projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
net/mac802154: No need for an extra space when casting
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
854bda19 38#define MGMT_REVISION 8
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 47 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 89 MGMT_OP_ADD_DEVICE,
90 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 91 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 92 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 93 MGMT_OP_READ_CONFIG_INFO,
dbece37a 94 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 95 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 96 MGMT_OP_START_SERVICE_DISCOVERY,
e70bb2e8
JH		 97};
98
99static const u16 mgmt_events[] = {
100 MGMT_EV_CONTROLLER_ERROR,
101 MGMT_EV_INDEX_ADDED,
102 MGMT_EV_INDEX_REMOVED,
103 MGMT_EV_NEW_SETTINGS,
104 MGMT_EV_CLASS_OF_DEV_CHANGED,
105 MGMT_EV_LOCAL_NAME_CHANGED,
106 MGMT_EV_NEW_LINK_KEY,
107 MGMT_EV_NEW_LONG_TERM_KEY,
108 MGMT_EV_DEVICE_CONNECTED,
109 MGMT_EV_DEVICE_DISCONNECTED,
110 MGMT_EV_CONNECT_FAILED,
111 MGMT_EV_PIN_CODE_REQUEST,
112 MGMT_EV_USER_CONFIRM_REQUEST,
113 MGMT_EV_USER_PASSKEY_REQUEST,
114 MGMT_EV_AUTH_FAILED,
115 MGMT_EV_DEVICE_FOUND,
116 MGMT_EV_DISCOVERING,
117 MGMT_EV_DEVICE_BLOCKED,
118 MGMT_EV_DEVICE_UNBLOCKED,
119 MGMT_EV_DEVICE_UNPAIRED,
92a25256 120 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 121 MGMT_EV_NEW_IRK,
7ee4ea36 122 MGMT_EV_NEW_CSRK,
8afef092
MH		 123 MGMT_EV_DEVICE_ADDED,
124 MGMT_EV_DEVICE_REMOVED,
ffb5a827 125 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 126 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 127 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 128 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 129};
130
17b02e62 131#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 132
eec8d2bc
JH		 133struct pending_cmd {
134 struct list_head list;
fc2f4b13 135 u16 opcode;
eec8d2bc 136 int index;
c68fb7ff 137 void *param;
eec8d2bc 138 struct sock *sk;
e9a416b5 139 void *user_data;
eec8d2bc
JH		 140};
141
ca69b795
JH		 142/* HCI to MGMT error code conversion table */
143static u8 mgmt_status_table[] = {
144 MGMT_STATUS_SUCCESS,
145 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
146 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
147 MGMT_STATUS_FAILED, /* Hardware Failure */
148 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
149 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 150 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 151 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
152 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
153 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
154 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
155 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
156 MGMT_STATUS_BUSY, /* Command Disallowed */
157 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
158 MGMT_STATUS_REJECTED, /* Rejected Security */
159 MGMT_STATUS_REJECTED, /* Rejected Personal */
160 MGMT_STATUS_TIMEOUT, /* Host Timeout */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
162 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
163 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
164 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
165 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
166 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
167 MGMT_STATUS_BUSY, /* Repeated Attempts */
168 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
169 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
170 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
171 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
172 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
173 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
174 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
175 MGMT_STATUS_FAILED, /* Unspecified Error */
176 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
177 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
178 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
179 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
180 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
181 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
182 MGMT_STATUS_FAILED, /* Unit Link Key Used */
183 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
184 MGMT_STATUS_TIMEOUT, /* Instant Passed */
185 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
186 MGMT_STATUS_FAILED, /* Transaction Collision */
187 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
188 MGMT_STATUS_REJECTED, /* QoS Rejected */
189 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
190 MGMT_STATUS_REJECTED, /* Insufficient Security */
191 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
192 MGMT_STATUS_BUSY, /* Role Switch Pending */
193 MGMT_STATUS_FAILED, /* Slot Violation */
194 MGMT_STATUS_FAILED, /* Role Switch Failed */
195 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
196 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
197 MGMT_STATUS_BUSY, /* Host Busy Pairing */
198 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
199 MGMT_STATUS_BUSY, /* Controller Busy */
200 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
201 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
202 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
203 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
204 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
205};
206
207static u8 mgmt_status(u8 hci_status)
208{
209 if (hci_status < ARRAY_SIZE(mgmt_status_table))
210 return mgmt_status_table[hci_status];
211
212 return MGMT_STATUS_FAILED;
213}
214
04c60f05
MH		 215static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
216 struct sock *skip_sk)
217{
218 struct sk_buff *skb;
219 struct mgmt_hdr *hdr;
220
221 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
222 if (!skb)
223 return -ENOMEM;
224
225 hdr = (void *) skb_put(skb, sizeof(*hdr));
226 hdr->opcode = cpu_to_le16(event);
227 if (hdev)
228 hdr->index = cpu_to_le16(hdev->id);
229 else
230 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
231 hdr->len = cpu_to_le16(data_len);
232
233 if (data)
234 memcpy(skb_put(skb, data_len), data, data_len);
235
236 /* Time stamp */
237 __net_timestamp(skb);
238
239 hci_send_to_control(skb, skip_sk);
240 kfree_skb(skb);
241
242 return 0;
243}
244
4e51eae9 245static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 246{
247 struct sk_buff *skb;
248 struct mgmt_hdr *hdr;
249 struct mgmt_ev_cmd_status *ev;
56b7d137 250 int err;
f7b64e69 251
34eb525c 252 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 253
790eff44 254 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 255 if (!skb)
256 return -ENOMEM;
257
258 hdr = (void *) skb_put(skb, sizeof(*hdr));
259
dcf4adbf 260 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 261 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 262 hdr->len = cpu_to_le16(sizeof(*ev));
263
264 ev = (void *) skb_put(skb, sizeof(*ev));
265 ev->status = status;
eb55ef07 266 ev->opcode = cpu_to_le16(cmd);
f7b64e69 267
56b7d137
GP		 268 err = sock_queue_rcv_skb(sk, skb);
269 if (err < 0)
f7b64e69
JH		 270 kfree_skb(skb);
271
56b7d137 272 return err;
f7b64e69
JH		 273}
274
aee9b218 275static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 276 void *rp, size_t rp_len)
02d98129
JH		 277{
278 struct sk_buff *skb;
279 struct mgmt_hdr *hdr;
280 struct mgmt_ev_cmd_complete *ev;
56b7d137 281 int err;
02d98129
JH		 282
283 BT_DBG("sock %p", sk);
284
790eff44 285 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 286 if (!skb)
287 return -ENOMEM;
288
289 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 290
dcf4adbf 291 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 292 hdr->index = cpu_to_le16(index);
a38528f1 293 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 294
a38528f1 295 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 296 ev->opcode = cpu_to_le16(cmd);
aee9b218 297 ev->status = status;
8020c16a
SJ		 298
299 if (rp)
300 memcpy(ev->data, rp, rp_len);
02d98129 301
56b7d137
GP		 302 err = sock_queue_rcv_skb(sk, skb);
303 if (err < 0)
02d98129
JH		 304 kfree_skb(skb);
305
e5f0e151 306 return err;
02d98129
JH		 307}
308
04124681
GP		 309static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
310 u16 data_len)
a38528f1
JH		 311{
312 struct mgmt_rp_read_version rp;
313
314 BT_DBG("sock %p", sk);
315
316 rp.version = MGMT_VERSION;
dcf4adbf 317 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 318
aee9b218 319 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 320 sizeof(rp));
a38528f1
JH		 321}
322
04124681
GP		 323static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
324 u16 data_len)
e70bb2e8
JH		 325{
326 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 327 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
328 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 329 __le16 *opcode;
e70bb2e8
JH		 330 size_t rp_size;
331 int i, err;
332
333 BT_DBG("sock %p", sk);
334
335 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
336
337 rp = kmalloc(rp_size, GFP_KERNEL);
338 if (!rp)
339 return -ENOMEM;
340
dcf4adbf
JP		 341 rp->num_commands = cpu_to_le16(num_commands);
342 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 343
344 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
345 put_unaligned_le16(mgmt_commands[i], opcode);
346
347 for (i = 0; i < num_events; i++, opcode++)
348 put_unaligned_le16(mgmt_events[i], opcode);
349
aee9b218 350 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 351 rp_size);
e70bb2e8
JH		 352 kfree(rp);
353
354 return err;
355}
356
04124681
GP		 357static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
358 u16 data_len)
faba42eb 359{
faba42eb 360 struct mgmt_rp_read_index_list *rp;
8035ded4 361 struct hci_dev *d;
a38528f1 362 size_t rp_len;
faba42eb 363 u16 count;
476e44cb 364 int err;
faba42eb
JH		 365
366 BT_DBG("sock %p", sk);
367
368 read_lock(&hci_dev_list_lock);
369
370 count = 0;
bb4b2a9a 371 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 372 if (d->dev_type == HCI_BREDR &&
373 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 374 count++;
faba42eb
JH		 375 }
376
a38528f1
JH		 377 rp_len = sizeof(*rp) + (2 * count);
378 rp = kmalloc(rp_len, GFP_ATOMIC);
379 if (!rp) {
b2c60d42 380 read_unlock(&hci_dev_list_lock);
faba42eb 381 return -ENOMEM;
b2c60d42 382 }
faba42eb 383
476e44cb 384 count = 0;
8035ded4 385 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 386 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 387 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 388 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 389 continue;
390
73d1df2a
MH		 391 /* Devices marked as raw-only are neither configured
392 * nor unconfigured controllers.
393 */
394 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 395 continue;
396
73d1df2a
MH		 397 if (d->dev_type == HCI_BREDR &&
398 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 399 rp->index[count++] = cpu_to_le16(d->id);
400 BT_DBG("Added hci%u", d->id);
401 }
faba42eb
JH		 402 }
403
476e44cb
JH		 404 rp->num_controllers = cpu_to_le16(count);
405 rp_len = sizeof(*rp) + (2 * count);
406
faba42eb
JH		 407 read_unlock(&hci_dev_list_lock);
408
aee9b218 409 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 410 rp_len);
faba42eb 411
a38528f1
JH		 412 kfree(rp);
413
414 return err;
faba42eb
JH		 415}
416
73d1df2a
MH		 417static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
418 void *data, u16 data_len)
419{
420 struct mgmt_rp_read_unconf_index_list *rp;
421 struct hci_dev *d;
422 size_t rp_len;
423 u16 count;
424 int err;
425
426 BT_DBG("sock %p", sk);
427
428 read_lock(&hci_dev_list_lock);
429
430 count = 0;
431 list_for_each_entry(d, &hci_dev_list, list) {
432 if (d->dev_type == HCI_BREDR &&
433 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
434 count++;
435 }
436
437 rp_len = sizeof(*rp) + (2 * count);
438 rp = kmalloc(rp_len, GFP_ATOMIC);
439 if (!rp) {
440 read_unlock(&hci_dev_list_lock);
441 return -ENOMEM;
442 }
443
444 count = 0;
445 list_for_each_entry(d, &hci_dev_list, list) {
446 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 447 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 448 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
449 continue;
450
451 /* Devices marked as raw-only are neither configured
452 * nor unconfigured controllers.
453 */
454 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
455 continue;
456
457 if (d->dev_type == HCI_BREDR &&
458 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
459 rp->index[count++] = cpu_to_le16(d->id);
460 BT_DBG("Added hci%u", d->id);
461 }
462 }
463
464 rp->num_controllers = cpu_to_le16(count);
465 rp_len = sizeof(*rp) + (2 * count);
466
467 read_unlock(&hci_dev_list_lock);
468
469 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
470 0, rp, rp_len);
471
472 kfree(rp);
473
474 return err;
475}
476
dbece37a
MH		 477static bool is_configured(struct hci_dev *hdev)
478{
479 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
480 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
481 return false;
482
483 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
484 !bacmp(&hdev->public_addr, BDADDR_ANY))
485 return false;
486
487 return true;
488}
489
89bc22d2
MH		 490static __le32 get_missing_options(struct hci_dev *hdev)
491{
492 u32 options = 0;
493
dbece37a
MH		 494 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
495 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 496 options |= MGMT_OPTION_EXTERNAL_CONFIG;
497
89bc22d2
MH		 498 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
499 !bacmp(&hdev->public_addr, BDADDR_ANY))
500 options |= MGMT_OPTION_PUBLIC_ADDRESS;
501
502 return cpu_to_le32(options);
503}
504
f4537c04
MH		 505static int new_options(struct hci_dev *hdev, struct sock *skip)
506{
507 __le32 options = get_missing_options(hdev);
508
509 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
510 sizeof(options), skip);
511}
512
dbece37a
MH		 513static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
514{
515 __le32 options = get_missing_options(hdev);
516
517 return cmd_complete(sk, hdev->id, opcode, 0, &options,
518 sizeof(options));
519}
520
9fc3bfb6
MH		 521static int read_config_info(struct sock *sk, struct hci_dev *hdev,
522 void *data, u16 data_len)
523{
524 struct mgmt_rp_read_config_info rp;
89bc22d2 525 u32 options = 0;
9fc3bfb6
MH		 526
527 BT_DBG("sock %p %s", sk, hdev->name);
528
529 hci_dev_lock(hdev);
530
531 memset(&rp, 0, sizeof(rp));
532 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 533
eb1904f4
MH		 534 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
535 options |= MGMT_OPTION_EXTERNAL_CONFIG;
536
9fc3bfb6 537 if (hdev->set_bdaddr)
89bc22d2
MH		 538 options |= MGMT_OPTION_PUBLIC_ADDRESS;
539
540 rp.supported_options = cpu_to_le32(options);
541 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 542
543 hci_dev_unlock(hdev);
544
545 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
546 sizeof(rp));
547}
548
69ab39ea
JH		 549static u32 get_supported_settings(struct hci_dev *hdev)
550{
551 u32 settings = 0;
552
553 settings |= MGMT_SETTING_POWERED;
b2939475 554 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 555 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 556 settings |= MGMT_SETTING_CONNECTABLE;
557 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 558
ed3fa31f 559 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 560 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
561 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 562 settings |= MGMT_SETTING_BREDR;
563 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 564
565 if (lmp_ssp_capable(hdev)) {
566 settings |= MGMT_SETTING_SSP;
567 settings |= MGMT_SETTING_HS;
568 }
e98d2ce2 569
5afeac14 570 if (lmp_sc_capable(hdev) ||
111902f7 571 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 572 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 573 }
d7b7e796 574
eeca6f89 575 if (lmp_le_capable(hdev)) {
9d42820f 576 settings |= MGMT_SETTING_LE;
eeca6f89 577 settings |= MGMT_SETTING_ADVERTISING;
a3209694 578 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 579 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 580 }
69ab39ea 581
eb1904f4
MH		 582 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
583 hdev->set_bdaddr)
9fc3bfb6
MH		 584 settings |= MGMT_SETTING_CONFIGURATION;
585
69ab39ea
JH		 586 return settings;
587}
588
589static u32 get_current_settings(struct hci_dev *hdev)
590{
591 u32 settings = 0;
592
f1f0eb02 593 if (hdev_is_powered(hdev))
f0d4b78a
MH		 594 settings |= MGMT_SETTING_POWERED;
595
5e5282bb 596 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 597 settings |= MGMT_SETTING_CONNECTABLE;
598
1a4d3c4b
JH		 599 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
600 settings |= MGMT_SETTING_FAST_CONNECTABLE;
601
5e5282bb 602 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 603 settings |= MGMT_SETTING_DISCOVERABLE;
604
b6ae8457 605 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
b2939475 606 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 607
56f87901 608 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 609 settings |= MGMT_SETTING_BREDR;
610
06199cf8 611 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 612 settings |= MGMT_SETTING_LE;
613
47990ea0 614 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 615 settings |= MGMT_SETTING_LINK_SECURITY;
616
84bde9d6 617 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 618 settings |= MGMT_SETTING_SSP;
619
6d80dfd0
JH		 620 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
621 settings |= MGMT_SETTING_HS;
622
f3d3444a 623 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 624 settings |= MGMT_SETTING_ADVERTISING;
625
e98d2ce2
MH		 626 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
627 settings |= MGMT_SETTING_SECURE_CONN;
628
0663b297 629 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 630 settings |= MGMT_SETTING_DEBUG_KEYS;
631
0f4bd942
JH		 632 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
633 settings |= MGMT_SETTING_PRIVACY;
634
69ab39ea
JH		 635 return settings;
636}
637
ef580372
JH		 638#define PNP_INFO_SVCLASS_ID 0x1200
639
213202ed
JH		 640static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
641{
642 u8 *ptr = data, *uuids_start = NULL;
643 struct bt_uuid *uuid;
644
645 if (len < 4)
646 return ptr;
647
648 list_for_each_entry(uuid, &hdev->uuids, list) {
649 u16 uuid16;
650
651 if (uuid->size != 16)
652 continue;
653
654 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
655 if (uuid16 < 0x1100)
656 continue;
657
658 if (uuid16 == PNP_INFO_SVCLASS_ID)
659 continue;
660
661 if (!uuids_start) {
662 uuids_start = ptr;
663 uuids_start[0] = 1;
664 uuids_start[1] = EIR_UUID16_ALL;
665 ptr += 2;
666 }
667
668 /* Stop if not enough space to put next UUID */
669 if ((ptr - data) + sizeof(u16) > len) {
670 uuids_start[1] = EIR_UUID16_SOME;
671 break;
672 }
673
674 *ptr++ = (uuid16 & 0x00ff);
675 *ptr++ = (uuid16 & 0xff00) >> 8;
676 uuids_start[0] += sizeof(uuid16);
677 }
678
679 return ptr;
680}
681
cdf1963f
JH		 682static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
683{
684 u8 *ptr = data, *uuids_start = NULL;
685 struct bt_uuid *uuid;
686
687 if (len < 6)
688 return ptr;
689
690 list_for_each_entry(uuid, &hdev->uuids, list) {
691 if (uuid->size != 32)
692 continue;
693
694 if (!uuids_start) {
695 uuids_start = ptr;
696 uuids_start[0] = 1;
697 uuids_start[1] = EIR_UUID32_ALL;
698 ptr += 2;
699 }
700
701 /* Stop if not enough space to put next UUID */
702 if ((ptr - data) + sizeof(u32) > len) {
703 uuids_start[1] = EIR_UUID32_SOME;
704 break;
705 }
706
707 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
708 ptr += sizeof(u32);
709 uuids_start[0] += sizeof(u32);
710 }
711
712 return ptr;
713}
714
c00d575b
JH		 715static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
716{
717 u8 *ptr = data, *uuids_start = NULL;
718 struct bt_uuid *uuid;
719
720 if (len < 18)
721 return ptr;
722
723 list_for_each_entry(uuid, &hdev->uuids, list) {
724 if (uuid->size != 128)
725 continue;
726
727 if (!uuids_start) {
728 uuids_start = ptr;
729 uuids_start[0] = 1;
730 uuids_start[1] = EIR_UUID128_ALL;
731 ptr += 2;
732 }
733
734 /* Stop if not enough space to put next UUID */
735 if ((ptr - data) + 16 > len) {
736 uuids_start[1] = EIR_UUID128_SOME;
737 break;
738 }
739
740 memcpy(ptr, uuid->uuid, 16);
741 ptr += 16;
742 uuids_start[0] += 16;
743 }
744
745 return ptr;
746}
747
eb2a8d20
JH		 748static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
749{
750 struct pending_cmd *cmd;
751
752 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
753 if (cmd->opcode == opcode)
754 return cmd;
755 }
756
757 return NULL;
758}
759
95868426
JH		 760static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
761 struct hci_dev *hdev,
762 const void *data)
763{
764 struct pending_cmd *cmd;
765
766 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
767 if (cmd->user_data != data)
768 continue;
769 if (cmd->opcode == opcode)
770 return cmd;
771 }
772
773 return NULL;
774}
775
f14d8f64
MH		 776static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
777{
7a5f4990
MH		 778 u8 ad_len = 0;
779 size_t name_len;
780
781 name_len = strlen(hdev->dev_name);
782 if (name_len > 0) {
783 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
784
785 if (name_len > max_len) {
786 name_len = max_len;
787 ptr[1] = EIR_NAME_SHORT;
788 } else
789 ptr[1] = EIR_NAME_COMPLETE;
790
791 ptr[0] = name_len + 1;
792
793 memcpy(ptr + 2, hdev->dev_name, name_len);
794
795 ad_len += (name_len + 2);
796 ptr += (name_len + 2);
797 }
798
799 return ad_len;
f14d8f64
MH		 800}
801
802static void update_scan_rsp_data(struct hci_request *req)
803{
804 struct hci_dev *hdev = req->hdev;
805 struct hci_cp_le_set_scan_rsp_data cp;
806 u8 len;
807
7751ef1b 808 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 809 return;
810
811 memset(&cp, 0, sizeof(cp));
812
813 len = create_scan_rsp_data(hdev, cp.data);
814
eb438b5f
JH		 815 if (hdev->scan_rsp_data_len == len &&
816 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 817 return;
818
eb438b5f
JH		 819 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
820 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 821
822 cp.length = len;
823
824 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
825}
826
9a43e25f
JH		 827static u8 get_adv_discov_flags(struct hci_dev *hdev)
828{
829 struct pending_cmd *cmd;
830
831 /* If there's a pending mgmt command the flags will not yet have
832 * their final values, so check for this first.
833 */
834 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
835 if (cmd) {
836 struct mgmt_mode *cp = cmd->param;
837 if (cp->val == 0x01)
838 return LE_AD_GENERAL;
839 else if (cp->val == 0x02)
840 return LE_AD_LIMITED;
841 } else {
842 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
843 return LE_AD_LIMITED;
844 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
845 return LE_AD_GENERAL;
846 }
847
848 return 0;
849}
850
46cad2ed 851static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 852{
853 u8 ad_len = 0, flags = 0;
441ad2d0 854
9a43e25f 855 flags |= get_adv_discov_flags(hdev);
441ad2d0 856
e834004b 857 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 858 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 859
860 if (flags) {
861 BT_DBG("adv flags 0x%02x", flags);
862
863 ptr[0] = 2;
864 ptr[1] = EIR_FLAGS;
865 ptr[2] = flags;
866
867 ad_len += 3;
868 ptr += 3;
869 }
870
871 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
872 ptr[0] = 2;
873 ptr[1] = EIR_TX_POWER;
874 ptr[2] = (u8) hdev->adv_tx_power;
875
876 ad_len += 3;
877 ptr += 3;
878 }
879
441ad2d0
MH		 880 return ad_len;
881}
882
5947f4bc 883static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 884{
885 struct hci_dev *hdev = req->hdev;
886 struct hci_cp_le_set_adv_data cp;
887 u8 len;
888
10994ce6 889 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 890 return;
891
892 memset(&cp, 0, sizeof(cp));
893
46cad2ed 894 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 895
896 if (hdev->adv_data_len == len &&
897 memcmp(cp.data, hdev->adv_data, len) == 0)
898 return;
899
900 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
901 hdev->adv_data_len = len;
902
903 cp.length = len;
904
905 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
906}
907
bc6d2d04
JH		 908int mgmt_update_adv_data(struct hci_dev *hdev)
909{
910 struct hci_request req;
911
912 hci_req_init(&req, hdev);
913 update_adv_data(&req);
914
915 return hci_req_run(&req, NULL);
916}
917
ef580372
JH		 918static void create_eir(struct hci_dev *hdev, u8 *data)
919{
920 u8 *ptr = data;
ef580372
JH		 921 size_t name_len;
922
923 name_len = strlen(hdev->dev_name);
924
925 if (name_len > 0) {
926 /* EIR Data type */
927 if (name_len > 48) {
928 name_len = 48;
929 ptr[1] = EIR_NAME_SHORT;
930 } else
931 ptr[1] = EIR_NAME_COMPLETE;
932
933 /* EIR Data length */
934 ptr[0] = name_len + 1;
935
936 memcpy(ptr + 2, hdev->dev_name, name_len);
937
ef580372
JH		 938 ptr += (name_len + 2);
939 }
940
bbaf444a 941 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 942 ptr[0] = 2;
943 ptr[1] = EIR_TX_POWER;
944 ptr[2] = (u8) hdev->inq_tx_power;
945
91c4e9b1
MH		 946 ptr += 3;
947 }
948
2b9be137
MH		 949 if (hdev->devid_source > 0) {
950 ptr[0] = 9;
951 ptr[1] = EIR_DEVICE_ID;
952
953 put_unaligned_le16(hdev->devid_source, ptr + 2);
954 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
955 put_unaligned_le16(hdev->devid_product, ptr + 6);
956 put_unaligned_le16(hdev->devid_version, ptr + 8);
957
2b9be137
MH		 958 ptr += 10;
959 }
960
213202ed 961 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 962 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 963 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 964}
965
890ea898 966static void update_eir(struct hci_request *req)
ef580372 967{
890ea898 968 struct hci_dev *hdev = req->hdev;
ef580372
JH		 969 struct hci_cp_write_eir cp;
970
504c8dcd 971 if (!hdev_is_powered(hdev))
890ea898 972 return;
7770c4aa 973
976eb20e 974 if (!lmp_ext_inq_capable(hdev))
890ea898 975 return;
ef580372 976
84bde9d6 977 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 978 return;
ef580372 979
a8b2d5c2 980 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 981 return;
ef580372
JH		 982
983 memset(&cp, 0, sizeof(cp));
984
985 create_eir(hdev, cp.data);
986
987 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 988 return;
ef580372
JH		 989
990 memcpy(hdev->eir, cp.data, sizeof(cp.data));
991
890ea898 992 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 993}
994
995static u8 get_service_classes(struct hci_dev *hdev)
996{
997 struct bt_uuid *uuid;
998 u8 val = 0;
999
1000 list_for_each_entry(uuid, &hdev->uuids, list)
1001 val |= uuid->svc_hint;
1002
1003 return val;
1004}
1005
890ea898 1006static void update_class(struct hci_request *req)
ef580372 1007{
890ea898 1008 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1009 u8 cod[3];
1010
1011 BT_DBG("%s", hdev->name);
1012
504c8dcd 1013 if (!hdev_is_powered(hdev))
890ea898 1014 return;
7770c4aa 1015
f87ea1da
JH		 1016 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1017 return;
1018
a8b2d5c2 1019 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1020 return;
ef580372
JH		 1021
1022 cod[0] = hdev->minor_class;
1023 cod[1] = hdev->major_class;
1024 cod[2] = get_service_classes(hdev);
1025
6acd7db4
MH		 1026 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1027 cod[1] |= 0x20;
1028
ef580372 1029 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1030 return;
ef580372 1031
890ea898 1032 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1033}
1034
a4858cb9 1035static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 1036{
1037 struct pending_cmd *cmd;
199a2fb1
JH		 1038
1039 /* If there's a pending mgmt command the flag will not yet have
1040 * it's final value, so check for this first.
