projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Simplify if statements in tlv_data_is_valid function
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
0381101f 39
2da9c55c 40#define MGMT_VERSION 1
e58627d1 41#define MGMT_REVISION 10
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 50 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
4375f103 82 MGMT_OP_SET_ADVERTISING,
0663ca2a 83 MGMT_OP_SET_BREDR,
d13eafce 84 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 85 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 86 MGMT_OP_SET_SECURE_CONN,
4e39ac81 87 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 88 MGMT_OP_SET_PRIVACY,
41edf160 89 MGMT_OP_LOAD_IRKS,
dd983808 90 MGMT_OP_GET_CONN_INFO,
95868426 91 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 94 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 95 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 96 MGMT_OP_READ_CONFIG_INFO,
dbece37a 97 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 98 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 99 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 101 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 102 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 103 MGMT_OP_ADD_ADVERTISING,
da929335 104 MGMT_OP_REMOVE_ADVERTISING,
e70bb2e8
JH		 105};
106
107static const u16 mgmt_events[] = {
108 MGMT_EV_CONTROLLER_ERROR,
109 MGMT_EV_INDEX_ADDED,
110 MGMT_EV_INDEX_REMOVED,
111 MGMT_EV_NEW_SETTINGS,
112 MGMT_EV_CLASS_OF_DEV_CHANGED,
113 MGMT_EV_LOCAL_NAME_CHANGED,
114 MGMT_EV_NEW_LINK_KEY,
115 MGMT_EV_NEW_LONG_TERM_KEY,
116 MGMT_EV_DEVICE_CONNECTED,
117 MGMT_EV_DEVICE_DISCONNECTED,
118 MGMT_EV_CONNECT_FAILED,
119 MGMT_EV_PIN_CODE_REQUEST,
120 MGMT_EV_USER_CONFIRM_REQUEST,
121 MGMT_EV_USER_PASSKEY_REQUEST,
122 MGMT_EV_AUTH_FAILED,
123 MGMT_EV_DEVICE_FOUND,
124 MGMT_EV_DISCOVERING,
125 MGMT_EV_DEVICE_BLOCKED,
126 MGMT_EV_DEVICE_UNBLOCKED,
127 MGMT_EV_DEVICE_UNPAIRED,
92a25256 128 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 129 MGMT_EV_NEW_IRK,
7ee4ea36 130 MGMT_EV_NEW_CSRK,
8afef092
MH		 131 MGMT_EV_DEVICE_ADDED,
132 MGMT_EV_DEVICE_REMOVED,
ffb5a827 133 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 134 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 135 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 136 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 137 MGMT_EV_EXT_INDEX_ADDED,
138 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 139 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 140 MGMT_EV_ADVERTISING_ADDED,
141 MGMT_EV_ADVERTISING_REMOVED,
e70bb2e8
JH		 142};
143
99c679ac
MH		 144static const u16 mgmt_untrusted_commands[] = {
145 MGMT_OP_READ_INDEX_LIST,
146 MGMT_OP_READ_INFO,
147 MGMT_OP_READ_UNCONF_INDEX_LIST,
148 MGMT_OP_READ_CONFIG_INFO,
149 MGMT_OP_READ_EXT_INDEX_LIST,
150};
151
152static const u16 mgmt_untrusted_events[] = {
153 MGMT_EV_INDEX_ADDED,
154 MGMT_EV_INDEX_REMOVED,
155 MGMT_EV_NEW_SETTINGS,
156 MGMT_EV_CLASS_OF_DEV_CHANGED,
157 MGMT_EV_LOCAL_NAME_CHANGED,
158 MGMT_EV_UNCONF_INDEX_ADDED,
159 MGMT_EV_UNCONF_INDEX_REMOVED,
160 MGMT_EV_NEW_CONFIG_OPTIONS,
161 MGMT_EV_EXT_INDEX_ADDED,
162 MGMT_EV_EXT_INDEX_REMOVED,
163};
164
17b02e62 165#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 166
d25b78e2
JH		 167#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
168 "\x00\x00\x00\x00\x00\x00\x00\x00"
169
ca69b795
JH		 170/* HCI to MGMT error code conversion table */
171static u8 mgmt_status_table[] = {
172 MGMT_STATUS_SUCCESS,
173 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
174 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
175 MGMT_STATUS_FAILED, /* Hardware Failure */
176 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
177 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 178 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 179 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
180 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
181 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
182 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
183 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
184 MGMT_STATUS_BUSY, /* Command Disallowed */
185 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
186 MGMT_STATUS_REJECTED, /* Rejected Security */
187 MGMT_STATUS_REJECTED, /* Rejected Personal */
188 MGMT_STATUS_TIMEOUT, /* Host Timeout */
189 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
190 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
191 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
192 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
193 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
194 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
195 MGMT_STATUS_BUSY, /* Repeated Attempts */
196 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
197 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
198 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
199 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
200 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
201 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
202 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
203 MGMT_STATUS_FAILED, /* Unspecified Error */
204 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
205 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
206 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
207 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
208 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
209 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
210 MGMT_STATUS_FAILED, /* Unit Link Key Used */
211 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
212 MGMT_STATUS_TIMEOUT, /* Instant Passed */
213 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
214 MGMT_STATUS_FAILED, /* Transaction Collision */
215 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
216 MGMT_STATUS_REJECTED, /* QoS Rejected */
217 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
218 MGMT_STATUS_REJECTED, /* Insufficient Security */
219 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
220 MGMT_STATUS_BUSY, /* Role Switch Pending */
221 MGMT_STATUS_FAILED, /* Slot Violation */
222 MGMT_STATUS_FAILED, /* Role Switch Failed */
223 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
224 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
225 MGMT_STATUS_BUSY, /* Host Busy Pairing */
226 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
227 MGMT_STATUS_BUSY, /* Controller Busy */
228 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
229 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
230 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
231 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
232 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
233};
234
235static u8 mgmt_status(u8 hci_status)
236{
237 if (hci_status < ARRAY_SIZE(mgmt_status_table))
238 return mgmt_status_table[hci_status];
239
240 return MGMT_STATUS_FAILED;
241}
242
c08b1a1d
MH		 243static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
244 u16 len, int flag)
f9207338 245{
c08b1a1d
MH		 246 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
247 flag, NULL);
f9207338
MH		 248}
249
72000df2
MH		 250static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag, struct sock *skip_sk)
252{
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
254 flag, skip_sk);
255}
256
f6b7712e
MH		 257static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, struct sock *skip_sk)
259{
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 HCI_MGMT_GENERIC_EVENTS, skip_sk);
262}
263
7a00ff44
JH		 264static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
266{
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 268 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 269}
270
85813a7e
JH		 271static u8 le_addr_type(u8 mgmt_addr_type)
272{
273 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
274 return ADDR_LE_DEV_PUBLIC;
275 else
276 return ADDR_LE_DEV_RANDOM;
277}
278
04124681
GP		 279static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
280 u16 data_len)
a38528f1
JH		 281{
282 struct mgmt_rp_read_version rp;
283
284 BT_DBG("sock %p", sk);
285
286 rp.version = MGMT_VERSION;
dcf4adbf 287 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 288
2a1afb5a
JH		 289 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
290 &rp, sizeof(rp));
a38528f1
JH		 291}
292
04124681
GP		 293static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
294 u16 data_len)
e70bb2e8
JH		 295{
296 struct mgmt_rp_read_commands *rp;
99c679ac 297 u16 num_commands, num_events;
e70bb2e8
JH		 298 size_t rp_size;
299 int i, err;
300
301 BT_DBG("sock %p", sk);
302
99c679ac
MH		 303 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
304 num_commands = ARRAY_SIZE(mgmt_commands);
305 num_events = ARRAY_SIZE(mgmt_events);
306 } else {
307 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
308 num_events = ARRAY_SIZE(mgmt_untrusted_events);
309 }
310
e70bb2e8
JH		 311 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
312
313 rp = kmalloc(rp_size, GFP_KERNEL);
314 if (!rp)
315 return -ENOMEM;
316
dcf4adbf
JP		 317 rp->num_commands = cpu_to_le16(num_commands);
318 rp->num_events = cpu_to_le16(num_events);
e70bb2e8 319
99c679ac
MH		 320 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
321 __le16 *opcode = rp->opcodes;
322
323 for (i = 0; i < num_commands; i++, opcode++)
324 put_unaligned_le16(mgmt_commands[i], opcode);
e70bb2e8 325
99c679ac
MH		 326 for (i = 0; i < num_events; i++, opcode++)
327 put_unaligned_le16(mgmt_events[i], opcode);
328 } else {
329 __le16 *opcode = rp->opcodes;
330
331 for (i = 0; i < num_commands; i++, opcode++)
332 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
333
334 for (i = 0; i < num_events; i++, opcode++)
335 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
336 }
e70bb2e8 337
2a1afb5a
JH		 338 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
339 rp, rp_size);
e70bb2e8
JH		 340 kfree(rp);
341
342 return err;
343}
344
04124681
GP		 345static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
346 u16 data_len)
faba42eb 347{
faba42eb 348 struct mgmt_rp_read_index_list *rp;
8035ded4 349 struct hci_dev *d;
a38528f1 350 size_t rp_len;
faba42eb 351 u16 count;
476e44cb 352 int err;
faba42eb
JH		 353
354 BT_DBG("sock %p", sk);
355
356 read_lock(&hci_dev_list_lock);
357
358 count = 0;
bb4b2a9a 359 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 360 if (d->dev_type == HCI_BREDR &&
d7a5a11d 361 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 362 count++;
faba42eb
JH		 363 }
364
a38528f1
JH		 365 rp_len = sizeof(*rp) + (2 * count);
366 rp = kmalloc(rp_len, GFP_ATOMIC);
367 if (!rp) {
b2c60d42 368 read_unlock(&hci_dev_list_lock);
faba42eb 369 return -ENOMEM;
b2c60d42 370 }
faba42eb 371
476e44cb 372 count = 0;
8035ded4 373 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 374 if (hci_dev_test_flag(d, HCI_SETUP) ||
375 hci_dev_test_flag(d, HCI_CONFIG) ||
376 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 377 continue;
378
73d1df2a
MH		 379 /* Devices marked as raw-only are neither configured
380 * nor unconfigured controllers.
381 */
382 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 383 continue;
384
73d1df2a 385 if (d->dev_type == HCI_BREDR &&
d7a5a11d 386 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 387 rp->index[count++] = cpu_to_le16(d->id);
388 BT_DBG("Added hci%u", d->id);
389 }
faba42eb
JH		 390 }
391
476e44cb
JH		 392 rp->num_controllers = cpu_to_le16(count);
393 rp_len = sizeof(*rp) + (2 * count);
394
faba42eb
JH		 395 read_unlock(&hci_dev_list_lock);
396
2a1afb5a
JH		 397 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
398 0, rp, rp_len);
faba42eb 399
a38528f1
JH		 400 kfree(rp);
401
402 return err;
faba42eb
JH		 403}
404
73d1df2a
MH		 405static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
406 void *data, u16 data_len)
407{
408 struct mgmt_rp_read_unconf_index_list *rp;
409 struct hci_dev *d;
410 size_t rp_len;
411 u16 count;
412 int err;
413
414 BT_DBG("sock %p", sk);
415
416 read_lock(&hci_dev_list_lock);
417
418 count = 0;
419 list_for_each_entry(d, &hci_dev_list, list) {
420 if (d->dev_type == HCI_BREDR &&
d7a5a11d 421 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 422 count++;
423 }
424
425 rp_len = sizeof(*rp) + (2 * count);
426 rp = kmalloc(rp_len, GFP_ATOMIC);
427 if (!rp) {
428 read_unlock(&hci_dev_list_lock);
429 return -ENOMEM;
430 }
431
432 count = 0;
433 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 434 if (hci_dev_test_flag(d, HCI_SETUP) ||
435 hci_dev_test_flag(d, HCI_CONFIG) ||
436 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 437 continue;
438
439 /* Devices marked as raw-only are neither configured
440 * nor unconfigured controllers.
441 */
442 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
443 continue;
444
445 if (d->dev_type == HCI_BREDR &&
d7a5a11d 446 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 447 rp->index[count++] = cpu_to_le16(d->id);
448 BT_DBG("Added hci%u", d->id);
449 }
450 }
451
452 rp->num_controllers = cpu_to_le16(count);
453 rp_len = sizeof(*rp) + (2 * count);
454
455 read_unlock(&hci_dev_list_lock);
456
2a1afb5a
JH		 457 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
458 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 459
460 kfree(rp);
461
462 return err;
463}
464
96f1474a
MH		 465static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
466 void *data, u16 data_len)
467{
468 struct mgmt_rp_read_ext_index_list *rp;
469 struct hci_dev *d;
470 size_t rp_len;
471 u16 count;
472 int err;
473
474 BT_DBG("sock %p", sk);
475
476 read_lock(&hci_dev_list_lock);
477
478 count = 0;
479 list_for_each_entry(d, &hci_dev_list, list) {
480 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
481 count++;
482 }
483
484 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
485 rp = kmalloc(rp_len, GFP_ATOMIC);
486 if (!rp) {
487 read_unlock(&hci_dev_list_lock);
488 return -ENOMEM;
489 }
490
491 count = 0;
492 list_for_each_entry(d, &hci_dev_list, list) {
493 if (hci_dev_test_flag(d, HCI_SETUP) ||
494 hci_dev_test_flag(d, HCI_CONFIG) ||
495 hci_dev_test_flag(d, HCI_USER_CHANNEL))
496 continue;
497
498 /* Devices marked as raw-only are neither configured
499 * nor unconfigured controllers.
