizeof(rp));
95868426
JH		 4933 goto unlock;
4934 }
4935 } else {
4936 conn = NULL;
4937 }
4938
4939 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
4940 if (!cmd) {
4941 err = -ENOMEM;
4942 goto unlock;
4943 }
4944
69487371
JH		 4945 cmd->cmd_complete = clock_info_cmd_complete;
4946
95868426
JH		 4947 hci_req_init(&req, hdev);
4948
4949 memset(&hci_cp, 0, sizeof(hci_cp));
4950 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
4951
4952 if (conn) {
4953 hci_conn_hold(conn);
f8aaf9b6 4954 cmd->user_data = hci_conn_get(conn);
95868426
JH		 4955
4956 hci_cp.handle = cpu_to_le16(conn->handle);
4957 hci_cp.which = 0x01; /* Piconet clock */
4958 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
4959 }
4960
4961 err = hci_req_run(&req, get_clock_info_complete);
4962 if (err < 0)
4963 mgmt_pending_remove(cmd);
4964
4965unlock:
4966 hci_dev_unlock(hdev);
4967 return err;
4968}
4969
5a154e6f
JH		 4970static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
4971{
4972 struct hci_conn *conn;
4973
4974 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
4975 if (!conn)
4976 return false;
4977
4978 if (conn->dst_type != type)
4979 return false;
4980
4981 if (conn->state != BT_CONNECTED)
4982 return false;
4983
4984 return true;
4985}
4986
4987/* This function requires the caller holds hdev->lock */
51d7a94d 4988static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5a154e6f
JH		 4989 u8 addr_type, u8 auto_connect)
4990{
5a154e6f
JH		 4991 struct hci_conn_params *params;
4992
4993 params = hci_conn_params_add(hdev, addr, addr_type);
4994 if (!params)
4995 return -EIO;
4996
4997 if (params->auto_connect == auto_connect)
4998 return 0;
4999
5000 list_del_init(&params->action);
5001
5002 switch (auto_connect) {
5003 case HCI_AUTO_CONN_DISABLED:
5004 case HCI_AUTO_CONN_LINK_LOSS:
28a667c9
JP		 5005 /* If auto connect is being disabled when we're trying to
5006 * connect to device, keep connecting.
5007 */
5008 if (params->explicit_connect)
5009 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5010 break;
5011 case HCI_AUTO_CONN_REPORT:
49c50922
JH		 5012 if (params->explicit_connect)
5013 list_add(&params->action, &hdev->pend_le_conns);
5014 else
5015 list_add(&params->action, &hdev->pend_le_reports);
5a154e6f
JH		 5016 break;
5017 case HCI_AUTO_CONN_DIRECT:
5018 case HCI_AUTO_CONN_ALWAYS:
51d7a94d 5019 if (!is_connected(hdev, addr, addr_type))
5a154e6f 5020 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5021 break;
5022 }
5023
5024 params->auto_connect = auto_connect;
5025
5026 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5027 auto_connect);
5028
5029 return 0;
5030}
5031
8afef092
MH		 5032static void device_added(struct sock *sk, struct hci_dev *hdev,
5033 bdaddr_t *bdaddr, u8 type, u8 action)
5034{
5035 struct mgmt_ev_device_added ev;
5036
5037 bacpy(&ev.addr.bdaddr, bdaddr);
5038 ev.addr.type = type;
5039 ev.action = action;
5040
5041 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5042}
5043
2faade53
MH		 5044static int add_device(struct sock *sk, struct hci_dev *hdev,
5045 void *data, u16 len)
5046{
5047 struct mgmt_cp_add_device *cp = data;
5048 u8 auto_conn, addr_type;
5049 int err;
5050
5051 BT_DBG("%s", hdev->name);
5052
6659358e 5053 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5054 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5055 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5056 MGMT_STATUS_INVALID_PARAMS,
5057 &cp->addr, sizeof(cp->addr));
2faade53 5058
4b9e7e75 5059 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5060 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5061 MGMT_STATUS_INVALID_PARAMS,
5062 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5063
5064 hci_dev_lock(hdev);
5065
6659358e 5066 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5067 /* Only incoming connections action is supported for now */
6659358e 5068 if (cp->action != 0x01) {
51d7a94d
JH		 5069 err = mgmt_cmd_complete(sk, hdev->id,
5070 MGMT_OP_ADD_DEVICE,
5071 MGMT_STATUS_INVALID_PARAMS,
5072 &cp->addr, sizeof(cp->addr));
6659358e
JH		 5073 goto unlock;
5074 }
5075
5076 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5077 cp->addr.type);
5078 if (err)
5079 goto unlock;
a397407f 5080
01b1cb87 5081 hci_req_update_scan(hdev);
a397407f 5082
6659358e
JH		 5083 goto added;
5084 }
5085
85813a7e 5086 addr_type = le_addr_type(cp->addr.type);
2faade53 5087
4b9e7e75 5088 if (cp->action == 0x02)
2faade53 5089 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5090 else if (cp->action == 0x01)
5091 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5092 else
a3451d27 5093 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5094
9a0a8a8e
JP		 5095 /* Kernel internally uses conn_params with resolvable private
5096 * address, but Add Device allows only identity addresses.
5097 * Make sure it is enforced before calling
5098 * hci_conn_params_lookup.
5099 */
5100 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5101 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5102 MGMT_STATUS_INVALID_PARAMS,
5103 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5104 goto unlock;
5105 }
5106
bf5b3c8b
MH		 5107 /* If the connection parameters don't exist for this device,
5108 * they will be created and configured with defaults.
5109 */
51d7a94d 5110 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
d06b50ce 5111 auto_conn) < 0) {
51d7a94d
JH		 5112 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5113 MGMT_STATUS_FAILED, &cp->addr,
5114 sizeof(cp->addr));
2faade53
MH		 5115 goto unlock;
5116 }
5117
51d7a94d
JH		 5118 hci_update_background_scan(hdev);
5119
6659358e 5120added:
8afef092
MH		 5121 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5122
51d7a94d
JH		 5123 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5124 MGMT_STATUS_SUCCESS, &cp->addr,
5125 sizeof(cp->addr));
2faade53
MH		 5126
5127unlock:
5128 hci_dev_unlock(hdev);
5129 return err;
5130}
5131
8afef092
MH		 5132static void device_removed(struct sock *sk, struct hci_dev *hdev,
5133 bdaddr_t *bdaddr, u8 type)
5134{
5135 struct mgmt_ev_device_removed ev;
5136
5137 bacpy(&ev.addr.bdaddr, bdaddr);
5138 ev.addr.type = type;
5139
5140 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5141}
5142
2faade53
MH		 5143static int remove_device(struct sock *sk, struct hci_dev *hdev,
5144 void *data, u16 len)
5145{
5146 struct mgmt_cp_remove_device *cp = data;
5147 int err;
5148
5149 BT_DBG("%s", hdev->name);
5150
5151 hci_dev_lock(hdev);
5152
5153 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5154 struct hci_conn_params *params;
2faade53
MH		 5155 u8 addr_type;
5156
6659358e 5157 if (!bdaddr_type_is_valid(cp->addr.type)) {
51d7a94d
JH		 5158 err = mgmt_cmd_complete(sk, hdev->id,
5159 MGMT_OP_REMOVE_DEVICE,
5160 MGMT_STATUS_INVALID_PARAMS,
5161 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5162 goto unlock;
5163 }
5164
6659358e
JH		 5165 if (cp->addr.type == BDADDR_BREDR) {
5166 err = hci_bdaddr_list_del(&hdev->whitelist,
5167 &cp->addr.bdaddr,
5168 cp->addr.type);
5169 if (err) {
51d7a94d
JH		 5170 err = mgmt_cmd_complete(sk, hdev->id,
5171 MGMT_OP_REMOVE_DEVICE,
5172 MGMT_STATUS_INVALID_PARAMS,
5173 &cp->addr,
5174 sizeof(cp->addr));
6659358e
JH		 5175 goto unlock;
5176 }
5177
01b1cb87 5178 hci_req_update_scan(hdev);
a397407f 5179
6659358e
JH		 5180 device_removed(sk, hdev, &cp->addr.bdaddr,
5181 cp->addr.type);
5182 goto complete;
5183 }
5184
85813a7e 5185 addr_type = le_addr_type(cp->addr.type);
2faade53 5186
9a0a8a8e
JP		 5187 /* Kernel internally uses conn_params with resolvable private
5188 * address, but Remove Device allows only identity addresses.
5189 * Make sure it is enforced before calling
5190 * hci_conn_params_lookup.