1041 */
1042 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1043 if (cmd) {
1044 struct mgmt_mode *cp = cmd->param;
a4858cb9 1045 return cp->val;
199a2fb1
JH		 1046 }
1047
a4858cb9 1048 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1049}
1050
0ec5ae84
JH		 1051static void disable_advertising(struct hci_request *req)
1052{
1053 u8 enable = 0x00;
1054
1055 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1056}
1057
199a2fb1
JH		 1058static void enable_advertising(struct hci_request *req)
1059{
1060 struct hci_dev *hdev = req->hdev;
1061 struct hci_cp_le_set_adv_param cp;
8f2a0601 1062 u8 own_addr_type, enable = 0x01;
a4858cb9 1063 bool connectable;
199a2fb1 1064
0ec5ae84
JH		 1065 if (hci_conn_num(hdev, LE_LINK) > 0)
1066 return;
1067
1068 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1069 disable_advertising(req);
1070
5ce194c4 1071 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1072 * hci_update_random_address knows that it's safe to go ahead
1073 * and write a new random address. The flag will be set back on
1074 * as soon as the SET_ADV_ENABLE HCI command completes.
1075 */
5ce194c4 1076 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
8d97250e 1077
a4858cb9 1078 connectable = get_connectable(hdev);
8f2a0601 1079
a4858cb9
JH		 1080 /* Set require_privacy to true only when non-connectable
1081 * advertising is used. In that case it is fine to use a
1082 * non-resolvable private address.
1083 */
1084 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1085 return;
1086
41c90c18 1087 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1088 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1089 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1090 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1091 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1092 cp.channel_map = hdev->le_adv_channel_map;
1093
1094 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1095
1096 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1097}
1098
7d78525d
JH		 1099static void service_cache_off(struct work_struct *work)
1100{
1101 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1102 service_cache.work);
890ea898 1103 struct hci_request req;
7d78525d 1104
a8b2d5c2 1105 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1106 return;
1107
890ea898
JH		 1108 hci_req_init(&req, hdev);
1109
7d78525d
JH		 1110 hci_dev_lock(hdev);
1111
890ea898
JH		 1112 update_eir(&req);
1113 update_class(&req);
7d78525d
JH		 1114
1115 hci_dev_unlock(hdev);
890ea898
JH		 1116
1117 hci_req_run(&req, NULL);
7d78525d
JH		 1118}
1119
d6bfd59c
JH		 1120static void rpa_expired(struct work_struct *work)
1121{
1122 struct hci_dev *hdev = container_of(work, struct hci_dev,
1123 rpa_expired.work);
1124 struct hci_request req;
1125
1126 BT_DBG("");
1127
1128 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1129
0ec5ae84 1130 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
d6bfd59c
JH		 1131 return;
1132
1133 /* The generation of a new RPA and programming it into the
1134 * controller happens in the enable_advertising() function.
1135 */
d6bfd59c 1136 hci_req_init(&req, hdev);
d6bfd59c 1137 enable_advertising(&req);
d6bfd59c
JH		 1138 hci_req_run(&req, NULL);
1139}
1140
6a919082 1141static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1142{
4f87da80 1143 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1144 return;
1145
4f87da80 1146 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1147 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1148
4f87da80
JH		 1149 /* Non-mgmt controlled devices get this bit set
1150 * implicitly so that pairing works for them, however
1151 * for mgmt we require user-space to explicitly enable
1152 * it
1153 */
b6ae8457 1154 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
7d78525d
JH		 1155}
1156
0f4e68cf 1157static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1158 void *data, u16 data_len)
0381101f 1159{
a38528f1 1160 struct mgmt_rp_read_info rp;
f7b64e69 1161
bdb6d971 1162 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1163
09fd0de5 1164 hci_dev_lock(hdev);
f7b64e69 1165
dc4fe30b
JH		 1166 memset(&rp, 0, sizeof(rp));
1167
69ab39ea 1168 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1169
69ab39ea 1170 rp.version = hdev->hci_ver;
eb55ef07 1171 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1172
1173 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1174 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1175
a38528f1 1176 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1177
dc4fe30b 1178 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1179 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1180
09fd0de5 1181 hci_dev_unlock(hdev);
0381101f 1182
bdb6d971 1183 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 1184 sizeof(rp));
0381101f
JH		 1185}
1186
eec8d2bc
JH		 1187static void mgmt_pending_free(struct pending_cmd *cmd)
1188{
1189 sock_put(cmd->sk);
c68fb7ff 1190 kfree(cmd->param);
eec8d2bc
JH		 1191 kfree(cmd);
1192}
1193
366a0336 1194static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1195 struct hci_dev *hdev, void *data,
1196 u16 len)
eec8d2bc
JH		 1197{
1198 struct pending_cmd *cmd;
1199
fca20018 1200 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1201 if (!cmd)
366a0336 1202 return NULL;
eec8d2bc
JH		 1203
1204 cmd->opcode = opcode;
2e58ef3e 1205 cmd->index = hdev->id;
eec8d2bc 1206
12b94565 1207 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 1208 if (!cmd->param) {
eec8d2bc 1209 kfree(cmd);
366a0336 1210 return NULL;
eec8d2bc
JH		 1211 }
1212
8fce6357
SJ		 1213 if (data)
1214 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1215
1216 cmd->sk = sk;
1217 sock_hold(sk);
1218
2e58ef3e 1219 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1220
366a0336 1221 return cmd;
eec8d2bc
JH		 1222}
1223
744cf19e 1224static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1225 void (*cb)(struct pending_cmd *cmd,
1226 void *data),
04124681 1227 void *data)
eec8d2bc 1228{
a3d09356 1229 struct pending_cmd *cmd, *tmp;
eec8d2bc 1230
a3d09356 1231 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1232 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1233 continue;
1234
eec8d2bc
JH		 1235 cb(cmd, data);
1236 }
1237}
1238
a664b5bc 1239static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1240{
73f22f62
JH		 1241 list_del(&cmd->list);
1242 mgmt_pending_free(cmd);
1243}
1244
69ab39ea 1245static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1246{
69ab39ea 1247 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1248
aee9b218 1249 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1250 sizeof(settings));
8680570b
JH		 1251}
1252
8b064a3a
JH		 1253static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1254{
1255 BT_DBG("%s status 0x%02x", hdev->name, status);
1256
a3172b7e
JH		 1257 if (hci_conn_count(hdev) == 0) {
1258 cancel_delayed_work(&hdev->power_off);
8b064a3a 1259 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1260 }
8b064a3a
JH		 1261}
1262
23a48093 1263static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1264{
1265 struct hci_dev *hdev = req->hdev;
1266 struct hci_cp_remote_name_req_cancel cp;
1267 struct inquiry_entry *e;
1268
1269 switch (hdev->discovery.state) {
1270 case DISCOVERY_FINDING:
1271 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1272 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1273 } else {
1274 cancel_delayed_work(&hdev->le_scan_disable);
1275 hci_req_add_le_scan_disable(req);
1276 }
1277
23a48093 1278 return true;
21a60d30
JH		 1279
1280 case DISCOVERY_RESOLVING:
1281 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1282 NAME_PENDING);
1283 if (!e)
23a48093 1284 break;
21a60d30
JH		 1285
1286 bacpy(&cp.bdaddr, &e->data.bdaddr);
1287 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1288 &cp);
1289
23a48093 1290 return true;
21a60d30
JH		 1291
1292 default:
1293 /* Passive scanning */
23a48093 1294 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
21a60d30 1295 hci_req_add_le_scan_disable(req);
23a48093
JH		 1296 return true;
1297 }
1298
21a60d30
JH		 1299 break;
1300 }
23a48093
JH		 1301
1302 return false;
21a60d30
JH		 1303}
1304
8b064a3a
JH		 1305static int clean_up_hci_state(struct hci_dev *hdev)
1306{
1307 struct hci_request req;
1308 struct hci_conn *conn;
23a48093
JH		 1309 bool discov_stopped;
1310 int err;
8b064a3a
JH		 1311
1312 hci_req_init(&req, hdev);
1313
1314 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1315 test_bit(HCI_PSCAN, &hdev->flags)) {
1316 u8 scan = 0x00;
1317 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1318 }
1319
73e082f8 1320 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
8b064a3a
JH		 1321 disable_advertising(&req);
1322
23a48093 1323 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1324
1325 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1326 struct hci_cp_disconnect dc;
c9910d0f
JH		 1327 struct hci_cp_reject_conn_req rej;
1328
1329 switch (conn->state) {
1330 case BT_CONNECTED:
1331 case BT_CONFIG:
1332 dc.handle = cpu_to_le16(conn->handle);
1333 dc.reason = 0x15; /* Terminated due to Power Off */
1334 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1335 break;
1336 case BT_CONNECT:
1337 if (conn->type == LE_LINK)
1338 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1339 0, NULL);
1340 else if (conn->type == ACL_LINK)
1341 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1342 6, &conn->dst);
1343 break;
1344 case BT_CONNECT2:
1345 bacpy(&rej.bdaddr, &conn->dst);
1346 rej.reason = 0x15; /* Terminated due to Power Off */
1347 if (conn->type == ACL_LINK)
1348 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1349 sizeof(rej), &rej);
1350 else if (conn->type == SCO_LINK)
1351 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1352 sizeof(rej), &rej);
1353 break;
1354 }
8b064a3a
JH		 1355 }
1356
23a48093
JH		 1357 err = hci_req_run(&req, clean_up_hci_complete);
1358 if (!err && discov_stopped)
1359 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1360
1361 return err;
8b064a3a
JH		 1362}
1363
bdb6d971 1364static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1365 u16 len)
eec8d2bc 1366{
650f726d 1367 struct mgmt_mode *cp = data;
366a0336 1368 struct pending_cmd *cmd;
4b34ee78 1369 int err;
eec8d2bc 1370
bdb6d971 1371 BT_DBG("request for %s", hdev->name);
eec8d2bc 1372
a7e80f25
JH		 1373 if (cp->val != 0x00 && cp->val != 0x01)
1374 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1375 MGMT_STATUS_INVALID_PARAMS);
1376
09fd0de5 1377 hci_dev_lock(hdev);
eec8d2bc 1378
87b95ba6
JH		 1379 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1380 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1381 MGMT_STATUS_BUSY);
1382 goto failed;
1383 }
1384
f0d4b78a
MH		 1385 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1386 cancel_delayed_work(&hdev->power_off);
1387
1388 if (cp->val) {
a1d70450
JH		 1389 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1390 data, len);
1391 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1392 goto failed;
1393 }
1394 }
1395
4b34ee78 1396 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1397 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1398 goto failed;
1399 }
1400
2e58ef3e 1401 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1402 if (!cmd) {
1403 err = -ENOMEM;
eec8d2bc 1404 goto failed;
366a0336 1405 }
eec8d2bc 1406
8b064a3a 1407 if (cp->val) {
19202573 1408 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1409 err = 0;
1410 } else {
1411 /* Disconnect connections, stop scans, etc */
1412 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1413 if (!err)
1414 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1415 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1416
8b064a3a
JH		 1417 /* ENODATA means there were no HCI commands queued */
1418 if (err == -ENODATA) {
a3172b7e 1419 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1420 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1421 err = 0;
1422 }
1423 }
eec8d2bc
JH		 1424
1425failed:
09fd0de5 1426 hci_dev_unlock(hdev);
366a0336 1427 return err;
eec8d2bc
JH		 1428}
1429
beadb2bd
JH		 1430static int new_settings(struct hci_dev *hdev, struct sock *skip)
1431{
1432 __le32 ev;
1433
1434 ev = cpu_to_le32(get_current_settings(hdev));
1435
1436 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1437}
1438
91a668b0
JH		 1439int mgmt_new_settings(struct hci_dev *hdev)
1440{
1441 return new_settings(hdev, NULL);
1442}
1443
bd99abdd
JH		 1444struct cmd_lookup {
1445 struct sock *sk;
1446 struct hci_dev *hdev;
1447 u8 mgmt_status;
1448};
1449
1450static void settings_rsp(struct pending_cmd *cmd, void *data)
1451{
1452 struct cmd_lookup *match = data;
1453
1454 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1455
1456 list_del(&cmd->list);
1457
1458 if (match->sk == NULL) {
1459 match->sk = cmd->sk;
1460 sock_hold(match->sk);
1461 }
1462
1463 mgmt_pending_free(cmd);
1464}
1465
1466static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1467{
1468 u8 *status = data;
1469
1470 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1471 mgmt_pending_remove(cmd);
1472}
1473
e6fe7986
JH		 1474static u8 mgmt_bredr_support(struct hci_dev *hdev)
1475{
1476 if (!lmp_bredr_capable(hdev))
1477 return MGMT_STATUS_NOT_SUPPORTED;
1478 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1479 return MGMT_STATUS_REJECTED;
1480 else
1481 return MGMT_STATUS_SUCCESS;
1482}
1483
1484static u8 mgmt_le_support(struct hci_dev *hdev)
1485{
1486 if (!lmp_le_capable(hdev))
1487 return MGMT_STATUS_NOT_SUPPORTED;
1488 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1489 return MGMT_STATUS_REJECTED;
1490 else
1491 return MGMT_STATUS_SUCCESS;
1492}
1493
bfaf8c9f
JH		 1494static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1495{
1496 struct pending_cmd *cmd;
1497 struct mgmt_mode *cp;
970ba524 1498 struct hci_request req;
bfaf8c9f
JH		 1499 bool changed;
1500
1501 BT_DBG("status 0x%02x", status);
1502
1503 hci_dev_lock(hdev);
1504
1505 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1506 if (!cmd)
1507 goto unlock;
1508
1509 if (status) {
1510 u8 mgmt_err = mgmt_status(status);
1511 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1512 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1513 goto remove_cmd;
1514 }
1515
1516 cp = cmd->param;
d4462a07 1517 if (cp->val) {
bfaf8c9f
JH		 1518 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1519 &hdev->dev_flags);
d4462a07
MH		 1520
1521 if (hdev->discov_timeout > 0) {
1522 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1523 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1524 to);
1525 }
1526 } else {
bfaf8c9f
JH		 1527 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1528 &hdev->dev_flags);
d4462a07 1529 }
bfaf8c9f
JH		 1530
1531 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1532
1533 if (changed)
1534 new_settings(hdev, cmd->sk);
1535
970ba524
MH		 1536 /* When the discoverable mode gets changed, make sure
1537 * that class of device has the limited discoverable
432df05e
JH		 1538 * bit correctly set. Also update page scan based on whitelist
1539 * entries.
970ba524
MH		 1540 */
1541 hci_req_init(&req, hdev);
432df05e 1542 hci_update_page_scan(hdev, &req);
970ba524
MH		 1543 update_class(&req);
1544 hci_req_run(&req, NULL);
1545
bfaf8c9f
JH		 1546remove_cmd:
1547 mgmt_pending_remove(cmd);
1548
1549unlock:
1550 hci_dev_unlock(hdev);
1551}
1552
bdb6d971 1553static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1554 u16 len)
73f22f62 1555{
650f726d 1556 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1557 struct pending_cmd *cmd;
bfaf8c9f 1558 struct hci_request req;
5e5282bb 1559 u16 timeout;
9a43e25f 1560 u8 scan;
73f22f62
JH		 1561 int err;
1562
bdb6d971 1563 BT_DBG("request for %s", hdev->name);
73f22f62 1564
9a43e25f
JH		 1565 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1566 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1567 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1568 MGMT_STATUS_REJECTED);
33c525c0 1569
310a3d48 1570 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1571 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1572 MGMT_STATUS_INVALID_PARAMS);
1573
1f350c87 1574 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1575
1576 /* Disabling discoverable requires that no timeout is set,
1577 * and enabling limited discoverable requires a timeout.
1578 */
1579 if ((cp->val == 0x00 && timeout > 0) ||
1580 (cp->val == 0x02 && timeout == 0))
bdb6d971 1581 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1582 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1583
09fd0de5 1584 hci_dev_lock(hdev);
73f22f62 1585
5e5282bb 1586 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1587 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1588 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1589 goto failed;
1590 }
1591
2e58ef3e 1592 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1593 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1594 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1595 MGMT_STATUS_BUSY);
73f22f62
JH		 1596 goto failed;
1597 }
1598
5e5282bb 1599 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1600 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1601 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1602 goto failed;
1603 }
1604
1605 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1606 bool changed = false;
1607
310a3d48
MH		 1608 /* Setting limited discoverable when powered off is
1609 * not a valid operation since it requires a timeout
1610 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1611 */
0224d2fa
JH		 1612 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1613 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1614 changed = true;
1615 }
1616
5e5282bb 1617 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1618 if (err < 0)
1619 goto failed;
1620
1621 if (changed)
1622 err = new_settings(hdev, sk);
1623
5e5282bb
JH		 1624 goto failed;
1625 }
1626
310a3d48
MH		 1627 /* If the current mode is the same, then just update the timeout
1628 * value with the new value. And if only the timeout gets updated,
1629 * then no need for any HCI transactions.
1630 */
1631 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1632 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1633 &hdev->dev_flags)) {
36261547
MH		 1634 cancel_delayed_work(&hdev->discov_off);
1635 hdev->discov_timeout = timeout;
955638ec 1636
36261547
MH		 1637 if (cp->val && hdev->discov_timeout > 0) {
1638 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1639 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1640 to);
955638ec
MH		 1641 }
1642
69ab39ea 1643 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1644 goto failed;
1645 }
1646
2e58ef3e 1647 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1648 if (!cmd) {
1649 err = -ENOMEM;
73f22f62 1650 goto failed;
366a0336 1651 }
73f22f62 1652
310a3d48
MH		 1653 /* Cancel any potential discoverable timeout that might be
1654 * still active and store new timeout value. The arming of
1655 * the timeout happens in the complete handler.
1656 */
1657 cancel_delayed_work(&hdev->discov_off);
1658 hdev->discov_timeout = timeout;
1659
b456f87c
JH		 1660 /* Limited discoverable mode */
1661 if (cp->val == 0x02)
1662 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1663 else
1664 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1665
bfaf8c9f
JH		 1666 hci_req_init(&req, hdev);
1667
9a43e25f
JH		 1668 /* The procedure for LE-only controllers is much simpler - just
1669 * update the advertising data.
1670 */
1671 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1672 goto update_ad;
1673
73f22f62
JH		 1674 scan = SCAN_PAGE;
1675
310a3d48
MH		 1676 if (cp->val) {
1677 struct hci_cp_write_current_iac_lap hci_cp;
1678
1679 if (cp->val == 0x02) {
1680 /* Limited discoverable mode */
33337dcb 1681 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1682 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1683 hci_cp.iac_lap[1] = 0x8b;
1684 hci_cp.iac_lap[2] = 0x9e;
1685 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1686 hci_cp.iac_lap[4] = 0x8b;
1687 hci_cp.iac_lap[5] = 0x9e;
1688 } else {
1689 /* General discoverable mode */
310a3d48
MH		 1690 hci_cp.num_iac = 1;
1691 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1692 hci_cp.iac_lap[1] = 0x8b;
1693 hci_cp.iac_lap[2] = 0x9e;
1694 }
1695
1696 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1697 (hci_cp.num_iac * 3) + 1, &hci_cp);
1698
73f22f62 1699 scan |= SCAN_INQUIRY;
310a3d48
MH		 1700 } else {
1701 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1702 }
73f22f62 1703
310a3d48 1704 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1705
9a43e25f
JH		 1706update_ad:
1707 update_adv_data(&req);
1708
bfaf8c9f 1709 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1710 if (err < 0)
a664b5bc 1711 mgmt_pending_remove(cmd);
73f22f62
JH		 1712
1713failed:
09fd0de5 1714 hci_dev_unlock(hdev);
73f22f62
JH		 1715 return err;
1716}
1717
406d7804
JH		 1718static void write_fast_connectable(struct hci_request *req, bool enable)
1719{
bd98b996 1720 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1721 struct hci_cp_write_page_scan_activity acp;
1722 u8 type;
1723
547003b1
JH		 1724 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1725 return;
1726
4c01f8b8
JH		 1727 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1728 return;
1729
406d7804
JH		 1730 if (enable) {
1731 type = PAGE_SCAN_TYPE_INTERLACED;
1732
1733 /* 160 msec page scan interval */
dcf4adbf 1734 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1735 } else {
1736 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1737
1738 /* default 1.28 sec page scan */
dcf4adbf 1739 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1740 }
1741
dcf4adbf 1742 acp.window = cpu_to_le16(0x0012);
406d7804 1743
bd98b996
JH		 1744 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1745 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1746 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1747 sizeof(acp), &acp);
1748
1749 if (hdev->page_scan_type != type)
1750 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1751}
1752
2b76f453
JH		 1753static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1754{
1755 struct pending_cmd *cmd;
d7b856f9 1756 struct mgmt_mode *cp;
bc6d2d04 1757 bool conn_changed, discov_changed;
2b76f453
JH		 1758
1759 BT_DBG("status 0x%02x", status);
1760
1761 hci_dev_lock(hdev);
1762
1763 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1764 if (!cmd)
1765 goto unlock;
1766
37438c1f
JH		 1767 if (status) {
1768 u8 mgmt_err = mgmt_status(status);
1769 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1770 goto remove_cmd;
1771 }
1772
d7b856f9 1773 cp = cmd->param;
bc6d2d04
JH		 1774 if (cp->val) {
1775 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1776 &hdev->dev_flags);
1777 discov_changed = false;
1778 } else {
1779 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1780 &hdev->dev_flags);
1781 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1782 &hdev->dev_flags);
1783 }
d7b856f9 1784
2b76f453
JH		 1785 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1786
bc6d2d04 1787 if (conn_changed || discov_changed) {
d7b856f9 1788 new_settings(hdev, cmd->sk);
432df05e 1789 hci_update_page_scan(hdev, NULL);
bc6d2d04
JH		 1790 if (discov_changed)
1791 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1792 hci_update_background_scan(hdev);
1793 }
d7b856f9 1794
37438c1f 1795remove_cmd:
2b76f453
JH		 1796 mgmt_pending_remove(cmd);
1797
1798unlock:
1799 hci_dev_unlock(hdev);
1800}
1801
e8ba3a1f
JH		 1802static int set_connectable_update_settings(struct hci_dev *hdev,
1803 struct sock *sk, u8 val)
1804{
1805 bool changed = false;
1806 int err;
1807
1808 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1809 changed = true;
1810
1811 if (val) {
1812 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1813 } else {
1814 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1815 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1816 }
1817
1818 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1819 if (err < 0)
1820 return err;
1821
562064e6 1822 if (changed) {
432df05e 1823 hci_update_page_scan(hdev, NULL);
562064e6 1824 hci_update_background_scan(hdev);
e8ba3a1f 1825 return new_settings(hdev, sk);
562064e6 1826 }
e8ba3a1f
JH		 1827
1828 return 0;
1829}
1830
bdb6d971 1831static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1832 u16 len)
9fbcbb45 1833{
650f726d 1834 struct mgmt_mode *cp = data;
366a0336 1835 struct pending_cmd *cmd;
2b76f453 1836 struct hci_request req;
1987fdc7 1837 u8 scan;
9fbcbb45
JH		 1838 int err;
1839
bdb6d971 1840 BT_DBG("request for %s", hdev->name);
9fbcbb45 1841
1987fdc7
JH		 1842 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1843 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1844 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1845 MGMT_STATUS_REJECTED);
33c525c0 1846
a7e80f25
JH		 1847 if (cp->val != 0x00 && cp->val != 0x01)
1848 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1849 MGMT_STATUS_INVALID_PARAMS);
1850
09fd0de5 1851 hci_dev_lock(hdev);
9fbcbb45 1852
4b34ee78 1853 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1854 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1855 goto failed;
1856 }
1857
2e58ef3e 1858 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1859 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1860 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1861 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1862 goto failed;
1863 }
1864
2e58ef3e 1865 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1866 if (!cmd) {
1867 err = -ENOMEM;
9fbcbb45 1868 goto failed;
366a0336 1869 }
9fbcbb45 1870
9b74246f 1871 hci_req_init(&req, hdev);
9fbcbb45 1872
9a43e25f
JH		 1873 /* If BR/EDR is not enabled and we disable advertising as a
1874 * by-product of disabling connectable, we need to update the
1875 * advertising flags.