500 */
501 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
502 continue;
503
504 if (d->dev_type == HCI_BREDR) {
505 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
506 rp->entry[count].type = 0x01;
507 else
508 rp->entry[count].type = 0x00;
509 } else if (d->dev_type == HCI_AMP) {
510 rp->entry[count].type = 0x02;
511 } else {
512 continue;
513 }
514
515 rp->entry[count].bus = d->bus;
516 rp->entry[count++].index = cpu_to_le16(d->id);
517 BT_DBG("Added hci%u", d->id);
518 }
519
520 rp->num_controllers = cpu_to_le16(count);
521 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
522
523 read_unlock(&hci_dev_list_lock);
524
525 /* If this command is called at least once, then all the
526 * default index and unconfigured index events are disabled
527 * and from now on only extended index events are used.
528 */
529 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
530 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
531 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
532
533 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
534 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
535
536 kfree(rp);
537
538 return err;
539}
540
dbece37a
MH		 541static bool is_configured(struct hci_dev *hdev)
542{
543 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 544 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 545 return false;
546
547 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
548 !bacmp(&hdev->public_addr, BDADDR_ANY))
549 return false;
550
551 return true;
552}
553
89bc22d2
MH		 554static __le32 get_missing_options(struct hci_dev *hdev)
555{
556 u32 options = 0;
557
dbece37a 558 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 559 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 560 options |= MGMT_OPTION_EXTERNAL_CONFIG;
561
89bc22d2
MH		 562 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
563 !bacmp(&hdev->public_addr, BDADDR_ANY))
564 options |= MGMT_OPTION_PUBLIC_ADDRESS;
565
566 return cpu_to_le32(options);
567}
568
f4537c04
MH		 569static int new_options(struct hci_dev *hdev, struct sock *skip)
570{
571 __le32 options = get_missing_options(hdev);
572
f6b7712e
MH		 573 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
574 sizeof(options), skip);
f4537c04
MH		 575}
576
dbece37a
MH		 577static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
578{
579 __le32 options = get_missing_options(hdev);
580
2a1afb5a
JH		 581 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
582 sizeof(options));
dbece37a
MH		 583}
584
9fc3bfb6
MH		 585static int read_config_info(struct sock *sk, struct hci_dev *hdev,
586 void *data, u16 data_len)
587{
588 struct mgmt_rp_read_config_info rp;
89bc22d2 589 u32 options = 0;
9fc3bfb6
MH		 590
591 BT_DBG("sock %p %s", sk, hdev->name);
592
593 hci_dev_lock(hdev);
594
595 memset(&rp, 0, sizeof(rp));
596 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 597
eb1904f4
MH		 598 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
599 options |= MGMT_OPTION_EXTERNAL_CONFIG;
600
9fc3bfb6 601 if (hdev->set_bdaddr)
89bc22d2
MH		 602 options |= MGMT_OPTION_PUBLIC_ADDRESS;
603
604 rp.supported_options = cpu_to_le32(options);
605 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 606
607 hci_dev_unlock(hdev);
608
2a1afb5a
JH		 609 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
610 &rp, sizeof(rp));
9fc3bfb6
MH		 611}
612
69ab39ea
JH		 613static u32 get_supported_settings(struct hci_dev *hdev)
614{
615 u32 settings = 0;
616
617 settings |= MGMT_SETTING_POWERED;
b2939475 618 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 619 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 620 settings |= MGMT_SETTING_CONNECTABLE;
621 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 622
ed3fa31f 623 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 624 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
625 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 626 settings |= MGMT_SETTING_BREDR;
627 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 628
629 if (lmp_ssp_capable(hdev)) {
630 settings |= MGMT_SETTING_SSP;
631 settings |= MGMT_SETTING_HS;
632 }
e98d2ce2 633
05b3c3e7 634 if (lmp_sc_capable(hdev))
e98d2ce2 635 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 636 }
d7b7e796 637
eeca6f89 638 if (lmp_le_capable(hdev)) {
9d42820f 639 settings |= MGMT_SETTING_LE;
eeca6f89 640 settings |= MGMT_SETTING_ADVERTISING;
a3209694 641 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 642 settings |= MGMT_SETTING_PRIVACY;
93690c22 643 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 644 }
69ab39ea 645
eb1904f4
MH		 646 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
647 hdev->set_bdaddr)
9fc3bfb6
MH		 648 settings |= MGMT_SETTING_CONFIGURATION;
649
69ab39ea
JH		 650 return settings;
651}
652
653static u32 get_current_settings(struct hci_dev *hdev)
654{
655 u32 settings = 0;
656
f1f0eb02 657 if (hdev_is_powered(hdev))
f0d4b78a
MH		 658 settings |= MGMT_SETTING_POWERED;
659
d7a5a11d 660 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 661 settings |= MGMT_SETTING_CONNECTABLE;
662
d7a5a11d 663 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 664 settings |= MGMT_SETTING_FAST_CONNECTABLE;
665
d7a5a11d 666 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 667 settings |= MGMT_SETTING_DISCOVERABLE;
668
d7a5a11d 669 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 670 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 671
d7a5a11d 672 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 673 settings |= MGMT_SETTING_BREDR;
674
d7a5a11d 675 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 676 settings |= MGMT_SETTING_LE;
677
d7a5a11d 678 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 679 settings |= MGMT_SETTING_LINK_SECURITY;
680
d7a5a11d 681 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 682 settings |= MGMT_SETTING_SSP;
683
d7a5a11d 684 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 685 settings |= MGMT_SETTING_HS;
686
d7a5a11d 687 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 688 settings |= MGMT_SETTING_ADVERTISING;
689
d7a5a11d 690 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 691 settings |= MGMT_SETTING_SECURE_CONN;
692
d7a5a11d 693 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 694 settings |= MGMT_SETTING_DEBUG_KEYS;
695
d7a5a11d 696 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 697 settings |= MGMT_SETTING_PRIVACY;
698
93690c22
MH		 699 /* The current setting for static address has two purposes. The
700 * first is to indicate if the static address will be used and
701 * the second is to indicate if it is actually set.
702 *
703 * This means if the static address is not configured, this flag
08dc0e98 704 * will never be set. If the address is configured, then if the
93690c22
MH		 705 * address is actually used decides if the flag is set or not.
706 *
707 * For single mode LE only controllers and dual-mode controllers
708 * with BR/EDR disabled, the existence of the static address will
709 * be evaluated.
710 */
b7cb93e5 711 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 712 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 713 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
714 if (bacmp(&hdev->static_addr, BDADDR_ANY))
715 settings |= MGMT_SETTING_STATIC_ADDRESS;
716 }
717
69ab39ea
JH		 718 return settings;
719}
720
ef580372
JH		 721#define PNP_INFO_SVCLASS_ID 0x1200
722
213202ed
JH		 723static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
724{
725 u8 *ptr = data, *uuids_start = NULL;
726 struct bt_uuid *uuid;
727
728 if (len < 4)
729 return ptr;
730
731 list_for_each_entry(uuid, &hdev->uuids, list) {
732 u16 uuid16;
733
734 if (uuid->size != 16)
735 continue;
736
737 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
738 if (uuid16 < 0x1100)
739 continue;
740
741 if (uuid16 == PNP_INFO_SVCLASS_ID)
742 continue;
743
744 if (!uuids_start) {
745 uuids_start = ptr;
746 uuids_start[0] = 1;
747 uuids_start[1] = EIR_UUID16_ALL;
748 ptr += 2;
749 }
750
751 /* Stop if not enough space to put next UUID */
752 if ((ptr - data) + sizeof(u16) > len) {
753 uuids_start[1] = EIR_UUID16_SOME;
754 break;
755 }
756
757 *ptr++ = (uuid16 & 0x00ff);
758 *ptr++ = (uuid16 & 0xff00) >> 8;
759 uuids_start[0] += sizeof(uuid16);
760 }
761
762 return ptr;
763}
764
cdf1963f
JH		 765static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
766{
767 u8 *ptr = data, *uuids_start = NULL;
768 struct bt_uuid *uuid;
769
770 if (len < 6)
771 return ptr;
772
773 list_for_each_entry(uuid, &hdev->uuids, list) {
774 if (uuid->size != 32)
775 continue;
776
777 if (!uuids_start) {
778 uuids_start = ptr;
779 uuids_start[0] = 1;
780 uuids_start[1] = EIR_UUID32_ALL;
781 ptr += 2;
782 }
783
784 /* Stop if not enough space to put next UUID */
785 if ((ptr - data) + sizeof(u32) > len) {
786 uuids_start[1] = EIR_UUID32_SOME;
787 break;
788 }
789
790 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
791 ptr += sizeof(u32);
792 uuids_start[0] += sizeof(u32);
793 }
794
795 return ptr;
796}
797
c00d575b
JH		 798static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
799{
800 u8 *ptr = data, *uuids_start = NULL;
801 struct bt_uuid *uuid;
802
803 if (len < 18)
804 return ptr;
805
806 list_for_each_entry(uuid, &hdev->uuids, list) {
807 if (uuid->size != 128)
808 continue;
809
810 if (!uuids_start) {
811 uuids_start = ptr;
812 uuids_start[0] = 1;
813 uuids_start[1] = EIR_UUID128_ALL;
814 ptr += 2;
815 }
816
817 /* Stop if not enough space to put next UUID */
818 if ((ptr - data) + 16 > len) {
819 uuids_start[1] = EIR_UUID128_SOME;
820 break;
821 }
822
823 memcpy(ptr, uuid->uuid, 16);
824 ptr += 16;
825 uuids_start[0] += 16;
826 }
827
828 return ptr;
829}
830
333ae95d
JH		 831static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
832{
833 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
834}
835
333ae95d
JH		 836static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
837 struct hci_dev *hdev,
838 const void *data)
839{
840 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
841}
842
91aa9bb2
FG		 843static u8 get_current_adv_instance(struct hci_dev *hdev)
844{
845 /* The "Set Advertising" setting supersedes the "Add Advertising"
846 * setting. Here we set the advertising data based on which
847 * setting was set. When neither apply, default to the global settings,
848 * represented by instance "0".
849 */
850 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
851 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
3ff37e6b 852 return hdev->cur_adv_instance;
91aa9bb2
FG		 853
854 return 0x00;
855}
856
4117ed70 857static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
f14d8f64 858{
7a5f4990
MH		 859 u8 ad_len = 0;
860 size_t name_len;
861
862 name_len = strlen(hdev->dev_name);
863 if (name_len > 0) {
864 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
865
866 if (name_len > max_len) {
867 name_len = max_len;
868 ptr[1] = EIR_NAME_SHORT;
869 } else
870 ptr[1] = EIR_NAME_COMPLETE;
871
872 ptr[0] = name_len + 1;
873
874 memcpy(ptr + 2, hdev->dev_name, name_len);
875
876 ad_len += (name_len + 2);
877 ptr += (name_len + 2);
878 }
879
880 return ad_len;
f14d8f64
MH		 881}
882
ca21fbe9
FG		 883static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 instance,
884 u8 *ptr)
4117ed70 885{
ca21fbe9
FG		 886 struct adv_info *adv_instance;
887
888 adv_instance = hci_find_adv_instance(hdev, instance);
889 if (!adv_instance)
890 return 0;
891
4117ed70
AU		 892 /* TODO: Set the appropriate entries based on advertising instance flags
893 * here once flags other than 0 are supported.
894 */
ca21fbe9
FG		 895 memcpy(ptr, adv_instance->scan_rsp_data,
896 adv_instance->scan_rsp_len);
4117ed70 897
ca21fbe9 898 return adv_instance->scan_rsp_len;
4117ed70
AU		 899}
900
efae002c 901static void update_inst_scan_rsp_data(struct hci_request *req, u8 instance)
f14d8f64
MH		 902{
903 struct hci_dev *hdev = req->hdev;
904 struct hci_cp_le_set_scan_rsp_data cp;
905 u8 len;
906
d7a5a11d 907 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
f14d8f64
MH		 908 return;
909
910 memset(&cp, 0, sizeof(cp));
911
4117ed70 912 if (instance)
ca21fbe9 913 len = create_instance_scan_rsp_data(hdev, instance, cp.data);
4117ed70
AU		 914 else
915 len = create_default_scan_rsp_data(hdev, cp.data);
f14d8f64 916
eb438b5f 917 if (hdev->scan_rsp_data_len == len &&
4117ed70 918 !memcmp(cp.data, hdev->scan_rsp_data, len))
f14d8f64
MH		 919 return;
920
eb438b5f
JH		 921 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
922 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 923
924 cp.length = len;
925
926 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
927}
928
4117ed70
AU		 929static void update_scan_rsp_data(struct hci_request *req)
930{
efae002c 931 update_inst_scan_rsp_data(req, get_current_adv_instance(req->hdev));
4117ed70
AU		 932}
933
9a43e25f
JH		 934static u8 get_adv_discov_flags(struct hci_dev *hdev)
935{
3b0602cd 936 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 937
938 /* If there's a pending mgmt command the flags will not yet have
939 * their final values, so check for this first.
940 */
333ae95d 941 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 942 if (cmd) {
943 struct mgmt_mode *cp = cmd->param;
944 if (cp->val == 0x01)
945 return LE_AD_GENERAL;
946 else if (cp->val == 0x02)
947 return LE_AD_LIMITED;
948 } else {
d7a5a11d 949 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 950 return LE_AD_LIMITED;
d7a5a11d 951 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 952 return LE_AD_GENERAL;
953 }
954
955 return 0;
956}
957
fdf51784
AU		 958static bool get_connectable(struct hci_dev *hdev)
959{
960 struct mgmt_pending_cmd *cmd;
441ad2d0 961
fdf51784
AU		 962 /* If there's a pending mgmt command the flag will not yet have
963 * it's final value, so check for this first.
