projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Implement the Add Advertising command
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
0381101f 39
2da9c55c 40#define MGMT_VERSION 1
beb1c21b 41#define MGMT_REVISION 9
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 50 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
4375f103 82 MGMT_OP_SET_ADVERTISING,
0663ca2a 83 MGMT_OP_SET_BREDR,
d13eafce 84 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 85 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 86 MGMT_OP_SET_SECURE_CONN,
4e39ac81 87 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 88 MGMT_OP_SET_PRIVACY,
41edf160 89 MGMT_OP_LOAD_IRKS,
dd983808 90 MGMT_OP_GET_CONN_INFO,
95868426 91 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 94 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 95 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 96 MGMT_OP_READ_CONFIG_INFO,
dbece37a 97 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 98 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 99 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 101 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 102 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 103 MGMT_OP_ADD_ADVERTISING,
e70bb2e8
JH		 104};
105
106static const u16 mgmt_events[] = {
107 MGMT_EV_CONTROLLER_ERROR,
108 MGMT_EV_INDEX_ADDED,
109 MGMT_EV_INDEX_REMOVED,
110 MGMT_EV_NEW_SETTINGS,
111 MGMT_EV_CLASS_OF_DEV_CHANGED,
112 MGMT_EV_LOCAL_NAME_CHANGED,
113 MGMT_EV_NEW_LINK_KEY,
114 MGMT_EV_NEW_LONG_TERM_KEY,
115 MGMT_EV_DEVICE_CONNECTED,
116 MGMT_EV_DEVICE_DISCONNECTED,
117 MGMT_EV_CONNECT_FAILED,
118 MGMT_EV_PIN_CODE_REQUEST,
119 MGMT_EV_USER_CONFIRM_REQUEST,
120 MGMT_EV_USER_PASSKEY_REQUEST,
121 MGMT_EV_AUTH_FAILED,
122 MGMT_EV_DEVICE_FOUND,
123 MGMT_EV_DISCOVERING,
124 MGMT_EV_DEVICE_BLOCKED,
125 MGMT_EV_DEVICE_UNBLOCKED,
126 MGMT_EV_DEVICE_UNPAIRED,
92a25256 127 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 128 MGMT_EV_NEW_IRK,
7ee4ea36 129 MGMT_EV_NEW_CSRK,
8afef092
MH		 130 MGMT_EV_DEVICE_ADDED,
131 MGMT_EV_DEVICE_REMOVED,
ffb5a827 132 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 133 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 134 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 135 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 136 MGMT_EV_EXT_INDEX_ADDED,
137 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 138 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 139 MGMT_EV_ADVERTISING_ADDED,
140 MGMT_EV_ADVERTISING_REMOVED,
e70bb2e8
JH		 141};
142
17b02e62 143#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 144
d25b78e2
JH		 145#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
146 "\x00\x00\x00\x00\x00\x00\x00\x00"
147
ca69b795
JH		 148/* HCI to MGMT error code conversion table */
149static u8 mgmt_status_table[] = {
150 MGMT_STATUS_SUCCESS,
151 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
152 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
153 MGMT_STATUS_FAILED, /* Hardware Failure */
154 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
155 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 156 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 157 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
158 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
159 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
160 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
161 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
162 MGMT_STATUS_BUSY, /* Command Disallowed */
163 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
164 MGMT_STATUS_REJECTED, /* Rejected Security */
165 MGMT_STATUS_REJECTED, /* Rejected Personal */
166 MGMT_STATUS_TIMEOUT, /* Host Timeout */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
168 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
169 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
170 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
171 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
172 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
173 MGMT_STATUS_BUSY, /* Repeated Attempts */
174 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
175 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
176 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
177 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
178 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
179 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
180 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
181 MGMT_STATUS_FAILED, /* Unspecified Error */
182 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
183 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
184 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
185 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
186 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
187 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
188 MGMT_STATUS_FAILED, /* Unit Link Key Used */
189 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
190 MGMT_STATUS_TIMEOUT, /* Instant Passed */
191 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
192 MGMT_STATUS_FAILED, /* Transaction Collision */
193 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
194 MGMT_STATUS_REJECTED, /* QoS Rejected */
195 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
196 MGMT_STATUS_REJECTED, /* Insufficient Security */
197 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
198 MGMT_STATUS_BUSY, /* Role Switch Pending */
199 MGMT_STATUS_FAILED, /* Slot Violation */
200 MGMT_STATUS_FAILED, /* Role Switch Failed */
201 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
202 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
203 MGMT_STATUS_BUSY, /* Host Busy Pairing */
204 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
205 MGMT_STATUS_BUSY, /* Controller Busy */
206 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
207 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
208 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
209 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
210 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
211};
212
213static u8 mgmt_status(u8 hci_status)
214{
215 if (hci_status < ARRAY_SIZE(mgmt_status_table))
216 return mgmt_status_table[hci_status];
217
218 return MGMT_STATUS_FAILED;
219}
220
c08b1a1d
MH		 221static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
222 u16 len, int flag)
f9207338 223{
c08b1a1d
MH		 224 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
225 flag, NULL);
f9207338
MH		 226}
227
72000df2
MH		 228static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
229 u16 len, int flag, struct sock *skip_sk)
230{
231 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
232 flag, skip_sk);
233}
234
f6b7712e
MH		 235static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
236 u16 len, struct sock *skip_sk)
237{
238 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
239 HCI_MGMT_GENERIC_EVENTS, skip_sk);
240}
241
7a00ff44
JH		 242static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
243 struct sock *skip_sk)
244{
245 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 246 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 247}
248
04124681
GP		 249static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
250 u16 data_len)
a38528f1
JH		 251{
252 struct mgmt_rp_read_version rp;
253
254 BT_DBG("sock %p", sk);
255
256 rp.version = MGMT_VERSION;
dcf4adbf 257 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 258
2a1afb5a
JH		 259 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
260 &rp, sizeof(rp));
a38528f1
JH		 261}
262
04124681
GP		 263static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
264 u16 data_len)
e70bb2e8
JH		 265{
266 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 267 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
268 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 269 __le16 *opcode;
e70bb2e8
JH		 270 size_t rp_size;
271 int i, err;
272
273 BT_DBG("sock %p", sk);
274
275 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
276
277 rp = kmalloc(rp_size, GFP_KERNEL);
278 if (!rp)
279 return -ENOMEM;
280
dcf4adbf
JP		 281 rp->num_commands = cpu_to_le16(num_commands);
282 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 283
284 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
285 put_unaligned_le16(mgmt_commands[i], opcode);
286
287 for (i = 0; i < num_events; i++, opcode++)
288 put_unaligned_le16(mgmt_events[i], opcode);
289
2a1afb5a
JH		 290 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
291 rp, rp_size);
e70bb2e8
JH		 292 kfree(rp);
293
294 return err;
295}
296
04124681
GP		 297static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
298 u16 data_len)
faba42eb 299{
faba42eb 300 struct mgmt_rp_read_index_list *rp;
8035ded4 301 struct hci_dev *d;
a38528f1 302 size_t rp_len;
faba42eb 303 u16 count;
476e44cb 304 int err;
faba42eb
JH		 305
306 BT_DBG("sock %p", sk);
307
308 read_lock(&hci_dev_list_lock);
309
310 count = 0;
bb4b2a9a 311 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 312 if (d->dev_type == HCI_BREDR &&
d7a5a11d 313 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 314 count++;
faba42eb
JH		 315 }
316
a38528f1
JH		 317 rp_len = sizeof(*rp) + (2 * count);
318 rp = kmalloc(rp_len, GFP_ATOMIC);
319 if (!rp) {
b2c60d42 320 read_unlock(&hci_dev_list_lock);
faba42eb 321 return -ENOMEM;
b2c60d42 322 }
faba42eb 323
476e44cb 324 count = 0;
8035ded4 325 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 326 if (hci_dev_test_flag(d, HCI_SETUP) ||
327 hci_dev_test_flag(d, HCI_CONFIG) ||
328 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 329 continue;
330
73d1df2a
MH		 331 /* Devices marked as raw-only are neither configured
332 * nor unconfigured controllers.
333 */
334 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 335 continue;
336
73d1df2a 337 if (d->dev_type == HCI_BREDR &&
d7a5a11d 338 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 339 rp->index[count++] = cpu_to_le16(d->id);
340 BT_DBG("Added hci%u", d->id);
341 }
faba42eb
JH		 342 }
343
476e44cb
JH		 344 rp->num_controllers = cpu_to_le16(count);
345 rp_len = sizeof(*rp) + (2 * count);
346
faba42eb
JH		 347 read_unlock(&hci_dev_list_lock);
348
2a1afb5a
JH		 349 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
350 0, rp, rp_len);
faba42eb 351
a38528f1
JH		 352 kfree(rp);
353
354 return err;
faba42eb
JH		 355}
356
73d1df2a
MH		 357static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
358 void *data, u16 data_len)
359{
360 struct mgmt_rp_read_unconf_index_list *rp;
361 struct hci_dev *d;
362 size_t rp_len;
363 u16 count;
364 int err;
365
366 BT_DBG("sock %p", sk);
367
368 read_lock(&hci_dev_list_lock);
369
370 count = 0;
371 list_for_each_entry(d, &hci_dev_list, list) {
372 if (d->dev_type == HCI_BREDR &&
d7a5a11d 373 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 374 count++;
375 }
376
377 rp_len = sizeof(*rp) + (2 * count);
378 rp = kmalloc(rp_len, GFP_ATOMIC);
379 if (!rp) {
380 read_unlock(&hci_dev_list_lock);
381 return -ENOMEM;
382 }
383
384 count = 0;
385 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 386 if (hci_dev_test_flag(d, HCI_SETUP) ||
387 hci_dev_test_flag(d, HCI_CONFIG) ||
388 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 389 continue;
390
391 /* Devices marked as raw-only are neither configured
392 * nor unconfigured controllers.
393 */
394 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
395 continue;
396
397 if (d->dev_type == HCI_BREDR &&
d7a5a11d 398 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 399 rp->index[count++] = cpu_to_le16(d->id);
400 BT_DBG("Added hci%u", d->id);
401 }
402 }
403
404 rp->num_controllers = cpu_to_le16(count);
405 rp_len = sizeof(*rp) + (2 * count);
406
407 read_unlock(&hci_dev_list_lock);
408
2a1afb5a
JH		 409 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
410 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 411
412 kfree(rp);
413
414 return err;
415}
416
96f1474a
MH		 417static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
418 void *data, u16 data_len)
419{
420 struct mgmt_rp_read_ext_index_list *rp;
421 struct hci_dev *d;
422 size_t rp_len;
423 u16 count;
424 int err;
425
426 BT_DBG("sock %p", sk);
427
428 read_lock(&hci_dev_list_lock);
429
430 count = 0;
431 list_for_each_entry(d, &hci_dev_list, list) {
432 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
433 count++;
434 }
435
436 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
437 rp = kmalloc(rp_len, GFP_ATOMIC);
438 if (!rp) {
439 read_unlock(&hci_dev_list_lock);
440 return -ENOMEM;
441 }
442
443 count = 0;
444 list_for_each_entry(d, &hci_dev_list, list) {
445 if (hci_dev_test_flag(d, HCI_SETUP) ||
446 hci_dev_test_flag(d, HCI_CONFIG) ||
447 hci_dev_test_flag(d, HCI_USER_CHANNEL))
448 continue;
449
450 /* Devices marked as raw-only are neither configured
451 * nor unconfigured controllers.
452 */
453 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
454 continue;
455
456 if (d->dev_type == HCI_BREDR) {
457 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
458 rp->entry[count].type = 0x01;
459 else
460 rp->entry[count].type = 0x00;
461 } else if (d->dev_type == HCI_AMP) {
462 rp->entry[count].type = 0x02;
463 } else {
464 continue;
465 }
466
467 rp->entry[count].bus = d->bus;
468 rp->entry[count++].index = cpu_to_le16(d->id);
469 BT_DBG("Added hci%u", d->id);
470 }
471
472 rp->num_controllers = cpu_to_le16(count);
473 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
474
475 read_unlock(&hci_dev_list_lock);
476
477 /* If this command is called at least once, then all the
478 * default index and unconfigured index events are disabled
479 * and from now on only extended index events are used.
480 */
481 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
482 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
483 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
484
485 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
486 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
487
488 kfree(rp);
489
490 return err;
491}
492
dbece37a
MH		 493static bool is_configured(struct hci_dev *hdev)
494{
495 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 496 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 497 return false;
498
499 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
500 !bacmp(&hdev->public_addr, BDADDR_ANY))
501 return false;
502
503 return true;
504}
505
89bc22d2
MH		 506static __le32 get_missing_options(struct hci_dev *hdev)
507{
508 u32 options = 0;
509
dbece37a 510 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 511 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 512 options |= MGMT_OPTION_EXTERNAL_CONFIG;
513
89bc22d2
MH		 514 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
515 !bacmp(&hdev->public_addr, BDADDR_ANY))
516 options |= MGMT_OPTION_PUBLIC_ADDRESS;
517
518 return cpu_to_le32(options);
519}
520
f4537c04
MH		 521static int new_options(struct hci_dev *hdev, struct sock *skip)
522{
523 __le32 options = get_missing_options(hdev);
524
f6b7712e
MH		 525 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
526 sizeof(options), skip);
f4537c04
MH		 527}
528
dbece37a
MH		 529static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
530{
531 __le32 options = get_missing_options(hdev);
532
2a1afb5a
JH		 533 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
534 sizeof(options));
dbece37a
MH		 535}
536
9fc3bfb6
MH		 537static int read_config_info(struct sock *sk, struct hci_dev *hdev,
538 void *data, u16 data_len)
539{
540 struct mgmt_rp_read_config_info rp;
89bc22d2 541 u32 options = 0;
9fc3bfb6
MH		 542
543 BT_DBG("sock %p %s", sk, hdev->name);
544
545 hci_dev_lock(hdev);
546
547 memset(&rp, 0, sizeof(rp));
548 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 549
eb1904f4
MH		 550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
551 options |= MGMT_OPTION_EXTERNAL_CONFIG;
552
9fc3bfb6 553 if (hdev->set_bdaddr)
89bc22d2
MH		 554 options |= MGMT_OPTION_PUBLIC_ADDRESS;
555
556 rp.supported_options = cpu_to_le32(options);
557 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 558
559 hci_dev_unlock(hdev);
560
2a1afb5a
JH		 561 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
562 &rp, sizeof(rp));
9fc3bfb6
MH		 563}
564
69ab39ea
JH		 565static u32 get_supported_settings(struct hci_dev *hdev)
566{
567 u32 settings = 0;
568
569 settings |= MGMT_SETTING_POWERED;
b2939475 570 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 571 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 572 settings |= MGMT_SETTING_CONNECTABLE;
573 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 574
ed3fa31f 575 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 576 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
577 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 578 settings |= MGMT_SETTING_BREDR;
579 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 580
581 if (lmp_ssp_capable(hdev)) {
582 settings |= MGMT_SETTING_SSP;
583 settings |= MGMT_SETTING_HS;
584 }
e98d2ce2 585
05b3c3e7 586 if (lmp_sc_capable(hdev))
e98d2ce2 587 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 588 }
d7b7e796 589
eeca6f89 590 if (lmp_le_capable(hdev)) {
9d42820f 591 settings |= MGMT_SETTING_LE;
eeca6f89 592 settings |= MGMT_SETTING_ADVERTISING;
a3209694 593 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 594 settings |= MGMT_SETTING_PRIVACY;
93690c22 595 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 596 }
69ab39ea 597
eb1904f4
MH		 598 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
599 hdev->set_bdaddr)
9fc3bfb6
MH		 600 settings |= MGMT_SETTING_CONFIGURATION;
601
69ab39ea
JH		 602 return settings;
603}
604
605static u32 get_current_settings(struct hci_dev *hdev)
606{
607 u32 settings = 0;
608
f1f0eb02 609 if (hdev_is_powered(hdev))
f0d4b78a
MH		 610 settings |= MGMT_SETTING_POWERED;
611
d7a5a11d 612 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 613 settings |= MGMT_SETTING_CONNECTABLE;
614
d7a5a11d 615 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 616 settings |= MGMT_SETTING_FAST_CONNECTABLE;
617
d7a5a11d 618 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 619 settings |= MGMT_SETTING_DISCOVERABLE;
620
d7a5a11d 621 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 622 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 623
d7a5a11d 624 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 625 settings |= MGMT_SETTING_BREDR;
626
d7a5a11d 627 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 628 settings |= MGMT_SETTING_LE;
629
d7a5a11d 630 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 631 settings |= MGMT_SETTING_LINK_SECURITY;
632
d7a5a11d 633 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 634 settings |= MGMT_SETTING_SSP;
635
d7a5a11d 636 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 637 settings |= MGMT_SETTING_HS;
638
d7a5a11d 639 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 640 settings |= MGMT_SETTING_ADVERTISING;
641
d7a5a11d 642 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 643 settings |= MGMT_SETTING_SECURE_CONN;
644
d7a5a11d 645 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 646 settings |= MGMT_SETTING_DEBUG_KEYS;
647
d7a5a11d 648 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 649 settings |= MGMT_SETTING_PRIVACY;
650
93690c22
MH		 651 /* The current setting for static address has two purposes. The
652 * first is to indicate if the static address will be used and
653 * the second is to indicate if it is actually set.
654 *
655 * This means if the static address is not configured, this flag
656 * will never bet set. If the address is configured, then if the
657 * address is actually used decides if the flag is set or not.
658 *
659 * For single mode LE only controllers and dual-mode controllers
660 * with BR/EDR disabled, the existence of the static address will
661 * be evaluated.
662 */
b7cb93e5 663 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 664 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 665 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
666 if (bacmp(&hdev->static_addr, BDADDR_ANY))
667 settings |= MGMT_SETTING_STATIC_ADDRESS;
668 }
669
69ab39ea
JH		 670 return settings;
671}
672
ef580372
JH		 673#define PNP_INFO_SVCLASS_ID 0x1200
674
213202ed
JH		 675static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
676{
677 u8 *ptr = data, *uuids_start = NULL;
678 struct bt_uuid *uuid;
679
680 if (len < 4)
681 return ptr;
682
683 list_for_each_entry(uuid, &hdev->uuids, list) {
684 u16 uuid16;
685
686 if (uuid->size != 16)
687 continue;
688
689 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
690 if (uuid16 < 0x1100)
691 continue;
692
693 if (uuid16 == PNP_INFO_SVCLASS_ID)
694 continue;
695
696 if (!uuids_start) {
697 uuids_start = ptr;
698 uuids_start[0] = 1;
699 uuids_start[1] = EIR_UUID16_ALL;
700 ptr += 2;
701 }
702
703 /* Stop if not enough space to put next UUID */
704 if ((ptr - data) + sizeof(u16) > len) {
705 uuids_start[1] = EIR_UUID16_SOME;
706 break;
707 }
708
709 *ptr++ = (uuid16 & 0x00ff);
710 *ptr++ = (uuid16 & 0xff00) >> 8;
711 uuids_start[0] += sizeof(uuid16);
712 }
713
714 return ptr;
715}
716
cdf1963f
JH		 717static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
718{
719 u8 *ptr = data, *uuids_start = NULL;
720 struct bt_uuid *uuid;
721
722 if (len < 6)
723 return ptr;
724
725 list_for_each_entry(uuid, &hdev->uuids, list) {
726 if (uuid->size != 32)
727 continue;
728
729 if (!uuids_start) {
730 uuids_start = ptr;
731 uuids_start[0] = 1;
732 uuids_start[1] = EIR_UUID32_ALL;
733 ptr += 2;
734 }
735
736 /* Stop if not enough space to put next UUID */
737 if ((ptr - data) + sizeof(u32) > len) {
738 uuids_start[1] = EIR_UUID32_SOME;
739 break;
740 }
741
742 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
743 ptr += sizeof(u32);
744 uuids_start[0] += sizeof(u32);
745 }
746
747 return ptr;
748}
749
c00d575b
JH		 750static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
751{
752 u8 *ptr = data, *uuids_start = NULL;
753 struct bt_uuid *uuid;
754
755 if (len < 18)
756 return ptr;
757
758 list_for_each_entry(uuid, &hdev->uuids, list) {
759 if (uuid->size != 128)
760 continue;
761
762 if (!uuids_start) {
763 uuids_start = ptr;
764 uuids_start[0] = 1;
765 uuids_start[1] = EIR_UUID128_ALL;
766 ptr += 2;
767 }
768
769 /* Stop if not enough space to put next UUID */
770 if ((ptr - data) + 16 > len) {
771 uuids_start[1] = EIR_UUID128_SOME;
772 break;
773 }
774
775 memcpy(ptr, uuid->uuid, 16);
776 ptr += 16;
777 uuids_start[0] += 16;
778 }
779
780 return ptr;
781}
782
333ae95d
JH		 783static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
784{
785 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
786}
787
333ae95d
JH		 788static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
789 struct hci_dev *hdev,
790 const void *data)
791{
792 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
793}
794
f14d8f64
MH		 795static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
796{
7a5f4990
MH		 797 u8 ad_len = 0;
798 size_t name_len;
799
800 name_len = strlen(hdev->dev_name);
801 if (name_len > 0) {
802 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
803
804 if (name_len > max_len) {
805 name_len = max_len;
806 ptr[1] = EIR_NAME_SHORT;
807 } else
808 ptr[1] = EIR_NAME_COMPLETE;
809
810 ptr[0] = name_len + 1;
811
812 memcpy(ptr + 2, hdev->dev_name, name_len);
813
814 ad_len += (name_len + 2);
815 ptr += (name_len + 2);
816 }
817
818 return ad_len;
f14d8f64
MH		 819}
820
821static void update_scan_rsp_data(struct hci_request *req)
822{
823 struct hci_dev *hdev = req->hdev;
824 struct hci_cp_le_set_scan_rsp_data cp;
825 u8 len;
826
d7a5a11d 827 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
f14d8f64
MH		 828 return;
829
830 memset(&cp, 0, sizeof(cp));
831
832 len = create_scan_rsp_data(hdev, cp.data);
833
eb438b5f
JH		 834 if (hdev->scan_rsp_data_len == len &&
835 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 836 return;
837
eb438b5f
JH		 838 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
839 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 840
841 cp.length = len;
842
843 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
844}
845
9a43e25f
JH		 846static u8 get_adv_discov_flags(struct hci_dev *hdev)
847{
3b0602cd 848 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 849
850 /* If there's a pending mgmt command the flags will not yet have
851 * their final values, so check for this first.
852 */
333ae95d 853 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 854 if (cmd) {
855 struct mgmt_mode *cp = cmd->param;
856 if (cp->val == 0x01)
857 return LE_AD_GENERAL;
858 else if (cp->val == 0x02)
859 return LE_AD_LIMITED;
860 } else {
d7a5a11d 861 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 862 return LE_AD_LIMITED;
d7a5a11d 863 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 864 return LE_AD_GENERAL;
865 }
866
867 return 0;
868}
869
24b4f38f 870static u8 create_default_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 871{
872 u8 ad_len = 0, flags = 0;
441ad2d0 873
9a43e25f 874 flags |= get_adv_discov_flags(hdev);
441ad2d0 875
d7a5a11d 876 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
441ad2d0 877 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 878
879 if (flags) {
880 BT_DBG("adv flags 0x%02x", flags);
881
882 ptr[0] = 2;
883 ptr[1] = EIR_FLAGS;
884 ptr[2] = flags;
885
886 ad_len += 3;
887 ptr += 3;
888 }
889
890 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
891 ptr[0] = 2;
892 ptr[1] = EIR_TX_POWER;
893 ptr[2] = (u8) hdev->adv_tx_power;
894
895 ad_len += 3;
896 ptr += 3;
897 }
898
441ad2d0
MH		 899 return ad_len;
900}
901
24b4f38f
AU		 902static u8 create_instance_adv_data(struct hci_dev *hdev, u8 *ptr)
903{
904 /* TODO: Set the appropriate entries based on advertising instance flags
905 * here once flags other than 0 are supported.
906 */
907 memcpy(ptr, hdev->adv_instance.adv_data,
908 hdev->adv_instance.adv_data_len);
909
910 return hdev->adv_instance.adv_data_len;
911}
912
913static void update_adv_data_for_instance(struct hci_request *req, u8 instance)
441ad2d0
MH		 914{
915 struct hci_dev *hdev = req->hdev;
916 struct hci_cp_le_set_adv_data cp;
917 u8 len;
918
d7a5a11d 919 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
441ad2d0
MH		 920 return;
921
922 memset(&cp, 0, sizeof(cp));
923
24b4f38f
AU		 924 if (instance)
925 len = create_instance_adv_data(hdev, cp.data);
926 else
927 len = create_default_adv_data(hdev, cp.data);
441ad2d0 928
24b4f38f 929 /* There's nothing to do if the data hasn't changed */
441ad2d0
MH		 930 if (hdev->adv_data_len == len &&
931 memcmp(cp.data, hdev->adv_data, len) == 0)
932 return;
933
934 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
935 hdev->adv_data_len = len;
936
937 cp.length = len;
938
939 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
940}
941
24b4f38f
AU		 942static void update_adv_data(struct hci_request *req)
943{
944 struct hci_dev *hdev = req->hdev;
945 u8 instance;
946
947 /* The "Set Advertising" setting supersedes the "Add Advertising"
948 * setting. Here we set the advertising data based on which
949 * setting was set. When neither apply, default to the global settings,
950 * represented by instance "0".
951 */
952 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
953 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
954 instance = 0x01;
955 else
956 instance = 0x00;
957
958 update_adv_data_for_instance(req, instance);
959}
960
bc6d2d04
JH		 961int mgmt_update_adv_data(struct hci_dev *hdev)
962{
963 struct hci_request req;
964
965 hci_req_init(&req, hdev);
966 update_adv_data(&req);
967
968 return hci_req_run(&req, NULL);
969}
970
ef580372
JH		 971static void create_eir(struct hci_dev *hdev, u8 *data)
972{
973 u8 *ptr = data;
ef580372
JH		 974 size_t name_len;
975
976 name_len = strlen(hdev->dev_name);
977
978 if (name_len > 0) {
979 /* EIR Data type */
980 if (name_len > 48) {
981 name_len = 48;
982 ptr[1] = EIR_NAME_SHORT;
983 } else
984 ptr[1] = EIR_NAME_COMPLETE;
985
986 /* EIR Data length */
987 ptr[0] = name_len + 1;
988
989 memcpy(ptr + 2, hdev->dev_name, name_len);
990
ef580372
JH		 991 ptr += (name_len + 2);
992 }
993
bbaf444a 994 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 995 ptr[0] = 2;
996 ptr[1] = EIR_TX_POWER;
997 ptr[2] = (u8) hdev->inq_tx_power;
998
91c4e9b1
MH		 999 ptr += 3;
1000 }
1001
2b9be137
MH		 1002 if (hdev->devid_source > 0) {
1003 ptr[0] = 9;
1004 ptr[1] = EIR_DEVICE_ID;
1005
1006 put_unaligned_le16(hdev->devid_source, ptr + 2);
1007 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1008 put_unaligned_le16(hdev->devid_product, ptr + 6);
1009 put_unaligned_le16(hdev->devid_version, ptr + 8);
1010
2b9be137
MH		 1011 ptr += 10;
1012 }
1013
213202ed 1014 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 1015 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 1016 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 1017}
1018
890ea898 1019static void update_eir(struct hci_request *req)
ef580372 1020{
890ea898 1021 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1022 struct hci_cp_write_eir cp;
1023
504c8dcd 1024 if (!hdev_is_powered(hdev))
890ea898 1025 return;
7770c4aa 1026
976eb20e 1027 if (!lmp_ext_inq_capable(hdev))
890ea898 1028 return;
ef580372 1029
d7a5a11d 1030 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
890ea898 1031 return;
ef580372 1032
d7a5a11d 1033 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1034 return;
ef580372
JH		 1035
1036 memset(&cp, 0, sizeof(cp));
1037
1038 create_eir(hdev, cp.data);
1039
1040 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 1041 return;
ef580372
JH		 1042
1043 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1044
890ea898 1045 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 1046}
1047
1048static u8 get_service_classes(struct hci_dev *hdev)
1049{
1050 struct bt_uuid *uuid;
1051 u8 val = 0;
1052
1053 list_for_each_entry(uuid, &hdev->uuids, list)
1054 val |= uuid->svc_hint;
1055
1056 return val;
1057}
1058
890ea898 1059static void update_class(struct hci_request *req)
ef580372 1060{
890ea898 1061 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1062 u8 cod[3];
1063
1064 BT_DBG("%s", hdev->name);
1065
504c8dcd 1066 if (!hdev_is_powered(hdev))
890ea898 1067 return;
7770c4aa 1068
d7a5a11d 1069 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
f87ea1da
JH		 1070 return;
1071
d7a5a11d 1072 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1073 return;
ef580372
JH		 1074
1075 cod[0] = hdev->minor_class;
1076 cod[1] = hdev->major_class;
1077 cod[2] = get_service_classes(hdev);
1078
d7a5a11d 1079 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
6acd7db4
MH		 1080 cod[1] |= 0x20;
1081
ef580372 1082 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1083 return;
ef580372 1084
890ea898 1085 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1086}
1087
a4858cb9 1088static bool get_connectable(struct hci_dev *hdev)
199a2fb1 1089{
3b0602cd 1090 struct mgmt_pending_cmd *cmd;
199a2fb1
JH		 1091
1092 /* If there's a pending mgmt command the flag will not yet have
1093 * it's final value, so check for this first.