1876 */
1877 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1878 if (!cp->val) {
1879 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1880 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1881 }
1882 update_adv_data(&req);
1883 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1884 if (cp->val) {
1885 scan = SCAN_PAGE;
1886 } else {
3bd27240
JH		 1887 /* If we don't have any whitelist entries just
1888 * disable all scanning. If there are entries
1889 * and we had both page and inquiry scanning
1890 * enabled then fall back to only page scanning.
1891 * Otherwise no changes are needed.
1892 */
1893 if (list_empty(&hdev->whitelist))
1894 scan = SCAN_DISABLED;
1895 else if (test_bit(HCI_ISCAN, &hdev->flags))
1896 scan = SCAN_PAGE;
1897 else
1898 goto no_scan_update;
9b74246f
JH		 1899
1900 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1901 hdev->discov_timeout > 0)
9b74246f
JH		 1902 cancel_delayed_work(&hdev->discov_off);
1903 }
2b76f453 1904
9b74246f
JH		 1905 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1906 }
2b76f453 1907
3bd27240 1908no_scan_update:
4c01f8b8
JH		 1909 /* If we're going from non-connectable to connectable or
1910 * vice-versa when fast connectable is enabled ensure that fast
1911 * connectable gets disabled. write_fast_connectable won't do
1912 * anything if the page scan parameters are already what they
1913 * should be.
1914 */
1915 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1916 write_fast_connectable(&req, false);
1917
e8b1202c
JH		 1918 /* Update the advertising parameters if necessary */
1919 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1987fdc7 1920 enable_advertising(&req);
1987fdc7 1921
2b76f453 1922 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1923 if (err < 0) {
a664b5bc 1924 mgmt_pending_remove(cmd);
9b74246f 1925 if (err == -ENODATA)
a81070ba
JH		 1926 err = set_connectable_update_settings(hdev, sk,
1927 cp->val);
9b74246f
JH		 1928 goto failed;
1929 }
9fbcbb45
JH		 1930
1931failed:
09fd0de5 1932 hci_dev_unlock(hdev);
9fbcbb45
JH		 1933 return err;
1934}
1935
b2939475 1936static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1937 u16 len)
c542a06c 1938{
650f726d 1939 struct mgmt_mode *cp = data;
55594356 1940 bool changed;
c542a06c
JH		 1941 int err;
1942
bdb6d971 1943 BT_DBG("request for %s", hdev->name);
c542a06c 1944
a7e80f25 1945 if (cp->val != 0x00 && cp->val != 0x01)
b2939475 1946 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
a7e80f25
JH		 1947 MGMT_STATUS_INVALID_PARAMS);
1948
09fd0de5 1949 hci_dev_lock(hdev);
c542a06c
JH		 1950
1951 if (cp->val)
b6ae8457 1952 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1953 else
b6ae8457 1954 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1955
b2939475 1956 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1957 if (err < 0)
55594356 1958 goto unlock;
c542a06c 1959
55594356
MH		 1960 if (changed)
1961 err = new_settings(hdev, sk);
c542a06c 1962
55594356 1963unlock:
09fd0de5 1964 hci_dev_unlock(hdev);
c542a06c
JH		 1965 return err;
1966}
1967
04124681
GP		 1968static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1969 u16 len)
33ef95ed
JH		 1970{
1971 struct mgmt_mode *cp = data;
1972 struct pending_cmd *cmd;
e6fe7986 1973 u8 val, status;
33ef95ed
JH		 1974 int err;
1975
bdb6d971 1976 BT_DBG("request for %s", hdev->name);
33ef95ed 1977
e6fe7986
JH		 1978 status = mgmt_bredr_support(hdev);
1979 if (status)
33c525c0 1980 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1981 status);
33c525c0 1982
a7e80f25
JH		 1983 if (cp->val != 0x00 && cp->val != 0x01)
1984 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1985 MGMT_STATUS_INVALID_PARAMS);
1986
33ef95ed
JH		 1987 hci_dev_lock(hdev);
1988
4b34ee78 1989 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1990 bool changed = false;
1991
1992 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1993 &hdev->dev_flags)) {
47990ea0
JH		 1994 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1995 changed = true;
1996 }
1997
1998 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1999 if (err < 0)
2000 goto failed;
2001
2002 if (changed)
2003 err = new_settings(hdev, sk);
2004
33ef95ed
JH		 2005 goto failed;
2006 }
2007
2008 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 2009 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 2010 MGMT_STATUS_BUSY);
33ef95ed
JH		 2011 goto failed;
2012 }
2013
2014 val = !!cp->val;
2015
2016 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2017 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2018 goto failed;
2019 }
2020
2021 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2022 if (!cmd) {
2023 err = -ENOMEM;
2024 goto failed;
2025 }
2026
2027 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2028 if (err < 0) {
2029 mgmt_pending_remove(cmd);
2030 goto failed;
2031 }
2032
2033failed:
2034 hci_dev_unlock(hdev);
33ef95ed
JH		 2035 return err;
2036}
2037
bdb6d971 2038static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2039{
2040 struct mgmt_mode *cp = data;
2041 struct pending_cmd *cmd;
72ef0c1a 2042 u8 status;
ed2c4ee3
JH		 2043 int err;
2044
bdb6d971 2045 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2046
cdba5281
MH		 2047 status = mgmt_bredr_support(hdev);
2048 if (status)
2049 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2050
13ecd8b6
JH		 2051 if (!lmp_ssp_capable(hdev))
2052 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2053 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2054
a7e80f25
JH		 2055 if (cp->val != 0x00 && cp->val != 0x01)
2056 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2057 MGMT_STATUS_INVALID_PARAMS);
2058
13ecd8b6 2059 hci_dev_lock(hdev);
6c8f12c1 2060
4b34ee78 2061 if (!hdev_is_powered(hdev)) {
9ecb3e24 2062 bool changed;
c0ecddc2 2063
9ecb3e24
MH		 2064 if (cp->val) {
2065 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2066 &hdev->dev_flags);
2067 } else {
2068 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2069 &hdev->dev_flags);
2070 if (!changed)
2071 changed = test_and_clear_bit(HCI_HS_ENABLED,
2072 &hdev->dev_flags);
2073 else
2074 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2075 }
2076
2077 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2078 if (err < 0)
2079 goto failed;
2080
2081 if (changed)
2082 err = new_settings(hdev, sk);
2083
ed2c4ee3
JH		 2084 goto failed;
2085 }
2086
9ecb3e24
MH		 2087 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2088 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 2089 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2090 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2091 goto failed;
2092 }
2093
72ef0c1a 2094 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2095 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2096 goto failed;
2097 }
2098
2099 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2100 if (!cmd) {
2101 err = -ENOMEM;
2102 goto failed;
2103 }
2104
3769972b
JH		 2105 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2106 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2107 sizeof(cp->val), &cp->val);
2108
72ef0c1a 2109 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2110 if (err < 0) {
2111 mgmt_pending_remove(cmd);
2112 goto failed;
2113 }
2114
2115failed:
2116 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2117 return err;
2118}
2119
bdb6d971 2120static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2121{
2122 struct mgmt_mode *cp = data;
ee392693 2123 bool changed;
e6fe7986 2124 u8 status;
ee392693 2125 int err;
6d80dfd0 2126
bdb6d971 2127 BT_DBG("request for %s", hdev->name);
6d80dfd0 2128
e6fe7986
JH		 2129 status = mgmt_bredr_support(hdev);
2130 if (status)
2131 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2132
9ecb3e24
MH		 2133 if (!lmp_ssp_capable(hdev))
2134 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2135 MGMT_STATUS_NOT_SUPPORTED);
2136
2137 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2138 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2139 MGMT_STATUS_REJECTED);
2140
a7e80f25
JH		 2141 if (cp->val != 0x00 && cp->val != 0x01)
2142 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2143 MGMT_STATUS_INVALID_PARAMS);
2144
ee392693
MH		 2145 hci_dev_lock(hdev);
2146
a0cdf960 2147 if (cp->val) {
ee392693 2148 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2149 } else {
2150 if (hdev_is_powered(hdev)) {
2151 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2152 MGMT_STATUS_REJECTED);
2153 goto unlock;
2154 }
2155
ee392693 2156 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2157 }
ee392693
MH		 2158
2159 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2160 if (err < 0)
2161 goto unlock;
2162
2163 if (changed)
2164 err = new_settings(hdev, sk);
6d80dfd0 2165
ee392693
MH		 2166unlock:
2167 hci_dev_unlock(hdev);
2168 return err;
6d80dfd0
JH		 2169}
2170
416a4ae5
JH		 2171static void le_enable_complete(struct hci_dev *hdev, u8 status)
2172{
2173 struct cmd_lookup match = { NULL, hdev };
2174
2175 if (status) {
2176 u8 mgmt_err = mgmt_status(status);
2177
2178 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2179 &mgmt_err);
2180 return;
2181 }
2182
2183 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2184
2185 new_settings(hdev, match.sk);
2186
2187 if (match.sk)
2188 sock_put(match.sk);
441ad2d0
MH		 2189
2190 /* Make sure the controller has a good default for
2191 * advertising data. Restrict the update to when LE
2192 * has actually been enabled. During power on, the
2193 * update in powered_update_hci will take care of it.
2194 */
2195 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2196 struct hci_request req;
2197
2198 hci_dev_lock(hdev);
2199
2200 hci_req_init(&req, hdev);
5947f4bc 2201 update_adv_data(&req);
f14d8f64 2202 update_scan_rsp_data(&req);
441ad2d0
MH		 2203 hci_req_run(&req, NULL);
2204
a70f4b5f
JH		 2205 hci_update_background_scan(hdev);
2206
441ad2d0
MH		 2207 hci_dev_unlock(hdev);
2208 }
416a4ae5
JH		 2209}
2210
bdb6d971 2211static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2212{
2213 struct mgmt_mode *cp = data;
2214 struct hci_cp_write_le_host_supported hci_cp;
2215 struct pending_cmd *cmd;
416a4ae5 2216 struct hci_request req;
06199cf8 2217 int err;
0b60eba1 2218 u8 val, enabled;
06199cf8 2219
bdb6d971 2220 BT_DBG("request for %s", hdev->name);
06199cf8 2221
13ecd8b6
JH		 2222 if (!lmp_le_capable(hdev))
2223 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2224 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2225
a7e80f25
JH		 2226 if (cp->val != 0x00 && cp->val != 0x01)
2227 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2228 MGMT_STATUS_INVALID_PARAMS);
2229
c73eee91 2230 /* LE-only devices do not allow toggling LE on/off */
56f87901 2231 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2232 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2233 MGMT_STATUS_REJECTED);
2234
13ecd8b6 2235 hci_dev_lock(hdev);
06199cf8
JH		 2236
2237 val = !!cp->val;
ffa88e02 2238 enabled = lmp_host_le_capable(hdev);
06199cf8 2239
0b60eba1 2240 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2241 bool changed = false;
2242
2243 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2244 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2245 changed = true;
2246 }
2247
f3d3444a
JH		 2248 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2249 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2250 changed = true;
2251 }
2252
06199cf8
JH		 2253 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2254 if (err < 0)
1de028ce 2255 goto unlock;
06199cf8
JH		 2256
2257 if (changed)
2258 err = new_settings(hdev, sk);
2259
1de028ce 2260 goto unlock;
06199cf8
JH		 2261 }
2262
4375f103
JH		 2263 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2264 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2265 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2266 MGMT_STATUS_BUSY);
1de028ce 2267 goto unlock;
06199cf8
JH		 2268 }
2269
2270 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2271 if (!cmd) {
2272 err = -ENOMEM;
1de028ce 2273 goto unlock;
06199cf8
JH		 2274 }
2275
441ad2d0
MH		 2276 hci_req_init(&req, hdev);
2277
06199cf8
JH		 2278 memset(&hci_cp, 0, sizeof(hci_cp));
2279
2280 if (val) {
2281 hci_cp.le = val;
32226e4f 2282 hci_cp.simul = 0x00;
441ad2d0 2283 } else {
73e082f8 2284 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
441ad2d0 2285 disable_advertising(&req);
06199cf8
JH		 2286 }
2287
416a4ae5
JH		 2288 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2289 &hci_cp);
2290
2291 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2292 if (err < 0)
06199cf8 2293 mgmt_pending_remove(cmd);
06199cf8 2294
1de028ce
JH		 2295unlock:
2296 hci_dev_unlock(hdev);
06199cf8
JH		 2297 return err;
2298}
2299
0cab9c80
JH		 2300/* This is a helper function to test for pending mgmt commands that can
2301 * cause CoD or EIR HCI commands. We can only allow one such pending
2302 * mgmt command at a time since otherwise we cannot easily track what
2303 * the current values are, will be, and based on that calculate if a new
2304 * HCI command needs to be sent and if yes with what value.
2305 */
2306static bool pending_eir_or_class(struct hci_dev *hdev)
2307{
2308 struct pending_cmd *cmd;
2309
2310 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2311 switch (cmd->opcode) {
2312 case MGMT_OP_ADD_UUID:
2313 case MGMT_OP_REMOVE_UUID:
2314 case MGMT_OP_SET_DEV_CLASS:
2315 case MGMT_OP_SET_POWERED:
2316 return true;
2317 }
2318 }
2319
2320 return false;
2321}
2322
83be8eca
JH		 2323static const u8 bluetooth_base_uuid[] = {
2324 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2325 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2326};
2327
2328static u8 get_uuid_size(const u8 *uuid)
2329{
2330 u32 val;
2331
2332 if (memcmp(uuid, bluetooth_base_uuid, 12))
2333 return 128;
2334
2335 val = get_unaligned_le32(&uuid[12]);
2336 if (val > 0xffff)
2337 return 32;
2338
2339 return 16;
2340}
2341
92da6097
JH		 2342static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2343{
2344 struct pending_cmd *cmd;
2345
2346 hci_dev_lock(hdev);
2347
2348 cmd = mgmt_pending_find(mgmt_op, hdev);
2349 if (!cmd)
2350 goto unlock;
2351
2352 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2353 hdev->dev_class, 3);
2354
2355 mgmt_pending_remove(cmd);
2356
2357unlock:
2358 hci_dev_unlock(hdev);
2359}
2360
2361static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2362{
2363 BT_DBG("status 0x%02x", status);
2364
2365 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2366}
2367
bdb6d971 2368static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2369{
650f726d 2370 struct mgmt_cp_add_uuid *cp = data;
90e70454 2371 struct pending_cmd *cmd;
890ea898 2372 struct hci_request req;
2aeb9a1a 2373 struct bt_uuid *uuid;
2aeb9a1a
JH		 2374 int err;
2375
bdb6d971 2376 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2377
09fd0de5 2378 hci_dev_lock(hdev);
2aeb9a1a 2379
0cab9c80 2380 if (pending_eir_or_class(hdev)) {
bdb6d971 2381 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2382 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2383 goto failed;
2384 }
2385
92c4c204 2386 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2387 if (!uuid) {
2388 err = -ENOMEM;
2389 goto failed;
2390 }
2391
2392 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2393 uuid->svc_hint = cp->svc_hint;
83be8eca 2394 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2395
de66aa63 2396 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2397
890ea898 2398 hci_req_init(&req, hdev);
1aff6f09 2399
890ea898
JH		 2400 update_class(&req);
2401 update_eir(&req);
2402
92da6097
JH		 2403 err = hci_req_run(&req, add_uuid_complete);
2404 if (err < 0) {
2405 if (err != -ENODATA)
2406 goto failed;
80a1e1db 2407
bdb6d971 2408 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2409 hdev->dev_class, 3);
90e70454
JH		 2410 goto failed;
2411 }
2412
2413 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2414 if (!cmd) {
90e70454 2415 err = -ENOMEM;
890ea898
JH		 2416 goto failed;
2417 }
2418
2419 err = 0;
2aeb9a1a
JH		 2420
2421failed:
09fd0de5 2422 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2423 return err;
2424}
2425
24b78d0f
JH		 2426static bool enable_service_cache(struct hci_dev *hdev)
2427{
2428 if (!hdev_is_powered(hdev))
2429 return false;
2430
2431 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2432 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2433 CACHE_TIMEOUT);
24b78d0f
JH		 2434 return true;
2435 }
2436
2437 return false;
2438}
2439
92da6097
JH		 2440static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2441{
2442 BT_DBG("status 0x%02x", status);
2443
2444 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2445}
2446
bdb6d971 2447static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2448 u16 len)
2aeb9a1a 2449{
650f726d 2450 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2451 struct pending_cmd *cmd;
056341c8 2452 struct bt_uuid *match, *tmp;
2aeb9a1a 2453 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2454 struct hci_request req;
2aeb9a1a
JH		 2455 int err, found;
2456
bdb6d971 2457 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2458
09fd0de5 2459 hci_dev_lock(hdev);
2aeb9a1a 2460
0cab9c80 2461 if (pending_eir_or_class(hdev)) {
bdb6d971 2462 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2463 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2464 goto unlock;
2465 }
2466
2aeb9a1a 2467 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2468 hci_uuids_clear(hdev);
4004b6d9 2469
24b78d0f 2470 if (enable_service_cache(hdev)) {
bdb6d971 2471 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2472 0, hdev->dev_class, 3);
24b78d0f
JH		 2473 goto unlock;
2474 }
4004b6d9 2475
9246a869 2476 goto update_class;
2aeb9a1a
JH		 2477 }
2478
2479 found = 0;
2480
056341c8 2481 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2482 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2483 continue;
2484
2485 list_del(&match->list);
482049f7 2486 kfree(match);
2aeb9a1a
JH		 2487 found++;
2488 }
2489
2490 if (found == 0) {
bdb6d971 2491 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2492 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2493 goto unlock;
2494 }
2495
9246a869 2496update_class:
890ea898 2497 hci_req_init(&req, hdev);
1aff6f09 2498
890ea898
JH		 2499 update_class(&req);
2500 update_eir(&req);
2501
92da6097
JH		 2502 err = hci_req_run(&req, remove_uuid_complete);
2503 if (err < 0) {
2504 if (err != -ENODATA)
2505 goto unlock;
80a1e1db 2506
bdb6d971 2507 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2508 hdev->dev_class, 3);
90e70454
JH		 2509 goto unlock;
2510 }
2511
2512 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2513 if (!cmd) {
90e70454 2514 err = -ENOMEM;
890ea898
JH		 2515 goto unlock;
2516 }
2517
2518 err = 0;
2aeb9a1a
JH		 2519
2520unlock:
09fd0de5 2521 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2522 return err;
2523}
2524
92da6097
JH		 2525static void set_class_complete(struct hci_dev *hdev, u8 status)
2526{
2527 BT_DBG("status 0x%02x", status);
2528
2529 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2530}
2531
bdb6d971 2532static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2533 u16 len)
1aff6f09 2534{
650f726d 2535 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2536 struct pending_cmd *cmd;
890ea898 2537 struct hci_request req;
1aff6f09
JH		 2538 int err;
2539
bdb6d971 2540 BT_DBG("request for %s", hdev->name);
1aff6f09 2541
6203fc98 2542 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2543 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2544 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2545
0cab9c80 2546 hci_dev_lock(hdev);
ee98f473 2547
0cab9c80
JH		 2548 if (pending_eir_or_class(hdev)) {
2549 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2550 MGMT_STATUS_BUSY);
2551 goto unlock;
2552 }
c95f0ba7 2553
0cab9c80
JH		 2554 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2555 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2556 MGMT_STATUS_INVALID_PARAMS);
2557 goto unlock;
2558 }
575b3a02 2559
932f5ff5
JH		 2560 hdev->major_class = cp->major;
2561 hdev->minor_class = cp->minor;
2562
b5235a65 2563 if (!hdev_is_powered(hdev)) {
bdb6d971 2564 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2565 hdev->dev_class, 3);
b5235a65
JH		 2566 goto unlock;
2567 }
2568
890ea898
JH		 2569 hci_req_init(&req, hdev);
2570
a8b2d5c2 2571 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2572 hci_dev_unlock(hdev);
2573 cancel_delayed_work_sync(&hdev->service_cache);
2574 hci_dev_lock(hdev);
890ea898 2575 update_eir(&req);
7d78525d 2576 }
14c0b608 2577
890ea898
JH		 2578 update_class(&req);
2579
92da6097
JH		 2580 err = hci_req_run(&req, set_class_complete);
2581 if (err < 0) {
2582 if (err != -ENODATA)
2583 goto unlock;
1aff6f09 2584
bdb6d971 2585 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2586 hdev->dev_class, 3);
90e70454
JH		 2587 goto unlock;
2588 }
2589
2590 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2591 if (!cmd) {
90e70454 2592 err = -ENOMEM;
890ea898
JH		 2593 goto unlock;
2594 }
2595
2596 err = 0;
1aff6f09 2597
b5235a65 2598unlock:
09fd0de5 2599 hci_dev_unlock(hdev);
1aff6f09
JH		 2600 return err;
2601}
2602
bdb6d971 2603static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2604 u16 len)
55ed8ca1 2605{
650f726d 2606 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2607 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2608 sizeof(struct mgmt_link_key_info));
4e51eae9 2609 u16 key_count, expected_len;
b1de97d8 2610 bool changed;
a492cd52 2611 int i;
55ed8ca1 2612
9060d5cf
MH		 2613 BT_DBG("request for %s", hdev->name);
2614
2615 if (!lmp_bredr_capable(hdev))
2616 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2617 MGMT_STATUS_NOT_SUPPORTED);
2618
1f350c87 2619 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2620 if (key_count > max_key_count) {
2621 BT_ERR("load_link_keys: too big key_count value %u",
2622 key_count);
2623 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2624 MGMT_STATUS_INVALID_PARAMS);
2625 }
55ed8ca1 2626
86742e1e
JH		 2627 expected_len = sizeof(*cp) + key_count *
2628 sizeof(struct mgmt_link_key_info);
a492cd52 2629 if (expected_len != len) {
86742e1e 2630 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2631 expected_len, len);
bdb6d971 2632 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2633 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2634 }
2635
4ae14301
JH		 2636 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2637 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2638 MGMT_STATUS_INVALID_PARAMS);
2639
bdb6d971 2640 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2641 key_count);
55ed8ca1 2642
4ee71b20
JH		 2643 for (i = 0; i < key_count; i++) {
2644 struct mgmt_link_key_info *key = &cp->keys[i];
2645
8e991132 2646 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2647 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2648 MGMT_STATUS_INVALID_PARAMS);
2649 }
2650
09fd0de5 2651 hci_dev_lock(hdev);
55ed8ca1
JH		 2652
2653 hci_link_keys_clear(hdev);
2654
55ed8ca1 2655 if (cp->debug_keys)
0663b297
JH		 2656 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2657 &hdev->dev_flags);
55ed8ca1 2658 else
0663b297
JH		 2659 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2660 &hdev->dev_flags);
b1de97d8
MH		 2661
2662 if (changed)
2663 new_settings(hdev, NULL);
55ed8ca1 2664
a492cd52 2665 for (i = 0; i < key_count; i++) {
86742e1e 2666 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2667
58e9293c
JH		 2668 /* Always ignore debug keys and require a new pairing if
2669 * the user wants to use them.
2670 */
2671 if (key->type == HCI_LK_DEBUG_COMBINATION)
2672 continue;
2673
7652ff6a
JH		 2674 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2675 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2676 }
2677
bdb6d971 2678 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2679
09fd0de5 2680 hci_dev_unlock(hdev);
55ed8ca1 2681
a492cd52 2682 return 0;
55ed8ca1
JH		 2683}
2684
b1078ad0 2685static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2686 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2687{
2688 struct mgmt_ev_device_unpaired ev;
2689
2690 bacpy(&ev.addr.bdaddr, bdaddr);
2691 ev.addr.type = addr_type;
2692
2693 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2694 skip_sk);
b1078ad0
JH		 2695}
2696
bdb6d971 2697static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2698 u16 len)
55ed8ca1 2699{
124f6e35
JH		 2700 struct mgmt_cp_unpair_device *cp = data;
2701 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2702 struct hci_cp_disconnect dc;
2703 struct pending_cmd *cmd;
55ed8ca1 2704 struct hci_conn *conn;
55ed8ca1
JH		 2705 int err;
2706
a8a1d19e 2707 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2708 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2709 rp.addr.type = cp->addr.type;
a8a1d19e 2710
4ee71b20
JH		 2711 if (!bdaddr_type_is_valid(cp->addr.type))
2712 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2713 MGMT_STATUS_INVALID_PARAMS,
2714 &rp, sizeof(rp));
2715
118da70b
JH		 2716 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2717 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2718 MGMT_STATUS_INVALID_PARAMS,
2719 &rp, sizeof(rp));
2720
4ee71b20
JH		 2721 hci_dev_lock(hdev);
2722
86a8cfc6 2723 if (!hdev_is_powered(hdev)) {
bdb6d971 2724 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2725 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2726 goto unlock;
2727 }
2728
e0b2b27e 2729 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2730 /* If disconnection is requested, then look up the
2731 * connection. If the remote device is connected, it
2732 * will be later used to terminate the link.
2733 *
2734 * Setting it to NULL explicitly will cause no
2735 * termination of the link.
2736 */
2737 if (cp->disconnect)
2738 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2739 &cp->addr.bdaddr);
2740 else
2741 conn = NULL;
2742
124f6e35 2743 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2744 } else {
2745 u8 addr_type;
2746
89cbb063
AA		 2747 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2748 &cp->addr.bdaddr);
2749 if (conn) {
2750 /* Defer clearing up the connection parameters
2751 * until closing to give a chance of keeping
2752 * them if a repairing happens.
2753 */
2754 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2755
2756 /* If disconnection is not requested, then
2757 * clear the connection variable so that the
2758 * link is not terminated.