964 */
965 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
966 if (cmd) {
967 struct mgmt_mode *cp = cmd->param;
441ad2d0 968
fdf51784 969 return cp->val;
441ad2d0
MH		 970 }
971
fdf51784
AU		 972 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
973}
441ad2d0 974
fdf51784
AU		 975static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
976{
977 u32 flags;
411b4121 978 struct adv_info *adv_instance;
441ad2d0 979
bea28e65
FG		 980 if (instance == 0x00) {
981 /* Instance 0 always manages the "Tx Power" and "Flags"
982 * fields
983 */
984 flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS;
411b4121 985
bea28e65
FG		 986 /* For instance 0, the HCI_ADVERTISING_CONNECTABLE setting
987 * corresponds to the "connectable" instance flag.
988 */
989 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
990 flags |= MGMT_ADV_FLAG_CONNECTABLE;
fdf51784 991
bea28e65 992 return flags;
411b4121 993 }
fdf51784 994
bea28e65 995 adv_instance = hci_find_adv_instance(hdev, instance);
fdf51784 996
bea28e65
FG		 997 /* Return 0 when we got an invalid instance identifier. */
998 if (!adv_instance)
999 return 0;
fdf51784 1000
bea28e65 1001 return adv_instance->flags;
441ad2d0
MH		 1002}
1003
7b683b74 1004static u8 get_cur_adv_instance_scan_rsp_len(struct hci_dev *hdev)
c7d4883b 1005{
7b683b74
FG		 1006 u8 instance = get_current_adv_instance(hdev);
1007 struct adv_info *adv_instance;
1008
1009 /* Ignore instance 0 */
1010 if (instance == 0x00)
1011 return 0;
1012
1013 adv_instance = hci_find_adv_instance(hdev, instance);
1014 if (!adv_instance)
c7d4883b
AU		 1015 return 0;
1016
1017 /* TODO: Take into account the "appearance" and "local-name" flags here.
1018 * These are currently being ignored as they are not supported.
1019 */
7b683b74 1020 return adv_instance->scan_rsp_len;
c7d4883b
AU		 1021}
1022
fdf51784 1023static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
24b4f38f 1024{
f63ba24b 1025 struct adv_info *adv_instance = NULL;
b44133ff 1026 u8 ad_len = 0, flags = 0;
f63ba24b
FG		 1027 u32 instance_flags;
1028
1029 /* Return 0 when the current instance identifier is invalid. */
1030 if (instance) {
1031 adv_instance = hci_find_adv_instance(hdev, instance);
1032 if (!adv_instance)
1033 return 0;
1034 }
1035
1036 instance_flags = get_adv_instance_flags(hdev, instance);
b44133ff 1037
807ec772
AU		 1038 /* The Add Advertising command allows userspace to set both the general
1039 * and limited discoverable flags.
1040 */
fdf51784 1041 if (instance_flags & MGMT_ADV_FLAG_DISCOV)
b44133ff
AU		 1042 flags |= LE_AD_GENERAL;
1043
fdf51784 1044 if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV)
807ec772
AU		 1045 flags |= LE_AD_LIMITED;
1046
fdf51784 1047 if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) {
67e0c0cd
AU		 1048 /* If a discovery flag wasn't provided, simply use the global
1049 * settings.
1050 */
1051 if (!flags)
1052 flags |= get_adv_discov_flags(hdev);
1053
b44133ff
AU		 1054 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1055 flags |= LE_AD_NO_BREDR;
1056
fdf51784
AU		 1057 /* If flags would still be empty, then there is no need to
1058 * include the "Flags" AD field".
1059 */
1060 if (flags) {
1061 ptr[0] = 0x02;
1062 ptr[1] = EIR_FLAGS;
1063 ptr[2] = flags;
b44133ff 1064
fdf51784
AU		 1065 ad_len += 3;
1066 ptr += 3;
1067 }
b44133ff
AU		 1068 }
1069
f63ba24b
FG		 1070 if (adv_instance) {
1071 memcpy(ptr, adv_instance->adv_data,
1072 adv_instance->adv_data_len);
1073 ad_len += adv_instance->adv_data_len;
1074 ptr += adv_instance->adv_data_len;
38c8af60
MH		 1075 }
1076
fdf51784 1077 /* Provide Tx Power only if we can provide a valid value for it */
5507e358 1078 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID &&
fdf51784 1079 (instance_flags & MGMT_ADV_FLAG_TX_POWER)) {
5507e358
AU		 1080 ptr[0] = 0x02;
1081 ptr[1] = EIR_TX_POWER;
1082 ptr[2] = (u8)hdev->adv_tx_power;
1083
1084 ad_len += 3;
1085 ptr += 3;
1086 }
1087
b44133ff 1088 return ad_len;
24b4f38f
AU		 1089}
1090
efae002c 1091static void update_inst_adv_data(struct hci_request *req, u8 instance)
441ad2d0
MH		 1092{
1093 struct hci_dev *hdev = req->hdev;
1094 struct hci_cp_le_set_adv_data cp;
1095 u8 len;
1096
d7a5a11d 1097 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
441ad2d0
MH		 1098 return;
1099
1100 memset(&cp, 0, sizeof(cp));
1101
fdf51784 1102 len = create_instance_adv_data(hdev, instance, cp.data);
441ad2d0 1103
24b4f38f 1104 /* There's nothing to do if the data hasn't changed */
441ad2d0
MH		 1105 if (hdev->adv_data_len == len &&
1106 memcmp(cp.data, hdev->adv_data, len) == 0)
1107 return;
1108
1109 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1110 hdev->adv_data_len = len;
1111
1112 cp.length = len;
1113
1114 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1115}
1116
e7a685d3
AU		 1117static void update_adv_data(struct hci_request *req)
1118{
efae002c 1119 update_inst_adv_data(req, get_current_adv_instance(req->hdev));
24b4f38f
AU		 1120}
1121
bc6d2d04
JH		 1122int mgmt_update_adv_data(struct hci_dev *hdev)
1123{
1124 struct hci_request req;
1125
1126 hci_req_init(&req, hdev);
1127 update_adv_data(&req);
1128
1129 return hci_req_run(&req, NULL);
1130}
1131
ef580372
JH		 1132static void create_eir(struct hci_dev *hdev, u8 *data)
1133{
1134 u8 *ptr = data;
ef580372
JH		 1135 size_t name_len;
1136
1137 name_len = strlen(hdev->dev_name);
1138
1139 if (name_len > 0) {
1140 /* EIR Data type */
1141 if (name_len > 48) {
1142 name_len = 48;
1143 ptr[1] = EIR_NAME_SHORT;
1144 } else
1145 ptr[1] = EIR_NAME_COMPLETE;
1146
1147 /* EIR Data length */
1148 ptr[0] = name_len + 1;
1149
1150 memcpy(ptr + 2, hdev->dev_name, name_len);
1151
ef580372
JH		 1152 ptr += (name_len + 2);
1153 }
1154
bbaf444a 1155 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 1156 ptr[0] = 2;
1157 ptr[1] = EIR_TX_POWER;
1158 ptr[2] = (u8) hdev->inq_tx_power;
1159
91c4e9b1
MH		 1160 ptr += 3;
1161 }
1162
2b9be137
MH		 1163 if (hdev->devid_source > 0) {
1164 ptr[0] = 9;
1165 ptr[1] = EIR_DEVICE_ID;
1166
1167 put_unaligned_le16(hdev->devid_source, ptr + 2);
1168 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1169 put_unaligned_le16(hdev->devid_product, ptr + 6);
1170 put_unaligned_le16(hdev->devid_version, ptr + 8);
1171
2b9be137
MH		 1172 ptr += 10;
1173 }
1174
213202ed 1175 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 1176 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 1177 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 1178}
1179
890ea898 1180static void update_eir(struct hci_request *req)
ef580372 1181{
890ea898 1182 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1183 struct hci_cp_write_eir cp;
1184
504c8dcd 1185 if (!hdev_is_powered(hdev))
890ea898 1186 return;
7770c4aa 1187
976eb20e 1188 if (!lmp_ext_inq_capable(hdev))
890ea898 1189 return;
ef580372 1190
d7a5a11d 1191 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
890ea898 1192 return;
ef580372 1193
d7a5a11d 1194 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1195 return;
ef580372
JH		 1196
1197 memset(&cp, 0, sizeof(cp));
1198
1199 create_eir(hdev, cp.data);
1200
1201 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 1202 return;
ef580372
JH		 1203
1204 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1205
890ea898 1206 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 1207}
1208
1209static u8 get_service_classes(struct hci_dev *hdev)
1210{
1211 struct bt_uuid *uuid;
1212 u8 val = 0;
1213
1214 list_for_each_entry(uuid, &hdev->uuids, list)
1215 val |= uuid->svc_hint;
1216
1217 return val;
1218}
1219
890ea898 1220static void update_class(struct hci_request *req)
ef580372 1221{
890ea898 1222 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1223 u8 cod[3];
1224
1225 BT_DBG("%s", hdev->name);
1226
504c8dcd 1227 if (!hdev_is_powered(hdev))
890ea898 1228 return;
7770c4aa 1229
d7a5a11d 1230 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
f87ea1da
JH		 1231 return;
1232
d7a5a11d 1233 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1234 return;
ef580372
JH		 1235
1236 cod[0] = hdev->minor_class;
1237 cod[1] = hdev->major_class;
1238 cod[2] = get_service_classes(hdev);
1239
d7a5a11d 1240 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
6acd7db4
MH		 1241 cod[1] |= 0x20;
1242
ef580372 1243 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1244 return;
ef580372 1245
890ea898 1246 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1247}
1248
0ec5ae84
JH		 1249static void disable_advertising(struct hci_request *req)
1250{
1251 u8 enable = 0x00;
1252
1253 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1254}
1255
199a2fb1
JH		 1256static void enable_advertising(struct hci_request *req)
1257{
1258 struct hci_dev *hdev = req->hdev;
1259 struct hci_cp_le_set_adv_param cp;
8f2a0601 1260 u8 own_addr_type, enable = 0x01;
a4858cb9 1261 bool connectable;
e7a685d3
AU		 1262 u8 instance;
1263 u32 flags;
199a2fb1 1264
0ec5ae84
JH		 1265 if (hci_conn_num(hdev, LE_LINK) > 0)
1266 return;
1267
d7a5a11d 1268 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
0ec5ae84
JH		 1269 disable_advertising(req);
1270
5ce194c4 1271 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1272 * hci_update_random_address knows that it's safe to go ahead
1273 * and write a new random address. The flag will be set back on
1274 * as soon as the SET_ADV_ENABLE HCI command completes.
1275 */
a358dc11 1276 hci_dev_clear_flag(hdev, HCI_LE_ADV);
8d97250e 1277
e7a685d3
AU		 1278 instance = get_current_adv_instance(hdev);
1279 flags = get_adv_instance_flags(hdev, instance);
faccb950
AU		 1280
1281 /* If the "connectable" instance flag was not set, then choose between
1282 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
1283 */
1284 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
1285 get_connectable(hdev);
8f2a0601 1286
a4858cb9
JH		 1287 /* Set require_privacy to true only when non-connectable
1288 * advertising is used. In that case it is fine to use a
1289 * non-resolvable private address.
1290 */
1291 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1292 return;
1293
41c90c18 1294 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1295 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1296 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
c7d4883b
AU		 1297
1298 if (connectable)
1299 cp.type = LE_ADV_IND;
7b683b74 1300 else if (get_cur_adv_instance_scan_rsp_len(hdev))
c7d4883b
AU		 1301 cp.type = LE_ADV_SCAN_IND;
1302 else
1303 cp.type = LE_ADV_NONCONN_IND;
1304
8f2a0601 1305 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1306 cp.channel_map = hdev->le_adv_channel_map;
1307
1308 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1309
1310 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1311}
1312
7d78525d
JH		 1313static void service_cache_off(struct work_struct *work)
1314{
1315 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1316 service_cache.work);
890ea898 1317 struct hci_request req;
7d78525d 1318
a69d8927 1319 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 1320 return;
1321
890ea898
JH		 1322 hci_req_init(&req, hdev);
1323
7d78525d
JH		 1324 hci_dev_lock(hdev);
1325
890ea898
JH		 1326 update_eir(&req);
1327 update_class(&req);
7d78525d
JH		 1328
1329 hci_dev_unlock(hdev);
890ea898
JH		 1330
1331 hci_req_run(&req, NULL);
7d78525d
JH		 1332}
1333
d6bfd59c
JH		 1334static void rpa_expired(struct work_struct *work)
1335{
1336 struct hci_dev *hdev = container_of(work, struct hci_dev,
1337 rpa_expired.work);
1338 struct hci_request req;
1339
1340 BT_DBG("");
1341
a1536da2 1342 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 1343
d7a5a11d 1344 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 1345 return;
1346
1347 /* The generation of a new RPA and programming it into the
1348 * controller happens in the enable_advertising() function.