5191 */
5192 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5193 err = mgmt_cmd_complete(sk, hdev->id,
5194 MGMT_OP_REMOVE_DEVICE,
5195 MGMT_STATUS_INVALID_PARAMS,
5196 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5197 goto unlock;
5198 }
5199
c71593dd
JH		 5200 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5201 addr_type);
5202 if (!params) {
51d7a94d
JH		 5203 err = mgmt_cmd_complete(sk, hdev->id,
5204 MGMT_OP_REMOVE_DEVICE,
5205 MGMT_STATUS_INVALID_PARAMS,
5206 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 5207 goto unlock;
5208 }
5209
679d2b6f
JH		 5210 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5211 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
51d7a94d
JH		 5212 err = mgmt_cmd_complete(sk, hdev->id,
5213 MGMT_OP_REMOVE_DEVICE,
5214 MGMT_STATUS_INVALID_PARAMS,
5215 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 5216 goto unlock;
5217 }
5218
d1dbf12e 5219 list_del(&params->action);
c71593dd
JH		 5220 list_del(&params->list);
5221 kfree(params);
51d7a94d 5222 hci_update_background_scan(hdev);
8afef092
MH		 5223
5224 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5225 } else {
19de0825 5226 struct hci_conn_params *p, *tmp;
6659358e 5227 struct bdaddr_list *b, *btmp;
19de0825 5228
2faade53 5229 if (cp->addr.type) {
51d7a94d
JH		 5230 err = mgmt_cmd_complete(sk, hdev->id,
5231 MGMT_OP_REMOVE_DEVICE,
5232 MGMT_STATUS_INVALID_PARAMS,
5233 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5234 goto unlock;
5235 }
5236
6659358e
JH		 5237 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5238 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5239 list_del(&b->list);
5240 kfree(b);
5241 }
5242
01b1cb87 5243 hci_req_update_scan(hdev);
a397407f 5244
19de0825
JH		 5245 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5246 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5247 continue;
5248 device_removed(sk, hdev, &p->addr, p->addr_type);
679d2b6f
JH		 5249 if (p->explicit_connect) {
5250 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5251 continue;
5252 }
19de0825
JH		 5253 list_del(&p->action);
5254 list_del(&p->list);
5255 kfree(p);
5256 }
5257
5258 BT_DBG("All LE connection parameters were removed");
5259
51d7a94d 5260 hci_update_background_scan(hdev);
2faade53
MH		 5261 }
5262
6659358e 5263complete:
51d7a94d
JH		 5264 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5265 MGMT_STATUS_SUCCESS, &cp->addr,
5266 sizeof(cp->addr));
2faade53
MH		 5267unlock:
5268 hci_dev_unlock(hdev);
5269 return err;
5270}
5271
a26f3dcf
JH		 5272static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5273 u16 len)
5274{
5275 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5276 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5277 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5278 u16 param_count, expected_len;
5279 int i;
5280
5281 if (!lmp_le_capable(hdev))
a69e8375
JH		 5282 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5283 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 5284
5285 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5286 if (param_count > max_param_count) {
5287 BT_ERR("load_conn_param: too big param_count value %u",
5288 param_count);
a69e8375
JH		 5289 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5290 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5291 }
a26f3dcf
JH		 5292
5293 expected_len = sizeof(*cp) + param_count *
5294 sizeof(struct mgmt_conn_param);
5295 if (expected_len != len) {
5296 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5297 expected_len, len);
a69e8375
JH		 5298 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5299 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 5300 }
5301
5302 BT_DBG("%s param_count %u", hdev->name, param_count);
5303
5304 hci_dev_lock(hdev);
5305
5306 hci_conn_params_clear_disabled(hdev);
5307
5308 for (i = 0; i < param_count; i++) {
5309 struct mgmt_conn_param *param = &cp->params[i];
5310 struct hci_conn_params *hci_param;
5311 u16 min, max, latency, timeout;
5312 u8 addr_type;
5313
5314 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5315 param->addr.type);
5316
5317 if (param->addr.type == BDADDR_LE_PUBLIC) {
5318 addr_type = ADDR_LE_DEV_PUBLIC;
5319 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5320 addr_type = ADDR_LE_DEV_RANDOM;
5321 } else {
5322 BT_ERR("Ignoring invalid connection parameters");
5323 continue;
5324 }
5325
5326 min = le16_to_cpu(param->min_interval);
5327 max = le16_to_cpu(param->max_interval);
5328 latency = le16_to_cpu(param->latency);
5329 timeout = le16_to_cpu(param->timeout);
5330
5331 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5332 min, max, latency, timeout);
5333
5334 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5335 BT_ERR("Ignoring invalid connection parameters");
5336 continue;
5337 }
5338
5339 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5340 addr_type);
5341 if (!hci_param) {
5342 BT_ERR("Failed to add connection parameters");
5343 continue;
5344 }
5345
5346 hci_param->conn_min_interval = min;
5347 hci_param->conn_max_interval = max;
5348 hci_param->conn_latency = latency;
5349 hci_param->supervision_timeout = timeout;
5350 }
5351
5352 hci_dev_unlock(hdev);
5353
2a1afb5a
JH		 5354 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5355 NULL, 0);
a26f3dcf
JH		 5356}
5357
dbece37a
MH		 5358static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5359 void *data, u16 len)
5360{
5361 struct mgmt_cp_set_external_config *cp = data;
5362 bool changed;
5363 int err;
5364
5365 BT_DBG("%s", hdev->name);
5366
5367 if (hdev_is_powered(hdev))
a69e8375
JH		 5368 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5369 MGMT_STATUS_REJECTED);
dbece37a
MH		 5370
5371 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 5372 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5373 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 5374
5375 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 5376 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5377 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 5378
5379 hci_dev_lock(hdev);
5380
5381 if (cp->config)
238be788 5382 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 5383 else
a69d8927 5384 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 5385
5386 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5387 if (err < 0)
5388 goto unlock;
5389
5390 if (!changed)
5391 goto unlock;
5392
f4537c04
MH		 5393 err = new_options(hdev, sk);
5394
d7a5a11d 5395 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 5396 mgmt_index_removed(hdev);
d603b76b 5397
516018a9 5398 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 5399 hci_dev_set_flag(hdev, HCI_CONFIG);
5400 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 5401
5402 queue_work(hdev->req_workqueue, &hdev->power_on);
5403 } else {
5ea234d3 5404 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5405 mgmt_index_added(hdev);
5406 }
dbece37a
MH		 5407 }
5408
5409unlock:
5410 hci_dev_unlock(hdev);
5411 return err;
5412}
5413
9713c17b
MH		 5414static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5415 void *data, u16 len)
5416{
5417 struct mgmt_cp_set_public_address *cp = data;
5418 bool changed;
5419 int err;
5420
5421 BT_DBG("%s", hdev->name);
5422
5423 if (hdev_is_powered(hdev))
a69e8375
JH		 5424 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5425 MGMT_STATUS_REJECTED);
9713c17b
MH		 5426
5427 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 5428 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5429 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 5430
5431 if (!hdev->set_bdaddr)
a69e8375
JH		 5432 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5433 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 5434
5435 hci_dev_lock(hdev);
5436
5437 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5438 bacpy(&hdev->public_addr, &cp->bdaddr);
5439
5440 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5441 if (err < 0)
5442 goto unlock;
5443
5444 if (!changed)
5445 goto unlock;
5446
d7a5a11d 5447 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 5448 err = new_options(hdev, sk);
5449
5450 if (is_configured(hdev)) {
5451 mgmt_index_removed(hdev);
5452
a358dc11 5453 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 5454
a1536da2
MH		 5455 hci_dev_set_flag(hdev, HCI_CONFIG);
5456 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 5457
5458 queue_work(hdev->req_workqueue, &hdev->power_on);
5459 }
5460
5461unlock:
5462 hci_dev_unlock(hdev);
5463 return err;
5464}
5465
bea41609
MH		 5466static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5467 u8 data_len)
5468{
5469 eir[eir_len++] = sizeof(type) + data_len;
5470 eir[eir_len++] = type;
5471 memcpy(&eir[eir_len], data, data_len);
5472 eir_len += data_len;
5473
5474 return eir_len;
5475}
5476
40f66c05
JH		 5477static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
5478 u16 opcode, struct sk_buff *skb)
5479{
5480 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
5481 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
5482 u8 *h192, *r192, *h256, *r256;
5483 struct mgmt_pending_cmd *cmd;
5484 u16 eir_len;
5485 int err;
5486
5487 BT_DBG("%s status %u", hdev->name, status);
5488
5489 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
5490 if (!cmd)
5491 return;
5492
5493 mgmt_cp = cmd->param;
5494
5495 if (status) {
5496 status = mgmt_status(status);
5497 eir_len = 0;
5498
5499 h192 = NULL;
5500 r192 = NULL;
5501 h256 = NULL;
5502 r256 = NULL;
5503 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
5504 struct hci_rp_read_local_oob_data *rp;
5505
5506 if (skb->len != sizeof(*rp)) {
5507 status = MGMT_STATUS_FAILED;
5508 eir_len = 0;
5509 } else {
5510 status = MGMT_STATUS_SUCCESS;
5511 rp = (void *)skb->data;
5512
5513 eir_len = 5 + 18 + 18;
5514 h192 = rp->hash;
5515 r192 = rp->rand;
5516 h256 = NULL;
5517 r256 = NULL;
5518 }
5519 } else {
5520 struct hci_rp_read_local_oob_ext_data *rp;
5521
5522 if (skb->len != sizeof(*rp)) {
5523 status = MGMT_STATUS_FAILED;
5524 eir_len = 0;
5525 } else {
5526 status = MGMT_STATUS_SUCCESS;
5527 rp = (void *)skb->data;
5528