2759 */
2760 if (!cp->disconnect)
2761 conn = NULL;
2762 }
2763
e0b2b27e
JH		 2764 if (cp->addr.type == BDADDR_LE_PUBLIC)
2765 addr_type = ADDR_LE_DEV_PUBLIC;
2766 else
2767 addr_type = ADDR_LE_DEV_RANDOM;
2768
a7ec7338
JH		 2769 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2770
e0b2b27e
JH		 2771 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2772 }
b0dbfb46 2773
55ed8ca1 2774 if (err < 0) {
bdb6d971 2775 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2776 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2777 goto unlock;
2778 }
2779
89cbb063
AA		 2780 /* If the connection variable is set, then termination of the
2781 * link is requested.
2782 */
a8a1d19e 2783 if (!conn) {
bdb6d971 2784 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2785 &rp, sizeof(rp));
b1078ad0 2786 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2787 goto unlock;
2788 }
55ed8ca1 2789
124f6e35 2790 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2791 sizeof(*cp));
a8a1d19e
JH		 2792 if (!cmd) {
2793 err = -ENOMEM;
2794 goto unlock;
55ed8ca1
JH		 2795 }
2796
eb55ef07 2797 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2798 dc.reason = 0x13; /* Remote User Terminated Connection */
2799 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2800 if (err < 0)
2801 mgmt_pending_remove(cmd);
2802
55ed8ca1 2803unlock:
09fd0de5 2804 hci_dev_unlock(hdev);
55ed8ca1
JH		 2805 return err;
2806}
2807
bdb6d971 2808static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2809 u16 len)
8962ee74 2810{
650f726d 2811 struct mgmt_cp_disconnect *cp = data;
06a63b19 2812 struct mgmt_rp_disconnect rp;
366a0336 2813 struct pending_cmd *cmd;
8962ee74 2814 struct hci_conn *conn;
8962ee74
JH		 2815 int err;
2816
2817 BT_DBG("");
2818
06a63b19
JH		 2819 memset(&rp, 0, sizeof(rp));
2820 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2821 rp.addr.type = cp->addr.type;
2822
4ee71b20 2823 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2824 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2825 MGMT_STATUS_INVALID_PARAMS,
2826 &rp, sizeof(rp));
4ee71b20 2827
09fd0de5 2828 hci_dev_lock(hdev);
8962ee74
JH		 2829
2830 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2831 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2832 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2833 goto failed;
2834 }
2835
2e58ef3e 2836 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2837 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2838 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2839 goto failed;
2840 }
2841
591f47f3 2842 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2843 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2844 &cp->addr.bdaddr);
88c3df13
JH		 2845 else
2846 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2847
f960727e 2848 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2849 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2850 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2851 goto failed;
2852 }
2853
2e58ef3e 2854 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2855 if (!cmd) {
2856 err = -ENOMEM;
8962ee74 2857 goto failed;
366a0336 2858 }
8962ee74 2859
e3f2f92a 2860 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2861 if (err < 0)
a664b5bc 2862 mgmt_pending_remove(cmd);
8962ee74
JH		 2863
2864failed:
09fd0de5 2865 hci_dev_unlock(hdev);
8962ee74
JH		 2866 return err;
2867}
2868
57c1477c 2869static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2870{
2871 switch (link_type) {
2872 case LE_LINK:
48264f06
JH		 2873 switch (addr_type) {
2874 case ADDR_LE_DEV_PUBLIC:
591f47f3 2875 return BDADDR_LE_PUBLIC;
0ed09148 2876
48264f06 2877 default:
0ed09148 2878 /* Fallback to LE Random address type */
591f47f3 2879 return BDADDR_LE_RANDOM;
48264f06 2880 }
0ed09148 2881
4c659c39 2882 default:
0ed09148 2883 /* Fallback to BR/EDR type */
591f47f3 2884 return BDADDR_BREDR;
4c659c39
JH		 2885 }
2886}
2887
04124681
GP		 2888static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2889 u16 data_len)
2784eb41 2890{
2784eb41 2891 struct mgmt_rp_get_connections *rp;
8035ded4 2892 struct hci_conn *c;
a38528f1 2893 size_t rp_len;
60fc5fb6
JH		 2894 int err;
2895 u16 i;
2784eb41
JH		 2896
2897 BT_DBG("");
2898
09fd0de5 2899 hci_dev_lock(hdev);
2784eb41 2900
5f97c1df 2901 if (!hdev_is_powered(hdev)) {
bdb6d971 2902 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2903 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2904 goto unlock;
2905 }
2906
60fc5fb6 2907 i = 0;
b644ba33
JH		 2908 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2909 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2910 i++;
2784eb41
JH		 2911 }
2912
60fc5fb6 2913 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2914 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2915 if (!rp) {
2784eb41
JH		 2916 err = -ENOMEM;
2917 goto unlock;
2918 }
2919
2784eb41 2920 i = 0;
4c659c39 2921 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2922 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2923 continue;
4c659c39 2924 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2925 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2926 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2927 continue;
2928 i++;
2929 }
2930
eb55ef07 2931 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2932
4c659c39
JH		 2933 /* Recalculate length in case of filtered SCO connections, etc */
2934 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2935
bdb6d971 2936 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2937 rp_len);
2784eb41 2938
a38528f1 2939 kfree(rp);
5f97c1df
JH		 2940
2941unlock:
09fd0de5 2942 hci_dev_unlock(hdev);
2784eb41
JH		 2943 return err;
2944}
2945
bdb6d971 2946static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2947 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2948{
2949 struct pending_cmd *cmd;
2950 int err;
2951
2e58ef3e 2952 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2953 sizeof(*cp));
96d97a67
WR		 2954 if (!cmd)
2955 return -ENOMEM;
2956
d8457698 2957 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2958 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2959 if (err < 0)
2960 mgmt_pending_remove(cmd);
2961
2962 return err;
2963}
2964
bdb6d971 2965static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2966 u16 len)
980e1a53 2967{
96d97a67 2968 struct hci_conn *conn;
650f726d 2969 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2970 struct hci_cp_pin_code_reply reply;
366a0336 2971 struct pending_cmd *cmd;
980e1a53
JH		 2972 int err;
2973
2974 BT_DBG("");
2975
09fd0de5 2976 hci_dev_lock(hdev);
980e1a53 2977
4b34ee78 2978 if (!hdev_is_powered(hdev)) {
bdb6d971 2979 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2980 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2981 goto failed;
2982 }
2983
d8457698 2984 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2985 if (!conn) {
bdb6d971 2986 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2987 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2988 goto failed;
2989 }
2990
2991 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2992 struct mgmt_cp_pin_code_neg_reply ncp;
2993
2994 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2995
2996 BT_ERR("PIN code is not 16 bytes long");
2997
bdb6d971 2998 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2999 if (err >= 0)
bdb6d971 3000 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3001 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3002
3003 goto failed;
3004 }
3005
00abfe44 3006 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3007 if (!cmd) {
3008 err = -ENOMEM;
980e1a53 3009 goto failed;
366a0336 3010 }
980e1a53 3011
d8457698 3012 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3013 reply.pin_len = cp->pin_len;
24718ca5 3014 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3015
3016 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3017 if (err < 0)
a664b5bc 3018 mgmt_pending_remove(cmd);
980e1a53
JH		 3019
3020failed:
09fd0de5 3021 hci_dev_unlock(hdev);
980e1a53
JH		 3022 return err;
3023}
3024
04124681
GP		 3025static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3026 u16 len)
17fa4b9d 3027{
650f726d 3028 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3029
3030 BT_DBG("");
3031
4ec86d4c
JH		 3032 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3033 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3034 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3035
09fd0de5 3036 hci_dev_lock(hdev);
17fa4b9d
JH		 3037
3038 hdev->io_capability = cp->io_capability;
3039
3040 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3041 hdev->io_capability);
17fa4b9d 3042
09fd0de5 3043 hci_dev_unlock(hdev);
17fa4b9d 3044
04124681
GP		 3045 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3046 0);
17fa4b9d
JH		 3047}
3048
6039aa73 3049static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3050{
3051 struct hci_dev *hdev = conn->hdev;
8035ded4 3052 struct pending_cmd *cmd;
e9a416b5 3053
2e58ef3e 3054 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3055 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3056 continue;
3057
e9a416b5
JH		 3058 if (cmd->user_data != conn)
3059 continue;
3060
3061 return cmd;
3062 }
3063
3064 return NULL;
3065}
3066
3067static void pairing_complete(struct pending_cmd *cmd, u8 status)
3068{
3069 struct mgmt_rp_pair_device rp;
3070 struct hci_conn *conn = cmd->user_data;
3071
61b1a7fb
JH		 3072 bacpy(&rp.addr.bdaddr, &conn->dst);
3073 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3074
aee9b218 3075 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 3076 &rp, sizeof(rp));
e9a416b5
JH		 3077
3078 /* So we don't get further callbacks for this connection */
3079 conn->connect_cfm_cb = NULL;
3080 conn->security_cfm_cb = NULL;
3081 conn->disconn_cfm_cb = NULL;
3082
76a68ba0 3083 hci_conn_drop(conn);
f8aaf9b6 3084 hci_conn_put(conn);
e9a416b5 3085
a664b5bc 3086 mgmt_pending_remove(cmd);
89cbb063
AA		 3087
3088 /* The device is paired so there is no need to remove
3089 * its connection parameters anymore.
3090 */
3091 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
e9a416b5
JH		 3092}
3093
f4a407be
JH		 3094void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3095{
3096 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3097 struct pending_cmd *cmd;
3098
3099 cmd = find_pairing(conn);
3100 if (cmd)
3101 pairing_complete(cmd, status);
3102}
3103
e9a416b5
JH		 3104static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3105{
3106 struct pending_cmd *cmd;
3107
3108 BT_DBG("status %u", status);
3109
3110 cmd = find_pairing(conn);
56e5cb86 3111 if (!cmd)
e9a416b5 3112 BT_DBG("Unable to find a pending command");
56e5cb86 3113 else
e211326c 3114 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 3115}
3116
f4a407be 3117static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 3118{
3119 struct pending_cmd *cmd;
3120
3121 BT_DBG("status %u", status);
3122
3123 if (!status)
3124 return;
3125
3126 cmd = find_pairing(conn);
3127 if (!cmd)
3128 BT_DBG("Unable to find a pending command");
3129 else
3130 pairing_complete(cmd, mgmt_status(status));
3131}
3132
bdb6d971 3133static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3134 u16 len)
e9a416b5 3135{
650f726d 3136 struct mgmt_cp_pair_device *cp = data;
1425acb7 3137 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 3138 struct pending_cmd *cmd;
3139 u8 sec_level, auth_type;
3140 struct hci_conn *conn;
e9a416b5
JH		 3141 int err;
3142
3143 BT_DBG("");
3144
f950a30e
SJ		 3145 memset(&rp, 0, sizeof(rp));
3146 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3147 rp.addr.type = cp->addr.type;
3148
4ee71b20
JH		 3149 if (!bdaddr_type_is_valid(cp->addr.type))
3150 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3151 MGMT_STATUS_INVALID_PARAMS,
3152 &rp, sizeof(rp));
3153
4ec86d4c
JH		 3154 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3155 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3156 MGMT_STATUS_INVALID_PARAMS,
3157 &rp, sizeof(rp));
3158
09fd0de5 3159 hci_dev_lock(hdev);
e9a416b5 3160
5f97c1df 3161 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 3162 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3163 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 3164 goto unlock;
3165 }
3166
c908df36 3167 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3168 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3169
6f77d8c7 3170 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3171 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3172 auth_type);
6f77d8c7
AG		 3173 } else {
3174 u8 addr_type;
3175
3176 /* Convert from L2CAP channel address type to HCI address type
3177 */
3178 if (cp->addr.type == BDADDR_LE_PUBLIC)
3179 addr_type = ADDR_LE_DEV_PUBLIC;
3180 else
3181 addr_type = ADDR_LE_DEV_RANDOM;
3182
7c264b10
MH		 3183 /* When pairing a new device, it is expected to remember
3184 * this device for future connections. Adding the connection
3185 * parameter information ahead of time allows tracking
3186 * of the slave preferred values and will speed up any
3187 * further connection establishment.
3188 *
3189 * If connection parameters already exist, then they
3190 * will be kept and this function does nothing.
3191 */
3192 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3193
6f77d8c7 3194 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3195 sec_level, HCI_LE_CONN_TIMEOUT,
3196 HCI_ROLE_MASTER);
6f77d8c7 3197 }
7a512d01 3198
30e76272 3199 if (IS_ERR(conn)) {
489dc48e
AK		 3200 int status;
3201
3202 if (PTR_ERR(conn) == -EBUSY)
3203 status = MGMT_STATUS_BUSY;
3204 else
3205 status = MGMT_STATUS_CONNECT_FAILED;
3206
bdb6d971 3207 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 3208 status, &rp,
04124681 3209 sizeof(rp));
e9a416b5
JH		 3210 goto unlock;
3211 }
3212
3213 if (conn->connect_cfm_cb) {
76a68ba0 3214 hci_conn_drop(conn);
bdb6d971 3215 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 3216 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3217 goto unlock;
3218 }
3219
2e58ef3e 3220 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3221 if (!cmd) {
3222 err = -ENOMEM;
76a68ba0 3223 hci_conn_drop(conn);
e9a416b5
JH		 3224 goto unlock;
3225 }
3226
7a512d01 3227 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3228 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3229 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3230 conn->security_cfm_cb = pairing_complete_cb;
3231 conn->disconn_cfm_cb = pairing_complete_cb;
3232 } else {
3233 conn->connect_cfm_cb = le_pairing_complete_cb;
3234 conn->security_cfm_cb = le_pairing_complete_cb;
3235 conn->disconn_cfm_cb = le_pairing_complete_cb;
3236 }
7a512d01 3237
e9a416b5 3238 conn->io_capability = cp->io_cap;
f8aaf9b6 3239 cmd->user_data = hci_conn_get(conn);
e9a416b5 3240
6f78fd4b 3241 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
e7cafc45 3242 hci_conn_security(conn, sec_level, auth_type, true))
e9a416b5
JH		 3243 pairing_complete(cmd, 0);
3244
3245 err = 0;
3246
3247unlock:
09fd0de5 3248 hci_dev_unlock(hdev);
e9a416b5
JH		 3249 return err;
3250}
3251
04124681
GP		 3252static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3253 u16 len)
28424707 3254{
0f4e68cf 3255 struct mgmt_addr_info *addr = data;
28424707
JH		 3256 struct pending_cmd *cmd;
3257 struct hci_conn *conn;
3258 int err;
3259
3260 BT_DBG("");
3261
28424707
JH		 3262 hci_dev_lock(hdev);
3263
5f97c1df 3264 if (!hdev_is_powered(hdev)) {
bdb6d971 3265 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3266 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3267 goto unlock;
3268 }
3269
28424707
JH		 3270 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3271 if (!cmd) {
bdb6d971 3272 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3273 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3274 goto unlock;
3275 }
3276
3277 conn = cmd->user_data;
3278
3279 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3280 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3281 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3282 goto unlock;
3283 }
3284
3285 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3286
bdb6d971 3287 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3288 addr, sizeof(*addr));
28424707
JH		 3289unlock:
3290 hci_dev_unlock(hdev);
28424707
JH		 3291 return err;
3292}
3293
bdb6d971 3294static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3295 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3296 u16 hci_op, __le32 passkey)
a5c29683 3297{
a5c29683 3298 struct pending_cmd *cmd;
0df4c185 3299 struct hci_conn *conn;
a5c29683
JH		 3300 int err;
3301
09fd0de5 3302 hci_dev_lock(hdev);
08ba5382 3303
4b34ee78 3304 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3305 err = cmd_complete(sk, hdev->id, mgmt_op,
3306 MGMT_STATUS_NOT_POWERED, addr,
3307 sizeof(*addr));
0df4c185 3308 goto done;
a5c29683
JH		 3309 }
3310
1707c60e
JH		 3311 if (addr->type == BDADDR_BREDR)
3312 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3313 else
1707c60e 3314 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3315
3316 if (!conn) {
feb94d3d
JH		 3317 err = cmd_complete(sk, hdev->id, mgmt_op,
3318 MGMT_STATUS_NOT_CONNECTED, addr,
3319 sizeof(*addr));
272d90df
JH		 3320 goto done;
3321 }
47c15e2b 3322
1707c60e 3323 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3324 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3325 if (!err)
feb94d3d
JH		 3326 err = cmd_complete(sk, hdev->id, mgmt_op,
3327 MGMT_STATUS_SUCCESS, addr,
3328 sizeof(*addr));
5fe57d9e 3329 else
feb94d3d
JH		 3330 err = cmd_complete(sk, hdev->id, mgmt_op,
3331 MGMT_STATUS_FAILED, addr,
3332 sizeof(*addr));
47c15e2b 3333
47c15e2b
BG		 3334 goto done;
3335 }
3336
1707c60e 3337 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3338 if (!cmd) {
3339 err = -ENOMEM;
0df4c185 3340 goto done;
a5c29683
JH		 3341 }
3342
0df4c185 3343 /* Continue with pairing via HCI */
604086b7
BG		 3344 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3345 struct hci_cp_user_passkey_reply cp;
3346
1707c60e 3347 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3348 cp.passkey = passkey;
3349 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3350 } else
1707c60e
JH		 3351 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3352 &addr->bdaddr);
604086b7 3353
a664b5bc
JH		 3354 if (err < 0)
3355 mgmt_pending_remove(cmd);
a5c29683 3356
0df4c185 3357done:
09fd0de5 3358 hci_dev_unlock(hdev);
a5c29683
JH		 3359 return err;
3360}
3361
afeb019d
JK		 3362static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3363 void *data, u16 len)
3364{
3365 struct mgmt_cp_pin_code_neg_reply *cp = data;
3366
3367 BT_DBG("");
3368
1707c60e 3369 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3370 MGMT_OP_PIN_CODE_NEG_REPLY,
3371 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3372}
3373
04124681
GP		 3374static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3375 u16 len)
0df4c185 3376{
650f726d 3377 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3378
3379 BT_DBG("");
3380
3381 if (len != sizeof(*cp))
bdb6d971 3382 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3383 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3384
1707c60e 3385 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3386 MGMT_OP_USER_CONFIRM_REPLY,
3387 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3388}
3389
bdb6d971 3390static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3391 void *data, u16 len)
0df4c185 3392{
c9c2659f 3393 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3394
3395 BT_DBG("");
3396
1707c60e 3397 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3398 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3399 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3400}
3401
04124681
GP		 3402static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3403 u16 len)
604086b7 3404{
650f726d 3405 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3406
3407 BT_DBG("");
3408
1707c60e 3409 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3410 MGMT_OP_USER_PASSKEY_REPLY,
3411 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3412}
3413
bdb6d971 3414static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3415 void *data, u16 len)
604086b7 3416{
650f726d 3417 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3418
3419 BT_DBG("");
3420
1707c60e 3421 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3422 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3423 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3424}
3425
13928971 3426static void update_name(struct hci_request *req)
2b4bf397 3427{
13928971 3428 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3429 struct hci_cp_write_local_name cp;
3430
13928971 3431 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3432
890ea898 3433 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3434}
3435
13928971
JH		 3436static void set_name_complete(struct hci_dev *hdev, u8 status)
3437{
3438 struct mgmt_cp_set_local_name *cp;
3439 struct pending_cmd *cmd;
3440
3441 BT_DBG("status 0x%02x", status);
3442
3443 hci_dev_lock(hdev);
3444
3445 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3446 if (!cmd)
3447 goto unlock;
3448
3449 cp = cmd->param;
3450
3451 if (status)
3452 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3453 mgmt_status(status));
3454 else
3455 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3456 cp, sizeof(*cp));
3457
3458 mgmt_pending_remove(cmd);
3459
3460unlock:
3461 hci_dev_unlock(hdev);
3462}
3463
bdb6d971 3464static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3465 u16 len)
b312b161 3466{
2b4bf397 3467 struct mgmt_cp_set_local_name *cp = data;
b312b161 3468 struct pending_cmd *cmd;
890ea898 3469 struct hci_request req;
b312b161
JH		 3470 int err;
3471
3472 BT_DBG("");
3473
09fd0de5 3474 hci_dev_lock(hdev);
b312b161 3475
b3f2ca94
JH		 3476 /* If the old values are the same as the new ones just return a
3477 * direct command complete event.
3478 */
3479 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3480 !memcmp(hdev->short_name, cp->short_name,
3481 sizeof(hdev->short_name))) {
3482 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3483 data, len);
3484 goto failed;
3485 }
3486
2b4bf397 3487 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3488
b5235a65 3489 if (!hdev_is_powered(hdev)) {
2b4bf397 3490 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3491
3492 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3493 data, len);
28cc7bde
JH		 3494 if (err < 0)
3495 goto failed;
3496
3497 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3498 sk);
28cc7bde 3499
b5235a65
JH		 3500 goto failed;
3501 }
3502
28cc7bde 3503 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3504 if (!cmd) {
3505 err = -ENOMEM;
3506 goto failed;
3507 }
3508
13928971
JH		 3509 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3510
890ea898 3511 hci_req_init(&req, hdev);
3f985050
JH		 3512
3513 if (lmp_bredr_capable(hdev)) {
3514 update_name(&req);
3515 update_eir(&req);
3516 }
3517
7a5f4990
MH		 3518 /* The name is stored in the scan response data and so
3519 * no need to udpate the advertising data here.
3520 */
3f985050 3521 if (lmp_le_capable(hdev))
7a5f4990 3522 update_scan_rsp_data(&req);
3f985050 3523
13928971 3524 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3525 if (err < 0)
3526 mgmt_pending_remove(cmd);
3527
3528failed:
09fd0de5 3529 hci_dev_unlock(hdev);
b312b161
JH		 3530 return err;
3531}
3532
0f4e68cf 3533static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3534 void *data, u16 data_len)
c35938b2 3535{
c35938b2
SJ		 3536 struct pending_cmd *cmd;
3537 int err;
3538
bdb6d971 3539 BT_DBG("%s", hdev->name);
c35938b2 3540
09fd0de5 3541 hci_dev_lock(hdev);
c35938b2 3542
4b34ee78 3543 if (!hdev_is_powered(hdev)) {
bdb6d971 3544 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3545 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3546 goto unlock;
3547 }
3548
9a1a1996 3549 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3550 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3551 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3552 goto unlock;
3553 }
3554
2e58ef3e 3555 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3556 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3557 MGMT_STATUS_BUSY);
c35938b2
SJ		 3558 goto unlock;
3559 }
3560
2e58ef3e 3561 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3562 if (!cmd) {
3563 err = -ENOMEM;
3564 goto unlock;
3565 }
3566
710f11c0 3567 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3568 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3569 0, NULL);
3570 else
3571 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3572
c35938b2
SJ		 3573 if (err < 0)
3574 mgmt_pending_remove(cmd);
3575
3576unlock:
09fd0de5 3577 hci_dev_unlock(hdev);
c35938b2
SJ		 3578 return err;
3579}
3580
bdb6d971 3581static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3582 void *data, u16 len)
2763eda6 3583{
2763eda6
SJ		 3584 int err;
3585
bdb6d971 3586 BT_DBG("%s ", hdev->name);
2763eda6 3587
09fd0de5 3588 hci_dev_lock(hdev);
2763eda6 3589
ec109113
MH		 3590 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3591 struct mgmt_cp_add_remote_oob_data *cp = data;
3592 u8 status;
bf1e3541 3593
c19a495c
JH		 3594 if (cp->addr.type != BDADDR_BREDR) {
3595 err = cmd_complete(sk, hdev->id,
3596 MGMT_OP_ADD_REMOTE_OOB_DATA,
3597 MGMT_STATUS_INVALID_PARAMS,
3598 &cp->addr, sizeof(cp->addr));
3599 goto unlock;
3600 }
3601
ec109113 3602 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3603 cp->addr.type, cp->hash,
3604 cp->rand, NULL, NULL);
ec109113
MH		 3605 if (err < 0)
3606 status = MGMT_STATUS_FAILED;
3607 else
3608 status = MGMT_STATUS_SUCCESS;
3609
3610 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3611 status, &cp->addr, sizeof(cp->addr));
3612 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3613 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
86df9200 3614 u8 *rand192, *hash192;
ec109113
MH		 3615 u8 status;
3616
c19a495c
JH		 3617 if (cp->addr.type != BDADDR_BREDR) {
3618 err = cmd_complete(sk, hdev->id,
3619 MGMT_OP_ADD_REMOTE_OOB_DATA,
3620 MGMT_STATUS_INVALID_PARAMS,
3621 &cp->addr, sizeof(cp->addr));
3622 goto unlock;
3623 }
3624
86df9200
JH		 3625 if (bdaddr_type_is_le(cp->addr.type)) {
3626 rand192 = NULL;
3627 hash192 = NULL;
3628 } else {
3629 rand192 = cp->rand192;
3630 hash192 = cp->hash192;
3631 }
3632
81328d5c 3633 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200
JH		 3634 cp->addr.type, hash192, rand192,
3635 cp->hash256, cp->rand256);
ec109113
MH		 3636 if (err < 0)
3637 status = MGMT_STATUS_FAILED;
3638 else
3639 status = MGMT_STATUS_SUCCESS;
3640
3641 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3642 status, &cp->addr, sizeof(cp->addr));
3643 } else {
3644 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3645 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3646 MGMT_STATUS_INVALID_PARAMS);
3647 }
2763eda6 3648
c19a495c 3649unlock:
09fd0de5 3650 hci_dev_unlock(hdev);
2763eda6
SJ		 3651 return err;
3652}
3653
bdb6d971 3654static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3655 void *data, u16 len)
2763eda6 3656{
650f726d 3657 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3658 u8 status;
2763eda6
SJ		 3659 int err;
3660
bdb6d971 3661 BT_DBG("%s", hdev->name);
2763eda6 3662
c19a495c
JH		 3663 if (cp->addr.type != BDADDR_BREDR)
3664 return cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3665 MGMT_STATUS_INVALID_PARAMS,
3666 &cp->addr, sizeof(cp->addr));
3667
09fd0de5 3668 hci_dev_lock(hdev);
2763eda6 3669
eedbd581
JH		 3670 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3671 hci_remote_oob_data_clear(hdev);
3672 status = MGMT_STATUS_SUCCESS;
3673 goto done;
3674 }
3675
6928a924 3676 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3677 if (err < 0)
bf1e3541 3678 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3679 else
a6785be2 3680 status = MGMT_STATUS_SUCCESS;
bf1e3541 3681
eedbd581 3682done:
bdb6d971 3683 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3684 status, &cp->addr, sizeof(cp->addr));
2763eda6 3685
09fd0de5 3686 hci_dev_unlock(hdev);
2763eda6
SJ		 3687 return err;
3688}
3689
8019044d
MH		 3690static bool trigger_discovery(struct hci_request *req, u8 *status)
3691{
3692 struct hci_dev *hdev = req->hdev;
3693 struct hci_cp_le_set_scan_param param_cp;
3694 struct hci_cp_le_set_scan_enable enable_cp;
3695 struct hci_cp_inquiry inq_cp;
3696 /* General inquiry access code (GIAC) */
3697 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3698 u8 own_addr_type;
3699 int err;
3700
3701 switch (hdev->discovery.type) {
3702 case DISCOV_TYPE_BREDR:
3703 *status = mgmt_bredr_support(hdev);
3704 if (*status)
3705 return false;
3706
3707 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3708 *status = MGMT_STATUS_BUSY;
3709 return false;
3710 }
3711
3712 hci_inquiry_cache_flush(hdev);
3713
3714 memset(&inq_cp, 0, sizeof(inq_cp));
3715 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3716 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3717 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3718 break;
3719
3720 case DISCOV_TYPE_LE:
3721 case DISCOV_TYPE_INTERLEAVED:
3722 *status = mgmt_le_support(hdev);
3723 if (*status)
3724 return false;
3725
3726 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3727 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3728 *status = MGMT_STATUS_NOT_SUPPORTED;
3729 return false;
3730 }
3731
3732 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3733 /* Don't let discovery abort an outgoing
3734 * connection attempt that's using directed
3735 * advertising.