1094 */
333ae95d 1095 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
199a2fb1
JH		 1096 if (cmd) {
1097 struct mgmt_mode *cp = cmd->param;
a4858cb9 1098 return cp->val;
199a2fb1
JH		 1099 }
1100
d7a5a11d 1101 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
199a2fb1
JH		 1102}
1103
0ec5ae84
JH		 1104static void disable_advertising(struct hci_request *req)
1105{
1106 u8 enable = 0x00;
1107
1108 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1109}
1110
199a2fb1
JH		 1111static void enable_advertising(struct hci_request *req)
1112{
1113 struct hci_dev *hdev = req->hdev;
1114 struct hci_cp_le_set_adv_param cp;
8f2a0601 1115 u8 own_addr_type, enable = 0x01;
a4858cb9 1116 bool connectable;
199a2fb1 1117
0ec5ae84
JH		 1118 if (hci_conn_num(hdev, LE_LINK) > 0)
1119 return;
1120
d7a5a11d 1121 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
0ec5ae84
JH		 1122 disable_advertising(req);
1123
5ce194c4 1124 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1125 * hci_update_random_address knows that it's safe to go ahead
1126 * and write a new random address. The flag will be set back on
1127 * as soon as the SET_ADV_ENABLE HCI command completes.
1128 */
a358dc11 1129 hci_dev_clear_flag(hdev, HCI_LE_ADV);
8d97250e 1130
d7a5a11d 1131 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
cc91cb04
MH		 1132 connectable = true;
1133 else
1134 connectable = get_connectable(hdev);
8f2a0601 1135
a4858cb9
JH		 1136 /* Set require_privacy to true only when non-connectable
1137 * advertising is used. In that case it is fine to use a
1138 * non-resolvable private address.
1139 */
1140 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1141 return;
1142
41c90c18 1143 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1144 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1145 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1146 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1147 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1148 cp.channel_map = hdev->le_adv_channel_map;
1149
1150 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1151
1152 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1153}
1154
7d78525d
JH		 1155static void service_cache_off(struct work_struct *work)
1156{
1157 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1158 service_cache.work);
890ea898 1159 struct hci_request req;
7d78525d 1160
a69d8927 1161 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 1162 return;
1163
890ea898
JH		 1164 hci_req_init(&req, hdev);
1165
7d78525d
JH		 1166 hci_dev_lock(hdev);
1167
890ea898
JH		 1168 update_eir(&req);
1169 update_class(&req);
7d78525d
JH		 1170
1171 hci_dev_unlock(hdev);
890ea898
JH		 1172
1173 hci_req_run(&req, NULL);
7d78525d
JH		 1174}
1175
d6bfd59c
JH		 1176static void rpa_expired(struct work_struct *work)
1177{
1178 struct hci_dev *hdev = container_of(work, struct hci_dev,
1179 rpa_expired.work);
1180 struct hci_request req;
1181
1182 BT_DBG("");
1183
a1536da2 1184 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 1185
d7a5a11d 1186 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 1187 return;
1188
1189 /* The generation of a new RPA and programming it into the
1190 * controller happens in the enable_advertising() function.
1191 */
d6bfd59c 1192 hci_req_init(&req, hdev);
d6bfd59c 1193 enable_advertising(&req);
d6bfd59c
JH		 1194 hci_req_run(&req, NULL);
1195}
1196
6a919082 1197static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1198{
238be788 1199 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 1200 return;
1201
4f87da80 1202 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1203 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1204
4f87da80
JH		 1205 /* Non-mgmt controlled devices get this bit set
1206 * implicitly so that pairing works for them, however
1207 * for mgmt we require user-space to explicitly enable
1208 * it
1209 */
a358dc11 1210 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 1211}
1212
0f4e68cf 1213static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1214 void *data, u16 data_len)
0381101f 1215{
a38528f1 1216 struct mgmt_rp_read_info rp;
f7b64e69 1217
bdb6d971 1218 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1219
09fd0de5 1220 hci_dev_lock(hdev);
f7b64e69 1221
dc4fe30b
JH		 1222 memset(&rp, 0, sizeof(rp));
1223
69ab39ea 1224 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1225
69ab39ea 1226 rp.version = hdev->hci_ver;
eb55ef07 1227 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1228
1229 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1230 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1231
a38528f1 1232 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1233
dc4fe30b 1234 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1235 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1236
09fd0de5 1237 hci_dev_unlock(hdev);
0381101f 1238
2a1afb5a
JH		 1239 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1240 sizeof(rp));
0381101f
JH		 1241}
1242
69ab39ea 1243static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1244{
69ab39ea 1245 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1246
2a1afb5a
JH		 1247 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1248 sizeof(settings));
8680570b
JH		 1249}
1250
1904a853 1251static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1252{
1253 BT_DBG("%s status 0x%02x", hdev->name, status);
1254
a3172b7e
JH		 1255 if (hci_conn_count(hdev) == 0) {
1256 cancel_delayed_work(&hdev->power_off);
8b064a3a 1257 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1258 }
8b064a3a
JH		 1259}
1260
23a48093 1261static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1262{
1263 struct hci_dev *hdev = req->hdev;
1264 struct hci_cp_remote_name_req_cancel cp;
1265 struct inquiry_entry *e;
1266
1267 switch (hdev->discovery.state) {
1268 case DISCOVERY_FINDING:
07d2334a 1269 if (test_bit(HCI_INQUIRY, &hdev->flags))
21a60d30 1270 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
07d2334a
JP		 1271
1272 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
21a60d30
JH		 1273 cancel_delayed_work(&hdev->le_scan_disable);
1274 hci_req_add_le_scan_disable(req);
1275 }
1276
23a48093 1277 return true;
21a60d30
JH		 1278
1279 case DISCOVERY_RESOLVING:
1280 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1281 NAME_PENDING);
1282 if (!e)
23a48093 1283 break;
21a60d30
JH		 1284
1285 bacpy(&cp.bdaddr, &e->data.bdaddr);
1286 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1287 &cp);
1288
23a48093 1289 return true;
21a60d30
JH		 1290
1291 default:
1292 /* Passive scanning */
d7a5a11d 1293 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
21a60d30 1294 hci_req_add_le_scan_disable(req);
23a48093
JH		 1295 return true;
1296 }
1297
21a60d30
JH		 1298 break;
1299 }
23a48093
JH		 1300
1301 return false;
21a60d30
JH		 1302}
1303
8b064a3a
JH		 1304static int clean_up_hci_state(struct hci_dev *hdev)
1305{
1306 struct hci_request req;
1307 struct hci_conn *conn;
23a48093
JH		 1308 bool discov_stopped;
1309 int err;
8b064a3a
JH		 1310
1311 hci_req_init(&req, hdev);
1312
1313 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1314 test_bit(HCI_PSCAN, &hdev->flags)) {
1315 u8 scan = 0x00;
1316 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1317 }
1318
d7a5a11d 1319 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
8b064a3a
JH		 1320 disable_advertising(&req);
1321
23a48093 1322 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1323
1324 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1325 struct hci_cp_disconnect dc;
c9910d0f
JH		 1326 struct hci_cp_reject_conn_req rej;
1327
1328 switch (conn->state) {
1329 case BT_CONNECTED:
1330 case BT_CONFIG:
1331 dc.handle = cpu_to_le16(conn->handle);
1332 dc.reason = 0x15; /* Terminated due to Power Off */
1333 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1334 break;
1335 case BT_CONNECT:
1336 if (conn->type == LE_LINK)
1337 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1338 0, NULL);
1339 else if (conn->type == ACL_LINK)
1340 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1341 6, &conn->dst);
1342 break;
1343 case BT_CONNECT2:
1344 bacpy(&rej.bdaddr, &conn->dst);
1345 rej.reason = 0x15; /* Terminated due to Power Off */
1346 if (conn->type == ACL_LINK)
1347 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1348 sizeof(rej), &rej);
1349 else if (conn->type == SCO_LINK)
1350 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1351 sizeof(rej), &rej);
1352 break;
1353 }
8b064a3a
JH		 1354 }
1355
23a48093
JH		 1356 err = hci_req_run(&req, clean_up_hci_complete);
1357 if (!err && discov_stopped)
1358 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1359
1360 return err;
8b064a3a
JH		 1361}
1362
bdb6d971 1363static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1364 u16 len)
eec8d2bc 1365{
650f726d 1366 struct mgmt_mode *cp = data;
3b0602cd 1367 struct mgmt_pending_cmd *cmd;
4b34ee78 1368 int err;
eec8d2bc 1369
bdb6d971 1370 BT_DBG("request for %s", hdev->name);
eec8d2bc 1371
a7e80f25 1372 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1373 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1374 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1375
09fd0de5 1376 hci_dev_lock(hdev);
eec8d2bc 1377
333ae95d 1378 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1379 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1380 MGMT_STATUS_BUSY);
87b95ba6
JH		 1381 goto failed;
1382 }
1383
a69d8927 1384 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
f0d4b78a
MH		 1385 cancel_delayed_work(&hdev->power_off);
1386
1387 if (cp->val) {
a1d70450
JH		 1388 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1389 data, len);
1390 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1391 goto failed;
1392 }
1393 }
1394
4b34ee78 1395 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1396 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1397 goto failed;
1398 }
1399
2e58ef3e 1400 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1401 if (!cmd) {
1402 err = -ENOMEM;
eec8d2bc 1403 goto failed;
366a0336 1404 }
eec8d2bc 1405
8b064a3a 1406 if (cp->val) {
19202573 1407 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1408 err = 0;
1409 } else {
1410 /* Disconnect connections, stop scans, etc */
1411 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1412 if (!err)
1413 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1414 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1415
8b064a3a
JH		 1416 /* ENODATA means there were no HCI commands queued */
1417 if (err == -ENODATA) {
a3172b7e 1418 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1419 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1420 err = 0;
1421 }
1422 }
eec8d2bc
JH		 1423
1424failed:
09fd0de5 1425 hci_dev_unlock(hdev);
366a0336 1426 return err;
eec8d2bc
JH		 1427}
1428
beadb2bd
JH		 1429static int new_settings(struct hci_dev *hdev, struct sock *skip)
1430{
f6b7712e 1431 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1432
f6b7712e
MH		 1433 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1434 sizeof(ev), skip);
beadb2bd
JH		 1435}
1436
91a668b0
JH		 1437int mgmt_new_settings(struct hci_dev *hdev)
1438{
1439 return new_settings(hdev, NULL);
1440}
1441
bd99abdd
JH		 1442struct cmd_lookup {
1443 struct sock *sk;
1444 struct hci_dev *hdev;
1445 u8 mgmt_status;
1446};
1447
3b0602cd 1448static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1449{
1450 struct cmd_lookup *match = data;
1451
1452 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1453
1454 list_del(&cmd->list);
1455
1456 if (match->sk == NULL) {
1457 match->sk = cmd->sk;
1458 sock_hold(match->sk);
1459 }
1460
1461 mgmt_pending_free(cmd);
1462}
1463
3b0602cd 1464static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1465{
1466 u8 *status = data;
1467
a69e8375 1468 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1469 mgmt_pending_remove(cmd);
1470}
1471
3b0602cd 1472static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1473{
1474 if (cmd->cmd_complete) {
1475 u8 *status = data;
1476
1477 cmd->cmd_complete(cmd, *status);
1478 mgmt_pending_remove(cmd);
1479
1480 return;
1481 }
1482
1483 cmd_status_rsp(cmd, data);
1484}
1485
3b0602cd 1486static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1487{
2a1afb5a
JH		 1488 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1489 cmd->param, cmd->param_len);
f5818c22
JH		 1490}
1491
3b0602cd 1492static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1493{
2a1afb5a
JH		 1494 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1495 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1496}
1497
e6fe7986
JH		 1498static u8 mgmt_bredr_support(struct hci_dev *hdev)
1499{
1500 if (!lmp_bredr_capable(hdev))
1501 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1502 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1503 return MGMT_STATUS_REJECTED;
1504 else
1505 return MGMT_STATUS_SUCCESS;
1506}
1507
1508static u8 mgmt_le_support(struct hci_dev *hdev)
1509{
1510 if (!lmp_le_capable(hdev))
1511 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1512 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1513 return MGMT_STATUS_REJECTED;
1514 else
1515 return MGMT_STATUS_SUCCESS;
1516}
1517
1904a853
MH		 1518static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1519 u16 opcode)
bfaf8c9f 1520{
3b0602cd 1521 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1522 struct mgmt_mode *cp;
970ba524 1523 struct hci_request req;
bfaf8c9f
JH		 1524 bool changed;
1525
1526 BT_DBG("status 0x%02x", status);
1527
1528 hci_dev_lock(hdev);
1529
333ae95d 1530 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1531 if (!cmd)
1532 goto unlock;
1533
1534 if (status) {
1535 u8 mgmt_err = mgmt_status(status);
a69e8375 1536 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1537 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1538 goto remove_cmd;
1539 }
1540
1541 cp = cmd->param;
d4462a07 1542 if (cp->val) {
238be788 1543 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
d4462a07
MH		 1544
1545 if (hdev->discov_timeout > 0) {
1546 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1547 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1548 to);
1549 }
1550 } else {
a69d8927 1551 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
d4462a07 1552 }
bfaf8c9f
JH		 1553
1554 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1555
1556 if (changed)
1557 new_settings(hdev, cmd->sk);
1558
970ba524
MH		 1559 /* When the discoverable mode gets changed, make sure
1560 * that class of device has the limited discoverable
432df05e
JH		 1561 * bit correctly set. Also update page scan based on whitelist
1562 * entries.
970ba524
MH		 1563 */
1564 hci_req_init(&req, hdev);
1d2dc5b7 1565 __hci_update_page_scan(&req);
970ba524
MH		 1566 update_class(&req);
1567 hci_req_run(&req, NULL);
1568
bfaf8c9f
JH		 1569remove_cmd:
1570 mgmt_pending_remove(cmd);
1571
1572unlock:
1573 hci_dev_unlock(hdev);
1574}
1575
bdb6d971 1576static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1577 u16 len)
73f22f62 1578{
650f726d 1579 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1580 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1581 struct hci_request req;
5e5282bb 1582 u16 timeout;
9a43e25f 1583 u8 scan;
73f22f62
JH		 1584 int err;
1585
bdb6d971 1586 BT_DBG("request for %s", hdev->name);
73f22f62 1587
d7a5a11d
MH		 1588 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1589 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1590 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1591 MGMT_STATUS_REJECTED);
33c525c0 1592
310a3d48 1593 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1594 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1595 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1596
1f350c87 1597 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1598
1599 /* Disabling discoverable requires that no timeout is set,
1600 * and enabling limited discoverable requires a timeout.
1601 */
1602 if ((cp->val == 0x00 && timeout > 0) ||
1603 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1604 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1605 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1606
09fd0de5 1607 hci_dev_lock(hdev);
73f22f62 1608
5e5282bb 1609 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1610 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1611 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1612 goto failed;
1613 }
1614
333ae95d
JH		 1615 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1616 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1617 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1618 MGMT_STATUS_BUSY);
73f22f62
JH		 1619 goto failed;
1620 }
1621
d7a5a11d 1622 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1623 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1624 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1625 goto failed;
1626 }
1627
1628 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1629 bool changed = false;
1630
310a3d48
MH		 1631 /* Setting limited discoverable when powered off is
1632 * not a valid operation since it requires a timeout
1633 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1634 */
d7a5a11d 1635 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1636 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1637 changed = true;
1638 }
1639
5e5282bb 1640 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1641 if (err < 0)
1642 goto failed;
1643
1644 if (changed)
1645 err = new_settings(hdev, sk);
1646
5e5282bb
JH		 1647 goto failed;
1648 }
1649
310a3d48
MH		 1650 /* If the current mode is the same, then just update the timeout
1651 * value with the new value. And if only the timeout gets updated,
1652 * then no need for any HCI transactions.
1653 */
d7a5a11d
MH		 1654 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1655 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1656 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1657 cancel_delayed_work(&hdev->discov_off);
1658 hdev->discov_timeout = timeout;
955638ec 1659
36261547
MH		 1660 if (cp->val && hdev->discov_timeout > 0) {
1661 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1662 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1663 to);
955638ec
MH		 1664 }
1665
69ab39ea 1666 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1667 goto failed;
1668 }
1669
2e58ef3e 1670 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1671 if (!cmd) {
1672 err = -ENOMEM;
73f22f62 1673 goto failed;
366a0336 1674 }
73f22f62 1675
310a3d48
MH		 1676 /* Cancel any potential discoverable timeout that might be
1677 * still active and store new timeout value. The arming of
1678 * the timeout happens in the complete handler.
1679 */
1680 cancel_delayed_work(&hdev->discov_off);
1681 hdev->discov_timeout = timeout;
1682
b456f87c
JH		 1683 /* Limited discoverable mode */
1684 if (cp->val == 0x02)
a1536da2 1685 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1686 else
a358dc11 1687 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1688
bfaf8c9f
JH		 1689 hci_req_init(&req, hdev);
1690
9a43e25f
JH		 1691 /* The procedure for LE-only controllers is much simpler - just
1692 * update the advertising data.
1693 */
d7a5a11d 1694 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
9a43e25f
JH		 1695 goto update_ad;
1696
73f22f62
JH		 1697 scan = SCAN_PAGE;
1698
310a3d48
MH		 1699 if (cp->val) {
1700 struct hci_cp_write_current_iac_lap hci_cp;
1701
1702 if (cp->val == 0x02) {
1703 /* Limited discoverable mode */
33337dcb 1704 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1705 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1706 hci_cp.iac_lap[1] = 0x8b;
1707 hci_cp.iac_lap[2] = 0x9e;
1708 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1709 hci_cp.iac_lap[4] = 0x8b;
1710 hci_cp.iac_lap[5] = 0x9e;
1711 } else {
1712 /* General discoverable mode */
310a3d48
MH		 1713 hci_cp.num_iac = 1;
1714 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1715 hci_cp.iac_lap[1] = 0x8b;
1716 hci_cp.iac_lap[2] = 0x9e;
1717 }
1718
1719 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1720 (hci_cp.num_iac * 3) + 1, &hci_cp);
1721
73f22f62 1722 scan |= SCAN_INQUIRY;
310a3d48 1723 } else {
a358dc11 1724 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
310a3d48 1725 }
73f22f62 1726
310a3d48 1727 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1728
9a43e25f
JH		 1729update_ad:
1730 update_adv_data(&req);
1731
bfaf8c9f 1732 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1733 if (err < 0)
a664b5bc 1734 mgmt_pending_remove(cmd);
73f22f62
JH		 1735
1736failed:
09fd0de5 1737 hci_dev_unlock(hdev);
73f22f62
JH		 1738 return err;
1739}
1740
406d7804
JH		 1741static void write_fast_connectable(struct hci_request *req, bool enable)
1742{
bd98b996 1743 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1744 struct hci_cp_write_page_scan_activity acp;
1745 u8 type;
1746
d7a5a11d 1747 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
547003b1
JH		 1748 return;
1749
4c01f8b8
JH		 1750 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1751 return;
1752
406d7804
JH		 1753 if (enable) {
1754 type = PAGE_SCAN_TYPE_INTERLACED;
1755
1756 /* 160 msec page scan interval */
dcf4adbf 1757 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1758 } else {
1759 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1760
1761 /* default 1.28 sec page scan */
dcf4adbf 1762 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1763 }
1764
dcf4adbf 1765 acp.window = cpu_to_le16(0x0012);
406d7804 1766
bd98b996
JH		 1767 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1768 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1769 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1770 sizeof(acp), &acp);
1771
1772 if (hdev->page_scan_type != type)
1773 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1774}
1775
1904a853
MH		 1776static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1777 u16 opcode)
2b76f453 1778{
3b0602cd 1779 struct mgmt_pending_cmd *cmd;
d7b856f9 1780 struct mgmt_mode *cp;
bc6d2d04 1781 bool conn_changed, discov_changed;
2b76f453
JH		 1782
1783 BT_DBG("status 0x%02x", status);
1784
1785 hci_dev_lock(hdev);
1786
333ae95d 1787 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 1788 if (!cmd)
1789 goto unlock;
1790
37438c1f
JH		 1791 if (status) {
1792 u8 mgmt_err = mgmt_status(status);
a69e8375 1793 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1794 goto remove_cmd;
1795 }
1796
d7b856f9 1797 cp = cmd->param;
bc6d2d04 1798 if (cp->val) {
238be788
MH		 1799 conn_changed = !hci_dev_test_and_set_flag(hdev,
1800 HCI_CONNECTABLE);
bc6d2d04
JH		 1801 discov_changed = false;
1802 } else {
a69d8927
MH		 1803 conn_changed = hci_dev_test_and_clear_flag(hdev,
1804 HCI_CONNECTABLE);
1805 discov_changed = hci_dev_test_and_clear_flag(hdev,
1806 HCI_DISCOVERABLE);
bc6d2d04 1807 }
d7b856f9 1808
2b76f453
JH		 1809 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1810
bc6d2d04 1811 if (conn_changed || discov_changed) {
d7b856f9 1812 new_settings(hdev, cmd->sk);
1d2dc5b7 1813 hci_update_page_scan(hdev);
bc6d2d04
JH		 1814 if (discov_changed)
1815 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1816 hci_update_background_scan(hdev);
1817 }
d7b856f9 1818
37438c1f 1819remove_cmd:
2b76f453
JH		 1820 mgmt_pending_remove(cmd);
1821
1822unlock:
1823 hci_dev_unlock(hdev);
1824}
1825
e8ba3a1f
JH		 1826static int set_connectable_update_settings(struct hci_dev *hdev,
1827 struct sock *sk, u8 val)
1828{
1829 bool changed = false;
1830 int err;
1831
d7a5a11d 1832 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1833 changed = true;
1834
1835 if (val) {
a1536da2 1836 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1837 } else {
a358dc11
MH		 1838 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1839 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1840 }
1841
1842 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1843 if (err < 0)
1844 return err;
1845
562064e6 1846 if (changed) {
1d2dc5b7 1847 hci_update_page_scan(hdev);
562064e6 1848 hci_update_background_scan(hdev);
e8ba3a1f 1849 return new_settings(hdev, sk);
562064e6 1850 }
e8ba3a1f
JH		 1851
1852 return 0;
1853}
1854
bdb6d971 1855static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1856 u16 len)
9fbcbb45 1857{
650f726d 1858 struct mgmt_mode *cp = data;
3b0602cd 1859 struct mgmt_pending_cmd *cmd;
2b76f453 1860 struct hci_request req;
1987fdc7 1861 u8 scan;
9fbcbb45
JH		 1862 int err;
1863
bdb6d971 1864 BT_DBG("request for %s", hdev->name);
9fbcbb45 1865
d7a5a11d
MH		 1866 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1867 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1868 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1869 MGMT_STATUS_REJECTED);
33c525c0 1870
a7e80f25 1871 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1872 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1873 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1874
09fd0de5 1875 hci_dev_lock(hdev);
9fbcbb45 1876
4b34ee78 1877 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1878 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1879 goto failed;
1880 }
1881
333ae95d
JH		 1882 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1883 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1884 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1885 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1886 goto failed;
1887 }
1888
2e58ef3e 1889 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1890 if (!cmd) {
1891 err = -ENOMEM;
9fbcbb45 1892 goto failed;
366a0336 1893 }
9fbcbb45 1894
9b74246f 1895 hci_req_init(&req, hdev);
9fbcbb45 1896
9a43e25f
JH		 1897 /* If BR/EDR is not enabled and we disable advertising as a
1898 * by-product of disabling connectable, we need to update the
1899 * advertising flags.
1900 */
d7a5a11d 1901 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
9a43e25f 1902 if (!cp->val) {
a358dc11
MH		 1903 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1904 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
9a43e25f
JH		 1905 }
1906 update_adv_data(&req);
1907 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1908 if (cp->val) {
1909 scan = SCAN_PAGE;
1910 } else {
3bd27240
JH		 1911 /* If we don't have any whitelist entries just
1912 * disable all scanning. If there are entries
1913 * and we had both page and inquiry scanning
1914 * enabled then fall back to only page scanning.
1915 * Otherwise no changes are needed.