5529 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5530 eir_len = 5 + 18 + 18;
5531 h192 = NULL;
5532 r192 = NULL;
5533 } else {
5534 eir_len = 5 + 18 + 18 + 18 + 18;
5535 h192 = rp->hash192;
5536 r192 = rp->rand192;
5537 }
5538
5539 h256 = rp->hash256;
5540 r256 = rp->rand256;
5541 }
5542 }
5543
5544 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
5545 if (!mgmt_rp)
5546 goto done;
5547
5548 if (status)
5549 goto send_rsp;
5550
5551 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
5552 hdev->dev_class, 3);
5553
5554 if (h192 && r192) {
5555 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5556 EIR_SSP_HASH_C192, h192, 16);
5557 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5558 EIR_SSP_RAND_R192, r192, 16);
5559 }
5560
5561 if (h256 && r256) {
5562 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5563 EIR_SSP_HASH_C256, h256, 16);
5564 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5565 EIR_SSP_RAND_R256, r256, 16);
5566 }
5567
5568send_rsp:
5569 mgmt_rp->type = mgmt_cp->type;
5570 mgmt_rp->eir_len = cpu_to_le16(eir_len);
5571
5572 err = mgmt_cmd_complete(cmd->sk, hdev->id,
5573 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
5574 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
5575 if (err < 0 || status)
5576 goto done;
5577
5578 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
5579
5580 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5581 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
5582 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
5583done:
5584 kfree(mgmt_rp);
5585 mgmt_pending_remove(cmd);
5586}
5587
5588static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
5589 struct mgmt_cp_read_local_oob_ext_data *cp)
5590{
5591 struct mgmt_pending_cmd *cmd;
5592 struct hci_request req;
5593 int err;
5594
5595 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
5596 cp, sizeof(*cp));
5597 if (!cmd)
5598 return -ENOMEM;
5599
5600 hci_req_init(&req, hdev);
5601
5602 if (bredr_sc_enabled(hdev))
5603 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
5604 else
5605 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
5606
5607 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
5608 if (err < 0) {
5609 mgmt_pending_remove(cmd);
5610 return err;
5611 }
5612
5613 return 0;
5614}
5615
4f0f155c
MH		 5616static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
5617 void *data, u16 data_len)
5618{
5619 struct mgmt_cp_read_local_oob_ext_data *cp = data;
5620 struct mgmt_rp_read_local_oob_ext_data *rp;
5621 size_t rp_len;
5622 u16 eir_len;
0821a2c5 5623 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 5624 int err;
5625
5626 BT_DBG("%s", hdev->name);
5627
57b0d3e8
MH		 5628 if (hdev_is_powered(hdev)) {
5629 switch (cp->type) {
5630 case BIT(BDADDR_BREDR):
5631 status = mgmt_bredr_support(hdev);
5632 if (status)
5633 eir_len = 0;
5634 else
5635 eir_len = 5;
5636 break;
5637 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5638 status = mgmt_le_support(hdev);
5639 if (status)
5640 eir_len = 0;
5641 else
5642 eir_len = 9 + 3 + 18 + 18 + 3;
5643 break;
5644 default:
5645 status = MGMT_STATUS_INVALID_PARAMS;
5646 eir_len = 0;
5647 break;
5648 }
5649 } else {
5650 status = MGMT_STATUS_NOT_POWERED;
5651 eir_len = 0;
4f0f155c
MH		 5652 }
5653
4f0f155c
MH		 5654 rp_len = sizeof(*rp) + eir_len;
5655 rp = kmalloc(rp_len, GFP_ATOMIC);
efcd8c98 5656 if (!rp)
4f0f155c 5657 return -ENOMEM;
efcd8c98 5658
57b0d3e8
MH		 5659 if (status)
5660 goto complete;
5661
efcd8c98 5662 hci_dev_lock(hdev);
4f0f155c
MH		 5663
5664 eir_len = 0;
5665 switch (cp->type) {
5666 case BIT(BDADDR_BREDR):
40f66c05
JH		 5667 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5668 err = read_local_ssp_oob_req(hdev, sk, cp);
5669 hci_dev_unlock(hdev);
5670 if (!err)
5671 goto done;
5672
5673 status = MGMT_STATUS_FAILED;
5674 goto complete;
5675 } else {
5676 eir_len = eir_append_data(rp->eir, eir_len,
5677 EIR_CLASS_OF_DEV,
5678 hdev->dev_class, 3);
5679 }
4f0f155c
MH		 5680 break;
5681 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 5682 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5683 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5 5684 hci_dev_unlock(hdev);
57b0d3e8
MH		 5685 status = MGMT_STATUS_FAILED;
5686 goto complete;
0821a2c5
MH		 5687 }
5688
e213568a
MH		 5689 /* This should return the active RPA, but since the RPA
5690 * is only programmed on demand, it is really hard to fill
5691 * this in at the moment. For now disallow retrieving
5692 * local out-of-band data when privacy is in use.
5693 *
5694 * Returning the identity address will not help here since
5695 * pairing happens before the identity resolving key is
5696 * known and thus the connection establishment happens
5697 * based on the RPA and not the identity address.
5698 */
4f0f155c 5699 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
e213568a
MH		 5700 hci_dev_unlock(hdev);
5701 status = MGMT_STATUS_REJECTED;
5702 goto complete;
5703 }
5704
5705 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
5706 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
5707 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5708 bacmp(&hdev->static_addr, BDADDR_ANY))) {
4f0f155c
MH		 5709 memcpy(addr, &hdev->static_addr, 6);
5710 addr[6] = 0x01;
5711 } else {
5712 memcpy(addr, &hdev->bdaddr, 6);
5713 addr[6] = 0x00;
5714 }
5715
5716 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
5717 addr, sizeof(addr));
5718
5719 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
5720 role = 0x02;
5721 else
5722 role = 0x01;
5723
5724 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
5725 &role, sizeof(role));
5726
5082a599
MH		 5727 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
5728 eir_len = eir_append_data(rp->eir, eir_len,
5729 EIR_LE_SC_CONFIRM,
5730 hash, sizeof(hash));
0821a2c5 5731
5082a599
MH		 5732 eir_len = eir_append_data(rp->eir, eir_len,
5733 EIR_LE_SC_RANDOM,
5734 rand, sizeof(rand));
5735 }
0821a2c5 5736
f2252570 5737 flags = mgmt_get_adv_discov_flags(hdev);
4f0f155c
MH		 5738
5739 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
5740 flags |= LE_AD_NO_BREDR;
5741
5742 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
5743 &flags, sizeof(flags));
5744 break;
5745 }
5746
4f0f155c
MH		 5747 hci_dev_unlock(hdev);
5748
72000df2
MH		 5749 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
5750
57b0d3e8
MH		 5751 status = MGMT_STATUS_SUCCESS;
5752
5753complete:
efcd8c98
MH		 5754 rp->type = cp->type;
5755 rp->eir_len = cpu_to_le16(eir_len);
5756
4f0f155c 5757 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
57b0d3e8
MH		 5758 status, rp, sizeof(*rp) + eir_len);
5759 if (err < 0 || status)
72000df2
MH		 5760 goto done;
5761
5762 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5763 rp, sizeof(*rp) + eir_len,
5764 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 5765
0821a2c5 5766done:
4f0f155c
MH		 5767 kfree(rp);
5768
5769 return err;
5770}
5771
089fa8c0
AU		 5772static u32 get_supported_adv_flags(struct hci_dev *hdev)
5773{
5774 u32 flags = 0;
5775
5776 flags |= MGMT_ADV_FLAG_CONNECTABLE;
5777 flags |= MGMT_ADV_FLAG_DISCOV;
5778 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
5779 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
5780
5781 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
5782 flags |= MGMT_ADV_FLAG_TX_POWER;
5783
5784 return flags;
5785}
5786
d3d5305b
MH		 5787static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
5788 void *data, u16 data_len)
5789{
5790 struct mgmt_rp_read_adv_features *rp;
5791 size_t rp_len;
02c04afe 5792 int err;
286e0c83 5793 struct adv_info *adv_instance;
089fa8c0 5794 u32 supported_flags;
02c04afe 5795 u8 *instance;
d3d5305b
MH		 5796
5797 BT_DBG("%s", hdev->name);
5798
089fa8c0
AU		 5799 if (!lmp_le_capable(hdev))
5800 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
5801 MGMT_STATUS_REJECTED);
5802
d3d5305b
MH		 5803 hci_dev_lock(hdev);
5804
02c04afe 5805 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
d3d5305b
MH		 5806 rp = kmalloc(rp_len, GFP_ATOMIC);
5807 if (!rp) {
5808 hci_dev_unlock(hdev);
5809 return -ENOMEM;
5810 }
5811
089fa8c0
AU		 5812 supported_flags = get_supported_adv_flags(hdev);
5813
5814 rp->supported_flags = cpu_to_le32(supported_flags);
dc5d82a9
MH		 5815 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
5816 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
d2609b34 5817 rp->max_instances = HCI_MAX_ADV_INSTANCES;
02c04afe 5818 rp->num_instances = hdev->adv_instance_cnt;
24b4f38f 5819
02c04afe
JH		 5820 instance = rp->instance;
5821 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
5822 *instance = adv_instance->instance;
5823 instance++;
24b4f38f 5824 }
d3d5305b
MH		 5825
5826 hci_dev_unlock(hdev);
5827
5828 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
5829 MGMT_STATUS_SUCCESS, rp, rp_len);
5830
5831 kfree(rp);
5832
5833 return err;
5834}
5835
4117ed70 5836static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
b44133ff 5837 u8 len, bool is_adv_data)
24b4f38f 5838{
4117ed70 5839 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f 5840 int i, cur_len;
b44133ff 5841 bool flags_managed = false;
5507e358 5842 bool tx_power_managed = false;
24b4f38f 5843
31a3248d
MH		 5844 if (is_adv_data) {
5845 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
5846 MGMT_ADV_FLAG_LIMITED_DISCOV |
5847 MGMT_ADV_FLAG_MANAGED_FLAGS)) {
5848 flags_managed = true;
5849 max_len -= 3;
5850 }
24b4f38f 5851
31a3248d
MH		 5852 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) {
5853 tx_power_managed = true;
5854 max_len -= 3;
5855 }
5507e358
AU		 5856 }
5857
4117ed70 5858 if (len > max_len)
24b4f38f
AU		 5859 return false;
5860
4117ed70
AU		 5861 /* Make sure that the data is correctly formatted. */
5862 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
5863 cur_len = data[i];
24b4f38f 5864
b44133ff
AU		 5865 if (flags_managed && data[i + 1] == EIR_FLAGS)
5866 return false;
5867
5507e358
AU		 5868 if (tx_power_managed && data[i + 1] == EIR_TX_POWER)
5869 return false;
5870
24b4f38f
AU		 5871 /* If the current field length would exceed the total data
5872 * length, then it's invalid.