3736 */
3737 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3738 BT_CONNECT)) {
3739 *status = MGMT_STATUS_REJECTED;
3740 return false;
3741 }
3742
3743 disable_advertising(req);
3744 }
3745
3746 /* If controller is scanning, it means the background scanning
3747 * is running. Thus, we should temporarily stop it in order to
3748 * set the discovery scanning parameters.
3749 */
3750 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3751 hci_req_add_le_scan_disable(req);
3752
3753 memset(&param_cp, 0, sizeof(param_cp));
3754
3755 /* All active scans will be done with either a resolvable
3756 * private address (when privacy feature has been enabled)
3757 * or unresolvable private address.
3758 */
3759 err = hci_update_random_address(req, true, &own_addr_type);
3760 if (err < 0) {
3761 *status = MGMT_STATUS_FAILED;
3762 return false;
3763 }
3764
3765 param_cp.type = LE_SCAN_ACTIVE;
3766 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3767 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3768 param_cp.own_address_type = own_addr_type;
3769 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3770 &param_cp);
3771
3772 memset(&enable_cp, 0, sizeof(enable_cp));
3773 enable_cp.enable = LE_SCAN_ENABLE;
3774 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3775 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3776 &enable_cp);
3777 break;
3778
3779 default:
3780 *status = MGMT_STATUS_INVALID_PARAMS;
3781 return false;
3782 }
3783
3784 return true;
3785}
3786
11e6e25d 3787static void start_discovery_complete(struct hci_dev *hdev, u8 status)
41dc2bd6
AG		 3788{
3789 struct pending_cmd *cmd;
11e6e25d 3790 unsigned long timeout;
41dc2bd6 3791
11e6e25d 3792 BT_DBG("status %d", status);
41dc2bd6 3793
11e6e25d 3794 hci_dev_lock(hdev);
41dc2bd6 3795
11e6e25d 3796 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427
JP		 3797 if (!cmd)
3798 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3799
11e6e25d
MH		 3800 if (cmd) {
3801 u8 type = hdev->discovery.type;
ae55f598 3802
11e6e25d
MH		 3803 cmd_complete(cmd->sk, hdev->id, cmd->opcode,
3804 mgmt_status(status), &type, sizeof(type));
3805 mgmt_pending_remove(cmd);
3806 }
7c307720
AG		 3807
3808 if (status) {
11e6e25d
MH		 3809 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3810 goto unlock;
7c307720
AG		 3811 }
3812
7c307720 3813 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720
AG		 3814
3815 switch (hdev->discovery.type) {
3816 case DISCOV_TYPE_LE:
3d5a76f0 3817 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 3818 break;
7c307720 3819 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3820 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 3821 break;
7c307720 3822 case DISCOV_TYPE_BREDR:
11e6e25d 3823 timeout = 0;
7c307720 3824 break;
7c307720
AG		 3825 default:
3826 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 3827 timeout = 0;
3828 break;
7c307720 3829 }
ae55f598 3830
11e6e25d
MH		 3831 if (timeout)
3832 queue_delayed_work(hdev->workqueue,
3833 &hdev->le_scan_disable, timeout);
ae55f598 3834
11e6e25d
MH		 3835unlock:
3836 hci_dev_unlock(hdev);
7c307720
AG		 3837}
3838
bdb6d971 3839static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3840 void *data, u16 len)
14a53664 3841{
650f726d 3842 struct mgmt_cp_start_discovery *cp = data;
14a53664 3843 struct pending_cmd *cmd;
7c307720 3844 struct hci_request req;
8019044d 3845 u8 status;
14a53664
JH		 3846 int err;
3847
bdb6d971 3848 BT_DBG("%s", hdev->name);
14a53664 3849
09fd0de5 3850 hci_dev_lock(hdev);
14a53664 3851
4b34ee78 3852 if (!hdev_is_powered(hdev)) {
a736abc1
SJ		 3853 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3854 MGMT_STATUS_NOT_POWERED,
3855 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3856 goto failed;
3857 }
3858
f5a969f2
MH		 3859 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3860 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
a736abc1
SJ		 3861 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3862 MGMT_STATUS_BUSY, &cp->type,
3863 sizeof(cp->type));
ff9ef578
JH		 3864 goto failed;
3865 }
3866
2e58ef3e 3867 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3868 if (!cmd) {
3869 err = -ENOMEM;
3870 goto failed;
3871 }
3872
22078800
MH		 3873 /* Clear the discovery filter first to free any previously
3874 * allocated memory for the UUID list.
3875 */
3876 hci_discovery_filter_clear(hdev);
3877
4aab14e5
AG		 3878 hdev->discovery.type = cp->type;
3879
7c307720
AG		 3880 hci_req_init(&req, hdev);
3881
8019044d 3882 if (!trigger_discovery(&req, &status)) {
a736abc1 3883 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
8019044d 3884 status, &cp->type, sizeof(cp->type));
04106755
JH		 3885 mgmt_pending_remove(cmd);
3886 goto failed;
f39799f5 3887 }
3fd24153 3888
7c307720 3889 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 3890 if (err < 0) {
14a53664 3891 mgmt_pending_remove(cmd);
f5a969f2
MH		 3892 goto failed;
3893 }
3894
3895 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3896
3897failed:
09fd0de5 3898 hci_dev_unlock(hdev);
14a53664
JH		 3899 return err;
3900}
3901
66ea9427
JP		 3902static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3903 void *data, u16 len)
3904{
3905 struct mgmt_cp_start_service_discovery *cp = data;
3906 struct pending_cmd *cmd;
3907 struct hci_request req;
3908 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3909 u16 uuid_count, expected_len;
3910 u8 status;
3911 int err;
3912
3913 BT_DBG("%s", hdev->name);
3914
3915 hci_dev_lock(hdev);
3916
3917 if (!hdev_is_powered(hdev)) {
3918 err = cmd_complete(sk, hdev->id,
3919 MGMT_OP_START_SERVICE_DISCOVERY,
3920 MGMT_STATUS_NOT_POWERED,
3921 &cp->type, sizeof(cp->type));
3922 goto failed;
3923 }
3924
3925 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3926 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3927 err = cmd_complete(sk, hdev->id,
3928 MGMT_OP_START_SERVICE_DISCOVERY,
3929 MGMT_STATUS_BUSY, &cp->type,
3930 sizeof(cp->type));
3931 goto failed;
3932 }
3933
3934 uuid_count = __le16_to_cpu(cp->uuid_count);
3935 if (uuid_count > max_uuid_count) {
3936 BT_ERR("service_discovery: too big uuid_count value %u",
3937 uuid_count);
3938 err = cmd_complete(sk, hdev->id,
3939 MGMT_OP_START_SERVICE_DISCOVERY,
3940 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3941 sizeof(cp->type));
3942 goto failed;
3943 }
3944
3945 expected_len = sizeof(*cp) + uuid_count * 16;
3946 if (expected_len != len) {
3947 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
3948 expected_len, len);
3949 err = cmd_complete(sk, hdev->id,
3950 MGMT_OP_START_SERVICE_DISCOVERY,
3951 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3952 sizeof(cp->type));
3953 goto failed;
3954 }
3955
3956 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
3957 hdev, NULL, 0);
3958 if (!cmd) {
3959 err = -ENOMEM;
3960 goto failed;
3961 }
3962
22078800
MH		 3963 /* Clear the discovery filter first to free any previously
3964 * allocated memory for the UUID list.
3965 */
3966 hci_discovery_filter_clear(hdev);
3967
66ea9427
JP		 3968 hdev->discovery.type = cp->type;
3969 hdev->discovery.rssi = cp->rssi;
3970 hdev->discovery.uuid_count = uuid_count;
3971
3972 if (uuid_count > 0) {
3973 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
3974 GFP_KERNEL);
3975 if (!hdev->discovery.uuids) {
3976 err = cmd_complete(sk, hdev->id,
3977 MGMT_OP_START_SERVICE_DISCOVERY,
3978 MGMT_STATUS_FAILED,
3979 &cp->type, sizeof(cp->type));
3980 mgmt_pending_remove(cmd);
3981 goto failed;
3982 }
3983 }
3984
3985 hci_req_init(&req, hdev);
3986
3987 if (!trigger_discovery(&req, &status)) {
3988 err = cmd_complete(sk, hdev->id,
3989 MGMT_OP_START_SERVICE_DISCOVERY,
3990 status, &cp->type, sizeof(cp->type));
3991 mgmt_pending_remove(cmd);
3992 goto failed;
3993 }
3994
3995 err = hci_req_run(&req, start_discovery_complete);
3996 if (err < 0) {
3997 mgmt_pending_remove(cmd);
3998 goto failed;
3999 }
4000
4001 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4002
4003failed:
4004 hci_dev_unlock(hdev);
4005 return err;
4006}
4007
11e6e25d 4008static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca
AG		 4009{
4010 struct pending_cmd *cmd;
1183fdca 4011
0e05bba6
AG		 4012 BT_DBG("status %d", status);
4013
4014 hci_dev_lock(hdev);
4015
11e6e25d
MH		 4016 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4017 if (cmd) {
4018 u8 type = hdev->discovery.type;
4019
4020 cmd_complete(cmd->sk, hdev->id, cmd->opcode,
4021 mgmt_status(status), &type, sizeof(type));
4022 mgmt_pending_remove(cmd);
0e05bba6
AG		 4023 }
4024
11e6e25d
MH		 4025 if (!status)
4026 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4027
0e05bba6
AG		 4028 hci_dev_unlock(hdev);
4029}
4030
bdb6d971 4031static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4032 u16 len)
14a53664 4033{
d930650b 4034 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 4035 struct pending_cmd *cmd;
0e05bba6 4036 struct hci_request req;
14a53664
JH		 4037 int err;
4038
bdb6d971 4039 BT_DBG("%s", hdev->name);
14a53664 4040
09fd0de5 4041 hci_dev_lock(hdev);
14a53664 4042
30dc78e1 4043 if (!hci_discovery_active(hdev)) {
bdb6d971 4044 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 4045 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4046 sizeof(mgmt_cp->type));
d930650b
JH		 4047 goto unlock;
4048 }
4049
4050 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 4051 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 4052 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
4053 sizeof(mgmt_cp->type));
30dc78e1 4054 goto unlock;
ff9ef578
JH		 4055 }
4056
2e58ef3e 4057 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 4058 if (!cmd) {
4059 err = -ENOMEM;
30dc78e1
JH		 4060 goto unlock;
4061 }
4062
0e05bba6
AG		 4063 hci_req_init(&req, hdev);
4064
21a60d30 4065 hci_stop_discovery(&req);
e0d9727e 4066
21a60d30
JH		 4067 err = hci_req_run(&req, stop_discovery_complete);
4068 if (!err) {
4069 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4070 goto unlock;
14a53664
JH		 4071 }
4072
21a60d30
JH		 4073 mgmt_pending_remove(cmd);
4074
4075 /* If no HCI commands were sent we're done */
4076 if (err == -ENODATA) {
4077 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4078 &mgmt_cp->type, sizeof(mgmt_cp->type));
4079 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4080 }
14a53664 4081
30dc78e1 4082unlock:
09fd0de5 4083 hci_dev_unlock(hdev);
14a53664
JH		 4084 return err;
4085}
4086
bdb6d971 4087static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4088 u16 len)
561aafbc 4089{
650f726d 4090 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4091 struct inquiry_entry *e;
561aafbc
JH		 4092 int err;
4093
bdb6d971 4094 BT_DBG("%s", hdev->name);
561aafbc 4095
561aafbc
JH		 4096 hci_dev_lock(hdev);
4097
30dc78e1 4098 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 4099 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4100 MGMT_STATUS_FAILED, &cp->addr,
4101 sizeof(cp->addr));
30dc78e1
JH		 4102 goto failed;
4103 }
4104
a198e7b1 4105 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4106 if (!e) {
d3a2541d
LR		 4107 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4108 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4109 sizeof(cp->addr));
561aafbc
JH		 4110 goto failed;
4111 }
4112
4113 if (cp->name_known) {
4114 e->name_state = NAME_KNOWN;
4115 list_del(&e->list);
4116 } else {
4117 e->name_state = NAME_NEEDED;
a3d4e20a 4118 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4119 }
4120
e384662b
JH		 4121 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
4122 sizeof(cp->addr));
561aafbc
JH		 4123
4124failed:
4125 hci_dev_unlock(hdev);
561aafbc
JH		 4126 return err;
4127}
4128
bdb6d971 4129static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4130 u16 len)
7fbec224 4131{
650f726d 4132 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4133 u8 status;
7fbec224
AJ		 4134 int err;
4135
bdb6d971 4136 BT_DBG("%s", hdev->name);
7fbec224 4137
4ee71b20 4138 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4139 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4140 MGMT_STATUS_INVALID_PARAMS,
4141 &cp->addr, sizeof(cp->addr));
4ee71b20 4142
09fd0de5 4143 hci_dev_lock(hdev);
5e762444 4144
dcc36c16
JH		 4145 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4146 cp->addr.type);
2a8357f2 4147 if (err < 0) {
f0eeea8b 4148 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4149 goto done;
4150 }
4151
4152 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4153 sk);
4154 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4155
2a8357f2 4156done:
bdb6d971 4157 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 4158 &cp->addr, sizeof(cp->addr));
5e762444 4159
09fd0de5 4160 hci_dev_unlock(hdev);
7fbec224
AJ		 4161
4162 return err;
4163}
4164
bdb6d971 4165static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4166 u16 len)
7fbec224 4167{
650f726d 4168 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4169 u8 status;
7fbec224
AJ		 4170 int err;
4171
bdb6d971 4172 BT_DBG("%s", hdev->name);
7fbec224 4173
4ee71b20 4174 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4175 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4176 MGMT_STATUS_INVALID_PARAMS,
4177 &cp->addr, sizeof(cp->addr));
4ee71b20 4178
09fd0de5 4179 hci_dev_lock(hdev);
5e762444 4180
dcc36c16
JH		 4181 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4182 cp->addr.type);
2a8357f2 4183 if (err < 0) {
f0eeea8b 4184 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4185 goto done;
4186 }
4187
4188 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4189 sk);
4190 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4191
2a8357f2 4192done:
bdb6d971 4193 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 4194 &cp->addr, sizeof(cp->addr));
5e762444 4195
09fd0de5 4196 hci_dev_unlock(hdev);
7fbec224
AJ		 4197
4198 return err;
4199}
4200
cdbaccca
MH		 4201static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4202 u16 len)
4203{
4204 struct mgmt_cp_set_device_id *cp = data;
890ea898 4205 struct hci_request req;
cdbaccca 4206 int err;
c72d4b8a 4207 __u16 source;
cdbaccca
MH		 4208
4209 BT_DBG("%s", hdev->name);
4210
c72d4b8a
SJ		 4211 source = __le16_to_cpu(cp->source);
4212
4213 if (source > 0x0002)
4214 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4215 MGMT_STATUS_INVALID_PARAMS);
4216
cdbaccca
MH		 4217 hci_dev_lock(hdev);
4218
c72d4b8a 4219 hdev->devid_source = source;
cdbaccca
MH		 4220 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4221 hdev->devid_product = __le16_to_cpu(cp->product);
4222 hdev->devid_version = __le16_to_cpu(cp->version);
4223
4224 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4225
890ea898
JH		 4226 hci_req_init(&req, hdev);
4227 update_eir(&req);
4228 hci_req_run(&req, NULL);
cdbaccca
MH		 4229
4230 hci_dev_unlock(hdev);
4231
4232 return err;
4233}
4234
4375f103
JH		 4235static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4236{
4237 struct cmd_lookup match = { NULL, hdev };
4238
4239 if (status) {
4240 u8 mgmt_err = mgmt_status(status);
4241
4242 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4243 cmd_status_rsp, &mgmt_err);
4244 return;
4245 }
4246
c93bd150
JH		 4247 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4248 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4249 else
4250 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4251
4375f103
JH		 4252 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4253 &match);
4254
4255 new_settings(hdev, match.sk);
4256
4257 if (match.sk)
4258 sock_put(match.sk);
4259}
4260
21b5187f
MH		 4261static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4262 u16 len)
4375f103
JH		 4263{
4264 struct mgmt_mode *cp = data;
4265 struct pending_cmd *cmd;
4266 struct hci_request req;
e6fe7986 4267 u8 val, enabled, status;
4375f103
JH		 4268 int err;
4269
4270 BT_DBG("request for %s", hdev->name);
4271
e6fe7986
JH		 4272 status = mgmt_le_support(hdev);
4273 if (status)
4375f103 4274 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 4275 status);
4375f103
JH		 4276
4277 if (cp->val != 0x00 && cp->val != 0x01)
4278 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4279 MGMT_STATUS_INVALID_PARAMS);
4280
4281 hci_dev_lock(hdev);
4282
4283 val = !!cp->val;
f3d3444a 4284 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4285
f74ca9b8
JH		 4286 /* The following conditions are ones which mean that we should
4287 * not do any HCI communication but directly send a mgmt
4288 * response to user space (after toggling the flag if
4289 * necessary).
4290 */
4291 if (!hdev_is_powered(hdev) || val == enabled ||
e8bb6b97
JH		 4292 hci_conn_num(hdev, LE_LINK) > 0 ||
4293 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4294 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4375f103
JH		 4295 bool changed = false;
4296
f3d3444a
JH		 4297 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4298 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4299 changed = true;
4300 }
4301
4302 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4303 if (err < 0)
4304 goto unlock;
4305
4306 if (changed)
4307 err = new_settings(hdev, sk);
4308
4309 goto unlock;
4310 }
4311
4312 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4313 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4314 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4315 MGMT_STATUS_BUSY);
4316 goto unlock;
4317 }
4318
4319 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4320 if (!cmd) {
4321 err = -ENOMEM;
4322 goto unlock;
4323 }
4324
4325 hci_req_init(&req, hdev);
4326
bba3aa55
MH		 4327 if (val)
4328 enable_advertising(&req);
4329 else
4330 disable_advertising(&req);
4375f103
JH		 4331
4332 err = hci_req_run(&req, set_advertising_complete);
4333 if (err < 0)
4334 mgmt_pending_remove(cmd);
4335
4336unlock:
4337 hci_dev_unlock(hdev);
4338 return err;
4339}
4340
d13eafce
MH		 4341static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4342 void *data, u16 len)
4343{
4344 struct mgmt_cp_set_static_address *cp = data;
4345 int err;
4346
4347 BT_DBG("%s", hdev->name);
4348
62af4443 4349 if (!lmp_le_capable(hdev))
d13eafce 4350 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 4351 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4352
4353 if (hdev_is_powered(hdev))
4354 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4355 MGMT_STATUS_REJECTED);
4356
4357 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4358 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4359 return cmd_status(sk, hdev->id,
4360 MGMT_OP_SET_STATIC_ADDRESS,
4361 MGMT_STATUS_INVALID_PARAMS);
4362
4363 /* Two most significant bits shall be set */
4364 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4365 return cmd_status(sk, hdev->id,
4366 MGMT_OP_SET_STATIC_ADDRESS,
4367 MGMT_STATUS_INVALID_PARAMS);
4368 }
4369
4370 hci_dev_lock(hdev);
4371
4372 bacpy(&hdev->static_addr, &cp->bdaddr);
4373
4374 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4375
4376 hci_dev_unlock(hdev);
4377
4378 return err;
4379}
4380
14b49b9a
MH		 4381static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4382 void *data, u16 len)
4383{
4384 struct mgmt_cp_set_scan_params *cp = data;
4385 __u16 interval, window;
4386 int err;
4387
4388 BT_DBG("%s", hdev->name);
4389
4390 if (!lmp_le_capable(hdev))
4391 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4392 MGMT_STATUS_NOT_SUPPORTED);
4393
4394 interval = __le16_to_cpu(cp->interval);
4395
4396 if (interval < 0x0004 || interval > 0x4000)
4397 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4398 MGMT_STATUS_INVALID_PARAMS);
4399
4400 window = __le16_to_cpu(cp->window);
4401
4402 if (window < 0x0004 || window > 0x4000)
4403 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4404 MGMT_STATUS_INVALID_PARAMS);
4405
899e1075
MH		 4406 if (window > interval)
4407 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4408 MGMT_STATUS_INVALID_PARAMS);
4409
14b49b9a
MH		 4410 hci_dev_lock(hdev);
4411
4412 hdev->le_scan_interval = interval;
4413 hdev->le_scan_window = window;
4414
4415 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4416
dd2ef8e2
AG		 4417 /* If background scan is running, restart it so new parameters are
4418 * loaded.
4419 */
4420 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4421 hdev->discovery.state == DISCOVERY_STOPPED) {
4422 struct hci_request req;
4423
4424 hci_req_init(&req, hdev);
4425
4426 hci_req_add_le_scan_disable(&req);
4427 hci_req_add_le_passive_scan(&req);
4428
4429 hci_req_run(&req, NULL);
4430 }
4431
14b49b9a
MH		 4432 hci_dev_unlock(hdev);
4433
4434 return err;
4435}
4436
33e38b3e
JH		 4437static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4438{
4439 struct pending_cmd *cmd;
4440
4441 BT_DBG("status 0x%02x", status);
4442
4443 hci_dev_lock(hdev);
4444
4445 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4446 if (!cmd)
4447 goto unlock;
4448
4449 if (status) {
4450 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4451 mgmt_status(status));
4452 } else {
1a4d3c4b
JH		 4453 struct mgmt_mode *cp = cmd->param;
4454
4455 if (cp->val)
4456 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4457 else
4458 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4459
33e38b3e
JH		 4460 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4461 new_settings(hdev, cmd->sk);
4462 }
4463
4464 mgmt_pending_remove(cmd);
4465
4466unlock:
4467 hci_dev_unlock(hdev);
4468}
4469
bdb6d971 4470static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4471 void *data, u16 len)
f6422ec6 4472{
650f726d 4473 struct mgmt_mode *cp = data;
33e38b3e
JH		 4474 struct pending_cmd *cmd;
4475 struct hci_request req;
f6422ec6
AJ		 4476 int err;
4477
bdb6d971 4478 BT_DBG("%s", hdev->name);
f6422ec6 4479
56f87901
JH		 4480 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4481 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4482 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4483 MGMT_STATUS_NOT_SUPPORTED);
4484
a7e80f25
JH		 4485 if (cp->val != 0x00 && cp->val != 0x01)
4486 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4487 MGMT_STATUS_INVALID_PARAMS);
4488
5400c044 4489 if (!hdev_is_powered(hdev))
bdb6d971 4490 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4491 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4492
4493 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4494 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4495 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4496
4497 hci_dev_lock(hdev);
4498
05cbf29f
JH		 4499 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4500 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4501 MGMT_STATUS_BUSY);
4502 goto unlock;
4503 }
4504
1a4d3c4b
JH		 4505 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4506 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4507 hdev);
4508 goto unlock;
4509 }
4510
33e38b3e
JH		 4511 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4512 data, len);
4513 if (!cmd) {
4514 err = -ENOMEM;
4515 goto unlock;
f6422ec6
AJ		 4516 }
4517
33e38b3e
JH		 4518 hci_req_init(&req, hdev);
4519
406d7804 4520 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4521
4522 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4523 if (err < 0) {
bdb6d971 4524 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4525 MGMT_STATUS_FAILED);
33e38b3e 4526 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4527 }
4528
33e38b3e 4529unlock:
f6422ec6 4530 hci_dev_unlock(hdev);
33e38b3e 4531
f6422ec6
AJ		 4532 return err;
4533}
4534
0663ca2a
JH		 4535static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4536{
4537 struct pending_cmd *cmd;
4538
4539 BT_DBG("status 0x%02x", status);
4540
4541 hci_dev_lock(hdev);
4542
4543 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4544 if (!cmd)
4545 goto unlock;
4546
4547 if (status) {
4548 u8 mgmt_err = mgmt_status(status);
4549
4550 /* We need to restore the flag if related HCI commands
4551 * failed.