1349 */
d6bfd59c 1350 hci_req_init(&req, hdev);
d6bfd59c 1351 enable_advertising(&req);
d6bfd59c
JH		 1352 hci_req_run(&req, NULL);
1353}
1354
6a919082 1355static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1356{
238be788 1357 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 1358 return;
1359
4f87da80 1360 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1361 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1362
4f87da80
JH		 1363 /* Non-mgmt controlled devices get this bit set
1364 * implicitly so that pairing works for them, however
1365 * for mgmt we require user-space to explicitly enable
1366 * it
1367 */
a358dc11 1368 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 1369}
1370
0f4e68cf 1371static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1372 void *data, u16 data_len)
0381101f 1373{
a38528f1 1374 struct mgmt_rp_read_info rp;
f7b64e69 1375
bdb6d971 1376 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1377
09fd0de5 1378 hci_dev_lock(hdev);
f7b64e69 1379
dc4fe30b
JH		 1380 memset(&rp, 0, sizeof(rp));
1381
69ab39ea 1382 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1383
69ab39ea 1384 rp.version = hdev->hci_ver;
eb55ef07 1385 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1386
1387 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1388 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1389
a38528f1 1390 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1391
dc4fe30b 1392 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1393 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1394
09fd0de5 1395 hci_dev_unlock(hdev);
0381101f 1396
2a1afb5a
JH		 1397 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1398 sizeof(rp));
0381101f
JH		 1399}
1400
69ab39ea 1401static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1402{
69ab39ea 1403 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1404
2a1afb5a
JH		 1405 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1406 sizeof(settings));
8680570b
JH		 1407}
1408
1904a853 1409static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1410{
1411 BT_DBG("%s status 0x%02x", hdev->name, status);
1412
a3172b7e
JH		 1413 if (hci_conn_count(hdev) == 0) {
1414 cancel_delayed_work(&hdev->power_off);
8b064a3a 1415 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1416 }
8b064a3a
JH		 1417}
1418
912098a6
AU		 1419static void advertising_added(struct sock *sk, struct hci_dev *hdev,
1420 u8 instance)
1421{
1422 struct mgmt_ev_advertising_added ev;
1423
1424 ev.instance = instance;
1425
1426 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1427}
1428
1429static void advertising_removed(struct sock *sk, struct hci_dev *hdev,
1430 u8 instance)
1431{
1432 struct mgmt_ev_advertising_removed ev;
1433
1434 ev.instance = instance;
1435
1436 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1437}
1438
7816b820
FG		 1439static int schedule_adv_instance(struct hci_request *req, u8 instance,
1440 bool force) {
1441 struct hci_dev *hdev = req->hdev;
1442 struct adv_info *adv_instance = NULL;
1443 u16 timeout;
1444
1445 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
1446 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
1447 return -EPERM;
1448
1449 if (hdev->adv_instance_timeout)
1450 return -EBUSY;
1451
1452 adv_instance = hci_find_adv_instance(hdev, instance);
1453 if (!adv_instance)
1454 return -ENOENT;
1455
1456 /* A zero timeout means unlimited advertising. As long as there is
1457 * only one instance, duration should be ignored. We still set a timeout
1458 * in case further instances are being added later on.
1459 *
1460 * If the remaining lifetime of the instance is more than the duration
1461 * then the timeout corresponds to the duration, otherwise it will be
1462 * reduced to the remaining instance lifetime.
1463 */
1464 if (adv_instance->timeout == 0 ||
1465 adv_instance->duration <= adv_instance->remaining_time)
1466 timeout = adv_instance->duration;
1467 else
1468 timeout = adv_instance->remaining_time;
1469
1470 /* The remaining time is being reduced unless the instance is being
1471 * advertised without time limit.
1472 */
1473 if (adv_instance->timeout)
1474 adv_instance->remaining_time =
1475 adv_instance->remaining_time - timeout;
1476
1477 hdev->adv_instance_timeout = timeout;
1478 queue_delayed_work(hdev->workqueue,
1479 &hdev->adv_instance_expire,
1480 msecs_to_jiffies(timeout * 1000));
1481
1482 /* If we're just re-scheduling the same instance again then do not
1483 * execute any HCI commands. This happens when a single instance is
1484 * being advertised.
1485 */
1486 if (!force && hdev->cur_adv_instance == instance &&
1487 hci_dev_test_flag(hdev, HCI_LE_ADV))
1488 return 0;
1489
1490 hdev->cur_adv_instance = instance;
1491 update_adv_data(req);
1492 update_scan_rsp_data(req);
1493 enable_advertising(req);
1494
1495 return 0;
1496}
1497
1498static void cancel_adv_timeout(struct hci_dev *hdev)
1499{
1500 if (hdev->adv_instance_timeout) {
1501 hdev->adv_instance_timeout = 0;
1502 cancel_delayed_work(&hdev->adv_instance_expire);
1503 }
1504}
1505
847818d9
FG		 1506/* For a single instance:
1507 * - force == true: The instance will be removed even when its remaining
1508 * lifetime is not zero.
1509 * - force == false: the instance will be deactivated but kept stored unless
1510 * the remaining lifetime is zero.
1511 *
1512 * For instance == 0x00:
1513 * - force == true: All instances will be removed regardless of their timeout
1514 * setting.
1515 * - force == false: Only instances that have a timeout will be removed.
1516 */
1517static void clear_adv_instance(struct hci_dev *hdev, struct hci_request *req,
1518 u8 instance, bool force)
912098a6 1519{
847818d9
FG		 1520 struct adv_info *adv_instance, *n, *next_instance = NULL;
1521 int err;
1522 u8 rem_inst;
912098a6 1523
847818d9
FG		 1524 /* Cancel any timeout concerning the removed instance(s). */
1525 if (!instance || hdev->cur_adv_instance == instance)
1526 cancel_adv_timeout(hdev);
912098a6 1527
847818d9
FG		 1528 /* Get the next instance to advertise BEFORE we remove
1529 * the current one. This can be the same instance again
1530 * if there is only one instance.
1531 */
1532 if (instance && hdev->cur_adv_instance == instance)
1533 next_instance = hci_get_next_instance(hdev, instance);
912098a6 1534
847818d9
FG		 1535 if (instance == 0x00) {
1536 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances,
1537 list) {
1538 if (!(force || adv_instance->timeout))
1539 continue;
912098a6 1540
847818d9
FG		 1541 rem_inst = adv_instance->instance;
1542 err = hci_remove_adv_instance(hdev, rem_inst);
1543 if (!err)
1544 advertising_removed(NULL, hdev, rem_inst);
1545 }
1546 hdev->cur_adv_instance = 0x00;
1547 } else {
1548 adv_instance = hci_find_adv_instance(hdev, instance);
1549
1550 if (force || (adv_instance && adv_instance->timeout &&
1551 !adv_instance->remaining_time)) {
1552 /* Don't advertise a removed instance. */
1553 if (next_instance &&
1554 next_instance->instance == instance)
1555 next_instance = NULL;
1556
1557 err = hci_remove_adv_instance(hdev, instance);
1558 if (!err)
1559 advertising_removed(NULL, hdev, instance);
1560 }
1561 }
1562
1563 if (list_empty(&hdev->adv_instances)) {
1564 hdev->cur_adv_instance = 0x00;
1565 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
1566 }
1567
1568 if (!req || !hdev_is_powered(hdev) ||
912098a6
AU		 1569 hci_dev_test_flag(hdev, HCI_ADVERTISING))
1570 return;
1571
847818d9
FG		 1572 if (next_instance)
1573 schedule_adv_instance(req, next_instance->instance, false);
912098a6
AU		 1574}
1575
8b064a3a
JH		 1576static int clean_up_hci_state(struct hci_dev *hdev)
1577{
1578 struct hci_request req;
1579 struct hci_conn *conn;
23a48093
JH		 1580 bool discov_stopped;
1581 int err;
8b064a3a
JH		 1582
1583 hci_req_init(&req, hdev);
1584
1585 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1586 test_bit(HCI_PSCAN, &hdev->flags)) {
1587 u8 scan = 0x00;
1588 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1589 }
1590
847818d9 1591 clear_adv_instance(hdev, NULL, 0x00, false);
912098a6 1592
d7a5a11d 1593 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
8b064a3a
JH		 1594 disable_advertising(&req);
1595
2154d3f4 1596 discov_stopped = hci_req_stop_discovery(&req);
8b064a3a
JH		 1597
1598 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
89e0ccc8
JH		 1599 /* 0x15 == Terminated due to Power Off */
1600 __hci_abort_conn(&req, conn, 0x15);
8b064a3a
JH		 1601 }
1602
23a48093
JH		 1603 err = hci_req_run(&req, clean_up_hci_complete);
1604 if (!err && discov_stopped)
1605 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1606
1607 return err;
8b064a3a
JH		 1608}
1609
bdb6d971 1610static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1611 u16 len)
eec8d2bc 1612{
650f726d 1613 struct mgmt_mode *cp = data;
3b0602cd 1614 struct mgmt_pending_cmd *cmd;
4b34ee78 1615 int err;
eec8d2bc 1616
bdb6d971 1617 BT_DBG("request for %s", hdev->name);
eec8d2bc 1618
a7e80f25 1619 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1620 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1621 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1622
09fd0de5 1623 hci_dev_lock(hdev);
eec8d2bc 1624
333ae95d 1625 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1626 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1627 MGMT_STATUS_BUSY);
87b95ba6
JH		 1628 goto failed;
1629 }
1630
a69d8927 1631 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
f0d4b78a
MH		 1632 cancel_delayed_work(&hdev->power_off);
1633
1634 if (cp->val) {
a1d70450
JH		 1635 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1636 data, len);
1637 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1638 goto failed;
1639 }
1640 }
1641
4b34ee78 1642 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1643 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1644 goto failed;
1645 }
1646
2e58ef3e 1647 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1648 if (!cmd) {
1649 err = -ENOMEM;
eec8d2bc 1650 goto failed;
366a0336 1651 }
eec8d2bc 1652
8b064a3a 1653 if (cp->val) {
19202573 1654 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1655 err = 0;
1656 } else {
1657 /* Disconnect connections, stop scans, etc */
1658 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1659 if (!err)
1660 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1661 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1662
8b064a3a
JH		 1663 /* ENODATA means there were no HCI commands queued */
1664 if (err == -ENODATA) {
a3172b7e 1665 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1666 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1667 err = 0;
1668 }
1669 }
eec8d2bc
JH		 1670
1671failed:
09fd0de5 1672 hci_dev_unlock(hdev);
366a0336 1673 return err;
eec8d2bc
JH		 1674}
1675
beadb2bd
JH		 1676static int new_settings(struct hci_dev *hdev, struct sock *skip)
1677{
f6b7712e 1678 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1679
f6b7712e
MH		 1680 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1681 sizeof(ev), skip);
beadb2bd
JH		 1682}
1683
91a668b0
JH		 1684int mgmt_new_settings(struct hci_dev *hdev)
1685{
1686 return new_settings(hdev, NULL);
1687}
1688
bd99abdd
JH		 1689struct cmd_lookup {
1690 struct sock *sk;
1691 struct hci_dev *hdev;
1692 u8 mgmt_status;
1693};
1694
3b0602cd 1695static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1696{
1697 struct cmd_lookup *match = data;
1698
1699 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1700
1701 list_del(&cmd->list);
1702
1703 if (match->sk == NULL) {
1704 match->sk = cmd->sk;
1705 sock_hold(match->sk);
1706 }
1707
1708 mgmt_pending_free(cmd);
1709}
1710
3b0602cd 1711static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1712{
1713 u8 *status = data;
1714
a69e8375 1715 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1716 mgmt_pending_remove(cmd);
1717}
1718
3b0602cd 1719static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1720{
1721 if (cmd->cmd_complete) {
1722 u8 *status = data;
1723
1724 cmd->cmd_complete(cmd, *status);
1725 mgmt_pending_remove(cmd);
1726
1727 return;
1728 }
1729
1730 cmd_status_rsp(cmd, data);
1731}
1732
3b0602cd 1733static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1734{
2a1afb5a
JH		 1735 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1736 cmd->param, cmd->param_len);
f5818c22
JH		 1737}
1738
3b0602cd 1739static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1740{
2a1afb5a
JH		 1741 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1742 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1743}
1744
e6fe7986
JH		 1745static u8 mgmt_bredr_support(struct hci_dev *hdev)
1746{
1747 if (!lmp_bredr_capable(hdev))
1748 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1749 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1750 return MGMT_STATUS_REJECTED;
1751 else
1752 return MGMT_STATUS_SUCCESS;
1753}
1754
1755static u8 mgmt_le_support(struct hci_dev *hdev)
1756{
1757 if (!lmp_le_capable(hdev))
1758 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1759 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1760 return MGMT_STATUS_REJECTED;
1761 else
1762 return MGMT_STATUS_SUCCESS;
1763}
1764
1904a853
MH		 1765static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1766 u16 opcode)
bfaf8c9f 1767{
3b0602cd 1768 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1769 struct mgmt_mode *cp;
970ba524 1770 struct hci_request req;
bfaf8c9f
JH		 1771 bool changed;
1772
1773 BT_DBG("status 0x%02x", status);
1774
1775 hci_dev_lock(hdev);
1776
333ae95d 1777 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1778 if (!cmd)
1779 goto unlock;
1780
1781 if (status) {
1782 u8 mgmt_err = mgmt_status(status);
a69e8375 1783 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1784 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1785 goto remove_cmd;
1786 }
1787
1788 cp = cmd->param;
d4462a07 1789 if (cp->val) {
238be788 1790 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
d4462a07
MH		 1791
1792 if (hdev->discov_timeout > 0) {
1793 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1794 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1795 to);
1796 }
1797 } else {
a69d8927 1798 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
d4462a07 1799 }
bfaf8c9f
JH		 1800
1801 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1802
1803 if (changed)
1804 new_settings(hdev, cmd->sk);
1805
970ba524
MH		 1806 /* When the discoverable mode gets changed, make sure
1807 * that class of device has the limited discoverable
432df05e
JH		 1808 * bit correctly set. Also update page scan based on whitelist
1809 * entries.