5873 */
4117ed70 5874 if (i + cur_len >= len)
24b4f38f
AU		 5875 return false;
5876 }
5877
5878 return true;
5879}
5880
24b4f38f
AU		 5881static void add_advertising_complete(struct hci_dev *hdev, u8 status,
5882 u16 opcode)
5883{
5884 struct mgmt_pending_cmd *cmd;
fffd38bc 5885 struct mgmt_cp_add_advertising *cp;
24b4f38f 5886 struct mgmt_rp_add_advertising rp;
fffd38bc
FG		 5887 struct adv_info *adv_instance, *n;
5888 u8 instance;
24b4f38f
AU		 5889
5890 BT_DBG("status %d", status);
5891
5892 hci_dev_lock(hdev);
5893
5894 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
5895
fffd38bc
FG		 5896 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
5897 if (!adv_instance->pending)
5898 continue;
5899
5900 if (!status) {
5901 adv_instance->pending = false;
5902 continue;
5903 }
5904
5905 instance = adv_instance->instance;
5906
5907 if (hdev->cur_adv_instance == instance)
5908 cancel_adv_timeout(hdev);
5909
5910 hci_remove_adv_instance(hdev, instance);
f2252570 5911 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
24b4f38f
AU		 5912 }
5913
5914 if (!cmd)
5915 goto unlock;
5916
fffd38bc
FG		 5917 cp = cmd->param;
5918 rp.instance = cp->instance;
24b4f38f
AU		 5919
5920 if (status)
5921 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5922 mgmt_status(status));
5923 else
5924 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
5925 mgmt_status(status), &rp, sizeof(rp));
5926
5927 mgmt_pending_remove(cmd);
5928
5929unlock:
5930 hci_dev_unlock(hdev);
5931}
5932
5933static int add_advertising(struct sock *sk, struct hci_dev *hdev,
5934 void *data, u16 data_len)
5935{
5936 struct mgmt_cp_add_advertising *cp = data;
5937 struct mgmt_rp_add_advertising rp;
5938 u32 flags;
089fa8c0 5939 u32 supported_flags;
24b4f38f 5940 u8 status;
fffd38bc
FG		 5941 u16 timeout, duration;
5942 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
5943 u8 schedule_instance = 0;
5944 struct adv_info *next_instance;
24b4f38f
AU		 5945 int err;
5946 struct mgmt_pending_cmd *cmd;
5947 struct hci_request req;
5948
5949 BT_DBG("%s", hdev->name);
5950
5951 status = mgmt_le_support(hdev);
5952 if (status)
5953 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
5954 status);
5955
ceff86af
MH		 5956 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
5957 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
5958 MGMT_STATUS_INVALID_PARAMS);
5959
24b4f38f 5960 flags = __le32_to_cpu(cp->flags);
912098a6 5961 timeout = __le16_to_cpu(cp->timeout);
fffd38bc 5962 duration = __le16_to_cpu(cp->duration);
24b4f38f 5963
fffd38bc
FG		 5964 /* The current implementation only supports a subset of the specified
5965 * flags.
089fa8c0
AU		 5966 */
5967 supported_flags = get_supported_adv_flags(hdev);
fffd38bc 5968 if (flags & ~supported_flags)
24b4f38f
AU		 5969 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
5970 MGMT_STATUS_INVALID_PARAMS);
5971
5972 hci_dev_lock(hdev);
5973
912098a6
AU		 5974 if (timeout && !hdev_is_powered(hdev)) {
5975 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
5976 MGMT_STATUS_REJECTED);
5977 goto unlock;
5978 }
5979
24b4f38f 5980 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
da929335 5981 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
24b4f38f
AU		 5982 pending_find(MGMT_OP_SET_LE, hdev)) {
5983 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
5984 MGMT_STATUS_BUSY);
5985 goto unlock;
5986 }
5987
b44133ff 5988 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
4117ed70 5989 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
b44133ff 5990 cp->scan_rsp_len, false)) {
24b4f38f
AU		 5991 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
5992 MGMT_STATUS_INVALID_PARAMS);
5993 goto unlock;
5994 }
5995
fffd38bc
FG		 5996 err = hci_add_adv_instance(hdev, cp->instance, flags,
5997 cp->adv_data_len, cp->data,
5998 cp->scan_rsp_len,
5999 cp->data + cp->adv_data_len,
6000 timeout, duration);
6001 if (err < 0) {
6002 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6003 MGMT_STATUS_FAILED);
6004 goto unlock;
6005 }
24b4f38f 6006
fffd38bc
FG		 6007 /* Only trigger an advertising added event if a new instance was
6008 * actually added.
6009 */
6010 if (hdev->adv_instance_cnt > prev_instance_cnt)
f2252570 6011 mgmt_advertising_added(sk, hdev, cp->instance);
912098a6 6012
fffd38bc
FG		 6013 if (hdev->cur_adv_instance == cp->instance) {
6014 /* If the currently advertised instance is being changed then
6015 * cancel the current advertising and schedule the next
6016 * instance. If there is only one instance then the overridden
6017 * advertising data will be visible right away.
6018 */
6019 cancel_adv_timeout(hdev);
912098a6 6020
fffd38bc
FG		 6021 next_instance = hci_get_next_instance(hdev, cp->instance);
6022 if (next_instance)
6023 schedule_instance = next_instance->instance;
6024 } else if (!hdev->adv_instance_timeout) {
6025 /* Immediately advertise the new instance if no other
6026 * instance is currently being advertised.
6027 */
6028 schedule_instance = cp->instance;
6029 }
24b4f38f 6030
fffd38bc
FG		 6031 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6032 * there is no instance to be advertised then we have no HCI
6033 * communication to make. Simply return.
24b4f38f
AU		 6034 */
6035 if (!hdev_is_powered(hdev) ||
fffd38bc
FG		 6036 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6037 !schedule_instance) {
6038 rp.instance = cp->instance;
24b4f38f
AU		 6039 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6040 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6041 goto unlock;
6042 }
6043
6044 /* We're good to go, update advertising data, parameters, and start
6045 * advertising.
6046 */
6047 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6048 data_len);
6049 if (!cmd) {
6050 err = -ENOMEM;
6051 goto unlock;
6052 }
6053
6054 hci_req_init(&req, hdev);
6055
f2252570 6056 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
fffd38bc
FG		 6057
6058 if (!err)
6059 err = hci_req_run(&req, add_advertising_complete);
24b4f38f 6060
24b4f38f
AU		 6061 if (err < 0)
6062 mgmt_pending_remove(cmd);
6063
6064unlock:
6065 hci_dev_unlock(hdev);
6066
6067 return err;
6068}
6069
da929335
AU		 6070static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6071 u16 opcode)
6072{
6073 struct mgmt_pending_cmd *cmd;
01948331 6074 struct mgmt_cp_remove_advertising *cp;
da929335
AU		 6075 struct mgmt_rp_remove_advertising rp;
6076
6077 BT_DBG("status %d", status);
6078
6079 hci_dev_lock(hdev);
6080
6081 /* A failure status here only means that we failed to disable
6082 * advertising. Otherwise, the advertising instance has been removed,
6083 * so report success.