4552 */
4553 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4554
4555 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4556 } else {
4557 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4558 new_settings(hdev, cmd->sk);
4559 }
4560
4561 mgmt_pending_remove(cmd);
4562
4563unlock:
4564 hci_dev_unlock(hdev);
4565}
4566
4567static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4568{
4569 struct mgmt_mode *cp = data;
4570 struct pending_cmd *cmd;
4571 struct hci_request req;
4572 int err;
4573
4574 BT_DBG("request for %s", hdev->name);
4575
4576 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4577 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4578 MGMT_STATUS_NOT_SUPPORTED);
4579
4580 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4581 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4582 MGMT_STATUS_REJECTED);
4583
4584 if (cp->val != 0x00 && cp->val != 0x01)
4585 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4586 MGMT_STATUS_INVALID_PARAMS);
4587
4588 hci_dev_lock(hdev);
4589
4590 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4591 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4592 goto unlock;
4593 }
4594
4595 if (!hdev_is_powered(hdev)) {
4596 if (!cp->val) {
0663ca2a
JH		 4597 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4598 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4599 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4600 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4601 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4602 }
4603
4604 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4605
4606 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4607 if (err < 0)
4608 goto unlock;
4609
4610 err = new_settings(hdev, sk);
4611 goto unlock;
4612 }
4613
4614 /* Reject disabling when powered on */
4615 if (!cp->val) {
4616 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4617 MGMT_STATUS_REJECTED);
4618 goto unlock;
4619 }
4620
4621 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4622 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4623 MGMT_STATUS_BUSY);
4624 goto unlock;
4625 }
4626
4627 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4628 if (!cmd) {
4629 err = -ENOMEM;
4630 goto unlock;
4631 }
4632
5947f4bc 4633 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4634 * generates the correct flags.
4635 */
4636 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4637
4638 hci_req_init(&req, hdev);
aa8af46e 4639
432df05e
JH		 4640 write_fast_connectable(&req, false);
4641 hci_update_page_scan(hdev, &req);
aa8af46e 4642
f14d8f64
MH		 4643 /* Since only the advertising data flags will change, there
4644 * is no need to update the scan response data.
4645 */
5947f4bc 4646 update_adv_data(&req);
aa8af46e 4647
0663ca2a
JH		 4648 err = hci_req_run(&req, set_bredr_complete);
4649 if (err < 0)
4650 mgmt_pending_remove(cmd);
4651
4652unlock:
4653 hci_dev_unlock(hdev);
4654 return err;
4655}
4656
eac83dc6
MH		 4657static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4658 void *data, u16 len)
4659{
4660 struct mgmt_mode *cp = data;
4661 struct pending_cmd *cmd;
a3209694 4662 u8 val;
eac83dc6
MH		 4663 int err;
4664
4665 BT_DBG("request for %s", hdev->name);
4666
a3209694
JH		 4667 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4668 !lmp_sc_capable(hdev) && !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4669 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4670 MGMT_STATUS_NOT_SUPPORTED);
4671
0ab04a9c 4672 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4673 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4674 MGMT_STATUS_INVALID_PARAMS);
4675
4676 hci_dev_lock(hdev);
4677
a3209694
JH		 4678 if (!hdev_is_powered(hdev) ||
4679 (!lmp_sc_capable(hdev) &&
4680 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags)) ||
4681 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
eac83dc6
MH		 4682 bool changed;
4683
0ab04a9c 4684 if (cp->val) {
eac83dc6
MH		 4685 changed = !test_and_set_bit(HCI_SC_ENABLED,
4686 &hdev->dev_flags);
0ab04a9c
MH		 4687 if (cp->val == 0x02)
4688 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4689 else
4690 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4691 } else {
eac83dc6
MH		 4692 changed = test_and_clear_bit(HCI_SC_ENABLED,
4693 &hdev->dev_flags);
0ab04a9c
MH		 4694 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4695 }
eac83dc6
MH		 4696
4697 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4698 if (err < 0)
4699 goto failed;
4700
4701 if (changed)
4702 err = new_settings(hdev, sk);
4703
4704 goto failed;
4705 }
4706
4707 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4708 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4709 MGMT_STATUS_BUSY);
4710 goto failed;
4711 }
4712
0ab04a9c
MH		 4713 val = !!cp->val;
4714
4715 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4716 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4717 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4718 goto failed;
4719 }
4720
4721 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4722 if (!cmd) {
4723 err = -ENOMEM;
4724 goto failed;
4725 }
4726
0ab04a9c 4727 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4728 if (err < 0) {
4729 mgmt_pending_remove(cmd);
4730 goto failed;
4731 }
4732
0ab04a9c
MH		 4733 if (cp->val == 0x02)
4734 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4735 else
4736 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4737
eac83dc6
MH		 4738failed:
4739 hci_dev_unlock(hdev);
4740 return err;
4741}
4742
4e39ac81
MH		 4743static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4744 void *data, u16 len)
4745{
4746 struct mgmt_mode *cp = data;
b9710979 4747 bool changed, use_changed;
4e39ac81
MH		 4748 int err;
4749
4750 BT_DBG("request for %s", hdev->name);
4751
b9710979 4752 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4753 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4754 MGMT_STATUS_INVALID_PARAMS);
4755
4756 hci_dev_lock(hdev);
4757
4758 if (cp->val)
0663b297
JH		 4759 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4760 &hdev->dev_flags);
4e39ac81 4761 else
0663b297
JH		 4762 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4763 &hdev->dev_flags);
4e39ac81 4764
b9710979
JH		 4765 if (cp->val == 0x02)
4766 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4767 &hdev->dev_flags);
4768 else
4769 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4770 &hdev->dev_flags);
4771
4772 if (hdev_is_powered(hdev) && use_changed &&
4773 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4774 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4775 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4776 sizeof(mode), &mode);
4777 }
4778
4e39ac81
MH		 4779 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4780 if (err < 0)
4781 goto unlock;
4782
4783 if (changed)
4784 err = new_settings(hdev, sk);
4785
4786unlock:
4787 hci_dev_unlock(hdev);
4788 return err;
4789}
4790
62b04cd1
JH		 4791static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4792 u16 len)
4793{
4794 struct mgmt_cp_set_privacy *cp = cp_data;
4795 bool changed;
4796 int err;
4797
4798 BT_DBG("request for %s", hdev->name);
4799
4800 if (!lmp_le_capable(hdev))
4801 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4802 MGMT_STATUS_NOT_SUPPORTED);
4803
4804 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4805 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4806 MGMT_STATUS_INVALID_PARAMS);
4807
4808 if (hdev_is_powered(hdev))
4809 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4810 MGMT_STATUS_REJECTED);
4811
4812 hci_dev_lock(hdev);
4813
c21c0ea0
JH		 4814 /* If user space supports this command it is also expected to
4815 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4816 */
4817 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4818
62b04cd1
JH		 4819 if (cp->privacy) {
4820 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4821 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4822 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4823 } else {
4824 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4825 memset(hdev->irk, 0, sizeof(hdev->irk));
4826 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4827 }
4828
4829 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4830 if (err < 0)
4831 goto unlock;
4832
4833 if (changed)
4834 err = new_settings(hdev, sk);
4835
4836unlock:
4837 hci_dev_unlock(hdev);
4838 return err;
4839}
4840
41edf160
JH		 4841static bool irk_is_valid(struct mgmt_irk_info *irk)
4842{
4843 switch (irk->addr.type) {
4844 case BDADDR_LE_PUBLIC:
4845 return true;
4846
4847 case BDADDR_LE_RANDOM:
4848 /* Two most significant bits shall be set */
4849 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4850 return false;
4851 return true;
4852 }
4853
4854 return false;
4855}
4856
4857static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4858 u16 len)
4859{
4860 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4861 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4862 sizeof(struct mgmt_irk_info));
41edf160
JH		 4863 u16 irk_count, expected_len;
4864 int i, err;
4865
4866 BT_DBG("request for %s", hdev->name);
4867
4868 if (!lmp_le_capable(hdev))
4869 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4870 MGMT_STATUS_NOT_SUPPORTED);
4871
4872 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4873 if (irk_count > max_irk_count) {
4874 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4875 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4876 MGMT_STATUS_INVALID_PARAMS);
4877 }
41edf160
JH		 4878
4879 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4880 if (expected_len != len) {
4881 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4882 expected_len, len);
41edf160
JH		 4883 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4884 MGMT_STATUS_INVALID_PARAMS);
4885 }
4886
4887 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4888
4889 for (i = 0; i < irk_count; i++) {
4890 struct mgmt_irk_info *key = &cp->irks[i];
4891
4892 if (!irk_is_valid(key))
4893 return cmd_status(sk, hdev->id,
4894 MGMT_OP_LOAD_IRKS,
4895 MGMT_STATUS_INVALID_PARAMS);
4896 }
4897
4898 hci_dev_lock(hdev);
4899
4900 hci_smp_irks_clear(hdev);
4901
4902 for (i = 0; i < irk_count; i++) {
4903 struct mgmt_irk_info *irk = &cp->irks[i];
4904 u8 addr_type;
4905
4906 if (irk->addr.type == BDADDR_LE_PUBLIC)
4907 addr_type = ADDR_LE_DEV_PUBLIC;
4908 else
4909 addr_type = ADDR_LE_DEV_RANDOM;
4910
4911 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4912 BDADDR_ANY);
4913 }
4914
4915 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4916
4917 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4918
4919 hci_dev_unlock(hdev);
4920
4921 return err;
4922}
4923
3f706b72
JH		 4924static bool ltk_is_valid(struct mgmt_ltk_info *key)
4925{
4926 if (key->master != 0x00 && key->master != 0x01)
4927 return false;
490cb0b3
MH		 4928
4929 switch (key->addr.type) {
4930 case BDADDR_LE_PUBLIC:
4931 return true;
4932
4933 case BDADDR_LE_RANDOM:
4934 /* Two most significant bits shall be set */
4935 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4936 return false;
4937 return true;
4938 }
4939
4940 return false;
3f706b72
JH		 4941}
4942
bdb6d971 4943static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4944 void *cp_data, u16 len)
346af67b 4945{
346af67b 4946 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4947 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4948 sizeof(struct mgmt_ltk_info));
346af67b 4949 u16 key_count, expected_len;
715a5bf2 4950 int i, err;
346af67b 4951
cf99ba13
MH		 4952 BT_DBG("request for %s", hdev->name);
4953
4954 if (!lmp_le_capable(hdev))
4955 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4956 MGMT_STATUS_NOT_SUPPORTED);
4957
1f350c87 4958 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4959 if (key_count > max_key_count) {
4960 BT_ERR("load_ltks: too big key_count value %u", key_count);
4961 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4962 MGMT_STATUS_INVALID_PARAMS);
4963 }
346af67b
VCG		 4964
4965 expected_len = sizeof(*cp) + key_count *
4966 sizeof(struct mgmt_ltk_info);
4967 if (expected_len != len) {
4968 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4969 expected_len, len);
bdb6d971 4970 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4971 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4972 }
4973
bdb6d971 4974 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4975
54ad6d8a
JH		 4976 for (i = 0; i < key_count; i++) {
4977 struct mgmt_ltk_info *key = &cp->keys[i];
4978
3f706b72 4979 if (!ltk_is_valid(key))
54ad6d8a
JH		 4980 return cmd_status(sk, hdev->id,
4981 MGMT_OP_LOAD_LONG_TERM_KEYS,
4982 MGMT_STATUS_INVALID_PARAMS);
4983 }
4984
346af67b
VCG		 4985 hci_dev_lock(hdev);
4986
4987 hci_smp_ltks_clear(hdev);
4988
4989 for (i = 0; i < key_count; i++) {
4990 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4991 u8 type, addr_type, authenticated;
79d95a19
MH		 4992
4993 if (key->addr.type == BDADDR_LE_PUBLIC)
4994 addr_type = ADDR_LE_DEV_PUBLIC;
4995 else
4996 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 4997
61b43357
JH		 4998 switch (key->type) {
4999 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5000 authenticated = 0x00;
23fb8de3 5001 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5002 break;
5003 case MGMT_LTK_AUTHENTICATED:
d7b25450 5004 authenticated = 0x01;
23fb8de3
JH		 5005 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5006 break;
5007 case MGMT_LTK_P256_UNAUTH:
5008 authenticated = 0x00;
5009 type = SMP_LTK_P256;
5010 break;
5011 case MGMT_LTK_P256_AUTH:
5012 authenticated = 0x01;
5013 type = SMP_LTK_P256;
61b43357 5014 break;
23fb8de3
JH		 5015 case MGMT_LTK_P256_DEBUG:
5016 authenticated = 0x00;
5017 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5018 default:
5019 continue;
5020 }
d7b25450 5021
35d70271 5022 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5023 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5024 key->rand);
346af67b
VCG		 5025 }
5026
715a5bf2
JH		 5027 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5028 NULL, 0);
5029
346af67b 5030 hci_dev_unlock(hdev);
346af67b 5031
715a5bf2 5032 return err;
346af67b
VCG		 5033}
5034
dd983808
AK		 5035struct cmd_conn_lookup {
5036 struct hci_conn *conn;
5037 bool valid_tx_power;
5038 u8 mgmt_status;
5039};
5040
5041static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
5042{
5043 struct cmd_conn_lookup *match = data;
5044 struct mgmt_cp_get_conn_info *cp;
5045 struct mgmt_rp_get_conn_info rp;
5046 struct hci_conn *conn = cmd->user_data;
5047
5048 if (conn != match->conn)
5049 return;
5050
5051 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
5052
5053 memset(&rp, 0, sizeof(rp));
5054 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5055 rp.addr.type = cp->addr.type;
5056
5057 if (!match->mgmt_status) {
5058 rp.rssi = conn->rssi;
5059
eed5daf3 5060 if (match->valid_tx_power) {
dd983808 5061 rp.tx_power = conn->tx_power;
eed5daf3
AK		 5062 rp.max_tx_power = conn->max_tx_power;
5063 } else {
dd983808 5064 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 5065 rp.max_tx_power = HCI_TX_POWER_INVALID;
5066 }
dd983808
AK		 5067 }
5068
5069 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5070 match->mgmt_status, &rp, sizeof(rp));
5071
5072 hci_conn_drop(conn);
f8aaf9b6 5073 hci_conn_put(conn);
dd983808
AK		 5074
5075 mgmt_pending_remove(cmd);
5076}
5077
5078static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
5079{
5080 struct hci_cp_read_rssi *cp;
5081 struct hci_conn *conn;
5082 struct cmd_conn_lookup match;
5083 u16 handle;
5084
5085 BT_DBG("status 0x%02x", status);
5086
5087 hci_dev_lock(hdev);
5088
5089 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 5090 * otherwise we assume it's not valid. At the moment we assume that
5091 * either both or none of current and max values are valid to keep code
5092 * simple.
dd983808
AK		 5093 */
5094 match.valid_tx_power = !status;
5095
5096 /* Commands sent in request are either Read RSSI or Read Transmit Power
5097 * Level so we check which one was last sent to retrieve connection
5098 * handle. Both commands have handle as first parameter so it's safe to
5099 * cast data on the same command struct.
5100 *
5101 * First command sent is always Read RSSI and we fail only if it fails.
5102 * In other case we simply override error to indicate success as we
5103 * already remembered if TX power value is actually valid.
5104 */
5105 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5106 if (!cp) {
5107 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5108 status = 0;
5109 }
5110
5111 if (!cp) {
5112 BT_ERR("invalid sent_cmd in response");
5113 goto unlock;
5114 }
5115
5116 handle = __le16_to_cpu(cp->handle);
5117 conn = hci_conn_hash_lookup_handle(hdev, handle);
5118 if (!conn) {
5119 BT_ERR("unknown handle (%d) in response", handle);
5120 goto unlock;
5121 }
5122
5123 match.conn = conn;
5124 match.mgmt_status = mgmt_status(status);
5125
5126 /* Cache refresh is complete, now reply for mgmt request for given
5127 * connection only.
5128 */
5129 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
5130 get_conn_info_complete, &match);
5131
5132unlock:
5133 hci_dev_unlock(hdev);
5134}
5135
5136static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5137 u16 len)
5138{
5139 struct mgmt_cp_get_conn_info *cp = data;
5140 struct mgmt_rp_get_conn_info rp;
5141 struct hci_conn *conn;
5142 unsigned long conn_info_age;
5143 int err = 0;
5144
5145 BT_DBG("%s", hdev->name);
5146
5147 memset(&rp, 0, sizeof(rp));
5148 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5149 rp.addr.type = cp->addr.type;
5150
5151 if (!bdaddr_type_is_valid(cp->addr.type))
5152 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5153 MGMT_STATUS_INVALID_PARAMS,
5154 &rp, sizeof(rp));
5155
5156 hci_dev_lock(hdev);
5157
5158 if (!hdev_is_powered(hdev)) {
5159 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5160 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5161 goto unlock;
5162 }
5163
5164 if (cp->addr.type == BDADDR_BREDR)
5165 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5166 &cp->addr.bdaddr);
5167 else
5168 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5169
5170 if (!conn || conn->state != BT_CONNECTED) {
5171 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5172 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
5173 goto unlock;
5174 }
5175
5176 /* To avoid client trying to guess when to poll again for information we
5177 * calculate conn info age as random value between min/max set in hdev.
5178 */
5179 conn_info_age = hdev->conn_info_min_age +
5180 prandom_u32_max(hdev->conn_info_max_age -
5181 hdev->conn_info_min_age);
5182
5183 /* Query controller to refresh cached values if they are too old or were
5184 * never read.
5185 */
f4e2dd53
AK		 5186 if (time_after(jiffies, conn->conn_info_timestamp +
5187 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5188 !conn->conn_info_timestamp) {
5189 struct hci_request req;
5190 struct hci_cp_read_tx_power req_txp_cp;
5191 struct hci_cp_read_rssi req_rssi_cp;
5192 struct pending_cmd *cmd;
5193
5194 hci_req_init(&req, hdev);
5195 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5196 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5197 &req_rssi_cp);
5198
f7faab0c
AK		 5199 /* For LE links TX power does not change thus we don't need to
5200 * query for it once value is known.
5201 */
5202 if (!bdaddr_type_is_le(cp->addr.type) ||
5203 conn->tx_power == HCI_TX_POWER_INVALID) {
5204 req_txp_cp.handle = cpu_to_le16(conn->handle);
5205 req_txp_cp.type = 0x00;
5206 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5207 sizeof(req_txp_cp), &req_txp_cp);
5208 }
dd983808 5209
eed5daf3
AK		 5210 /* Max TX power needs to be read only once per connection */
5211 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5212 req_txp_cp.handle = cpu_to_le16(conn->handle);
5213 req_txp_cp.type = 0x01;
5214 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5215 sizeof(req_txp_cp), &req_txp_cp);
5216 }
5217
dd983808
AK		 5218 err = hci_req_run(&req, conn_info_refresh_complete);
5219 if (err < 0)
5220 goto unlock;
5221
5222 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5223 data, len);
5224 if (!cmd) {
5225 err = -ENOMEM;
5226 goto unlock;
5227 }
5228
5229 hci_conn_hold(conn);
f8aaf9b6 5230 cmd->user_data = hci_conn_get(conn);
dd983808
AK		 5231
5232 conn->conn_info_timestamp = jiffies;
5233 } else {
5234 /* Cache is valid, just reply with values cached in hci_conn */
5235 rp.rssi = conn->rssi;
5236 rp.tx_power = conn->tx_power;
eed5daf3 5237 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 5238
5239 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5240 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5241 }
5242
5243unlock:
5244 hci_dev_unlock(hdev);
5245 return err;
5246}
5247
95868426
JH		 5248static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5249{
5250 struct mgmt_cp_get_clock_info *cp;
5251 struct mgmt_rp_get_clock_info rp;
5252 struct hci_cp_read_clock *hci_cp;
5253 struct pending_cmd *cmd;
5254 struct hci_conn *conn;
5255
5256 BT_DBG("%s status %u", hdev->name, status);
5257
5258 hci_dev_lock(hdev);
5259
5260 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5261 if (!hci_cp)
5262 goto unlock;
5263
5264 if (hci_cp->which) {
5265 u16 handle = __le16_to_cpu(hci_cp->handle);
5266 conn = hci_conn_hash_lookup_handle(hdev, handle);
5267 } else {
5268 conn = NULL;
5269 }
5270
5271 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5272 if (!cmd)
5273 goto unlock;
5274
5275 cp = cmd->param;
5276
5277 memset(&rp, 0, sizeof(rp));
5278 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
5279
5280 if (status)
5281 goto send_rsp;
5282
5283 rp.local_clock = cpu_to_le32(hdev->clock);
5284
5285 if (conn) {
5286 rp.piconet_clock = cpu_to_le32(conn->clock);
5287 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5288 }
5289
5290send_rsp:
5291 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
5292 &rp, sizeof(rp));
5293 mgmt_pending_remove(cmd);
f8aaf9b6 5294 if (conn) {
95868426 5295 hci_conn_drop(conn);
f8aaf9b6
JH		 5296 hci_conn_put(conn);
5297 }
95868426
JH		 5298
5299unlock:
5300 hci_dev_unlock(hdev);
5301}
5302
5303static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5304 u16 len)
5305{
5306 struct mgmt_cp_get_clock_info *cp = data;
5307 struct mgmt_rp_get_clock_info rp;
5308 struct hci_cp_read_clock hci_cp;
5309 struct pending_cmd *cmd;
5310 struct hci_request req;
5311 struct hci_conn *conn;
5312 int err;
5313
5314 BT_DBG("%s", hdev->name);
5315
5316 memset(&rp, 0, sizeof(rp));
5317 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5318 rp.addr.type = cp->addr.type;
5319
5320 if (cp->addr.type != BDADDR_BREDR)
5321 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5322 MGMT_STATUS_INVALID_PARAMS,
5323 &rp, sizeof(rp));
5324
5325 hci_dev_lock(hdev);
5326
5327 if (!hdev_is_powered(hdev)) {
5328 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5329 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5330 goto unlock;
5331 }
5332
5333 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5334 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5335 &cp->addr.bdaddr);
5336 if (!conn || conn->state != BT_CONNECTED) {
5337 err = cmd_complete(sk, hdev->id,
5338 MGMT_OP_GET_CLOCK_INFO,
5339 MGMT_STATUS_NOT_CONNECTED,
5340 &rp, sizeof(rp));
5341 goto unlock;
5342 }
5343 } else {
5344 conn = NULL;
5345 }
5346
5347 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5348 if (!cmd) {
5349 err = -ENOMEM;
5350 goto unlock;
5351 }
5352
5353 hci_req_init(&req, hdev);
5354
5355 memset(&hci_cp, 0, sizeof(hci_cp));
5356 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5357
5358 if (conn) {
5359 hci_conn_hold(conn);
f8aaf9b6 5360 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5361
5362 hci_cp.handle = cpu_to_le16(conn->handle);
5363 hci_cp.which = 0x01; /* Piconet clock */
5364 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5365 }
5366
5367 err = hci_req_run(&req, get_clock_info_complete);
5368 if (err < 0)
5369 mgmt_pending_remove(cmd);
5370
5371unlock:
5372 hci_dev_unlock(hdev);
5373 return err;
5374}
5375
8afef092
MH		 5376static void device_added(struct sock *sk, struct hci_dev *hdev,
5377 bdaddr_t *bdaddr, u8 type, u8 action)
5378{
5379 struct mgmt_ev_device_added ev;
5380
5381 bacpy(&ev.addr.bdaddr, bdaddr);
5382 ev.addr.type = type;
5383 ev.action = action;
5384
5385 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5386}
5387
2faade53
MH		 5388static int add_device(struct sock *sk, struct hci_dev *hdev,
5389 void *data, u16 len)
5390{
5391 struct mgmt_cp_add_device *cp = data;
5392 u8 auto_conn, addr_type;
5393 int err;
5394
5395 BT_DBG("%s", hdev->name);
5396
6659358e 5397 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53
MH		 5398 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5399 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5400 MGMT_STATUS_INVALID_PARAMS,
5401 &cp->addr, sizeof(cp->addr));
5402
4b9e7e75 5403 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2faade53
MH		 5404 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5405 MGMT_STATUS_INVALID_PARAMS,
5406 &cp->addr, sizeof(cp->addr));
5407
5408 hci_dev_lock(hdev);
5409
6659358e 5410 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5411 /* Only incoming connections action is supported for now */
6659358e
JH		 5412 if (cp->action != 0x01) {
5413 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5414 MGMT_STATUS_INVALID_PARAMS,
5415 &cp->addr, sizeof(cp->addr));
5416 goto unlock;
5417 }
5418
5419 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5420 cp->addr.type);
5421 if (err)
5422 goto unlock;
a397407f 5423
432df05e 5424 hci_update_page_scan(hdev, NULL);
a397407f 5425
6659358e
JH		 5426 goto added;
5427 }
5428
2faade53
MH		 5429 if (cp->addr.type == BDADDR_LE_PUBLIC)
5430 addr_type = ADDR_LE_DEV_PUBLIC;
5431 else
5432 addr_type = ADDR_LE_DEV_RANDOM;
5433
4b9e7e75 5434 if (cp->action == 0x02)
2faade53 5435 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5436 else if (cp->action == 0x01)
5437 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5438 else
a3451d27 5439 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5440
bf5b3c8b
MH		 5441 /* If the connection parameters don't exist for this device,
5442 * they will be created and configured with defaults.