1916 */
1917 if (list_empty(&hdev->whitelist))
1918 scan = SCAN_DISABLED;
1919 else if (test_bit(HCI_ISCAN, &hdev->flags))
1920 scan = SCAN_PAGE;
1921 else
1922 goto no_scan_update;
9b74246f
JH		 1923
1924 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1925 hdev->discov_timeout > 0)
9b74246f
JH		 1926 cancel_delayed_work(&hdev->discov_off);
1927 }
2b76f453 1928
9b74246f
JH		 1929 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1930 }
2b76f453 1931
3bd27240 1932no_scan_update:
e8b1202c 1933 /* Update the advertising parameters if necessary */
d7a5a11d 1934 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
1987fdc7 1935 enable_advertising(&req);
1987fdc7 1936
2b76f453 1937 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1938 if (err < 0) {
a664b5bc 1939 mgmt_pending_remove(cmd);
9b74246f 1940 if (err == -ENODATA)
a81070ba
JH		 1941 err = set_connectable_update_settings(hdev, sk,
1942 cp->val);
9b74246f
JH		 1943 goto failed;
1944 }
9fbcbb45
JH		 1945
1946failed:
09fd0de5 1947 hci_dev_unlock(hdev);
9fbcbb45
JH		 1948 return err;
1949}
1950
b2939475 1951static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1952 u16 len)
c542a06c 1953{
650f726d 1954 struct mgmt_mode *cp = data;
55594356 1955 bool changed;
c542a06c
JH		 1956 int err;
1957
bdb6d971 1958 BT_DBG("request for %s", hdev->name);
c542a06c 1959
a7e80f25 1960 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1961 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1962 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1963
09fd0de5 1964 hci_dev_lock(hdev);
c542a06c
JH		 1965
1966 if (cp->val)
238be788 1967 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 1968 else
a69d8927 1969 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 1970
b2939475 1971 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1972 if (err < 0)
55594356 1973 goto unlock;
c542a06c 1974
55594356
MH		 1975 if (changed)
1976 err = new_settings(hdev, sk);
c542a06c 1977
55594356 1978unlock:
09fd0de5 1979 hci_dev_unlock(hdev);
c542a06c
JH		 1980 return err;
1981}
1982
04124681
GP		 1983static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1984 u16 len)
33ef95ed
JH		 1985{
1986 struct mgmt_mode *cp = data;
3b0602cd 1987 struct mgmt_pending_cmd *cmd;
e6fe7986 1988 u8 val, status;
33ef95ed
JH		 1989 int err;
1990
bdb6d971 1991 BT_DBG("request for %s", hdev->name);
33ef95ed 1992
e6fe7986
JH		 1993 status = mgmt_bredr_support(hdev);
1994 if (status)
a69e8375
JH		 1995 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1996 status);
33c525c0 1997
a7e80f25 1998 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1999 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2000 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2001
33ef95ed
JH		 2002 hci_dev_lock(hdev);
2003
4b34ee78 2004 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2005 bool changed = false;
2006
d7a5a11d 2007 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 2008 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 2009 changed = true;
2010 }
2011
2012 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2013 if (err < 0)
2014 goto failed;
2015
2016 if (changed)
2017 err = new_settings(hdev, sk);
2018
33ef95ed
JH		 2019 goto failed;
2020 }
2021
333ae95d 2022 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 2023 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2024 MGMT_STATUS_BUSY);
33ef95ed
JH		 2025 goto failed;
2026 }
2027
2028 val = !!cp->val;
2029
2030 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2031 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2032 goto failed;
2033 }
2034
2035 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2036 if (!cmd) {
2037 err = -ENOMEM;
2038 goto failed;
2039 }
2040
2041 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2042 if (err < 0) {
2043 mgmt_pending_remove(cmd);
2044 goto failed;
2045 }
2046
2047failed:
2048 hci_dev_unlock(hdev);
33ef95ed
JH		 2049 return err;
2050}
2051
bdb6d971 2052static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2053{
2054 struct mgmt_mode *cp = data;
3b0602cd 2055 struct mgmt_pending_cmd *cmd;
72ef0c1a 2056 u8 status;
ed2c4ee3
JH		 2057 int err;
2058
bdb6d971 2059 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2060
cdba5281
MH		 2061 status = mgmt_bredr_support(hdev);
2062 if (status)
a69e8375 2063 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 2064
13ecd8b6 2065 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2066 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2067 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2068
a7e80f25 2069 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2070 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2071 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2072
13ecd8b6 2073 hci_dev_lock(hdev);
6c8f12c1 2074
4b34ee78 2075 if (!hdev_is_powered(hdev)) {
9ecb3e24 2076 bool changed;
c0ecddc2 2077
9ecb3e24 2078 if (cp->val) {
238be788
MH		 2079 changed = !hci_dev_test_and_set_flag(hdev,
2080 HCI_SSP_ENABLED);
9ecb3e24 2081 } else {
a69d8927
MH		 2082 changed = hci_dev_test_and_clear_flag(hdev,
2083 HCI_SSP_ENABLED);
9ecb3e24 2084 if (!changed)
a69d8927
MH		 2085 changed = hci_dev_test_and_clear_flag(hdev,
2086 HCI_HS_ENABLED);
9ecb3e24 2087 else
a358dc11 2088 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 2089 }
2090
2091 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2092 if (err < 0)
2093 goto failed;
2094
2095 if (changed)
2096 err = new_settings(hdev, sk);
2097
ed2c4ee3
JH		 2098 goto failed;
2099 }
2100
333ae95d 2101 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2102 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2103 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2104 goto failed;
2105 }
2106
d7a5a11d 2107 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 2108 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2109 goto failed;
2110 }
2111
2112 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2113 if (!cmd) {
2114 err = -ENOMEM;
2115 goto failed;
2116 }
2117
d7a5a11d 2118 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 2119 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2120 sizeof(cp->val), &cp->val);
2121
72ef0c1a 2122 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2123 if (err < 0) {
2124 mgmt_pending_remove(cmd);
2125 goto failed;
2126 }
2127
2128failed:
2129 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2130 return err;
2131}
2132
bdb6d971 2133static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2134{
2135 struct mgmt_mode *cp = data;
ee392693 2136 bool changed;
e6fe7986 2137 u8 status;
ee392693 2138 int err;
6d80dfd0 2139
bdb6d971 2140 BT_DBG("request for %s", hdev->name);
6d80dfd0 2141
e6fe7986
JH		 2142 status = mgmt_bredr_support(hdev);
2143 if (status)
a69e8375 2144 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2145
9ecb3e24 2146 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2147 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2148 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 2149
d7a5a11d 2150 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 2151 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2152 MGMT_STATUS_REJECTED);
9ecb3e24 2153
a7e80f25 2154 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2155 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2156 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2157
ee392693
MH		 2158 hci_dev_lock(hdev);
2159
333ae95d 2160 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2161 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2162 MGMT_STATUS_BUSY);
a2cb01de
JH		 2163 goto unlock;
2164 }
2165
a0cdf960 2166 if (cp->val) {
238be788 2167 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 2168 } else {
2169 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2170 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2171 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2172 goto unlock;
2173 }
2174
a69d8927 2175 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 2176 }
ee392693
MH		 2177
2178 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2179 if (err < 0)
2180 goto unlock;
2181
2182 if (changed)
2183 err = new_settings(hdev, sk);
6d80dfd0 2184
ee392693
MH		 2185unlock:
2186 hci_dev_unlock(hdev);
2187 return err;
6d80dfd0
JH		 2188}
2189
1904a853 2190static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2191{
2192 struct cmd_lookup match = { NULL, hdev };
2193
3ad67582
JK		 2194 hci_dev_lock(hdev);
2195
416a4ae5
JH		 2196 if (status) {
2197 u8 mgmt_err = mgmt_status(status);
2198
2199 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2200 &mgmt_err);
3ad67582 2201 goto unlock;
416a4ae5
JH		 2202 }
2203
2204 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2205
2206 new_settings(hdev, match.sk);
2207
2208 if (match.sk)
2209 sock_put(match.sk);
441ad2d0
MH		 2210
2211 /* Make sure the controller has a good default for
2212 * advertising data. Restrict the update to when LE
2213 * has actually been enabled. During power on, the
2214 * update in powered_update_hci will take care of it.
2215 */
d7a5a11d 2216 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 2217 struct hci_request req;
2218
441ad2d0 2219 hci_req_init(&req, hdev);
5947f4bc 2220 update_adv_data(&req);
f14d8f64 2221 update_scan_rsp_data(&req);
2cf22218 2222 __hci_update_background_scan(&req);
441ad2d0 2223 hci_req_run(&req, NULL);
441ad2d0 2224 }
3ad67582
JK		 2225
2226unlock:
2227 hci_dev_unlock(hdev);
416a4ae5
JH		 2228}
2229
bdb6d971 2230static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2231{
2232 struct mgmt_mode *cp = data;
2233 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 2234 struct mgmt_pending_cmd *cmd;
416a4ae5 2235 struct hci_request req;
06199cf8 2236 int err;
0b60eba1 2237 u8 val, enabled;
06199cf8 2238
bdb6d971 2239 BT_DBG("request for %s", hdev->name);
06199cf8 2240
13ecd8b6 2241 if (!lmp_le_capable(hdev))
a69e8375
JH		 2242 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2243 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2244
a7e80f25 2245 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2246 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2247 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2248
e7844ee5
MH		 2249 /* Bluetooth single mode LE only controllers or dual-mode
2250 * controllers configured as LE only devices, do not allow
2251 * switching LE off. These have either LE enabled explicitly
2252 * or BR/EDR has been previously switched off.
2253 *
2254 * When trying to enable an already enabled LE, then gracefully
2255 * send a positive response. Trying to disable it however will
2256 * result into rejection.
2257 */
2258 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2259 if (cp->val == 0x01)
2260 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2261
a69e8375
JH		 2262 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2263 MGMT_STATUS_REJECTED);
e7844ee5 2264 }
c73eee91 2265
13ecd8b6 2266 hci_dev_lock(hdev);
06199cf8
JH		 2267
2268 val = !!cp->val;
ffa88e02 2269 enabled = lmp_host_le_capable(hdev);
06199cf8 2270
0b60eba1 2271 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2272 bool changed = false;
2273
d7a5a11d 2274 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 2275 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 2276 changed = true;
2277 }
2278
d7a5a11d 2279 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 2280 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 2281 changed = true;
2282 }
2283
06199cf8
JH		 2284 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2285 if (err < 0)
1de028ce 2286 goto unlock;
06199cf8
JH		 2287
2288 if (changed)
2289 err = new_settings(hdev, sk);
2290
1de028ce 2291 goto unlock;
06199cf8
JH		 2292 }
2293
333ae95d
JH		 2294 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2295 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2296 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2297 MGMT_STATUS_BUSY);
1de028ce 2298 goto unlock;
06199cf8
JH		 2299 }
2300
2301 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2302 if (!cmd) {
2303 err = -ENOMEM;
1de028ce 2304 goto unlock;
06199cf8
JH		 2305 }
2306
441ad2d0
MH		 2307 hci_req_init(&req, hdev);
2308
06199cf8
JH		 2309 memset(&hci_cp, 0, sizeof(hci_cp));
2310
2311 if (val) {
2312 hci_cp.le = val;
32226e4f 2313 hci_cp.simul = 0x00;
441ad2d0 2314 } else {
d7a5a11d 2315 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
441ad2d0 2316 disable_advertising(&req);
06199cf8
JH		 2317 }
2318
416a4ae5
JH		 2319 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2320 &hci_cp);
2321
2322 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2323 if (err < 0)
06199cf8 2324 mgmt_pending_remove(cmd);
06199cf8 2325
1de028ce
JH		 2326unlock:
2327 hci_dev_unlock(hdev);
06199cf8
JH		 2328 return err;
2329}
2330
0cab9c80
JH		 2331/* This is a helper function to test for pending mgmt commands that can
2332 * cause CoD or EIR HCI commands. We can only allow one such pending
2333 * mgmt command at a time since otherwise we cannot easily track what
2334 * the current values are, will be, and based on that calculate if a new
2335 * HCI command needs to be sent and if yes with what value.
2336 */
2337static bool pending_eir_or_class(struct hci_dev *hdev)
2338{
3b0602cd 2339 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2340
2341 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2342 switch (cmd->opcode) {
2343 case MGMT_OP_ADD_UUID:
2344 case MGMT_OP_REMOVE_UUID:
2345 case MGMT_OP_SET_DEV_CLASS:
2346 case MGMT_OP_SET_POWERED:
2347 return true;
2348 }
2349 }
2350
2351 return false;
2352}
2353
83be8eca
JH		 2354static const u8 bluetooth_base_uuid[] = {
2355 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2356 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2357};
2358
2359static u8 get_uuid_size(const u8 *uuid)
2360{
2361 u32 val;
2362
2363 if (memcmp(uuid, bluetooth_base_uuid, 12))
2364 return 128;
2365
2366 val = get_unaligned_le32(&uuid[12]);
2367 if (val > 0xffff)
2368 return 32;
2369
2370 return 16;
2371}
2372
92da6097
JH		 2373static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2374{
3b0602cd 2375 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2376
2377 hci_dev_lock(hdev);
2378
333ae95d 2379 cmd = pending_find(mgmt_op, hdev);
92da6097
JH		 2380 if (!cmd)
2381 goto unlock;
2382
2a1afb5a
JH		 2383 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2384 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2385
2386 mgmt_pending_remove(cmd);
2387
2388unlock:
2389 hci_dev_unlock(hdev);
2390}
2391
1904a853 2392static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2393{
2394 BT_DBG("status 0x%02x", status);
2395
2396 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2397}
2398
bdb6d971 2399static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2400{
650f726d 2401 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2402 struct mgmt_pending_cmd *cmd;
890ea898 2403 struct hci_request req;
2aeb9a1a 2404 struct bt_uuid *uuid;
2aeb9a1a
JH		 2405 int err;
2406
bdb6d971 2407 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2408
09fd0de5 2409 hci_dev_lock(hdev);
2aeb9a1a 2410
0cab9c80 2411 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2412 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2413 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2414 goto failed;
2415 }
2416
92c4c204 2417 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2418 if (!uuid) {
2419 err = -ENOMEM;
2420 goto failed;
2421 }
2422
2423 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2424 uuid->svc_hint = cp->svc_hint;
83be8eca 2425 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2426
de66aa63 2427 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2428
890ea898 2429 hci_req_init(&req, hdev);
1aff6f09 2430
890ea898
JH		 2431 update_class(&req);
2432 update_eir(&req);
2433
92da6097
JH		 2434 err = hci_req_run(&req, add_uuid_complete);
2435 if (err < 0) {
2436 if (err != -ENODATA)
2437 goto failed;
80a1e1db 2438
2a1afb5a
JH		 2439 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2440 hdev->dev_class, 3);
90e70454
JH		 2441 goto failed;
2442 }
2443
2444 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2445 if (!cmd) {
90e70454 2446 err = -ENOMEM;
890ea898
JH		 2447 goto failed;
2448 }
2449
2450 err = 0;
2aeb9a1a
JH		 2451
2452failed:
09fd0de5 2453 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2454 return err;
2455}
2456
24b78d0f
JH		 2457static bool enable_service_cache(struct hci_dev *hdev)
2458{
2459 if (!hdev_is_powered(hdev))
2460 return false;
2461
238be788 2462 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2463 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2464 CACHE_TIMEOUT);
24b78d0f
JH		 2465 return true;
2466 }
2467
2468 return false;
2469}
2470
1904a853 2471static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2472{
2473 BT_DBG("status 0x%02x", status);
2474
2475 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2476}
2477
bdb6d971 2478static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2479 u16 len)
2aeb9a1a 2480{
650f726d 2481 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2482 struct mgmt_pending_cmd *cmd;
056341c8 2483 struct bt_uuid *match, *tmp;
2aeb9a1a 2484 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2485 struct hci_request req;
2aeb9a1a
JH		 2486 int err, found;
2487
bdb6d971 2488 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2489
09fd0de5 2490 hci_dev_lock(hdev);
2aeb9a1a 2491
0cab9c80 2492 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2493 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2494 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2495 goto unlock;
2496 }
2497
2aeb9a1a 2498 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2499 hci_uuids_clear(hdev);
4004b6d9 2500
24b78d0f 2501 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2502 err = mgmt_cmd_complete(sk, hdev->id,
2503 MGMT_OP_REMOVE_UUID,
2504 0, hdev->dev_class, 3);
24b78d0f
JH		 2505 goto unlock;
2506 }
4004b6d9 2507
9246a869 2508 goto update_class;
2aeb9a1a
JH		 2509 }
2510
2511 found = 0;
2512
056341c8 2513 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2514 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2515 continue;
2516
2517 list_del(&match->list);
482049f7 2518 kfree(match);
2aeb9a1a
JH		 2519 found++;
2520 }
2521
2522 if (found == 0) {
a69e8375
JH		 2523 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2524 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2525 goto unlock;
2526 }
2527
9246a869 2528update_class:
890ea898 2529 hci_req_init(&req, hdev);
1aff6f09 2530
890ea898
JH		 2531 update_class(&req);
2532 update_eir(&req);
2533
92da6097
JH		 2534 err = hci_req_run(&req, remove_uuid_complete);
2535 if (err < 0) {
2536 if (err != -ENODATA)
2537 goto unlock;
80a1e1db 2538
2a1afb5a
JH		 2539 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2540 hdev->dev_class, 3);
90e70454
JH		 2541 goto unlock;
2542 }
2543
2544 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2545 if (!cmd) {
90e70454 2546 err = -ENOMEM;
890ea898
JH		 2547 goto unlock;
2548 }
2549
2550 err = 0;
2aeb9a1a
JH		 2551
2552unlock:
09fd0de5 2553 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2554 return err;
2555}
2556
1904a853 2557static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2558{
2559 BT_DBG("status 0x%02x", status);
2560
2561 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2562}
2563
bdb6d971 2564static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2565 u16 len)
1aff6f09 2566{
650f726d 2567 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2568 struct mgmt_pending_cmd *cmd;
890ea898 2569 struct hci_request req;
1aff6f09
JH		 2570 int err;
2571
bdb6d971 2572 BT_DBG("request for %s", hdev->name);
1aff6f09 2573
6203fc98 2574 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2575 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2576 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2577
0cab9c80 2578 hci_dev_lock(hdev);
ee98f473 2579
0cab9c80 2580 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2581 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2582 MGMT_STATUS_BUSY);
0cab9c80
JH		 2583 goto unlock;
2584 }
c95f0ba7 2585
0cab9c80 2586 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2587 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2588 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2589 goto unlock;
2590 }
575b3a02 2591
932f5ff5
JH		 2592 hdev->major_class = cp->major;
2593 hdev->minor_class = cp->minor;
2594
b5235a65 2595 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2596 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2597 hdev->dev_class, 3);
b5235a65
JH		 2598 goto unlock;
2599 }
2600
890ea898
JH		 2601 hci_req_init(&req, hdev);
2602
a69d8927 2603 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2604 hci_dev_unlock(hdev);
2605 cancel_delayed_work_sync(&hdev->service_cache);
2606 hci_dev_lock(hdev);
890ea898 2607 update_eir(&req);
7d78525d 2608 }
14c0b608 2609
890ea898
JH		 2610 update_class(&req);
2611
92da6097
JH		 2612 err = hci_req_run(&req, set_class_complete);
2613 if (err < 0) {
2614 if (err != -ENODATA)
2615 goto unlock;
1aff6f09 2616
2a1afb5a
JH		 2617 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2618 hdev->dev_class, 3);
90e70454
JH		 2619 goto unlock;
2620 }
2621
2622 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2623 if (!cmd) {
90e70454 2624 err = -ENOMEM;
890ea898
JH		 2625 goto unlock;
2626 }
2627
2628 err = 0;
1aff6f09 2629
b5235a65 2630unlock:
09fd0de5 2631 hci_dev_unlock(hdev);
1aff6f09
JH		 2632 return err;
2633}
2634
bdb6d971 2635static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2636 u16 len)
55ed8ca1 2637{
650f726d 2638 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2639 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2640 sizeof(struct mgmt_link_key_info));
4e51eae9 2641 u16 key_count, expected_len;
b1de97d8 2642 bool changed;
a492cd52 2643 int i;
55ed8ca1 2644
9060d5cf
MH		 2645 BT_DBG("request for %s", hdev->name);
2646
2647 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2648 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2649 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2650
1f350c87 2651 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2652 if (key_count > max_key_count) {
2653 BT_ERR("load_link_keys: too big key_count value %u",
2654 key_count);
a69e8375
JH		 2655 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2656 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2657 }
55ed8ca1 2658
86742e1e
JH		 2659 expected_len = sizeof(*cp) + key_count *
2660 sizeof(struct mgmt_link_key_info);
a492cd52 2661 if (expected_len != len) {
86742e1e 2662 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2663 expected_len, len);
a69e8375
JH		 2664 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2665 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2666 }
2667
4ae14301 2668 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2669 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2670 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2671
bdb6d971 2672 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2673 key_count);
55ed8ca1 2674
4ee71b20
JH		 2675 for (i = 0; i < key_count; i++) {
2676 struct mgmt_link_key_info *key = &cp->keys[i];
2677
8e991132 2678 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2679 return mgmt_cmd_status(sk, hdev->id,
2680 MGMT_OP_LOAD_LINK_KEYS,
2681 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2682 }
2683
09fd0de5 2684 hci_dev_lock(hdev);
55ed8ca1
JH		 2685
2686 hci_link_keys_clear(hdev);
2687
55ed8ca1 2688 if (cp->debug_keys)
238be788 2689 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2690 else
a69d8927
MH		 2691 changed = hci_dev_test_and_clear_flag(hdev,
2692 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2693
2694 if (changed)
2695 new_settings(hdev, NULL);
55ed8ca1 2696
a492cd52 2697 for (i = 0; i < key_count; i++) {
86742e1e 2698 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2699
58e9293c
JH		 2700 /* Always ignore debug keys and require a new pairing if
2701 * the user wants to use them.
2702 */
2703 if (key->type == HCI_LK_DEBUG_COMBINATION)
2704 continue;
2705
7652ff6a
JH		 2706 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2707 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2708 }
2709
2a1afb5a 2710 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2711
09fd0de5 2712 hci_dev_unlock(hdev);
55ed8ca1 2713
a492cd52 2714 return 0;
55ed8ca1
JH		 2715}
2716
b1078ad0 2717static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2718 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2719{
2720 struct mgmt_ev_device_unpaired ev;
2721
2722 bacpy(&ev.addr.bdaddr, bdaddr);
2723 ev.addr.type = addr_type;
2724
2725 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2726 skip_sk);
b1078ad0
JH		 2727}
2728
bdb6d971 2729static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2730 u16 len)
55ed8ca1 2731{
124f6e35
JH		 2732 struct mgmt_cp_unpair_device *cp = data;
2733 struct mgmt_rp_unpair_device rp;
a8a1d19e 2734 struct hci_cp_disconnect dc;
3b0602cd 2735 struct mgmt_pending_cmd *cmd;
55ed8ca1 2736 struct hci_conn *conn;
55ed8ca1
JH		 2737 int err;
2738
a8a1d19e 2739 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2740 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2741 rp.addr.type = cp->addr.type;
a8a1d19e 2742
4ee71b20 2743 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2744 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2745 MGMT_STATUS_INVALID_PARAMS,
2746 &rp, sizeof(rp));
4ee71b20 2747
118da70b 2748 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2749 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2750 MGMT_STATUS_INVALID_PARAMS,
2751 &rp, sizeof(rp));
118da70b 2752
4ee71b20
JH		 2753 hci_dev_lock(hdev);
2754
86a8cfc6 2755 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2756 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2757 MGMT_STATUS_NOT_POWERED, &rp,
2758 sizeof(rp));
86a8cfc6
JH		 2759 goto unlock;
2760 }
2761
e0b2b27e 2762 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2763 /* If disconnection is requested, then look up the
2764 * connection. If the remote device is connected, it
2765 * will be later used to terminate the link.
2766 *
2767 * Setting it to NULL explicitly will cause no
2768 * termination of the link.
2769 */
2770 if (cp->disconnect)
2771 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2772 &cp->addr.bdaddr);
2773 else
2774 conn = NULL;
2775
124f6e35 2776 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2777 } else {
2778 u8 addr_type;
2779
89cbb063
AA		 2780 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2781 &cp->addr.bdaddr);
2782 if (conn) {
2783 /* Defer clearing up the connection parameters
2784 * until closing to give a chance of keeping
2785 * them if a repairing happens.
2786 */
2787 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2788
2789 /* If disconnection is not requested, then
2790 * clear the connection variable so that the
2791 * link is not terminated.
2792 */
2793 if (!cp->disconnect)
2794 conn = NULL;
2795 }
2796
e0b2b27e
JH		 2797 if (cp->addr.type == BDADDR_LE_PUBLIC)
2798 addr_type = ADDR_LE_DEV_PUBLIC;
2799 else
2800 addr_type = ADDR_LE_DEV_RANDOM;
2801
a7ec7338
JH		 2802 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2803
e0b2b27e
JH		 2804 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2805 }
b0dbfb46 2806
55ed8ca1 2807 if (err < 0) {
2a1afb5a
JH		 2808 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2809 MGMT_STATUS_NOT_PAIRED, &rp,
2810 sizeof(rp));
55ed8ca1
JH		 2811 goto unlock;
2812 }
2813
89cbb063
AA		 2814 /* If the connection variable is set, then termination of the
2815 * link is requested.
2816 */
a8a1d19e 2817 if (!conn) {
2a1afb5a
JH		 2818 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2819 &rp, sizeof(rp));
b1078ad0 2820 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2821 goto unlock;
2822 }
55ed8ca1 2823
124f6e35 2824 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2825 sizeof(*cp));
a8a1d19e
JH		 2826 if (!cmd) {
2827 err = -ENOMEM;
2828 goto unlock;
55ed8ca1
JH		 2829 }
2830
d8b7b1e4
JH		 2831 cmd->cmd_complete = addr_cmd_complete;
2832
eb55ef07 2833 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2834 dc.reason = 0x13; /* Remote User Terminated Connection */
2835 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2836 if (err < 0)
2837 mgmt_pending_remove(cmd);
2838
55ed8ca1 2839unlock:
09fd0de5 2840 hci_dev_unlock(hdev);
55ed8ca1
JH		 2841 return err;
2842}
2843
bdb6d971 2844static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2845 u16 len)
8962ee74 2846{
650f726d 2847 struct mgmt_cp_disconnect *cp = data;
06a63b19 2848 struct mgmt_rp_disconnect rp;
3b0602cd 2849 struct mgmt_pending_cmd *cmd;
8962ee74 2850 struct hci_conn *conn;
8962ee74
JH		 2851 int err;
2852
2853 BT_DBG("");
2854
06a63b19
JH		 2855 memset(&rp, 0, sizeof(rp));
2856 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2857 rp.addr.type = cp->addr.type;
2858
4ee71b20 2859 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2860 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2861 MGMT_STATUS_INVALID_PARAMS,
2862 &rp, sizeof(rp));
4ee71b20 2863
09fd0de5 2864 hci_dev_lock(hdev);
8962ee74
JH		 2865
2866 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2867 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2868 MGMT_STATUS_NOT_POWERED, &rp,
2869 sizeof(rp));
8962ee74
JH		 2870 goto failed;
2871 }
2872
333ae95d 2873 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2874 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2875 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2876 goto failed;
2877 }
2878
591f47f3 2879 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2880 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2881 &cp->addr.bdaddr);
88c3df13
JH		 2882 else
2883 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2884
f960727e 2885 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2886 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2887 MGMT_STATUS_NOT_CONNECTED, &rp,
2888 sizeof(rp));
8962ee74
JH		 2889 goto failed;
2890 }
2891
2e58ef3e 2892 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2893 if (!cmd) {
2894 err = -ENOMEM;
8962ee74 2895 goto failed;
366a0336 2896 }
8962ee74 2897
f5818c22
JH		 2898 cmd->cmd_complete = generic_cmd_complete;
2899
e3f2f92a 2900 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2901 if (err < 0)
a664b5bc 2902 mgmt_pending_remove(cmd);
8962ee74
JH		 2903
2904failed:
09fd0de5 2905 hci_dev_unlock(hdev);
8962ee74
JH		 2906 return err;
2907}
2908
57c1477c 2909static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2910{
2911 switch (link_type) {
2912 case LE_LINK:
48264f06
JH		 2913 switch (addr_type) {
2914 case ADDR_LE_DEV_PUBLIC:
591f47f3 2915 return BDADDR_LE_PUBLIC;
0ed09148 2916
48264f06 2917 default:
0ed09148 2918 /* Fallback to LE Random address type */
591f47f3 2919 return BDADDR_LE_RANDOM;
48264f06 2920 }
0ed09148 2921
4c659c39 2922 default:
0ed09148 2923 /* Fallback to BR/EDR type */
591f47f3 2924 return BDADDR_BREDR;
4c659c39
JH		 2925 }
2926}
2927
04124681
GP		 2928static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2929 u16 data_len)
2784eb41 2930{
2784eb41 2931 struct mgmt_rp_get_connections *rp;
8035ded4 2932 struct hci_conn *c;
a38528f1 2933 size_t rp_len;
60fc5fb6
JH		 2934 int err;
2935 u16 i;
2784eb41
JH		 2936
2937 BT_DBG("");
2938
09fd0de5 2939 hci_dev_lock(hdev);
2784eb41 2940
5f97c1df 2941 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2942 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2943 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2944 goto unlock;
2945 }
2946
60fc5fb6 2947 i = 0;
b644ba33
JH		 2948 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2949 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2950 i++;
2784eb41
JH		 2951 }
2952
60fc5fb6 2953 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2954 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2955 if (!rp) {
2784eb41
JH		 2956 err = -ENOMEM;
2957 goto unlock;
2958 }
2959
2784eb41 2960 i = 0;
4c659c39 2961 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2962 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2963 continue;
4c659c39 2964 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2965 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2966 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2967 continue;
2968 i++;
2969 }
2970
eb55ef07 2971 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2972
4c659c39
JH		 2973 /* Recalculate length in case of filtered SCO connections, etc */
2974 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2975
2a1afb5a
JH		 2976 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2977 rp_len);
2784eb41 2978
a38528f1 2979 kfree(rp);
5f97c1df
JH		 2980
2981unlock:
09fd0de5 2982 hci_dev_unlock(hdev);
2784eb41
JH		 2983 return err;
2984}
2985
bdb6d971 2986static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2987 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 2988{
3b0602cd 2989 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 2990 int err;
2991
2e58ef3e 2992 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2993 sizeof(*cp));
96d97a67
WR		 2994 if (!cmd)
2995 return -ENOMEM;
2996
d8457698 2997 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2998 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2999 if (err < 0)
3000 mgmt_pending_remove(cmd);
3001
3002 return err;
3003}
3004
bdb6d971 3005static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3006 u16 len)
980e1a53 3007{
96d97a67 3008 struct hci_conn *conn;
650f726d 3009 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3010 struct hci_cp_pin_code_reply reply;
3b0602cd 3011 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3012 int err;
3013
3014 BT_DBG("");
3015
09fd0de5 3016 hci_dev_lock(hdev);
980e1a53 3017
4b34ee78 3018 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3019 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3020 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3021 goto failed;
3022 }
3023
d8457698 3024 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3025 if (!conn) {
a69e8375
JH		 3026 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3027 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3028 goto failed;
3029 }
3030
3031 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3032 struct mgmt_cp_pin_code_neg_reply ncp;
3033
3034 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3035
3036 BT_ERR("PIN code is not 16 bytes long");
3037
bdb6d971 3038 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3039 if (err >= 0)
a69e8375
JH		 3040 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3041 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3042
3043 goto failed;
3044 }
3045
00abfe44 3046 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3047 if (!cmd) {
3048 err = -ENOMEM;
980e1a53 3049 goto failed;
366a0336 3050 }
980e1a53 3051
7776d1d8
JH		 3052 cmd->cmd_complete = addr_cmd_complete;
3053
d8457698 3054 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3055 reply.pin_len = cp->pin_len;
24718ca5 3056 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3057
3058 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3059 if (err < 0)
a664b5bc 3060 mgmt_pending_remove(cmd);
980e1a53
JH		 3061
3062failed:
09fd0de5 3063 hci_dev_unlock(hdev);
980e1a53
JH		 3064 return err;
3065}
3066
04124681
GP		 3067static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3068 u16 len)
17fa4b9d 3069{
650f726d 3070 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3071
3072 BT_DBG("");
3073
4ec86d4c 3074 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3075 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3076 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 3077
09fd0de5 3078 hci_dev_lock(hdev);
17fa4b9d
JH		 3079
3080 hdev->io_capability = cp->io_capability;
3081
3082 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3083 hdev->io_capability);
17fa4b9d 3084
09fd0de5 3085 hci_dev_unlock(hdev);
17fa4b9d 3086
2a1afb5a
JH		 3087 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3088 NULL, 0);
17fa4b9d
JH		 3089}
3090
3b0602cd 3091static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3092{
3093 struct hci_dev *hdev = conn->hdev;
3b0602cd 3094 struct mgmt_pending_cmd *cmd;
e9a416b5 3095
2e58ef3e 3096 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3097 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3098 continue;
3099
e9a416b5
JH		 3100 if (cmd->user_data != conn)
3101 continue;
3102
3103 return cmd;
3104 }
3105
3106 return NULL;
3107}
3108
3b0602cd 3109static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3110{
3111 struct mgmt_rp_pair_device rp;
3112 struct hci_conn *conn = cmd->user_data;
9df74653 3113 int err;
e9a416b5 3114
61b1a7fb
JH		 3115 bacpy(&rp.addr.bdaddr, &conn->dst);
3116 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3117
2a1afb5a
JH		 3118 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3119 status, &rp, sizeof(rp));
e9a416b5
JH		 3120
3121 /* So we don't get further callbacks for this connection */
3122 conn->connect_cfm_cb = NULL;
3123 conn->security_cfm_cb = NULL;
3124 conn->disconn_cfm_cb = NULL;
3125
76a68ba0 3126 hci_conn_drop(conn);
89cbb063
AA		 3127
3128 /* The device is paired so there is no need to remove
3129 * its connection parameters anymore.
