projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Update smp_confirm to return a response code
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
b75cf9cd 38#define MGMT_REVISION 6
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
e70bb2e8
JH		 88};
89
90static const u16 mgmt_events[] = {
91 MGMT_EV_CONTROLLER_ERROR,
92 MGMT_EV_INDEX_ADDED,
93 MGMT_EV_INDEX_REMOVED,
94 MGMT_EV_NEW_SETTINGS,
95 MGMT_EV_CLASS_OF_DEV_CHANGED,
96 MGMT_EV_LOCAL_NAME_CHANGED,
97 MGMT_EV_NEW_LINK_KEY,
98 MGMT_EV_NEW_LONG_TERM_KEY,
99 MGMT_EV_DEVICE_CONNECTED,
100 MGMT_EV_DEVICE_DISCONNECTED,
101 MGMT_EV_CONNECT_FAILED,
102 MGMT_EV_PIN_CODE_REQUEST,
103 MGMT_EV_USER_CONFIRM_REQUEST,
104 MGMT_EV_USER_PASSKEY_REQUEST,
105 MGMT_EV_AUTH_FAILED,
106 MGMT_EV_DEVICE_FOUND,
107 MGMT_EV_DISCOVERING,
108 MGMT_EV_DEVICE_BLOCKED,
109 MGMT_EV_DEVICE_UNBLOCKED,
110 MGMT_EV_DEVICE_UNPAIRED,
92a25256 111 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 112 MGMT_EV_NEW_IRK,
7ee4ea36 113 MGMT_EV_NEW_CSRK,
e70bb2e8
JH		 114};
115
17b02e62 116#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 117
4b34ee78
JH		 118#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
119 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
120
eec8d2bc
JH		 121struct pending_cmd {
122 struct list_head list;
fc2f4b13 123 u16 opcode;
eec8d2bc 124 int index;
c68fb7ff 125 void *param;
eec8d2bc 126 struct sock *sk;
e9a416b5 127 void *user_data;
eec8d2bc
JH		 128};
129
ca69b795
JH		 130/* HCI to MGMT error code conversion table */
131static u8 mgmt_status_table[] = {
132 MGMT_STATUS_SUCCESS,
133 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
134 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
135 MGMT_STATUS_FAILED, /* Hardware Failure */
136 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
137 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 138 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 139 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
140 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
141 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
142 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
143 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
144 MGMT_STATUS_BUSY, /* Command Disallowed */
145 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
146 MGMT_STATUS_REJECTED, /* Rejected Security */
147 MGMT_STATUS_REJECTED, /* Rejected Personal */
148 MGMT_STATUS_TIMEOUT, /* Host Timeout */
149 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
150 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
151 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
152 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
153 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
154 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
155 MGMT_STATUS_BUSY, /* Repeated Attempts */
156 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
157 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
158 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
159 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
160 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
161 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
162 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
163 MGMT_STATUS_FAILED, /* Unspecified Error */
164 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
165 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
166 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
167 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
168 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
169 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
170 MGMT_STATUS_FAILED, /* Unit Link Key Used */
171 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
172 MGMT_STATUS_TIMEOUT, /* Instant Passed */
173 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
174 MGMT_STATUS_FAILED, /* Transaction Collision */
175 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
176 MGMT_STATUS_REJECTED, /* QoS Rejected */
177 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
178 MGMT_STATUS_REJECTED, /* Insufficient Security */
179 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
180 MGMT_STATUS_BUSY, /* Role Switch Pending */
181 MGMT_STATUS_FAILED, /* Slot Violation */
182 MGMT_STATUS_FAILED, /* Role Switch Failed */
183 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
184 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
185 MGMT_STATUS_BUSY, /* Host Busy Pairing */
186 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
187 MGMT_STATUS_BUSY, /* Controller Busy */
188 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
189 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
190 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
191 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
192 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
193};
194
195static u8 mgmt_status(u8 hci_status)
196{
197 if (hci_status < ARRAY_SIZE(mgmt_status_table))
198 return mgmt_status_table[hci_status];
199
200 return MGMT_STATUS_FAILED;
201}
202
4e51eae9 203static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 204{
205 struct sk_buff *skb;
206 struct mgmt_hdr *hdr;
207 struct mgmt_ev_cmd_status *ev;
56b7d137 208 int err;
f7b64e69 209
34eb525c 210 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 211
790eff44 212 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 213 if (!skb)
214 return -ENOMEM;
215
216 hdr = (void *) skb_put(skb, sizeof(*hdr));
217
dcf4adbf 218 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 219 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 220 hdr->len = cpu_to_le16(sizeof(*ev));
221
222 ev = (void *) skb_put(skb, sizeof(*ev));
223 ev->status = status;
eb55ef07 224 ev->opcode = cpu_to_le16(cmd);
f7b64e69 225
56b7d137
GP		 226 err = sock_queue_rcv_skb(sk, skb);
227 if (err < 0)
f7b64e69
JH		 228 kfree_skb(skb);
229
56b7d137 230 return err;
f7b64e69
JH		 231}
232
aee9b218 233static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 234 void *rp, size_t rp_len)
02d98129
JH		 235{
236 struct sk_buff *skb;
237 struct mgmt_hdr *hdr;
238 struct mgmt_ev_cmd_complete *ev;
56b7d137 239 int err;
02d98129
JH		 240
241 BT_DBG("sock %p", sk);
242
790eff44 243 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 244 if (!skb)
245 return -ENOMEM;
246
247 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 248
dcf4adbf 249 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 250 hdr->index = cpu_to_le16(index);
a38528f1 251 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 252
a38528f1 253 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 254 ev->opcode = cpu_to_le16(cmd);
aee9b218 255 ev->status = status;
8020c16a
SJ		 256
257 if (rp)
258 memcpy(ev->data, rp, rp_len);
02d98129 259
56b7d137
GP		 260 err = sock_queue_rcv_skb(sk, skb);
261 if (err < 0)
02d98129
JH		 262 kfree_skb(skb);
263
e5f0e151 264 return err;
02d98129
JH		 265}
266
04124681
GP		 267static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
268 u16 data_len)
a38528f1
JH		 269{
270 struct mgmt_rp_read_version rp;
271
272 BT_DBG("sock %p", sk);
273
274 rp.version = MGMT_VERSION;
dcf4adbf 275 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 276
aee9b218 277 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 278 sizeof(rp));
a38528f1
JH		 279}
280
04124681
GP		 281static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
282 u16 data_len)
e70bb2e8
JH		 283{
284 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 285 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
286 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 287 __le16 *opcode;
e70bb2e8
JH		 288 size_t rp_size;
289 int i, err;
290
291 BT_DBG("sock %p", sk);
292
293 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
294
295 rp = kmalloc(rp_size, GFP_KERNEL);
296 if (!rp)
297 return -ENOMEM;
298
dcf4adbf
JP		 299 rp->num_commands = cpu_to_le16(num_commands);
300 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 301
302 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
303 put_unaligned_le16(mgmt_commands[i], opcode);
304
305 for (i = 0; i < num_events; i++, opcode++)
306 put_unaligned_le16(mgmt_events[i], opcode);
307
aee9b218 308 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 309 rp_size);
e70bb2e8
JH		 310 kfree(rp);
311
312 return err;
313}
314
04124681
GP		 315static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
316 u16 data_len)
faba42eb 317{
faba42eb 318 struct mgmt_rp_read_index_list *rp;
8035ded4 319 struct hci_dev *d;
a38528f1 320 size_t rp_len;
faba42eb 321 u16 count;
476e44cb 322 int err;
faba42eb
JH		 323
324 BT_DBG("sock %p", sk);
325
326 read_lock(&hci_dev_list_lock);
327
328 count = 0;
bb4b2a9a 329 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 330 if (d->dev_type == HCI_BREDR)
331 count++;
faba42eb
JH		 332 }
333
a38528f1
JH		 334 rp_len = sizeof(*rp) + (2 * count);
335 rp = kmalloc(rp_len, GFP_ATOMIC);
336 if (!rp) {
b2c60d42 337 read_unlock(&hci_dev_list_lock);
faba42eb 338 return -ENOMEM;
b2c60d42 339 }
faba42eb 340
476e44cb 341 count = 0;
8035ded4 342 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 343 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 344 continue;
345
0736cfa8
MH		 346 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
347 continue;
348
1514b892
MH		 349 if (d->dev_type == HCI_BREDR) {
350 rp->index[count++] = cpu_to_le16(d->id);
351 BT_DBG("Added hci%u", d->id);
352 }
faba42eb
JH		 353 }
354
476e44cb
JH		 355 rp->num_controllers = cpu_to_le16(count);
356 rp_len = sizeof(*rp) + (2 * count);
357
faba42eb
JH		 358 read_unlock(&hci_dev_list_lock);
359
aee9b218 360 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 361 rp_len);
faba42eb 362
a38528f1
JH		 363 kfree(rp);
364
365 return err;
faba42eb
JH		 366}
367
69ab39ea
JH		 368static u32 get_supported_settings(struct hci_dev *hdev)
369{
370 u32 settings = 0;
371
372 settings |= MGMT_SETTING_POWERED;
69ab39ea 373 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 374 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 375
ed3fa31f 376 if (lmp_bredr_capable(hdev)) {
33c525c0 377 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 378 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
379 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 380 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 381 settings |= MGMT_SETTING_BREDR;
382 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 383
384 if (lmp_ssp_capable(hdev)) {
385 settings |= MGMT_SETTING_SSP;
386 settings |= MGMT_SETTING_HS;
387 }
e98d2ce2 388
5afeac14
MH		 389 if (lmp_sc_capable(hdev) ||
390 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
e98d2ce2 391 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 392 }
d7b7e796 393
eeca6f89 394 if (lmp_le_capable(hdev)) {
9d42820f 395 settings |= MGMT_SETTING_LE;
eeca6f89 396 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 397 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 398 }
69ab39ea
JH		 399
400 return settings;
401}
402
403static u32 get_current_settings(struct hci_dev *hdev)
404{
405 u32 settings = 0;
406
f1f0eb02 407 if (hdev_is_powered(hdev))
f0d4b78a
MH		 408 settings |= MGMT_SETTING_POWERED;
409
5e5282bb 410 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 411 settings |= MGMT_SETTING_CONNECTABLE;
412
1a4d3c4b
JH		 413 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
414 settings |= MGMT_SETTING_FAST_CONNECTABLE;
415
5e5282bb 416 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_DISCOVERABLE;
418
a8b2d5c2 419 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_PAIRABLE;
421
56f87901 422 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 423 settings |= MGMT_SETTING_BREDR;
424
06199cf8 425 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 426 settings |= MGMT_SETTING_LE;
427
47990ea0 428 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 429 settings |= MGMT_SETTING_LINK_SECURITY;
430
84bde9d6 431 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 432 settings |= MGMT_SETTING_SSP;
433
6d80dfd0
JH		 434 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
435 settings |= MGMT_SETTING_HS;
436
f3d3444a 437 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 438 settings |= MGMT_SETTING_ADVERTISING;
439
e98d2ce2
MH		 440 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
441 settings |= MGMT_SETTING_SECURE_CONN;
442
b1de97d8
MH		 443 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
444 settings |= MGMT_SETTING_DEBUG_KEYS;
445
0f4bd942
JH		 446 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
447 settings |= MGMT_SETTING_PRIVACY;
448
69ab39ea
JH		 449 return settings;
450}
451
ef580372
JH		 452#define PNP_INFO_SVCLASS_ID 0x1200
453
213202ed
JH		 454static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
455{
456 u8 *ptr = data, *uuids_start = NULL;
457 struct bt_uuid *uuid;
458
459 if (len < 4)
460 return ptr;
461
462 list_for_each_entry(uuid, &hdev->uuids, list) {
463 u16 uuid16;
464
465 if (uuid->size != 16)
466 continue;
467
468 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
469 if (uuid16 < 0x1100)
470 continue;
471
472 if (uuid16 == PNP_INFO_SVCLASS_ID)
473 continue;
474
475 if (!uuids_start) {
476 uuids_start = ptr;
477 uuids_start[0] = 1;
478 uuids_start[1] = EIR_UUID16_ALL;
479 ptr += 2;
480 }
481
482 /* Stop if not enough space to put next UUID */
483 if ((ptr - data) + sizeof(u16) > len) {
484 uuids_start[1] = EIR_UUID16_SOME;
485 break;
486 }
487
488 *ptr++ = (uuid16 & 0x00ff);
489 *ptr++ = (uuid16 & 0xff00) >> 8;
490 uuids_start[0] += sizeof(uuid16);
491 }
492
493 return ptr;
494}
495
cdf1963f
JH		 496static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
497{
498 u8 *ptr = data, *uuids_start = NULL;
499 struct bt_uuid *uuid;
500
501 if (len < 6)
502 return ptr;
503
504 list_for_each_entry(uuid, &hdev->uuids, list) {
505 if (uuid->size != 32)
506 continue;
507
508 if (!uuids_start) {
509 uuids_start = ptr;
510 uuids_start[0] = 1;
511 uuids_start[1] = EIR_UUID32_ALL;
512 ptr += 2;
513 }
514
515 /* Stop if not enough space to put next UUID */
516 if ((ptr - data) + sizeof(u32) > len) {
517 uuids_start[1] = EIR_UUID32_SOME;
518 break;
519 }
520
521 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
522 ptr += sizeof(u32);
523 uuids_start[0] += sizeof(u32);
524 }
525
526 return ptr;
527}
528
c00d575b
JH		 529static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
530{
531 u8 *ptr = data, *uuids_start = NULL;
532 struct bt_uuid *uuid;
533
534 if (len < 18)
535 return ptr;
536
537 list_for_each_entry(uuid, &hdev->uuids, list) {
538 if (uuid->size != 128)
539 continue;
540
541 if (!uuids_start) {
542 uuids_start = ptr;
543 uuids_start[0] = 1;
544 uuids_start[1] = EIR_UUID128_ALL;
545 ptr += 2;
546 }
547
548 /* Stop if not enough space to put next UUID */
549 if ((ptr - data) + 16 > len) {
550 uuids_start[1] = EIR_UUID128_SOME;
551 break;
552 }
553
554 memcpy(ptr, uuid->uuid, 16);
555 ptr += 16;
556 uuids_start[0] += 16;
557 }
558
559 return ptr;
560}
561
eb2a8d20
JH		 562static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
563{
564 struct pending_cmd *cmd;
565
566 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
567 if (cmd->opcode == opcode)
568 return cmd;
569 }
570
571 return NULL;
572}
573
f14d8f64
MH		 574static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
575{
7a5f4990
MH		 576 u8 ad_len = 0;
577 size_t name_len;
578
579 name_len = strlen(hdev->dev_name);
580 if (name_len > 0) {
581 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
582
583 if (name_len > max_len) {
584 name_len = max_len;
585 ptr[1] = EIR_NAME_SHORT;
586 } else
587 ptr[1] = EIR_NAME_COMPLETE;
588
589 ptr[0] = name_len + 1;
590
591 memcpy(ptr + 2, hdev->dev_name, name_len);
592
593 ad_len += (name_len + 2);
594 ptr += (name_len + 2);
595 }
596
597 return ad_len;
f14d8f64
MH		 598}
599
600static void update_scan_rsp_data(struct hci_request *req)
601{
602 struct hci_dev *hdev = req->hdev;
603 struct hci_cp_le_set_scan_rsp_data cp;
604 u8 len;
605
7751ef1b 606 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 607 return;
608
609 memset(&cp, 0, sizeof(cp));
610
611 len = create_scan_rsp_data(hdev, cp.data);
612
eb438b5f
JH		 613 if (hdev->scan_rsp_data_len == len &&
614 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 615 return;
616
eb438b5f
JH		 617 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
618 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 619
620 cp.length = len;
621
622 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
623}
624
9a43e25f
JH		 625static u8 get_adv_discov_flags(struct hci_dev *hdev)
626{
627 struct pending_cmd *cmd;
628
629 /* If there's a pending mgmt command the flags will not yet have
630 * their final values, so check for this first.
631 */
632 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
633 if (cmd) {
634 struct mgmt_mode *cp = cmd->param;
635 if (cp->val == 0x01)
636 return LE_AD_GENERAL;
637 else if (cp->val == 0x02)
638 return LE_AD_LIMITED;
639 } else {
640 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
641 return LE_AD_LIMITED;
642 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
643 return LE_AD_GENERAL;
644 }
645
646 return 0;
647}
648
46cad2ed 649static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 650{
651 u8 ad_len = 0, flags = 0;
441ad2d0 652
9a43e25f 653 flags |= get_adv_discov_flags(hdev);
441ad2d0 654
e834004b 655 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 656 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 657
658 if (flags) {
659 BT_DBG("adv flags 0x%02x", flags);
660
661 ptr[0] = 2;
662 ptr[1] = EIR_FLAGS;
663 ptr[2] = flags;
664
665 ad_len += 3;
666 ptr += 3;
667 }
668
669 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
670 ptr[0] = 2;
671 ptr[1] = EIR_TX_POWER;
672 ptr[2] = (u8) hdev->adv_tx_power;
673
674 ad_len += 3;
675 ptr += 3;
676 }
677
441ad2d0
MH		 678 return ad_len;
679}
680
5947f4bc 681static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 682{
683 struct hci_dev *hdev = req->hdev;
684 struct hci_cp_le_set_adv_data cp;
685 u8 len;
686
10994ce6 687 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 688 return;
689
690 memset(&cp, 0, sizeof(cp));
691
46cad2ed 692 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 693
694 if (hdev->adv_data_len == len &&
695 memcmp(cp.data, hdev->adv_data, len) == 0)
696 return;
697
698 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
699 hdev->adv_data_len = len;
700
701 cp.length = len;
702
703 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
704}
705
ef580372
JH		 706static void create_eir(struct hci_dev *hdev, u8 *data)
707{
708 u8 *ptr = data;
ef580372
JH		 709 size_t name_len;
710
711 name_len = strlen(hdev->dev_name);
712
713 if (name_len > 0) {
714 /* EIR Data type */
715 if (name_len > 48) {
716 name_len = 48;
717 ptr[1] = EIR_NAME_SHORT;
718 } else
719 ptr[1] = EIR_NAME_COMPLETE;
720
721 /* EIR Data length */
722 ptr[0] = name_len + 1;
723
724 memcpy(ptr + 2, hdev->dev_name, name_len);
725
ef580372
JH		 726 ptr += (name_len + 2);
727 }
728
bbaf444a 729 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 730 ptr[0] = 2;
731 ptr[1] = EIR_TX_POWER;
732 ptr[2] = (u8) hdev->inq_tx_power;
733
91c4e9b1
MH		 734 ptr += 3;
735 }
736
2b9be137
MH		 737 if (hdev->devid_source > 0) {
738 ptr[0] = 9;
739 ptr[1] = EIR_DEVICE_ID;
740
741 put_unaligned_le16(hdev->devid_source, ptr + 2);
742 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
743 put_unaligned_le16(hdev->devid_product, ptr + 6);
744 put_unaligned_le16(hdev->devid_version, ptr + 8);
745
2b9be137
MH		 746 ptr += 10;
747 }
748
213202ed 749 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 750 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 751 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 752}
753
890ea898 754static void update_eir(struct hci_request *req)
ef580372 755{
890ea898 756 struct hci_dev *hdev = req->hdev;
ef580372
JH		 757 struct hci_cp_write_eir cp;
758
504c8dcd 759 if (!hdev_is_powered(hdev))
890ea898 760 return;
7770c4aa 761
976eb20e 762 if (!lmp_ext_inq_capable(hdev))
890ea898 763 return;
ef580372 764
84bde9d6 765 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 766 return;
ef580372 767
a8b2d5c2 768 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 769 return;
ef580372
JH		 770
771 memset(&cp, 0, sizeof(cp));
772
773 create_eir(hdev, cp.data);
774
775 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 776 return;
ef580372
JH		 777
778 memcpy(hdev->eir, cp.data, sizeof(cp.data));
779
890ea898 780 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 781}
782
783static u8 get_service_classes(struct hci_dev *hdev)
784{
785 struct bt_uuid *uuid;
786 u8 val = 0;
787
788 list_for_each_entry(uuid, &hdev->uuids, list)
789 val |= uuid->svc_hint;
790
791 return val;
792}
793
890ea898 794static void update_class(struct hci_request *req)
ef580372 795{
890ea898 796 struct hci_dev *hdev = req->hdev;
ef580372
JH		 797 u8 cod[3];
798
799 BT_DBG("%s", hdev->name);
800
504c8dcd 801 if (!hdev_is_powered(hdev))
890ea898 802 return;
7770c4aa 803
f87ea1da
JH		 804 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
805 return;
806
a8b2d5c2 807 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 808 return;
ef580372
JH		 809
810 cod[0] = hdev->minor_class;
811 cod[1] = hdev->major_class;
812 cod[2] = get_service_classes(hdev);
813
6acd7db4
MH		 814 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
815 cod[1] |= 0x20;
816
ef580372 817 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 818 return;
ef580372 819
890ea898 820 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 821}
822
a4858cb9 823static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 824{
825 struct pending_cmd *cmd;
199a2fb1
JH		 826
827 /* If there's a pending mgmt command the flag will not yet have
828 * it's final value, so check for this first.