5443 */
d06b50ce
MH		 5444 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5445 auto_conn) < 0) {
2faade53
MH		 5446 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5447 MGMT_STATUS_FAILED,
5448 &cp->addr, sizeof(cp->addr));
5449 goto unlock;
5450 }
5451
6659358e 5452added:
8afef092
MH		 5453 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5454
2faade53
MH		 5455 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5456 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5457
5458unlock:
5459 hci_dev_unlock(hdev);
5460 return err;
5461}
5462
8afef092
MH		 5463static void device_removed(struct sock *sk, struct hci_dev *hdev,
5464 bdaddr_t *bdaddr, u8 type)
5465{
5466 struct mgmt_ev_device_removed ev;
5467
5468 bacpy(&ev.addr.bdaddr, bdaddr);
5469 ev.addr.type = type;
5470
5471 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5472}
5473
2faade53
MH		 5474static int remove_device(struct sock *sk, struct hci_dev *hdev,
5475 void *data, u16 len)
5476{
5477 struct mgmt_cp_remove_device *cp = data;
5478 int err;
5479
5480 BT_DBG("%s", hdev->name);
5481
5482 hci_dev_lock(hdev);
5483
5484 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5485 struct hci_conn_params *params;
2faade53
MH		 5486 u8 addr_type;
5487
6659358e 5488 if (!bdaddr_type_is_valid(cp->addr.type)) {
2faade53
MH		 5489 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5490 MGMT_STATUS_INVALID_PARAMS,
5491 &cp->addr, sizeof(cp->addr));
5492 goto unlock;
5493 }
5494
6659358e
JH		 5495 if (cp->addr.type == BDADDR_BREDR) {
5496 err = hci_bdaddr_list_del(&hdev->whitelist,
5497 &cp->addr.bdaddr,
5498 cp->addr.type);
5499 if (err) {
5500 err = cmd_complete(sk, hdev->id,
5501 MGMT_OP_REMOVE_DEVICE,
5502 MGMT_STATUS_INVALID_PARAMS,
5503 &cp->addr, sizeof(cp->addr));
5504 goto unlock;
5505 }
5506
432df05e 5507 hci_update_page_scan(hdev, NULL);
a397407f 5508
6659358e
JH		 5509 device_removed(sk, hdev, &cp->addr.bdaddr,
5510 cp->addr.type);
5511 goto complete;
5512 }
5513
2faade53
MH		 5514 if (cp->addr.type == BDADDR_LE_PUBLIC)
5515 addr_type = ADDR_LE_DEV_PUBLIC;
5516 else
5517 addr_type = ADDR_LE_DEV_RANDOM;
5518
c71593dd
JH		 5519 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5520 addr_type);
5521 if (!params) {
5522 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5523 MGMT_STATUS_INVALID_PARAMS,
5524 &cp->addr, sizeof(cp->addr));
5525 goto unlock;
5526 }
5527
5528 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5529 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5530 MGMT_STATUS_INVALID_PARAMS,
5531 &cp->addr, sizeof(cp->addr));
5532 goto unlock;
5533 }
5534
d1dbf12e 5535 list_del(&params->action);
c71593dd
JH		 5536 list_del(&params->list);
5537 kfree(params);
95305baa 5538 hci_update_background_scan(hdev);
8afef092
MH		 5539
5540 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5541 } else {
19de0825 5542 struct hci_conn_params *p, *tmp;
6659358e 5543 struct bdaddr_list *b, *btmp;
19de0825 5544
2faade53
MH		 5545 if (cp->addr.type) {
5546 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5547 MGMT_STATUS_INVALID_PARAMS,
5548 &cp->addr, sizeof(cp->addr));
5549 goto unlock;
5550 }
5551
6659358e
JH		 5552 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5553 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5554 list_del(&b->list);
5555 kfree(b);
5556 }
5557
432df05e 5558 hci_update_page_scan(hdev, NULL);
a397407f 5559
19de0825
JH		 5560 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5561 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5562 continue;
5563 device_removed(sk, hdev, &p->addr, p->addr_type);
5564 list_del(&p->action);
5565 list_del(&p->list);
5566 kfree(p);
5567 }
5568
5569 BT_DBG("All LE connection parameters were removed");
5570
5571 hci_update_background_scan(hdev);
2faade53
MH		 5572 }
5573
6659358e 5574complete:
2faade53
MH		 5575 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5576 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5577
5578unlock:
5579 hci_dev_unlock(hdev);
5580 return err;
5581}
5582
a26f3dcf
JH		 5583static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5584 u16 len)
5585{
5586 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5587 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5588 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5589 u16 param_count, expected_len;
5590 int i;
5591
5592 if (!lmp_le_capable(hdev))
5593 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5594 MGMT_STATUS_NOT_SUPPORTED);
5595
5596 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5597 if (param_count > max_param_count) {
5598 BT_ERR("load_conn_param: too big param_count value %u",
5599 param_count);
5600 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5601 MGMT_STATUS_INVALID_PARAMS);
5602 }
a26f3dcf
JH		 5603
5604 expected_len = sizeof(*cp) + param_count *
5605 sizeof(struct mgmt_conn_param);
5606 if (expected_len != len) {
5607 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5608 expected_len, len);
5609 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5610 MGMT_STATUS_INVALID_PARAMS);
5611 }
5612
5613 BT_DBG("%s param_count %u", hdev->name, param_count);
5614
5615 hci_dev_lock(hdev);
5616
5617 hci_conn_params_clear_disabled(hdev);
5618
5619 for (i = 0; i < param_count; i++) {
5620 struct mgmt_conn_param *param = &cp->params[i];
5621 struct hci_conn_params *hci_param;
5622 u16 min, max, latency, timeout;
5623 u8 addr_type;
5624
5625 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5626 param->addr.type);
5627
5628 if (param->addr.type == BDADDR_LE_PUBLIC) {
5629 addr_type = ADDR_LE_DEV_PUBLIC;
5630 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5631 addr_type = ADDR_LE_DEV_RANDOM;
5632 } else {
5633 BT_ERR("Ignoring invalid connection parameters");
5634 continue;
5635 }
5636
5637 min = le16_to_cpu(param->min_interval);
5638 max = le16_to_cpu(param->max_interval);
5639 latency = le16_to_cpu(param->latency);
5640 timeout = le16_to_cpu(param->timeout);
5641
5642 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5643 min, max, latency, timeout);
5644
5645 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5646 BT_ERR("Ignoring invalid connection parameters");
5647 continue;
5648 }
5649
5650 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5651 addr_type);
5652 if (!hci_param) {
5653 BT_ERR("Failed to add connection parameters");
5654 continue;
5655 }
5656
5657 hci_param->conn_min_interval = min;
5658 hci_param->conn_max_interval = max;
5659 hci_param->conn_latency = latency;
5660 hci_param->supervision_timeout = timeout;
5661 }
5662
5663 hci_dev_unlock(hdev);
5664
5665 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5666}
5667
dbece37a
MH		 5668static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5669 void *data, u16 len)
5670{
5671 struct mgmt_cp_set_external_config *cp = data;
5672 bool changed;
5673 int err;
5674
5675 BT_DBG("%s", hdev->name);
5676
5677 if (hdev_is_powered(hdev))
5678 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5679 MGMT_STATUS_REJECTED);
5680
5681 if (cp->config != 0x00 && cp->config != 0x01)
5682 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5683 MGMT_STATUS_INVALID_PARAMS);
5684
5685 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5686 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5687 MGMT_STATUS_NOT_SUPPORTED);
5688
5689 hci_dev_lock(hdev);
5690
5691 if (cp->config)
5692 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5693 &hdev->dev_flags);
5694 else
5695 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5696 &hdev->dev_flags);
5697
5698 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5699 if (err < 0)
5700 goto unlock;
5701
5702 if (!changed)
5703 goto unlock;
5704
f4537c04
MH		 5705 err = new_options(hdev, sk);
5706
dbece37a
MH		 5707 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5708 mgmt_index_removed(hdev);
d603b76b
MH		 5709
5710 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5711 set_bit(HCI_CONFIG, &hdev->dev_flags);
5712 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5713
5714 queue_work(hdev->req_workqueue, &hdev->power_on);
5715 } else {
5ea234d3 5716 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5717 mgmt_index_added(hdev);
5718 }
dbece37a
MH		 5719 }
5720
5721unlock:
5722 hci_dev_unlock(hdev);
5723 return err;
5724}
5725
9713c17b
MH		 5726static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5727 void *data, u16 len)
5728{
5729 struct mgmt_cp_set_public_address *cp = data;
5730 bool changed;
5731 int err;
5732
5733 BT_DBG("%s", hdev->name);
5734
5735 if (hdev_is_powered(hdev))
5736 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5737 MGMT_STATUS_REJECTED);
5738
5739 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5740 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5741 MGMT_STATUS_INVALID_PARAMS);
5742
5743 if (!hdev->set_bdaddr)
5744 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5745 MGMT_STATUS_NOT_SUPPORTED);
5746
5747 hci_dev_lock(hdev);
5748
5749 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5750 bacpy(&hdev->public_addr, &cp->bdaddr);
5751
5752 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5753 if (err < 0)
5754 goto unlock;
5755
5756 if (!changed)
5757 goto unlock;
5758
5759 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5760 err = new_options(hdev, sk);
5761
5762 if (is_configured(hdev)) {
5763 mgmt_index_removed(hdev);
5764
5765 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5766
5767 set_bit(HCI_CONFIG, &hdev->dev_flags);
5768 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5769
5770 queue_work(hdev->req_workqueue, &hdev->power_on);
5771 }
5772
5773unlock:
5774 hci_dev_unlock(hdev);
5775 return err;
5776}
5777
2e3c35ea 5778static const struct mgmt_handler {
04124681
GP		 5779 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5780 u16 data_len);
be22b54e
JH		 5781 bool var_len;
5782 size_t data_len;
0f4e68cf
JH		 5783} mgmt_handlers[] = {
5784 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5785 { read_version, false, MGMT_READ_VERSION_SIZE },
5786 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5787 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5788 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5789 { set_powered, false, MGMT_SETTING_SIZE },
5790 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5791 { set_connectable, false, MGMT_SETTING_SIZE },
5792 { set_fast_connectable, false, MGMT_SETTING_SIZE },
b2939475 5793 { set_bondable, false, MGMT_SETTING_SIZE },
be22b54e
JH		 5794 { set_link_security, false, MGMT_SETTING_SIZE },
5795 { set_ssp, false, MGMT_SETTING_SIZE },
5796 { set_hs, false, MGMT_SETTING_SIZE },
5797 { set_le, false, MGMT_SETTING_SIZE },
5798 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5799 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5800 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5801 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5802 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5803 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5804 { disconnect, false, MGMT_DISCONNECT_SIZE },
5805 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5806 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5807 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5808 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5809 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5810 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5811 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5812 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5813 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5814 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5815 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5816 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5817 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5818 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5819 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5820 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5821 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5822 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5823 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5824 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5825 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5826 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5827 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5828 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5829 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5830 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5831 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5832 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5833 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5834 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5835 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5836 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
73d1df2a
MH		 5837 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
5838 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
9fc3bfb6 5839 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
dbece37a 5840 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
9713c17b 5841 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
66ea9427 5842 { start_service_discovery,true, MGMT_START_SERVICE_DISCOVERY_SIZE },
0f4e68cf
JH		 5843};
5844
0381101f
JH		 5845int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5846{
650f726d
VCG		 5847 void *buf;
5848 u8 *cp;
0381101f 5849 struct mgmt_hdr *hdr;
4e51eae9 5850 u16 opcode, index, len;
bdb6d971 5851 struct hci_dev *hdev = NULL;
2e3c35ea 5852 const struct mgmt_handler *handler;
0381101f
JH		 5853 int err;
5854
5855 BT_DBG("got %zu bytes", msglen);
5856
5857 if (msglen < sizeof(*hdr))
5858 return -EINVAL;
5859
e63a15ec 5860 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5861 if (!buf)
5862 return -ENOMEM;
5863
5864 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5865 err = -EFAULT;
5866 goto done;
5867 }
5868
650f726d 5869 hdr = buf;
1f350c87
MH		 5870 opcode = __le16_to_cpu(hdr->opcode);
5871 index = __le16_to_cpu(hdr->index);
5872 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5873
5874 if (len != msglen - sizeof(*hdr)) {
5875 err = -EINVAL;
5876 goto done;
5877 }
5878
0f4e68cf 5879 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5880 hdev = hci_dev_get(index);
5881 if (!hdev) {
5882 err = cmd_status(sk, index, opcode,
04124681 5883 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5884 goto done;
5885 }
0736cfa8 5886
cebf4cfd 5887 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 5888 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 5889 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 5890 err = cmd_status(sk, index, opcode,
5891 MGMT_STATUS_INVALID_INDEX);
5892 goto done;
5893 }
42a9bc14
MH		 5894
5895 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
dbece37a 5896 opcode != MGMT_OP_READ_CONFIG_INFO &&
9713c17b
MH		 5897 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
5898 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
42a9bc14
MH		 5899 err = cmd_status(sk, index, opcode,
5900 MGMT_STATUS_INVALID_INDEX);
5901 goto done;
5902 }
bdb6d971
JH		 5903 }
5904
0f4e68cf 5905 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5906 mgmt_handlers[opcode].func == NULL) {
0381101f 5907 BT_DBG("Unknown op %u", opcode);
ca69b795 5908 err = cmd_status(sk, index, opcode,
04124681 5909 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5910 goto done;
5911 }
5912
73d1df2a
MH		 5913 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
5914 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5915 err = cmd_status(sk, index, opcode,
5916 MGMT_STATUS_INVALID_INDEX);
5917 goto done;
5918 }
5919
5920 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
5921 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
0f4e68cf 5922 err = cmd_status(sk, index, opcode,
04124681 5923 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5924 goto done;
0381101f
JH		 5925 }
5926
be22b54e
JH		 5927 handler = &mgmt_handlers[opcode];
5928
5929 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5930 (!handler->var_len && len != handler->data_len)) {
be22b54e 5931 err = cmd_status(sk, index, opcode,
04124681 5932 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5933 goto done;
5934 }
5935
0f4e68cf
JH		 5936 if (hdev)
5937 mgmt_init_hdev(sk, hdev);
5938
5939 cp = buf + sizeof(*hdr);
5940
be22b54e 5941 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5942 if (err < 0)
5943 goto done;
5944
0381101f
JH		 5945 err = msglen;
5946
5947done:
bdb6d971
JH		 5948 if (hdev)
5949 hci_dev_put(hdev);
5950
0381101f
JH		 5951 kfree(buf);
5952 return err;
5953}
c71e97bf 5954
bf6b56db 5955void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 5956{
1514b892 5957 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5958 return;
bb4b2a9a 5959
0602a8ad
MH		 5960 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5961 return;
5962
5963 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5964 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
5965 else
5966 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 5967}
5968
bf6b56db 5969void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 5970{
5f159032 5971 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 5972
1514b892 5973 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5974 return;
bb4b2a9a 5975
0602a8ad
MH		 5976 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5977 return;
5978
744cf19e 5979 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 5980
edd3896b
MH		 5981 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5982 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
5983 else
5984 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 5985}
5986
6046dc3e 5987/* This function requires the caller holds hdev->lock */
d7347f3c 5988static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 5989{
5990 struct hci_conn_params *p;
5991
5992 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 5993 /* Needed for AUTO_OFF case where might not "really"
5994 * have been powered off.
5995 */
5996 list_del_init(&p->action);
5997
5998 switch (p->auto_connect) {
4b9e7e75 5999 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6000 case HCI_AUTO_CONN_ALWAYS:
6001 list_add(&p->action, &hdev->pend_le_conns);
6002 break;
6003 case HCI_AUTO_CONN_REPORT:
6004 list_add(&p->action, &hdev->pend_le_reports);
6005 break;
6006 default:
6007 break;
c83ed19d 6008 }
6046dc3e 6009 }
c83ed19d 6010
c83ed19d 6011 hci_update_background_scan(hdev);
6046dc3e
AG		 6012}
6013
229ab39c
JH		 6014static void powered_complete(struct hci_dev *hdev, u8 status)
6015{
6016 struct cmd_lookup match = { NULL, hdev };
6017
6018 BT_DBG("status 0x%02x", status);
6019
6020 hci_dev_lock(hdev);
6021
d7347f3c 6022 restart_le_actions(hdev);
6046dc3e 6023
229ab39c
JH		 6024 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6025
6026 new_settings(hdev, match.sk);
6027
6028 hci_dev_unlock(hdev);
6029
6030 if (match.sk)
6031 sock_put(match.sk);
6032}
6033
70da6243 6034static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6035{
890ea898 6036 struct hci_request req;
70da6243 6037 u8 link_sec;
5add6af8 6038
890ea898
JH		 6039 hci_req_init(&req, hdev);
6040
70da6243
JH		 6041 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
6042 !lmp_host_ssp_capable(hdev)) {
6043 u8 ssp = 1;
5e5282bb 6044
890ea898 6045 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 6046 }
5add6af8 6047
c73eee91
JH		 6048 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
6049 lmp_bredr_capable(hdev)) {
70da6243 6050 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6051
32226e4f
MH		 6052 cp.le = 0x01;
6053 cp.simul = 0x00;
3d1cbdd6 6054
70da6243
JH		 6055 /* Check first if we already have the right
6056 * host state (host features set)
6057 */
6058 if (cp.le != lmp_host_le_capable(hdev) ||
6059 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6060 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6061 sizeof(cp), &cp);
70da6243 6062 }
3d1cbdd6 6063
d13eafce 6064 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6065 /* Make sure the controller has a good default for
6066 * advertising data. This also applies to the case
6067 * where BR/EDR was toggled during the AUTO_OFF phase.
6068 */
f14d8f64 6069 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 6070 update_adv_data(&req);
f14d8f64
MH		 6071 update_scan_rsp_data(&req);
6072 }
441ad2d0 6073
bba3aa55
MH		 6074 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6075 enable_advertising(&req);
eeca6f89
JH		 6076 }
6077
70da6243
JH		 6078 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
6079 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6080 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6081 sizeof(link_sec), &link_sec);
562fcc24 6082
70da6243 6083 if (lmp_bredr_capable(hdev)) {
432df05e
JH		 6084 write_fast_connectable(&req, false);
6085 hci_update_page_scan(hdev, &req);
890ea898 6086 update_class(&req);
13928971 6087 update_name(&req);
890ea898 6088 update_eir(&req);
70da6243 6089 }
562fcc24 6090
229ab39c 6091 return hci_req_run(&req, powered_complete);
70da6243 6092}
562fcc24 6093
70da6243
JH		 6094int mgmt_powered(struct hci_dev *hdev, u8 powered)
6095{
6096 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 6097 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
6098 u8 zero_cod[] = { 0, 0, 0 };
70da6243 6099 int err;
f0ff92fb 6100
70da6243
JH		 6101 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
6102 return 0;
6103
70da6243 6104 if (powered) {
229ab39c
JH		 6105 if (powered_update_hci(hdev) == 0)
6106 return 0;
fe038884 6107
229ab39c
JH		 6108 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6109 &match);
6110 goto new_settings;
b24752fe
JH		 6111 }
6112
229ab39c
JH		 6113 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6114 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
6115
6116 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6117 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6118 zero_cod, sizeof(zero_cod), NULL);
6119
6120new_settings:
beadb2bd 6121 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6122
6123 if (match.sk)
6124 sock_put(match.sk);
6125
7bb895d6 6126 return err;
5add6af8 6127}
73f22f62 6128
3eec705e 6129void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 6130{
6131 struct pending_cmd *cmd;
6132 u8 status;
6133
6134 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6135 if (!cmd)
3eec705e 6136 return;
96570ffc
JH		 6137
6138 if (err == -ERFKILL)
6139 status = MGMT_STATUS_RFKILLED;
6140 else
6141 status = MGMT_STATUS_FAILED;
6142
3eec705e 6143 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6144
6145 mgmt_pending_remove(cmd);
96570ffc
JH		 6146}
6147
d1967ff8
MH		 6148void mgmt_discoverable_timeout(struct hci_dev *hdev)
6149{
6150 struct hci_request req;
d1967ff8
MH		 6151
6152 hci_dev_lock(hdev);
6153
6154 /* When discoverable timeout triggers, then just make sure
6155 * the limited discoverable flag is cleared. Even in the case
6156 * of a timeout triggered from general discoverable, it is
6157 * safe to unconditionally clear the flag.
6158 */
6159 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 6160 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 6161
6162 hci_req_init(&req, hdev);
4b580614
JH		 6163 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6164 u8 scan = SCAN_PAGE;
6165 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6166 sizeof(scan), &scan);
6167 }
d1967ff8 6168 update_class(&req);
9a43e25f 6169 update_adv_data(&req);
d1967ff8
MH		 6170 hci_req_run(&req, NULL);
6171
6172 hdev->discov_timeout = 0;
6173
9a43e25f
JH		 6174 new_settings(hdev, NULL);
6175
d1967ff8
MH		 6176 hci_dev_unlock(hdev);
6177}
6178
dc4a5ee2
MH		 6179void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6180 bool persistent)
55ed8ca1 6181{
86742e1e 6182 struct mgmt_ev_new_link_key ev;
55ed8ca1 6183
a492cd52 6184 memset(&ev, 0, sizeof(ev));
55ed8ca1 6185
a492cd52 6186 ev.store_hint = persistent;
d753fdc4 6187 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6188 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6189 ev.key.type = key->type;
9b3b4460 6190 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6191 ev.key.pin_len = key->pin_len;
55ed8ca1 6192
dc4a5ee2 6193 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6194}
f7520543 6195
d7b25450
JH		 6196static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6197{
23fb8de3
JH		 6198 switch (ltk->type) {
6199 case SMP_LTK:
6200 case SMP_LTK_SLAVE:
6201 if (ltk->authenticated)
6202 return MGMT_LTK_AUTHENTICATED;
6203 return MGMT_LTK_UNAUTHENTICATED;
6204 case SMP_LTK_P256:
6205 if (ltk->authenticated)
6206 return MGMT_LTK_P256_AUTH;
6207 return MGMT_LTK_P256_UNAUTH;
6208 case SMP_LTK_P256_DEBUG:
6209 return MGMT_LTK_P256_DEBUG;
6210 }
d7b25450
JH		 6211
6212 return MGMT_LTK_UNAUTHENTICATED;
6213}
6214
53ac6ab6 6215void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6216{
6217 struct mgmt_ev_new_long_term_key ev;
6218
6219 memset(&ev, 0, sizeof(ev));
6220
5192d301
MH		 6221 /* Devices using resolvable or non-resolvable random addresses
6222 * without providing an indentity resolving key don't require
6223 * to store long term keys. Their addresses will change the
6224 * next time around.
6225 *
6226 * Only when a remote device provides an identity address
6227 * make sure the long term key is stored. If the remote
6228 * identity is known, the long term keys are internally
6229 * mapped to the identity address. So allow static random
6230 * and public addresses here.
6231 */
ba74b666
JH		 6232 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6233 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6234 ev.store_hint = 0x00;
6235 else
53ac6ab6 6236 ev.store_hint = persistent;
ba74b666 6237
346af67b 6238 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6239 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6240 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6241 ev.key.enc_size = key->enc_size;
6242 ev.key.ediv = key->ediv;
fe39c7b2 6243 ev.key.rand = key->rand;
346af67b 6244
2ceba539 6245 if (key->type == SMP_LTK)
346af67b
VCG		 6246 ev.key.master = 1;
6247
346af67b
VCG		 6248 memcpy(ev.key.val, key->val, sizeof(key->val));
6249
083368f7 6250 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6251}
6252
95fbac8a
JH		 6253void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6254{
6255 struct mgmt_ev_new_irk ev;
6256
6257 memset(&ev, 0, sizeof(ev));
6258
bab6d1e5
MH		 6259 /* For identity resolving keys from devices that are already
6260 * using a public address or static random address, do not
6261 * ask for storing this key. The identity resolving key really
6262 * is only mandatory for devices using resovlable random
6263 * addresses.
6264 *
6265 * Storing all identity resolving keys has the downside that
6266 * they will be also loaded on next boot of they system. More
6267 * identity resolving keys, means more time during scanning is
6268 * needed to actually resolve these addresses.
6269 */
6270 if (bacmp(&irk->rpa, BDADDR_ANY))
6271 ev.store_hint = 0x01;
6272 else
6273 ev.store_hint = 0x00;
6274
95fbac8a
JH		 6275 bacpy(&ev.rpa, &irk->rpa);
6276 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6277 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6278 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6279
6280 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6281}
6282
53ac6ab6
MH		 6283void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6284 bool persistent)
7ee4ea36
MH		 6285{
6286 struct mgmt_ev_new_csrk ev;
6287
6288 memset(&ev, 0, sizeof(ev));
6289
6290 /* Devices using resolvable or non-resolvable random addresses
6291 * without providing an indentity resolving key don't require
6292 * to store signature resolving keys. Their addresses will change
6293 * the next time around.