970ba524
MH		 1810 */
1811 hci_req_init(&req, hdev);
1d2dc5b7 1812 __hci_update_page_scan(&req);
970ba524
MH		 1813 update_class(&req);
1814 hci_req_run(&req, NULL);
1815
bfaf8c9f
JH		 1816remove_cmd:
1817 mgmt_pending_remove(cmd);
1818
1819unlock:
1820 hci_dev_unlock(hdev);
1821}
1822
bdb6d971 1823static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1824 u16 len)
73f22f62 1825{
650f726d 1826 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1827 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1828 struct hci_request req;
5e5282bb 1829 u16 timeout;
9a43e25f 1830 u8 scan;
73f22f62
JH		 1831 int err;
1832
bdb6d971 1833 BT_DBG("request for %s", hdev->name);
73f22f62 1834
d7a5a11d
MH		 1835 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1836 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1837 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1838 MGMT_STATUS_REJECTED);
33c525c0 1839
310a3d48 1840 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1841 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1842 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1843
1f350c87 1844 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1845
1846 /* Disabling discoverable requires that no timeout is set,
1847 * and enabling limited discoverable requires a timeout.
1848 */
1849 if ((cp->val == 0x00 && timeout > 0) ||
1850 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1851 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1852 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1853
09fd0de5 1854 hci_dev_lock(hdev);
73f22f62 1855
5e5282bb 1856 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1857 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1858 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1859 goto failed;
1860 }
1861
333ae95d
JH		 1862 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1863 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1864 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1865 MGMT_STATUS_BUSY);
73f22f62
JH		 1866 goto failed;
1867 }
1868
d7a5a11d 1869 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1870 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1871 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1872 goto failed;
1873 }
1874
1875 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1876 bool changed = false;
1877
310a3d48
MH		 1878 /* Setting limited discoverable when powered off is
1879 * not a valid operation since it requires a timeout
1880 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1881 */
d7a5a11d 1882 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1883 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1884 changed = true;
1885 }
1886
5e5282bb 1887 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1888 if (err < 0)
1889 goto failed;
1890
1891 if (changed)
1892 err = new_settings(hdev, sk);
1893
5e5282bb
JH		 1894 goto failed;
1895 }
1896
310a3d48
MH		 1897 /* If the current mode is the same, then just update the timeout
1898 * value with the new value. And if only the timeout gets updated,
1899 * then no need for any HCI transactions.
1900 */
d7a5a11d
MH		 1901 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1902 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1903 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1904 cancel_delayed_work(&hdev->discov_off);
1905 hdev->discov_timeout = timeout;
955638ec 1906
36261547
MH		 1907 if (cp->val && hdev->discov_timeout > 0) {
1908 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1909 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1910 to);
955638ec
MH		 1911 }
1912
69ab39ea 1913 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1914 goto failed;
1915 }
1916
2e58ef3e 1917 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1918 if (!cmd) {
1919 err = -ENOMEM;
73f22f62 1920 goto failed;
366a0336 1921 }
73f22f62 1922
310a3d48
MH		 1923 /* Cancel any potential discoverable timeout that might be
1924 * still active and store new timeout value. The arming of
1925 * the timeout happens in the complete handler.
1926 */
1927 cancel_delayed_work(&hdev->discov_off);
1928 hdev->discov_timeout = timeout;
1929
b456f87c
JH		 1930 /* Limited discoverable mode */
1931 if (cp->val == 0x02)
a1536da2 1932 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1933 else
a358dc11 1934 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1935
bfaf8c9f
JH		 1936 hci_req_init(&req, hdev);
1937
9a43e25f
JH		 1938 /* The procedure for LE-only controllers is much simpler - just
1939 * update the advertising data.
1940 */
d7a5a11d 1941 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
9a43e25f
JH		 1942 goto update_ad;
1943
73f22f62
JH		 1944 scan = SCAN_PAGE;
1945
310a3d48
MH		 1946 if (cp->val) {
1947 struct hci_cp_write_current_iac_lap hci_cp;
1948
1949 if (cp->val == 0x02) {
1950 /* Limited discoverable mode */
33337dcb 1951 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1952 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1953 hci_cp.iac_lap[1] = 0x8b;
1954 hci_cp.iac_lap[2] = 0x9e;
1955 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1956 hci_cp.iac_lap[4] = 0x8b;
1957 hci_cp.iac_lap[5] = 0x9e;
1958 } else {
1959 /* General discoverable mode */
310a3d48
MH		 1960 hci_cp.num_iac = 1;
1961 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1962 hci_cp.iac_lap[1] = 0x8b;
1963 hci_cp.iac_lap[2] = 0x9e;
1964 }
1965
1966 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1967 (hci_cp.num_iac * 3) + 1, &hci_cp);
1968
73f22f62 1969 scan |= SCAN_INQUIRY;
310a3d48 1970 } else {
a358dc11 1971 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
310a3d48 1972 }
73f22f62 1973
310a3d48 1974 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1975
9a43e25f
JH		 1976update_ad:
1977 update_adv_data(&req);
1978
bfaf8c9f 1979 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1980 if (err < 0)
a664b5bc 1981 mgmt_pending_remove(cmd);
73f22f62
JH		 1982
1983failed:
09fd0de5 1984 hci_dev_unlock(hdev);
73f22f62
JH		 1985 return err;
1986}
1987
406d7804
JH		 1988static void write_fast_connectable(struct hci_request *req, bool enable)
1989{
bd98b996 1990 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1991 struct hci_cp_write_page_scan_activity acp;
1992 u8 type;
1993
d7a5a11d 1994 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
547003b1
JH		 1995 return;
1996
4c01f8b8
JH		 1997 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1998 return;
1999
406d7804
JH		 2000 if (enable) {
2001 type = PAGE_SCAN_TYPE_INTERLACED;
2002
2003 /* 160 msec page scan interval */
dcf4adbf 2004 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 2005 } else {
2006 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2007
2008 /* default 1.28 sec page scan */
dcf4adbf 2009 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 2010 }
2011
dcf4adbf 2012 acp.window = cpu_to_le16(0x0012);
406d7804 2013
bd98b996
JH		 2014 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
2015 __cpu_to_le16(hdev->page_scan_window) != acp.window)
2016 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2017 sizeof(acp), &acp);
2018
2019 if (hdev->page_scan_type != type)
2020 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 2021}
2022
1904a853
MH		 2023static void set_connectable_complete(struct hci_dev *hdev, u8 status,
2024 u16 opcode)
2b76f453 2025{
3b0602cd 2026 struct mgmt_pending_cmd *cmd;
d7b856f9 2027 struct mgmt_mode *cp;
bc6d2d04 2028 bool conn_changed, discov_changed;
2b76f453
JH		 2029
2030 BT_DBG("status 0x%02x", status);
2031
2032 hci_dev_lock(hdev);
2033
333ae95d 2034 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 2035 if (!cmd)
2036 goto unlock;
2037
37438c1f
JH		 2038 if (status) {
2039 u8 mgmt_err = mgmt_status(status);
a69e8375 2040 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 2041 goto remove_cmd;
2042 }
2043
d7b856f9 2044 cp = cmd->param;
bc6d2d04 2045 if (cp->val) {
238be788
MH		 2046 conn_changed = !hci_dev_test_and_set_flag(hdev,
2047 HCI_CONNECTABLE);
bc6d2d04
JH		 2048 discov_changed = false;
2049 } else {
a69d8927
MH		 2050 conn_changed = hci_dev_test_and_clear_flag(hdev,
2051 HCI_CONNECTABLE);
2052 discov_changed = hci_dev_test_and_clear_flag(hdev,
2053 HCI_DISCOVERABLE);
bc6d2d04 2054 }
d7b856f9 2055
2b76f453
JH		 2056 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
2057
bc6d2d04 2058 if (conn_changed || discov_changed) {
d7b856f9 2059 new_settings(hdev, cmd->sk);
1d2dc5b7 2060 hci_update_page_scan(hdev);
bc6d2d04
JH		 2061 if (discov_changed)
2062 mgmt_update_adv_data(hdev);
2b7be33e
JH		 2063 hci_update_background_scan(hdev);
2064 }
d7b856f9 2065
37438c1f 2066remove_cmd:
2b76f453
JH		 2067 mgmt_pending_remove(cmd);
2068
2069unlock:
2070 hci_dev_unlock(hdev);
2071}
2072
e8ba3a1f
JH		 2073static int set_connectable_update_settings(struct hci_dev *hdev,
2074 struct sock *sk, u8 val)
2075{
2076 bool changed = false;
2077 int err;
2078
d7a5a11d 2079 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 2080 changed = true;
2081
2082 if (val) {
a1536da2 2083 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 2084 } else {
a358dc11
MH		 2085 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
2086 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 2087 }
2088
2089 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
2090 if (err < 0)
2091 return err;
2092
562064e6 2093 if (changed) {
1d2dc5b7 2094 hci_update_page_scan(hdev);
562064e6 2095 hci_update_background_scan(hdev);
e8ba3a1f 2096 return new_settings(hdev, sk);
562064e6 2097 }
e8ba3a1f
JH		 2098
2099 return 0;
2100}
2101
bdb6d971 2102static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2103 u16 len)
9fbcbb45 2104{
650f726d 2105 struct mgmt_mode *cp = data;
3b0602cd 2106 struct mgmt_pending_cmd *cmd;
2b76f453 2107 struct hci_request req;
1987fdc7 2108 u8 scan;
9fbcbb45
JH		 2109 int err;
2110
bdb6d971 2111 BT_DBG("request for %s", hdev->name);
9fbcbb45 2112
d7a5a11d
MH		 2113 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2114 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 2115 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2116 MGMT_STATUS_REJECTED);
33c525c0 2117
a7e80f25 2118 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2119 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2120 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2121
09fd0de5 2122 hci_dev_lock(hdev);
9fbcbb45 2123
4b34ee78 2124 if (!hdev_is_powered(hdev)) {
e8ba3a1f 2125 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 2126 goto failed;
2127 }
2128
333ae95d
JH		 2129 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
2130 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 2131 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2132 MGMT_STATUS_BUSY);
9fbcbb45
JH		 2133 goto failed;
2134 }
2135
2e58ef3e 2136 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 2137 if (!cmd) {
2138 err = -ENOMEM;
9fbcbb45 2139 goto failed;
366a0336 2140 }
9fbcbb45 2141
9b74246f 2142 hci_req_init(&req, hdev);
9fbcbb45 2143
9a43e25f
JH		 2144 /* If BR/EDR is not enabled and we disable advertising as a
2145 * by-product of disabling connectable, we need to update the
2146 * advertising flags.
2147 */
d7a5a11d 2148 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
9a43e25f 2149 if (!cp->val) {
a358dc11
MH		 2150 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2151 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
9a43e25f
JH		 2152 }
2153 update_adv_data(&req);
2154 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 2155 if (cp->val) {
2156 scan = SCAN_PAGE;
2157 } else {
3bd27240
JH		 2158 /* If we don't have any whitelist entries just
2159 * disable all scanning. If there are entries
2160 * and we had both page and inquiry scanning
2161 * enabled then fall back to only page scanning.
2162 * Otherwise no changes are needed.