829 */
830 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
831 if (cmd) {
832 struct mgmt_mode *cp = cmd->param;
a4858cb9 833 return cp->val;
199a2fb1
JH		 834 }
835
a4858cb9 836 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 837}
838
839static void enable_advertising(struct hci_request *req)
840{
841 struct hci_dev *hdev = req->hdev;
842 struct hci_cp_le_set_adv_param cp;
8f2a0601 843 u8 own_addr_type, enable = 0x01;
a4858cb9 844 bool connectable;
199a2fb1 845
8d97250e
JH		 846 /* Clear the HCI_ADVERTISING bit temporarily so that the
847 * hci_update_random_address knows that it's safe to go ahead
848 * and write a new random address. The flag will be set back on
849 * as soon as the SET_ADV_ENABLE HCI command completes.
850 */
851 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
852
a4858cb9 853 connectable = get_connectable(hdev);
8f2a0601 854
a4858cb9
JH		 855 /* Set require_privacy to true only when non-connectable
856 * advertising is used. In that case it is fine to use a
857 * non-resolvable private address.
858 */
859 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 860 return;
861
41c90c18 862 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 863 cp.min_interval = cpu_to_le16(0x0800);
864 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 865 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 866 cp.own_address_type = own_addr_type;
199a2fb1
JH		 867 cp.channel_map = hdev->le_adv_channel_map;
868
869 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
870
871 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
872}
873
874static void disable_advertising(struct hci_request *req)
875{
876 u8 enable = 0x00;
877
878 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
879}
880
7d78525d
JH		 881static void service_cache_off(struct work_struct *work)
882{
883 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 884 service_cache.work);
890ea898 885 struct hci_request req;
7d78525d 886
a8b2d5c2 887 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 888 return;
889
890ea898
JH		 890 hci_req_init(&req, hdev);
891
7d78525d
JH		 892 hci_dev_lock(hdev);
893
890ea898
JH		 894 update_eir(&req);
895 update_class(&req);
7d78525d
JH		 896
897 hci_dev_unlock(hdev);
890ea898
JH		 898
899 hci_req_run(&req, NULL);
7d78525d
JH		 900}
901
d6bfd59c
JH		 902static void rpa_expired(struct work_struct *work)
903{
904 struct hci_dev *hdev = container_of(work, struct hci_dev,
905 rpa_expired.work);
906 struct hci_request req;
907
908 BT_DBG("");
909
910 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
911
912 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
913 hci_conn_num(hdev, LE_LINK) > 0)
914 return;
915
916 /* The generation of a new RPA and programming it into the
917 * controller happens in the enable_advertising() function.
918 */
919
920 hci_req_init(&req, hdev);
921
922 disable_advertising(&req);
923 enable_advertising(&req);
924
925 hci_req_run(&req, NULL);
926}
927
6a919082 928static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 929{
4f87da80 930 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 931 return;
932
4f87da80 933 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 934 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 935
4f87da80
JH		 936 /* Non-mgmt controlled devices get this bit set
937 * implicitly so that pairing works for them, however
938 * for mgmt we require user-space to explicitly enable
939 * it
940 */
941 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 942}
943
0f4e68cf 944static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 945 void *data, u16 data_len)
0381101f 946{
a38528f1 947 struct mgmt_rp_read_info rp;
f7b64e69 948
bdb6d971 949 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 950
09fd0de5 951 hci_dev_lock(hdev);
f7b64e69 952
dc4fe30b
JH		 953 memset(&rp, 0, sizeof(rp));
954
69ab39ea 955 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 956
69ab39ea 957 rp.version = hdev->hci_ver;
eb55ef07 958 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 959
960 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
961 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 962
a38528f1 963 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 964
dc4fe30b 965 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 966 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 967
09fd0de5 968 hci_dev_unlock(hdev);
0381101f 969
bdb6d971 970 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 971 sizeof(rp));
0381101f
JH		 972}
973
eec8d2bc
JH		 974static void mgmt_pending_free(struct pending_cmd *cmd)
975{
976 sock_put(cmd->sk);
c68fb7ff 977 kfree(cmd->param);
eec8d2bc
JH		 978 kfree(cmd);
979}
980
366a0336 981static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 982 struct hci_dev *hdev, void *data,
983 u16 len)
eec8d2bc
JH		 984{
985 struct pending_cmd *cmd;
986
12b94565 987 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 988 if (!cmd)
366a0336 989 return NULL;
eec8d2bc
JH		 990
991 cmd->opcode = opcode;
2e58ef3e 992 cmd->index = hdev->id;
eec8d2bc 993
12b94565 994 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 995 if (!cmd->param) {
eec8d2bc 996 kfree(cmd);
366a0336 997 return NULL;
eec8d2bc
JH		 998 }
999
8fce6357
SJ		 1000 if (data)
1001 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1002
1003 cmd->sk = sk;
1004 sock_hold(sk);
1005
2e58ef3e 1006 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1007
366a0336 1008 return cmd;
eec8d2bc
JH		 1009}
1010
744cf19e 1011static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1012 void (*cb)(struct pending_cmd *cmd,
1013 void *data),
04124681 1014 void *data)
eec8d2bc 1015{
a3d09356 1016 struct pending_cmd *cmd, *tmp;
eec8d2bc 1017
a3d09356 1018 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1019 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1020 continue;
1021
eec8d2bc
JH		 1022 cb(cmd, data);
1023 }
1024}
1025
a664b5bc 1026static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1027{
73f22f62
JH		 1028 list_del(&cmd->list);
1029 mgmt_pending_free(cmd);
1030}
1031
69ab39ea 1032static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1033{
69ab39ea 1034 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1035
aee9b218 1036 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1037 sizeof(settings));
8680570b
JH		 1038}
1039
8b064a3a
JH		 1040static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1041{
1042 BT_DBG("%s status 0x%02x", hdev->name, status);
1043
a3172b7e
JH		 1044 if (hci_conn_count(hdev) == 0) {
1045 cancel_delayed_work(&hdev->power_off);
8b064a3a 1046 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1047 }
8b064a3a
JH		 1048}
1049
1050static int clean_up_hci_state(struct hci_dev *hdev)
1051{
1052 struct hci_request req;
1053 struct hci_conn *conn;
1054
1055 hci_req_init(&req, hdev);
1056
1057 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1058 test_bit(HCI_PSCAN, &hdev->flags)) {
1059 u8 scan = 0x00;
1060 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1061 }
1062
1063 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1064 disable_advertising(&req);
1065
1066 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
b1efcc28 1067 hci_req_add_le_scan_disable(&req);
8b064a3a
JH		 1068 }
1069
1070 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1071 struct hci_cp_disconnect dc;
c9910d0f
JH		 1072 struct hci_cp_reject_conn_req rej;
1073
1074 switch (conn->state) {
1075 case BT_CONNECTED:
1076 case BT_CONFIG:
1077 dc.handle = cpu_to_le16(conn->handle);
1078 dc.reason = 0x15; /* Terminated due to Power Off */
1079 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1080 break;
1081 case BT_CONNECT:
1082 if (conn->type == LE_LINK)
1083 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1084 0, NULL);
1085 else if (conn->type == ACL_LINK)
1086 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1087 6, &conn->dst);
1088 break;
1089 case BT_CONNECT2:
1090 bacpy(&rej.bdaddr, &conn->dst);
1091 rej.reason = 0x15; /* Terminated due to Power Off */
1092 if (conn->type == ACL_LINK)
1093 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1094 sizeof(rej), &rej);
1095 else if (conn->type == SCO_LINK)
1096 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1097 sizeof(rej), &rej);
1098 break;
1099 }
8b064a3a
JH		 1100 }
1101
1102 return hci_req_run(&req, clean_up_hci_complete);
1103}
1104
bdb6d971 1105static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1106 u16 len)
eec8d2bc 1107{
650f726d 1108 struct mgmt_mode *cp = data;
366a0336 1109 struct pending_cmd *cmd;
4b34ee78 1110 int err;
eec8d2bc 1111
bdb6d971 1112 BT_DBG("request for %s", hdev->name);
eec8d2bc 1113
a7e80f25
JH		 1114 if (cp->val != 0x00 && cp->val != 0x01)
1115 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1116 MGMT_STATUS_INVALID_PARAMS);
1117
09fd0de5 1118 hci_dev_lock(hdev);
eec8d2bc 1119
87b95ba6
JH		 1120 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1121 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1122 MGMT_STATUS_BUSY);
1123 goto failed;
1124 }
1125
f0d4b78a
MH		 1126 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1127 cancel_delayed_work(&hdev->power_off);
1128
1129 if (cp->val) {
a1d70450
JH		 1130 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1131 data, len);
1132 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1133 goto failed;
1134 }
1135 }
1136
4b34ee78 1137 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1138 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1139 goto failed;
1140 }
1141
2e58ef3e 1142 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1143 if (!cmd) {
1144 err = -ENOMEM;
eec8d2bc 1145 goto failed;
366a0336 1146 }
eec8d2bc 1147
8b064a3a 1148 if (cp->val) {
19202573 1149 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1150 err = 0;
1151 } else {
1152 /* Disconnect connections, stop scans, etc */
1153 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1154 if (!err)
1155 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1156 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1157
8b064a3a
JH		 1158 /* ENODATA means there were no HCI commands queued */
1159 if (err == -ENODATA) {
a3172b7e 1160 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1161 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1162 err = 0;
1163 }
1164 }
eec8d2bc
JH		 1165
1166failed:
09fd0de5 1167 hci_dev_unlock(hdev);
366a0336 1168 return err;
eec8d2bc
JH		 1169}
1170
04124681
GP		 1171static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1172 struct sock *skip_sk)
beadb2bd
JH		 1173{
1174 struct sk_buff *skb;
1175 struct mgmt_hdr *hdr;
1176
790eff44 1177 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1178 if (!skb)
1179 return -ENOMEM;
1180
1181 hdr = (void *) skb_put(skb, sizeof(*hdr));
1182 hdr->opcode = cpu_to_le16(event);
1183 if (hdev)
1184 hdr->index = cpu_to_le16(hdev->id);
1185 else
dcf4adbf 1186 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1187 hdr->len = cpu_to_le16(data_len);
1188
1189 if (data)
1190 memcpy(skb_put(skb, data_len), data, data_len);
1191
97e0bdeb
MH		 1192 /* Time stamp */
1193 __net_timestamp(skb);
1194
beadb2bd
JH		 1195 hci_send_to_control(skb, skip_sk);
1196 kfree_skb(skb);
1197
1198 return 0;
1199}
1200
1201static int new_settings(struct hci_dev *hdev, struct sock *skip)
1202{
1203 __le32 ev;
1204
1205 ev = cpu_to_le32(get_current_settings(hdev));
1206
1207 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1208}
1209
bd99abdd
JH		 1210struct cmd_lookup {
1211 struct sock *sk;
1212 struct hci_dev *hdev;
1213 u8 mgmt_status;
1214};
1215
1216static void settings_rsp(struct pending_cmd *cmd, void *data)
1217{
1218 struct cmd_lookup *match = data;
1219
1220 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1221
1222 list_del(&cmd->list);
1223
1224 if (match->sk == NULL) {
1225 match->sk = cmd->sk;
1226 sock_hold(match->sk);
1227 }
1228
1229 mgmt_pending_free(cmd);
1230}
1231
1232static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1233{
1234 u8 *status = data;
1235
1236 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1237 mgmt_pending_remove(cmd);
1238}
1239
e6fe7986
JH		 1240static u8 mgmt_bredr_support(struct hci_dev *hdev)
1241{
1242 if (!lmp_bredr_capable(hdev))
1243 return MGMT_STATUS_NOT_SUPPORTED;
1244 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1245 return MGMT_STATUS_REJECTED;
1246 else
1247 return MGMT_STATUS_SUCCESS;
1248}
1249
1250static u8 mgmt_le_support(struct hci_dev *hdev)
1251{
1252 if (!lmp_le_capable(hdev))
1253 return MGMT_STATUS_NOT_SUPPORTED;
1254 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1255 return MGMT_STATUS_REJECTED;
1256 else
1257 return MGMT_STATUS_SUCCESS;
1258}
1259
bfaf8c9f
JH		 1260static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1261{
1262 struct pending_cmd *cmd;
1263 struct mgmt_mode *cp;
970ba524 1264 struct hci_request req;
bfaf8c9f
JH		 1265 bool changed;
1266
1267 BT_DBG("status 0x%02x", status);
1268
1269 hci_dev_lock(hdev);
1270
1271 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1272 if (!cmd)
1273 goto unlock;
1274
1275 if (status) {
1276 u8 mgmt_err = mgmt_status(status);
1277 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1278 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1279 goto remove_cmd;
1280 }
1281
1282 cp = cmd->param;
d4462a07 1283 if (cp->val) {
bfaf8c9f
JH		 1284 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1285 &hdev->dev_flags);
d4462a07
MH		 1286
1287 if (hdev->discov_timeout > 0) {
1288 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1289 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1290 to);
1291 }
1292 } else {
bfaf8c9f
JH		 1293 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1294 &hdev->dev_flags);
d4462a07 1295 }
bfaf8c9f
JH		 1296
1297 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1298
1299 if (changed)
1300 new_settings(hdev, cmd->sk);
1301
970ba524
MH		 1302 /* When the discoverable mode gets changed, make sure
1303 * that class of device has the limited discoverable
1304 * bit correctly set.
1305 */
1306 hci_req_init(&req, hdev);
1307 update_class(&req);
1308 hci_req_run(&req, NULL);
1309
bfaf8c9f
JH		 1310remove_cmd:
1311 mgmt_pending_remove(cmd);
1312
1313unlock:
1314 hci_dev_unlock(hdev);
1315}
1316
bdb6d971 1317static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1318 u16 len)
73f22f62 1319{
650f726d 1320 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1321 struct pending_cmd *cmd;
bfaf8c9f 1322 struct hci_request req;
5e5282bb 1323 u16 timeout;
9a43e25f 1324 u8 scan;
73f22f62
JH		 1325 int err;
1326
bdb6d971 1327 BT_DBG("request for %s", hdev->name);
73f22f62 1328
9a43e25f
JH		 1329 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1330 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1331 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1332 MGMT_STATUS_REJECTED);
33c525c0 1333
310a3d48 1334 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1335 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1336 MGMT_STATUS_INVALID_PARAMS);
1337
1f350c87 1338 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1339
1340 /* Disabling discoverable requires that no timeout is set,
1341 * and enabling limited discoverable requires a timeout.
1342 */
1343 if ((cp->val == 0x00 && timeout > 0) ||
1344 (cp->val == 0x02 && timeout == 0))
bdb6d971 1345 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1346 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1347
09fd0de5 1348 hci_dev_lock(hdev);
73f22f62 1349
5e5282bb 1350 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1351 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1352 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1353 goto failed;
1354 }
1355
2e58ef3e 1356 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1357 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1358 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1359 MGMT_STATUS_BUSY);
73f22f62
JH		 1360 goto failed;
1361 }
1362
5e5282bb 1363 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1364 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1365 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1366 goto failed;
1367 }
1368
1369 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1370 bool changed = false;
1371
310a3d48
MH		 1372 /* Setting limited discoverable when powered off is
1373 * not a valid operation since it requires a timeout
1374 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1375 */
0224d2fa
JH		 1376 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1377 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1378 changed = true;
1379 }
1380
5e5282bb 1381 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1382 if (err < 0)
1383 goto failed;
1384
1385 if (changed)
1386 err = new_settings(hdev, sk);
1387
5e5282bb
JH		 1388 goto failed;
1389 }
1390
310a3d48
MH		 1391 /* If the current mode is the same, then just update the timeout
1392 * value with the new value. And if only the timeout gets updated,
1393 * then no need for any HCI transactions.
1394 */
1395 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1396 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1397 &hdev->dev_flags)) {
36261547
MH		 1398 cancel_delayed_work(&hdev->discov_off);
1399 hdev->discov_timeout = timeout;
955638ec 1400
36261547
MH		 1401 if (cp->val && hdev->discov_timeout > 0) {
1402 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1403 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1404 to);
955638ec
MH		 1405 }
1406
69ab39ea 1407 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1408 goto failed;
1409 }
1410
2e58ef3e 1411 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1412 if (!cmd) {
1413 err = -ENOMEM;
73f22f62 1414 goto failed;
366a0336 1415 }
73f22f62 1416
310a3d48
MH		 1417 /* Cancel any potential discoverable timeout that might be
1418 * still active and store new timeout value. The arming of
1419 * the timeout happens in the complete handler.
1420 */
1421 cancel_delayed_work(&hdev->discov_off);
1422 hdev->discov_timeout = timeout;
1423
b456f87c
JH		 1424 /* Limited discoverable mode */
1425 if (cp->val == 0x02)
1426 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1427 else
1428 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1429
bfaf8c9f
JH		 1430 hci_req_init(&req, hdev);
1431
9a43e25f
JH		 1432 /* The procedure for LE-only controllers is much simpler - just
1433 * update the advertising data.
1434 */
1435 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1436 goto update_ad;
1437
73f22f62
JH		 1438 scan = SCAN_PAGE;
1439
310a3d48
MH		 1440 if (cp->val) {
1441 struct hci_cp_write_current_iac_lap hci_cp;
1442
1443 if (cp->val == 0x02) {
1444 /* Limited discoverable mode */
33337dcb 1445 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1446 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1447 hci_cp.iac_lap[1] = 0x8b;
1448 hci_cp.iac_lap[2] = 0x9e;
1449 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1450 hci_cp.iac_lap[4] = 0x8b;
1451 hci_cp.iac_lap[5] = 0x9e;
1452 } else {
1453 /* General discoverable mode */
310a3d48
MH		 1454 hci_cp.num_iac = 1;
1455 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1456 hci_cp.iac_lap[1] = 0x8b;
1457 hci_cp.iac_lap[2] = 0x9e;
1458 }
1459
1460 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1461 (hci_cp.num_iac * 3) + 1, &hci_cp);
1462
73f22f62 1463 scan |= SCAN_INQUIRY;
310a3d48
MH		 1464 } else {
1465 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1466 }
73f22f62 1467
310a3d48 1468 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1469
9a43e25f
JH		 1470update_ad:
1471 update_adv_data(&req);
1472
bfaf8c9f 1473 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1474 if (err < 0)
a664b5bc 1475 mgmt_pending_remove(cmd);
73f22f62
JH		 1476
1477failed:
09fd0de5 1478 hci_dev_unlock(hdev);
73f22f62
JH		 1479 return err;
1480}
1481
406d7804
JH		 1482static void write_fast_connectable(struct hci_request *req, bool enable)
1483{
bd98b996 1484 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1485 struct hci_cp_write_page_scan_activity acp;
1486 u8 type;
1487
547003b1
JH		 1488 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1489 return;
1490
4c01f8b8
JH		 1491 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1492 return;
1493
406d7804
JH		 1494 if (enable) {
1495 type = PAGE_SCAN_TYPE_INTERLACED;
1496
1497 /* 160 msec page scan interval */
dcf4adbf 1498 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1499 } else {
1500 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1501
1502 /* default 1.28 sec page scan */
dcf4adbf 1503 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1504 }
1505
dcf4adbf 1506 acp.window = cpu_to_le16(0x0012);
406d7804 1507
bd98b996
JH		 1508 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1509 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1510 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1511 sizeof(acp), &acp);
1512
1513 if (hdev->page_scan_type != type)
1514 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1515}
1516
2b76f453
JH		 1517static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1518{
1519 struct pending_cmd *cmd;
d7b856f9
JH		 1520 struct mgmt_mode *cp;
1521 bool changed;
2b76f453
JH		 1522
1523 BT_DBG("status 0x%02x", status);
1524
1525 hci_dev_lock(hdev);
1526
1527 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1528 if (!cmd)
1529 goto unlock;
1530
37438c1f
JH		 1531 if (status) {
1532 u8 mgmt_err = mgmt_status(status);
1533 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1534 goto remove_cmd;
1535 }
1536
d7b856f9
JH		 1537 cp = cmd->param;
1538 if (cp->val)
1539 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1540 else
1541 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1542
2b76f453
JH		 1543 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1544
d7b856f9
JH		 1545 if (changed)
1546 new_settings(hdev, cmd->sk);
1547
37438c1f 1548remove_cmd:
2b76f453
JH		 1549 mgmt_pending_remove(cmd);
1550
1551unlock:
1552 hci_dev_unlock(hdev);
1553}
1554
e8ba3a1f
JH		 1555static int set_connectable_update_settings(struct hci_dev *hdev,
1556 struct sock *sk, u8 val)
1557{
1558 bool changed = false;
1559 int err;
1560
1561 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1562 changed = true;
1563
1564 if (val) {
1565 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1566 } else {
1567 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1568 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1569 }
1570
1571 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1572 if (err < 0)
1573 return err;
1574
1575 if (changed)
1576 return new_settings(hdev, sk);
1577
1578 return 0;
1579}
1580
bdb6d971 1581static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1582 u16 len)
9fbcbb45 1583{
650f726d 1584 struct mgmt_mode *cp = data;
366a0336 1585 struct pending_cmd *cmd;
2b76f453 1586 struct hci_request req;
1987fdc7 1587 u8 scan;
9fbcbb45
JH		 1588 int err;
1589
bdb6d971 1590 BT_DBG("request for %s", hdev->name);
9fbcbb45 1591
1987fdc7
JH		 1592 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1593 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1594 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1595 MGMT_STATUS_REJECTED);
33c525c0 1596
a7e80f25
JH		 1597 if (cp->val != 0x00 && cp->val != 0x01)
1598 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1599 MGMT_STATUS_INVALID_PARAMS);
1600
09fd0de5 1601 hci_dev_lock(hdev);
9fbcbb45 1602
4b34ee78 1603 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1604 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1605 goto failed;
1606 }
1607
2e58ef3e 1608 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1609 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1610 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1611 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1612 goto failed;
1613 }
1614
2e58ef3e 1615 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1616 if (!cmd) {
1617 err = -ENOMEM;
9fbcbb45 1618 goto failed;
366a0336 1619 }
9fbcbb45 1620
9b74246f 1621 hci_req_init(&req, hdev);
9fbcbb45 1622
9a43e25f
JH		 1623 /* If BR/EDR is not enabled and we disable advertising as a
1624 * by-product of disabling connectable, we need to update the
1625 * advertising flags.