6084 */
6085 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6086 if (!cmd)
6087 goto unlock;
6088
01948331
FG		 6089 cp = cmd->param;
6090 rp.instance = cp->instance;
da929335
AU		 6091
6092 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6093 &rp, sizeof(rp));
6094 mgmt_pending_remove(cmd);
6095
6096unlock:
6097 hci_dev_unlock(hdev);
6098}
6099
6100static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6101 void *data, u16 data_len)
6102{
6103 struct mgmt_cp_remove_advertising *cp = data;
6104 struct mgmt_rp_remove_advertising rp;
da929335
AU		 6105 struct mgmt_pending_cmd *cmd;
6106 struct hci_request req;
952497b1 6107 int err;
da929335
AU		 6108
6109 BT_DBG("%s", hdev->name);
6110
da929335
AU		 6111 hci_dev_lock(hdev);
6112
952497b1 6113 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
01948331
FG		 6114 err = mgmt_cmd_status(sk, hdev->id,
6115 MGMT_OP_REMOVE_ADVERTISING,
6116 MGMT_STATUS_INVALID_PARAMS);
6117 goto unlock;
6118 }
6119
da929335
AU		 6120 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6121 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6122 pending_find(MGMT_OP_SET_LE, hdev)) {
6123 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6124 MGMT_STATUS_BUSY);
6125 goto unlock;
6126 }
6127
17fd08ff 6128 if (list_empty(&hdev->adv_instances)) {
da929335
AU		 6129 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6130 MGMT_STATUS_INVALID_PARAMS);
6131 goto unlock;
6132 }
6133
01948331 6134 hci_req_init(&req, hdev);
da929335 6135
f2252570 6136 hci_req_clear_adv_instance(hdev, &req, cp->instance, true);
da929335 6137
01948331 6138 if (list_empty(&hdev->adv_instances))
f2252570 6139 __hci_req_disable_advertising(&req);
da929335 6140
01948331
FG		 6141 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6142 * flag is set or the device isn't powered then we have no HCI
6143 * communication to make. Simply return.
da929335 6144 */
01948331
FG		 6145 if (skb_queue_empty(&req.cmd_q) ||
6146 !hdev_is_powered(hdev) ||
da929335 6147 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
01948331 6148 rp.instance = cp->instance;
da929335
AU		 6149 err = mgmt_cmd_complete(sk, hdev->id,
6150 MGMT_OP_REMOVE_ADVERTISING,
6151 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6152 goto unlock;
6153 }
6154
6155 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6156 data_len);
6157 if (!cmd) {
6158 err = -ENOMEM;
6159 goto unlock;
6160 }
6161
da929335
AU		 6162 err = hci_req_run(&req, remove_advertising_complete);
6163 if (err < 0)
6164 mgmt_pending_remove(cmd);
6165
6166unlock:
6167 hci_dev_unlock(hdev);
6168
6169 return err;
6170}
6171
40b25fe5
MH		 6172static u8 tlv_data_max_len(u32 adv_flags, bool is_adv_data)
6173{
6174 u8 max_len = HCI_MAX_AD_LENGTH;
6175
6176 if (is_adv_data) {
6177 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6178 MGMT_ADV_FLAG_LIMITED_DISCOV |
6179 MGMT_ADV_FLAG_MANAGED_FLAGS))
6180 max_len -= 3;
6181
6182 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6183 max_len -= 3;
6184 }
6185
6186 return max_len;
6187}
6188
6189static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6190 void *data, u16 data_len)
6191{
6192 struct mgmt_cp_get_adv_size_info *cp = data;
6193 struct mgmt_rp_get_adv_size_info rp;
6194 u32 flags, supported_flags;
6195 int err;
6196
6197 BT_DBG("%s", hdev->name);
6198
6199 if (!lmp_le_capable(hdev))
6200 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6201 MGMT_STATUS_REJECTED);
6202
6203 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6204 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6205 MGMT_STATUS_INVALID_PARAMS);
6206
6207 flags = __le32_to_cpu(cp->flags);
6208
6209 /* The current implementation only supports a subset of the specified
6210 * flags.
6211 */
6212 supported_flags = get_supported_adv_flags(hdev);
6213 if (flags & ~supported_flags)
6214 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6215 MGMT_STATUS_INVALID_PARAMS);
6216
6217 rp.instance = cp->instance;
6218 rp.flags = cp->flags;
6219 rp.max_adv_data_len = tlv_data_max_len(flags, true);
6220 rp.max_scan_rsp_len = tlv_data_max_len(flags, false);
6221
6222 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6223 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6224
6225 return err;
6226}
6227
6d785aa3 6228static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6229 { NULL }, /* 0x0000 (no command) */
b9a245fb 6230 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 6231 HCI_MGMT_NO_HDEV |
6232 HCI_MGMT_UNTRUSTED },
b9a245fb 6233 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 6234 HCI_MGMT_NO_HDEV |
6235 HCI_MGMT_UNTRUSTED },
b9a245fb 6236 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 6237 HCI_MGMT_NO_HDEV |
6238 HCI_MGMT_UNTRUSTED },
6239 { read_controller_info, MGMT_READ_INFO_SIZE,
6240 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 6241 { set_powered, MGMT_SETTING_SIZE },
6242 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6243 { set_connectable, MGMT_SETTING_SIZE },
6244 { set_fast_connectable, MGMT_SETTING_SIZE },
6245 { set_bondable, MGMT_SETTING_SIZE },
6246 { set_link_security, MGMT_SETTING_SIZE },
6247 { set_ssp, MGMT_SETTING_SIZE },
6248 { set_hs, MGMT_SETTING_SIZE },
6249 { set_le, MGMT_SETTING_SIZE },
6250 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6251 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6252 { add_uuid, MGMT_ADD_UUID_SIZE },
6253 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 6254 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6255 HCI_MGMT_VAR_LEN },
6256 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6257 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6258 { disconnect, MGMT_DISCONNECT_SIZE },
6259 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6260 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6261 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6262 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6263 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6264 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6265 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6266 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6267 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6268 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6269 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 6270 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6271 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6272 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6273 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6274 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6275 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6276 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6277 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6278 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6279 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6280 { set_advertising, MGMT_SETTING_SIZE },
6281 { set_bredr, MGMT_SETTING_SIZE },
6282 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6283 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6284 { set_secure_conn, MGMT_SETTING_SIZE },
6285 { set_debug_keys, MGMT_SETTING_SIZE },
6286 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 6287 { load_irks, MGMT_LOAD_IRKS_SIZE,
6288 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6289 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6290 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6291 { add_device, MGMT_ADD_DEVICE_SIZE },
6292 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 6293 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6294 HCI_MGMT_VAR_LEN },
6295 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 6296 HCI_MGMT_NO_HDEV |
6297 HCI_MGMT_UNTRUSTED },
b9a245fb 6298 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 6299 HCI_MGMT_UNCONFIGURED |
6300 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 6301 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6302 HCI_MGMT_UNCONFIGURED },
6303 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6304 HCI_MGMT_UNCONFIGURED },
6305 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6306 HCI_MGMT_VAR_LEN },
4f0f155c 6307 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 6308 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 6309 HCI_MGMT_NO_HDEV |
6310 HCI_MGMT_UNTRUSTED },
d3d5305b 6311 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 6312 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6313 HCI_MGMT_VAR_LEN },
da929335 6314 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
40b25fe5 6315 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
0f4e68cf
JH		 6316};
6317
bf6b56db 6318void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6319{
ced85549 6320 struct mgmt_ev_ext_index ev;
bb4b2a9a 6321
0602a8ad
MH		 6322 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6323 return;
6324
f9207338
MH		 6325 switch (hdev->dev_type) {
6326 case HCI_BREDR:
6327 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6328 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6329 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6330 ev.type = 0x01;
f9207338
MH		 6331 } else {
6332 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6333 HCI_MGMT_INDEX_EVENTS);
ced85549 6334 ev.type = 0x00;
f9207338
MH		 6335 }
6336 break;
ced85549
MH		 6337 case HCI_AMP:
6338 ev.type = 0x02;
6339 break;
6340 default:
6341 return;
f9207338 6342 }
ced85549
MH		 6343
6344 ev.bus = hdev->bus;
6345
6346 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6347 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 6348}
6349
bf6b56db 6350void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6351{
ced85549 6352 struct mgmt_ev_ext_index ev;
5f159032 6353 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6354
0602a8ad
MH		 6355 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6356 return;
6357
f9207338
MH		 6358 switch (hdev->dev_type) {
6359 case HCI_BREDR:
6360 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6361
f9207338
MH		 6362 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6363 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6364 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6365 ev.type = 0x01;
f9207338
MH		 6366 } else {
6367 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6368 HCI_MGMT_INDEX_EVENTS);
ced85549 6369 ev.type = 0x00;
f9207338
MH		 6370 }
6371 break;
ced85549
MH		 6372 case HCI_AMP:
6373 ev.type = 0x02;
6374 break;
6375 default:
6376 return;
f9207338 6377 }
ced85549
MH		 6378
6379 ev.bus = hdev->bus;
6380
6381 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6382 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 6383}
6384
6046dc3e 6385/* This function requires the caller holds hdev->lock */
af02dd44 6386static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 6387{
6388 struct hci_conn_params *p;
6389
6390 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6391 /* Needed for AUTO_OFF case where might not "really"
6392 * have been powered off.
6393 */
6394 list_del_init(&p->action);
6395
6396 switch (p->auto_connect) {
4b9e7e75 6397 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6398 case HCI_AUTO_CONN_ALWAYS:
6399 list_add(&p->action, &hdev->pend_le_conns);
6400 break;
6401 case HCI_AUTO_CONN_REPORT:
6402 list_add(&p->action, &hdev->pend_le_reports);
6403 break;
6404 default:
6405 break;
c83ed19d 6406 }
6046dc3e
AG		 6407 }
6408}
6409
2ff13894 6410void mgmt_power_on(struct hci_dev *hdev, int err)
229ab39c
JH		 6411{
6412 struct cmd_lookup match = { NULL, hdev };
6413
2ff13894 6414 BT_DBG("err %d", err);
229ab39c 6415
2ff13894
JH		 6416 hci_dev_lock(hdev);
6417
6418 if (!err) {
af02dd44
JH		 6419 restart_le_actions(hdev);
6420 hci_update_background_scan(hdev);
162a3bac
MH		 6421 }
6422
229ab39c
JH		 6423 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6424
6425 new_settings(hdev, match.sk);
6426
229ab39c
JH		 6427 if (match.sk)
6428 sock_put(match.sk);
229ab39c 6429
2ff13894 6430 hci_dev_unlock(hdev);
70da6243 6431}
562fcc24 6432
2ff13894 6433void __mgmt_power_off(struct hci_dev *hdev)
70da6243
JH		 6434{
6435 struct cmd_lookup match = { NULL, hdev };
9845904f 6436 u8 status, zero_cod[] = { 0, 0, 0 };
b24752fe 6437
229ab39c 6438 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6439
6440 /* If the power off is because of hdev unregistration let
6441 * use the appropriate INVALID_INDEX status. Otherwise use
6442 * NOT_POWERED. We cover both scenarios here since later in
6443 * mgmt_index_removed() any hci_conn callbacks will have already
6444 * been triggered, potentially causing misleading DISCONNECTED
6445 * status responses.