3130 */
3131 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3132
3133 hci_conn_put(conn);
9df74653
JH		 3134
3135 return err;
e9a416b5
JH		 3136}
3137
f4a407be
JH		 3138void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3139{
3140 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3141 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3142
3143 cmd = find_pairing(conn);
a511b35b 3144 if (cmd) {
04ab2749 3145 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3146 mgmt_pending_remove(cmd);
3147 }
f4a407be
JH		 3148}
3149
e9a416b5
JH		 3150static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3151{
3b0602cd 3152 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3153
3154 BT_DBG("status %u", status);
3155
3156 cmd = find_pairing(conn);
a511b35b 3157 if (!cmd) {
e9a416b5 3158 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3159 return;
3160 }
3161
3162 cmd->cmd_complete(cmd, mgmt_status(status));
3163 mgmt_pending_remove(cmd);
e9a416b5
JH		 3164}
3165
f4a407be 3166static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3167{
3b0602cd 3168 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3169
3170 BT_DBG("status %u", status);
3171
3172 if (!status)
3173 return;
3174
3175 cmd = find_pairing(conn);
a511b35b 3176 if (!cmd) {
4c47d739 3177 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3178 return;
3179 }
3180
3181 cmd->cmd_complete(cmd, mgmt_status(status));
3182 mgmt_pending_remove(cmd);
4c47d739
VA		 3183}
3184
bdb6d971 3185static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3186 u16 len)
e9a416b5 3187{
650f726d 3188 struct mgmt_cp_pair_device *cp = data;
1425acb7 3189 struct mgmt_rp_pair_device rp;
3b0602cd 3190 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3191 u8 sec_level, auth_type;
3192 struct hci_conn *conn;
e9a416b5
JH		 3193 int err;
3194
3195 BT_DBG("");
3196
f950a30e
SJ		 3197 memset(&rp, 0, sizeof(rp));
3198 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3199 rp.addr.type = cp->addr.type;
3200
4ee71b20 3201 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3202 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3203 MGMT_STATUS_INVALID_PARAMS,
3204 &rp, sizeof(rp));
4ee71b20 3205
4ec86d4c 3206 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3207 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3208 MGMT_STATUS_INVALID_PARAMS,
3209 &rp, sizeof(rp));
4ec86d4c 3210
09fd0de5 3211 hci_dev_lock(hdev);
e9a416b5 3212
5f97c1df 3213 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3214 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3215 MGMT_STATUS_NOT_POWERED, &rp,
3216 sizeof(rp));
5f97c1df
JH		 3217 goto unlock;
3218 }
3219
55e76b38
JH		 3220 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3221 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3222 MGMT_STATUS_ALREADY_PAIRED, &rp,
3223 sizeof(rp));
3224 goto unlock;
3225 }
3226
c908df36 3227 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3228 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3229
6f77d8c7 3230 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3231 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3232 auth_type);
6f77d8c7
AG		 3233 } else {
3234 u8 addr_type;
3235
3236 /* Convert from L2CAP channel address type to HCI address type
3237 */
3238 if (cp->addr.type == BDADDR_LE_PUBLIC)
3239 addr_type = ADDR_LE_DEV_PUBLIC;
3240 else
3241 addr_type = ADDR_LE_DEV_RANDOM;
3242
7c264b10
MH		 3243 /* When pairing a new device, it is expected to remember
3244 * this device for future connections. Adding the connection
3245 * parameter information ahead of time allows tracking
3246 * of the slave preferred values and will speed up any
3247 * further connection establishment.
3248 *
3249 * If connection parameters already exist, then they
3250 * will be kept and this function does nothing.
3251 */
3252 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3253
6f77d8c7 3254 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3255 sec_level, HCI_LE_CONN_TIMEOUT,
3256 HCI_ROLE_MASTER);
6f77d8c7 3257 }
7a512d01 3258
30e76272 3259 if (IS_ERR(conn)) {
489dc48e
AK		 3260 int status;
3261
3262 if (PTR_ERR(conn) == -EBUSY)
3263 status = MGMT_STATUS_BUSY;
faa81030
LR		 3264 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3265 status = MGMT_STATUS_NOT_SUPPORTED;
3266 else if (PTR_ERR(conn) == -ECONNREFUSED)
3267 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3268 else
3269 status = MGMT_STATUS_CONNECT_FAILED;
3270
2a1afb5a
JH		 3271 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3272 status, &rp, sizeof(rp));
e9a416b5
JH		 3273 goto unlock;
3274 }
3275
3276 if (conn->connect_cfm_cb) {
76a68ba0 3277 hci_conn_drop(conn);
2a1afb5a
JH		 3278 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3279 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3280 goto unlock;
3281 }
3282
2e58ef3e 3283 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3284 if (!cmd) {
3285 err = -ENOMEM;
76a68ba0 3286 hci_conn_drop(conn);
e9a416b5
JH		 3287 goto unlock;
3288 }
3289
04ab2749
JH		 3290 cmd->cmd_complete = pairing_complete;
3291
7a512d01 3292 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3293 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3294 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3295 conn->security_cfm_cb = pairing_complete_cb;
3296 conn->disconn_cfm_cb = pairing_complete_cb;
3297 } else {
3298 conn->connect_cfm_cb = le_pairing_complete_cb;
3299 conn->security_cfm_cb = le_pairing_complete_cb;
3300 conn->disconn_cfm_cb = le_pairing_complete_cb;
3301 }
7a512d01 3302
e9a416b5 3303 conn->io_capability = cp->io_cap;
f8aaf9b6 3304 cmd->user_data = hci_conn_get(conn);
e9a416b5 3305
6f78fd4b 3306 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3307 hci_conn_security(conn, sec_level, auth_type, true)) {
3308 cmd->cmd_complete(cmd, 0);
3309 mgmt_pending_remove(cmd);
3310 }
e9a416b5
JH		 3311
3312 err = 0;
3313
3314unlock:
09fd0de5 3315 hci_dev_unlock(hdev);
e9a416b5
JH		 3316 return err;
3317}
3318
04124681
GP		 3319static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3320 u16 len)
28424707 3321{
0f4e68cf 3322 struct mgmt_addr_info *addr = data;
3b0602cd 3323 struct mgmt_pending_cmd *cmd;
28424707
JH		 3324 struct hci_conn *conn;
3325 int err;
3326
3327 BT_DBG("");
3328
28424707
JH		 3329 hci_dev_lock(hdev);
3330
5f97c1df 3331 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3332 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3333 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3334 goto unlock;
3335 }
3336
333ae95d 3337 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 3338 if (!cmd) {
a69e8375
JH		 3339 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3340 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3341 goto unlock;
3342 }
3343
3344 conn = cmd->user_data;
3345
3346 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3347 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3348 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3349 goto unlock;
3350 }
3351
a511b35b
JH		 3352 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3353 mgmt_pending_remove(cmd);
28424707 3354
2a1afb5a
JH		 3355 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3356 addr, sizeof(*addr));
28424707
JH		 3357unlock:
3358 hci_dev_unlock(hdev);
28424707
JH		 3359 return err;
3360}
3361
bdb6d971 3362static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3363 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3364 u16 hci_op, __le32 passkey)
a5c29683 3365{
3b0602cd 3366 struct mgmt_pending_cmd *cmd;
0df4c185 3367 struct hci_conn *conn;
a5c29683
JH		 3368 int err;
3369
09fd0de5 3370 hci_dev_lock(hdev);
08ba5382 3371
4b34ee78 3372 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3373 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3374 MGMT_STATUS_NOT_POWERED, addr,
3375 sizeof(*addr));
0df4c185 3376 goto done;
a5c29683
JH		 3377 }
3378
1707c60e
JH		 3379 if (addr->type == BDADDR_BREDR)
3380 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3381 else
1707c60e 3382 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3383
3384 if (!conn) {
2a1afb5a
JH		 3385 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3386 MGMT_STATUS_NOT_CONNECTED, addr,
3387 sizeof(*addr));
272d90df
JH		 3388 goto done;
3389 }
47c15e2b 3390
1707c60e 3391 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3392 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3393 if (!err)
2a1afb5a
JH		 3394 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3395 MGMT_STATUS_SUCCESS, addr,
3396 sizeof(*addr));
5fe57d9e 3397 else
2a1afb5a
JH		 3398 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3399 MGMT_STATUS_FAILED, addr,
3400 sizeof(*addr));
47c15e2b 3401
47c15e2b
BG		 3402 goto done;
3403 }
3404
1707c60e 3405 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3406 if (!cmd) {
3407 err = -ENOMEM;
0df4c185 3408 goto done;
a5c29683
JH		 3409 }
3410
7776d1d8
JH		 3411 cmd->cmd_complete = addr_cmd_complete;
3412
0df4c185 3413 /* Continue with pairing via HCI */
604086b7
BG		 3414 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3415 struct hci_cp_user_passkey_reply cp;
3416
1707c60e 3417 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3418 cp.passkey = passkey;
3419 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3420 } else
1707c60e
JH		 3421 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3422 &addr->bdaddr);
604086b7 3423
a664b5bc
JH		 3424 if (err < 0)
3425 mgmt_pending_remove(cmd);
a5c29683 3426
0df4c185 3427done:
09fd0de5 3428 hci_dev_unlock(hdev);
a5c29683
JH		 3429 return err;
3430}
3431
afeb019d
JK		 3432static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3433 void *data, u16 len)
3434{
3435 struct mgmt_cp_pin_code_neg_reply *cp = data;
3436
3437 BT_DBG("");
3438
1707c60e 3439 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3440 MGMT_OP_PIN_CODE_NEG_REPLY,
3441 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3442}
3443
04124681
GP		 3444static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3445 u16 len)
0df4c185 3446{
650f726d 3447 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3448
3449 BT_DBG("");
3450
3451 if (len != sizeof(*cp))
a69e8375
JH		 3452 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3453 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3454
1707c60e 3455 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3456 MGMT_OP_USER_CONFIRM_REPLY,
3457 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3458}
3459
bdb6d971 3460static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3461 void *data, u16 len)
0df4c185 3462{
c9c2659f 3463 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3464
3465 BT_DBG("");
3466
1707c60e 3467 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3468 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3469 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3470}
3471
04124681
GP		 3472static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3473 u16 len)
604086b7 3474{
650f726d 3475 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3476
3477 BT_DBG("");
3478
1707c60e 3479 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3480 MGMT_OP_USER_PASSKEY_REPLY,
3481 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3482}
3483
bdb6d971 3484static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3485 void *data, u16 len)
604086b7 3486{
650f726d 3487 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3488
3489 BT_DBG("");
3490
1707c60e 3491 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3492 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3493 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3494}
3495
13928971 3496static void update_name(struct hci_request *req)
2b4bf397 3497{
13928971 3498 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3499 struct hci_cp_write_local_name cp;
3500
13928971 3501 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3502
890ea898 3503 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3504}
3505
1904a853 3506static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3507{
3508 struct mgmt_cp_set_local_name *cp;
3b0602cd 3509 struct mgmt_pending_cmd *cmd;
13928971
JH		 3510
3511 BT_DBG("status 0x%02x", status);
3512
3513 hci_dev_lock(hdev);
3514
333ae95d 3515 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 3516 if (!cmd)
3517 goto unlock;
3518
3519 cp = cmd->param;
3520
3521 if (status)
a69e8375
JH		 3522 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3523 mgmt_status(status));
13928971 3524 else
2a1afb5a
JH		 3525 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3526 cp, sizeof(*cp));
13928971
JH		 3527
3528 mgmt_pending_remove(cmd);
3529
3530unlock:
3531 hci_dev_unlock(hdev);
3532}
3533
bdb6d971 3534static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3535 u16 len)
b312b161 3536{
2b4bf397 3537 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3538 struct mgmt_pending_cmd *cmd;
890ea898 3539 struct hci_request req;
b312b161
JH		 3540 int err;
3541
3542 BT_DBG("");
3543
09fd0de5 3544 hci_dev_lock(hdev);
b312b161 3545
b3f2ca94
JH		 3546 /* If the old values are the same as the new ones just return a
3547 * direct command complete event.
3548 */
3549 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3550 !memcmp(hdev->short_name, cp->short_name,
3551 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3552 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3553 data, len);
b3f2ca94
JH		 3554 goto failed;
3555 }
3556
2b4bf397 3557 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3558
b5235a65 3559 if (!hdev_is_powered(hdev)) {
2b4bf397 3560 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3561
2a1afb5a
JH		 3562 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3563 data, len);
28cc7bde
JH		 3564 if (err < 0)
3565 goto failed;
3566
f6b7712e
MH		 3567 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3568 data, len, sk);
28cc7bde 3569
b5235a65
JH		 3570 goto failed;
3571 }
3572
28cc7bde 3573 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3574 if (!cmd) {
3575 err = -ENOMEM;
3576 goto failed;
3577 }
3578
13928971
JH		 3579 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3580
890ea898 3581 hci_req_init(&req, hdev);
3f985050
JH		 3582
3583 if (lmp_bredr_capable(hdev)) {
3584 update_name(&req);
3585 update_eir(&req);
3586 }
3587
7a5f4990
MH		 3588 /* The name is stored in the scan response data and so
3589 * no need to udpate the advertising data here.
3590 */
3f985050 3591 if (lmp_le_capable(hdev))
7a5f4990 3592 update_scan_rsp_data(&req);
3f985050 3593
13928971 3594 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3595 if (err < 0)
3596 mgmt_pending_remove(cmd);
3597
3598failed:
09fd0de5 3599 hci_dev_unlock(hdev);
b312b161
JH		 3600 return err;
3601}
3602
0f4e68cf 3603static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3604 void *data, u16 data_len)
c35938b2 3605{
3b0602cd 3606 struct mgmt_pending_cmd *cmd;
c35938b2
SJ		 3607 int err;
3608
bdb6d971 3609 BT_DBG("%s", hdev->name);
c35938b2 3610
09fd0de5 3611 hci_dev_lock(hdev);
c35938b2 3612
4b34ee78 3613 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3614 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3615 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3616 goto unlock;
3617 }
3618
9a1a1996 3619 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3620 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3621 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3622 goto unlock;
3623 }
3624
333ae95d 3625 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3626 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3627 MGMT_STATUS_BUSY);
c35938b2
SJ		 3628 goto unlock;
3629 }
3630
2e58ef3e 3631 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3632 if (!cmd) {
3633 err = -ENOMEM;
3634 goto unlock;
3635 }
3636
710f11c0 3637 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3638 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3639 0, NULL);
3640 else
3641 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3642
c35938b2
SJ		 3643 if (err < 0)
3644 mgmt_pending_remove(cmd);
3645
3646unlock:
09fd0de5 3647 hci_dev_unlock(hdev);
c35938b2
SJ		 3648 return err;
3649}
3650
bdb6d971 3651static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3652 void *data, u16 len)
2763eda6 3653{
5d57e796 3654 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3655 int err;
3656
bdb6d971 3657 BT_DBG("%s ", hdev->name);
2763eda6 3658
5d57e796 3659 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3660 return mgmt_cmd_complete(sk, hdev->id,
3661 MGMT_OP_ADD_REMOTE_OOB_DATA,
3662 MGMT_STATUS_INVALID_PARAMS,
3663 addr, sizeof(*addr));
5d57e796 3664
09fd0de5 3665 hci_dev_lock(hdev);
2763eda6 3666
ec109113
MH		 3667 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3668 struct mgmt_cp_add_remote_oob_data *cp = data;
3669 u8 status;
bf1e3541 3670
c19a495c 3671 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3672 err = mgmt_cmd_complete(sk, hdev->id,
3673 MGMT_OP_ADD_REMOTE_OOB_DATA,
3674 MGMT_STATUS_INVALID_PARAMS,
3675 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3676 goto unlock;
3677 }
3678
ec109113 3679 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3680 cp->addr.type, cp->hash,
3681 cp->rand, NULL, NULL);
ec109113
MH		 3682 if (err < 0)
3683 status = MGMT_STATUS_FAILED;
3684 else
3685 status = MGMT_STATUS_SUCCESS;
3686
2a1afb5a
JH		 3687 err = mgmt_cmd_complete(sk, hdev->id,
3688 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3689 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3690 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3691 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3692 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3693 u8 status;
3694
86df9200 3695 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3696 /* Enforce zero-valued 192-bit parameters as
3697 * long as legacy SMP OOB isn't implemented.
3698 */
3699 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3700 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3701 err = mgmt_cmd_complete(sk, hdev->id,
3702 MGMT_OP_ADD_REMOTE_OOB_DATA,
3703 MGMT_STATUS_INVALID_PARAMS,
3704 addr, sizeof(*addr));
d25b78e2
JH		 3705 goto unlock;
3706 }
3707
86df9200
JH		 3708 rand192 = NULL;
3709 hash192 = NULL;
3710 } else {
41bcfd50
MH		 3711 /* In case one of the P-192 values is set to zero,
3712 * then just disable OOB data for P-192.
3713 */
3714 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3715 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3716 rand192 = NULL;
3717 hash192 = NULL;
3718 } else {
3719 rand192 = cp->rand192;
3720 hash192 = cp->hash192;
3721 }
3722 }
3723
3724 /* In case one of the P-256 values is set to zero, then just
3725 * disable OOB data for P-256.
3726 */
3727 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3728 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3729 rand256 = NULL;
3730 hash256 = NULL;
3731 } else {
3732 rand256 = cp->rand256;
3733 hash256 = cp->hash256;
86df9200
JH		 3734 }
3735
81328d5c 3736 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3737 cp->addr.type, hash192, rand192,
41bcfd50 3738 hash256, rand256);
ec109113
MH		 3739 if (err < 0)
3740 status = MGMT_STATUS_FAILED;
3741 else
3742 status = MGMT_STATUS_SUCCESS;
3743
2a1afb5a
JH		 3744 err = mgmt_cmd_complete(sk, hdev->id,
3745 MGMT_OP_ADD_REMOTE_OOB_DATA,
3746 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3747 } else {
3748 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3749 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3750 MGMT_STATUS_INVALID_PARAMS);
ec109113 3751 }
2763eda6 3752
c19a495c 3753unlock:
09fd0de5 3754 hci_dev_unlock(hdev);
2763eda6
SJ		 3755 return err;
3756}
3757
bdb6d971 3758static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3759 void *data, u16 len)
2763eda6 3760{
650f726d 3761 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3762 u8 status;
2763eda6
SJ		 3763 int err;
3764
bdb6d971 3765 BT_DBG("%s", hdev->name);
2763eda6 3766
c19a495c 3767 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3768 return mgmt_cmd_complete(sk, hdev->id,
3769 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3770 MGMT_STATUS_INVALID_PARAMS,
3771 &cp->addr, sizeof(cp->addr));
c19a495c 3772
09fd0de5 3773 hci_dev_lock(hdev);
2763eda6 3774
eedbd581
JH		 3775 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3776 hci_remote_oob_data_clear(hdev);
3777 status = MGMT_STATUS_SUCCESS;
3778 goto done;
3779 }
3780
6928a924 3781 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3782 if (err < 0)
bf1e3541 3783 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3784 else
a6785be2 3785 status = MGMT_STATUS_SUCCESS;
bf1e3541 3786
eedbd581 3787done:
2a1afb5a
JH		 3788 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3789 status, &cp->addr, sizeof(cp->addr));
2763eda6 3790
09fd0de5 3791 hci_dev_unlock(hdev);
2763eda6
SJ		 3792 return err;
3793}
3794
812abb13 3795static bool trigger_bredr_inquiry(struct hci_request *req, u8 *status)
41dc2bd6 3796{
8019044d 3797 struct hci_dev *hdev = req->hdev;
812abb13 3798 struct hci_cp_inquiry cp;
8019044d
MH		 3799 /* General inquiry access code (GIAC) */
3800 u8 lap[3] = { 0x33, 0x8b, 0x9e };
812abb13
JP		 3801
3802 *status = mgmt_bredr_support(hdev);
3803 if (*status)
3804 return false;
3805
3806 if (hci_dev_test_flag(hdev, HCI_INQUIRY)) {
3807 *status = MGMT_STATUS_BUSY;
3808 return false;
3809 }
3810
3811 hci_inquiry_cache_flush(hdev);
3812
3813 memset(&cp, 0, sizeof(cp));
3814 memcpy(&cp.lap, lap, sizeof(cp.lap));
3815 cp.length = DISCOV_BREDR_INQUIRY_LEN;
3816
3817 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
3818
3819 return true;
3820}
3821
3822static bool trigger_le_scan(struct hci_request *req, u16 interval, u8 *status)
3823{
3824 struct hci_dev *hdev = req->hdev;
3825 struct hci_cp_le_set_scan_param param_cp;
3826 struct hci_cp_le_set_scan_enable enable_cp;
8019044d 3827 u8 own_addr_type;
41dc2bd6
AG		 3828 int err;
3829
812abb13
JP		 3830 *status = mgmt_le_support(hdev);
3831 if (*status)
3832 return false;
41dc2bd6 3833
812abb13
JP		 3834 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
3835 /* Don't let discovery abort an outgoing connection attempt
3836 * that's using directed advertising.
3837 */
3838 if (hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) {
3839 *status = MGMT_STATUS_REJECTED;
8019044d
MH		 3840 return false;
3841 }
41dc2bd6 3842
812abb13
JP		 3843 disable_advertising(req);
3844 }
41dc2bd6 3845
812abb13
JP		 3846 /* If controller is scanning, it means the background scanning is
3847 * running. Thus, we should temporarily stop it in order to set the
3848 * discovery scanning parameters.
3849 */
3850 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
3851 hci_req_add_le_scan_disable(req);
41dc2bd6 3852
812abb13
JP		 3853 /* All active scans will be done with either a resolvable private
3854 * address (when privacy feature has been enabled) or non-resolvable
3855 * private address.
3856 */
3857 err = hci_update_random_address(req, true, &own_addr_type);
3858 if (err < 0) {
3859 *status = MGMT_STATUS_FAILED;
3860 return false;
3861 }
8019044d 3862
812abb13
JP		 3863 memset(&param_cp, 0, sizeof(param_cp));
3864 param_cp.type = LE_SCAN_ACTIVE;
3865 param_cp.interval = cpu_to_le16(interval);
3866 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3867 param_cp.own_address_type = own_addr_type;
8019044d 3868
812abb13
JP		 3869 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3870 &param_cp);
8019044d 3871
812abb13
JP		 3872 memset(&enable_cp, 0, sizeof(enable_cp));
3873 enable_cp.enable = LE_SCAN_ENABLE;
3874 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
8019044d 3875
812abb13
JP		 3876 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3877 &enable_cp);
3878
3879 return true;
3880}
8019044d 3881
812abb13
JP		 3882static bool trigger_discovery(struct hci_request *req, u8 *status)
3883{
3884 struct hci_dev *hdev = req->hdev;
8019044d 3885
812abb13
JP		 3886 switch (hdev->discovery.type) {
3887 case DISCOV_TYPE_BREDR:
3888 if (!trigger_bredr_inquiry(req, status))
3889 return false;
3890 break;
3891
3892 case DISCOV_TYPE_INTERLEAVED:
07d2334a
JP		 3893 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
3894 &hdev->quirks)) {
3895 /* During simultaneous discovery, we double LE scan
3896 * interval. We must leave some time for the controller
3897 * to do BR/EDR inquiry.
3898 */
3899 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT * 2,
3900 status))
3901 return false;
3902
3903 if (!trigger_bredr_inquiry(req, status))
3904 return false;
3905
3906 return true;
3907 }
3908
812abb13
JP		 3909 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
3910 *status = MGMT_STATUS_NOT_SUPPORTED;
8019044d
MH		 3911 return false;
3912 }
812abb13 3913 /* fall through */
8019044d 3914
812abb13
JP		 3915 case DISCOV_TYPE_LE:
3916 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT, status))
3917 return false;
8019044d
MH		 3918 break;
3919
3920 default:
3921 *status = MGMT_STATUS_INVALID_PARAMS;
3922 return false;
3923 }
3924
3925 return true;
41dc2bd6
AG		 3926}
3927
1904a853
MH		 3928static void start_discovery_complete(struct hci_dev *hdev, u8 status,
3929 u16 opcode)
7c307720 3930{
3b0602cd 3931 struct mgmt_pending_cmd *cmd;
11e6e25d 3932 unsigned long timeout;
ae55f598 3933
7c307720
AG		 3934 BT_DBG("status %d", status);
3935
11e6e25d 3936 hci_dev_lock(hdev);
41dc2bd6 3937
333ae95d 3938 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 3939 if (!cmd)
333ae95d 3940 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 3941
11e6e25d 3942 if (cmd) {
2922a94f 3943 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3944 mgmt_pending_remove(cmd);
3945 }
7c307720
AG		 3946
3947 if (status) {
11e6e25d
MH		 3948 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3949 goto unlock;
7c307720
AG		 3950 }
3951
7c307720 3952 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720 3953
2d28cfe7
JP		 3954 /* If the scan involves LE scan, pick proper timeout to schedule
3955 * hdev->le_scan_disable that will stop it.
3956 */
7c307720
AG		 3957 switch (hdev->discovery.type) {
3958 case DISCOV_TYPE_LE:
3d5a76f0 3959 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 3960 break;
7c307720 3961 case DISCOV_TYPE_INTERLEAVED:
07d2334a
JP		 3962 /* When running simultaneous discovery, the LE scanning time
3963 * should occupy the whole discovery time sine BR/EDR inquiry
3964 * and LE scanning are scheduled by the controller.
3965 *
3966 * For interleaving discovery in comparison, BR/EDR inquiry
3967 * and LE scanning are done sequentially with separate
3968 * timeouts.
3969 */
3970 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
3971 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3972 else
3973 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 3974 break;
7c307720 3975 case DISCOV_TYPE_BREDR:
11e6e25d 3976 timeout = 0;
7c307720 3977 break;
7c307720
AG		 3978 default:
3979 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 3980 timeout = 0;
3981 break;
7c307720 3982 }
ae55f598 3983
2d28cfe7
JP		 3984 if (timeout) {
3985 /* When service discovery is used and the controller has
3986 * a strict duplicate filter, it is important to remember
3987 * the start and duration of the scan. This is required
3988 * for restarting scanning during the discovery phase.