1626 */
1627 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1628 if (!cp->val) {
1629 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1630 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1631 }
1632 update_adv_data(&req);
1633 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1634 if (cp->val) {
1635 scan = SCAN_PAGE;
1636 } else {
1637 scan = 0;
1638
1639 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1640 hdev->discov_timeout > 0)
9b74246f
JH		 1641 cancel_delayed_work(&hdev->discov_off);
1642 }
2b76f453 1643
9b74246f
JH		 1644 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1645 }
2b76f453 1646
4c01f8b8
JH		 1647 /* If we're going from non-connectable to connectable or
1648 * vice-versa when fast connectable is enabled ensure that fast
1649 * connectable gets disabled. write_fast_connectable won't do
1650 * anything if the page scan parameters are already what they
1651 * should be.
1652 */
1653 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1654 write_fast_connectable(&req, false);
1655
1987fdc7
JH		 1656 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1657 hci_conn_num(hdev, LE_LINK) == 0) {
1658 disable_advertising(&req);
1659 enable_advertising(&req);
1660 }
1661
2b76f453 1662 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1663 if (err < 0) {
a664b5bc 1664 mgmt_pending_remove(cmd);
9b74246f 1665 if (err == -ENODATA)
a81070ba
JH		 1666 err = set_connectable_update_settings(hdev, sk,
1667 cp->val);
9b74246f
JH		 1668 goto failed;
1669 }
9fbcbb45
JH		 1670
1671failed:
09fd0de5 1672 hci_dev_unlock(hdev);
9fbcbb45
JH		 1673 return err;
1674}
1675
bdb6d971 1676static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1677 u16 len)
c542a06c 1678{
650f726d 1679 struct mgmt_mode *cp = data;
55594356 1680 bool changed;
c542a06c
JH		 1681 int err;
1682
bdb6d971 1683 BT_DBG("request for %s", hdev->name);
c542a06c 1684
a7e80f25
JH		 1685 if (cp->val != 0x00 && cp->val != 0x01)
1686 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1687 MGMT_STATUS_INVALID_PARAMS);
1688
09fd0de5 1689 hci_dev_lock(hdev);
c542a06c
JH		 1690
1691 if (cp->val)
55594356 1692 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1693 else
55594356 1694 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1695
69ab39ea 1696 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1697 if (err < 0)
55594356 1698 goto unlock;
c542a06c 1699
55594356
MH		 1700 if (changed)
1701 err = new_settings(hdev, sk);
c542a06c 1702
55594356 1703unlock:
09fd0de5 1704 hci_dev_unlock(hdev);
c542a06c
JH		 1705 return err;
1706}
1707
04124681
GP		 1708static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1709 u16 len)
33ef95ed
JH		 1710{
1711 struct mgmt_mode *cp = data;
1712 struct pending_cmd *cmd;
e6fe7986 1713 u8 val, status;
33ef95ed
JH		 1714 int err;
1715
bdb6d971 1716 BT_DBG("request for %s", hdev->name);
33ef95ed 1717
e6fe7986
JH		 1718 status = mgmt_bredr_support(hdev);
1719 if (status)
33c525c0 1720 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1721 status);
33c525c0 1722
a7e80f25
JH		 1723 if (cp->val != 0x00 && cp->val != 0x01)
1724 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1725 MGMT_STATUS_INVALID_PARAMS);
1726
33ef95ed
JH		 1727 hci_dev_lock(hdev);
1728
4b34ee78 1729 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1730 bool changed = false;
1731
1732 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1733 &hdev->dev_flags)) {
47990ea0
JH		 1734 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1735 changed = true;
1736 }
1737
1738 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1739 if (err < 0)
1740 goto failed;
1741
1742 if (changed)
1743 err = new_settings(hdev, sk);
1744
33ef95ed
JH		 1745 goto failed;
1746 }
1747
1748 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1749 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1750 MGMT_STATUS_BUSY);
33ef95ed
JH		 1751 goto failed;
1752 }
1753
1754 val = !!cp->val;
1755
1756 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1757 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1758 goto failed;
1759 }
1760
1761 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1762 if (!cmd) {
1763 err = -ENOMEM;
1764 goto failed;
1765 }
1766
1767 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1768 if (err < 0) {
1769 mgmt_pending_remove(cmd);
1770 goto failed;
1771 }
1772
1773failed:
1774 hci_dev_unlock(hdev);
33ef95ed
JH		 1775 return err;
1776}
1777
bdb6d971 1778static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1779{
1780 struct mgmt_mode *cp = data;
1781 struct pending_cmd *cmd;
72ef0c1a 1782 u8 status;
ed2c4ee3
JH		 1783 int err;
1784
bdb6d971 1785 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1786
cdba5281
MH		 1787 status = mgmt_bredr_support(hdev);
1788 if (status)
1789 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1790
13ecd8b6
JH		 1791 if (!lmp_ssp_capable(hdev))
1792 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1793 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1794
a7e80f25
JH		 1795 if (cp->val != 0x00 && cp->val != 0x01)
1796 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1797 MGMT_STATUS_INVALID_PARAMS);
1798
13ecd8b6 1799 hci_dev_lock(hdev);
6c8f12c1 1800
4b34ee78 1801 if (!hdev_is_powered(hdev)) {
9ecb3e24 1802 bool changed;
c0ecddc2 1803
9ecb3e24
MH		 1804 if (cp->val) {
1805 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1806 &hdev->dev_flags);
1807 } else {
1808 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1809 &hdev->dev_flags);
1810 if (!changed)
1811 changed = test_and_clear_bit(HCI_HS_ENABLED,
1812 &hdev->dev_flags);
1813 else
1814 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1815 }
1816
1817 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1818 if (err < 0)
1819 goto failed;
1820
1821 if (changed)
1822 err = new_settings(hdev, sk);
1823
ed2c4ee3
JH		 1824 goto failed;
1825 }
1826
9ecb3e24
MH		 1827 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1828 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1829 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1830 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1831 goto failed;
1832 }
1833
72ef0c1a 1834 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1835 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1836 goto failed;
1837 }
1838
1839 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1840 if (!cmd) {
1841 err = -ENOMEM;
1842 goto failed;
1843 }
1844
72ef0c1a 1845 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1846 if (err < 0) {
1847 mgmt_pending_remove(cmd);
1848 goto failed;
1849 }
1850
1851failed:
1852 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1853 return err;
1854}
1855
bdb6d971 1856static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1857{
1858 struct mgmt_mode *cp = data;
ee392693 1859 bool changed;
e6fe7986 1860 u8 status;
ee392693 1861 int err;
6d80dfd0 1862
bdb6d971 1863 BT_DBG("request for %s", hdev->name);
6d80dfd0 1864
e6fe7986
JH		 1865 status = mgmt_bredr_support(hdev);
1866 if (status)
1867 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1868
9ecb3e24
MH		 1869 if (!lmp_ssp_capable(hdev))
1870 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1871 MGMT_STATUS_NOT_SUPPORTED);
1872
1873 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1874 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1875 MGMT_STATUS_REJECTED);
1876
a7e80f25
JH		 1877 if (cp->val != 0x00 && cp->val != 0x01)
1878 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1879 MGMT_STATUS_INVALID_PARAMS);
1880
ee392693
MH		 1881 hci_dev_lock(hdev);
1882
a0cdf960 1883 if (cp->val) {
ee392693 1884 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1885 } else {
1886 if (hdev_is_powered(hdev)) {
1887 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1888 MGMT_STATUS_REJECTED);
1889 goto unlock;
1890 }
1891
ee392693 1892 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1893 }
ee392693
MH		 1894
1895 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1896 if (err < 0)
1897 goto unlock;
1898
1899 if (changed)
1900 err = new_settings(hdev, sk);
6d80dfd0 1901
ee392693
MH		 1902unlock:
1903 hci_dev_unlock(hdev);
1904 return err;
6d80dfd0
JH		 1905}
1906
416a4ae5
JH		 1907static void le_enable_complete(struct hci_dev *hdev, u8 status)
1908{
1909 struct cmd_lookup match = { NULL, hdev };
1910
1911 if (status) {
1912 u8 mgmt_err = mgmt_status(status);
1913
1914 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1915 &mgmt_err);
1916 return;
1917 }
1918
1919 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1920
1921 new_settings(hdev, match.sk);
1922
1923 if (match.sk)
1924 sock_put(match.sk);
441ad2d0
MH		 1925
1926 /* Make sure the controller has a good default for
1927 * advertising data. Restrict the update to when LE
1928 * has actually been enabled. During power on, the
1929 * update in powered_update_hci will take care of it.
1930 */
1931 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1932 struct hci_request req;
1933
1934 hci_dev_lock(hdev);
1935
1936 hci_req_init(&req, hdev);
5947f4bc 1937 update_adv_data(&req);
f14d8f64 1938 update_scan_rsp_data(&req);
441ad2d0
MH		 1939 hci_req_run(&req, NULL);
1940
1941 hci_dev_unlock(hdev);
1942 }
416a4ae5
JH		 1943}
1944
bdb6d971 1945static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1946{
1947 struct mgmt_mode *cp = data;
1948 struct hci_cp_write_le_host_supported hci_cp;
1949 struct pending_cmd *cmd;
416a4ae5 1950 struct hci_request req;
06199cf8 1951 int err;
0b60eba1 1952 u8 val, enabled;
06199cf8 1953
bdb6d971 1954 BT_DBG("request for %s", hdev->name);
06199cf8 1955
13ecd8b6
JH		 1956 if (!lmp_le_capable(hdev))
1957 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1958 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1959
a7e80f25
JH		 1960 if (cp->val != 0x00 && cp->val != 0x01)
1961 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1962 MGMT_STATUS_INVALID_PARAMS);
1963
c73eee91 1964 /* LE-only devices do not allow toggling LE on/off */
56f87901 1965 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1966 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1967 MGMT_STATUS_REJECTED);
1968
13ecd8b6 1969 hci_dev_lock(hdev);
06199cf8
JH		 1970
1971 val = !!cp->val;
ffa88e02 1972 enabled = lmp_host_le_capable(hdev);
06199cf8 1973
0b60eba1 1974 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1975 bool changed = false;
1976
1977 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1978 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1979 changed = true;
1980 }
1981
f3d3444a
JH		 1982 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1983 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1984 changed = true;
1985 }
1986
06199cf8
JH		 1987 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1988 if (err < 0)
1de028ce 1989 goto unlock;
06199cf8
JH		 1990
1991 if (changed)
1992 err = new_settings(hdev, sk);
1993
1de028ce 1994 goto unlock;
06199cf8
JH		 1995 }
1996
4375f103
JH		 1997 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1998 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1999 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2000 MGMT_STATUS_BUSY);
1de028ce 2001 goto unlock;
06199cf8
JH		 2002 }
2003
2004 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2005 if (!cmd) {
2006 err = -ENOMEM;
1de028ce 2007 goto unlock;
06199cf8
JH		 2008 }
2009
441ad2d0
MH		 2010 hci_req_init(&req, hdev);
2011
06199cf8
JH		 2012 memset(&hci_cp, 0, sizeof(hci_cp));
2013
2014 if (val) {
2015 hci_cp.le = val;
ffa88e02 2016 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2017 } else {
2018 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2019 disable_advertising(&req);
06199cf8
JH		 2020 }
2021
416a4ae5
JH		 2022 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2023 &hci_cp);
2024
2025 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2026 if (err < 0)
06199cf8 2027 mgmt_pending_remove(cmd);
06199cf8 2028
1de028ce
JH		 2029unlock:
2030 hci_dev_unlock(hdev);
06199cf8
JH		 2031 return err;
2032}
2033
0cab9c80
JH		 2034/* This is a helper function to test for pending mgmt commands that can
2035 * cause CoD or EIR HCI commands. We can only allow one such pending
2036 * mgmt command at a time since otherwise we cannot easily track what
2037 * the current values are, will be, and based on that calculate if a new
2038 * HCI command needs to be sent and if yes with what value.
2039 */
2040static bool pending_eir_or_class(struct hci_dev *hdev)
2041{
2042 struct pending_cmd *cmd;
2043
2044 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2045 switch (cmd->opcode) {
2046 case MGMT_OP_ADD_UUID:
2047 case MGMT_OP_REMOVE_UUID:
2048 case MGMT_OP_SET_DEV_CLASS:
2049 case MGMT_OP_SET_POWERED:
2050 return true;
2051 }
2052 }
2053
2054 return false;
2055}
2056
83be8eca
JH		 2057static const u8 bluetooth_base_uuid[] = {
2058 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2059 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2060};
2061
2062static u8 get_uuid_size(const u8 *uuid)
2063{
2064 u32 val;
2065
2066 if (memcmp(uuid, bluetooth_base_uuid, 12))
2067 return 128;
2068
2069 val = get_unaligned_le32(&uuid[12]);
2070 if (val > 0xffff)
2071 return 32;
2072
2073 return 16;
2074}
2075
92da6097
JH		 2076static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2077{
2078 struct pending_cmd *cmd;
2079
2080 hci_dev_lock(hdev);
2081
2082 cmd = mgmt_pending_find(mgmt_op, hdev);
2083 if (!cmd)
2084 goto unlock;
2085
2086 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2087 hdev->dev_class, 3);
2088
2089 mgmt_pending_remove(cmd);
2090
2091unlock:
2092 hci_dev_unlock(hdev);
2093}
2094
2095static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2096{
2097 BT_DBG("status 0x%02x", status);
2098
2099 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2100}
2101
bdb6d971 2102static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2103{
650f726d 2104 struct mgmt_cp_add_uuid *cp = data;
90e70454 2105 struct pending_cmd *cmd;
890ea898 2106 struct hci_request req;
2aeb9a1a 2107 struct bt_uuid *uuid;
2aeb9a1a
JH		 2108 int err;
2109
bdb6d971 2110 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2111
09fd0de5 2112 hci_dev_lock(hdev);
2aeb9a1a 2113
0cab9c80 2114 if (pending_eir_or_class(hdev)) {
bdb6d971 2115 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2116 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2117 goto failed;
2118 }
2119
92c4c204 2120 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2121 if (!uuid) {
2122 err = -ENOMEM;
2123 goto failed;
2124 }
2125
2126 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2127 uuid->svc_hint = cp->svc_hint;
83be8eca 2128 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2129
de66aa63 2130 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2131
890ea898 2132 hci_req_init(&req, hdev);
1aff6f09 2133
890ea898
JH		 2134 update_class(&req);
2135 update_eir(&req);
2136
92da6097
JH		 2137 err = hci_req_run(&req, add_uuid_complete);
2138 if (err < 0) {
2139 if (err != -ENODATA)
2140 goto failed;
80a1e1db 2141
bdb6d971 2142 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2143 hdev->dev_class, 3);
90e70454
JH		 2144 goto failed;
2145 }
2146
2147 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2148 if (!cmd) {
90e70454 2149 err = -ENOMEM;
890ea898
JH		 2150 goto failed;
2151 }
2152
2153 err = 0;
2aeb9a1a
JH		 2154
2155failed:
09fd0de5 2156 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2157 return err;
2158}
2159
24b78d0f
JH		 2160static bool enable_service_cache(struct hci_dev *hdev)
2161{
2162 if (!hdev_is_powered(hdev))
2163 return false;
2164
2165 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2166 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2167 CACHE_TIMEOUT);
24b78d0f
JH		 2168 return true;
2169 }
2170
2171 return false;
2172}
2173
92da6097
JH		 2174static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2175{
2176 BT_DBG("status 0x%02x", status);
2177
2178 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2179}
2180
bdb6d971 2181static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2182 u16 len)
2aeb9a1a 2183{
650f726d 2184 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2185 struct pending_cmd *cmd;
056341c8 2186 struct bt_uuid *match, *tmp;
2aeb9a1a 2187 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2188 struct hci_request req;
2aeb9a1a
JH		 2189 int err, found;
2190
bdb6d971 2191 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2192
09fd0de5 2193 hci_dev_lock(hdev);
2aeb9a1a 2194
0cab9c80 2195 if (pending_eir_or_class(hdev)) {
bdb6d971 2196 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2197 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2198 goto unlock;
2199 }
2200
2aeb9a1a 2201 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2202 hci_uuids_clear(hdev);
4004b6d9 2203
24b78d0f 2204 if (enable_service_cache(hdev)) {
bdb6d971 2205 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2206 0, hdev->dev_class, 3);
24b78d0f
JH		 2207 goto unlock;
2208 }
4004b6d9 2209
9246a869 2210 goto update_class;
2aeb9a1a
JH		 2211 }
2212
2213 found = 0;
2214
056341c8 2215 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2216 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2217 continue;
2218
2219 list_del(&match->list);
482049f7 2220 kfree(match);
2aeb9a1a
JH		 2221 found++;
2222 }
2223
2224 if (found == 0) {
bdb6d971 2225 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2226 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2227 goto unlock;
2228 }
2229
9246a869 2230update_class:
890ea898 2231 hci_req_init(&req, hdev);
1aff6f09 2232
890ea898
JH		 2233 update_class(&req);
2234 update_eir(&req);
2235
92da6097
JH		 2236 err = hci_req_run(&req, remove_uuid_complete);
2237 if (err < 0) {
2238 if (err != -ENODATA)
2239 goto unlock;
80a1e1db 2240
bdb6d971 2241 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2242 hdev->dev_class, 3);
90e70454
JH		 2243 goto unlock;
2244 }
2245
2246 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2247 if (!cmd) {
90e70454 2248 err = -ENOMEM;
890ea898
JH		 2249 goto unlock;
2250 }
2251
2252 err = 0;
2aeb9a1a
JH		 2253
2254unlock:
09fd0de5 2255 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2256 return err;
2257}
2258
92da6097
JH		 2259static void set_class_complete(struct hci_dev *hdev, u8 status)
2260{
2261 BT_DBG("status 0x%02x", status);
2262
2263 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2264}
2265
bdb6d971 2266static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2267 u16 len)
1aff6f09 2268{
650f726d 2269 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2270 struct pending_cmd *cmd;
890ea898 2271 struct hci_request req;
1aff6f09
JH		 2272 int err;
2273
bdb6d971 2274 BT_DBG("request for %s", hdev->name);
1aff6f09 2275
6203fc98 2276 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2277 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2278 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2279
0cab9c80 2280 hci_dev_lock(hdev);
ee98f473 2281
0cab9c80
JH		 2282 if (pending_eir_or_class(hdev)) {
2283 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2284 MGMT_STATUS_BUSY);
2285 goto unlock;
2286 }
c95f0ba7 2287
0cab9c80
JH		 2288 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2289 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2290 MGMT_STATUS_INVALID_PARAMS);
2291 goto unlock;
2292 }
575b3a02 2293
932f5ff5
JH		 2294 hdev->major_class = cp->major;
2295 hdev->minor_class = cp->minor;
2296
b5235a65 2297 if (!hdev_is_powered(hdev)) {
bdb6d971 2298 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2299 hdev->dev_class, 3);
b5235a65
JH		 2300 goto unlock;
2301 }
2302
890ea898
JH		 2303 hci_req_init(&req, hdev);
2304
a8b2d5c2 2305 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2306 hci_dev_unlock(hdev);
2307 cancel_delayed_work_sync(&hdev->service_cache);
2308 hci_dev_lock(hdev);
890ea898 2309 update_eir(&req);
7d78525d 2310 }
14c0b608 2311
890ea898
JH		 2312 update_class(&req);
2313
92da6097
JH		 2314 err = hci_req_run(&req, set_class_complete);
2315 if (err < 0) {
2316 if (err != -ENODATA)
2317 goto unlock;
1aff6f09 2318
bdb6d971 2319 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2320 hdev->dev_class, 3);
90e70454
JH		 2321 goto unlock;
2322 }
2323
2324 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2325 if (!cmd) {
90e70454 2326 err = -ENOMEM;
890ea898
JH		 2327 goto unlock;
2328 }
2329
2330 err = 0;
1aff6f09 2331
b5235a65 2332unlock:
09fd0de5 2333 hci_dev_unlock(hdev);
1aff6f09
JH		 2334 return err;
2335}
2336
bdb6d971 2337static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2338 u16 len)
55ed8ca1 2339{
650f726d 2340 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2341 u16 key_count, expected_len;
b1de97d8 2342 bool changed;
a492cd52 2343 int i;
55ed8ca1 2344
9060d5cf
MH		 2345 BT_DBG("request for %s", hdev->name);
2346
2347 if (!lmp_bredr_capable(hdev))
2348 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2349 MGMT_STATUS_NOT_SUPPORTED);
2350
1f350c87 2351 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2352
86742e1e
JH		 2353 expected_len = sizeof(*cp) + key_count *
2354 sizeof(struct mgmt_link_key_info);
a492cd52 2355 if (expected_len != len) {
86742e1e 2356 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2357 expected_len, len);
bdb6d971 2358 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2359 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2360 }
2361
4ae14301
JH		 2362 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2363 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2364 MGMT_STATUS_INVALID_PARAMS);
2365
bdb6d971 2366 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2367 key_count);
55ed8ca1 2368
4ee71b20
JH		 2369 for (i = 0; i < key_count; i++) {
2370 struct mgmt_link_key_info *key = &cp->keys[i];
2371
8e991132 2372 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2373 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2374 MGMT_STATUS_INVALID_PARAMS);
2375 }
2376
09fd0de5 2377 hci_dev_lock(hdev);
55ed8ca1
JH		 2378
2379 hci_link_keys_clear(hdev);
2380
55ed8ca1 2381 if (cp->debug_keys)
b1de97d8 2382 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2383 else
b1de97d8
MH		 2384 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2385
2386 if (changed)
2387 new_settings(hdev, NULL);
55ed8ca1 2388
a492cd52 2389 for (i = 0; i < key_count; i++) {
86742e1e 2390 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2391
d753fdc4 2392 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2393 key->type, key->pin_len);
55ed8ca1
JH		 2394 }
2395
bdb6d971 2396 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2397
09fd0de5 2398 hci_dev_unlock(hdev);
55ed8ca1 2399
a492cd52 2400 return 0;
55ed8ca1
JH		 2401}
2402
b1078ad0 2403static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2404 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2405{