6446 */
d7a5a11d 6447 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 6448 status = MGMT_STATUS_INVALID_INDEX;
6449 else
6450 status = MGMT_STATUS_NOT_POWERED;
6451
6452 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6453
6454 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
f6b7712e
MH		 6455 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6456 zero_cod, sizeof(zero_cod), NULL);
229ab39c 6457
2ff13894 6458 new_settings(hdev, match.sk);
eec8d2bc
JH		 6459
6460 if (match.sk)
6461 sock_put(match.sk);
5add6af8 6462}
73f22f62 6463
3eec705e 6464void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 6465{
3b0602cd 6466 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 6467 u8 status;
6468
333ae95d 6469 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 6470 if (!cmd)
3eec705e 6471 return;
96570ffc
JH		 6472
6473 if (err == -ERFKILL)
6474 status = MGMT_STATUS_RFKILLED;
6475 else
6476 status = MGMT_STATUS_FAILED;
6477
a69e8375 6478 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6479
6480 mgmt_pending_remove(cmd);
96570ffc
JH		 6481}
6482
dc4a5ee2
MH		 6483void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6484 bool persistent)
55ed8ca1 6485{
86742e1e 6486 struct mgmt_ev_new_link_key ev;
55ed8ca1 6487
a492cd52 6488 memset(&ev, 0, sizeof(ev));
55ed8ca1 6489
a492cd52 6490 ev.store_hint = persistent;
d753fdc4 6491 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6492 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6493 ev.key.type = key->type;
9b3b4460 6494 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6495 ev.key.pin_len = key->pin_len;
55ed8ca1 6496
dc4a5ee2 6497 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6498}
f7520543 6499
d7b25450
JH		 6500static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6501{
23fb8de3
JH		 6502 switch (ltk->type) {
6503 case SMP_LTK:
6504 case SMP_LTK_SLAVE:
6505 if (ltk->authenticated)
6506 return MGMT_LTK_AUTHENTICATED;
6507 return MGMT_LTK_UNAUTHENTICATED;
6508 case SMP_LTK_P256:
6509 if (ltk->authenticated)
6510 return MGMT_LTK_P256_AUTH;
6511 return MGMT_LTK_P256_UNAUTH;
6512 case SMP_LTK_P256_DEBUG:
6513 return MGMT_LTK_P256_DEBUG;
6514 }
d7b25450
JH		 6515
6516 return MGMT_LTK_UNAUTHENTICATED;
6517}
6518
53ac6ab6 6519void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6520{
6521 struct mgmt_ev_new_long_term_key ev;
6522
6523 memset(&ev, 0, sizeof(ev));
6524
5192d301 6525 /* Devices using resolvable or non-resolvable random addresses
f72186d2 6526 * without providing an identity resolving key don't require
5192d301
MH		 6527 * to store long term keys. Their addresses will change the
6528 * next time around.
6529 *
6530 * Only when a remote device provides an identity address
6531 * make sure the long term key is stored. If the remote
6532 * identity is known, the long term keys are internally
6533 * mapped to the identity address. So allow static random
6534 * and public addresses here.
6535 */
ba74b666
JH		 6536 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6537 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6538 ev.store_hint = 0x00;
6539 else
53ac6ab6 6540 ev.store_hint = persistent;
ba74b666 6541
346af67b 6542 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6543 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6544 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6545 ev.key.enc_size = key->enc_size;
6546 ev.key.ediv = key->ediv;
fe39c7b2 6547 ev.key.rand = key->rand;
346af67b 6548
2ceba539 6549 if (key->type == SMP_LTK)
346af67b
VCG		 6550 ev.key.master = 1;
6551
1fc62c52
JH		 6552 /* Make sure we copy only the significant bytes based on the
6553 * encryption key size, and set the rest of the value to zeroes.
6554 */
cb92205b 6555 memcpy(ev.key.val, key->val, key->enc_size);
1fc62c52
JH		 6556 memset(ev.key.val + key->enc_size, 0,
6557 sizeof(ev.key.val) - key->enc_size);
346af67b 6558
083368f7 6559 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6560}
6561
cad20c27 6562void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
95fbac8a
JH		 6563{
6564 struct mgmt_ev_new_irk ev;
6565
6566 memset(&ev, 0, sizeof(ev));
6567
cad20c27 6568 ev.store_hint = persistent;
bab6d1e5 6569
95fbac8a
JH		 6570 bacpy(&ev.rpa, &irk->rpa);
6571 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6572 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6573 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6574
6575 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6576}
6577
53ac6ab6
MH		 6578void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6579 bool persistent)
7ee4ea36
MH		 6580{
6581 struct mgmt_ev_new_csrk ev;
6582
6583 memset(&ev, 0, sizeof(ev));
6584
6585 /* Devices using resolvable or non-resolvable random addresses
f72186d2 6586 * without providing an identity resolving key don't require
7ee4ea36
MH		 6587 * to store signature resolving keys. Their addresses will change
6588 * the next time around.
6589 *
6590 * Only when a remote device provides an identity address
6591 * make sure the signature resolving key is stored. So allow
6592 * static random and public addresses here.
6593 */
6594 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6595 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6596 ev.store_hint = 0x00;
6597 else
53ac6ab6 6598 ev.store_hint = persistent;
7ee4ea36
MH		 6599
6600 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6601 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 6602 ev.key.type = csrk->type;
7ee4ea36
MH		 6603 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6604
6605 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6606}
6607
ffb5a827 6608void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6609 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6610 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6611{
6612 struct mgmt_ev_new_conn_param ev;
6613
c103aea6
JH		 6614 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6615 return;
6616
ffb5a827
AG		 6617 memset(&ev, 0, sizeof(ev));
6618 bacpy(&ev.addr.bdaddr, bdaddr);
6619 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6620 ev.store_hint = store_hint;
ffb5a827
AG		 6621 ev.min_interval = cpu_to_le16(min_interval);
6622 ev.max_interval = cpu_to_le16(max_interval);
6623 ev.latency = cpu_to_le16(latency);
6624 ev.timeout = cpu_to_le16(timeout);
6625
6626 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6627}
6628
48ec92fa
AA		 6629void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6630 u32 flags, u8 *name, u8 name_len)
f7520543 6631{
b644ba33
JH		 6632 char buf[512];
6633 struct mgmt_ev_device_connected *ev = (void *) buf;
6634 u16 eir_len = 0;
f7520543 6635
48ec92fa
AA		 6636 bacpy(&ev->addr.bdaddr, &conn->dst);
6637 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6638
c95f0ba7 6639 ev->flags = __cpu_to_le32(flags);
08c79b61 6640
fd45ada9
AA		 6641 /* We must ensure that the EIR Data fields are ordered and
6642 * unique. Keep it simple for now and avoid the problem by not
6643 * adding any BR/EDR data to the LE adv.
6644 */
6645 if (conn->le_adv_data_len > 0) {
6646 memcpy(&ev->eir[eir_len],
6647 conn->le_adv_data, conn->le_adv_data_len);
6648 eir_len = conn->le_adv_data_len;
6649 } else {
6650 if (name_len > 0)
6651 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6652 name, name_len);
b644ba33 6653
ddbea5cf 6654 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6655 eir_len = eir_append_data(ev->eir, eir_len,
6656 EIR_CLASS_OF_DEV,
6657 conn->dev_class, 3);
6658 }
b644ba33 6659
eb55ef07 6660 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6661
ecd90ae7
MH		 6662 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6663 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6664}
6665
3b0602cd 6666static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 6667{
8962ee74 6668 struct sock **sk = data;
8962ee74 6669
f5818c22 6670 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6671
6672 *sk = cmd->sk;
6673 sock_hold(*sk);
6674
a664b5bc 6675 mgmt_pending_remove(cmd);
8962ee74
JH		 6676}
6677
3b0602cd 6678static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 6679{
b1078ad0 6680 struct hci_dev *hdev = data;
124f6e35 6681 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6682
b1078ad0
JH		 6683 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6684
d8b7b1e4 6685 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6686 mgmt_pending_remove(cmd);
6687}
6688
84c61d92
JH		 6689bool mgmt_powering_down(struct hci_dev *hdev)
6690{
3b0602cd 6691 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 6692 struct mgmt_mode *cp;
6693
333ae95d 6694 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 6695 if (!cmd)
6696 return false;
6697
6698 cp = cmd->param;
6699 if (!cp->val)
6700 return true;
6701
6702 return false;
6703}
6704
9b80ec5e 6705void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6706 u8 link_type, u8 addr_type, u8 reason,
6707 bool mgmt_connected)
f7520543 6708{
f0d6a0ea 6709 struct mgmt_ev_device_disconnected ev;
8962ee74 6710 struct sock *sk = NULL;
8962ee74 6711
84c61d92
JH		 6712 /* The connection is still in hci_conn_hash so test for 1
6713 * instead of 0 to know if this is the last one.