3989 */
3990 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
3991 &hdev->quirks) &&
82f8b651 3992 hdev->discovery.result_filtering) {
2d28cfe7
JP		 3993 hdev->discovery.scan_start = jiffies;
3994 hdev->discovery.scan_duration = timeout;
3995 }
3996
11e6e25d
MH		 3997 queue_delayed_work(hdev->workqueue,
3998 &hdev->le_scan_disable, timeout);
2d28cfe7 3999 }
ae55f598 4000
11e6e25d
MH		 4001unlock:
4002 hci_dev_unlock(hdev);
7c307720
AG		 4003}
4004
bdb6d971 4005static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 4006 void *data, u16 len)
14a53664 4007{
650f726d 4008 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 4009 struct mgmt_pending_cmd *cmd;
7c307720 4010 struct hci_request req;
8019044d 4011 u8 status;
14a53664
JH		 4012 int err;
4013
bdb6d971 4014 BT_DBG("%s", hdev->name);
14a53664 4015
09fd0de5 4016 hci_dev_lock(hdev);
14a53664 4017
4b34ee78 4018 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4019 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4020 MGMT_STATUS_NOT_POWERED,
4021 &cp->type, sizeof(cp->type));
bd2d1334
JH		 4022 goto failed;
4023 }
4024
f5a969f2 4025 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4026 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4027 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4028 MGMT_STATUS_BUSY, &cp->type,
4029 sizeof(cp->type));
642be6c7
AG		 4030 goto failed;
4031 }
4032
2922a94f 4033 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 4034 if (!cmd) {
4035 err = -ENOMEM;
4036 goto failed;
4037 }
4038
2922a94f
JH		 4039 cmd->cmd_complete = generic_cmd_complete;
4040
22078800
MH		 4041 /* Clear the discovery filter first to free any previously
4042 * allocated memory for the UUID list.
4043 */
4044 hci_discovery_filter_clear(hdev);
4045
4aab14e5 4046 hdev->discovery.type = cp->type;
da25cf6a 4047 hdev->discovery.report_invalid_rssi = false;
4aab14e5 4048
7c307720
AG		 4049 hci_req_init(&req, hdev);
4050
8019044d 4051 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4052 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4053 status, &cp->type, sizeof(cp->type));
04106755
JH		 4054 mgmt_pending_remove(cmd);
4055 goto failed;
f39799f5 4056 }
04106755 4057
7c307720 4058 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 4059 if (err < 0) {
14a53664 4060 mgmt_pending_remove(cmd);
f5a969f2
MH		 4061 goto failed;
4062 }
7c307720 4063
f5a969f2 4064 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 4065
14a53664 4066failed:
09fd0de5 4067 hci_dev_unlock(hdev);
14a53664
JH		 4068 return err;
4069}
f39799f5 4070
3b0602cd
JH		 4071static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4072 u8 status)
2922a94f 4073{
2a1afb5a
JH		 4074 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4075 cmd->param, 1);
2922a94f 4076}
04106755 4077
66ea9427
JP		 4078static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4079 void *data, u16 len)
4080{
4081 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 4082 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 4083 struct hci_request req;
4084 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4085 u16 uuid_count, expected_len;
4086 u8 status;
4087 int err;
04106755 4088
66ea9427 4089 BT_DBG("%s", hdev->name);
e8bb6b97 4090
66ea9427 4091 hci_dev_lock(hdev);
7c307720 4092
66ea9427 4093 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4094 err = mgmt_cmd_complete(sk, hdev->id,
4095 MGMT_OP_START_SERVICE_DISCOVERY,
4096 MGMT_STATUS_NOT_POWERED,
4097 &cp->type, sizeof(cp->type));
66ea9427
JP		 4098 goto failed;
4099 }
7c307720 4100
66ea9427 4101 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4102 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4103 err = mgmt_cmd_complete(sk, hdev->id,
4104 MGMT_OP_START_SERVICE_DISCOVERY,
4105 MGMT_STATUS_BUSY, &cp->type,
4106 sizeof(cp->type));
66ea9427
JP		 4107 goto failed;
4108 }
d9483943 4109
66ea9427
JP		 4110 uuid_count = __le16_to_cpu(cp->uuid_count);
4111 if (uuid_count > max_uuid_count) {
4112 BT_ERR("service_discovery: too big uuid_count value %u",
4113 uuid_count);
2a1afb5a
JH		 4114 err = mgmt_cmd_complete(sk, hdev->id,
4115 MGMT_OP_START_SERVICE_DISCOVERY,
4116 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4117 sizeof(cp->type));
66ea9427
JP		 4118 goto failed;
4119 }
4120
4121 expected_len = sizeof(*cp) + uuid_count * 16;
4122 if (expected_len != len) {
4123 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4124 expected_len, len);
2a1afb5a
JH		 4125 err = mgmt_cmd_complete(sk, hdev->id,
4126 MGMT_OP_START_SERVICE_DISCOVERY,
4127 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4128 sizeof(cp->type));
66ea9427
JP		 4129 goto failed;
4130 }
4131
4132 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4133 hdev, data, len);
66ea9427
JP		 4134 if (!cmd) {
4135 err = -ENOMEM;
4136 goto failed;
4137 }
4138
2922a94f
JH		 4139 cmd->cmd_complete = service_discovery_cmd_complete;
4140
22078800
MH		 4141 /* Clear the discovery filter first to free any previously
4142 * allocated memory for the UUID list.
4143 */
4144 hci_discovery_filter_clear(hdev);
4145
82f8b651 4146 hdev->discovery.result_filtering = true;
66ea9427
JP		 4147 hdev->discovery.type = cp->type;
4148 hdev->discovery.rssi = cp->rssi;
4149 hdev->discovery.uuid_count = uuid_count;
4150
4151 if (uuid_count > 0) {
4152 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4153 GFP_KERNEL);
4154 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4155 err = mgmt_cmd_complete(sk, hdev->id,
4156 MGMT_OP_START_SERVICE_DISCOVERY,
4157 MGMT_STATUS_FAILED,
4158 &cp->type, sizeof(cp->type));
d9483943
JH		 4159 mgmt_pending_remove(cmd);
4160 goto failed;
4161 }
66ea9427 4162 }
d9483943 4163
66ea9427 4164 hci_req_init(&req, hdev);
5e0452c0 4165
66ea9427 4166 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4167 err = mgmt_cmd_complete(sk, hdev->id,
4168 MGMT_OP_START_SERVICE_DISCOVERY,
4169 status, &cp->type, sizeof(cp->type));
04106755
JH		 4170 mgmt_pending_remove(cmd);
4171 goto failed;
f39799f5 4172 }
3fd24153 4173
7c307720 4174 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4175 if (err < 0) {
14a53664 4176 mgmt_pending_remove(cmd);
66ea9427
JP		 4177 goto failed;
4178 }
4179
4180 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4181
4182failed:
09fd0de5 4183 hci_dev_unlock(hdev);
14a53664
JH		 4184 return err;
4185}
4186
1904a853 4187static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1183fdca 4188{
3b0602cd 4189 struct mgmt_pending_cmd *cmd;
1183fdca 4190
0e05bba6
AG		 4191 BT_DBG("status %d", status);
4192
4193 hci_dev_lock(hdev);
4194
333ae95d 4195 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 4196 if (cmd) {
2922a94f 4197 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4198 mgmt_pending_remove(cmd);
0e05bba6
AG		 4199 }
4200
11e6e25d
MH		 4201 if (!status)
4202 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4203
0e05bba6
AG		 4204 hci_dev_unlock(hdev);
4205}
4206
bdb6d971 4207static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4208 u16 len)
14a53664 4209{
d930650b 4210 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4211 struct mgmt_pending_cmd *cmd;
0e05bba6 4212 struct hci_request req;
14a53664
JH		 4213 int err;
4214
bdb6d971 4215 BT_DBG("%s", hdev->name);
14a53664 4216
09fd0de5 4217 hci_dev_lock(hdev);
14a53664 4218
30dc78e1 4219 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4220 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4221 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4222 sizeof(mgmt_cp->type));
d930650b
JH		 4223 goto unlock;
4224 }
4225
4226 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4227 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4228 MGMT_STATUS_INVALID_PARAMS,
4229 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4230 goto unlock;
ff9ef578
JH		 4231 }
4232
2922a94f 4233 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4234 if (!cmd) {
4235 err = -ENOMEM;
30dc78e1
JH		 4236 goto unlock;
4237 }
4238
2922a94f
JH		 4239 cmd->cmd_complete = generic_cmd_complete;
4240
0e05bba6
AG		 4241 hci_req_init(&req, hdev);
4242
21a60d30 4243 hci_stop_discovery(&req);
e0d9727e 4244
21a60d30
JH		 4245 err = hci_req_run(&req, stop_discovery_complete);
4246 if (!err) {
4247 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4248 goto unlock;
14a53664
JH		 4249 }
4250
21a60d30
JH		 4251 mgmt_pending_remove(cmd);
4252
4253 /* If no HCI commands were sent we're done */
4254 if (err == -ENODATA) {
2a1afb5a
JH		 4255 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4256 &mgmt_cp->type, sizeof(mgmt_cp->type));
21a60d30
JH		 4257 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4258 }
14a53664 4259
30dc78e1 4260unlock:
09fd0de5 4261 hci_dev_unlock(hdev);
14a53664
JH		 4262 return err;
4263}
4264
bdb6d971 4265static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4266 u16 len)
561aafbc 4267{
650f726d 4268 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4269 struct inquiry_entry *e;
561aafbc
JH		 4270 int err;
4271
bdb6d971 4272 BT_DBG("%s", hdev->name);
561aafbc 4273
561aafbc
JH		 4274 hci_dev_lock(hdev);
4275
30dc78e1 4276 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4277 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4278 MGMT_STATUS_FAILED, &cp->addr,
4279 sizeof(cp->addr));
30dc78e1
JH		 4280 goto failed;
4281 }
4282
a198e7b1 4283 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4284 if (!e) {
2a1afb5a
JH		 4285 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4286 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4287 sizeof(cp->addr));
561aafbc
JH		 4288 goto failed;
4289 }
4290
4291 if (cp->name_known) {
4292 e->name_state = NAME_KNOWN;
4293 list_del(&e->list);
4294 } else {
4295 e->name_state = NAME_NEEDED;
a3d4e20a 4296 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4297 }
4298
2a1afb5a
JH		 4299 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4300 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4301
4302failed:
4303 hci_dev_unlock(hdev);
561aafbc
JH		 4304 return err;
4305}
4306
bdb6d971 4307static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4308 u16 len)
7fbec224 4309{
650f726d 4310 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4311 u8 status;
7fbec224
AJ		 4312 int err;
4313
bdb6d971 4314 BT_DBG("%s", hdev->name);
7fbec224 4315
4ee71b20 4316 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4317 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4318 MGMT_STATUS_INVALID_PARAMS,
4319 &cp->addr, sizeof(cp->addr));
4ee71b20 4320
09fd0de5 4321 hci_dev_lock(hdev);
5e762444 4322
dcc36c16
JH		 4323 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4324 cp->addr.type);
2a8357f2 4325 if (err < 0) {
f0eeea8b 4326 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4327 goto done;
4328 }
4329
4330 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4331 sk);
4332 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4333
2a8357f2 4334done:
2a1afb5a
JH		 4335 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4336 &cp->addr, sizeof(cp->addr));
5e762444 4337
09fd0de5 4338 hci_dev_unlock(hdev);
7fbec224
AJ		 4339
4340 return err;
4341}
4342
bdb6d971 4343static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4344 u16 len)
7fbec224 4345{
650f726d 4346 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4347 u8 status;
7fbec224
AJ		 4348 int err;
4349
bdb6d971 4350 BT_DBG("%s", hdev->name);
7fbec224 4351
4ee71b20 4352 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4353 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4354 MGMT_STATUS_INVALID_PARAMS,
4355 &cp->addr, sizeof(cp->addr));
4ee71b20 4356
09fd0de5 4357 hci_dev_lock(hdev);
5e762444 4358
dcc36c16
JH		 4359 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4360 cp->addr.type);
2a8357f2 4361 if (err < 0) {
f0eeea8b 4362 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4363 goto done;
4364 }
4365
4366 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4367 sk);
4368 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4369
2a8357f2 4370done:
2a1afb5a
JH		 4371 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4372 &cp->addr, sizeof(cp->addr));
5e762444 4373
09fd0de5 4374 hci_dev_unlock(hdev);
7fbec224
AJ		 4375
4376 return err;
4377}
4378
cdbaccca
MH		 4379static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4380 u16 len)
4381{
4382 struct mgmt_cp_set_device_id *cp = data;
890ea898 4383 struct hci_request req;
cdbaccca 4384 int err;
c72d4b8a 4385 __u16 source;
cdbaccca
MH		 4386
4387 BT_DBG("%s", hdev->name);
4388
c72d4b8a
SJ		 4389 source = __le16_to_cpu(cp->source);
4390
4391 if (source > 0x0002)
a69e8375
JH		 4392 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4393 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4394
cdbaccca
MH		 4395 hci_dev_lock(hdev);
4396
c72d4b8a 4397 hdev->devid_source = source;
cdbaccca
MH		 4398 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4399 hdev->devid_product = __le16_to_cpu(cp->product);
4400 hdev->devid_version = __le16_to_cpu(cp->version);
4401
2a1afb5a
JH		 4402 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4403 NULL, 0);
cdbaccca 4404
890ea898
JH		 4405 hci_req_init(&req, hdev);
4406 update_eir(&req);
4407 hci_req_run(&req, NULL);
cdbaccca
MH		 4408
4409 hci_dev_unlock(hdev);
4410
4411 return err;
4412}
4413
24b4f38f
AU		 4414static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4415 u16 opcode)
4416{
4417 BT_DBG("status %d", status);
4418}
4419
1904a853
MH		 4420static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4421 u16 opcode)
4375f103
JH		 4422{
4423 struct cmd_lookup match = { NULL, hdev };
24b4f38f 4424 struct hci_request req;
4375f103 4425
3ad67582
JK		 4426 hci_dev_lock(hdev);
4427
4375f103
JH		 4428 if (status) {
4429 u8 mgmt_err = mgmt_status(status);
4430
4431 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4432 cmd_status_rsp, &mgmt_err);
3ad67582 4433 goto unlock;
4375f103
JH		 4434 }
4435
d7a5a11d 4436 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 4437 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 4438 else
a358dc11 4439 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 4440
4375f103
JH		 4441 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4442 &match);
4443
4444 new_settings(hdev, match.sk);
4445
4446 if (match.sk)
4447 sock_put(match.sk);
3ad67582 4448
24b4f38f
AU		 4449 /* If "Set Advertising" was just disabled and instance advertising was
4450 * set up earlier, then enable the advertising instance.
4451 */
4452 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4453 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
4454 goto unlock;
4455
4456 hci_req_init(&req, hdev);
4457
4458 update_adv_data(&req);
4459 enable_advertising(&req);
4460
4461 if (hci_req_run(&req, enable_advertising_instance) < 0)
4462 BT_ERR("Failed to re-configure advertising");
4463
3ad67582
JK		 4464unlock:
4465 hci_dev_unlock(hdev);
4375f103
JH		 4466}
4467
21b5187f
MH		 4468static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4469 u16 len)
4375f103
JH		 4470{
4471 struct mgmt_mode *cp = data;
3b0602cd 4472 struct mgmt_pending_cmd *cmd;
4375f103 4473 struct hci_request req;
cc91cb04 4474 u8 val, status;
4375f103
JH		 4475 int err;
4476
4477 BT_DBG("request for %s", hdev->name);
4478
e6fe7986
JH		 4479 status = mgmt_le_support(hdev);
4480 if (status)
a69e8375
JH		 4481 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4482 status);
4375f103 4483
cc91cb04 4484 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4485 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4486 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4487
4488 hci_dev_lock(hdev);
4489
4490 val = !!cp->val;
4375f103 4491
f74ca9b8
JH		 4492 /* The following conditions are ones which mean that we should
4493 * not do any HCI communication but directly send a mgmt
4494 * response to user space (after toggling the flag if
4495 * necessary).
4496 */
cc91cb04 4497 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 4498 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4499 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 4500 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 4501 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 4502 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 4503 bool changed;
4375f103 4504
cc91cb04 4505 if (cp->val) {
238be788 4506 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 4507 if (cp->val == 0x02)
a1536da2 4508 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4509 else
a358dc11 4510 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4511 } else {
a69d8927 4512 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 4513 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 4514 }
4515
4516 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4517 if (err < 0)
4518 goto unlock;
4519
4520 if (changed)
4521 err = new_settings(hdev, sk);
4522
4523 goto unlock;
4524 }
4525
333ae95d
JH		 4526 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4527 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4528 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4529 MGMT_STATUS_BUSY);
4375f103
JH		 4530 goto unlock;
4531 }
4532
4533 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4534 if (!cmd) {
4535 err = -ENOMEM;
4536 goto unlock;
4537 }
4538
4539 hci_req_init(&req, hdev);
4540
cc91cb04 4541 if (cp->val == 0x02)
a1536da2 4542 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4543 else
a358dc11 4544 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4545
24b4f38f
AU		 4546 if (val) {
4547 /* Switch to instance "0" for the Set Advertising setting. */
4548 update_adv_data_for_instance(&req, 0);
bba3aa55 4549 enable_advertising(&req);
24b4f38f 4550 } else {
bba3aa55 4551 disable_advertising(&req);
24b4f38f 4552 }
4375f103
JH		 4553
4554 err = hci_req_run(&req, set_advertising_complete);
4555 if (err < 0)
4556 mgmt_pending_remove(cmd);
4557
4558unlock:
4559 hci_dev_unlock(hdev);
4560 return err;
4561}
4562
d13eafce
MH		 4563static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4564 void *data, u16 len)
4565{
4566 struct mgmt_cp_set_static_address *cp = data;
4567 int err;
4568
4569 BT_DBG("%s", hdev->name);
4570
62af4443 4571 if (!lmp_le_capable(hdev))
a69e8375
JH		 4572 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4573 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4574
4575 if (hdev_is_powered(hdev))
a69e8375
JH		 4576 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4577 MGMT_STATUS_REJECTED);
d13eafce
MH		 4578
4579 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4580 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4581 return mgmt_cmd_status(sk, hdev->id,
4582 MGMT_OP_SET_STATIC_ADDRESS,
4583 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4584
4585 /* Two most significant bits shall be set */
4586 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4587 return mgmt_cmd_status(sk, hdev->id,
4588 MGMT_OP_SET_STATIC_ADDRESS,
4589 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4590 }
4591
4592 hci_dev_lock(hdev);
4593
4594 bacpy(&hdev->static_addr, &cp->bdaddr);
4595
93690c22
MH		 4596 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4597 if (err < 0)
4598 goto unlock;
4599
4600 err = new_settings(hdev, sk);
d13eafce 4601
93690c22 4602unlock:
d13eafce 4603 hci_dev_unlock(hdev);
d13eafce
MH		 4604 return err;
4605}
4606
14b49b9a
MH		 4607static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4608 void *data, u16 len)
4609{
4610 struct mgmt_cp_set_scan_params *cp = data;
4611 __u16 interval, window;
4612 int err;
4613
4614 BT_DBG("%s", hdev->name);
4615
4616 if (!lmp_le_capable(hdev))
a69e8375
JH		 4617 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4618 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4619
4620 interval = __le16_to_cpu(cp->interval);
4621
4622 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4623 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4624 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4625
4626 window = __le16_to_cpu(cp->window);
4627
4628 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4629 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4630 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4631
899e1075 4632 if (window > interval)
a69e8375
JH		 4633 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4634 MGMT_STATUS_INVALID_PARAMS);
899e1075 4635
14b49b9a
MH		 4636 hci_dev_lock(hdev);
4637
4638 hdev->le_scan_interval = interval;
4639 hdev->le_scan_window = window;
4640
2a1afb5a
JH		 4641 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4642 NULL, 0);
14b49b9a 4643
dd2ef8e2
AG		 4644 /* If background scan is running, restart it so new parameters are
4645 * loaded.
4646 */
d7a5a11d 4647 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4648 hdev->discovery.state == DISCOVERY_STOPPED) {
4649 struct hci_request req;
4650
4651 hci_req_init(&req, hdev);
4652
4653 hci_req_add_le_scan_disable(&req);
4654 hci_req_add_le_passive_scan(&req);
4655
4656 hci_req_run(&req, NULL);
4657 }
4658
14b49b9a
MH		 4659 hci_dev_unlock(hdev);
4660
4661 return err;
4662}
4663
1904a853
MH		 4664static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4665 u16 opcode)
33e38b3e 4666{
3b0602cd 4667 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4668
4669 BT_DBG("status 0x%02x", status);
4670
4671 hci_dev_lock(hdev);
4672
333ae95d 4673 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
33e38b3e
JH		 4674 if (!cmd)
4675 goto unlock;
4676
4677 if (status) {
a69e8375
JH		 4678 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4679 mgmt_status(status));
33e38b3e 4680 } else {
1a4d3c4b
JH		 4681 struct mgmt_mode *cp = cmd->param;
4682
4683 if (cp->val)
a1536da2 4684 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4685 else
a358dc11 4686 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4687
33e38b3e
JH		 4688 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4689 new_settings(hdev, cmd->sk);
4690 }
4691
4692 mgmt_pending_remove(cmd);
4693
4694unlock:
4695 hci_dev_unlock(hdev);
4696}
4697
bdb6d971 4698static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4699 void *data, u16 len)
f6422ec6 4700{
650f726d 4701 struct mgmt_mode *cp = data;
3b0602cd 4702 struct mgmt_pending_cmd *cmd;
33e38b3e 4703 struct hci_request req;
f6422ec6
AJ		 4704 int err;
4705
bdb6d971 4706 BT_DBG("%s", hdev->name);
f6422ec6 4707
d7a5a11d 4708 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4709 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4710 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4711 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4712
a7e80f25 4713 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4714 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4715 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4716
f6422ec6
AJ		 4717 hci_dev_lock(hdev);
4718
333ae95d 4719 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4720 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4721 MGMT_STATUS_BUSY);
05cbf29f
JH		 4722 goto unlock;
4723 }
4724
d7a5a11d 4725 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4726 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4727 hdev);
4728 goto unlock;
4729 }
4730
406ef2a6 4731 if (!hdev_is_powered(hdev)) {
ce05d603 4732 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4733 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4734 hdev);
4735 new_settings(hdev, sk);
4736 goto unlock;
4737 }
4738
33e38b3e
JH		 4739 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4740 data, len);
4741 if (!cmd) {
4742 err = -ENOMEM;
4743 goto unlock;
f6422ec6
AJ		 4744 }
4745
33e38b3e
JH		 4746 hci_req_init(&req, hdev);
4747
406d7804 4748 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4749
4750 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4751 if (err < 0) {
a69e8375
JH		 4752 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4753 MGMT_STATUS_FAILED);
33e38b3e 4754 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4755 }
4756
33e38b3e 4757unlock:
f6422ec6 4758 hci_dev_unlock(hdev);
33e38b3e 4759
f6422ec6
AJ		 4760 return err;
4761}
4762
1904a853 4763static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4764{
3b0602cd 4765 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4766
4767 BT_DBG("status 0x%02x", status);
4768
4769 hci_dev_lock(hdev);
4770
333ae95d 4771 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
0663ca2a
JH		 4772 if (!cmd)
4773 goto unlock;
4774
4775 if (status) {
4776 u8 mgmt_err = mgmt_status(status);
4777
4778 /* We need to restore the flag if related HCI commands
4779 * failed.
4780 */
a358dc11 4781 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4782
a69e8375 4783 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4784 } else {
4785 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4786 new_settings(hdev, cmd->sk);
4787 }
4788
4789 mgmt_pending_remove(cmd);
4790
4791unlock:
4792 hci_dev_unlock(hdev);
4793}
4794
4795static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4796{
4797 struct mgmt_mode *cp = data;
3b0602cd 4798 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4799 struct hci_request req;
4800 int err;
4801
4802 BT_DBG("request for %s", hdev->name);
4803
4804 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4805 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4806 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4807
d7a5a11d 4808 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4809 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4810 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4811
4812 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4813 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4814 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4815
4816 hci_dev_lock(hdev);
4817
d7a5a11d 4818 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4819 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4820 goto unlock;
4821 }
4822
4823 if (!hdev_is_powered(hdev)) {
4824 if (!cp->val) {
a358dc11
MH		 4825 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4826 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4827 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4828 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4829 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4830 }
4831
ce05d603 4832 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4833
4834 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4835 if (err < 0)
4836 goto unlock;
4837
4838 err = new_settings(hdev, sk);
4839 goto unlock;
4840 }
4841
4842 /* Reject disabling when powered on */
4843 if (!cp->val) {
a69e8375
JH		 4844 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4845 MGMT_STATUS_REJECTED);
0663ca2a 4846 goto unlock;
111e4bcc
MH		 4847 } else {
4848 /* When configuring a dual-mode controller to operate
4849 * with LE only and using a static address, then switching
4850 * BR/EDR back on is not allowed.
4851 *
4852 * Dual-mode controllers shall operate with the public
4853 * address as its identity address for BR/EDR and LE. So
4854 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4855 *
4856 * The same restrictions applies when secure connections
4857 * has been enabled. For BR/EDR this is a controller feature
4858 * while for LE it is a host stack feature. This means that
4859 * switching BR/EDR back on when secure connections has been
4860 * enabled is not a supported transaction.
111e4bcc 4861 */
d7a5a11d 4862 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 4863 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 4864 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 4865 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4866 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4867 goto unlock;
4868 }
0663ca2a
JH		 4869 }
4870
333ae95d 4871 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4872 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4873 MGMT_STATUS_BUSY);
0663ca2a
JH		 4874 goto unlock;
4875 }
4876
4877 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4878 if (!cmd) {
4879 err = -ENOMEM;
4880 goto unlock;
4881 }
4882
5947f4bc 4883 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4884 * generates the correct flags.
4885 */
a1536da2 4886 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4887
4888 hci_req_init(&req, hdev);
aa8af46e 4889
432df05e 4890 write_fast_connectable(&req, false);
1d2dc5b7 4891 __hci_update_page_scan(&req);
aa8af46e 4892
f14d8f64
MH		 4893 /* Since only the advertising data flags will change, there
4894 * is no need to update the scan response data.