2406 struct mgmt_ev_device_unpaired ev;
2407
2408 bacpy(&ev.addr.bdaddr, bdaddr);
2409 ev.addr.type = addr_type;
2410
2411 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2412 skip_sk);
b1078ad0
JH		 2413}
2414
bdb6d971 2415static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2416 u16 len)
55ed8ca1 2417{
124f6e35
JH		 2418 struct mgmt_cp_unpair_device *cp = data;
2419 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2420 struct hci_cp_disconnect dc;
2421 struct pending_cmd *cmd;
55ed8ca1 2422 struct hci_conn *conn;
55ed8ca1
JH		 2423 int err;
2424
a8a1d19e 2425 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2426 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2427 rp.addr.type = cp->addr.type;
a8a1d19e 2428
4ee71b20
JH		 2429 if (!bdaddr_type_is_valid(cp->addr.type))
2430 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2431 MGMT_STATUS_INVALID_PARAMS,
2432 &rp, sizeof(rp));
2433
118da70b
JH		 2434 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2435 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2436 MGMT_STATUS_INVALID_PARAMS,
2437 &rp, sizeof(rp));
2438
4ee71b20
JH		 2439 hci_dev_lock(hdev);
2440
86a8cfc6 2441 if (!hdev_is_powered(hdev)) {
bdb6d971 2442 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2443 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2444 goto unlock;
2445 }
2446
e0b2b27e 2447 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2448 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2449 } else {
2450 u8 addr_type;
2451
2452 if (cp->addr.type == BDADDR_LE_PUBLIC)
2453 addr_type = ADDR_LE_DEV_PUBLIC;
2454 else
2455 addr_type = ADDR_LE_DEV_RANDOM;
2456
a7ec7338
JH		 2457 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2458
a9b0a04c
AG		 2459 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2460
e0b2b27e
JH		 2461 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2462 }
b0dbfb46 2463
55ed8ca1 2464 if (err < 0) {
bdb6d971 2465 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2466 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2467 goto unlock;
2468 }
2469
86a8cfc6 2470 if (cp->disconnect) {
591f47f3 2471 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2472 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2473 &cp->addr.bdaddr);
86a8cfc6
JH		 2474 else
2475 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2476 &cp->addr.bdaddr);
86a8cfc6
JH		 2477 } else {
2478 conn = NULL;
2479 }
124f6e35 2480
a8a1d19e 2481 if (!conn) {
bdb6d971 2482 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2483 &rp, sizeof(rp));
b1078ad0 2484 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2485 goto unlock;
2486 }
55ed8ca1 2487
124f6e35 2488 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2489 sizeof(*cp));
a8a1d19e
JH		 2490 if (!cmd) {
2491 err = -ENOMEM;
2492 goto unlock;
55ed8ca1
JH		 2493 }
2494
eb55ef07 2495 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2496 dc.reason = 0x13; /* Remote User Terminated Connection */
2497 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2498 if (err < 0)
2499 mgmt_pending_remove(cmd);
2500
55ed8ca1 2501unlock:
09fd0de5 2502 hci_dev_unlock(hdev);
55ed8ca1
JH		 2503 return err;
2504}
2505
bdb6d971 2506static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2507 u16 len)
8962ee74 2508{
650f726d 2509 struct mgmt_cp_disconnect *cp = data;
06a63b19 2510 struct mgmt_rp_disconnect rp;
8962ee74 2511 struct hci_cp_disconnect dc;
366a0336 2512 struct pending_cmd *cmd;
8962ee74 2513 struct hci_conn *conn;
8962ee74
JH		 2514 int err;
2515
2516 BT_DBG("");
2517
06a63b19
JH		 2518 memset(&rp, 0, sizeof(rp));
2519 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2520 rp.addr.type = cp->addr.type;
2521
4ee71b20 2522 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2523 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2524 MGMT_STATUS_INVALID_PARAMS,
2525 &rp, sizeof(rp));
4ee71b20 2526
09fd0de5 2527 hci_dev_lock(hdev);
8962ee74
JH		 2528
2529 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2530 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2531 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2532 goto failed;
2533 }
2534
2e58ef3e 2535 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2536 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2537 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2538 goto failed;
2539 }
2540
591f47f3 2541 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2542 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2543 &cp->addr.bdaddr);
88c3df13
JH		 2544 else
2545 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2546
f960727e 2547 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2548 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2549 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2550 goto failed;
2551 }
2552
2e58ef3e 2553 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2554 if (!cmd) {
2555 err = -ENOMEM;
8962ee74 2556 goto failed;
366a0336 2557 }
8962ee74 2558
eb55ef07 2559 dc.handle = cpu_to_le16(conn->handle);
3701f944 2560 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2561
2562 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2563 if (err < 0)
a664b5bc 2564 mgmt_pending_remove(cmd);
8962ee74
JH		 2565
2566failed:
09fd0de5 2567 hci_dev_unlock(hdev);
8962ee74
JH		 2568 return err;
2569}
2570
57c1477c 2571static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2572{
2573 switch (link_type) {
2574 case LE_LINK:
48264f06
JH		 2575 switch (addr_type) {
2576 case ADDR_LE_DEV_PUBLIC:
591f47f3 2577 return BDADDR_LE_PUBLIC;
0ed09148 2578
48264f06 2579 default:
0ed09148 2580 /* Fallback to LE Random address type */
591f47f3 2581 return BDADDR_LE_RANDOM;
48264f06 2582 }
0ed09148 2583
4c659c39 2584 default:
0ed09148 2585 /* Fallback to BR/EDR type */
591f47f3 2586 return BDADDR_BREDR;
4c659c39
JH		 2587 }
2588}
2589
04124681
GP		 2590static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2591 u16 data_len)
2784eb41 2592{
2784eb41 2593 struct mgmt_rp_get_connections *rp;
8035ded4 2594 struct hci_conn *c;
a38528f1 2595 size_t rp_len;
60fc5fb6
JH		 2596 int err;
2597 u16 i;
2784eb41
JH		 2598
2599 BT_DBG("");
2600
09fd0de5 2601 hci_dev_lock(hdev);
2784eb41 2602
5f97c1df 2603 if (!hdev_is_powered(hdev)) {
bdb6d971 2604 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2605 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2606 goto unlock;
2607 }
2608
60fc5fb6 2609 i = 0;
b644ba33
JH		 2610 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2611 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2612 i++;
2784eb41
JH		 2613 }
2614
60fc5fb6 2615 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2616 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2617 if (!rp) {
2784eb41
JH		 2618 err = -ENOMEM;
2619 goto unlock;
2620 }
2621
2784eb41 2622 i = 0;
4c659c39 2623 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2624 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2625 continue;
4c659c39 2626 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2627 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2628 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2629 continue;
2630 i++;
2631 }
2632
eb55ef07 2633 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2634
4c659c39
JH		 2635 /* Recalculate length in case of filtered SCO connections, etc */
2636 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2637
bdb6d971 2638 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2639 rp_len);
2784eb41 2640
a38528f1 2641 kfree(rp);
5f97c1df
JH		 2642
2643unlock:
09fd0de5 2644 hci_dev_unlock(hdev);
2784eb41
JH		 2645 return err;
2646}
2647
bdb6d971 2648static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2649 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2650{
2651 struct pending_cmd *cmd;
2652 int err;
2653
2e58ef3e 2654 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2655 sizeof(*cp));
96d97a67
WR		 2656 if (!cmd)
2657 return -ENOMEM;
2658
d8457698 2659 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2660 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2661 if (err < 0)
2662 mgmt_pending_remove(cmd);
2663
2664 return err;
2665}
2666
bdb6d971 2667static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2668 u16 len)
980e1a53 2669{
96d97a67 2670 struct hci_conn *conn;
650f726d 2671 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2672 struct hci_cp_pin_code_reply reply;
366a0336 2673 struct pending_cmd *cmd;
980e1a53
JH		 2674 int err;
2675
2676 BT_DBG("");
2677
09fd0de5 2678 hci_dev_lock(hdev);
980e1a53 2679
4b34ee78 2680 if (!hdev_is_powered(hdev)) {
bdb6d971 2681 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2682 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2683 goto failed;
2684 }
2685
d8457698 2686 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2687 if (!conn) {
bdb6d971 2688 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2689 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2690 goto failed;
2691 }
2692
2693 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2694 struct mgmt_cp_pin_code_neg_reply ncp;
2695
2696 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2697
2698 BT_ERR("PIN code is not 16 bytes long");
2699
bdb6d971 2700 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2701 if (err >= 0)
bdb6d971 2702 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2703 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2704
2705 goto failed;
2706 }
2707
00abfe44 2708 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2709 if (!cmd) {
2710 err = -ENOMEM;
980e1a53 2711 goto failed;
366a0336 2712 }
980e1a53 2713
d8457698 2714 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2715 reply.pin_len = cp->pin_len;
24718ca5 2716 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2717
2718 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2719 if (err < 0)
a664b5bc 2720 mgmt_pending_remove(cmd);
980e1a53
JH		 2721
2722failed:
09fd0de5 2723 hci_dev_unlock(hdev);
980e1a53
JH		 2724 return err;
2725}
2726
04124681
GP		 2727static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2728 u16 len)
17fa4b9d 2729{
650f726d 2730 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2731
2732 BT_DBG("");
2733
09fd0de5 2734 hci_dev_lock(hdev);
17fa4b9d
JH		 2735
2736 hdev->io_capability = cp->io_capability;
2737
2738 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2739 hdev->io_capability);
17fa4b9d 2740
09fd0de5 2741 hci_dev_unlock(hdev);
17fa4b9d 2742
04124681
GP		 2743 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2744 0);
17fa4b9d
JH		 2745}
2746
6039aa73 2747static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2748{
2749 struct hci_dev *hdev = conn->hdev;
8035ded4 2750 struct pending_cmd *cmd;
e9a416b5 2751
2e58ef3e 2752 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2753 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2754 continue;
2755
e9a416b5
JH		 2756 if (cmd->user_data != conn)
2757 continue;
2758
2759 return cmd;
2760 }
2761
2762 return NULL;
2763}
2764
2765static void pairing_complete(struct pending_cmd *cmd, u8 status)
2766{
2767 struct mgmt_rp_pair_device rp;
2768 struct hci_conn *conn = cmd->user_data;
2769
61b1a7fb
JH		 2770 bacpy(&rp.addr.bdaddr, &conn->dst);
2771 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2772
aee9b218 2773 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2774 &rp, sizeof(rp));
e9a416b5
JH		 2775
2776 /* So we don't get further callbacks for this connection */
2777 conn->connect_cfm_cb = NULL;
2778 conn->security_cfm_cb = NULL;
2779 conn->disconn_cfm_cb = NULL;
2780
76a68ba0 2781 hci_conn_drop(conn);
e9a416b5 2782
a664b5bc 2783 mgmt_pending_remove(cmd);
e9a416b5
JH		 2784}
2785
f4a407be
JH		 2786void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2787{
2788 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2789 struct pending_cmd *cmd;
2790
2791 cmd = find_pairing(conn);
2792 if (cmd)
2793 pairing_complete(cmd, status);
2794}
2795
e9a416b5
JH		 2796static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2797{
2798 struct pending_cmd *cmd;
2799
2800 BT_DBG("status %u", status);
2801
2802 cmd = find_pairing(conn);
56e5cb86 2803 if (!cmd)
e9a416b5 2804 BT_DBG("Unable to find a pending command");
56e5cb86 2805 else
e211326c 2806 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2807}
2808
f4a407be 2809static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2810{
2811 struct pending_cmd *cmd;
2812
2813 BT_DBG("status %u", status);
2814
2815 if (!status)
2816 return;
2817
2818 cmd = find_pairing(conn);
2819 if (!cmd)
2820 BT_DBG("Unable to find a pending command");
2821 else
2822 pairing_complete(cmd, mgmt_status(status));
2823}
2824
bdb6d971 2825static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2826 u16 len)
e9a416b5 2827{
650f726d 2828 struct mgmt_cp_pair_device *cp = data;
1425acb7 2829 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2830 struct pending_cmd *cmd;
2831 u8 sec_level, auth_type;
2832 struct hci_conn *conn;
e9a416b5
JH		 2833 int err;
2834
2835 BT_DBG("");
2836
f950a30e
SJ		 2837 memset(&rp, 0, sizeof(rp));
2838 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2839 rp.addr.type = cp->addr.type;
2840
4ee71b20
JH		 2841 if (!bdaddr_type_is_valid(cp->addr.type))
2842 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2843 MGMT_STATUS_INVALID_PARAMS,
2844 &rp, sizeof(rp));
2845
09fd0de5 2846 hci_dev_lock(hdev);
e9a416b5 2847
5f97c1df 2848 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2849 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2850 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2851 goto unlock;
2852 }
2853
c908df36 2854 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2855 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2856
6f77d8c7 2857 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2858 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2859 auth_type);
6f77d8c7
AG		 2860 } else {
2861 u8 addr_type;
2862
2863 /* Convert from L2CAP channel address type to HCI address type
2864 */
2865 if (cp->addr.type == BDADDR_LE_PUBLIC)
2866 addr_type = ADDR_LE_DEV_PUBLIC;
2867 else
2868 addr_type = ADDR_LE_DEV_RANDOM;
2869
2870 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 2871 sec_level, auth_type);
6f77d8c7 2872 }
7a512d01 2873
30e76272 2874 if (IS_ERR(conn)) {
489dc48e
AK		 2875 int status;
2876
2877 if (PTR_ERR(conn) == -EBUSY)
2878 status = MGMT_STATUS_BUSY;
2879 else
2880 status = MGMT_STATUS_CONNECT_FAILED;
2881
bdb6d971 2882 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2883 status, &rp,
04124681 2884 sizeof(rp));
e9a416b5
JH		 2885 goto unlock;
2886 }
2887
2888 if (conn->connect_cfm_cb) {
76a68ba0 2889 hci_conn_drop(conn);
bdb6d971 2890 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2891 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2892 goto unlock;
2893 }
2894
2e58ef3e 2895 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2896 if (!cmd) {
2897 err = -ENOMEM;
76a68ba0 2898 hci_conn_drop(conn);
e9a416b5
JH		 2899 goto unlock;
2900 }
2901
7a512d01 2902 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2903 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2904 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2905 conn->security_cfm_cb = pairing_complete_cb;
2906 conn->disconn_cfm_cb = pairing_complete_cb;
2907 } else {
2908 conn->connect_cfm_cb = le_pairing_complete_cb;
2909 conn->security_cfm_cb = le_pairing_complete_cb;
2910 conn->disconn_cfm_cb = le_pairing_complete_cb;
2911 }
7a512d01 2912
e9a416b5
JH		 2913 conn->io_capability = cp->io_cap;
2914 cmd->user_data = conn;
2915
2916 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2917 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2918 pairing_complete(cmd, 0);
2919
2920 err = 0;
2921
2922unlock:
09fd0de5 2923 hci_dev_unlock(hdev);
e9a416b5
JH		 2924 return err;
2925}
2926
04124681
GP		 2927static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2928 u16 len)
28424707 2929{
0f4e68cf 2930 struct mgmt_addr_info *addr = data;
28424707
JH		 2931 struct pending_cmd *cmd;
2932 struct hci_conn *conn;
2933 int err;
2934
2935 BT_DBG("");
2936
28424707
JH		 2937 hci_dev_lock(hdev);
2938
5f97c1df 2939 if (!hdev_is_powered(hdev)) {
bdb6d971 2940 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2941 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2942 goto unlock;
2943 }
2944
28424707
JH		 2945 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2946 if (!cmd) {
bdb6d971 2947 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2948 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2949 goto unlock;
2950 }
2951
2952 conn = cmd->user_data;
2953
2954 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2955 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2956 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2957 goto unlock;
2958 }
2959
2960 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2961
bdb6d971 2962 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2963 addr, sizeof(*addr));
28424707
JH		 2964unlock:
2965 hci_dev_unlock(hdev);
28424707
JH		 2966 return err;
2967}
2968
bdb6d971 2969static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2970 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2971 u16 hci_op, __le32 passkey)
a5c29683 2972{
a5c29683 2973 struct pending_cmd *cmd;
0df4c185 2974 struct hci_conn *conn;
a5c29683
JH		 2975 int err;
2976
09fd0de5 2977 hci_dev_lock(hdev);
08ba5382 2978
4b34ee78 2979 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2980 err = cmd_complete(sk, hdev->id, mgmt_op,
2981 MGMT_STATUS_NOT_POWERED, addr,
2982 sizeof(*addr));
0df4c185 2983 goto done;
a5c29683
JH		 2984 }
2985
1707c60e
JH		 2986 if (addr->type == BDADDR_BREDR)
2987 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2988 else
1707c60e 2989 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2990
2991 if (!conn) {
feb94d3d
JH		 2992 err = cmd_complete(sk, hdev->id, mgmt_op,
2993 MGMT_STATUS_NOT_CONNECTED, addr,
2994 sizeof(*addr));
272d90df
JH		 2995 goto done;
2996 }
47c15e2b 2997
1707c60e 2998 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2999 /* Continue with pairing via SMP */
5fe57d9e
BG		 3000 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3001
3002 if (!err)
feb94d3d
JH		 3003 err = cmd_complete(sk, hdev->id, mgmt_op,
3004 MGMT_STATUS_SUCCESS, addr,
3005 sizeof(*addr));
5fe57d9e 3006 else
feb94d3d
JH		 3007 err = cmd_complete(sk, hdev->id, mgmt_op,
3008 MGMT_STATUS_FAILED, addr,
3009 sizeof(*addr));
47c15e2b 3010
47c15e2b
BG		 3011 goto done;
3012 }
3013
1707c60e 3014 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3015 if (!cmd) {
3016 err = -ENOMEM;
0df4c185 3017 goto done;
a5c29683
JH		 3018 }
3019
0df4c185 3020 /* Continue with pairing via HCI */
604086b7
BG		 3021 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3022 struct hci_cp_user_passkey_reply cp;
3023
1707c60e 3024 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3025 cp.passkey = passkey;
3026 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3027 } else
1707c60e
JH		 3028 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3029 &addr->bdaddr);
604086b7 3030
a664b5bc
JH		 3031 if (err < 0)
3032 mgmt_pending_remove(cmd);
a5c29683 3033
0df4c185 3034done:
09fd0de5 3035 hci_dev_unlock(hdev);
a5c29683
JH		 3036 return err;
3037}
3038
afeb019d
JK		 3039static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3040 void *data, u16 len)
3041{
3042 struct mgmt_cp_pin_code_neg_reply *cp = data;
3043
3044 BT_DBG("");
3045
1707c60e 3046 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3047 MGMT_OP_PIN_CODE_NEG_REPLY,
3048 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3049}
3050
04124681
GP		 3051static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3052 u16 len)
0df4c185 3053{
650f726d 3054 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3055
3056 BT_DBG("");
3057
3058 if (len != sizeof(*cp))
bdb6d971 3059 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3060 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3061
1707c60e 3062 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3063 MGMT_OP_USER_CONFIRM_REPLY,
3064 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3065}
3066
bdb6d971 3067static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3068 void *data, u16 len)
0df4c185 3069{
c9c2659f 3070 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3071
3072 BT_DBG("");
3073
1707c60e 3074 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3075 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3076 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3077}
3078
04124681
GP		 3079static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3080 u16 len)
604086b7 3081{
650f726d 3082 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3083
3084 BT_DBG("");
3085
1707c60e 3086 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3087 MGMT_OP_USER_PASSKEY_REPLY,
3088 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3089}
3090
bdb6d971 3091static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3092 void *data, u16 len)
604086b7 3093{
650f726d 3094 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3095
3096 BT_DBG("");
3097
1707c60e 3098 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3099 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3100 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3101}
3102
13928971 3103static void update_name(struct hci_request *req)
2b4bf397 3104{
13928971 3105 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3106 struct hci_cp_write_local_name cp;
3107
13928971 3108 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3109
890ea898 3110 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3111}
3112
13928971
JH		 3113static void set_name_complete(struct hci_dev *hdev, u8 status)
3114{
3115 struct mgmt_cp_set_local_name *cp;
3116 struct pending_cmd *cmd;
3117
3118 BT_DBG("status 0x%02x", status);
3119
3120 hci_dev_lock(hdev);
3121
3122 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3123 if (!cmd)
3124 goto unlock;
3125
3126 cp = cmd->param;
3127
3128 if (status)
3129 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3130 mgmt_status(status));
3131 else
3132 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3133 cp, sizeof(*cp));
3134
3135 mgmt_pending_remove(cmd);
3136
3137unlock:
3138 hci_dev_unlock(hdev);
3139}
3140
bdb6d971 3141static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3142 u16 len)
b312b161 3143{
2b4bf397 3144 struct mgmt_cp_set_local_name *cp = data;
b312b161 3145 struct pending_cmd *cmd;
890ea898 3146 struct hci_request req;
b312b161
JH		 3147 int err;
3148
3149 BT_DBG("");
3150
09fd0de5 3151 hci_dev_lock(hdev);
b312b161 3152
b3f2ca94
JH		 3153 /* If the old values are the same as the new ones just return a
3154 * direct command complete event.