6714 */
6715 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6716 cancel_delayed_work(&hdev->power_off);
6717 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6718 }
6719
12d4a3b2
JH		 6720 if (!mgmt_connected)
6721 return;
6722
57eb776f
AG		 6723 if (link_type != ACL_LINK && link_type != LE_LINK)
6724 return;
6725
744cf19e 6726 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6727
f0d6a0ea
MA		 6728 bacpy(&ev.addr.bdaddr, bdaddr);
6729 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6730 ev.reason = reason;
f7520543 6731
9b80ec5e 6732 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6733
6734 if (sk)
d97dcb66 6735 sock_put(sk);
8962ee74 6736
124f6e35 6737 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6738 hdev);
8962ee74
JH		 6739}
6740
7892924c
MH		 6741void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6742 u8 link_type, u8 addr_type, u8 status)
8962ee74 6743{
3655bba8
AG		 6744 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6745 struct mgmt_cp_disconnect *cp;
3b0602cd 6746 struct mgmt_pending_cmd *cmd;
8962ee74 6747
36a75f1b
JD		 6748 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6749 hdev);
6750
333ae95d 6751 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6752 if (!cmd)
7892924c 6753 return;
8962ee74 6754
3655bba8
AG		 6755 cp = cmd->param;
6756
6757 if (bacmp(bdaddr, &cp->addr.bdaddr))
6758 return;
6759
6760 if (cp->addr.type != bdaddr_type)
6761 return;
6762
f5818c22 6763 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6764 mgmt_pending_remove(cmd);
f7520543 6765}
17d5c04c 6766
445608d0
MH		 6767void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6768 u8 addr_type, u8 status)
17d5c04c
JH		 6769{
6770 struct mgmt_ev_connect_failed ev;
c9910d0f 6771
84c61d92
JH		 6772 /* The connection is still in hci_conn_hash so test for 1
6773 * instead of 0 to know if this is the last one.
6774 */
6775 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6776 cancel_delayed_work(&hdev->power_off);
6777 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6778 }
17d5c04c 6779
4c659c39 6780 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6781 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6782 ev.status = mgmt_status(status);
17d5c04c 6783
445608d0 6784 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6785}
980e1a53 6786
ce0e4a0d 6787void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6788{
6789 struct mgmt_ev_pin_code_request ev;
6790
d8457698 6791 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6792 ev.addr.type = BDADDR_BREDR;
a770bb5a 6793 ev.secure = secure;
980e1a53 6794
ce0e4a0d 6795 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6796}
6797
e669cf80
MH		 6798void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6799 u8 status)
980e1a53 6800{
3b0602cd 6801 struct mgmt_pending_cmd *cmd;
980e1a53 6802
333ae95d 6803 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6804 if (!cmd)
e669cf80 6805 return;
980e1a53 6806
7776d1d8 6807 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6808 mgmt_pending_remove(cmd);
980e1a53
JH		 6809}
6810
3eb38528
MH		 6811void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6812 u8 status)
980e1a53 6813{
3b0602cd 6814 struct mgmt_pending_cmd *cmd;
980e1a53 6815
333ae95d 6816 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6817 if (!cmd)
3eb38528 6818 return;
980e1a53 6819
7776d1d8 6820 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6821 mgmt_pending_remove(cmd);
980e1a53 6822}
a5c29683 6823
744cf19e 6824int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6825 u8 link_type, u8 addr_type, u32 value,
04124681 6826 u8 confirm_hint)
a5c29683
JH		 6827{
6828 struct mgmt_ev_user_confirm_request ev;
6829
744cf19e 6830 BT_DBG("%s", hdev->name);
a5c29683 6831
272d90df 6832 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6833 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6834 ev.confirm_hint = confirm_hint;
39adbffe 6835 ev.value = cpu_to_le32(value);
a5c29683 6836
744cf19e 6837 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6838 NULL);
a5c29683
JH		 6839}
6840
272d90df 6841int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6842 u8 link_type, u8 addr_type)
604086b7
BG		 6843{
6844 struct mgmt_ev_user_passkey_request ev;
6845
6846 BT_DBG("%s", hdev->name);
6847
272d90df 6848 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6849 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6850
6851 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6852 NULL);
604086b7
BG		 6853}
6854
0df4c185 6855static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6856 u8 link_type, u8 addr_type, u8 status,
6857 u8 opcode)
a5c29683 6858{
3b0602cd 6859 struct mgmt_pending_cmd *cmd;
a5c29683 6860
333ae95d 6861 cmd = pending_find(opcode, hdev);
a5c29683
JH		 6862 if (!cmd)
6863 return -ENOENT;
6864
7776d1d8 6865 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6866 mgmt_pending_remove(cmd);
a5c29683 6867
7776d1d8 6868 return 0;
a5c29683
JH		 6869}
6870
744cf19e 6871int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6872 u8 link_type, u8 addr_type, u8 status)
a5c29683 6873{
272d90df 6874 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6875 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6876}
6877
272d90df 6878int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6879 u8 link_type, u8 addr_type, u8 status)
a5c29683 6880{
272d90df 6881 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6882 status,
6883 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6884}
2a611692 6885
604086b7 6886int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6887 u8 link_type, u8 addr_type, u8 status)
604086b7 6888{
272d90df 6889 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6890 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6891}
6892
272d90df 6893int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6894 u8 link_type, u8 addr_type, u8 status)
604086b7 6895{
272d90df 6896 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6897 status,
6898 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6899}
6900
92a25256
JH		 6901int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6902 u8 link_type, u8 addr_type, u32 passkey,
6903 u8 entered)
6904{
6905 struct mgmt_ev_passkey_notify ev;
6906
6907 BT_DBG("%s", hdev->name);
6908
6909 bacpy(&ev.addr.bdaddr, bdaddr);
6910 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6911 ev.passkey = __cpu_to_le32(passkey);
6912 ev.entered = entered;
6913
6914 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6915}
6916
e1e930f5 6917void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 6918{
6919 struct mgmt_ev_auth_failed ev;
3b0602cd 6920 struct mgmt_pending_cmd *cmd;
e1e930f5 6921 u8 status = mgmt_status(hci_status);
2a611692 6922
e1e930f5
JH		 6923 bacpy(&ev.addr.bdaddr, &conn->dst);
6924 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6925 ev.status = status;
2a611692 6926
e1e930f5
JH		 6927 cmd = find_pairing(conn);
6928
6929 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
6930 cmd ? cmd->sk : NULL);
6931
a511b35b
JH		 6932 if (cmd) {
6933 cmd->cmd_complete(cmd, status);
6934 mgmt_pending_remove(cmd);
6935 }
2a611692 6936}
b312b161 6937
464996ae 6938void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6939{
6940 struct cmd_lookup match = { NULL, hdev };
464996ae 6941 bool changed;
33ef95ed
JH		 6942
6943 if (status) {
6944 u8 mgmt_err = mgmt_status(status);
6945 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6946 cmd_status_rsp, &mgmt_err);
464996ae 6947 return;
33ef95ed
JH		 6948 }
6949
464996ae 6950 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 6951 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 6952 else
a69d8927 6953 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 6954
33ef95ed 6955 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6956 &match);
33ef95ed 6957
47990ea0 6958 if (changed)
464996ae 6959 new_settings(hdev, match.sk);
33ef95ed
JH		 6960
6961 if (match.sk)
6962 sock_put(match.sk);
33ef95ed
JH		 6963}
6964
890ea898 6965static void clear_eir(struct hci_request *req)
cacaf52f 6966{
890ea898 6967 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6968 struct hci_cp_write_eir cp;
6969
976eb20e 6970 if (!lmp_ext_inq_capable(hdev))
890ea898 6971 return;
cacaf52f 6972
c80da27e
JH		 6973 memset(hdev->eir, 0, sizeof(hdev->eir));
6974
cacaf52f
JH		 6975 memset(&cp, 0, sizeof(cp));
6976
890ea898 6977 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6978}
6979
3e248560 6980void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6981{
6982 struct cmd_lookup match = { NULL, hdev };
890ea898 6983 struct hci_request req;
c0ecddc2 6984 bool changed = false;
ed2c4ee3
JH		 6985
6986 if (status) {
6987 u8 mgmt_err = mgmt_status(status);
c0ecddc2 6988
a69d8927
MH		 6989 if (enable && hci_dev_test_and_clear_flag(hdev,
6990 HCI_SSP_ENABLED)) {
a358dc11 6991 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 6992 new_settings(hdev, NULL);
9ecb3e24 6993 }
c0ecddc2 6994
04124681
GP		 6995 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6996 &mgmt_err);
3e248560 6997 return;
c0ecddc2
JH		 6998 }
6999
7000 if (enable) {
238be788 7001 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7002 } else {
a69d8927 7003 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7004 if (!changed)
a69d8927
MH		 7005 changed = hci_dev_test_and_clear_flag(hdev,
7006 HCI_HS_ENABLED);
9ecb3e24 7007 else
a358dc11 7008 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7009 }
7010
7011 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7012
c0ecddc2 7013 if (changed)
3e248560 7014 new_settings(hdev, match.sk);
ed2c4ee3 7015
5fc6ebb1 7016 if (match.sk)
ed2c4ee3
JH		 7017 sock_put(match.sk);
7018
890ea898
JH		 7019 hci_req_init(&req, hdev);
7020
d7a5a11d
MH		 7021 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7022 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7023 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7024 sizeof(enable), &enable);
b1a8917c 7025 __hci_req_update_eir(&req);
3769972b 7026 } else {
890ea898 7027 clear_eir(&req);
3769972b 7028 }
890ea898
JH		 7029
7030 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7031}
7032
3b0602cd 7033static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7034{
7035 struct cmd_lookup *match = data;
7036
90e70454
JH		 7037 if (match->sk == NULL) {
7038 match->sk = cmd->sk;
7039 sock_hold(match->sk);
7040 }
90e70454
JH		 7041}
7042
4e1b0245
MH		 7043void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7044 u8 status)
7f9a903c 7045{
90e70454 7046 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7047
92da6097
JH		 7048 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7049 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7050 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7051
7052 if (!status)
f6b7712e
MH		 7053 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7054 dev_class, 3, NULL);
90e70454
JH		 7055
7056 if (match.sk)
7057 sock_put(match.sk);
7f9a903c
MH		 7058}
7059
7667da34 7060void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7061{
b312b161 7062 struct mgmt_cp_set_local_name ev;
3b0602cd 7063 struct mgmt_pending_cmd *cmd;
28cc7bde 7064
13928971 7065 if (status)
7667da34 7066 return;
b312b161
JH		 7067
7068 memset(&ev, 0, sizeof(ev));
7069 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7070 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7071
333ae95d 7072 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7073 if (!cmd) {
7074 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7075
13928971
JH		 7076 /* If this is a HCI command related to powering on the
7077 * HCI dev don't send any mgmt signals.