4895 */
5947f4bc 4896 update_adv_data(&req);
aa8af46e 4897
0663ca2a
JH		 4898 err = hci_req_run(&req, set_bredr_complete);
4899 if (err < 0)
4900 mgmt_pending_remove(cmd);
4901
4902unlock:
4903 hci_dev_unlock(hdev);
4904 return err;
4905}
4906
a1443f5a
JH		 4907static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4908{
3b0602cd 4909 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4910 struct mgmt_mode *cp;
4911
4912 BT_DBG("%s status %u", hdev->name, status);
4913
4914 hci_dev_lock(hdev);
4915
333ae95d 4916 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
a1443f5a
JH		 4917 if (!cmd)
4918 goto unlock;
4919
4920 if (status) {
a69e8375
JH		 4921 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4922 mgmt_status(status));
a1443f5a
JH		 4923 goto remove;
4924 }
4925
4926 cp = cmd->param;
4927
4928 switch (cp->val) {
4929 case 0x00:
a358dc11
MH		 4930 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4931 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4932 break;
4933 case 0x01:
a1536da2 4934 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 4935 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4936 break;
4937 case 0x02:
a1536da2
MH		 4938 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4939 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4940 break;
4941 }
4942
4943 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4944 new_settings(hdev, cmd->sk);
4945
4946remove:
4947 mgmt_pending_remove(cmd);
4948unlock:
4949 hci_dev_unlock(hdev);
4950}
4951
eac83dc6
MH		 4952static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4953 void *data, u16 len)
4954{
4955 struct mgmt_mode *cp = data;
3b0602cd 4956 struct mgmt_pending_cmd *cmd;
a1443f5a 4957 struct hci_request req;
a3209694 4958 u8 val;
eac83dc6
MH		 4959 int err;
4960
4961 BT_DBG("request for %s", hdev->name);
4962
05b3c3e7 4963 if (!lmp_sc_capable(hdev) &&
d7a5a11d 4964 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4965 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4966 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 4967
d7a5a11d 4968 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 4969 lmp_sc_capable(hdev) &&
d7a5a11d 4970 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 4971 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4972 MGMT_STATUS_REJECTED);
ed93ec69 4973
0ab04a9c 4974 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 4975 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 4976 MGMT_STATUS_INVALID_PARAMS);
4977
4978 hci_dev_lock(hdev);
4979
05b3c3e7 4980 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 4981 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 4982 bool changed;
4983
0ab04a9c 4984 if (cp->val) {
238be788
MH		 4985 changed = !hci_dev_test_and_set_flag(hdev,
4986 HCI_SC_ENABLED);
0ab04a9c 4987 if (cp->val == 0x02)
a1536da2 4988 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4989 else
a358dc11 4990 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4991 } else {
a69d8927
MH		 4992 changed = hci_dev_test_and_clear_flag(hdev,
4993 HCI_SC_ENABLED);
a358dc11 4994 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4995 }
eac83dc6
MH		 4996
4997 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4998 if (err < 0)
4999 goto failed;
5000
5001 if (changed)
5002 err = new_settings(hdev, sk);
5003
5004 goto failed;
5005 }
5006
333ae95d 5007 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 5008 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5009 MGMT_STATUS_BUSY);
eac83dc6
MH		 5010 goto failed;
5011 }
5012
0ab04a9c
MH		 5013 val = !!cp->val;
5014
d7a5a11d
MH		 5015 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5016 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 5017 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5018 goto failed;
5019 }
5020
5021 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5022 if (!cmd) {
5023 err = -ENOMEM;
5024 goto failed;
5025 }
5026
a1443f5a
JH		 5027 hci_req_init(&req, hdev);
5028 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5029 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 5030 if (err < 0) {
5031 mgmt_pending_remove(cmd);
5032 goto failed;
5033 }
5034
5035failed:
5036 hci_dev_unlock(hdev);
5037 return err;
5038}
5039
4e39ac81
MH		 5040static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5041 void *data, u16 len)
5042{
5043 struct mgmt_mode *cp = data;
b9710979 5044 bool changed, use_changed;
4e39ac81
MH		 5045 int err;
5046
5047 BT_DBG("request for %s", hdev->name);
5048
b9710979 5049 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 5050 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5051 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 5052
5053 hci_dev_lock(hdev);
5054
5055 if (cp->val)
238be788 5056 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 5057 else
a69d8927
MH		 5058 changed = hci_dev_test_and_clear_flag(hdev,
5059 HCI_KEEP_DEBUG_KEYS);
4e39ac81 5060
b9710979 5061 if (cp->val == 0x02)
238be788
MH		 5062 use_changed = !hci_dev_test_and_set_flag(hdev,
5063 HCI_USE_DEBUG_KEYS);
b9710979 5064 else
a69d8927
MH		 5065 use_changed = hci_dev_test_and_clear_flag(hdev,
5066 HCI_USE_DEBUG_KEYS);
b9710979
JH		 5067
5068 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 5069 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 5070 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5071 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5072 sizeof(mode), &mode);
5073 }
5074
4e39ac81
MH		 5075 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5076 if (err < 0)
5077 goto unlock;
5078
5079 if (changed)
5080 err = new_settings(hdev, sk);
5081
5082unlock:
5083 hci_dev_unlock(hdev);
5084 return err;
5085}
5086
62b04cd1
JH		 5087static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5088 u16 len)
5089{
5090 struct mgmt_cp_set_privacy *cp = cp_data;
5091 bool changed;
5092 int err;
5093
5094 BT_DBG("request for %s", hdev->name);
5095
5096 if (!lmp_le_capable(hdev))
a69e8375
JH		 5097 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5098 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 5099
5100 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 5101 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5102 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 5103
5104 if (hdev_is_powered(hdev))
a69e8375
JH		 5105 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5106 MGMT_STATUS_REJECTED);
62b04cd1
JH		 5107
5108 hci_dev_lock(hdev);
5109
c21c0ea0
JH		 5110 /* If user space supports this command it is also expected to
5111 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5112 */
a1536da2 5113 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 5114
62b04cd1 5115 if (cp->privacy) {
238be788 5116 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 5117 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 5118 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1 5119 } else {
a69d8927 5120 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 5121 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 5122 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 5123 }
5124
5125 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5126 if (err < 0)
5127 goto unlock;
5128
5129 if (changed)
5130 err = new_settings(hdev, sk);
5131
5132unlock:
5133 hci_dev_unlock(hdev);
5134 return err;
5135}
5136
41edf160
JH		 5137static bool irk_is_valid(struct mgmt_irk_info *irk)
5138{
5139 switch (irk->addr.type) {
5140 case BDADDR_LE_PUBLIC:
5141 return true;
5142
5143 case BDADDR_LE_RANDOM:
5144 /* Two most significant bits shall be set */
5145 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5146 return false;
5147 return true;
5148 }
5149
5150 return false;
5151}
5152
5153static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5154 u16 len)
5155{
5156 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5157 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5158 sizeof(struct mgmt_irk_info));
41edf160
JH		 5159 u16 irk_count, expected_len;
5160 int i, err;
5161
5162 BT_DBG("request for %s", hdev->name);
5163
5164 if (!lmp_le_capable(hdev))
a69e8375
JH		 5165 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5166 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5167
5168 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 5169 if (irk_count > max_irk_count) {
5170 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 5171 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5172 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5173 }
41edf160
JH		 5174
5175 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5176 if (expected_len != len) {
5177 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 5178 expected_len, len);
a69e8375
JH		 5179 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5180 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5181 }
5182
5183 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5184
5185 for (i = 0; i < irk_count; i++) {
5186 struct mgmt_irk_info *key = &cp->irks[i];
5187
5188 if (!irk_is_valid(key))
a69e8375
JH		 5189 return mgmt_cmd_status(sk, hdev->id,
5190 MGMT_OP_LOAD_IRKS,
5191 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5192 }
5193
5194 hci_dev_lock(hdev);
5195
5196 hci_smp_irks_clear(hdev);
5197
5198 for (i = 0; i < irk_count; i++) {
5199 struct mgmt_irk_info *irk = &cp->irks[i];
5200 u8 addr_type;
5201
5202 if (irk->addr.type == BDADDR_LE_PUBLIC)
5203 addr_type = ADDR_LE_DEV_PUBLIC;
5204 else
5205 addr_type = ADDR_LE_DEV_RANDOM;
5206
5207 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5208 BDADDR_ANY);
5209 }
5210
a1536da2 5211 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 5212
2a1afb5a 5213 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5214
5215 hci_dev_unlock(hdev);
5216
5217 return err;
5218}
5219
3f706b72
JH		 5220static bool ltk_is_valid(struct mgmt_ltk_info *key)
5221{
5222 if (key->master != 0x00 && key->master != 0x01)
5223 return false;
490cb0b3
MH		 5224
5225 switch (key->addr.type) {
5226 case BDADDR_LE_PUBLIC:
5227 return true;
5228
5229 case BDADDR_LE_RANDOM:
5230 /* Two most significant bits shall be set */
5231 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5232 return false;
5233 return true;
5234 }
5235
5236 return false;
3f706b72
JH		 5237}
5238
bdb6d971 5239static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5240 void *cp_data, u16 len)
346af67b 5241{
346af67b 5242 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5243 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5244 sizeof(struct mgmt_ltk_info));
346af67b 5245 u16 key_count, expected_len;
715a5bf2 5246 int i, err;
346af67b 5247
cf99ba13
MH		 5248 BT_DBG("request for %s", hdev->name);
5249
5250 if (!lmp_le_capable(hdev))
a69e8375
JH		 5251 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5252 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5253
1f350c87 5254 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5255 if (key_count > max_key_count) {
5256 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 5257 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5258 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5259 }
346af67b
VCG		 5260
5261 expected_len = sizeof(*cp) + key_count *
5262 sizeof(struct mgmt_ltk_info);
5263 if (expected_len != len) {
5264 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5265 expected_len, len);
a69e8375
JH		 5266 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5267 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5268 }
5269
bdb6d971 5270 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5271
54ad6d8a
JH		 5272 for (i = 0; i < key_count; i++) {
5273 struct mgmt_ltk_info *key = &cp->keys[i];
5274
3f706b72 5275 if (!ltk_is_valid(key))
a69e8375
JH		 5276 return mgmt_cmd_status(sk, hdev->id,
5277 MGMT_OP_LOAD_LONG_TERM_KEYS,
5278 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5279 }
5280
346af67b
VCG		 5281 hci_dev_lock(hdev);
5282
5283 hci_smp_ltks_clear(hdev);
5284
5285 for (i = 0; i < key_count; i++) {
5286 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5287 u8 type, addr_type, authenticated;
79d95a19
MH		 5288
5289 if (key->addr.type == BDADDR_LE_PUBLIC)
5290 addr_type = ADDR_LE_DEV_PUBLIC;
5291 else
5292 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5293
61b43357
JH		 5294 switch (key->type) {
5295 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5296 authenticated = 0x00;
23fb8de3 5297 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5298 break;
5299 case MGMT_LTK_AUTHENTICATED:
d7b25450 5300 authenticated = 0x01;
23fb8de3
JH		 5301 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5302 break;
5303 case MGMT_LTK_P256_UNAUTH:
5304 authenticated = 0x00;
5305 type = SMP_LTK_P256;
61b43357 5306 break;
23fb8de3
JH		 5307 case MGMT_LTK_P256_AUTH:
5308 authenticated = 0x01;
5309 type = SMP_LTK_P256;
61b43357 5310 break;
23fb8de3
JH		 5311 case MGMT_LTK_P256_DEBUG:
5312 authenticated = 0x00;
5313 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5314 default:
5315 continue;
5316 }
d7b25450 5317
35d70271 5318 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5319 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5320 key->rand);
346af67b
VCG		 5321 }
5322
2a1afb5a 5323 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5324 NULL, 0);
5325
346af67b 5326 hci_dev_unlock(hdev);
346af67b 5327
715a5bf2 5328 return err;
346af67b
VCG		 5329}
5330
3b0602cd 5331static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5332{
dd983808 5333 struct hci_conn *conn = cmd->user_data;
9981bdb0 5334 struct mgmt_rp_get_conn_info rp;
9df74653 5335 int err;
dd983808 5336
9981bdb0 5337 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5338
9981bdb0 5339 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5340 rp.rssi = conn->rssi;
9981bdb0
JH		 5341 rp.tx_power = conn->tx_power;
5342 rp.max_tx_power = conn->max_tx_power;
5343 } else {
5344 rp.rssi = HCI_RSSI_INVALID;
5345 rp.tx_power = HCI_TX_POWER_INVALID;
5346 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5347 }
5348
2a1afb5a
JH		 5349 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5350 status, &rp, sizeof(rp));
dd983808
AK		 5351
5352 hci_conn_drop(conn);
f8aaf9b6 5353 hci_conn_put(conn);
9df74653
JH		 5354
5355 return err;
dd983808
AK		 5356}
5357
1904a853
MH		 5358static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5359 u16 opcode)
dd983808
AK		 5360{
5361 struct hci_cp_read_rssi *cp;
3b0602cd 5362 struct mgmt_pending_cmd *cmd;
dd983808 5363 struct hci_conn *conn;
dd983808 5364 u16 handle;
9981bdb0 5365 u8 status;
dd983808 5366
9981bdb0 5367 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5368
5369 hci_dev_lock(hdev);
5370
dd983808
AK		 5371 /* Commands sent in request are either Read RSSI or Read Transmit Power
5372 * Level so we check which one was last sent to retrieve connection
5373 * handle. Both commands have handle as first parameter so it's safe to
5374 * cast data on the same command struct.
5375 *
5376 * First command sent is always Read RSSI and we fail only if it fails.
5377 * In other case we simply override error to indicate success as we
5378 * already remembered if TX power value is actually valid.
5379 */
5380 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5381 if (!cp) {
5382 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5383 status = MGMT_STATUS_SUCCESS;
5384 } else {
5385 status = mgmt_status(hci_status);
dd983808
AK		 5386 }
5387
5388 if (!cp) {
9981bdb0 5389 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5390 goto unlock;
5391 }
5392
5393 handle = __le16_to_cpu(cp->handle);
5394 conn = hci_conn_hash_lookup_handle(hdev, handle);
5395 if (!conn) {
9981bdb0 5396 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5397 goto unlock;
5398 }
5399
333ae95d 5400 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
9981bdb0
JH		 5401 if (!cmd)
5402 goto unlock;
dd983808 5403
9981bdb0
JH		 5404 cmd->cmd_complete(cmd, status);
5405 mgmt_pending_remove(cmd);
dd983808
AK		 5406
5407unlock:
5408 hci_dev_unlock(hdev);
5409}
5410
5411static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5412 u16 len)
5413{
5414 struct mgmt_cp_get_conn_info *cp = data;
5415 struct mgmt_rp_get_conn_info rp;
5416 struct hci_conn *conn;
5417 unsigned long conn_info_age;
5418 int err = 0;
5419
5420 BT_DBG("%s", hdev->name);
5421
5422 memset(&rp, 0, sizeof(rp));
5423 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5424 rp.addr.type = cp->addr.type;
5425
5426 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5427 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5428 MGMT_STATUS_INVALID_PARAMS,
5429 &rp, sizeof(rp));
dd983808
AK		 5430
5431 hci_dev_lock(hdev);
5432
5433 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5434 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5435 MGMT_STATUS_NOT_POWERED, &rp,
5436 sizeof(rp));
dd983808
AK		 5437 goto unlock;
5438 }
5439
5440 if (cp->addr.type == BDADDR_BREDR)
5441 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5442 &cp->addr.bdaddr);
5443 else
5444 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5445
5446 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5447 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5448 MGMT_STATUS_NOT_CONNECTED, &rp,
5449 sizeof(rp));
dd983808
AK		 5450 goto unlock;
5451 }
5452
333ae95d 5453 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5454 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5455 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5456 goto unlock;
5457 }
5458
dd983808
AK		 5459 /* To avoid client trying to guess when to poll again for information we
5460 * calculate conn info age as random value between min/max set in hdev.
5461 */
5462 conn_info_age = hdev->conn_info_min_age +
5463 prandom_u32_max(hdev->conn_info_max_age -
5464 hdev->conn_info_min_age);
5465
5466 /* Query controller to refresh cached values if they are too old or were
5467 * never read.
5468 */
f4e2dd53
AK		 5469 if (time_after(jiffies, conn->conn_info_timestamp +
5470 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5471 !conn->conn_info_timestamp) {
5472 struct hci_request req;
5473 struct hci_cp_read_tx_power req_txp_cp;
5474 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5475 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5476
5477 hci_req_init(&req, hdev);
5478 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5479 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5480 &req_rssi_cp);
5481
f7faab0c
AK		 5482 /* For LE links TX power does not change thus we don't need to
5483 * query for it once value is known.
5484 */
5485 if (!bdaddr_type_is_le(cp->addr.type) ||
5486 conn->tx_power == HCI_TX_POWER_INVALID) {
5487 req_txp_cp.handle = cpu_to_le16(conn->handle);
5488 req_txp_cp.type = 0x00;
5489 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5490 sizeof(req_txp_cp), &req_txp_cp);
5491 }
dd983808 5492
eed5daf3
AK		 5493 /* Max TX power needs to be read only once per connection */
5494 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5495 req_txp_cp.handle = cpu_to_le16(conn->handle);
5496 req_txp_cp.type = 0x01;
5497 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5498 sizeof(req_txp_cp), &req_txp_cp);
5499 }
5500
dd983808
AK		 5501 err = hci_req_run(&req, conn_info_refresh_complete);
5502 if (err < 0)
5503 goto unlock;
5504
5505 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5506 data, len);
5507 if (!cmd) {
5508 err = -ENOMEM;
5509 goto unlock;
5510 }
5511
5512 hci_conn_hold(conn);
f8aaf9b6 5513 cmd->user_data = hci_conn_get(conn);
9981bdb0 5514 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5515
5516 conn->conn_info_timestamp = jiffies;
5517 } else {
5518 /* Cache is valid, just reply with values cached in hci_conn */
5519 rp.rssi = conn->rssi;
5520 rp.tx_power = conn->tx_power;
eed5daf3 5521 rp.max_tx_power = conn->max_tx_power;
dd983808 5522
2a1afb5a
JH		 5523 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5524 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5525 }
5526
5527unlock:
5528 hci_dev_unlock(hdev);
5529 return err;
5530}
5531
3b0602cd 5532static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5533{
69487371 5534 struct hci_conn *conn = cmd->user_data;
95868426 5535 struct mgmt_rp_get_clock_info rp;
69487371 5536 struct hci_dev *hdev;
9df74653 5537 int err;
69487371
JH		 5538
5539 memset(&rp, 0, sizeof(rp));
5540 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5541
5542 if (status)
5543 goto complete;
5544
5545 hdev = hci_dev_get(cmd->index);
5546 if (hdev) {
5547 rp.local_clock = cpu_to_le32(hdev->clock);
5548 hci_dev_put(hdev);
5549 }
5550
5551 if (conn) {
5552 rp.piconet_clock = cpu_to_le32(conn->clock);
5553 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5554 }
5555
5556complete:
2a1afb5a
JH		 5557 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5558 sizeof(rp));
69487371
JH		 5559
5560 if (conn) {
5561 hci_conn_drop(conn);
5562 hci_conn_put(conn);
5563 }
9df74653
JH		 5564
5565 return err;
69487371
JH		 5566}
5567
1904a853 5568static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5569{
95868426 5570 struct hci_cp_read_clock *hci_cp;
3b0602cd 5571 struct mgmt_pending_cmd *cmd;
95868426
JH		 5572 struct hci_conn *conn;
5573
5574 BT_DBG("%s status %u", hdev->name, status);
5575
5576 hci_dev_lock(hdev);
5577
5578 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5579 if (!hci_cp)
5580 goto unlock;
5581
5582 if (hci_cp->which) {
5583 u16 handle = __le16_to_cpu(hci_cp->handle);
5584 conn = hci_conn_hash_lookup_handle(hdev, handle);
5585 } else {
5586 conn = NULL;
5587 }
5588
333ae95d 5589 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
95868426
JH		 5590 if (!cmd)
5591 goto unlock;
5592
69487371 5593 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5594 mgmt_pending_remove(cmd);
95868426
JH		 5595
5596unlock:
5597 hci_dev_unlock(hdev);
5598}
5599
5600static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5601 u16 len)
5602{
5603 struct mgmt_cp_get_clock_info *cp = data;
5604 struct mgmt_rp_get_clock_info rp;
5605 struct hci_cp_read_clock hci_cp;
3b0602cd 5606 struct mgmt_pending_cmd *cmd;
95868426
JH		 5607 struct hci_request req;
5608 struct hci_conn *conn;
5609 int err;
5610
5611 BT_DBG("%s", hdev->name);
5612
5613 memset(&rp, 0, sizeof(rp));
5614 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5615 rp.addr.type = cp->addr.type;
5616
5617 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5618 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5619 MGMT_STATUS_INVALID_PARAMS,
5620 &rp, sizeof(rp));
95868426
JH		 5621
5622 hci_dev_lock(hdev);
5623
5624 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5625 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5626 MGMT_STATUS_NOT_POWERED, &rp,
5627 sizeof(rp));
95868426
JH		 5628 goto unlock;
5629 }
5630
5631 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5632 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5633 &cp->addr.bdaddr);
5634 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5635 err = mgmt_cmd_complete(sk, hdev->id,
5636 MGMT_OP_GET_CLOCK_INFO,
5637 MGMT_STATUS_NOT_CONNECTED,
5638 &rp, sizeof(rp));
95868426
JH		 5639 goto unlock;
5640 }
5641 } else {
5642 conn = NULL;
5643 }
5644
5645 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5646 if (!cmd) {
5647 err = -ENOMEM;
5648 goto unlock;
5649 }
5650
69487371
JH		 5651 cmd->cmd_complete = clock_info_cmd_complete;
5652
95868426
JH		 5653 hci_req_init(&req, hdev);
5654
5655 memset(&hci_cp, 0, sizeof(hci_cp));
5656 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5657
5658 if (conn) {
5659 hci_conn_hold(conn);
f8aaf9b6 5660 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5661
5662 hci_cp.handle = cpu_to_le16(conn->handle);
5663 hci_cp.which = 0x01; /* Piconet clock */
5664 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5665 }
5666
5667 err = hci_req_run(&req, get_clock_info_complete);
5668 if (err < 0)
5669 mgmt_pending_remove(cmd);
5670
5671unlock:
5672 hci_dev_unlock(hdev);
5673 return err;
5674}
5675
5a154e6f
JH		 5676static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5677{
5678 struct hci_conn *conn;
5679
5680 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5681 if (!conn)
5682 return false;
5683
5684 if (conn->dst_type != type)
5685 return false;
5686
5687 if (conn->state != BT_CONNECTED)
5688 return false;
5689
5690 return true;
5691}
5692
5693/* This function requires the caller holds hdev->lock */
5694static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5695 u8 addr_type, u8 auto_connect)
5696{
5697 struct hci_dev *hdev = req->hdev;
5698 struct hci_conn_params *params;
5699
5700 params = hci_conn_params_add(hdev, addr, addr_type);
5701 if (!params)
5702 return -EIO;
5703
5704 if (params->auto_connect == auto_connect)
5705 return 0;
5706
5707 list_del_init(&params->action);
5708
5709 switch (auto_connect) {
5710 case HCI_AUTO_CONN_DISABLED:
5711 case HCI_AUTO_CONN_LINK_LOSS:
5712 __hci_update_background_scan(req);
5713 break;
5714 case HCI_AUTO_CONN_REPORT:
5715 list_add(&params->action, &hdev->pend_le_reports);
5716 __hci_update_background_scan(req);
5717 break;
5718 case HCI_AUTO_CONN_DIRECT:
5719 case HCI_AUTO_CONN_ALWAYS:
5720 if (!is_connected(hdev, addr, addr_type)) {
5721 list_add(&params->action, &hdev->pend_le_conns);
5722 __hci_update_background_scan(req);
5723 }
5724 break;
5725 }
5726
5727 params->auto_connect = auto_connect;
5728
5729 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5730 auto_connect);
5731
5732 return 0;
5733}
5734
8afef092
MH		 5735static void device_added(struct sock *sk, struct hci_dev *hdev,
5736 bdaddr_t *bdaddr, u8 type, u8 action)
5737{
5738 struct mgmt_ev_device_added ev;
5739
5740 bacpy(&ev.addr.bdaddr, bdaddr);
5741 ev.addr.type = type;
5742 ev.action = action;
5743
5744 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5745}
5746
1904a853 5747static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5a154e6f 5748{
3b0602cd 5749 struct mgmt_pending_cmd *cmd;
5a154e6f
JH		 5750
5751 BT_DBG("status 0x%02x", status);
5752
5753 hci_dev_lock(hdev);
5754
333ae95d 5755 cmd = pending_find(MGMT_OP_ADD_DEVICE, hdev);
5a154e6f
JH		 5756 if (!cmd)
5757 goto unlock;
5758
5759 cmd->cmd_complete(cmd, mgmt_status(status));
5760 mgmt_pending_remove(cmd);
5761
5762unlock:
5763 hci_dev_unlock(hdev);
5764}
5765
2faade53
MH		 5766static int add_device(struct sock *sk, struct hci_dev *hdev,
5767 void *data, u16 len)
5768{
5769 struct mgmt_cp_add_device *cp = data;
3b0602cd 5770 struct mgmt_pending_cmd *cmd;
5a154e6f 5771 struct hci_request req;
2faade53
MH		 5772 u8 auto_conn, addr_type;
5773 int err;
5774
5775 BT_DBG("%s", hdev->name);
5776
6659358e 5777 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5778 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5779 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5780 MGMT_STATUS_INVALID_PARAMS,
5781 &cp->addr, sizeof(cp->addr));
2faade53 5782
4b9e7e75 5783 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5784 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5785 MGMT_STATUS_INVALID_PARAMS,
5786 &cp->addr, sizeof(cp->addr));
2faade53 5787
5a154e6f
JH		 5788 hci_req_init(&req, hdev);
5789
2faade53
MH		 5790 hci_dev_lock(hdev);
5791
5a154e6f
JH		 5792 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5793 if (!cmd) {
5794 err = -ENOMEM;
5795 goto unlock;
5796 }
5797
5798 cmd->cmd_complete = addr_cmd_complete;
5799
6659358e 5800 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5801 /* Only incoming connections action is supported for now */
6659358e 5802 if (cp->action != 0x01) {
9df74653
JH		 5803 err = cmd->cmd_complete(cmd,
5804 MGMT_STATUS_INVALID_PARAMS);
5a154e6f 5805 mgmt_pending_remove(cmd);
6659358e
JH		 5806 goto unlock;
5807 }
5808
5809 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5810 cp->addr.type);
5811 if (err)
5812 goto unlock;
a397407f 5813
5a154e6f 5814 __hci_update_page_scan(&req);
a397407f 5815
6659358e
JH		 5816 goto added;
5817 }
5818
2faade53
MH		 5819 if (cp->addr.type == BDADDR_LE_PUBLIC)
5820 addr_type = ADDR_LE_DEV_PUBLIC;
5821 else
5822 addr_type = ADDR_LE_DEV_RANDOM;
5823
4b9e7e75 5824 if (cp->action == 0x02)
2faade53 5825 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5826 else if (cp->action == 0x01)
5827 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5828 else
a3451d27 5829 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5830
bf5b3c8b
MH		 5831 /* If the connection parameters don't exist for this device,
5832 * they will be created and configured with defaults.
5833 */
5a154e6f 5834 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
d06b50ce 5835 auto_conn) < 0) {
9df74653 5836 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5a154e6f 5837 mgmt_pending_remove(cmd);
2faade53
MH		 5838 goto unlock;
5839 }
5840
6659358e 5841added:
8afef092
MH		 5842 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5843
5a154e6f
JH		 5844 err = hci_req_run(&req, add_device_complete);
5845 if (err < 0) {
5846 /* ENODATA means no HCI commands were needed (e.g. if
5847 * the adapter is powered off).
5848 */
9df74653
JH		 5849 if (err == -ENODATA)
5850 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5a154e6f
JH		 5851 mgmt_pending_remove(cmd);
5852 }
2faade53
MH		 5853
5854unlock:
5855 hci_dev_unlock(hdev);
5856 return err;
5857}
5858
8afef092
MH		 5859static void device_removed(struct sock *sk, struct hci_dev *hdev,
5860 bdaddr_t *bdaddr, u8 type)
5861{
5862 struct mgmt_ev_device_removed ev;
5863
5864 bacpy(&ev.addr.bdaddr, bdaddr);
5865 ev.addr.type = type;
5866
5867 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5868}
5869
1904a853 5870static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
51ef3ebe 5871{
3b0602cd 5872 struct mgmt_pending_cmd *cmd;
51ef3ebe
JH		 5873
5874 BT_DBG("status 0x%02x", status);
5875
5876 hci_dev_lock(hdev);
5877
333ae95d 5878 cmd = pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
51ef3ebe
JH		 5879 if (!cmd)
5880 goto unlock;
5881
5882 cmd->cmd_complete(cmd, mgmt_status(status));
5883 mgmt_pending_remove(cmd);
5884
5885unlock:
5886 hci_dev_unlock(hdev);
5887}
5888
2faade53
MH		 5889static int remove_device(struct sock *sk, struct hci_dev *hdev,
5890 void *data, u16 len)
5891{
5892 struct mgmt_cp_remove_device *cp = data;
3b0602cd 5893 struct mgmt_pending_cmd *cmd;
51ef3ebe 5894 struct hci_request req;
2faade53
MH		 5895 int err;
5896
5897 BT_DBG("%s", hdev->name);
5898
51ef3ebe
JH		 5899 hci_req_init(&req, hdev);
5900
2faade53
MH		 5901 hci_dev_lock(hdev);
5902
51ef3ebe
JH		 5903 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5904 if (!cmd) {
5905 err = -ENOMEM;
5906 goto unlock;
5907 }
5908
5909 cmd->cmd_complete = addr_cmd_complete;
5910
2faade53 5911 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5912 struct hci_conn_params *params;
2faade53
MH		 5913 u8 addr_type;
5914
6659358e 5915 if (!bdaddr_type_is_valid(cp->addr.type)) {
9df74653
JH		 5916 err = cmd->cmd_complete(cmd,
5917 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5918 mgmt_pending_remove(cmd);
2faade53
MH		 5919 goto unlock;
5920 }
5921
6659358e
JH		 5922 if (cp->addr.type == BDADDR_BREDR) {
5923 err = hci_bdaddr_list_del(&hdev->whitelist,
5924 &cp->addr.bdaddr,
5925 cp->addr.type);
5926 if (err) {
9df74653
JH		 5927 err = cmd->cmd_complete(cmd,
5928 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5929 mgmt_pending_remove(cmd);
6659358e
JH		 5930 goto unlock;
5931 }
5932
51ef3ebe 5933 __hci_update_page_scan(&req);
a397407f 5934
6659358e
JH		 5935 device_removed(sk, hdev, &cp->addr.bdaddr,
5936 cp->addr.type);
5937 goto complete;
5938 }
5939
2faade53
MH		 5940 if (cp->addr.type == BDADDR_LE_PUBLIC)
5941 addr_type = ADDR_LE_DEV_PUBLIC;
5942 else
5943 addr_type = ADDR_LE_DEV_RANDOM;
5944
c71593dd
JH		 5945 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5946 addr_type);
5947 if (!params) {
9df74653
JH		 5948 err = cmd->cmd_complete(cmd,
5949 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5950 mgmt_pending_remove(cmd);
c71593dd
JH		 5951 goto unlock;
5952 }
5953
5954 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
9df74653
JH		 5955 err = cmd->cmd_complete(cmd,
5956 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5957 mgmt_pending_remove(cmd);
c71593dd
JH		 5958 goto unlock;
5959 }
5960
d1dbf12e 5961 list_del(&params->action);
c71593dd
JH		 5962 list_del(&params->list);
5963 kfree(params);
51ef3ebe 5964 __hci_update_background_scan(&req);
8afef092
MH		 5965
5966 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5967 } else {
19de0825 5968 struct hci_conn_params *p, *tmp;
6659358e 5969 struct bdaddr_list *b, *btmp;
19de0825 5970
2faade53 5971 if (cp->addr.type) {
9df74653
JH		 5972 err = cmd->cmd_complete(cmd,
5973 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5974 mgmt_pending_remove(cmd);
2faade53
MH		 5975 goto unlock;
5976 }
5977
6659358e
JH		 5978 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5979 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5980 list_del(&b->list);
5981 kfree(b);
5982 }
5983
51ef3ebe 5984 __hci_update_page_scan(&req);
a397407f 5985
19de0825
JH		 5986 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5987 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5988 continue;
5989 device_removed(sk, hdev, &p->addr, p->addr_type);
5990 list_del(&p->action);
5991 list_del(&p->list);
5992 kfree(p);
5993 }
5994
5995 BT_DBG("All LE connection parameters were removed");
5996
51ef3ebe 5997 __hci_update_background_scan(&req);
2faade53
MH		 5998 }
5999
6659358e 6000complete:
51ef3ebe
JH		 6001 err = hci_req_run(&req, remove_device_complete);
6002 if (err < 0) {
6003 /* ENODATA means no HCI commands were needed (e.g. if
6004 * the adapter is powered off).