2163 */
2164 if (list_empty(&hdev->whitelist))
2165 scan = SCAN_DISABLED;
2166 else if (test_bit(HCI_ISCAN, &hdev->flags))
2167 scan = SCAN_PAGE;
2168 else
2169 goto no_scan_update;
9b74246f
JH		 2170
2171 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 2172 hdev->discov_timeout > 0)
9b74246f
JH		 2173 cancel_delayed_work(&hdev->discov_off);
2174 }
2b76f453 2175
9b74246f
JH		 2176 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2177 }
2b76f453 2178
3bd27240 2179no_scan_update:
e8b1202c 2180 /* Update the advertising parameters if necessary */
880897d4
AU		 2181 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2182 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
1987fdc7 2183 enable_advertising(&req);
1987fdc7 2184
2b76f453 2185 err = hci_req_run(&req, set_connectable_complete);
9b74246f 2186 if (err < 0) {
a664b5bc 2187 mgmt_pending_remove(cmd);
9b74246f 2188 if (err == -ENODATA)
a81070ba
JH		 2189 err = set_connectable_update_settings(hdev, sk,
2190 cp->val);
9b74246f
JH		 2191 goto failed;
2192 }
9fbcbb45
JH		 2193
2194failed:
09fd0de5 2195 hci_dev_unlock(hdev);
9fbcbb45
JH		 2196 return err;
2197}
2198
b2939475 2199static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2200 u16 len)
c542a06c 2201{
650f726d 2202 struct mgmt_mode *cp = data;
55594356 2203 bool changed;
c542a06c
JH		 2204 int err;
2205
bdb6d971 2206 BT_DBG("request for %s", hdev->name);
c542a06c 2207
a7e80f25 2208 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2209 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2210 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2211
09fd0de5 2212 hci_dev_lock(hdev);
c542a06c
JH		 2213
2214 if (cp->val)
238be788 2215 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 2216 else
a69d8927 2217 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 2218
b2939475 2219 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 2220 if (err < 0)
55594356 2221 goto unlock;
c542a06c 2222
55594356
MH		 2223 if (changed)
2224 err = new_settings(hdev, sk);
c542a06c 2225
55594356 2226unlock:
09fd0de5 2227 hci_dev_unlock(hdev);
c542a06c
JH		 2228 return err;
2229}
2230
04124681
GP		 2231static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2232 u16 len)
33ef95ed
JH		 2233{
2234 struct mgmt_mode *cp = data;
3b0602cd 2235 struct mgmt_pending_cmd *cmd;
e6fe7986 2236 u8 val, status;
33ef95ed
JH		 2237 int err;
2238
bdb6d971 2239 BT_DBG("request for %s", hdev->name);
33ef95ed 2240
e6fe7986
JH		 2241 status = mgmt_bredr_support(hdev);
2242 if (status)
a69e8375
JH		 2243 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2244 status);
33c525c0 2245
a7e80f25 2246 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2247 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2248 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2249
33ef95ed
JH		 2250 hci_dev_lock(hdev);
2251
4b34ee78 2252 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2253 bool changed = false;
2254
d7a5a11d 2255 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 2256 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 2257 changed = true;
2258 }
2259
2260 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2261 if (err < 0)
2262 goto failed;
2263
2264 if (changed)
2265 err = new_settings(hdev, sk);
2266
33ef95ed
JH		 2267 goto failed;
2268 }
2269
333ae95d 2270 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 2271 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2272 MGMT_STATUS_BUSY);
33ef95ed
JH		 2273 goto failed;
2274 }
2275
2276 val = !!cp->val;
2277
2278 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2279 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2280 goto failed;
2281 }
2282
2283 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2284 if (!cmd) {
2285 err = -ENOMEM;
2286 goto failed;
2287 }
2288
2289 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2290 if (err < 0) {
2291 mgmt_pending_remove(cmd);
2292 goto failed;
2293 }
2294
2295failed:
2296 hci_dev_unlock(hdev);
33ef95ed
JH		 2297 return err;
2298}
2299
bdb6d971 2300static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2301{
2302 struct mgmt_mode *cp = data;
3b0602cd 2303 struct mgmt_pending_cmd *cmd;
72ef0c1a 2304 u8 status;
ed2c4ee3
JH		 2305 int err;
2306
bdb6d971 2307 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2308
cdba5281
MH		 2309 status = mgmt_bredr_support(hdev);
2310 if (status)
a69e8375 2311 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 2312
13ecd8b6 2313 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2314 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2315 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2316
a7e80f25 2317 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2318 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2319 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2320
13ecd8b6 2321 hci_dev_lock(hdev);
6c8f12c1 2322
4b34ee78 2323 if (!hdev_is_powered(hdev)) {
9ecb3e24 2324 bool changed;
c0ecddc2 2325
9ecb3e24 2326 if (cp->val) {
238be788
MH		 2327 changed = !hci_dev_test_and_set_flag(hdev,
2328 HCI_SSP_ENABLED);
9ecb3e24 2329 } else {
a69d8927
MH		 2330 changed = hci_dev_test_and_clear_flag(hdev,
2331 HCI_SSP_ENABLED);
9ecb3e24 2332 if (!changed)
a69d8927
MH		 2333 changed = hci_dev_test_and_clear_flag(hdev,
2334 HCI_HS_ENABLED);
9ecb3e24 2335 else
a358dc11 2336 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 2337 }
2338
2339 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2340 if (err < 0)
2341 goto failed;
2342
2343 if (changed)
2344 err = new_settings(hdev, sk);
2345
ed2c4ee3
JH		 2346 goto failed;
2347 }
2348
333ae95d 2349 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2350 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2351 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2352 goto failed;
2353 }
2354
d7a5a11d 2355 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 2356 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2357 goto failed;
2358 }
2359
2360 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2361 if (!cmd) {
2362 err = -ENOMEM;
2363 goto failed;
2364 }
2365
d7a5a11d 2366 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 2367 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2368 sizeof(cp->val), &cp->val);
2369
72ef0c1a 2370 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2371 if (err < 0) {
2372 mgmt_pending_remove(cmd);
2373 goto failed;
2374 }
2375
2376failed:
2377 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2378 return err;
2379}
2380
bdb6d971 2381static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2382{
2383 struct mgmt_mode *cp = data;
ee392693 2384 bool changed;
e6fe7986 2385 u8 status;
ee392693 2386 int err;
6d80dfd0 2387
bdb6d971 2388 BT_DBG("request for %s", hdev->name);
6d80dfd0 2389
e6fe7986
JH		 2390 status = mgmt_bredr_support(hdev);
2391 if (status)
a69e8375 2392 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2393
9ecb3e24 2394 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2395 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2396 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 2397
d7a5a11d 2398 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 2399 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2400 MGMT_STATUS_REJECTED);
9ecb3e24 2401
a7e80f25 2402 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2403 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2404 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2405
ee392693
MH		 2406 hci_dev_lock(hdev);
2407
333ae95d 2408 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2409 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2410 MGMT_STATUS_BUSY);
a2cb01de
JH		 2411 goto unlock;
2412 }
2413
a0cdf960 2414 if (cp->val) {
238be788 2415 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 2416 } else {
2417 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2418 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2419 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2420 goto unlock;
2421 }
2422
a69d8927 2423 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 2424 }
ee392693
MH		 2425
2426 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2427 if (err < 0)
2428 goto unlock;
2429
2430 if (changed)
2431 err = new_settings(hdev, sk);
6d80dfd0 2432
ee392693
MH		 2433unlock:
2434 hci_dev_unlock(hdev);
2435 return err;
6d80dfd0
JH		 2436}
2437
1904a853 2438static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2439{
2440 struct cmd_lookup match = { NULL, hdev };
2441
3ad67582
JK		 2442 hci_dev_lock(hdev);
2443
416a4ae5
JH		 2444 if (status) {
2445 u8 mgmt_err = mgmt_status(status);
2446
2447 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2448 &mgmt_err);
3ad67582 2449 goto unlock;
416a4ae5
JH		 2450 }
2451
2452 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2453
2454 new_settings(hdev, match.sk);
2455
2456 if (match.sk)
2457 sock_put(match.sk);
441ad2d0
MH		 2458
2459 /* Make sure the controller has a good default for
2460 * advertising data. Restrict the update to when LE
2461 * has actually been enabled. During power on, the
2462 * update in powered_update_hci will take care of it.
2463 */
d7a5a11d 2464 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 2465 struct hci_request req;
2466
441ad2d0 2467 hci_req_init(&req, hdev);
5947f4bc 2468 update_adv_data(&req);
f14d8f64 2469 update_scan_rsp_data(&req);
441ad2d0 2470 hci_req_run(&req, NULL);
2e93e53b 2471 hci_update_background_scan(hdev);
441ad2d0 2472 }
3ad67582
JK		 2473
2474unlock:
2475 hci_dev_unlock(hdev);
416a4ae5
JH		 2476}
2477
bdb6d971 2478static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2479{
2480 struct mgmt_mode *cp = data;
2481 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 2482 struct mgmt_pending_cmd *cmd;
416a4ae5 2483 struct hci_request req;
06199cf8 2484 int err;
0b60eba1 2485 u8 val, enabled;
06199cf8 2486
bdb6d971 2487 BT_DBG("request for %s", hdev->name);
06199cf8 2488
13ecd8b6 2489 if (!lmp_le_capable(hdev))
a69e8375
JH		 2490 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2491 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2492
a7e80f25 2493 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2494 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2495 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2496
e7844ee5
MH		 2497 /* Bluetooth single mode LE only controllers or dual-mode
2498 * controllers configured as LE only devices, do not allow
2499 * switching LE off. These have either LE enabled explicitly
2500 * or BR/EDR has been previously switched off.
2501 *
2502 * When trying to enable an already enabled LE, then gracefully
2503 * send a positive response. Trying to disable it however will
2504 * result into rejection.
2505 */
2506 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2507 if (cp->val == 0x01)
2508 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2509
a69e8375
JH		 2510 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2511 MGMT_STATUS_REJECTED);
e7844ee5 2512 }
c73eee91 2513
13ecd8b6 2514 hci_dev_lock(hdev);
06199cf8
JH		 2515
2516 val = !!cp->val;
ffa88e02 2517 enabled = lmp_host_le_capable(hdev);
06199cf8 2518
847818d9
FG		 2519 if (!val)
2520 clear_adv_instance(hdev, NULL, 0x00, true);
2521
0b60eba1 2522 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2523 bool changed = false;
2524
d7a5a11d 2525 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 2526 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 2527 changed = true;
2528 }
2529
d7a5a11d 2530 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 2531 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 2532 changed = true;
2533 }
2534
06199cf8
JH		 2535 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2536 if (err < 0)
1de028ce 2537 goto unlock;
06199cf8
JH		 2538
2539 if (changed)
2540 err = new_settings(hdev, sk);
2541
1de028ce 2542 goto unlock;
06199cf8
JH		 2543 }
2544
333ae95d
JH		 2545 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2546 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2547 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2548 MGMT_STATUS_BUSY);
1de028ce 2549 goto unlock;
06199cf8
JH		 2550 }
2551
2552 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2553 if (!cmd) {
2554 err = -ENOMEM;
1de028ce 2555 goto unlock;
06199cf8
JH		 2556 }
2557
441ad2d0
MH		 2558 hci_req_init(&req, hdev);
2559
06199cf8
JH		 2560 memset(&hci_cp, 0, sizeof(hci_cp));
2561
2562 if (val) {
2563 hci_cp.le = val;
32226e4f 2564 hci_cp.simul = 0x00;
441ad2d0 2565 } else {
d7a5a11d 2566 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
441ad2d0 2567 disable_advertising(&req);
06199cf8
JH		 2568 }
2569
416a4ae5
JH		 2570 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2571 &hci_cp);
2572
2573 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2574 if (err < 0)
06199cf8 2575 mgmt_pending_remove(cmd);
06199cf8 2576
1de028ce
JH		 2577unlock:
2578 hci_dev_unlock(hdev);
06199cf8
JH		 2579 return err;
2580}
2581
0cab9c80
JH		 2582/* This is a helper function to test for pending mgmt commands that can
2583 * cause CoD or EIR HCI commands. We can only allow one such pending
2584 * mgmt command at a time since otherwise we cannot easily track what
2585 * the current values are, will be, and based on that calculate if a new
2586 * HCI command needs to be sent and if yes with what value.