3155 */
3156 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3157 !memcmp(hdev->short_name, cp->short_name,
3158 sizeof(hdev->short_name))) {
3159 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3160 data, len);
3161 goto failed;
3162 }
3163
2b4bf397 3164 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3165
b5235a65 3166 if (!hdev_is_powered(hdev)) {
2b4bf397 3167 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3168
3169 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3170 data, len);
28cc7bde
JH		 3171 if (err < 0)
3172 goto failed;
3173
3174 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3175 sk);
28cc7bde 3176
b5235a65
JH		 3177 goto failed;
3178 }
3179
28cc7bde 3180 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3181 if (!cmd) {
3182 err = -ENOMEM;
3183 goto failed;
3184 }
3185
13928971
JH		 3186 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3187
890ea898 3188 hci_req_init(&req, hdev);
3f985050
JH		 3189
3190 if (lmp_bredr_capable(hdev)) {
3191 update_name(&req);
3192 update_eir(&req);
3193 }
3194
7a5f4990
MH		 3195 /* The name is stored in the scan response data and so
3196 * no need to udpate the advertising data here.
3197 */
3f985050 3198 if (lmp_le_capable(hdev))
7a5f4990 3199 update_scan_rsp_data(&req);
3f985050 3200
13928971 3201 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3202 if (err < 0)
3203 mgmt_pending_remove(cmd);
3204
3205failed:
09fd0de5 3206 hci_dev_unlock(hdev);
b312b161
JH		 3207 return err;
3208}
3209
0f4e68cf 3210static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3211 void *data, u16 data_len)
c35938b2 3212{
c35938b2
SJ		 3213 struct pending_cmd *cmd;
3214 int err;
3215
bdb6d971 3216 BT_DBG("%s", hdev->name);
c35938b2 3217
09fd0de5 3218 hci_dev_lock(hdev);
c35938b2 3219
4b34ee78 3220 if (!hdev_is_powered(hdev)) {
bdb6d971 3221 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3222 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3223 goto unlock;
3224 }
3225
9a1a1996 3226 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3227 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3228 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3229 goto unlock;
3230 }
3231
2e58ef3e 3232 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3233 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3234 MGMT_STATUS_BUSY);
c35938b2
SJ		 3235 goto unlock;
3236 }
3237
2e58ef3e 3238 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3239 if (!cmd) {
3240 err = -ENOMEM;
3241 goto unlock;
3242 }
3243
4d2d2796
MH		 3244 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3245 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3246 0, NULL);
3247 else
3248 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3249
c35938b2
SJ		 3250 if (err < 0)
3251 mgmt_pending_remove(cmd);
3252
3253unlock:
09fd0de5 3254 hci_dev_unlock(hdev);
c35938b2
SJ		 3255 return err;
3256}
3257
bdb6d971 3258static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3259 void *data, u16 len)
2763eda6 3260{
2763eda6
SJ		 3261 int err;
3262
bdb6d971 3263 BT_DBG("%s ", hdev->name);
2763eda6 3264
09fd0de5 3265 hci_dev_lock(hdev);
2763eda6 3266
ec109113
MH		 3267 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3268 struct mgmt_cp_add_remote_oob_data *cp = data;
3269 u8 status;
bf1e3541 3270
ec109113
MH		 3271 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3272 cp->hash, cp->randomizer);
3273 if (err < 0)
3274 status = MGMT_STATUS_FAILED;
3275 else
3276 status = MGMT_STATUS_SUCCESS;
3277
3278 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3279 status, &cp->addr, sizeof(cp->addr));
3280 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3281 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3282 u8 status;
3283
3284 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3285 cp->hash192,
3286 cp->randomizer192,
3287 cp->hash256,
3288 cp->randomizer256);
3289 if (err < 0)
3290 status = MGMT_STATUS_FAILED;
3291 else
3292 status = MGMT_STATUS_SUCCESS;
3293
3294 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3295 status, &cp->addr, sizeof(cp->addr));
3296 } else {
3297 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3298 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3299 MGMT_STATUS_INVALID_PARAMS);
3300 }
2763eda6 3301
09fd0de5 3302 hci_dev_unlock(hdev);
2763eda6
SJ		 3303 return err;
3304}
3305
bdb6d971 3306static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3307 void *data, u16 len)
2763eda6 3308{
650f726d 3309 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3310 u8 status;
2763eda6
SJ		 3311 int err;
3312
bdb6d971 3313 BT_DBG("%s", hdev->name);
2763eda6 3314
09fd0de5 3315 hci_dev_lock(hdev);
2763eda6 3316
664ce4cc 3317 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3318 if (err < 0)
bf1e3541 3319 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3320 else
a6785be2 3321 status = MGMT_STATUS_SUCCESS;
bf1e3541 3322
bdb6d971 3323 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3324 status, &cp->addr, sizeof(cp->addr));
2763eda6 3325
09fd0de5 3326 hci_dev_unlock(hdev);
2763eda6
SJ		 3327 return err;
3328}
3329
41dc2bd6
AG		 3330static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3331{
3332 struct pending_cmd *cmd;
3333 u8 type;
3334 int err;
3335
3336 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3337
3338 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3339 if (!cmd)
3340 return -ENOENT;
3341
3342 type = hdev->discovery.type;
3343
3344 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3345 &type, sizeof(type));
3346 mgmt_pending_remove(cmd);
3347
3348 return err;
3349}
3350
7c307720
AG		 3351static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3352{
ae55f598
LR		 3353 unsigned long timeout = 0;
3354
7c307720
AG		 3355 BT_DBG("status %d", status);
3356
3357 if (status) {
3358 hci_dev_lock(hdev);
3359 mgmt_start_discovery_failed(hdev, status);
3360 hci_dev_unlock(hdev);
3361 return;
3362 }
3363
3364 hci_dev_lock(hdev);
3365 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3366 hci_dev_unlock(hdev);
3367
3368 switch (hdev->discovery.type) {
3369 case DISCOV_TYPE_LE:
3d5a76f0 3370 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3371 break;
3372
3373 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3374 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3375 break;
3376
3377 case DISCOV_TYPE_BREDR:
3378 break;
3379
3380 default:
3381 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3382 }
ae55f598
LR		 3383
3384 if (!timeout)
3385 return;
3386
3387 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3388}
3389
bdb6d971 3390static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3391 void *data, u16 len)
14a53664 3392{
650f726d 3393 struct mgmt_cp_start_discovery *cp = data;
14a53664 3394 struct pending_cmd *cmd;
7c307720
AG		 3395 struct hci_cp_le_set_scan_param param_cp;
3396 struct hci_cp_le_set_scan_enable enable_cp;
3397 struct hci_cp_inquiry inq_cp;
3398 struct hci_request req;
3399 /* General inquiry access code (GIAC) */
3400 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3401 u8 status, own_addr_type;
14a53664
JH		 3402 int err;
3403
bdb6d971 3404 BT_DBG("%s", hdev->name);
14a53664 3405
09fd0de5 3406 hci_dev_lock(hdev);
14a53664 3407
4b34ee78 3408 if (!hdev_is_powered(hdev)) {
bdb6d971 3409 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3410 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3411 goto failed;
3412 }
3413
642be6c7
AG		 3414 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3415 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3416 MGMT_STATUS_BUSY);
3417 goto failed;
3418 }
3419
ff9ef578 3420 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3421 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3422 MGMT_STATUS_BUSY);
ff9ef578
JH		 3423 goto failed;
3424 }
3425
2e58ef3e 3426 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3427 if (!cmd) {
3428 err = -ENOMEM;
3429 goto failed;
3430 }
3431
4aab14e5
AG		 3432 hdev->discovery.type = cp->type;
3433
7c307720
AG		 3434 hci_req_init(&req, hdev);
3435
4aab14e5 3436 switch (hdev->discovery.type) {
f39799f5 3437 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3438 status = mgmt_bredr_support(hdev);
3439 if (status) {
04106755 3440 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3441 status);
04106755
JH		 3442 mgmt_pending_remove(cmd);
3443 goto failed;
3444 }
3445
7c307720
AG		 3446 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3447 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3448 MGMT_STATUS_BUSY);
3449 mgmt_pending_remove(cmd);
3450 goto failed;
3451 }
3452
3453 hci_inquiry_cache_flush(hdev);
3454
3455 memset(&inq_cp, 0, sizeof(inq_cp));
3456 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3457 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3458 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3459 break;
3460
3461 case DISCOV_TYPE_LE:
7c307720 3462 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3463 status = mgmt_le_support(hdev);
3464 if (status) {
04106755 3465 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3466 status);
04106755
JH		 3467 mgmt_pending_remove(cmd);
3468 goto failed;
3469 }
3470
7c307720 3471 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3472 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3473 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3474 MGMT_STATUS_NOT_SUPPORTED);
3475 mgmt_pending_remove(cmd);
3476 goto failed;
3477 }
3478
f3d3444a 3479 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3480 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3481 MGMT_STATUS_REJECTED);
3482 mgmt_pending_remove(cmd);
3483 goto failed;
3484 }
3485
c54c3860
AG		 3486 /* If controller is scanning, it means the background scanning
3487 * is running. Thus, we should temporarily stop it in order to
3488 * set the discovery scanning parameters.
3489 */
3490 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3491 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3492
3493 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3494
94b1fc92
MH		 3495 /* All active scans will be done with either a resolvable
3496 * private address (when privacy feature has been enabled)
3497 * or unresolvable private address.
3498 */
3499 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3500 if (err < 0) {
3501 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3502 MGMT_STATUS_FAILED);
3503 mgmt_pending_remove(cmd);
3504 goto failed;
3505 }
3506
7c307720 3507 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3508 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3509 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3510 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3511 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3512 &param_cp);
3513
3514 memset(&enable_cp, 0, sizeof(enable_cp));
3515 enable_cp.enable = LE_SCAN_ENABLE;
3516 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3517 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3518 &enable_cp);
5e0452c0
AG		 3519 break;
3520
f39799f5 3521 default:
04106755
JH		 3522 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3523 MGMT_STATUS_INVALID_PARAMS);
3524 mgmt_pending_remove(cmd);
3525 goto failed;
f39799f5 3526 }
3fd24153 3527
7c307720 3528 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3529 if (err < 0)
3530 mgmt_pending_remove(cmd);
ff9ef578
JH		 3531 else
3532 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3533
3534failed:
09fd0de5 3535 hci_dev_unlock(hdev);
14a53664
JH		 3536 return err;
3537}
3538
1183fdca
AG		 3539static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3540{
3541 struct pending_cmd *cmd;
3542 int err;
3543
3544 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3545 if (!cmd)
3546 return -ENOENT;
3547
3548 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3549 &hdev->discovery.type, sizeof(hdev->discovery.type));
3550 mgmt_pending_remove(cmd);
3551
3552 return err;
3553}
3554
0e05bba6
AG		 3555static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3556{
3557 BT_DBG("status %d", status);
3558
3559 hci_dev_lock(hdev);
3560
3561 if (status) {
3562 mgmt_stop_discovery_failed(hdev, status);
3563 goto unlock;
3564 }
3565
3566 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3567
3568unlock:
3569 hci_dev_unlock(hdev);
3570}
3571
bdb6d971 3572static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3573 u16 len)
14a53664 3574{
d930650b 3575 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3576 struct pending_cmd *cmd;
30dc78e1
JH		 3577 struct hci_cp_remote_name_req_cancel cp;
3578 struct inquiry_entry *e;
0e05bba6 3579 struct hci_request req;
14a53664
JH		 3580 int err;
3581
bdb6d971 3582 BT_DBG("%s", hdev->name);
14a53664 3583
09fd0de5 3584 hci_dev_lock(hdev);
14a53664 3585
30dc78e1 3586 if (!hci_discovery_active(hdev)) {
bdb6d971 3587 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3588 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3589 sizeof(mgmt_cp->type));
d930650b
JH		 3590 goto unlock;
3591 }
3592
3593 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3594 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3595 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3596 sizeof(mgmt_cp->type));
30dc78e1 3597 goto unlock;
ff9ef578
JH		 3598 }
3599
2e58ef3e 3600 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3601 if (!cmd) {
3602 err = -ENOMEM;
30dc78e1
JH		 3603 goto unlock;
3604 }
3605
0e05bba6
AG		 3606 hci_req_init(&req, hdev);
3607
e0d9727e
AG		 3608 switch (hdev->discovery.state) {
3609 case DISCOVERY_FINDING:
0e05bba6
AG		 3610 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3611 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3612 } else {
3613 cancel_delayed_work(&hdev->le_scan_disable);
3614
b1efcc28 3615 hci_req_add_le_scan_disable(&req);
0e05bba6 3616 }
c9ecc48e 3617
e0d9727e
AG		 3618 break;
3619
3620 case DISCOVERY_RESOLVING:
3621 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3622 NAME_PENDING);
e0d9727e 3623 if (!e) {
30dc78e1 3624 mgmt_pending_remove(cmd);
e0d9727e
AG		 3625 err = cmd_complete(sk, hdev->id,
3626 MGMT_OP_STOP_DISCOVERY, 0,
3627 &mgmt_cp->type,
3628 sizeof(mgmt_cp->type));
3629 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3630 goto unlock;
3631 }
30dc78e1 3632
e0d9727e 3633 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3634 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3635 &cp);
e0d9727e
AG		 3636
3637 break;
3638
3639 default:
3640 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3641
3642 mgmt_pending_remove(cmd);
3643 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3644 MGMT_STATUS_FAILED, &mgmt_cp->type,
3645 sizeof(mgmt_cp->type));
3646 goto unlock;
14a53664
JH		 3647 }
3648
0e05bba6 3649 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3650 if (err < 0)
3651 mgmt_pending_remove(cmd);
ff9ef578
JH		 3652 else
3653 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3654
30dc78e1 3655unlock:
09fd0de5 3656 hci_dev_unlock(hdev);
14a53664
JH		 3657 return err;
3658}
3659
bdb6d971 3660static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3661 u16 len)
561aafbc 3662{
650f726d 3663 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3664 struct inquiry_entry *e;
561aafbc
JH		 3665 int err;
3666
bdb6d971 3667 BT_DBG("%s", hdev->name);
561aafbc 3668
561aafbc
JH		 3669 hci_dev_lock(hdev);
3670
30dc78e1 3671 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3672 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3673 MGMT_STATUS_FAILED, &cp->addr,
3674 sizeof(cp->addr));
30dc78e1
JH		 3675 goto failed;
3676 }
3677
a198e7b1 3678 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3679 if (!e) {
d3a2541d
LR		 3680 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3681 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3682 sizeof(cp->addr));
561aafbc
JH		 3683 goto failed;
3684 }
3685
3686 if (cp->name_known) {
3687 e->name_state = NAME_KNOWN;
3688 list_del(&e->list);
3689 } else {
3690 e->name_state = NAME_NEEDED;
a3d4e20a 3691 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3692 }
3693
e384662b
JH		 3694 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3695 sizeof(cp->addr));
561aafbc
JH		 3696
3697failed:
3698 hci_dev_unlock(hdev);
561aafbc
JH		 3699 return err;
3700}
3701
bdb6d971 3702static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3703 u16 len)
7fbec224 3704{
650f726d 3705 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3706 u8 status;
7fbec224
AJ		 3707 int err;
3708
bdb6d971 3709 BT_DBG("%s", hdev->name);
7fbec224 3710
4ee71b20 3711 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3712 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3713 MGMT_STATUS_INVALID_PARAMS,
3714 &cp->addr, sizeof(cp->addr));
4ee71b20 3715
09fd0de5 3716 hci_dev_lock(hdev);
5e762444 3717
88c1fe4b 3718 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3719 if (err < 0)
f0eeea8b 3720 status = MGMT_STATUS_FAILED;
7fbec224 3721 else
a6785be2 3722 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3723
bdb6d971 3724 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3725 &cp->addr, sizeof(cp->addr));
5e762444 3726
09fd0de5 3727 hci_dev_unlock(hdev);
7fbec224
AJ		 3728
3729 return err;
3730}
3731
bdb6d971 3732static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3733 u16 len)
7fbec224 3734{
650f726d 3735 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3736 u8 status;
7fbec224
AJ		 3737 int err;
3738
bdb6d971 3739 BT_DBG("%s", hdev->name);
7fbec224 3740
4ee71b20 3741 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3742 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3743 MGMT_STATUS_INVALID_PARAMS,
3744 &cp->addr, sizeof(cp->addr));
4ee71b20 3745
09fd0de5 3746 hci_dev_lock(hdev);
5e762444 3747
88c1fe4b 3748 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3749 if (err < 0)
f0eeea8b 3750 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3751 else
a6785be2 3752 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3753
bdb6d971 3754 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3755 &cp->addr, sizeof(cp->addr));
5e762444 3756
09fd0de5 3757 hci_dev_unlock(hdev);
7fbec224
AJ		 3758
3759 return err;
3760}
3761
cdbaccca
MH		 3762static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3763 u16 len)
3764{
3765 struct mgmt_cp_set_device_id *cp = data;
890ea898 3766 struct hci_request req;
cdbaccca 3767 int err;
c72d4b8a 3768 __u16 source;
cdbaccca
MH		 3769
3770 BT_DBG("%s", hdev->name);
3771
c72d4b8a
SJ		 3772 source = __le16_to_cpu(cp->source);
3773
3774 if (source > 0x0002)
3775 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3776 MGMT_STATUS_INVALID_PARAMS);
3777
cdbaccca
MH		 3778 hci_dev_lock(hdev);
3779
c72d4b8a 3780 hdev->devid_source = source;
cdbaccca
MH		 3781 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3782 hdev->devid_product = __le16_to_cpu(cp->product);
3783 hdev->devid_version = __le16_to_cpu(cp->version);
3784
3785 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3786
890ea898
JH		 3787 hci_req_init(&req, hdev);
3788 update_eir(&req);
3789 hci_req_run(&req, NULL);
cdbaccca
MH		 3790
3791 hci_dev_unlock(hdev);
3792
3793 return err;
3794}
3795
4375f103
JH		 3796static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3797{
3798 struct cmd_lookup match = { NULL, hdev };
3799
3800 if (status) {
3801 u8 mgmt_err = mgmt_status(status);
3802
3803 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3804 cmd_status_rsp, &mgmt_err);
3805 return;
3806 }
3807
3808 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3809 &match);
3810
3811 new_settings(hdev, match.sk);
3812
3813 if (match.sk)
3814 sock_put(match.sk);
3815}
3816
21b5187f
MH		 3817static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3818 u16 len)
4375f103
JH		 3819{
3820 struct mgmt_mode *cp = data;
3821 struct pending_cmd *cmd;
3822 struct hci_request req;
e6fe7986 3823 u8 val, enabled, status;
4375f103
JH		 3824 int err;
3825
3826 BT_DBG("request for %s", hdev->name);
3827
e6fe7986
JH		 3828 status = mgmt_le_support(hdev);
3829 if (status)
4375f103 3830 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3831 status);
4375f103
JH		 3832
3833 if (cp->val != 0x00 && cp->val != 0x01)
3834 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3835 MGMT_STATUS_INVALID_PARAMS);
3836
3837 hci_dev_lock(hdev);
3838
3839 val = !!cp->val;
f3d3444a 3840 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3841
f74ca9b8
JH		 3842 /* The following conditions are ones which mean that we should
3843 * not do any HCI communication but directly send a mgmt
3844 * response to user space (after toggling the flag if
3845 * necessary).