6005 */
9df74653
JH		 6006 if (err == -ENODATA)
6007 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
51ef3ebe
JH		 6008 mgmt_pending_remove(cmd);
6009 }
2faade53
MH		 6010
6011unlock:
6012 hci_dev_unlock(hdev);
6013 return err;
6014}
6015
a26f3dcf
JH		 6016static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6017 u16 len)
6018{
6019 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 6020 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6021 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 6022 u16 param_count, expected_len;
6023 int i;
6024
6025 if (!lmp_le_capable(hdev))
a69e8375
JH		 6026 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6027 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 6028
6029 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 6030 if (param_count > max_param_count) {
6031 BT_ERR("load_conn_param: too big param_count value %u",
6032 param_count);
a69e8375
JH		 6033 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6034 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 6035 }
a26f3dcf
JH		 6036
6037 expected_len = sizeof(*cp) + param_count *
6038 sizeof(struct mgmt_conn_param);
6039 if (expected_len != len) {
6040 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6041 expected_len, len);
a69e8375
JH		 6042 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6043 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 6044 }
6045
6046 BT_DBG("%s param_count %u", hdev->name, param_count);
6047
6048 hci_dev_lock(hdev);
6049
6050 hci_conn_params_clear_disabled(hdev);
6051
6052 for (i = 0; i < param_count; i++) {
6053 struct mgmt_conn_param *param = &cp->params[i];
6054 struct hci_conn_params *hci_param;
6055 u16 min, max, latency, timeout;
6056 u8 addr_type;
6057
6058 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
6059 param->addr.type);
6060
6061 if (param->addr.type == BDADDR_LE_PUBLIC) {
6062 addr_type = ADDR_LE_DEV_PUBLIC;
6063 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6064 addr_type = ADDR_LE_DEV_RANDOM;
6065 } else {
6066 BT_ERR("Ignoring invalid connection parameters");
6067 continue;
6068 }
6069
6070 min = le16_to_cpu(param->min_interval);
6071 max = le16_to_cpu(param->max_interval);
6072 latency = le16_to_cpu(param->latency);
6073 timeout = le16_to_cpu(param->timeout);
6074
6075 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6076 min, max, latency, timeout);
6077
6078 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6079 BT_ERR("Ignoring invalid connection parameters");
6080 continue;
6081 }
6082
6083 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
6084 addr_type);
6085 if (!hci_param) {
6086 BT_ERR("Failed to add connection parameters");
6087 continue;
6088 }
6089
6090 hci_param->conn_min_interval = min;
6091 hci_param->conn_max_interval = max;
6092 hci_param->conn_latency = latency;
6093 hci_param->supervision_timeout = timeout;
6094 }
6095
6096 hci_dev_unlock(hdev);
6097
2a1afb5a
JH		 6098 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6099 NULL, 0);
a26f3dcf
JH		 6100}
6101
dbece37a
MH		 6102static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6103 void *data, u16 len)
6104{
6105 struct mgmt_cp_set_external_config *cp = data;
6106 bool changed;
6107 int err;
6108
6109 BT_DBG("%s", hdev->name);
6110
6111 if (hdev_is_powered(hdev))
a69e8375
JH		 6112 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6113 MGMT_STATUS_REJECTED);
dbece37a
MH		 6114
6115 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 6116 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6117 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 6118
6119 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 6120 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6121 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 6122
6123 hci_dev_lock(hdev);
6124
6125 if (cp->config)
238be788 6126 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 6127 else
a69d8927 6128 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 6129
6130 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6131 if (err < 0)
6132 goto unlock;
6133
6134 if (!changed)
6135 goto unlock;
6136
f4537c04
MH		 6137 err = new_options(hdev, sk);
6138
d7a5a11d 6139 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 6140 mgmt_index_removed(hdev);
d603b76b 6141
516018a9 6142 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 6143 hci_dev_set_flag(hdev, HCI_CONFIG);
6144 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 6145
6146 queue_work(hdev->req_workqueue, &hdev->power_on);
6147 } else {
5ea234d3 6148 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6149 mgmt_index_added(hdev);
6150 }
dbece37a
MH		 6151 }
6152
6153unlock:
6154 hci_dev_unlock(hdev);
6155 return err;
6156}
6157
9713c17b
MH		 6158static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6159 void *data, u16 len)
6160{
6161 struct mgmt_cp_set_public_address *cp = data;
6162 bool changed;
6163 int err;
6164
6165 BT_DBG("%s", hdev->name);
6166
6167 if (hdev_is_powered(hdev))
a69e8375
JH		 6168 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6169 MGMT_STATUS_REJECTED);
9713c17b
MH		 6170
6171 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 6172 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6173 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 6174
6175 if (!hdev->set_bdaddr)
a69e8375
JH		 6176 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6177 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 6178
6179 hci_dev_lock(hdev);
6180
6181 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6182 bacpy(&hdev->public_addr, &cp->bdaddr);
6183
6184 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6185 if (err < 0)
6186 goto unlock;
6187
6188 if (!changed)
6189 goto unlock;
6190
d7a5a11d 6191 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 6192 err = new_options(hdev, sk);
6193
6194 if (is_configured(hdev)) {
6195 mgmt_index_removed(hdev);
6196
a358dc11 6197 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 6198
a1536da2
MH		 6199 hci_dev_set_flag(hdev, HCI_CONFIG);
6200 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 6201
6202 queue_work(hdev->req_workqueue, &hdev->power_on);
6203 }
6204
6205unlock:
6206 hci_dev_unlock(hdev);
6207 return err;
6208}
6209
bea41609
MH		 6210static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6211 u8 data_len)
6212{
6213 eir[eir_len++] = sizeof(type) + data_len;
6214 eir[eir_len++] = type;
6215 memcpy(&eir[eir_len], data, data_len);
6216 eir_len += data_len;
6217
6218 return eir_len;
6219}
6220
4f0f155c
MH		 6221static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6222 void *data, u16 data_len)
6223{
6224 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6225 struct mgmt_rp_read_local_oob_ext_data *rp;
6226 size_t rp_len;
6227 u16 eir_len;
0821a2c5 6228 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 6229 int err;
6230
6231 BT_DBG("%s", hdev->name);
6232
6233 if (!hdev_is_powered(hdev))
6234 return mgmt_cmd_complete(sk, hdev->id,
6235 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6236 MGMT_STATUS_NOT_POWERED,
6237 &cp->type, sizeof(cp->type));
6238
6239 switch (cp->type) {
6240 case BIT(BDADDR_BREDR):
6241 status = mgmt_bredr_support(hdev);
6242 if (status)
6243 return mgmt_cmd_complete(sk, hdev->id,
6244 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6245 status, &cp->type,
6246 sizeof(cp->type));
6247 eir_len = 5;
6248 break;
6249 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6250 status = mgmt_le_support(hdev);
6251 if (status)
6252 return mgmt_cmd_complete(sk, hdev->id,
6253 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6254 status, &cp->type,
6255 sizeof(cp->type));
0821a2c5 6256 eir_len = 9 + 3 + 18 + 18 + 3;
4f0f155c
MH		 6257 break;
6258 default:
6259 return mgmt_cmd_complete(sk, hdev->id,
6260 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6261 MGMT_STATUS_INVALID_PARAMS,
6262 &cp->type, sizeof(cp->type));
6263 }
6264
6265 hci_dev_lock(hdev);
6266
6267 rp_len = sizeof(*rp) + eir_len;
6268 rp = kmalloc(rp_len, GFP_ATOMIC);
6269 if (!rp) {
6270 hci_dev_unlock(hdev);
6271 return -ENOMEM;
6272 }
6273
6274 eir_len = 0;
6275 switch (cp->type) {
6276 case BIT(BDADDR_BREDR):
6277 eir_len = eir_append_data(rp->eir, eir_len, EIR_CLASS_OF_DEV,
6278 hdev->dev_class, 3);
6279 break;
6280 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 6281 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6282 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5
MH		 6283 hci_dev_unlock(hdev);
6284 err = mgmt_cmd_complete(sk, hdev->id,
5082a599
MH		 6285 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6286 MGMT_STATUS_FAILED,
6287 &cp->type, sizeof(cp->type));
0821a2c5
MH		 6288 goto done;
6289 }
6290
4f0f155c
MH		 6291 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6292 memcpy(addr, &hdev->rpa, 6);
6293 addr[6] = 0x01;
6294 } else if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6295 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6296 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6297 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6298 memcpy(addr, &hdev->static_addr, 6);
6299 addr[6] = 0x01;
6300 } else {
6301 memcpy(addr, &hdev->bdaddr, 6);
6302 addr[6] = 0x00;
6303 }
6304
6305 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6306 addr, sizeof(addr));
6307
6308 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6309 role = 0x02;
6310 else
6311 role = 0x01;
6312
6313 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6314 &role, sizeof(role));
6315
5082a599
MH		 6316 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6317 eir_len = eir_append_data(rp->eir, eir_len,
6318 EIR_LE_SC_CONFIRM,
6319 hash, sizeof(hash));
0821a2c5 6320
5082a599
MH		 6321 eir_len = eir_append_data(rp->eir, eir_len,
6322 EIR_LE_SC_RANDOM,
6323 rand, sizeof(rand));
6324 }
0821a2c5 6325
4f0f155c
MH		 6326 flags = get_adv_discov_flags(hdev);
6327
6328 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6329 flags |= LE_AD_NO_BREDR;
6330
6331 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6332 &flags, sizeof(flags));
6333 break;
6334 }
6335
6336 rp->type = cp->type;
6337 rp->eir_len = cpu_to_le16(eir_len);
6338
6339 hci_dev_unlock(hdev);
6340
72000df2
MH		 6341 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6342
4f0f155c 6343 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
5425f98e 6344 MGMT_STATUS_SUCCESS, rp, sizeof(*rp) + eir_len);
72000df2
MH		 6345 if (err < 0)
6346 goto done;
6347
6348 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6349 rp, sizeof(*rp) + eir_len,
6350 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 6351
0821a2c5 6352done:
4f0f155c
MH		 6353 kfree(rp);
6354
6355 return err;
6356}
6357
d3d5305b
MH		 6358static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6359 void *data, u16 data_len)
6360{
6361 struct mgmt_rp_read_adv_features *rp;
6362 size_t rp_len;
6363 int err;
24b4f38f 6364 bool instance;
d3d5305b
MH		 6365
6366 BT_DBG("%s", hdev->name);
6367
6368 hci_dev_lock(hdev);
6369
6370 rp_len = sizeof(*rp);
24b4f38f
AU		 6371
6372 /* Currently only one instance is supported, so just add 1 to the
6373 * response length.
6374 */
6375 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
6376 if (instance)
6377 rp_len++;
6378
d3d5305b
MH		 6379 rp = kmalloc(rp_len, GFP_ATOMIC);
6380 if (!rp) {
6381 hci_dev_unlock(hdev);
6382 return -ENOMEM;
6383 }
6384
6385 rp->supported_flags = cpu_to_le32(0);
dc5d82a9
MH		 6386 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6387 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
24b4f38f
AU		 6388 rp->max_instances = 1;
6389
6390 /* Currently only one instance is supported, so simply return the
6391 * current instance number.
6392 */
6393 if (instance) {
6394 rp->num_instances = 1;
6395 rp->instance[0] = 1;
6396 } else {
6397 rp->num_instances = 0;
6398 }
d3d5305b
MH		 6399
6400 hci_dev_unlock(hdev);
6401
6402 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6403 MGMT_STATUS_SUCCESS, rp, rp_len);
6404
6405 kfree(rp);
6406
6407 return err;
6408}
6409
24b4f38f
AU		 6410static bool adv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *adv_data,
6411 u8 adv_data_len)
6412{
6413 u8 max_adv_len = HCI_MAX_AD_LENGTH;
6414 int i, cur_len;
6415
6416 /* TODO: Correctly reduce adv_len based on adv_flags. */
6417
6418 if (adv_data_len > max_adv_len)
6419 return false;
6420
6421 /* Make sure that adv_data is correctly formatted. */
6422 for (i = 0, cur_len = 0; i < adv_data_len; i += (cur_len + 1)) {
6423 cur_len = adv_data[i];
6424
6425 /* If the current field length would exceed the total data
6426 * length, then it's invalid.
6427 */
6428 if (i + cur_len >= adv_data_len)
6429 return false;
6430 }
6431
6432 return true;
6433}
6434
6435static void advertising_added(struct sock *sk, struct hci_dev *hdev,
6436 u8 instance)
6437{
6438 struct mgmt_ev_advertising_added ev;
6439
6440 ev.instance = instance;
6441
6442 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
6443}
6444
6445static void advertising_removed(struct sock *sk, struct hci_dev *hdev,
6446 u8 instance)
6447{
6448 struct mgmt_ev_advertising_removed ev;
6449
6450 ev.instance = instance;
6451
6452 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
6453}
6454
6455static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6456 u16 opcode)
6457{
6458 struct mgmt_pending_cmd *cmd;
6459 struct mgmt_rp_add_advertising rp;
6460
6461 BT_DBG("status %d", status);
6462
6463 hci_dev_lock(hdev);
6464
6465 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6466
6467 if (status) {
6468 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
6469 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
6470 advertising_removed(cmd ? cmd->sk : NULL, hdev, 1);
6471 }
6472
6473 if (!cmd)
6474 goto unlock;
6475
6476 rp.instance = 0x01;
6477
6478 if (status)
6479 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6480 mgmt_status(status));
6481 else
6482 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6483 mgmt_status(status), &rp, sizeof(rp));
6484
6485 mgmt_pending_remove(cmd);
6486
6487unlock:
6488 hci_dev_unlock(hdev);
6489}
6490
6491static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6492 void *data, u16 data_len)
6493{
6494 struct mgmt_cp_add_advertising *cp = data;
6495 struct mgmt_rp_add_advertising rp;
6496 u32 flags;
6497 u8 status;
6498 int err;
6499 struct mgmt_pending_cmd *cmd;
6500 struct hci_request req;
6501
6502 BT_DBG("%s", hdev->name);
6503
6504 status = mgmt_le_support(hdev);
6505 if (status)
6506 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6507 status);
6508
6509 flags = __le32_to_cpu(cp->flags);
6510
6511 /* The current implementation only supports adding one instance and
6512 * doesn't support flags.
6513 */
6514 if (cp->instance != 0x01 || flags)
6515 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6516 MGMT_STATUS_INVALID_PARAMS);
6517
6518 hci_dev_lock(hdev);
6519
6520 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6521 pending_find(MGMT_OP_SET_LE, hdev)) {
6522 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6523 MGMT_STATUS_BUSY);
6524 goto unlock;
6525 }
6526
6527 if (!adv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len)) {
6528 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6529 MGMT_STATUS_INVALID_PARAMS);
6530 goto unlock;
6531 }
6532
6533 hdev->adv_instance.flags = flags;
6534 hdev->adv_instance.adv_data_len = cp->adv_data_len;
6535 hdev->adv_instance.scan_rsp_len = cp->scan_rsp_len;
6536
6537 if (cp->adv_data_len)
6538 memcpy(hdev->adv_instance.adv_data, cp->data, cp->adv_data_len);
6539
6540 if (cp->scan_rsp_len)
6541 memcpy(hdev->adv_instance.scan_rsp_data,
6542 cp->data + cp->adv_data_len, cp->scan_rsp_len);
6543
6544 if (!hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING_INSTANCE))
6545 advertising_added(sk, hdev, 1);
6546
6547 /* If the HCI_ADVERTISING flag is set or the device isn't powered then
6548 * we have no HCI communication to make. Simply return.
6549 */
6550 if (!hdev_is_powered(hdev) ||
6551 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6552 rp.instance = 0x01;
6553 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6554 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6555 goto unlock;
6556 }
6557
6558 /* We're good to go, update advertising data, parameters, and start
6559 * advertising.
6560 */
6561 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6562 data_len);
6563 if (!cmd) {
6564 err = -ENOMEM;
6565 goto unlock;
6566 }
6567
6568 hci_req_init(&req, hdev);
6569
6570 update_adv_data(&req);
6571 enable_advertising(&req);
6572
6573 err = hci_req_run(&req, add_advertising_complete);
6574 if (err < 0)
6575 mgmt_pending_remove(cmd);
6576
6577unlock:
6578 hci_dev_unlock(hdev);
6579
6580 return err;
6581}
6582
6d785aa3 6583static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6584 { NULL }, /* 0x0000 (no command) */
b9a245fb 6585 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 6586 HCI_MGMT_NO_HDEV |
6587 HCI_MGMT_UNTRUSTED },
b9a245fb 6588 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 6589 HCI_MGMT_NO_HDEV |
6590 HCI_MGMT_UNTRUSTED },
b9a245fb 6591 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 6592 HCI_MGMT_NO_HDEV |
6593 HCI_MGMT_UNTRUSTED },
6594 { read_controller_info, MGMT_READ_INFO_SIZE,
6595 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 6596 { set_powered, MGMT_SETTING_SIZE },
6597 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6598 { set_connectable, MGMT_SETTING_SIZE },
6599 { set_fast_connectable, MGMT_SETTING_SIZE },
6600 { set_bondable, MGMT_SETTING_SIZE },
6601 { set_link_security, MGMT_SETTING_SIZE },
6602 { set_ssp, MGMT_SETTING_SIZE },
6603 { set_hs, MGMT_SETTING_SIZE },
6604 { set_le, MGMT_SETTING_SIZE },
6605 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6606 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6607 { add_uuid, MGMT_ADD_UUID_SIZE },
6608 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 6609 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6610 HCI_MGMT_VAR_LEN },
6611 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6612 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6613 { disconnect, MGMT_DISCONNECT_SIZE },
6614 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6615 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6616 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6617 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6618 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6619 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6620 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6621 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6622 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6623 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6624 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 6625 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6626 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6627 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6628 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6629 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6630 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6631 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6632 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6633 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6634 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6635 { set_advertising, MGMT_SETTING_SIZE },
6636 { set_bredr, MGMT_SETTING_SIZE },
6637 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6638 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6639 { set_secure_conn, MGMT_SETTING_SIZE },
6640 { set_debug_keys, MGMT_SETTING_SIZE },
6641 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 6642 { load_irks, MGMT_LOAD_IRKS_SIZE,
6643 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6644 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6645 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6646 { add_device, MGMT_ADD_DEVICE_SIZE },
6647 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 6648 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6649 HCI_MGMT_VAR_LEN },
6650 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 6651 HCI_MGMT_NO_HDEV |
6652 HCI_MGMT_UNTRUSTED },
b9a245fb 6653 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 6654 HCI_MGMT_UNCONFIGURED |
6655 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 6656 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6657 HCI_MGMT_UNCONFIGURED },
6658 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6659 HCI_MGMT_UNCONFIGURED },
6660 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6661 HCI_MGMT_VAR_LEN },
4f0f155c 6662 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 6663 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 6664 HCI_MGMT_NO_HDEV |
6665 HCI_MGMT_UNTRUSTED },
d3d5305b 6666 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 6667 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6668 HCI_MGMT_VAR_LEN },
0f4e68cf
JH		 6669};
6670
bf6b56db 6671void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6672{
ced85549 6673 struct mgmt_ev_ext_index ev;
bb4b2a9a 6674
0602a8ad
MH		 6675 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6676 return;
6677
f9207338
MH		 6678 switch (hdev->dev_type) {
6679 case HCI_BREDR:
6680 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6681 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6682 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6683 ev.type = 0x01;
f9207338
MH		 6684 } else {
6685 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6686 HCI_MGMT_INDEX_EVENTS);
ced85549 6687 ev.type = 0x00;
f9207338
MH		 6688 }
6689 break;
ced85549
MH		 6690 case HCI_AMP:
6691 ev.type = 0x02;
6692 break;
6693 default:
6694 return;
f9207338 6695 }
ced85549
MH		 6696
6697 ev.bus = hdev->bus;
6698
6699 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6700 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 6701}
6702
bf6b56db 6703void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6704{
ced85549 6705 struct mgmt_ev_ext_index ev;
5f159032 6706 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6707
0602a8ad
MH		 6708 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6709 return;
6710
f9207338
MH		 6711 switch (hdev->dev_type) {
6712 case HCI_BREDR:
6713 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6714
f9207338
MH		 6715 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6716 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6717 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6718 ev.type = 0x01;
f9207338
MH		 6719 } else {
6720 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6721 HCI_MGMT_INDEX_EVENTS);
ced85549 6722 ev.type = 0x00;
f9207338
MH		 6723 }
6724 break;
ced85549
MH		 6725 case HCI_AMP:
6726 ev.type = 0x02;
6727 break;
6728 default:
6729 return;
f9207338 6730 }
ced85549
MH		 6731
6732 ev.bus = hdev->bus;
6733
6734 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6735 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 6736}
6737
6046dc3e 6738/* This function requires the caller holds hdev->lock */
2cf22218 6739static void restart_le_actions(struct hci_request *req)
6046dc3e 6740{
2cf22218 6741 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 6742 struct hci_conn_params *p;
6743
6744 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6745 /* Needed for AUTO_OFF case where might not "really"
6746 * have been powered off.
6747 */
6748 list_del_init(&p->action);
6749
6750 switch (p->auto_connect) {
4b9e7e75 6751 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6752 case HCI_AUTO_CONN_ALWAYS:
6753 list_add(&p->action, &hdev->pend_le_conns);
6754 break;
6755 case HCI_AUTO_CONN_REPORT:
6756 list_add(&p->action, &hdev->pend_le_reports);
6757 break;
6758 default:
6759 break;
c83ed19d 6760 }
6046dc3e 6761 }
c83ed19d 6762
2cf22218 6763 __hci_update_background_scan(req);
6046dc3e
AG		 6764}
6765
1904a853 6766static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 6767{
6768 struct cmd_lookup match = { NULL, hdev };
6769
6770 BT_DBG("status 0x%02x", status);
6771
162a3bac
MH		 6772 if (!status) {
6773 /* Register the available SMP channels (BR/EDR and LE) only
6774 * when successfully powering on the controller. This late
6775 * registration is required so that LE SMP can clearly
6776 * decide if the public address or static address is used.
6777 */
6778 smp_register(hdev);
6779 }
6780
229ab39c
JH		 6781 hci_dev_lock(hdev);
6782
6783 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6784
6785 new_settings(hdev, match.sk);
6786
6787 hci_dev_unlock(hdev);
6788
6789 if (match.sk)
6790 sock_put(match.sk);
6791}
6792
70da6243 6793static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6794{
890ea898 6795 struct hci_request req;
70da6243 6796 u8 link_sec;
5add6af8 6797
890ea898
JH		 6798 hci_req_init(&req, hdev);
6799
d7a5a11d 6800 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
70da6243 6801 !lmp_host_ssp_capable(hdev)) {
574ea3c7 6802 u8 mode = 0x01;
5e5282bb 6803
574ea3c7
MH		 6804 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6805
6806 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6807 u8 support = 0x01;
5add6af8 6808
574ea3c7
MH		 6809 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6810 sizeof(support), &support);
6811 }
ec6f99b8
JH		 6812 }
6813
d7a5a11d 6814 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
c73eee91 6815 lmp_bredr_capable(hdev)) {
70da6243 6816 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6817
32226e4f
MH		 6818 cp.le = 0x01;
6819 cp.simul = 0x00;
3d1cbdd6 6820
70da6243
JH		 6821 /* Check first if we already have the right
6822 * host state (host features set)
6823 */
6824 if (cp.le != lmp_host_le_capable(hdev) ||
6825 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6826 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6827 sizeof(cp), &cp);
70da6243 6828 }
3d1cbdd6 6829
d13eafce 6830 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6831 /* Make sure the controller has a good default for
6832 * advertising data. This also applies to the case
6833 * where BR/EDR was toggled during the AUTO_OFF phase.
6834 */
d7a5a11d 6835 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
5947f4bc 6836 update_adv_data(&req);
f14d8f64
MH		 6837 update_scan_rsp_data(&req);
6838 }
441ad2d0 6839
24b4f38f
AU		 6840 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6841 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
bba3aa55 6842 enable_advertising(&req);
2cf22218
JH		 6843
6844 restart_le_actions(&req);
eeca6f89
JH		 6845 }
6846
d7a5a11d 6847 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
70da6243 6848 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6849 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6850 sizeof(link_sec), &link_sec);
562fcc24 6851
70da6243 6852 if (lmp_bredr_capable(hdev)) {
d7a5a11d 6853 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
406ef2a6
JH		 6854 write_fast_connectable(&req, true);
6855 else
6856 write_fast_connectable(&req, false);
1d2dc5b7 6857 __hci_update_page_scan(&req);
890ea898 6858 update_class(&req);
13928971 6859 update_name(&req);
890ea898 6860 update_eir(&req);
70da6243 6861 }
562fcc24 6862
229ab39c 6863 return hci_req_run(&req, powered_complete);
70da6243 6864}
562fcc24 6865
70da6243
JH		 6866int mgmt_powered(struct hci_dev *hdev, u8 powered)
6867{
6868 struct cmd_lookup match = { NULL, hdev };
9845904f 6869 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6870 int err;
f0ff92fb 6871
d7a5a11d 6872 if (!hci_dev_test_flag(hdev, HCI_MGMT))
70da6243
JH		 6873 return 0;
6874
70da6243 6875 if (powered) {
229ab39c
JH		 6876 if (powered_update_hci(hdev) == 0)
6877 return 0;
fe038884 6878
229ab39c
JH		 6879 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6880 &match);
6881 goto new_settings;
b24752fe
JH		 6882 }
6883
229ab39c 6884 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6885
6886 /* If the power off is because of hdev unregistration let
6887 * use the appropriate INVALID_INDEX status. Otherwise use
6888 * NOT_POWERED. We cover both scenarios here since later in
6889 * mgmt_index_removed() any hci_conn callbacks will have already
6890 * been triggered, potentially causing misleading DISCONNECTED
6891 * status responses.
6892 */
d7a5a11d 6893 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 6894 status = MGMT_STATUS_INVALID_INDEX;
6895 else
6896 status = MGMT_STATUS_NOT_POWERED;
6897
6898 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6899
6900 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
f6b7712e
MH		 6901 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6902 zero_cod, sizeof(zero_cod), NULL);
229ab39c
JH		 6903
6904new_settings:
beadb2bd 6905 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6906
6907 if (match.sk)
6908 sock_put(match.sk);
6909
7bb895d6 6910 return err;
5add6af8 6911}
73f22f62 6912
3eec705e 6913void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 6914{
3b0602cd 6915 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 6916 u8 status;
6917
333ae95d 6918 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 6919 if (!cmd)
3eec705e 6920 return;
96570ffc
JH		 6921
6922 if (err == -ERFKILL)
6923 status = MGMT_STATUS_RFKILLED;
6924 else
6925 status = MGMT_STATUS_FAILED;
6926
a69e8375 6927 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6928
6929 mgmt_pending_remove(cmd);
96570ffc
JH		 6930}
6931
d1967ff8
MH		 6932void mgmt_discoverable_timeout(struct hci_dev *hdev)
6933{
6934 struct hci_request req;
d1967ff8
MH		 6935
6936 hci_dev_lock(hdev);
6937
6938 /* When discoverable timeout triggers, then just make sure
6939 * the limited discoverable flag is cleared. Even in the case
6940 * of a timeout triggered from general discoverable, it is
6941 * safe to unconditionally clear the flag.