2587 */
2588static bool pending_eir_or_class(struct hci_dev *hdev)
2589{
3b0602cd 2590 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2591
2592 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2593 switch (cmd->opcode) {
2594 case MGMT_OP_ADD_UUID:
2595 case MGMT_OP_REMOVE_UUID:
2596 case MGMT_OP_SET_DEV_CLASS:
2597 case MGMT_OP_SET_POWERED:
2598 return true;
2599 }
2600 }
2601
2602 return false;
2603}
2604
83be8eca
JH		 2605static const u8 bluetooth_base_uuid[] = {
2606 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2607 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2608};
2609
2610static u8 get_uuid_size(const u8 *uuid)
2611{
2612 u32 val;
2613
2614 if (memcmp(uuid, bluetooth_base_uuid, 12))
2615 return 128;
2616
2617 val = get_unaligned_le32(&uuid[12]);
2618 if (val > 0xffff)
2619 return 32;
2620
2621 return 16;
2622}
2623
92da6097
JH		 2624static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2625{
3b0602cd 2626 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2627
2628 hci_dev_lock(hdev);
2629
333ae95d 2630 cmd = pending_find(mgmt_op, hdev);
92da6097
JH		 2631 if (!cmd)
2632 goto unlock;
2633
2a1afb5a
JH		 2634 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2635 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2636
2637 mgmt_pending_remove(cmd);
2638
2639unlock:
2640 hci_dev_unlock(hdev);
2641}
2642
1904a853 2643static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2644{
2645 BT_DBG("status 0x%02x", status);
2646
2647 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2648}
2649
bdb6d971 2650static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2651{
650f726d 2652 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2653 struct mgmt_pending_cmd *cmd;
890ea898 2654 struct hci_request req;
2aeb9a1a 2655 struct bt_uuid *uuid;
2aeb9a1a
JH		 2656 int err;
2657
bdb6d971 2658 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2659
09fd0de5 2660 hci_dev_lock(hdev);
2aeb9a1a 2661
0cab9c80 2662 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2663 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2664 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2665 goto failed;
2666 }
2667
92c4c204 2668 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2669 if (!uuid) {
2670 err = -ENOMEM;
2671 goto failed;
2672 }
2673
2674 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2675 uuid->svc_hint = cp->svc_hint;
83be8eca 2676 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2677
de66aa63 2678 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2679
890ea898 2680 hci_req_init(&req, hdev);
1aff6f09 2681
890ea898
JH		 2682 update_class(&req);
2683 update_eir(&req);
2684
92da6097
JH		 2685 err = hci_req_run(&req, add_uuid_complete);
2686 if (err < 0) {
2687 if (err != -ENODATA)
2688 goto failed;
80a1e1db 2689
2a1afb5a
JH		 2690 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2691 hdev->dev_class, 3);
90e70454
JH		 2692 goto failed;
2693 }
2694
2695 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2696 if (!cmd) {
90e70454 2697 err = -ENOMEM;
890ea898
JH		 2698 goto failed;
2699 }
2700
2701 err = 0;
2aeb9a1a
JH		 2702
2703failed:
09fd0de5 2704 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2705 return err;
2706}
2707
24b78d0f
JH		 2708static bool enable_service_cache(struct hci_dev *hdev)
2709{
2710 if (!hdev_is_powered(hdev))
2711 return false;
2712
238be788 2713 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2714 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2715 CACHE_TIMEOUT);
24b78d0f
JH		 2716 return true;
2717 }
2718
2719 return false;
2720}
2721
1904a853 2722static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2723{
2724 BT_DBG("status 0x%02x", status);
2725
2726 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2727}
2728
bdb6d971 2729static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2730 u16 len)
2aeb9a1a 2731{
650f726d 2732 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2733 struct mgmt_pending_cmd *cmd;
056341c8 2734 struct bt_uuid *match, *tmp;
2aeb9a1a 2735 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2736 struct hci_request req;
2aeb9a1a
JH		 2737 int err, found;
2738
bdb6d971 2739 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2740
09fd0de5 2741 hci_dev_lock(hdev);
2aeb9a1a 2742
0cab9c80 2743 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2744 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2745 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2746 goto unlock;
2747 }
2748
2aeb9a1a 2749 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2750 hci_uuids_clear(hdev);
4004b6d9 2751
24b78d0f 2752 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2753 err = mgmt_cmd_complete(sk, hdev->id,
2754 MGMT_OP_REMOVE_UUID,
2755 0, hdev->dev_class, 3);
24b78d0f
JH		 2756 goto unlock;
2757 }
4004b6d9 2758
9246a869 2759 goto update_class;
2aeb9a1a
JH		 2760 }
2761
2762 found = 0;
2763
056341c8 2764 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2765 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2766 continue;
2767
2768 list_del(&match->list);
482049f7 2769 kfree(match);
2aeb9a1a
JH		 2770 found++;
2771 }
2772
2773 if (found == 0) {
a69e8375
JH		 2774 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2775 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2776 goto unlock;
2777 }
2778
9246a869 2779update_class:
890ea898 2780 hci_req_init(&req, hdev);
1aff6f09 2781
890ea898
JH		 2782 update_class(&req);
2783 update_eir(&req);
2784
92da6097
JH		 2785 err = hci_req_run(&req, remove_uuid_complete);
2786 if (err < 0) {
2787 if (err != -ENODATA)
2788 goto unlock;
80a1e1db 2789
2a1afb5a
JH		 2790 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2791 hdev->dev_class, 3);
90e70454
JH		 2792 goto unlock;
2793 }
2794
2795 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2796 if (!cmd) {
90e70454 2797 err = -ENOMEM;
890ea898
JH		 2798 goto unlock;
2799 }
2800
2801 err = 0;
2aeb9a1a
JH		 2802
2803unlock:
09fd0de5 2804 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2805 return err;
2806}
2807
1904a853 2808static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2809{
2810 BT_DBG("status 0x%02x", status);
2811
2812 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2813}
2814
bdb6d971 2815static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2816 u16 len)
1aff6f09 2817{
650f726d 2818 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2819 struct mgmt_pending_cmd *cmd;
890ea898 2820 struct hci_request req;
1aff6f09
JH		 2821 int err;
2822
bdb6d971 2823 BT_DBG("request for %s", hdev->name);
1aff6f09 2824
6203fc98 2825 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2826 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2827 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2828
0cab9c80 2829 hci_dev_lock(hdev);
ee98f473 2830
0cab9c80 2831 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2832 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2833 MGMT_STATUS_BUSY);
0cab9c80
JH		 2834 goto unlock;
2835 }
c95f0ba7 2836
0cab9c80 2837 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2838 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2839 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2840 goto unlock;
2841 }
575b3a02 2842
932f5ff5
JH		 2843 hdev->major_class = cp->major;
2844 hdev->minor_class = cp->minor;
2845
b5235a65 2846 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2847 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2848 hdev->dev_class, 3);
b5235a65
JH		 2849 goto unlock;
2850 }
2851
890ea898
JH		 2852 hci_req_init(&req, hdev);
2853
a69d8927 2854 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2855 hci_dev_unlock(hdev);
2856 cancel_delayed_work_sync(&hdev->service_cache);
2857 hci_dev_lock(hdev);
890ea898 2858 update_eir(&req);
7d78525d 2859 }
14c0b608 2860
890ea898
JH		 2861 update_class(&req);
2862
92da6097
JH		 2863 err = hci_req_run(&req, set_class_complete);
2864 if (err < 0) {
2865 if (err != -ENODATA)
2866 goto unlock;
1aff6f09 2867
2a1afb5a
JH		 2868 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2869 hdev->dev_class, 3);
90e70454
JH		 2870 goto unlock;
2871 }
2872
2873 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2874 if (!cmd) {
90e70454 2875 err = -ENOMEM;
890ea898
JH		 2876 goto unlock;
2877 }
2878
2879 err = 0;
1aff6f09 2880
b5235a65 2881unlock:
09fd0de5 2882 hci_dev_unlock(hdev);
1aff6f09
JH		 2883 return err;
2884}
2885
bdb6d971 2886static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2887 u16 len)
55ed8ca1 2888{
650f726d 2889 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2890 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2891 sizeof(struct mgmt_link_key_info));
4e51eae9 2892 u16 key_count, expected_len;
b1de97d8 2893 bool changed;
a492cd52 2894 int i;
55ed8ca1 2895
9060d5cf
MH		 2896 BT_DBG("request for %s", hdev->name);
2897
2898 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2899 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2900 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2901
1f350c87 2902 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2903 if (key_count > max_key_count) {
2904 BT_ERR("load_link_keys: too big key_count value %u",
2905 key_count);
a69e8375
JH		 2906 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2907 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2908 }
55ed8ca1 2909
86742e1e
JH		 2910 expected_len = sizeof(*cp) + key_count *
2911 sizeof(struct mgmt_link_key_info);
a492cd52 2912 if (expected_len != len) {
86742e1e 2913 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2914 expected_len, len);
a69e8375
JH		 2915 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2916 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2917 }
2918
4ae14301 2919 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2920 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2921 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2922
bdb6d971 2923 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2924 key_count);
55ed8ca1 2925
4ee71b20
JH		 2926 for (i = 0; i < key_count; i++) {
2927 struct mgmt_link_key_info *key = &cp->keys[i];
2928
8e991132 2929 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2930 return mgmt_cmd_status(sk, hdev->id,
2931 MGMT_OP_LOAD_LINK_KEYS,
2932 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2933 }
2934
09fd0de5 2935 hci_dev_lock(hdev);
55ed8ca1
JH		 2936
2937 hci_link_keys_clear(hdev);
2938
55ed8ca1 2939 if (cp->debug_keys)
238be788 2940 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2941 else
a69d8927
MH		 2942 changed = hci_dev_test_and_clear_flag(hdev,
2943 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2944
2945 if (changed)
2946 new_settings(hdev, NULL);
55ed8ca1 2947
a492cd52 2948 for (i = 0; i < key_count; i++) {
86742e1e 2949 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2950
58e9293c
JH		 2951 /* Always ignore debug keys and require a new pairing if
2952 * the user wants to use them.
2953 */
2954 if (key->type == HCI_LK_DEBUG_COMBINATION)
2955 continue;
2956
7652ff6a
JH		 2957 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2958 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2959 }
2960
2a1afb5a 2961 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2962
09fd0de5 2963 hci_dev_unlock(hdev);
55ed8ca1 2964
a492cd52 2965 return 0;
55ed8ca1
JH		 2966}
2967
b1078ad0 2968static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2969 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2970{
2971 struct mgmt_ev_device_unpaired ev;
2972
2973 bacpy(&ev.addr.bdaddr, bdaddr);
2974 ev.addr.type = addr_type;
2975
2976 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2977 skip_sk);
b1078ad0
JH		 2978}
2979
bdb6d971 2980static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2981 u16 len)
55ed8ca1 2982{
124f6e35
JH		 2983 struct mgmt_cp_unpair_device *cp = data;
2984 struct mgmt_rp_unpair_device rp;
fc64361a 2985 struct hci_conn_params *params;
3b0602cd 2986 struct mgmt_pending_cmd *cmd;
55ed8ca1 2987 struct hci_conn *conn;
ec182f03 2988 u8 addr_type;
55ed8ca1
JH		 2989 int err;
2990
a8a1d19e 2991 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2992 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2993 rp.addr.type = cp->addr.type;
a8a1d19e 2994
4ee71b20 2995 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2996 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2997 MGMT_STATUS_INVALID_PARAMS,
2998 &rp, sizeof(rp));
4ee71b20 2999
118da70b 3000 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 3001 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3002 MGMT_STATUS_INVALID_PARAMS,
3003 &rp, sizeof(rp));
118da70b 3004
4ee71b20
JH		 3005 hci_dev_lock(hdev);
3006
86a8cfc6 3007 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3008 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3009 MGMT_STATUS_NOT_POWERED, &rp,
3010 sizeof(rp));
86a8cfc6
JH		 3011 goto unlock;
3012 }
3013
e0b2b27e 3014 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 3015 /* If disconnection is requested, then look up the
3016 * connection. If the remote device is connected, it
3017 * will be later used to terminate the link.
3018 *
3019 * Setting it to NULL explicitly will cause no
3020 * termination of the link.
3021 */
3022 if (cp->disconnect)
3023 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3024 &cp->addr.bdaddr);
3025 else
3026 conn = NULL;
3027
124f6e35 3028 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
ec182f03
JH		 3029 if (err < 0) {
3030 err = mgmt_cmd_complete(sk, hdev->id,
3031 MGMT_OP_UNPAIR_DEVICE,
3032 MGMT_STATUS_NOT_PAIRED, &rp,
3033 sizeof(rp));
3034 goto unlock;
89cbb063
AA		 3035 }
3036
ec182f03 3037 goto done;
e0b2b27e 3038 }
b0dbfb46 3039
ec182f03
JH		 3040 /* LE address type */
3041 addr_type = le_addr_type(cp->addr.type);
3042
3043 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
3044
3045 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
55ed8ca1 3046 if (err < 0) {
2a1afb5a
JH		 3047 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3048 MGMT_STATUS_NOT_PAIRED, &rp,
3049 sizeof(rp));
55ed8ca1
JH		 3050 goto unlock;
3051 }
3052
ec182f03
JH		 3053 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
3054 if (!conn) {
3055 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
3056 goto done;
3057 }
3058
c81d555a
JH		 3059 /* Abort any ongoing SMP pairing */
3060 smp_cancel_pairing(conn);
3061
ec182f03
JH		 3062 /* Defer clearing up the connection parameters until closing to
3063 * give a chance of keeping them if a repairing happens.
3064 */
3065 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3066
fc64361a
JH		 3067 /* Disable auto-connection parameters if present */
3068 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
3069 if (params) {
3070 if (params->explicit_connect)
3071 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
3072 else
3073 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3074 }
3075
ec182f03
JH		 3076 /* If disconnection is not requested, then clear the connection
3077 * variable so that the link is not terminated.
3078 */
3079 if (!cp->disconnect)
3080 conn = NULL;
3081
3082done:
89cbb063
AA		 3083 /* If the connection variable is set, then termination of the
3084 * link is requested.