3846 */
3847 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3848 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3849 bool changed = false;
3850
f3d3444a
JH		 3851 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3852 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3853 changed = true;
3854 }
3855
3856 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3857 if (err < 0)
3858 goto unlock;
3859
3860 if (changed)
3861 err = new_settings(hdev, sk);
3862
3863 goto unlock;
3864 }
3865
3866 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3867 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3868 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3869 MGMT_STATUS_BUSY);
3870 goto unlock;
3871 }
3872
3873 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3874 if (!cmd) {
3875 err = -ENOMEM;
3876 goto unlock;
3877 }
3878
3879 hci_req_init(&req, hdev);
3880
bba3aa55
MH		 3881 if (val)
3882 enable_advertising(&req);
3883 else
3884 disable_advertising(&req);
4375f103
JH		 3885
3886 err = hci_req_run(&req, set_advertising_complete);
3887 if (err < 0)
3888 mgmt_pending_remove(cmd);
3889
3890unlock:
3891 hci_dev_unlock(hdev);
3892 return err;
3893}
3894
d13eafce
MH		 3895static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3896 void *data, u16 len)
3897{
3898 struct mgmt_cp_set_static_address *cp = data;
3899 int err;
3900
3901 BT_DBG("%s", hdev->name);
3902
62af4443 3903 if (!lmp_le_capable(hdev))
d13eafce 3904 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3905 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3906
3907 if (hdev_is_powered(hdev))
3908 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3909 MGMT_STATUS_REJECTED);
3910
3911 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3912 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3913 return cmd_status(sk, hdev->id,
3914 MGMT_OP_SET_STATIC_ADDRESS,
3915 MGMT_STATUS_INVALID_PARAMS);
3916
3917 /* Two most significant bits shall be set */
3918 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3919 return cmd_status(sk, hdev->id,
3920 MGMT_OP_SET_STATIC_ADDRESS,
3921 MGMT_STATUS_INVALID_PARAMS);
3922 }
3923
3924 hci_dev_lock(hdev);
3925
3926 bacpy(&hdev->static_addr, &cp->bdaddr);
3927
3928 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3929
3930 hci_dev_unlock(hdev);
3931
3932 return err;
3933}
3934
14b49b9a
MH		 3935static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3936 void *data, u16 len)
3937{
3938 struct mgmt_cp_set_scan_params *cp = data;
3939 __u16 interval, window;
3940 int err;
3941
3942 BT_DBG("%s", hdev->name);
3943
3944 if (!lmp_le_capable(hdev))
3945 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3946 MGMT_STATUS_NOT_SUPPORTED);
3947
3948 interval = __le16_to_cpu(cp->interval);
3949
3950 if (interval < 0x0004 || interval > 0x4000)
3951 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3952 MGMT_STATUS_INVALID_PARAMS);
3953
3954 window = __le16_to_cpu(cp->window);
3955
3956 if (window < 0x0004 || window > 0x4000)
3957 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3958 MGMT_STATUS_INVALID_PARAMS);
3959
899e1075
MH		 3960 if (window > interval)
3961 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3962 MGMT_STATUS_INVALID_PARAMS);
3963
14b49b9a
MH		 3964 hci_dev_lock(hdev);
3965
3966 hdev->le_scan_interval = interval;
3967 hdev->le_scan_window = window;
3968
3969 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3970
dd2ef8e2
AG		 3971 /* If background scan is running, restart it so new parameters are
3972 * loaded.
3973 */
3974 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
3975 hdev->discovery.state == DISCOVERY_STOPPED) {
3976 struct hci_request req;
3977
3978 hci_req_init(&req, hdev);
3979
3980 hci_req_add_le_scan_disable(&req);
3981 hci_req_add_le_passive_scan(&req);
3982
3983 hci_req_run(&req, NULL);
3984 }
3985
14b49b9a
MH		 3986 hci_dev_unlock(hdev);
3987
3988 return err;
3989}
3990
33e38b3e
JH		 3991static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3992{
3993 struct pending_cmd *cmd;
3994
3995 BT_DBG("status 0x%02x", status);
3996
3997 hci_dev_lock(hdev);
3998
3999 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4000 if (!cmd)
4001 goto unlock;
4002
4003 if (status) {
4004 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4005 mgmt_status(status));
4006 } else {
1a4d3c4b
JH		 4007 struct mgmt_mode *cp = cmd->param;
4008
4009 if (cp->val)
4010 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4011 else
4012 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4013
33e38b3e
JH		 4014 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4015 new_settings(hdev, cmd->sk);
4016 }
4017
4018 mgmt_pending_remove(cmd);
4019
4020unlock:
4021 hci_dev_unlock(hdev);
4022}
4023
bdb6d971 4024static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4025 void *data, u16 len)
f6422ec6 4026{
650f726d 4027 struct mgmt_mode *cp = data;
33e38b3e
JH		 4028 struct pending_cmd *cmd;
4029 struct hci_request req;
f6422ec6
AJ		 4030 int err;
4031
bdb6d971 4032 BT_DBG("%s", hdev->name);
f6422ec6 4033
56f87901
JH		 4034 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4035 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4036 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4037 MGMT_STATUS_NOT_SUPPORTED);
4038
a7e80f25
JH		 4039 if (cp->val != 0x00 && cp->val != 0x01)
4040 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4041 MGMT_STATUS_INVALID_PARAMS);
4042
5400c044 4043 if (!hdev_is_powered(hdev))
bdb6d971 4044 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4045 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4046
4047 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4048 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4049 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4050
4051 hci_dev_lock(hdev);
4052
05cbf29f
JH		 4053 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4054 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4055 MGMT_STATUS_BUSY);
4056 goto unlock;
4057 }
4058
1a4d3c4b
JH		 4059 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4060 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4061 hdev);
4062 goto unlock;
4063 }
4064
33e38b3e
JH		 4065 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4066 data, len);
4067 if (!cmd) {
4068 err = -ENOMEM;
4069 goto unlock;
f6422ec6
AJ		 4070 }
4071
33e38b3e
JH		 4072 hci_req_init(&req, hdev);
4073
406d7804 4074 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4075
4076 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4077 if (err < 0) {
bdb6d971 4078 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4079 MGMT_STATUS_FAILED);
33e38b3e 4080 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4081 }
4082
33e38b3e 4083unlock:
f6422ec6 4084 hci_dev_unlock(hdev);
33e38b3e 4085
f6422ec6
AJ		 4086 return err;
4087}
4088
67e5a7a3
JH		 4089static void set_bredr_scan(struct hci_request *req)
4090{
4091 struct hci_dev *hdev = req->hdev;
4092 u8 scan = 0;
4093
4094 /* Ensure that fast connectable is disabled. This function will
4095 * not do anything if the page scan parameters are already what
4096 * they should be.
4097 */
4098 write_fast_connectable(req, false);
4099
4100 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4101 scan |= SCAN_PAGE;
4102 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4103 scan |= SCAN_INQUIRY;
4104
4105 if (scan)
4106 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4107}
4108
0663ca2a
JH		 4109static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4110{
4111 struct pending_cmd *cmd;
4112
4113 BT_DBG("status 0x%02x", status);
4114
4115 hci_dev_lock(hdev);
4116
4117 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4118 if (!cmd)
4119 goto unlock;
4120
4121 if (status) {
4122 u8 mgmt_err = mgmt_status(status);
4123
4124 /* We need to restore the flag if related HCI commands
4125 * failed.
4126 */
4127 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4128
4129 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4130 } else {
4131 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4132 new_settings(hdev, cmd->sk);
4133 }
4134
4135 mgmt_pending_remove(cmd);
4136
4137unlock:
4138 hci_dev_unlock(hdev);
4139}
4140
4141static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4142{
4143 struct mgmt_mode *cp = data;
4144 struct pending_cmd *cmd;
4145 struct hci_request req;
4146 int err;
4147
4148 BT_DBG("request for %s", hdev->name);
4149
4150 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4151 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4152 MGMT_STATUS_NOT_SUPPORTED);
4153
4154 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4155 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4156 MGMT_STATUS_REJECTED);
4157
4158 if (cp->val != 0x00 && cp->val != 0x01)
4159 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4160 MGMT_STATUS_INVALID_PARAMS);
4161
4162 hci_dev_lock(hdev);
4163
4164 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4165 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4166 goto unlock;
4167 }
4168
4169 if (!hdev_is_powered(hdev)) {
4170 if (!cp->val) {
0663ca2a
JH		 4171 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4172 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4173 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4174 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4175 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4176 }
4177
4178 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4179
4180 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4181 if (err < 0)
4182 goto unlock;
4183
4184 err = new_settings(hdev, sk);
4185 goto unlock;
4186 }
4187
4188 /* Reject disabling when powered on */
4189 if (!cp->val) {
4190 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4191 MGMT_STATUS_REJECTED);
4192 goto unlock;
4193 }
4194
4195 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4196 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4197 MGMT_STATUS_BUSY);
4198 goto unlock;
4199 }
4200
4201 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4202 if (!cmd) {
4203 err = -ENOMEM;
4204 goto unlock;
4205 }
4206
5947f4bc 4207 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4208 * generates the correct flags.
4209 */
4210 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4211
4212 hci_req_init(&req, hdev);
aa8af46e
JH		 4213
4214 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4215 set_bredr_scan(&req);
4216
f14d8f64
MH		 4217 /* Since only the advertising data flags will change, there
4218 * is no need to update the scan response data.
4219 */
5947f4bc 4220 update_adv_data(&req);
aa8af46e 4221
0663ca2a
JH		 4222 err = hci_req_run(&req, set_bredr_complete);
4223 if (err < 0)
4224 mgmt_pending_remove(cmd);
4225
4226unlock:
4227 hci_dev_unlock(hdev);
4228 return err;
4229}
4230
eac83dc6
MH		 4231static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4232 void *data, u16 len)
4233{
4234 struct mgmt_mode *cp = data;
4235 struct pending_cmd *cmd;
0ab04a9c 4236 u8 val, status;
eac83dc6
MH		 4237 int err;
4238
4239 BT_DBG("request for %s", hdev->name);
4240
4241 status = mgmt_bredr_support(hdev);
4242 if (status)
4243 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4244 status);
4245
5afeac14
MH		 4246 if (!lmp_sc_capable(hdev) &&
4247 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
eac83dc6
MH		 4248 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4249 MGMT_STATUS_NOT_SUPPORTED);
4250
0ab04a9c 4251 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4252 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4253 MGMT_STATUS_INVALID_PARAMS);
4254
4255 hci_dev_lock(hdev);
4256
4257 if (!hdev_is_powered(hdev)) {
4258 bool changed;
4259
0ab04a9c 4260 if (cp->val) {
eac83dc6
MH		 4261 changed = !test_and_set_bit(HCI_SC_ENABLED,
4262 &hdev->dev_flags);
0ab04a9c
MH		 4263 if (cp->val == 0x02)
4264 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4265 else
4266 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4267 } else {
eac83dc6
MH		 4268 changed = test_and_clear_bit(HCI_SC_ENABLED,
4269 &hdev->dev_flags);
0ab04a9c
MH		 4270 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4271 }
eac83dc6
MH		 4272
4273 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4274 if (err < 0)
4275 goto failed;
4276
4277 if (changed)
4278 err = new_settings(hdev, sk);
4279
4280 goto failed;
4281 }
4282
4283 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4284 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4285 MGMT_STATUS_BUSY);
4286 goto failed;
4287 }
4288
0ab04a9c
MH		 4289 val = !!cp->val;
4290
4291 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4292 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4293 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4294 goto failed;
4295 }
4296
4297 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4298 if (!cmd) {
4299 err = -ENOMEM;
4300 goto failed;
4301 }
4302
0ab04a9c 4303 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4304 if (err < 0) {
4305 mgmt_pending_remove(cmd);
4306 goto failed;
4307 }
4308
0ab04a9c
MH		 4309 if (cp->val == 0x02)
4310 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4311 else
4312 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4313
eac83dc6
MH		 4314failed:
4315 hci_dev_unlock(hdev);
4316 return err;
4317}
4318
4e39ac81
MH		 4319static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4320 void *data, u16 len)
4321{
4322 struct mgmt_mode *cp = data;
4323 bool changed;
4324 int err;
4325
4326 BT_DBG("request for %s", hdev->name);
4327
4328 if (cp->val != 0x00 && cp->val != 0x01)
4329 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4330 MGMT_STATUS_INVALID_PARAMS);
4331
4332 hci_dev_lock(hdev);
4333
4334 if (cp->val)
4335 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4336 else
4337 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4338
4339 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4340 if (err < 0)
4341 goto unlock;
4342
4343 if (changed)
4344 err = new_settings(hdev, sk);
4345
4346unlock:
4347 hci_dev_unlock(hdev);
4348 return err;
4349}
4350
62b04cd1
JH		 4351static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4352 u16 len)
4353{
4354 struct mgmt_cp_set_privacy *cp = cp_data;
4355 bool changed;
4356 int err;
4357
4358 BT_DBG("request for %s", hdev->name);
4359
4360 if (!lmp_le_capable(hdev))
4361 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4362 MGMT_STATUS_NOT_SUPPORTED);
4363
4364 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4365 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4366 MGMT_STATUS_INVALID_PARAMS);
4367
4368 if (hdev_is_powered(hdev))
4369 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4370 MGMT_STATUS_REJECTED);
4371
4372 hci_dev_lock(hdev);
4373
c21c0ea0
JH		 4374 /* If user space supports this command it is also expected to
4375 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4376 */
4377 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4378
62b04cd1
JH		 4379 if (cp->privacy) {
4380 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4381 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4382 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4383 } else {
4384 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4385 memset(hdev->irk, 0, sizeof(hdev->irk));
4386 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4387 }
4388
4389 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4390 if (err < 0)
4391 goto unlock;
4392
4393 if (changed)
4394 err = new_settings(hdev, sk);
4395
4396unlock:
4397 hci_dev_unlock(hdev);
4398 return err;
4399}
4400
41edf160
JH		 4401static bool irk_is_valid(struct mgmt_irk_info *irk)
4402{
4403 switch (irk->addr.type) {
4404 case BDADDR_LE_PUBLIC:
4405 return true;
4406
4407 case BDADDR_LE_RANDOM:
4408 /* Two most significant bits shall be set */
4409 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4410 return false;
4411 return true;
4412 }
4413
4414 return false;
4415}
4416
4417static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4418 u16 len)
4419{
4420 struct mgmt_cp_load_irks *cp = cp_data;
4421 u16 irk_count, expected_len;
4422 int i, err;
4423
4424 BT_DBG("request for %s", hdev->name);
4425
4426 if (!lmp_le_capable(hdev))
4427 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4428 MGMT_STATUS_NOT_SUPPORTED);
4429
4430 irk_count = __le16_to_cpu(cp->irk_count);
4431
4432 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4433 if (expected_len != len) {
4434 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4435 expected_len, len);
41edf160
JH		 4436 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4437 MGMT_STATUS_INVALID_PARAMS);
4438 }
4439
4440 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4441
4442 for (i = 0; i < irk_count; i++) {
4443 struct mgmt_irk_info *key = &cp->irks[i];
4444
4445 if (!irk_is_valid(key))
4446 return cmd_status(sk, hdev->id,
4447 MGMT_OP_LOAD_IRKS,
4448 MGMT_STATUS_INVALID_PARAMS);
4449 }
4450
4451 hci_dev_lock(hdev);
4452
4453 hci_smp_irks_clear(hdev);
4454
4455 for (i = 0; i < irk_count; i++) {
4456 struct mgmt_irk_info *irk = &cp->irks[i];
4457 u8 addr_type;
4458
4459 if (irk->addr.type == BDADDR_LE_PUBLIC)
4460 addr_type = ADDR_LE_DEV_PUBLIC;
4461 else
4462 addr_type = ADDR_LE_DEV_RANDOM;
4463
4464 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4465 BDADDR_ANY);
4466 }
4467
4468 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4469
4470 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4471
4472 hci_dev_unlock(hdev);
4473
4474 return err;
4475}
4476
3f706b72
JH		 4477static bool ltk_is_valid(struct mgmt_ltk_info *key)
4478{
4479 if (key->master != 0x00 && key->master != 0x01)
4480 return false;
490cb0b3
MH		 4481
4482 switch (key->addr.type) {
4483 case BDADDR_LE_PUBLIC:
4484 return true;
4485
4486 case BDADDR_LE_RANDOM:
4487 /* Two most significant bits shall be set */
4488 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4489 return false;
4490 return true;
4491 }
4492
4493 return false;
3f706b72
JH		 4494}
4495
bdb6d971 4496static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4497 void *cp_data, u16 len)
346af67b 4498{
346af67b
VCG		 4499 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4500 u16 key_count, expected_len;
715a5bf2 4501 int i, err;
346af67b 4502
cf99ba13
MH		 4503 BT_DBG("request for %s", hdev->name);
4504
4505 if (!lmp_le_capable(hdev))
4506 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4507 MGMT_STATUS_NOT_SUPPORTED);
4508
1f350c87 4509 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4510
4511 expected_len = sizeof(*cp) + key_count *
4512 sizeof(struct mgmt_ltk_info);
4513 if (expected_len != len) {
4514 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4515 expected_len, len);
bdb6d971 4516 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4517 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4518 }
4519
bdb6d971 4520 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4521
54ad6d8a
JH		 4522 for (i = 0; i < key_count; i++) {
4523 struct mgmt_ltk_info *key = &cp->keys[i];
4524
3f706b72 4525 if (!ltk_is_valid(key))
54ad6d8a
JH		 4526 return cmd_status(sk, hdev->id,
4527 MGMT_OP_LOAD_LONG_TERM_KEYS,
4528 MGMT_STATUS_INVALID_PARAMS);
4529 }
4530
346af67b
VCG		 4531 hci_dev_lock(hdev);
4532
4533 hci_smp_ltks_clear(hdev);
4534
4535 for (i = 0; i < key_count; i++) {
4536 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 4537 u8 type, addr_type;
4538
4539 if (key->addr.type == BDADDR_LE_PUBLIC)
4540 addr_type = ADDR_LE_DEV_PUBLIC;
4541 else
4542 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4543
4544 if (key->master)
4545 type = HCI_SMP_LTK;
4546 else
4547 type = HCI_SMP_LTK_SLAVE;
4548
35d70271
JH		 4549 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4550 key->type, key->val, key->enc_size, key->ediv,
4551 key->rand);
346af67b
VCG		 4552 }
4553
715a5bf2
JH		 4554 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4555 NULL, 0);
4556
346af67b 4557 hci_dev_unlock(hdev);
346af67b 4558
715a5bf2 4559 return err;
346af67b
VCG		 4560}
4561
dd983808
AK		 4562struct cmd_conn_lookup {
4563 struct hci_conn *conn;
4564 bool valid_tx_power;
4565 u8 mgmt_status;
4566};
4567
4568static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4569{
4570 struct cmd_conn_lookup *match = data;
4571 struct mgmt_cp_get_conn_info *cp;
4572 struct mgmt_rp_get_conn_info rp;
4573 struct hci_conn *conn = cmd->user_data;
4574
4575 if (conn != match->conn)
4576 return;
4577
4578 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4579
4580 memset(&rp, 0, sizeof(rp));
4581 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4582 rp.addr.type = cp->addr.type;
4583
4584 if (!match->mgmt_status) {
4585 rp.rssi = conn->rssi;
4586
eed5daf3 4587 if (match->valid_tx_power) {
dd983808 4588 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4589 rp.max_tx_power = conn->max_tx_power;
4590 } else {
dd983808 4591 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4592 rp.max_tx_power = HCI_TX_POWER_INVALID;
4593 }
dd983808
AK		 4594 }
4595
4596 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4597 match->mgmt_status, &rp, sizeof(rp));
4598
4599 hci_conn_drop(conn);
4600
4601 mgmt_pending_remove(cmd);
4602}
4603
4604static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4605{
4606 struct hci_cp_read_rssi *cp;
4607 struct hci_conn *conn;
4608 struct cmd_conn_lookup match;
4609 u16 handle;
4610
4611 BT_DBG("status 0x%02x", status);
4612
4613 hci_dev_lock(hdev);
4614
4615 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4616 * otherwise we assume it's not valid. At the moment we assume that
4617 * either both or none of current and max values are valid to keep code
4618 * simple.
dd983808
AK		 4619 */
4620 match.valid_tx_power = !status;
4621
4622 /* Commands sent in request are either Read RSSI or Read Transmit Power
4623 * Level so we check which one was last sent to retrieve connection
4624 * handle. Both commands have handle as first parameter so it's safe to
4625 * cast data on the same command struct.