7078 */
333ae95d 7079 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7080 return;
890ea898 7081 }
b312b161 7082
f6b7712e
MH		 7083 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7084 cmd ? cmd->sk : NULL);
b312b161 7085}
c35938b2 7086
799ce93d
JP		 7087static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7088{
7089 int i;
7090
7091 for (i = 0; i < uuid_count; i++) {
7092 if (!memcmp(uuid, uuids[i], 16))
7093 return true;
7094 }
7095
7096 return false;
7097}
7098
b487b9ce
MH		 7099static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7100{
799ce93d
JP		 7101 u16 parsed = 0;
7102
7103 while (parsed < eir_len) {
7104 u8 field_len = eir[0];
7105 u8 uuid[16];
7106 int i;
7107
7108 if (field_len == 0)
7109 break;
7110
7111 if (eir_len - parsed < field_len + 1)
7112 break;
7113
7114 switch (eir[1]) {
7115 case EIR_UUID16_ALL:
7116 case EIR_UUID16_SOME:
7117 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7118 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7119 uuid[13] = eir[i + 3];
7120 uuid[12] = eir[i + 2];
7121 if (has_uuid(uuid, uuid_count, uuids))
7122 return true;
7123 }
7124 break;
7125 case EIR_UUID32_ALL:
7126 case EIR_UUID32_SOME:
7127 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7128 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7129 uuid[15] = eir[i + 5];
7130 uuid[14] = eir[i + 4];
7131 uuid[13] = eir[i + 3];
7132 uuid[12] = eir[i + 2];
7133 if (has_uuid(uuid, uuid_count, uuids))
7134 return true;
7135 }
7136 break;
7137 case EIR_UUID128_ALL:
7138 case EIR_UUID128_SOME:
7139 for (i = 0; i + 17 <= field_len; i += 16) {
7140 memcpy(uuid, eir + i + 2, 16);
7141 if (has_uuid(uuid, uuid_count, uuids))
7142 return true;
7143 }
7144 break;
7145 }
7146
7147 parsed += field_len + 1;
7148 eir += field_len + 1;
7149 }
7150
b487b9ce
MH		 7151 return false;
7152}
7153
4b0e0ced
JP		 7154static void restart_le_scan(struct hci_dev *hdev)
7155{
7156 /* If controller is not scanning we are done. */
d7a5a11d 7157 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 7158 return;
7159
7160 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7161 hdev->discovery.scan_start +
7162 hdev->discovery.scan_duration))
7163 return;
7164
7c1fbed2 7165 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
4b0e0ced
JP		 7166 DISCOV_LE_RESTART_DELAY);
7167}
7168
48f86b7f
JP		 7169static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7170 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7171{
48f86b7f
JP		 7172 /* If a RSSI threshold has been specified, and
7173 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7174 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7175 * is set, let it through for further processing, as we might need to
7176 * restart the scan.
efb2513f
MH		 7177 *
7178 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7179 * the results are also dropped.
bda157a4
MH		 7180 */
7181 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7182 (rssi == HCI_RSSI_INVALID ||
7183 (rssi < hdev->discovery.rssi &&
7184 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7185 return false;
efb2513f 7186
2976cdeb
JP		 7187 if (hdev->discovery.uuid_count != 0) {
7188 /* If a list of UUIDs is provided in filter, results with no
7189 * matching UUID should be dropped.
b487b9ce 7190 */
2976cdeb
JP		 7191 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7192 hdev->discovery.uuids) &&
7193 !eir_has_uuids(scan_rsp, scan_rsp_len,
7194 hdev->discovery.uuid_count,
7195 hdev->discovery.uuids))
7196 return false;
b487b9ce 7197 }
5d2e9fad 7198
2976cdeb
JP		 7199 /* If duplicate filtering does not report RSSI changes, then restart
7200 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7201 */
2976cdeb
JP		 7202 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7203 restart_le_scan(hdev);
7204
7205 /* Validate RSSI value against the RSSI threshold once more. */
7206 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7207 rssi < hdev->discovery.rssi)
7208 return false;
7209 }
48f86b7f
JP		 7210
7211 return true;
7212}
7213
7214void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7215 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7216 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7217{
7218 char buf[512];
7219 struct mgmt_ev_device_found *ev = (void *)buf;
7220 size_t ev_size;
7221
7222 /* Don't send events for a non-kernel initiated discovery. With
7223 * LE one exception is if we have pend_le_reports > 0 in which
7224 * case we're doing passive scanning and want these events.
7225 */
7226 if (!hci_discovery_active(hdev)) {
7227 if (link_type == ACL_LINK)
7228 return;
7229 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7230 return;
7231 }
7232
82f8b651 7233 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7234 /* We are using service discovery */
7235 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7236 scan_rsp_len))
7237 return;
7238 }
7239
7240 /* Make sure that the buffer is big enough. The 5 extra bytes
7241 * are for the potential CoD field.
7242 */
7243 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7244 return;
7245
48f86b7f
JP		 7246 memset(buf, 0, sizeof(buf));
7247
7248 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7249 * RSSI value was reported as 0 when not available. This behavior
7250 * is kept when using device discovery. This is required for full
7251 * backwards compatibility with the API.
7252 *
7253 * However when using service discovery, the value 127 will be
7254 * returned when the RSSI is not available.
7255 */
7256 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7257 link_type == ACL_LINK)
7258 rssi = 0;
7259
7260 bacpy(&ev->addr.bdaddr, bdaddr);
7261 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7262 ev->rssi = rssi;
7263 ev->flags = cpu_to_le32(flags);
7264
7265 if (eir_len > 0)
7266 /* Copy EIR or advertising data into event */
7267 memcpy(ev->eir, eir, eir_len);
7268
0d3b7f64
JH		 7269 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7270 NULL))
48f86b7f
JP		 7271 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7272 dev_class, 3);
7273
7274 if (scan_rsp_len > 0)
7275 /* Append scan response data to event */
7276 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7277
5d2e9fad
JH		 7278 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7279 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7280
901801b9 7281 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7282}
a88a9652 7283
9cf12aee
MH		 7284void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7285 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7286{
b644ba33
JH		 7287 struct mgmt_ev_device_found *ev;
7288 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7289 u16 eir_len;
a88a9652 7290
b644ba33 7291 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7292
b644ba33
JH		 7293 memset(buf, 0, sizeof(buf));
7294
7295 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7296 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7297 ev->rssi = rssi;
7298
7299 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7300 name_len);
b644ba33 7301
eb55ef07 7302 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7303
9cf12aee 7304 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7305}
314b2381 7306
2f1e063b 7307void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7308{
f963e8e9 7309 struct mgmt_ev_discovering ev;
164a6e78 7310
343fb145
AG		 7311 BT_DBG("%s discovering %u", hdev->name, discovering);
7312
f963e8e9
JH		 7313 memset(&ev, 0, sizeof(ev));
7314 ev.type = hdev->discovery.type;
7315 ev.discovering = discovering;
7316
2f1e063b 7317 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7318}
5e762444 7319
6d785aa3
JH		 7320static struct hci_mgmt_chan chan = {
7321 .channel = HCI_CHANNEL_CONTROL,
7322 .handler_count = ARRAY_SIZE(mgmt_handlers),
7323 .handlers = mgmt_handlers,
88b94ce9 7324 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 7325};
7326
7327int mgmt_init(void)
7328{
7329 return hci_mgmt_chan_register(&chan);
7330}
7331
7332void mgmt_exit(void)
7333{
7334 hci_mgmt_chan_unregister(&chan);
7335}
Linux kernel - Deliverables
This page took 0.949498 seconds and 5 git commands to generate.