6942 */
a358dc11
MH		 6943 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
6944 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
d1967ff8
MH		 6945
6946 hci_req_init(&req, hdev);
d7a5a11d 6947 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4b580614
JH		 6948 u8 scan = SCAN_PAGE;
6949 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6950 sizeof(scan), &scan);
6951 }
d1967ff8 6952 update_class(&req);
24b4f38f
AU		 6953
6954 /* Advertising instances don't use the global discoverable setting, so
6955 * only update AD if advertising was enabled using Set Advertising.
6956 */
6957 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6958 update_adv_data(&req);
6959
d1967ff8
MH		 6960 hci_req_run(&req, NULL);
6961
6962 hdev->discov_timeout = 0;
6963
9a43e25f
JH		 6964 new_settings(hdev, NULL);
6965
d1967ff8
MH		 6966 hci_dev_unlock(hdev);
6967}
6968
dc4a5ee2
MH		 6969void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6970 bool persistent)
55ed8ca1 6971{
86742e1e 6972 struct mgmt_ev_new_link_key ev;
55ed8ca1 6973
a492cd52 6974 memset(&ev, 0, sizeof(ev));
55ed8ca1 6975
a492cd52 6976 ev.store_hint = persistent;
d753fdc4 6977 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6978 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6979 ev.key.type = key->type;
9b3b4460 6980 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6981 ev.key.pin_len = key->pin_len;
55ed8ca1 6982
dc4a5ee2 6983 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6984}
f7520543 6985
d7b25450
JH		 6986static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6987{
23fb8de3
JH		 6988 switch (ltk->type) {
6989 case SMP_LTK:
6990 case SMP_LTK_SLAVE:
6991 if (ltk->authenticated)
6992 return MGMT_LTK_AUTHENTICATED;
6993 return MGMT_LTK_UNAUTHENTICATED;
6994 case SMP_LTK_P256:
6995 if (ltk->authenticated)
6996 return MGMT_LTK_P256_AUTH;
6997 return MGMT_LTK_P256_UNAUTH;
6998 case SMP_LTK_P256_DEBUG:
6999 return MGMT_LTK_P256_DEBUG;
7000 }
d7b25450
JH		 7001
7002 return MGMT_LTK_UNAUTHENTICATED;
7003}
7004
53ac6ab6 7005void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 7006{
7007 struct mgmt_ev_new_long_term_key ev;
7008
7009 memset(&ev, 0, sizeof(ev));
7010
5192d301
MH		 7011 /* Devices using resolvable or non-resolvable random addresses
7012 * without providing an indentity resolving key don't require
7013 * to store long term keys. Their addresses will change the
7014 * next time around.
7015 *
7016 * Only when a remote device provides an identity address
7017 * make sure the long term key is stored. If the remote
7018 * identity is known, the long term keys are internally
7019 * mapped to the identity address. So allow static random
7020 * and public addresses here.
7021 */
ba74b666
JH		 7022 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7023 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7024 ev.store_hint = 0x00;
7025 else
53ac6ab6 7026 ev.store_hint = persistent;
ba74b666 7027
346af67b 7028 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 7029 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 7030 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 7031 ev.key.enc_size = key->enc_size;
7032 ev.key.ediv = key->ediv;
fe39c7b2 7033 ev.key.rand = key->rand;
346af67b 7034
2ceba539 7035 if (key->type == SMP_LTK)
346af67b
VCG		 7036 ev.key.master = 1;
7037
346af67b
VCG		 7038 memcpy(ev.key.val, key->val, sizeof(key->val));
7039
083368f7 7040 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 7041}
7042
95fbac8a
JH		 7043void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
7044{
7045 struct mgmt_ev_new_irk ev;
7046
7047 memset(&ev, 0, sizeof(ev));
7048
bab6d1e5
MH		 7049 /* For identity resolving keys from devices that are already
7050 * using a public address or static random address, do not
7051 * ask for storing this key. The identity resolving key really
7052 * is only mandatory for devices using resovlable random
7053 * addresses.
7054 *
7055 * Storing all identity resolving keys has the downside that
7056 * they will be also loaded on next boot of they system. More
7057 * identity resolving keys, means more time during scanning is
7058 * needed to actually resolve these addresses.
7059 */
7060 if (bacmp(&irk->rpa, BDADDR_ANY))
7061 ev.store_hint = 0x01;
7062 else
7063 ev.store_hint = 0x00;
7064
95fbac8a
JH		 7065 bacpy(&ev.rpa, &irk->rpa);
7066 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7067 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7068 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7069
7070 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7071}
7072
53ac6ab6
MH		 7073void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7074 bool persistent)
7ee4ea36
MH		 7075{
7076 struct mgmt_ev_new_csrk ev;
7077
7078 memset(&ev, 0, sizeof(ev));
7079
7080 /* Devices using resolvable or non-resolvable random addresses
7081 * without providing an indentity resolving key don't require
7082 * to store signature resolving keys. Their addresses will change
7083 * the next time around.
7084 *
7085 * Only when a remote device provides an identity address
7086 * make sure the signature resolving key is stored. So allow
7087 * static random and public addresses here.
7088 */
7089 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7090 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7091 ev.store_hint = 0x00;
7092 else
53ac6ab6 7093 ev.store_hint = persistent;
7ee4ea36
MH		 7094
7095 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7096 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 7097 ev.key.type = csrk->type;
7ee4ea36
MH		 7098 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7099
7100 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7101}
7102
ffb5a827 7103void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 7104 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7105 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 7106{
7107 struct mgmt_ev_new_conn_param ev;
7108
c103aea6
JH		 7109 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7110 return;
7111
ffb5a827
AG		 7112 memset(&ev, 0, sizeof(ev));
7113 bacpy(&ev.addr.bdaddr, bdaddr);
7114 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 7115 ev.store_hint = store_hint;
ffb5a827
AG		 7116 ev.min_interval = cpu_to_le16(min_interval);
7117 ev.max_interval = cpu_to_le16(max_interval);
7118 ev.latency = cpu_to_le16(latency);
7119 ev.timeout = cpu_to_le16(timeout);
7120
7121 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7122}
7123
48ec92fa
AA		 7124void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7125 u32 flags, u8 *name, u8 name_len)
f7520543 7126{
b644ba33
JH		 7127 char buf[512];
7128 struct mgmt_ev_device_connected *ev = (void *) buf;
7129 u16 eir_len = 0;
f7520543 7130
48ec92fa
AA		 7131 bacpy(&ev->addr.bdaddr, &conn->dst);
7132 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 7133
c95f0ba7 7134 ev->flags = __cpu_to_le32(flags);
08c79b61 7135
fd45ada9
AA		 7136 /* We must ensure that the EIR Data fields are ordered and
7137 * unique. Keep it simple for now and avoid the problem by not
7138 * adding any BR/EDR data to the LE adv.
7139 */
7140 if (conn->le_adv_data_len > 0) {
7141 memcpy(&ev->eir[eir_len],
7142 conn->le_adv_data, conn->le_adv_data_len);
7143 eir_len = conn->le_adv_data_len;
7144 } else {
7145 if (name_len > 0)
7146 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7147 name, name_len);
b644ba33 7148
ddbea5cf 7149 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 7150 eir_len = eir_append_data(ev->eir, eir_len,
7151 EIR_CLASS_OF_DEV,
7152 conn->dev_class, 3);
7153 }
b644ba33 7154
eb55ef07 7155 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 7156
ecd90ae7
MH		 7157 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7158 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 7159}
7160
3b0602cd 7161static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 7162{
8962ee74 7163 struct sock **sk = data;
8962ee74 7164
f5818c22 7165 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 7166
7167 *sk = cmd->sk;
7168 sock_hold(*sk);
7169
a664b5bc 7170 mgmt_pending_remove(cmd);
8962ee74
JH		 7171}
7172
3b0602cd 7173static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 7174{
b1078ad0 7175 struct hci_dev *hdev = data;
124f6e35 7176 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 7177
b1078ad0
JH		 7178 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7179
d8b7b1e4 7180 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 7181 mgmt_pending_remove(cmd);
7182}
7183
84c61d92
JH		 7184bool mgmt_powering_down(struct hci_dev *hdev)
7185{
3b0602cd 7186 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 7187 struct mgmt_mode *cp;
7188
333ae95d 7189 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 7190 if (!cmd)
7191 return false;
7192
7193 cp = cmd->param;
7194 if (!cp->val)
7195 return true;
7196
7197 return false;
7198}
7199
9b80ec5e 7200void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 7201 u8 link_type, u8 addr_type, u8 reason,
7202 bool mgmt_connected)
f7520543 7203{
f0d6a0ea 7204 struct mgmt_ev_device_disconnected ev;
8962ee74 7205 struct sock *sk = NULL;
8962ee74 7206
84c61d92
JH		 7207 /* The connection is still in hci_conn_hash so test for 1
7208 * instead of 0 to know if this is the last one.
7209 */
7210 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7211 cancel_delayed_work(&hdev->power_off);
7212 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 7213 }
7214
12d4a3b2
JH		 7215 if (!mgmt_connected)
7216 return;
7217
57eb776f
AG		 7218 if (link_type != ACL_LINK && link_type != LE_LINK)
7219 return;
7220
744cf19e 7221 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 7222
f0d6a0ea
MA		 7223 bacpy(&ev.addr.bdaddr, bdaddr);
7224 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7225 ev.reason = reason;
f7520543 7226
9b80ec5e 7227 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 7228
7229 if (sk)
d97dcb66 7230 sock_put(sk);
8962ee74 7231
124f6e35 7232 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 7233 hdev);
8962ee74
JH		 7234}
7235
7892924c
MH		 7236void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7237 u8 link_type, u8 addr_type, u8 status)
8962ee74 7238{
3655bba8
AG		 7239 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7240 struct mgmt_cp_disconnect *cp;
3b0602cd 7241 struct mgmt_pending_cmd *cmd;
8962ee74 7242
36a75f1b
JD		 7243 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7244 hdev);
7245
333ae95d 7246 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 7247 if (!cmd)
7892924c 7248 return;
8962ee74 7249
3655bba8
AG		 7250 cp = cmd->param;
7251
7252 if (bacmp(bdaddr, &cp->addr.bdaddr))
7253 return;
7254
7255 if (cp->addr.type != bdaddr_type)
7256 return;
7257
f5818c22 7258 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7259 mgmt_pending_remove(cmd);
f7520543 7260}
17d5c04c 7261
445608d0
MH		 7262void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7263 u8 addr_type, u8 status)
17d5c04c
JH		 7264{
7265 struct mgmt_ev_connect_failed ev;
c9910d0f 7266
84c61d92
JH		 7267 /* The connection is still in hci_conn_hash so test for 1
7268 * instead of 0 to know if this is the last one.
7269 */
7270 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7271 cancel_delayed_work(&hdev->power_off);
7272 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 7273 }
17d5c04c 7274
4c659c39 7275 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7276 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 7277 ev.status = mgmt_status(status);
17d5c04c 7278
445608d0 7279 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 7280}
980e1a53 7281
ce0e4a0d 7282void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 7283{
7284 struct mgmt_ev_pin_code_request ev;
7285
d8457698 7286 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 7287 ev.addr.type = BDADDR_BREDR;
a770bb5a 7288 ev.secure = secure;
980e1a53 7289
ce0e4a0d 7290 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 7291}
7292
e669cf80
MH		 7293void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7294 u8 status)
980e1a53 7295{
3b0602cd 7296 struct mgmt_pending_cmd *cmd;
980e1a53 7297
333ae95d 7298 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 7299 if (!cmd)
e669cf80 7300 return;
980e1a53 7301
7776d1d8 7302 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7303 mgmt_pending_remove(cmd);
980e1a53
JH		 7304}
7305
3eb38528
MH		 7306void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7307 u8 status)
980e1a53 7308{
3b0602cd 7309 struct mgmt_pending_cmd *cmd;
980e1a53 7310
333ae95d 7311 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 7312 if (!cmd)
3eb38528 7313 return;
980e1a53 7314
7776d1d8 7315 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7316 mgmt_pending_remove(cmd);
980e1a53 7317}
a5c29683 7318
744cf19e 7319int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 7320 u8 link_type, u8 addr_type, u32 value,
04124681 7321 u8 confirm_hint)
a5c29683
JH		 7322{
7323 struct mgmt_ev_user_confirm_request ev;
7324
744cf19e 7325 BT_DBG("%s", hdev->name);
a5c29683 7326
272d90df 7327 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7328 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 7329 ev.confirm_hint = confirm_hint;
39adbffe 7330 ev.value = cpu_to_le32(value);
a5c29683 7331
744cf19e 7332 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 7333 NULL);
a5c29683
JH		 7334}
7335
272d90df 7336int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7337 u8 link_type, u8 addr_type)
604086b7
BG		 7338{
7339 struct mgmt_ev_user_passkey_request ev;
7340
7341 BT_DBG("%s", hdev->name);
7342
272d90df 7343 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7344 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7345
7346 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7347 NULL);
604086b7
BG		 7348}
7349
0df4c185 7350static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7351 u8 link_type, u8 addr_type, u8 status,
7352 u8 opcode)
a5c29683 7353{
3b0602cd 7354 struct mgmt_pending_cmd *cmd;
a5c29683 7355
333ae95d 7356 cmd = pending_find(opcode, hdev);
a5c29683
JH		 7357 if (!cmd)
7358 return -ENOENT;
7359
7776d1d8 7360 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7361 mgmt_pending_remove(cmd);
a5c29683 7362
7776d1d8 7363 return 0;
a5c29683
JH		 7364}
7365
744cf19e 7366int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7367 u8 link_type, u8 addr_type, u8 status)
a5c29683 7368{
272d90df 7369 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7370 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7371}
7372
272d90df 7373int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7374 u8 link_type, u8 addr_type, u8 status)
a5c29683 7375{
272d90df 7376 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7377 status,
7378 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7379}
2a611692 7380
604086b7 7381int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7382 u8 link_type, u8 addr_type, u8 status)
604086b7 7383{
272d90df 7384 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7385 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7386}
7387
272d90df 7388int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7389 u8 link_type, u8 addr_type, u8 status)
604086b7 7390{
272d90df 7391 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7392 status,
7393 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7394}
7395
92a25256
JH		 7396int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7397 u8 link_type, u8 addr_type, u32 passkey,
7398 u8 entered)
7399{
7400 struct mgmt_ev_passkey_notify ev;
7401
7402 BT_DBG("%s", hdev->name);
7403
7404 bacpy(&ev.addr.bdaddr, bdaddr);
7405 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7406 ev.passkey = __cpu_to_le32(passkey);
7407 ev.entered = entered;
7408
7409 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7410}
7411
e1e930f5 7412void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7413{
7414 struct mgmt_ev_auth_failed ev;
3b0602cd 7415 struct mgmt_pending_cmd *cmd;
e1e930f5 7416 u8 status = mgmt_status(hci_status);
2a611692 7417
e1e930f5
JH		 7418 bacpy(&ev.addr.bdaddr, &conn->dst);
7419 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7420 ev.status = status;
2a611692 7421
e1e930f5
JH		 7422 cmd = find_pairing(conn);
7423
7424 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7425 cmd ? cmd->sk : NULL);
7426
a511b35b
JH		 7427 if (cmd) {
7428 cmd->cmd_complete(cmd, status);
7429 mgmt_pending_remove(cmd);
7430 }
2a611692 7431}
b312b161 7432
464996ae 7433void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7434{
7435 struct cmd_lookup match = { NULL, hdev };
464996ae 7436 bool changed;
33ef95ed
JH		 7437
7438 if (status) {
7439 u8 mgmt_err = mgmt_status(status);
7440 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7441 cmd_status_rsp, &mgmt_err);
464996ae 7442 return;
33ef95ed
JH		 7443 }
7444
464996ae 7445 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7446 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7447 else
a69d8927 7448 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 7449
33ef95ed 7450 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7451 &match);
33ef95ed 7452
47990ea0 7453 if (changed)
464996ae 7454 new_settings(hdev, match.sk);
33ef95ed
JH		 7455
7456 if (match.sk)
7457 sock_put(match.sk);
33ef95ed
JH		 7458}
7459
890ea898 7460static void clear_eir(struct hci_request *req)
cacaf52f 7461{
890ea898 7462 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7463 struct hci_cp_write_eir cp;
7464
976eb20e 7465 if (!lmp_ext_inq_capable(hdev))
890ea898 7466 return;
cacaf52f 7467
c80da27e
JH		 7468 memset(hdev->eir, 0, sizeof(hdev->eir));
7469
cacaf52f
JH		 7470 memset(&cp, 0, sizeof(cp));
7471
890ea898 7472 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7473}
7474
3e248560 7475void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7476{
7477 struct cmd_lookup match = { NULL, hdev };
890ea898 7478 struct hci_request req;
c0ecddc2 7479 bool changed = false;
ed2c4ee3
JH		 7480
7481 if (status) {
7482 u8 mgmt_err = mgmt_status(status);
c0ecddc2 7483
a69d8927
MH		 7484 if (enable && hci_dev_test_and_clear_flag(hdev,
7485 HCI_SSP_ENABLED)) {
a358dc11 7486 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 7487 new_settings(hdev, NULL);
9ecb3e24 7488 }
c0ecddc2 7489
04124681
GP		 7490 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7491 &mgmt_err);
3e248560 7492 return;
c0ecddc2
JH		 7493 }
7494
7495 if (enable) {
238be788 7496 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7497 } else {
a69d8927 7498 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7499 if (!changed)
a69d8927
MH		 7500 changed = hci_dev_test_and_clear_flag(hdev,
7501 HCI_HS_ENABLED);
9ecb3e24 7502 else
a358dc11 7503 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7504 }
7505
7506 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7507
c0ecddc2 7508 if (changed)
3e248560 7509 new_settings(hdev, match.sk);
ed2c4ee3 7510
5fc6ebb1 7511 if (match.sk)
ed2c4ee3
JH		 7512 sock_put(match.sk);
7513
890ea898
JH		 7514 hci_req_init(&req, hdev);
7515
d7a5a11d
MH		 7516 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7517 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7518 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7519 sizeof(enable), &enable);
890ea898 7520 update_eir(&req);
3769972b 7521 } else {
890ea898 7522 clear_eir(&req);
3769972b 7523 }
890ea898
JH		 7524
7525 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7526}
7527
3b0602cd 7528static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7529{
7530 struct cmd_lookup *match = data;
7531
90e70454
JH		 7532 if (match->sk == NULL) {
7533 match->sk = cmd->sk;
7534 sock_hold(match->sk);
7535 }
90e70454
JH		 7536}
7537
4e1b0245
MH		 7538void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7539 u8 status)
7f9a903c 7540{
90e70454 7541 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7542
92da6097
JH		 7543 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7544 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7545 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7546
7547 if (!status)
f6b7712e
MH		 7548 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7549 dev_class, 3, NULL);
90e70454
JH		 7550
7551 if (match.sk)
7552 sock_put(match.sk);
7f9a903c
MH		 7553}
7554
7667da34 7555void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7556{
b312b161 7557 struct mgmt_cp_set_local_name ev;
3b0602cd 7558 struct mgmt_pending_cmd *cmd;
28cc7bde 7559
13928971 7560 if (status)
7667da34 7561 return;
b312b161
JH		 7562
7563 memset(&ev, 0, sizeof(ev));
7564 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7565 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7566
333ae95d 7567 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7568 if (!cmd) {
7569 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7570
13928971
JH		 7571 /* If this is a HCI command related to powering on the
7572 * HCI dev don't send any mgmt signals.
7573 */
333ae95d 7574 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7575 return;
890ea898 7576 }
b312b161 7577
f6b7712e
MH		 7578 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7579 cmd ? cmd->sk : NULL);
b312b161 7580}
c35938b2 7581
4d2d2796 7582void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 7583 u8 *rand192, u8 *hash256, u8 *rand256,
7584 u8 status)
c35938b2 7585{
3b0602cd 7586 struct mgmt_pending_cmd *cmd;
c35938b2 7587
744cf19e 7588 BT_DBG("%s status %u", hdev->name, status);
c35938b2 7589
333ae95d 7590 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 7591 if (!cmd)
3edaf092 7592 return;
c35938b2
SJ		 7593
7594 if (status) {
a69e8375
JH		 7595 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7596 mgmt_status(status));
c35938b2 7597 } else {
66f096f7
JH		 7598 struct mgmt_rp_read_local_oob_data rp;
7599 size_t rp_size = sizeof(rp);
4d2d2796 7600
66f096f7
JH		 7601 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7602 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 7603
66f096f7 7604 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796 7605 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 7606 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
4d2d2796 7607 } else {
66f096f7 7608 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
4d2d2796 7609 }
66f096f7 7610
2a1afb5a
JH		 7611 mgmt_cmd_complete(cmd->sk, hdev->id,
7612 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7613 &rp, rp_size);
c35938b2
SJ		 7614 }
7615
7616 mgmt_pending_remove(cmd);
c35938b2 7617}
e17acd40 7618
799ce93d
JP		 7619static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7620{
7621 int i;
7622
7623 for (i = 0; i < uuid_count; i++) {
7624 if (!memcmp(uuid, uuids[i], 16))
7625 return true;
7626 }
7627
7628 return false;
7629}
7630
b487b9ce
MH		 7631static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7632{
799ce93d
JP		 7633 u16 parsed = 0;
7634
7635 while (parsed < eir_len) {
7636 u8 field_len = eir[0];
7637 u8 uuid[16];
7638 int i;
7639
7640 if (field_len == 0)
7641 break;
7642
7643 if (eir_len - parsed < field_len + 1)
7644 break;
7645
7646 switch (eir[1]) {
7647 case EIR_UUID16_ALL:
7648 case EIR_UUID16_SOME:
7649 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7650 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7651 uuid[13] = eir[i + 3];
7652 uuid[12] = eir[i + 2];
7653 if (has_uuid(uuid, uuid_count, uuids))
7654 return true;
7655 }
7656 break;
7657 case EIR_UUID32_ALL:
7658 case EIR_UUID32_SOME:
7659 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7660 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7661 uuid[15] = eir[i + 5];
7662 uuid[14] = eir[i + 4];
7663 uuid[13] = eir[i + 3];
7664 uuid[12] = eir[i + 2];
7665 if (has_uuid(uuid, uuid_count, uuids))
7666 return true;
7667 }
7668 break;
7669 case EIR_UUID128_ALL:
7670 case EIR_UUID128_SOME:
7671 for (i = 0; i + 17 <= field_len; i += 16) {
7672 memcpy(uuid, eir + i + 2, 16);
7673 if (has_uuid(uuid, uuid_count, uuids))
7674 return true;
7675 }
7676 break;
7677 }
7678
7679 parsed += field_len + 1;
7680 eir += field_len + 1;
7681 }
7682
b487b9ce
MH		 7683 return false;
7684}
7685
4b0e0ced
JP		 7686static void restart_le_scan(struct hci_dev *hdev)
7687{
7688 /* If controller is not scanning we are done. */
d7a5a11d 7689 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 7690 return;
7691
7692 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7693 hdev->discovery.scan_start +
7694 hdev->discovery.scan_duration))
7695 return;
7696
7697 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
7698 DISCOV_LE_RESTART_DELAY);
7699}
7700
48f86b7f
JP		 7701static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7702 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7703{
48f86b7f
JP		 7704 /* If a RSSI threshold has been specified, and
7705 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7706 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7707 * is set, let it through for further processing, as we might need to
7708 * restart the scan.
efb2513f
MH		 7709 *
7710 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7711 * the results are also dropped.
bda157a4
MH		 7712 */
7713 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7714 (rssi == HCI_RSSI_INVALID ||
7715 (rssi < hdev->discovery.rssi &&
7716 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7717 return false;
efb2513f 7718
2976cdeb
JP		 7719 if (hdev->discovery.uuid_count != 0) {
7720 /* If a list of UUIDs is provided in filter, results with no
7721 * matching UUID should be dropped.
b487b9ce 7722 */
2976cdeb
JP		 7723 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7724 hdev->discovery.uuids) &&
7725 !eir_has_uuids(scan_rsp, scan_rsp_len,
7726 hdev->discovery.uuid_count,
7727 hdev->discovery.uuids))
7728 return false;
b487b9ce 7729 }
5d2e9fad 7730
2976cdeb
JP		 7731 /* If duplicate filtering does not report RSSI changes, then restart
7732 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7733 */
2976cdeb
JP		 7734 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7735 restart_le_scan(hdev);
7736
7737 /* Validate RSSI value against the RSSI threshold once more. */
7738 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7739 rssi < hdev->discovery.rssi)
7740 return false;
7741 }
48f86b7f
JP		 7742
7743 return true;
7744}
7745
7746void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7747 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7748 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7749{
7750 char buf[512];
7751 struct mgmt_ev_device_found *ev = (void *)buf;
7752 size_t ev_size;
7753
7754 /* Don't send events for a non-kernel initiated discovery. With
7755 * LE one exception is if we have pend_le_reports > 0 in which
7756 * case we're doing passive scanning and want these events.
7757 */
7758 if (!hci_discovery_active(hdev)) {
7759 if (link_type == ACL_LINK)
7760 return;
7761 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7762 return;
7763 }
7764
82f8b651 7765 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7766 /* We are using service discovery */
7767 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7768 scan_rsp_len))
7769 return;
7770 }
7771
7772 /* Make sure that the buffer is big enough. The 5 extra bytes
7773 * are for the potential CoD field.
7774 */
7775 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7776 return;
7777
48f86b7f
JP		 7778 memset(buf, 0, sizeof(buf));
7779
7780 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7781 * RSSI value was reported as 0 when not available. This behavior
7782 * is kept when using device discovery. This is required for full
7783 * backwards compatibility with the API.
7784 *
7785 * However when using service discovery, the value 127 will be
7786 * returned when the RSSI is not available.
7787 */
7788 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7789 link_type == ACL_LINK)
7790 rssi = 0;
7791
7792 bacpy(&ev->addr.bdaddr, bdaddr);
7793 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7794 ev->rssi = rssi;
7795 ev->flags = cpu_to_le32(flags);
7796
7797 if (eir_len > 0)
7798 /* Copy EIR or advertising data into event */
7799 memcpy(ev->eir, eir, eir_len);
7800
7801 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7802 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7803 dev_class, 3);
7804
7805 if (scan_rsp_len > 0)
7806 /* Append scan response data to event */
7807 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7808
5d2e9fad
JH		 7809 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7810 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7811
901801b9 7812 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7813}
a88a9652 7814
9cf12aee
MH		 7815void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7816 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7817{
b644ba33
JH		 7818 struct mgmt_ev_device_found *ev;
7819 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7820 u16 eir_len;
a88a9652 7821
b644ba33 7822 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7823
b644ba33
JH		 7824 memset(buf, 0, sizeof(buf));
7825
7826 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7827 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7828 ev->rssi = rssi;
7829
7830 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7831 name_len);
b644ba33 7832
eb55ef07 7833 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7834
9cf12aee 7835 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7836}
314b2381 7837
2f1e063b 7838void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7839{
f963e8e9 7840 struct mgmt_ev_discovering ev;
164a6e78 7841
343fb145
AG		 7842 BT_DBG("%s discovering %u", hdev->name, discovering);
7843
f963e8e9
JH		 7844 memset(&ev, 0, sizeof(ev));
7845 ev.type = hdev->discovery.type;
7846 ev.discovering = discovering;
7847
2f1e063b 7848 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7849}
5e762444 7850
1904a853 7851static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 7852{
7853 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 7854}
7855
7856void mgmt_reenable_advertising(struct hci_dev *hdev)
7857{
7858 struct hci_request req;
7859
24b4f38f
AU		 7860 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
7861 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
5976e608
MH		 7862 return;
7863
7864 hci_req_init(&req, hdev);
7865 enable_advertising(&req);
0ec5ae84 7866 hci_req_run(&req, adv_enable_complete);
5976e608 7867}
6d785aa3
JH		 7868
7869static struct hci_mgmt_chan chan = {
7870 .channel = HCI_CHANNEL_CONTROL,
7871 .handler_count = ARRAY_SIZE(mgmt_handlers),
7872 .handlers = mgmt_handlers,
88b94ce9 7873 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 7874};
7875
7876int mgmt_init(void)
7877{
7878 return hci_mgmt_chan_register(&chan);
7879}
7880
7881void mgmt_exit(void)
7882{
7883 hci_mgmt_chan_unregister(&chan);
7884}
Linux kernel - Deliverables
This page took 1.3641 seconds and 5 git commands to generate.