4626 *
4627 * First command sent is always Read RSSI and we fail only if it fails.
4628 * In other case we simply override error to indicate success as we
4629 * already remembered if TX power value is actually valid.
4630 */
4631 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4632 if (!cp) {
4633 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4634 status = 0;
4635 }
4636
4637 if (!cp) {
4638 BT_ERR("invalid sent_cmd in response");
4639 goto unlock;
4640 }
4641
4642 handle = __le16_to_cpu(cp->handle);
4643 conn = hci_conn_hash_lookup_handle(hdev, handle);
4644 if (!conn) {
4645 BT_ERR("unknown handle (%d) in response", handle);
4646 goto unlock;
4647 }
4648
4649 match.conn = conn;
4650 match.mgmt_status = mgmt_status(status);
4651
4652 /* Cache refresh is complete, now reply for mgmt request for given
4653 * connection only.
4654 */
4655 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4656 get_conn_info_complete, &match);
4657
4658unlock:
4659 hci_dev_unlock(hdev);
4660}
4661
4662static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4663 u16 len)
4664{
4665 struct mgmt_cp_get_conn_info *cp = data;
4666 struct mgmt_rp_get_conn_info rp;
4667 struct hci_conn *conn;
4668 unsigned long conn_info_age;
4669 int err = 0;
4670
4671 BT_DBG("%s", hdev->name);
4672
4673 memset(&rp, 0, sizeof(rp));
4674 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4675 rp.addr.type = cp->addr.type;
4676
4677 if (!bdaddr_type_is_valid(cp->addr.type))
4678 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4679 MGMT_STATUS_INVALID_PARAMS,
4680 &rp, sizeof(rp));
4681
4682 hci_dev_lock(hdev);
4683
4684 if (!hdev_is_powered(hdev)) {
4685 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4686 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4687 goto unlock;
4688 }
4689
4690 if (cp->addr.type == BDADDR_BREDR)
4691 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4692 &cp->addr.bdaddr);
4693 else
4694 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4695
4696 if (!conn || conn->state != BT_CONNECTED) {
4697 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4698 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4699 goto unlock;
4700 }
4701
4702 /* To avoid client trying to guess when to poll again for information we
4703 * calculate conn info age as random value between min/max set in hdev.
4704 */
4705 conn_info_age = hdev->conn_info_min_age +
4706 prandom_u32_max(hdev->conn_info_max_age -
4707 hdev->conn_info_min_age);
4708
4709 /* Query controller to refresh cached values if they are too old or were
4710 * never read.
4711 */
f4e2dd53
AK		 4712 if (time_after(jiffies, conn->conn_info_timestamp +
4713 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4714 !conn->conn_info_timestamp) {
4715 struct hci_request req;
4716 struct hci_cp_read_tx_power req_txp_cp;
4717 struct hci_cp_read_rssi req_rssi_cp;
4718 struct pending_cmd *cmd;
4719
4720 hci_req_init(&req, hdev);
4721 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4722 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4723 &req_rssi_cp);
4724
f7faab0c
AK		 4725 /* For LE links TX power does not change thus we don't need to
4726 * query for it once value is known.
4727 */
4728 if (!bdaddr_type_is_le(cp->addr.type) ||
4729 conn->tx_power == HCI_TX_POWER_INVALID) {
4730 req_txp_cp.handle = cpu_to_le16(conn->handle);
4731 req_txp_cp.type = 0x00;
4732 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4733 sizeof(req_txp_cp), &req_txp_cp);
4734 }
dd983808 4735
eed5daf3
AK		 4736 /* Max TX power needs to be read only once per connection */
4737 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4738 req_txp_cp.handle = cpu_to_le16(conn->handle);
4739 req_txp_cp.type = 0x01;
4740 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4741 sizeof(req_txp_cp), &req_txp_cp);
4742 }
4743
dd983808
AK		 4744 err = hci_req_run(&req, conn_info_refresh_complete);
4745 if (err < 0)
4746 goto unlock;
4747
4748 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4749 data, len);
4750 if (!cmd) {
4751 err = -ENOMEM;
4752 goto unlock;
4753 }
4754
4755 hci_conn_hold(conn);
4756 cmd->user_data = conn;
4757
4758 conn->conn_info_timestamp = jiffies;
4759 } else {
4760 /* Cache is valid, just reply with values cached in hci_conn */
4761 rp.rssi = conn->rssi;
4762 rp.tx_power = conn->tx_power;
eed5daf3 4763 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 4764
4765 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4766 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
4767 }
4768
4769unlock:
4770 hci_dev_unlock(hdev);
4771 return err;
4772}
4773
2e3c35ea 4774static const struct mgmt_handler {
04124681
GP		 4775 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4776 u16 data_len);
be22b54e
JH		 4777 bool var_len;
4778 size_t data_len;
0f4e68cf
JH		 4779} mgmt_handlers[] = {
4780 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4781 { read_version, false, MGMT_READ_VERSION_SIZE },
4782 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4783 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4784 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4785 { set_powered, false, MGMT_SETTING_SIZE },
4786 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4787 { set_connectable, false, MGMT_SETTING_SIZE },
4788 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4789 { set_pairable, false, MGMT_SETTING_SIZE },
4790 { set_link_security, false, MGMT_SETTING_SIZE },
4791 { set_ssp, false, MGMT_SETTING_SIZE },
4792 { set_hs, false, MGMT_SETTING_SIZE },
4793 { set_le, false, MGMT_SETTING_SIZE },
4794 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4795 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4796 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4797 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4798 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4799 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4800 { disconnect, false, MGMT_DISCONNECT_SIZE },
4801 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4802 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4803 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4804 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4805 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4806 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4807 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4808 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4809 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4810 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4811 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4812 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 4813 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 4814 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4815 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4816 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4817 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4818 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4819 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4820 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4821 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4822 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4823 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4824 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 4825 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 4826 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 4827 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 4828 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 4829 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
0f4e68cf
JH		 4830};
4831
4832
0381101f
JH		 4833int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4834{
650f726d
VCG		 4835 void *buf;
4836 u8 *cp;
0381101f 4837 struct mgmt_hdr *hdr;
4e51eae9 4838 u16 opcode, index, len;
bdb6d971 4839 struct hci_dev *hdev = NULL;
2e3c35ea 4840 const struct mgmt_handler *handler;
0381101f
JH		 4841 int err;
4842
4843 BT_DBG("got %zu bytes", msglen);
4844
4845 if (msglen < sizeof(*hdr))
4846 return -EINVAL;
4847
e63a15ec 4848 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4849 if (!buf)
4850 return -ENOMEM;
4851
4852 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4853 err = -EFAULT;
4854 goto done;
4855 }
4856
650f726d 4857 hdr = buf;
1f350c87
MH		 4858 opcode = __le16_to_cpu(hdr->opcode);
4859 index = __le16_to_cpu(hdr->index);
4860 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4861
4862 if (len != msglen - sizeof(*hdr)) {
4863 err = -EINVAL;
4864 goto done;
4865 }
4866
0f4e68cf 4867 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4868 hdev = hci_dev_get(index);
4869 if (!hdev) {
4870 err = cmd_status(sk, index, opcode,
04124681 4871 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4872 goto done;
4873 }
0736cfa8 4874
cebf4cfd
JH		 4875 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4876 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4877 err = cmd_status(sk, index, opcode,
4878 MGMT_STATUS_INVALID_INDEX);
4879 goto done;
4880 }
bdb6d971
JH		 4881 }
4882
0f4e68cf 4883 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4884 mgmt_handlers[opcode].func == NULL) {
0381101f 4885 BT_DBG("Unknown op %u", opcode);
ca69b795 4886 err = cmd_status(sk, index, opcode,
04124681 4887 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4888 goto done;
4889 }
4890
4891 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4892 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4893 err = cmd_status(sk, index, opcode,
04124681 4894 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4895 goto done;
0381101f
JH		 4896 }
4897
be22b54e
JH		 4898 handler = &mgmt_handlers[opcode];
4899
4900 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4901 (!handler->var_len && len != handler->data_len)) {
be22b54e 4902 err = cmd_status(sk, index, opcode,
04124681 4903 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4904 goto done;
4905 }
4906
0f4e68cf
JH		 4907 if (hdev)
4908 mgmt_init_hdev(sk, hdev);
4909
4910 cp = buf + sizeof(*hdr);
4911
be22b54e 4912 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4913 if (err < 0)
4914 goto done;
4915
0381101f
JH		 4916 err = msglen;
4917
4918done:
bdb6d971
JH		 4919 if (hdev)
4920 hci_dev_put(hdev);
4921
0381101f
JH		 4922 kfree(buf);
4923 return err;
4924}
c71e97bf 4925
bf6b56db 4926void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4927{
1514b892 4928 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4929 return;
bb4b2a9a 4930
bf6b56db 4931 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4932}
4933
bf6b56db 4934void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4935{
5f159032 4936 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4937
1514b892 4938 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4939 return;
bb4b2a9a 4940
744cf19e 4941 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4942
bf6b56db 4943 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4944}
4945
6046dc3e
AG		 4946/* This function requires the caller holds hdev->lock */
4947static void restart_le_auto_conns(struct hci_dev *hdev)
4948{
4949 struct hci_conn_params *p;
4950
4951 list_for_each_entry(p, &hdev->le_conn_params, list) {
4952 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS)
4953 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
4954 }
4955}
4956
229ab39c
JH		 4957static void powered_complete(struct hci_dev *hdev, u8 status)
4958{
4959 struct cmd_lookup match = { NULL, hdev };
4960
4961 BT_DBG("status 0x%02x", status);
4962
4963 hci_dev_lock(hdev);
4964
6046dc3e
AG		 4965 restart_le_auto_conns(hdev);
4966
229ab39c
JH		 4967 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4968
4969 new_settings(hdev, match.sk);
4970
4971 hci_dev_unlock(hdev);
4972
4973 if (match.sk)
4974 sock_put(match.sk);
4975}
4976
70da6243 4977static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4978{
890ea898 4979 struct hci_request req;
70da6243 4980 u8 link_sec;
5add6af8 4981
890ea898
JH		 4982 hci_req_init(&req, hdev);
4983
70da6243
JH		 4984 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4985 !lmp_host_ssp_capable(hdev)) {
4986 u8 ssp = 1;
5e5282bb 4987
890ea898 4988 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4989 }
5add6af8 4990
c73eee91
JH		 4991 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4992 lmp_bredr_capable(hdev)) {
70da6243 4993 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4994
70da6243
JH		 4995 cp.le = 1;
4996 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4997
70da6243
JH		 4998 /* Check first if we already have the right
4999 * host state (host features set)
5000 */
5001 if (cp.le != lmp_host_le_capable(hdev) ||
5002 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5003 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5004 sizeof(cp), &cp);
70da6243 5005 }
3d1cbdd6 5006
d13eafce 5007 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5008 /* Make sure the controller has a good default for
5009 * advertising data. This also applies to the case
5010 * where BR/EDR was toggled during the AUTO_OFF phase.
5011 */
f14d8f64 5012 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5013 update_adv_data(&req);
f14d8f64
MH		 5014 update_scan_rsp_data(&req);
5015 }
441ad2d0 5016
bba3aa55
MH		 5017 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5018 enable_advertising(&req);
eeca6f89
JH		 5019 }
5020
70da6243
JH		 5021 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5022 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5023 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5024 sizeof(link_sec), &link_sec);
562fcc24 5025
70da6243 5026 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5027 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5028 set_bredr_scan(&req);
890ea898 5029 update_class(&req);
13928971 5030 update_name(&req);
890ea898 5031 update_eir(&req);
70da6243 5032 }
562fcc24 5033
229ab39c 5034 return hci_req_run(&req, powered_complete);
70da6243 5035}
562fcc24 5036
70da6243
JH		 5037int mgmt_powered(struct hci_dev *hdev, u8 powered)
5038{
5039 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5040 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5041 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5042 int err;
f0ff92fb 5043
70da6243
JH		 5044 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5045 return 0;
5046
70da6243 5047 if (powered) {
229ab39c
JH		 5048 if (powered_update_hci(hdev) == 0)
5049 return 0;
fe038884 5050
229ab39c
JH		 5051 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5052 &match);
5053 goto new_settings;
b24752fe
JH		 5054 }
5055
229ab39c
JH		 5056 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5057 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5058
5059 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5060 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5061 zero_cod, sizeof(zero_cod), NULL);
5062
5063new_settings:
beadb2bd 5064 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5065
5066 if (match.sk)
5067 sock_put(match.sk);
5068
7bb895d6 5069 return err;
5add6af8 5070}
73f22f62 5071
3eec705e 5072void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5073{
5074 struct pending_cmd *cmd;
5075 u8 status;
5076
5077 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5078 if (!cmd)
3eec705e 5079 return;
96570ffc
JH		 5080
5081 if (err == -ERFKILL)
5082 status = MGMT_STATUS_RFKILLED;
5083 else
5084 status = MGMT_STATUS_FAILED;
5085
3eec705e 5086 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5087
5088 mgmt_pending_remove(cmd);
96570ffc
JH		 5089}
5090
d1967ff8
MH		 5091void mgmt_discoverable_timeout(struct hci_dev *hdev)
5092{
5093 struct hci_request req;
d1967ff8
MH		 5094
5095 hci_dev_lock(hdev);
5096
5097 /* When discoverable timeout triggers, then just make sure
5098 * the limited discoverable flag is cleared. Even in the case
5099 * of a timeout triggered from general discoverable, it is
5100 * safe to unconditionally clear the flag.
5101 */
5102 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 5103 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 5104
5105 hci_req_init(&req, hdev);
4b580614
JH		 5106 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5107 u8 scan = SCAN_PAGE;
5108 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5109 sizeof(scan), &scan);
5110 }
d1967ff8 5111 update_class(&req);
9a43e25f 5112 update_adv_data(&req);
d1967ff8
MH		 5113 hci_req_run(&req, NULL);
5114
5115 hdev->discov_timeout = 0;
5116
9a43e25f
JH		 5117 new_settings(hdev, NULL);
5118
d1967ff8
MH		 5119 hci_dev_unlock(hdev);
5120}
5121
86a75645 5122void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 5123{
86a75645 5124 bool changed;
73f22f62 5125
bfaf8c9f
JH		 5126 /* Nothing needed here if there's a pending command since that
5127 * commands request completion callback takes care of everything
5128 * necessary.
5129 */
5130 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 5131 return;
bfaf8c9f 5132
bd107999
JH		 5133 /* Powering off may clear the scan mode - don't let that interfere */
5134 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5135 return;
5136
9a43e25f 5137 if (discoverable) {
86a75645 5138 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5139 } else {
5140 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 5141 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5142 }
5143
5144 if (changed) {
5145 struct hci_request req;
5146
5147 /* In case this change in discoverable was triggered by
5148 * a disabling of connectable there could be a need to
5149 * update the advertising flags.
5150 */
5151 hci_req_init(&req, hdev);
5152 update_adv_data(&req);
5153 hci_req_run(&req, NULL);
73f22f62 5154
86a75645 5155 new_settings(hdev, NULL);
9a43e25f 5156 }
73f22f62 5157}
9fbcbb45 5158
a330916c 5159void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 5160{
a330916c 5161 bool changed;
9fbcbb45 5162
d7b856f9
JH		 5163 /* Nothing needed here if there's a pending command since that
5164 * commands request completion callback takes care of everything
5165 * necessary.
5166 */
5167 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 5168 return;
d7b856f9 5169
ce3f24cf
JH		 5170 /* Powering off may clear the scan mode - don't let that interfere */
5171 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5172 return;
5173
a330916c
MH		 5174 if (connectable)
5175 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5176 else
5177 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 5178
beadb2bd 5179 if (changed)
a330916c 5180 new_settings(hdev, NULL);
9fbcbb45 5181}
55ed8ca1 5182
778b235a
JH		 5183void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
5184{
7c4cfab8
JH		 5185 /* Powering off may stop advertising - don't let that interfere */
5186 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5187 return;
5188
778b235a
JH		 5189 if (advertising)
5190 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
5191 else
5192 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5193}
5194
4796e8af 5195void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 5196{
ca69b795
JH		 5197 u8 mgmt_err = mgmt_status(status);
5198
2d7cee58 5199 if (scan & SCAN_PAGE)
744cf19e 5200 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 5201 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5202
5203 if (scan & SCAN_INQUIRY)
744cf19e 5204 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 5205 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5206}
5207
dc4a5ee2
MH		 5208void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
5209 bool persistent)
55ed8ca1 5210{
86742e1e 5211 struct mgmt_ev_new_link_key ev;
55ed8ca1 5212
a492cd52 5213 memset(&ev, 0, sizeof(ev));
55ed8ca1 5214
a492cd52 5215 ev.store_hint = persistent;
d753fdc4 5216 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 5217 ev.key.addr.type = BDADDR_BREDR;
a492cd52 5218 ev.key.type = key->type;
9b3b4460 5219 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 5220 ev.key.pin_len = key->pin_len;
55ed8ca1 5221
dc4a5ee2 5222 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 5223}
f7520543 5224
53ac6ab6 5225void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 5226{
5227 struct mgmt_ev_new_long_term_key ev;
5228
5229 memset(&ev, 0, sizeof(ev));
5230
5192d301
MH		 5231 /* Devices using resolvable or non-resolvable random addresses
5232 * without providing an indentity resolving key don't require
5233 * to store long term keys. Their addresses will change the
5234 * next time around.
5235 *
5236 * Only when a remote device provides an identity address
5237 * make sure the long term key is stored. If the remote
5238 * identity is known, the long term keys are internally
5239 * mapped to the identity address. So allow static random
5240 * and public addresses here.
5241 */
ba74b666
JH		 5242 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5243 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5244 ev.store_hint = 0x00;
5245 else
53ac6ab6 5246 ev.store_hint = persistent;
ba74b666 5247
346af67b 5248 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 5249 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d40f3eef 5250 ev.key.type = key->authenticated;
346af67b
VCG		 5251 ev.key.enc_size = key->enc_size;
5252 ev.key.ediv = key->ediv;
fe39c7b2 5253 ev.key.rand = key->rand;
346af67b
VCG		 5254
5255 if (key->type == HCI_SMP_LTK)
5256 ev.key.master = 1;
5257
346af67b
VCG		 5258 memcpy(ev.key.val, key->val, sizeof(key->val));
5259
083368f7 5260 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 5261}
5262
95fbac8a
JH		 5263void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5264{
5265 struct mgmt_ev_new_irk ev;
5266
5267 memset(&ev, 0, sizeof(ev));
5268
bab6d1e5
MH		 5269 /* For identity resolving keys from devices that are already
5270 * using a public address or static random address, do not
5271 * ask for storing this key. The identity resolving key really
5272 * is only mandatory for devices using resovlable random
5273 * addresses.
5274 *
5275 * Storing all identity resolving keys has the downside that
5276 * they will be also loaded on next boot of they system. More
5277 * identity resolving keys, means more time during scanning is
5278 * needed to actually resolve these addresses.
5279 */
5280 if (bacmp(&irk->rpa, BDADDR_ANY))
5281 ev.store_hint = 0x01;
5282 else
5283 ev.store_hint = 0x00;
5284
95fbac8a
JH		 5285 bacpy(&ev.rpa, &irk->rpa);
5286 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5287 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5288 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5289
5290 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5291}
5292
53ac6ab6
MH		 5293void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
5294 bool persistent)
7ee4ea36
MH		 5295{
5296 struct mgmt_ev_new_csrk ev;
5297
5298 memset(&ev, 0, sizeof(ev));
5299
5300 /* Devices using resolvable or non-resolvable random addresses
5301 * without providing an indentity resolving key don't require
5302 * to store signature resolving keys. Their addresses will change
5303 * the next time around.
5304 *
5305 * Only when a remote device provides an identity address
5306 * make sure the signature resolving key is stored. So allow
5307 * static random and public addresses here.