6294 *
6295 * Only when a remote device provides an identity address
6296 * make sure the signature resolving key is stored. So allow
6297 * static random and public addresses here.
6298 */
6299 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6300 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6301 ev.store_hint = 0x00;
6302 else
53ac6ab6 6303 ev.store_hint = persistent;
7ee4ea36
MH		 6304
6305 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6306 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6307 ev.key.master = csrk->master;
6308 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6309
6310 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6311}
6312
ffb5a827 6313void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6314 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6315 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6316{
6317 struct mgmt_ev_new_conn_param ev;
6318
c103aea6
JH		 6319 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6320 return;
6321
ffb5a827
AG		 6322 memset(&ev, 0, sizeof(ev));
6323 bacpy(&ev.addr.bdaddr, bdaddr);
6324 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6325 ev.store_hint = store_hint;
ffb5a827
AG		 6326 ev.min_interval = cpu_to_le16(min_interval);
6327 ev.max_interval = cpu_to_le16(max_interval);
6328 ev.latency = cpu_to_le16(latency);
6329 ev.timeout = cpu_to_le16(timeout);
6330
6331 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6332}
6333
94933991
MH		 6334static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6335 u8 data_len)
6336{
6337 eir[eir_len++] = sizeof(type) + data_len;
6338 eir[eir_len++] = type;
6339 memcpy(&eir[eir_len], data, data_len);
6340 eir_len += data_len;
6341
6342 return eir_len;
6343}
6344
48ec92fa
AA		 6345void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6346 u32 flags, u8 *name, u8 name_len)
f7520543 6347{
b644ba33
JH		 6348 char buf[512];
6349 struct mgmt_ev_device_connected *ev = (void *) buf;
6350 u16 eir_len = 0;
f7520543 6351
48ec92fa
AA		 6352 bacpy(&ev->addr.bdaddr, &conn->dst);
6353 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6354
c95f0ba7 6355 ev->flags = __cpu_to_le32(flags);
08c79b61 6356
fd45ada9
AA		 6357 /* We must ensure that the EIR Data fields are ordered and
6358 * unique. Keep it simple for now and avoid the problem by not
6359 * adding any BR/EDR data to the LE adv.
6360 */
6361 if (conn->le_adv_data_len > 0) {
6362 memcpy(&ev->eir[eir_len],
6363 conn->le_adv_data, conn->le_adv_data_len);
6364 eir_len = conn->le_adv_data_len;
6365 } else {
6366 if (name_len > 0)
6367 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6368 name, name_len);
b644ba33 6369
ddbea5cf 6370 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6371 eir_len = eir_append_data(ev->eir, eir_len,
6372 EIR_CLASS_OF_DEV,
6373 conn->dev_class, 3);
6374 }
b644ba33 6375
eb55ef07 6376 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6377
ecd90ae7
MH		 6378 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6379 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6380}
6381
8962ee74
JH		 6382static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6383{
c68fb7ff 6384 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 6385 struct sock **sk = data;
a38528f1 6386 struct mgmt_rp_disconnect rp;
8962ee74 6387
88c3df13
JH		 6388 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6389 rp.addr.type = cp->addr.type;
8962ee74 6390
aee9b218 6391 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 6392 sizeof(rp));
8962ee74
JH		 6393
6394 *sk = cmd->sk;
6395 sock_hold(*sk);
6396
a664b5bc 6397 mgmt_pending_remove(cmd);
8962ee74
JH		 6398}
6399
124f6e35 6400static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 6401{
b1078ad0 6402 struct hci_dev *hdev = data;
124f6e35
JH		 6403 struct mgmt_cp_unpair_device *cp = cmd->param;
6404 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 6405
6406 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 6407 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6408 rp.addr.type = cp->addr.type;
a8a1d19e 6409
b1078ad0
JH		 6410 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6411
aee9b218 6412 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 6413
6414 mgmt_pending_remove(cmd);
6415}
6416
84c61d92
JH		 6417bool mgmt_powering_down(struct hci_dev *hdev)
6418{
6419 struct pending_cmd *cmd;
6420 struct mgmt_mode *cp;
6421
6422 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6423 if (!cmd)
6424 return false;
6425
6426 cp = cmd->param;
6427 if (!cp->val)
6428 return true;
6429
6430 return false;
6431}
6432
9b80ec5e 6433void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6434 u8 link_type, u8 addr_type, u8 reason,
6435 bool mgmt_connected)
f7520543 6436{
f0d6a0ea 6437 struct mgmt_ev_device_disconnected ev;
8962ee74 6438 struct sock *sk = NULL;
8962ee74 6439
84c61d92
JH		 6440 /* The connection is still in hci_conn_hash so test for 1
6441 * instead of 0 to know if this is the last one.
6442 */
6443 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6444 cancel_delayed_work(&hdev->power_off);
6445 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6446 }
6447
12d4a3b2
JH		 6448 if (!mgmt_connected)
6449 return;
6450
57eb776f
AG		 6451 if (link_type != ACL_LINK && link_type != LE_LINK)
6452 return;
6453
744cf19e 6454 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6455
f0d6a0ea
MA		 6456 bacpy(&ev.addr.bdaddr, bdaddr);
6457 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6458 ev.reason = reason;
f7520543 6459
9b80ec5e 6460 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6461
6462 if (sk)
d97dcb66 6463 sock_put(sk);
8962ee74 6464
124f6e35 6465 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6466 hdev);
8962ee74
JH		 6467}
6468
7892924c
MH		 6469void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6470 u8 link_type, u8 addr_type, u8 status)
8962ee74 6471{
3655bba8
AG		 6472 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6473 struct mgmt_cp_disconnect *cp;
88c3df13 6474 struct mgmt_rp_disconnect rp;
8962ee74 6475 struct pending_cmd *cmd;
8962ee74 6476
36a75f1b
JD		 6477 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6478 hdev);
6479
2e58ef3e 6480 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6481 if (!cmd)
7892924c 6482 return;
8962ee74 6483
3655bba8
AG		 6484 cp = cmd->param;
6485
6486 if (bacmp(bdaddr, &cp->addr.bdaddr))
6487 return;
6488
6489 if (cp->addr.type != bdaddr_type)
6490 return;
6491
88c3df13 6492 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 6493 rp.addr.type = bdaddr_type;
37d9ef76 6494
7892924c
MH		 6495 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
6496 mgmt_status(status), &rp, sizeof(rp));
8962ee74 6497
a664b5bc 6498 mgmt_pending_remove(cmd);
f7520543 6499}
17d5c04c 6500
445608d0
MH		 6501void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6502 u8 addr_type, u8 status)
17d5c04c
JH		 6503{
6504 struct mgmt_ev_connect_failed ev;
c9910d0f 6505
84c61d92
JH		 6506 /* The connection is still in hci_conn_hash so test for 1
6507 * instead of 0 to know if this is the last one.
6508 */
6509 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6510 cancel_delayed_work(&hdev->power_off);
6511 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6512 }
17d5c04c 6513
4c659c39 6514 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6515 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6516 ev.status = mgmt_status(status);
17d5c04c 6517
445608d0 6518 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6519}
980e1a53 6520
ce0e4a0d 6521void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6522{
6523 struct mgmt_ev_pin_code_request ev;
6524
d8457698 6525 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6526 ev.addr.type = BDADDR_BREDR;
a770bb5a 6527 ev.secure = secure;
980e1a53 6528
ce0e4a0d 6529 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6530}
6531
e669cf80
MH		 6532void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6533 u8 status)
980e1a53
JH		 6534{
6535 struct pending_cmd *cmd;
ac56fb13 6536 struct mgmt_rp_pin_code_reply rp;
980e1a53 6537
2e58ef3e 6538 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6539 if (!cmd)
e669cf80 6540 return;
980e1a53 6541
d8457698 6542 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6543 rp.addr.type = BDADDR_BREDR;
ac56fb13 6544
e669cf80
MH		 6545 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6546 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6547
a664b5bc 6548 mgmt_pending_remove(cmd);
980e1a53
JH		 6549}
6550
3eb38528
MH		 6551void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6552 u8 status)
980e1a53
JH		 6553{
6554 struct pending_cmd *cmd;
ac56fb13 6555 struct mgmt_rp_pin_code_reply rp;
980e1a53 6556
2e58ef3e 6557 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6558 if (!cmd)
3eb38528 6559 return;
980e1a53 6560
d8457698 6561 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6562 rp.addr.type = BDADDR_BREDR;
ac56fb13 6563
3eb38528
MH		 6564 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6565 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6566
a664b5bc 6567 mgmt_pending_remove(cmd);
980e1a53 6568}
a5c29683 6569
744cf19e 6570int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6571 u8 link_type, u8 addr_type, u32 value,
04124681 6572 u8 confirm_hint)
a5c29683
JH		 6573{
6574 struct mgmt_ev_user_confirm_request ev;
6575
744cf19e 6576 BT_DBG("%s", hdev->name);
a5c29683 6577
272d90df 6578 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6579 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6580 ev.confirm_hint = confirm_hint;
39adbffe 6581 ev.value = cpu_to_le32(value);
a5c29683 6582
744cf19e 6583 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6584 NULL);
a5c29683
JH		 6585}
6586
272d90df 6587int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6588 u8 link_type, u8 addr_type)
604086b7
BG		 6589{
6590 struct mgmt_ev_user_passkey_request ev;
6591
6592 BT_DBG("%s", hdev->name);
6593
272d90df 6594 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6595 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6596
6597 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6598 NULL);
604086b7
BG		 6599}
6600
0df4c185 6601static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6602 u8 link_type, u8 addr_type, u8 status,
6603 u8 opcode)
a5c29683
JH		 6604{
6605 struct pending_cmd *cmd;
6606 struct mgmt_rp_user_confirm_reply rp;
6607 int err;
6608
2e58ef3e 6609 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6610 if (!cmd)
6611 return -ENOENT;
6612
272d90df 6613 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 6614 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 6615 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 6616 &rp, sizeof(rp));
a5c29683 6617
a664b5bc 6618 mgmt_pending_remove(cmd);
a5c29683
JH		 6619
6620 return err;
6621}
6622
744cf19e 6623int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6624 u8 link_type, u8 addr_type, u8 status)
a5c29683 6625{
272d90df 6626 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6627 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6628}
6629
272d90df 6630int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6631 u8 link_type, u8 addr_type, u8 status)
a5c29683 6632{
272d90df 6633 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6634 status,
6635 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6636}
2a611692 6637
604086b7 6638int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6639 u8 link_type, u8 addr_type, u8 status)
604086b7 6640{
272d90df 6641 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6642 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6643}
6644
272d90df 6645int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6646 u8 link_type, u8 addr_type, u8 status)
604086b7 6647{
272d90df 6648 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6649 status,
6650 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6651}
6652
92a25256
JH		 6653int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6654 u8 link_type, u8 addr_type, u32 passkey,
6655 u8 entered)
6656{
6657 struct mgmt_ev_passkey_notify ev;
6658
6659 BT_DBG("%s", hdev->name);
6660
6661 bacpy(&ev.addr.bdaddr, bdaddr);
6662 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6663 ev.passkey = __cpu_to_le32(passkey);
6664 ev.entered = entered;
6665
6666 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6667}
6668
e1e930f5 6669void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 6670{
6671 struct mgmt_ev_auth_failed ev;
e1e930f5
JH		 6672 struct pending_cmd *cmd;
6673 u8 status = mgmt_status(hci_status);
2a611692 6674
e1e930f5
JH		 6675 bacpy(&ev.addr.bdaddr, &conn->dst);
6676 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6677 ev.status = status;
2a611692 6678
e1e930f5
JH		 6679 cmd = find_pairing(conn);
6680
6681 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
6682 cmd ? cmd->sk : NULL);
6683
6684 if (cmd)
6685 pairing_complete(cmd, status);
2a611692 6686}
b312b161 6687
464996ae 6688void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6689{
6690 struct cmd_lookup match = { NULL, hdev };
464996ae 6691 bool changed;
33ef95ed
JH		 6692
6693 if (status) {
6694 u8 mgmt_err = mgmt_status(status);
6695 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6696 cmd_status_rsp, &mgmt_err);
464996ae 6697 return;
33ef95ed
JH		 6698 }
6699
464996ae
MH		 6700 if (test_bit(HCI_AUTH, &hdev->flags))
6701 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6702 &hdev->dev_flags);
6703 else
6704 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6705 &hdev->dev_flags);
47990ea0 6706
33ef95ed 6707 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6708 &match);
33ef95ed 6709
47990ea0 6710 if (changed)
464996ae 6711 new_settings(hdev, match.sk);
33ef95ed
JH		 6712
6713 if (match.sk)
6714 sock_put(match.sk);
33ef95ed
JH		 6715}
6716
890ea898 6717static void clear_eir(struct hci_request *req)
cacaf52f 6718{
890ea898 6719 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6720 struct hci_cp_write_eir cp;
6721
976eb20e 6722 if (!lmp_ext_inq_capable(hdev))
890ea898 6723 return;
cacaf52f 6724
c80da27e
JH		 6725 memset(hdev->eir, 0, sizeof(hdev->eir));
6726
cacaf52f
JH		 6727 memset(&cp, 0, sizeof(cp));
6728
890ea898 6729 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6730}
6731
3e248560 6732void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6733{
6734 struct cmd_lookup match = { NULL, hdev };
890ea898 6735 struct hci_request req;
c0ecddc2 6736 bool changed = false;
ed2c4ee3
JH		 6737
6738 if (status) {
6739 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6740
6741 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6742 &hdev->dev_flags)) {
6743 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6744 new_settings(hdev, NULL);
9ecb3e24 6745 }
c0ecddc2 6746
04124681
GP		 6747 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6748 &mgmt_err);
3e248560 6749 return;
c0ecddc2
JH		 6750 }
6751
6752 if (enable) {
9ecb3e24 6753 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6754 } else {
9ecb3e24
MH		 6755 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6756 if (!changed)
6757 changed = test_and_clear_bit(HCI_HS_ENABLED,
6758 &hdev->dev_flags);
6759 else
6760 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6761 }
6762
6763 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6764
c0ecddc2 6765 if (changed)
3e248560 6766 new_settings(hdev, match.sk);
ed2c4ee3 6767
5fc6ebb1 6768 if (match.sk)
ed2c4ee3
JH		 6769 sock_put(match.sk);
6770
890ea898
JH		 6771 hci_req_init(&req, hdev);
6772
3769972b
JH		 6773 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6774 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6775 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6776 sizeof(enable), &enable);
890ea898 6777 update_eir(&req);
3769972b 6778 } else {
890ea898 6779 clear_eir(&req);
3769972b 6780 }
890ea898
JH		 6781
6782 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6783}
6784
eac83dc6
MH		 6785void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6786{
6787 struct cmd_lookup match = { NULL, hdev };
6788 bool changed = false;
6789
6790 if (status) {
6791 u8 mgmt_err = mgmt_status(status);
6792
0ab04a9c
MH		 6793 if (enable) {
6794 if (test_and_clear_bit(HCI_SC_ENABLED,
6795 &hdev->dev_flags))
6796 new_settings(hdev, NULL);
6797 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6798 }
eac83dc6
MH		 6799
6800 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6801 cmd_status_rsp, &mgmt_err);
6802 return;
6803 }
6804
0ab04a9c 6805 if (enable) {
eac83dc6 6806 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6807 } else {
eac83dc6 6808 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6809 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6810 }
eac83dc6
MH		 6811
6812 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6813 settings_rsp, &match);
6814
6815 if (changed)
6816 new_settings(hdev, match.sk);
6817
6818 if (match.sk)
6819 sock_put(match.sk);
6820}
6821
92da6097 6822static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6823{
6824 struct cmd_lookup *match = data;
6825
90e70454
JH		 6826 if (match->sk == NULL) {
6827 match->sk = cmd->sk;
6828 sock_hold(match->sk);
6829 }
90e70454
JH		 6830}
6831
4e1b0245
MH		 6832void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6833 u8 status)
7f9a903c 6834{
90e70454 6835 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6836
92da6097
JH		 6837 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6838 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6839 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6840
6841 if (!status)
4e1b0245
MH		 6842 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6843 NULL);
90e70454
JH		 6844
6845 if (match.sk)
6846 sock_put(match.sk);
7f9a903c
MH		 6847}
6848
7667da34 6849void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6850{
b312b161 6851 struct mgmt_cp_set_local_name ev;
13928971 6852 struct pending_cmd *cmd;
28cc7bde 6853
13928971 6854 if (status)
7667da34 6855 return;
b312b161
JH		 6856
6857 memset(&ev, 0, sizeof(ev));
6858 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6859 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6860
2e58ef3e 6861 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6862 if (!cmd) {
6863 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6864
13928971
JH		 6865 /* If this is a HCI command related to powering on the
6866 * HCI dev don't send any mgmt signals.
6867 */
6868 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6869 return;
890ea898 6870 }
b312b161 6871
7667da34
MH		 6872 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6873 cmd ? cmd->sk : NULL);
b312b161 6874}
c35938b2 6875
4d2d2796 6876void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 6877 u8 *rand192, u8 *hash256, u8 *rand256,
6878 u8 status)
c35938b2
SJ		 6879{
6880 struct pending_cmd *cmd;
c35938b2 6881
744cf19e 6882 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6883
2e58ef3e 6884 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6885 if (!cmd)
3edaf092 6886 return;
c35938b2
SJ		 6887
6888 if (status) {
3edaf092
MH		 6889 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6890 mgmt_status(status));
c35938b2 6891 } else {
710f11c0 6892 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796
MH		 6893 struct mgmt_rp_read_local_oob_ext_data rp;
6894
6895 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
38da1703 6896 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 6897
4d2d2796 6898 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 6899 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
c35938b2 6900
4d2d2796
MH		 6901 cmd_complete(cmd->sk, hdev->id,
6902 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6903 &rp, sizeof(rp));
6904 } else {
6905 struct mgmt_rp_read_local_oob_data rp;
6906
6907 memcpy(rp.hash, hash192, sizeof(rp.hash));
38da1703 6908 memcpy(rp.rand, rand192, sizeof(rp.rand));
4d2d2796
MH		 6909
6910 cmd_complete(cmd->sk, hdev->id,
6911 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6912 &rp, sizeof(rp));
6913 }
c35938b2
SJ		 6914 }
6915
6916 mgmt_pending_remove(cmd);
c35938b2 6917}
e17acd40 6918
799ce93d
JP		 6919/* this is reversed hex representation of bluetooth base uuid. We need it for
6920 * service uuid parsing in eir.
6921 */
6922static const u8 reverse_base_uuid[] = {
6923 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
6924 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
6925};
6926
6927static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
6928{
6929 int i;
6930
6931 for (i = 0; i < uuid_count; i++) {
6932 if (!memcmp(uuid, uuids[i], 16))
6933 return true;
6934 }
6935
6936 return false;
6937}
6938
b487b9ce
MH		 6939static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
6940{
799ce93d
JP		 6941 u16 parsed = 0;
6942
6943 while (parsed < eir_len) {
6944 u8 field_len = eir[0];
6945 u8 uuid[16];
6946 int i;
6947
6948 if (field_len == 0)
6949 break;
6950
6951 if (eir_len - parsed < field_len + 1)
6952 break;
6953
6954 switch (eir[1]) {
6955 case EIR_UUID16_ALL:
6956 case EIR_UUID16_SOME:
6957 for (i = 0; i + 3 <= field_len; i += 2) {
6958 memcpy(uuid, reverse_base_uuid, 16);
6959 uuid[13] = eir[i + 3];
6960 uuid[12] = eir[i + 2];
6961 if (has_uuid(uuid, uuid_count, uuids))
6962 return true;
6963 }
6964 break;
6965 case EIR_UUID32_ALL:
6966 case EIR_UUID32_SOME:
6967 for (i = 0; i + 5 <= field_len; i += 4) {
6968 memcpy(uuid, reverse_base_uuid, 16);
6969 uuid[15] = eir[i + 5];
6970 uuid[14] = eir[i + 4];
6971 uuid[13] = eir[i + 3];
6972 uuid[12] = eir[i + 2];
6973 if (has_uuid(uuid, uuid_count, uuids))
6974 return true;
6975 }
6976 break;
6977 case EIR_UUID128_ALL:
6978 case EIR_UUID128_SOME:
6979 for (i = 0; i + 17 <= field_len; i += 16) {
6980 memcpy(uuid, eir + i + 2, 16);
6981 if (has_uuid(uuid, uuid_count, uuids))
6982 return true;
6983 }
6984 break;
6985 }
6986
6987 parsed += field_len + 1;
6988 eir += field_len + 1;
6989 }
6990
b487b9ce
MH		 6991 return false;
6992}
6993
901801b9 6994void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 6995 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6996 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 6997{
e319d2e7
JH		 6998 char buf[512];
6999 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 7000 size_t ev_size;
b487b9ce 7001 bool match;
e17acd40 7002
75ce208c
JH		 7003 /* Don't send events for a non-kernel initiated discovery. With
7004 * LE one exception is if we have pend_le_reports > 0 in which
7005 * case we're doing passive scanning and want these events.
7006 */
7007 if (!hci_discovery_active(hdev)) {
7008 if (link_type == ACL_LINK)
7009 return;
66f8455a 7010 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
75ce208c
JH		 7011 return;
7012 }
12602d0c 7013
bda157a4
MH		 7014 /* When using service discovery with a RSSI threshold, then check
7015 * if such a RSSI threshold is specified. If a RSSI threshold has
7016 * been specified, then all results with a RSSI smaller than the
7017 * RSSI threshold will be dropped.
7018 */
7019 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7020 rssi < hdev->discovery.rssi)
7021 return;
7022
5d2e9fad
JH		 7023 /* Make sure that the buffer is big enough. The 5 extra bytes
7024 * are for the potential CoD field.
7025 */
7026 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 7027 return;
7d262f86 7028
1dc06093
JH		 7029 memset(buf, 0, sizeof(buf));
7030
841c5644
JH		 7031 bacpy(&ev->addr.bdaddr, bdaddr);
7032 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 7033 ev->rssi = rssi;
af58925c 7034 ev->flags = cpu_to_le32(flags);
e17acd40 7035
b487b9ce
MH		 7036 if (eir_len > 0) {
7037 /* When using service discovery and a list of UUID is
7038 * provided, results with no matching UUID should be
7039 * dropped. In case there is a match the result is
7040 * kept and checking possible scan response data
7041 * will be skipped.
7042 */
7043 if (hdev->discovery.uuid_count > 0) {
7044 match = eir_has_uuids(eir, eir_len,
7045 hdev->discovery.uuid_count,
7046 hdev->discovery.uuids);
7047 if (!match)
7048 return;
7049 }
7050
7051 /* Copy EIR or advertising data into event */
e319d2e7 7052 memcpy(ev->eir, eir, eir_len);
b487b9ce
MH		 7053 } else {
7054 /* When using service discovery and a list of UUID is
7055 * provided, results with empty EIR or advertising data
7056 * should be dropped since they do not match any UUID.
7057 */
7058 if (hdev->discovery.uuid_count > 0)
7059 return;
7060 }
e17acd40 7061
1dc06093
JH		 7062 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7063 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 7064 dev_class, 3);
1dc06093 7065
b487b9ce
MH		 7066 if (scan_rsp_len > 0) {
7067 /* When using service discovery and a list of UUID is
7068 * provided, results with no matching UUID should be
7069 * dropped if there is no previous match from the
7070 * advertising data.
7071 */
7072 if (hdev->discovery.uuid_count > 0) {
7073 if (!match && !eir_has_uuids(scan_rsp, scan_rsp_len,
7074 hdev->discovery.uuid_count,
7075 hdev->discovery.uuids))
7076 return;
7077 }
7078
7079 /* Append scan response data to event */
5d2e9fad 7080 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
b487b9ce
MH		 7081 } else {
7082 /* When using service discovery and a list of UUID is
7083 * provided, results with empty scan response and no
7084 * previous matched advertising data should be dropped.
7085 */
7086 if (hdev->discovery.uuid_count > 0 && !match)
7087 return;
7088 }
5d2e9fad
JH		 7089
7090 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7091 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7092
901801b9 7093 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7094}
a88a9652 7095
9cf12aee
MH		 7096void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7097 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7098{
b644ba33
JH		 7099 struct mgmt_ev_device_found *ev;
7100 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7101 u16 eir_len;
a88a9652 7102
b644ba33 7103 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7104
b644ba33
JH		 7105 memset(buf, 0, sizeof(buf));
7106
7107 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7108 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7109 ev->rssi = rssi;
7110
7111 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7112 name_len);
b644ba33 7113
eb55ef07 7114 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7115
9cf12aee 7116 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7117}
314b2381 7118
2f1e063b 7119void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7120{
f963e8e9 7121 struct mgmt_ev_discovering ev;
164a6e78 7122
343fb145
AG		 7123 BT_DBG("%s discovering %u", hdev->name, discovering);
7124
f963e8e9
JH		 7125 memset(&ev, 0, sizeof(ev));
7126 ev.type = hdev->discovery.type;
7127 ev.discovering = discovering;
7128
2f1e063b 7129 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7130}
5e762444 7131
5976e608
MH		 7132static void adv_enable_complete(struct hci_dev *hdev, u8 status)
7133{
7134 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 7135}
7136
7137void mgmt_reenable_advertising(struct hci_dev *hdev)
7138{
7139 struct hci_request req;
7140
5976e608
MH		 7141 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
7142 return;
7143
7144 hci_req_init(&req, hdev);
7145 enable_advertising(&req);
0ec5ae84 7146 hci_req_run(&req, adv_enable_complete);
5976e608 7147}
Linux kernel - Deliverables
This page took 0.755023 seconds and 5 git commands to generate.