5308 */
5309 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5310 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
5311 ev.store_hint = 0x00;
5312 else
53ac6ab6 5313 ev.store_hint = persistent;
7ee4ea36
MH		 5314
5315 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
5316 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
5317 ev.key.master = csrk->master;
5318 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
5319
5320 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
5321}
5322
94933991
MH		 5323static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5324 u8 data_len)
5325{
5326 eir[eir_len++] = sizeof(type) + data_len;
5327 eir[eir_len++] = type;
5328 memcpy(&eir[eir_len], data, data_len);
5329 eir_len += data_len;
5330
5331 return eir_len;
5332}
5333
ecd90ae7
MH		 5334void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5335 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5336 u8 *dev_class)
f7520543 5337{
b644ba33
JH		 5338 char buf[512];
5339 struct mgmt_ev_device_connected *ev = (void *) buf;
5340 u16 eir_len = 0;
f7520543 5341
b644ba33 5342 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5343 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 5344
c95f0ba7 5345 ev->flags = __cpu_to_le32(flags);
08c79b61 5346
b644ba33
JH		 5347 if (name_len > 0)
5348 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 5349 name, name_len);
b644ba33
JH		 5350
5351 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 5352 eir_len = eir_append_data(ev->eir, eir_len,
04124681 5353 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 5354
eb55ef07 5355 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 5356
ecd90ae7
MH		 5357 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5358 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 5359}
5360
8962ee74
JH		 5361static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5362{
c68fb7ff 5363 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 5364 struct sock **sk = data;
a38528f1 5365 struct mgmt_rp_disconnect rp;
8962ee74 5366
88c3df13
JH		 5367 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5368 rp.addr.type = cp->addr.type;
8962ee74 5369
aee9b218 5370 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 5371 sizeof(rp));
8962ee74
JH		 5372
5373 *sk = cmd->sk;
5374 sock_hold(*sk);
5375
a664b5bc 5376 mgmt_pending_remove(cmd);
8962ee74
JH		 5377}
5378
124f6e35 5379static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 5380{
b1078ad0 5381 struct hci_dev *hdev = data;
124f6e35
JH		 5382 struct mgmt_cp_unpair_device *cp = cmd->param;
5383 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 5384
5385 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 5386 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5387 rp.addr.type = cp->addr.type;
a8a1d19e 5388
b1078ad0
JH		 5389 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5390
aee9b218 5391 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 5392
5393 mgmt_pending_remove(cmd);
5394}
5395
9b80ec5e 5396void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 5397 u8 link_type, u8 addr_type, u8 reason,
5398 bool mgmt_connected)
f7520543 5399{
f0d6a0ea 5400 struct mgmt_ev_device_disconnected ev;
8b064a3a 5401 struct pending_cmd *power_off;
8962ee74 5402 struct sock *sk = NULL;
8962ee74 5403
8b064a3a
JH		 5404 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5405 if (power_off) {
5406 struct mgmt_mode *cp = power_off->param;
5407
5408 /* The connection is still in hci_conn_hash so test for 1
5409 * instead of 0 to know if this is the last one.
5410 */
a3172b7e
JH		 5411 if (!cp->val && hci_conn_count(hdev) == 1) {
5412 cancel_delayed_work(&hdev->power_off);
8b064a3a 5413 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5414 }
8b064a3a
JH		 5415 }
5416
12d4a3b2
JH		 5417 if (!mgmt_connected)
5418 return;
5419
57eb776f
AG		 5420 if (link_type != ACL_LINK && link_type != LE_LINK)
5421 return;
5422
744cf19e 5423 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5424
f0d6a0ea
MA		 5425 bacpy(&ev.addr.bdaddr, bdaddr);
5426 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5427 ev.reason = reason;
f7520543 5428
9b80ec5e 5429 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5430
5431 if (sk)
d97dcb66 5432 sock_put(sk);
8962ee74 5433
124f6e35 5434 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5435 hdev);
8962ee74
JH		 5436}
5437
7892924c
MH		 5438void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5439 u8 link_type, u8 addr_type, u8 status)
8962ee74 5440{
3655bba8
AG		 5441 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5442 struct mgmt_cp_disconnect *cp;
88c3df13 5443 struct mgmt_rp_disconnect rp;
8962ee74 5444 struct pending_cmd *cmd;
8962ee74 5445
36a75f1b
JD		 5446 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5447 hdev);
5448
2e58ef3e 5449 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5450 if (!cmd)
7892924c 5451 return;
8962ee74 5452
3655bba8
AG		 5453 cp = cmd->param;
5454
5455 if (bacmp(bdaddr, &cp->addr.bdaddr))
5456 return;
5457
5458 if (cp->addr.type != bdaddr_type)
5459 return;
5460
88c3df13 5461 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5462 rp.addr.type = bdaddr_type;
37d9ef76 5463
7892924c
MH		 5464 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5465 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5466
a664b5bc 5467 mgmt_pending_remove(cmd);
f7520543 5468}
17d5c04c 5469
445608d0
MH		 5470void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5471 u8 addr_type, u8 status)
17d5c04c
JH		 5472{
5473 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 5474 struct pending_cmd *power_off;
5475
5476 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5477 if (power_off) {
5478 struct mgmt_mode *cp = power_off->param;
5479
5480 /* The connection is still in hci_conn_hash so test for 1
5481 * instead of 0 to know if this is the last one.
5482 */
a3172b7e
JH		 5483 if (!cp->val && hci_conn_count(hdev) == 1) {
5484 cancel_delayed_work(&hdev->power_off);
c9910d0f 5485 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5486 }
c9910d0f 5487 }
17d5c04c 5488
4c659c39 5489 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5490 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5491 ev.status = mgmt_status(status);
17d5c04c 5492
445608d0 5493 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5494}
980e1a53 5495
ce0e4a0d 5496void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 5497{
5498 struct mgmt_ev_pin_code_request ev;
5499
d8457698 5500 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 5501 ev.addr.type = BDADDR_BREDR;
a770bb5a 5502 ev.secure = secure;
980e1a53 5503
ce0e4a0d 5504 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 5505}
5506
e669cf80
MH		 5507void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5508 u8 status)
980e1a53
JH		 5509{
5510 struct pending_cmd *cmd;
ac56fb13 5511 struct mgmt_rp_pin_code_reply rp;
980e1a53 5512
2e58ef3e 5513 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 5514 if (!cmd)
e669cf80 5515 return;
980e1a53 5516
d8457698 5517 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5518 rp.addr.type = BDADDR_BREDR;
ac56fb13 5519
e669cf80
MH		 5520 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5521 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5522
a664b5bc 5523 mgmt_pending_remove(cmd);
980e1a53
JH		 5524}
5525
3eb38528
MH		 5526void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5527 u8 status)
980e1a53
JH		 5528{
5529 struct pending_cmd *cmd;
ac56fb13 5530 struct mgmt_rp_pin_code_reply rp;
980e1a53 5531
2e58ef3e 5532 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 5533 if (!cmd)
3eb38528 5534 return;
980e1a53 5535
d8457698 5536 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5537 rp.addr.type = BDADDR_BREDR;
ac56fb13 5538
3eb38528
MH		 5539 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5540 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5541
a664b5bc 5542 mgmt_pending_remove(cmd);
980e1a53 5543}
a5c29683 5544
744cf19e 5545int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 5546 u8 link_type, u8 addr_type, u32 value,
04124681 5547 u8 confirm_hint)
a5c29683
JH		 5548{
5549 struct mgmt_ev_user_confirm_request ev;
5550
744cf19e 5551 BT_DBG("%s", hdev->name);
a5c29683 5552
272d90df 5553 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5554 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 5555 ev.confirm_hint = confirm_hint;
39adbffe 5556 ev.value = cpu_to_le32(value);
a5c29683 5557
744cf19e 5558 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 5559 NULL);
a5c29683
JH		 5560}
5561
272d90df 5562int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 5563 u8 link_type, u8 addr_type)
604086b7
BG		 5564{
5565 struct mgmt_ev_user_passkey_request ev;
5566
5567 BT_DBG("%s", hdev->name);
5568
272d90df 5569 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5570 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 5571
5572 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 5573 NULL);
604086b7
BG		 5574}
5575
0df4c185 5576static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 5577 u8 link_type, u8 addr_type, u8 status,
5578 u8 opcode)
a5c29683
JH		 5579{
5580 struct pending_cmd *cmd;
5581 struct mgmt_rp_user_confirm_reply rp;
5582 int err;
5583
2e58ef3e 5584 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 5585 if (!cmd)
5586 return -ENOENT;
5587
272d90df 5588 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 5589 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 5590 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 5591 &rp, sizeof(rp));
a5c29683 5592
a664b5bc 5593 mgmt_pending_remove(cmd);
a5c29683
JH		 5594
5595 return err;
5596}
5597
744cf19e 5598int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5599 u8 link_type, u8 addr_type, u8 status)
a5c29683 5600{
272d90df 5601 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5602 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 5603}
5604
272d90df 5605int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5606 u8 link_type, u8 addr_type, u8 status)
a5c29683 5607{
272d90df 5608 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5609 status,
5610 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 5611}
2a611692 5612
604086b7 5613int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5614 u8 link_type, u8 addr_type, u8 status)
604086b7 5615{
272d90df 5616 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5617 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 5618}
5619
272d90df 5620int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5621 u8 link_type, u8 addr_type, u8 status)
604086b7 5622{
272d90df 5623 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5624 status,
5625 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 5626}
5627
92a25256
JH		 5628int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5629 u8 link_type, u8 addr_type, u32 passkey,
5630 u8 entered)
5631{
5632 struct mgmt_ev_passkey_notify ev;
5633
5634 BT_DBG("%s", hdev->name);
5635
5636 bacpy(&ev.addr.bdaddr, bdaddr);
5637 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5638 ev.passkey = __cpu_to_le32(passkey);
5639 ev.entered = entered;
5640
5641 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5642}
5643
e546099c
MH		 5644void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5645 u8 addr_type, u8 status)
2a611692
JH		 5646{
5647 struct mgmt_ev_auth_failed ev;
5648
bab73cb6 5649 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5650 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5651 ev.status = mgmt_status(status);
2a611692 5652
e546099c 5653 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 5654}
b312b161 5655
464996ae 5656void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 5657{
5658 struct cmd_lookup match = { NULL, hdev };
464996ae 5659 bool changed;
33ef95ed
JH		 5660
5661 if (status) {
5662 u8 mgmt_err = mgmt_status(status);
5663 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 5664 cmd_status_rsp, &mgmt_err);
464996ae 5665 return;
33ef95ed
JH		 5666 }
5667
464996ae
MH		 5668 if (test_bit(HCI_AUTH, &hdev->flags))
5669 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5670 &hdev->dev_flags);
5671 else
5672 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5673 &hdev->dev_flags);
47990ea0 5674
33ef95ed 5675 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 5676 &match);
33ef95ed 5677
47990ea0 5678 if (changed)
464996ae 5679 new_settings(hdev, match.sk);
33ef95ed
JH		 5680
5681 if (match.sk)
5682 sock_put(match.sk);
33ef95ed
JH		 5683}
5684
890ea898 5685static void clear_eir(struct hci_request *req)
cacaf52f 5686{
890ea898 5687 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 5688 struct hci_cp_write_eir cp;
5689
976eb20e 5690 if (!lmp_ext_inq_capable(hdev))
890ea898 5691 return;
cacaf52f 5692
c80da27e
JH		 5693 memset(hdev->eir, 0, sizeof(hdev->eir));
5694
cacaf52f
JH		 5695 memset(&cp, 0, sizeof(cp));
5696
890ea898 5697 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 5698}
5699
3e248560 5700void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 5701{
5702 struct cmd_lookup match = { NULL, hdev };
890ea898 5703 struct hci_request req;
c0ecddc2 5704 bool changed = false;
ed2c4ee3
JH		 5705
5706 if (status) {
5707 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 5708
5709 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 5710 &hdev->dev_flags)) {
5711 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 5712 new_settings(hdev, NULL);
9ecb3e24 5713 }
c0ecddc2 5714
04124681
GP		 5715 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5716 &mgmt_err);
3e248560 5717 return;
c0ecddc2
JH		 5718 }
5719
5720 if (enable) {
9ecb3e24 5721 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 5722 } else {
9ecb3e24
MH		 5723 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5724 if (!changed)
5725 changed = test_and_clear_bit(HCI_HS_ENABLED,
5726 &hdev->dev_flags);
5727 else
5728 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 5729 }
5730
5731 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5732
c0ecddc2 5733 if (changed)
3e248560 5734 new_settings(hdev, match.sk);
ed2c4ee3 5735
5fc6ebb1 5736 if (match.sk)
ed2c4ee3
JH		 5737 sock_put(match.sk);
5738
890ea898
JH		 5739 hci_req_init(&req, hdev);
5740
5fc6ebb1 5741 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 5742 update_eir(&req);
5fc6ebb1 5743 else
890ea898
JH		 5744 clear_eir(&req);
5745
5746 hci_req_run(&req, NULL);
ed2c4ee3
JH		 5747}
5748
eac83dc6
MH		 5749void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5750{
5751 struct cmd_lookup match = { NULL, hdev };
5752 bool changed = false;
5753
5754 if (status) {
5755 u8 mgmt_err = mgmt_status(status);
5756
0ab04a9c
MH		 5757 if (enable) {
5758 if (test_and_clear_bit(HCI_SC_ENABLED,
5759 &hdev->dev_flags))
5760 new_settings(hdev, NULL);
5761 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5762 }
eac83dc6
MH		 5763
5764 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5765 cmd_status_rsp, &mgmt_err);
5766 return;
5767 }
5768
0ab04a9c 5769 if (enable) {
eac83dc6 5770 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 5771 } else {
eac83dc6 5772 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 5773 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5774 }
eac83dc6
MH		 5775
5776 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5777 settings_rsp, &match);
5778
5779 if (changed)
5780 new_settings(hdev, match.sk);
5781
5782 if (match.sk)
5783 sock_put(match.sk);
5784}
5785
92da6097 5786static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 5787{
5788 struct cmd_lookup *match = data;
5789
90e70454
JH		 5790 if (match->sk == NULL) {
5791 match->sk = cmd->sk;
5792 sock_hold(match->sk);
5793 }
90e70454
JH		 5794}
5795
4e1b0245
MH		 5796void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5797 u8 status)
7f9a903c 5798{
90e70454 5799 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 5800
92da6097
JH		 5801 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5802 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5803 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 5804
5805 if (!status)
4e1b0245
MH		 5806 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5807 NULL);
90e70454
JH		 5808
5809 if (match.sk)
5810 sock_put(match.sk);
7f9a903c
MH		 5811}
5812
7667da34 5813void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 5814{
b312b161 5815 struct mgmt_cp_set_local_name ev;
13928971 5816 struct pending_cmd *cmd;
28cc7bde 5817
13928971 5818 if (status)
7667da34 5819 return;
b312b161
JH		 5820
5821 memset(&ev, 0, sizeof(ev));
5822 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 5823 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 5824
2e58ef3e 5825 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 5826 if (!cmd) {
5827 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 5828
13928971
JH		 5829 /* If this is a HCI command related to powering on the
5830 * HCI dev don't send any mgmt signals.
5831 */
5832 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 5833 return;
890ea898 5834 }
b312b161 5835
7667da34
MH		 5836 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5837 cmd ? cmd->sk : NULL);
b312b161 5838}
c35938b2 5839
4d2d2796
MH		 5840void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5841 u8 *randomizer192, u8 *hash256,
5842 u8 *randomizer256, u8 status)
c35938b2
SJ		 5843{
5844 struct pending_cmd *cmd;
c35938b2 5845
744cf19e 5846 BT_DBG("%s status %u", hdev->name, status);
c35938b2 5847
2e58ef3e 5848 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 5849 if (!cmd)
3edaf092 5850 return;
c35938b2
SJ		 5851
5852 if (status) {
3edaf092
MH		 5853 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5854 mgmt_status(status));
c35938b2 5855 } else {
4d2d2796
MH		 5856 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5857 hash256 && randomizer256) {
5858 struct mgmt_rp_read_local_oob_ext_data rp;
5859
5860 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5861 memcpy(rp.randomizer192, randomizer192,
5862 sizeof(rp.randomizer192));
c35938b2 5863
4d2d2796
MH		 5864 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5865 memcpy(rp.randomizer256, randomizer256,
5866 sizeof(rp.randomizer256));
c35938b2 5867
4d2d2796
MH		 5868 cmd_complete(cmd->sk, hdev->id,
5869 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5870 &rp, sizeof(rp));
5871 } else {
5872 struct mgmt_rp_read_local_oob_data rp;
5873
5874 memcpy(rp.hash, hash192, sizeof(rp.hash));
5875 memcpy(rp.randomizer, randomizer192,
5876 sizeof(rp.randomizer));
5877
5878 cmd_complete(cmd->sk, hdev->id,
5879 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5880 &rp, sizeof(rp));
5881 }
c35938b2
SJ		 5882 }
5883
5884 mgmt_pending_remove(cmd);
c35938b2 5885}
e17acd40 5886
901801b9 5887void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
73cf71d9
JH		 5888 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name,
5889 u8 ssp, u8 *eir, u16 eir_len, u8 *scan_rsp,
5d2e9fad 5890 u8 scan_rsp_len)
e17acd40 5891{
e319d2e7
JH		 5892 char buf[512];
5893 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 5894 struct smp_irk *irk;
1dc06093 5895 size_t ev_size;
e17acd40 5896
12602d0c 5897 if (!hci_discovery_active(hdev))
901801b9 5898 return;
12602d0c 5899
5d2e9fad
JH		 5900 /* Make sure that the buffer is big enough. The 5 extra bytes
5901 * are for the potential CoD field.
5902 */
5903 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 5904 return;
7d262f86 5905
1dc06093
JH		 5906 memset(buf, 0, sizeof(buf));
5907
5cedbb8d
JH		 5908 irk = hci_get_irk(hdev, bdaddr, addr_type);
5909 if (irk) {
5910 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5911 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5912 } else {
5913 bacpy(&ev->addr.bdaddr, bdaddr);
5914 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5915 }
5916
e319d2e7 5917 ev->rssi = rssi;
9a395a80 5918 if (cfm_name)
dcf4adbf 5919 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 5920 if (!ssp)
dcf4adbf 5921 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 5922
1dc06093 5923 if (eir_len > 0)
e319d2e7 5924 memcpy(ev->eir, eir, eir_len);
e17acd40 5925
1dc06093
JH		 5926 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5927 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 5928 dev_class, 3);
1dc06093 5929
5d2e9fad
JH		 5930 if (scan_rsp_len > 0)
5931 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
5932
5933 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
5934 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 5935
901801b9 5936 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 5937}
a88a9652 5938
9cf12aee
MH		 5939void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5940 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 5941{
b644ba33
JH		 5942 struct mgmt_ev_device_found *ev;
5943 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5944 u16 eir_len;
a88a9652 5945
b644ba33 5946 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 5947
b644ba33
JH		 5948 memset(buf, 0, sizeof(buf));
5949
5950 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5951 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 5952 ev->rssi = rssi;
5953
5954 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 5955 name_len);
b644ba33 5956
eb55ef07 5957 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 5958
9cf12aee 5959 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 5960}
314b2381 5961
2f1e063b 5962void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 5963{
f963e8e9 5964 struct mgmt_ev_discovering ev;
164a6e78
JH		 5965 struct pending_cmd *cmd;
5966
343fb145
AG		 5967 BT_DBG("%s discovering %u", hdev->name, discovering);
5968
164a6e78 5969 if (discovering)
2e58ef3e 5970 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 5971 else
2e58ef3e 5972 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 5973
5974 if (cmd != NULL) {
f808e166
JH		 5975 u8 type = hdev->discovery.type;
5976
04124681
GP		 5977 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5978 sizeof(type));
164a6e78
JH		 5979 mgmt_pending_remove(cmd);
5980 }
5981
f963e8e9
JH		 5982 memset(&ev, 0, sizeof(ev));
5983 ev.type = hdev->discovery.type;
5984 ev.discovering = discovering;
5985
2f1e063b 5986 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 5987}
5e762444 5988
88c1fe4b 5989int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5990{
5991 struct pending_cmd *cmd;
5992 struct mgmt_ev_device_blocked ev;
5993
2e58ef3e 5994 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 5995
88c1fe4b
JH		 5996 bacpy(&ev.addr.bdaddr, bdaddr);
5997 ev.addr.type = type;
5e762444 5998
744cf19e 5999 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 6000 cmd ? cmd->sk : NULL);
5e762444
AJ		 6001}
6002
88c1fe4b 6003int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 6004{
6005 struct pending_cmd *cmd;
6006 struct mgmt_ev_device_unblocked ev;
6007
2e58ef3e 6008 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 6009
88c1fe4b
JH		 6010 bacpy(&ev.addr.bdaddr, bdaddr);
6011 ev.addr.type = type;
5e762444 6012
744cf19e 6013 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 6014 cmd ? cmd->sk : NULL);
5e762444 6015}
5976e608
MH		 6016
6017static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6018{
6019 BT_DBG("%s status %u", hdev->name, status);
6020
6021 /* Clear the advertising mgmt setting if we failed to re-enable it */
6022 if (status) {
6023 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6024 new_settings(hdev, NULL);
5976e608
MH		 6025 }
6026}
6027
6028void mgmt_reenable_advertising(struct hci_dev *hdev)
6029{
6030 struct hci_request req;
6031
b145edcd 6032 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 6033 return;
6034
6035 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6036 return;
6037
6038 hci_req_init(&req, hdev);
6039 enable_advertising(&req);
6040
6041 /* If this fails we have no option but to let user space know
6042 * that we've disabled advertising.
6043 */
6044 if (hci_req_run(&req, adv_enable_complete) < 0) {
6045 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6046 new_settings(hdev, NULL);
5976e608
MH		 6047 }
6048}
Linux kernel - Deliverables
This page took 0.934613 seconds and 5 git commands to generate.