3085 */
a8a1d19e 3086 if (!conn) {
2a1afb5a
JH		 3087 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
3088 &rp, sizeof(rp));
b1078ad0 3089 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 3090 goto unlock;
3091 }
55ed8ca1 3092
124f6e35 3093 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 3094 sizeof(*cp));
a8a1d19e
JH		 3095 if (!cmd) {
3096 err = -ENOMEM;
3097 goto unlock;
55ed8ca1
JH		 3098 }
3099
d8b7b1e4
JH		 3100 cmd->cmd_complete = addr_cmd_complete;
3101
89e0ccc8 3102 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
a8a1d19e
JH		 3103 if (err < 0)
3104 mgmt_pending_remove(cmd);
3105
55ed8ca1 3106unlock:
09fd0de5 3107 hci_dev_unlock(hdev);
55ed8ca1
JH		 3108 return err;
3109}
3110
bdb6d971 3111static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3112 u16 len)
8962ee74 3113{
650f726d 3114 struct mgmt_cp_disconnect *cp = data;
06a63b19 3115 struct mgmt_rp_disconnect rp;
3b0602cd 3116 struct mgmt_pending_cmd *cmd;
8962ee74 3117 struct hci_conn *conn;
8962ee74
JH		 3118 int err;
3119
3120 BT_DBG("");
3121
06a63b19
JH		 3122 memset(&rp, 0, sizeof(rp));
3123 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3124 rp.addr.type = cp->addr.type;
3125
4ee71b20 3126 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3127 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3128 MGMT_STATUS_INVALID_PARAMS,
3129 &rp, sizeof(rp));
4ee71b20 3130
09fd0de5 3131 hci_dev_lock(hdev);
8962ee74
JH		 3132
3133 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 3134 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3135 MGMT_STATUS_NOT_POWERED, &rp,
3136 sizeof(rp));
8962ee74
JH		 3137 goto failed;
3138 }
3139
333ae95d 3140 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 3141 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3142 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 3143 goto failed;
3144 }
3145
591f47f3 3146 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 3147 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3148 &cp->addr.bdaddr);
88c3df13 3149 else
9d4c1cc1
JH		 3150 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
3151 le_addr_type(cp->addr.type));
365227e5 3152
f960727e 3153 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 3154 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3155 MGMT_STATUS_NOT_CONNECTED, &rp,
3156 sizeof(rp));
8962ee74
JH		 3157 goto failed;
3158 }
3159
2e58ef3e 3160 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 3161 if (!cmd) {
3162 err = -ENOMEM;
8962ee74 3163 goto failed;
366a0336 3164 }
8962ee74 3165
f5818c22
JH		 3166 cmd->cmd_complete = generic_cmd_complete;
3167
e3f2f92a 3168 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 3169 if (err < 0)
a664b5bc 3170 mgmt_pending_remove(cmd);
8962ee74
JH		 3171
3172failed:
09fd0de5 3173 hci_dev_unlock(hdev);
8962ee74
JH		 3174 return err;
3175}
3176
57c1477c 3177static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 3178{
3179 switch (link_type) {
3180 case LE_LINK:
48264f06
JH		 3181 switch (addr_type) {
3182 case ADDR_LE_DEV_PUBLIC:
591f47f3 3183 return BDADDR_LE_PUBLIC;
0ed09148 3184
48264f06 3185 default:
0ed09148 3186 /* Fallback to LE Random address type */
591f47f3 3187 return BDADDR_LE_RANDOM;
48264f06 3188 }
0ed09148 3189
4c659c39 3190 default:
0ed09148 3191 /* Fallback to BR/EDR type */
591f47f3 3192 return BDADDR_BREDR;
4c659c39
JH		 3193 }
3194}
3195
04124681
GP		 3196static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3197 u16 data_len)
2784eb41 3198{
2784eb41 3199 struct mgmt_rp_get_connections *rp;
8035ded4 3200 struct hci_conn *c;
a38528f1 3201 size_t rp_len;
60fc5fb6
JH		 3202 int err;
3203 u16 i;
2784eb41
JH		 3204
3205 BT_DBG("");
3206
09fd0de5 3207 hci_dev_lock(hdev);
2784eb41 3208
5f97c1df 3209 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3210 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3211 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3212 goto unlock;
3213 }
3214
60fc5fb6 3215 i = 0;
b644ba33
JH		 3216 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3217 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 3218 i++;
2784eb41
JH		 3219 }
3220
60fc5fb6 3221 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 3222 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 3223 if (!rp) {
2784eb41
JH		 3224 err = -ENOMEM;
3225 goto unlock;
3226 }
3227
2784eb41 3228 i = 0;
4c659c39 3229 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 3230 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3231 continue;
4c659c39 3232 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 3233 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 3234 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 3235 continue;
3236 i++;
3237 }
3238
eb55ef07 3239 rp->conn_count = cpu_to_le16(i);
60fc5fb6 3240
4c659c39
JH		 3241 /* Recalculate length in case of filtered SCO connections, etc */
3242 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 3243
2a1afb5a
JH		 3244 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3245 rp_len);
2784eb41 3246
a38528f1 3247 kfree(rp);
5f97c1df
JH		 3248
3249unlock:
09fd0de5 3250 hci_dev_unlock(hdev);
2784eb41
JH		 3251 return err;
3252}
3253
bdb6d971 3254static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3255 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 3256{
3b0602cd 3257 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 3258 int err;
3259
2e58ef3e 3260 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 3261 sizeof(*cp));
96d97a67
WR		 3262 if (!cmd)
3263 return -ENOMEM;
3264
d8457698 3265 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 3266 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 3267 if (err < 0)
3268 mgmt_pending_remove(cmd);
3269
3270 return err;
3271}
3272
bdb6d971 3273static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3274 u16 len)
980e1a53 3275{
96d97a67 3276 struct hci_conn *conn;
650f726d 3277 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3278 struct hci_cp_pin_code_reply reply;
3b0602cd 3279 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3280 int err;
3281
3282 BT_DBG("");
3283
09fd0de5 3284 hci_dev_lock(hdev);
980e1a53 3285
4b34ee78 3286 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3287 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3288 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3289 goto failed;
3290 }
3291
d8457698 3292 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3293 if (!conn) {
a69e8375
JH		 3294 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3295 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3296 goto failed;
3297 }
3298
3299 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3300 struct mgmt_cp_pin_code_neg_reply ncp;
3301
3302 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3303
3304 BT_ERR("PIN code is not 16 bytes long");
3305
bdb6d971 3306 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3307 if (err >= 0)
a69e8375
JH		 3308 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3309 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3310
3311 goto failed;
3312 }
3313
00abfe44 3314 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3315 if (!cmd) {
3316 err = -ENOMEM;
980e1a53 3317 goto failed;
366a0336 3318 }
980e1a53 3319
7776d1d8
JH		 3320 cmd->cmd_complete = addr_cmd_complete;
3321
d8457698 3322 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3323 reply.pin_len = cp->pin_len;
24718ca5 3324 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3325
3326 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3327 if (err < 0)
a664b5bc 3328 mgmt_pending_remove(cmd);
980e1a53
JH		 3329
3330failed:
09fd0de5 3331 hci_dev_unlock(hdev);
980e1a53
JH		 3332 return err;
3333}
3334
04124681
GP		 3335static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3336 u16 len)
17fa4b9d 3337{
650f726d 3338 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3339
3340 BT_DBG("");
3341
4ec86d4c 3342 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3343 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3344 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 3345
09fd0de5 3346 hci_dev_lock(hdev);
17fa4b9d
JH		 3347
3348 hdev->io_capability = cp->io_capability;
3349
3350 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3351 hdev->io_capability);
17fa4b9d 3352
09fd0de5 3353 hci_dev_unlock(hdev);
17fa4b9d 3354
2a1afb5a
JH		 3355 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3356 NULL, 0);
17fa4b9d
JH		 3357}
3358
3b0602cd 3359static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3360{
3361 struct hci_dev *hdev = conn->hdev;
3b0602cd 3362 struct mgmt_pending_cmd *cmd;
e9a416b5 3363
2e58ef3e 3364 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3365 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3366 continue;
3367
e9a416b5
JH		 3368 if (cmd->user_data != conn)
3369 continue;
3370
3371 return cmd;
3372 }
3373
3374 return NULL;
3375}
3376
3b0602cd 3377static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3378{
3379 struct mgmt_rp_pair_device rp;
3380 struct hci_conn *conn = cmd->user_data;
9df74653 3381 int err;
e9a416b5 3382
61b1a7fb
JH		 3383 bacpy(&rp.addr.bdaddr, &conn->dst);
3384 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3385
2a1afb5a
JH		 3386 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3387 status, &rp, sizeof(rp));
e9a416b5
JH		 3388
3389 /* So we don't get further callbacks for this connection */
3390 conn->connect_cfm_cb = NULL;
3391 conn->security_cfm_cb = NULL;
3392 conn->disconn_cfm_cb = NULL;
3393
76a68ba0 3394 hci_conn_drop(conn);
89cbb063
AA		 3395
3396 /* The device is paired so there is no need to remove
3397 * its connection parameters anymore.
3398 */
3399 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3400
3401 hci_conn_put(conn);
9df74653
JH		 3402
3403 return err;
e9a416b5
JH		 3404}
3405
f4a407be
JH		 3406void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3407{
3408 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3409 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3410
3411 cmd = find_pairing(conn);
a511b35b 3412 if (cmd) {
04ab2749 3413 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3414 mgmt_pending_remove(cmd);
3415 }
f4a407be
JH		 3416}
3417
e9a416b5
JH		 3418static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3419{
3b0602cd 3420 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3421
3422 BT_DBG("status %u", status);
3423
3424 cmd = find_pairing(conn);
a511b35b 3425 if (!cmd) {
e9a416b5 3426 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3427 return;
3428 }
3429
3430 cmd->cmd_complete(cmd, mgmt_status(status));
3431 mgmt_pending_remove(cmd);
e9a416b5
JH		 3432}
3433
f4a407be 3434static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3435{
3b0602cd 3436 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3437
3438 BT_DBG("status %u", status);
3439
3440 if (!status)
3441 return;
3442
3443 cmd = find_pairing(conn);
a511b35b 3444 if (!cmd) {
4c47d739 3445 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3446 return;
3447 }
3448
3449 cmd->cmd_complete(cmd, mgmt_status(status));
3450 mgmt_pending_remove(cmd);
4c47d739
VA		 3451}
3452
bdb6d971 3453static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3454 u16 len)
e9a416b5 3455{
650f726d 3456 struct mgmt_cp_pair_device *cp = data;
1425acb7 3457 struct mgmt_rp_pair_device rp;
3b0602cd 3458 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3459 u8 sec_level, auth_type;
3460 struct hci_conn *conn;
e9a416b5
JH		 3461 int err;
3462
3463 BT_DBG("");
3464
f950a30e
SJ		 3465 memset(&rp, 0, sizeof(rp));
3466 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3467 rp.addr.type = cp->addr.type;
3468
4ee71b20 3469 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3470 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3471 MGMT_STATUS_INVALID_PARAMS,
3472 &rp, sizeof(rp));
4ee71b20 3473
4ec86d4c 3474 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3475 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3476 MGMT_STATUS_INVALID_PARAMS,
3477 &rp, sizeof(rp));
4ec86d4c 3478
09fd0de5 3479 hci_dev_lock(hdev);
e9a416b5 3480
5f97c1df 3481 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3482 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3483 MGMT_STATUS_NOT_POWERED, &rp,
3484 sizeof(rp));
5f97c1df
JH		 3485 goto unlock;
3486 }
3487
55e76b38
JH		 3488 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3489 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3490 MGMT_STATUS_ALREADY_PAIRED, &rp,
3491 sizeof(rp));
3492 goto unlock;
3493 }
3494
c908df36 3495 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3496 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3497
6f77d8c7 3498 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3499 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3500 auth_type);
6f77d8c7 3501 } else {
85813a7e 3502 u8 addr_type = le_addr_type(cp->addr.type);
5157b8a5 3503 struct hci_conn_params *p;
6f77d8c7 3504
7c264b10
MH		 3505 /* When pairing a new device, it is expected to remember
3506 * this device for future connections. Adding the connection
3507 * parameter information ahead of time allows tracking
3508 * of the slave preferred values and will speed up any
3509 * further connection establishment.
3510 *
3511 * If connection parameters already exist, then they
3512 * will be kept and this function does nothing.
3513 */
5157b8a5
JP		 3514 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3515
3516 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
3517 p->auto_connect = HCI_AUTO_CONN_DISABLED;
7c264b10 3518
fa142220
JP		 3519 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
3520 addr_type, sec_level,
0ad06aa6 3521 HCI_LE_CONN_TIMEOUT);
6f77d8c7 3522 }
7a512d01 3523
30e76272 3524 if (IS_ERR(conn)) {
489dc48e
AK		 3525 int status;
3526
3527 if (PTR_ERR(conn) == -EBUSY)
3528 status = MGMT_STATUS_BUSY;
faa81030
LR		 3529 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3530 status = MGMT_STATUS_NOT_SUPPORTED;
3531 else if (PTR_ERR(conn) == -ECONNREFUSED)
3532 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3533 else
3534 status = MGMT_STATUS_CONNECT_FAILED;
3535
2a1afb5a
JH		 3536 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3537 status, &rp, sizeof(rp));
e9a416b5
JH		 3538 goto unlock;
3539 }
3540
3541 if (conn->connect_cfm_cb) {
76a68ba0 3542 hci_conn_drop(conn);
2a1afb5a
JH		 3543 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3544 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3545 goto unlock;
3546 }
3547
2e58ef3e 3548 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3549 if (!cmd) {
3550 err = -ENOMEM;
76a68ba0 3551 hci_conn_drop(conn);
e9a416b5
JH		 3552 goto unlock;
3553 }
3554
04ab2749
JH		 3555 cmd->cmd_complete = pairing_complete;
3556
7a512d01 3557 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3558 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3559 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3560 conn->security_cfm_cb = pairing_complete_cb;
3561 conn->disconn_cfm_cb = pairing_complete_cb;
3562 } else {
3563 conn->connect_cfm_cb = le_pairing_complete_cb;
3564 conn->security_cfm_cb = le_pairing_complete_cb;
3565 conn->disconn_cfm_cb = le_pairing_complete_cb;
3566 }
7a512d01 3567
e9a416b5 3568 conn->io_capability = cp->io_cap;
f8aaf9b6 3569 cmd->user_data = hci_conn_get(conn);
e9a416b5 3570
6f78fd4b 3571 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3572 hci_conn_security(conn, sec_level, auth_type, true)) {
3573 cmd->cmd_complete(cmd, 0);
3574 mgmt_pending_remove(cmd);
3575 }
e9a416b5
JH		 3576
3577 err = 0;
3578
3579unlock:
09fd0de5 3580 hci_dev_unlock(hdev);
e9a416b5
JH		 3581 return err;
3582}
3583
04124681
GP		 3584static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3585 u16 len)
28424707 3586{
0f4e68cf 3587 struct mgmt_addr_info *addr = data;
3b0602cd 3588 struct mgmt_pending_cmd *cmd;
28424707
JH		 3589 struct hci_conn *conn;
3590 int err;
3591
3592 BT_DBG("");
3593
28424707
JH		 3594 hci_dev_lock(hdev);
3595
5f97c1df 3596 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3597 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3598 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3599 goto unlock;
3600 }
3601
333ae95d 3602 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 3603 if (!cmd) {
a69e8375
JH		 3604 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3605 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3606 goto unlock;
3607 }
3608
3609 conn = cmd->user_data;
3610
3611 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3612 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3613 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3614 goto unlock;
3615 }
3616
a511b35b
JH		 3617 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3618 mgmt_pending_remove(cmd);
28424707 3619
2a1afb5a
JH		 3620 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3621 addr, sizeof(*addr));
28424707
JH		 3622unlock:
3623 hci_dev_unlock(hdev);
28424707
JH		 3624 return err;
3625}
3626
bdb6d971 3627static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3628 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3629 u16 hci_op, __le32 passkey)
a5c29683 3630{
3b0602cd 3631 struct mgmt_pending_cmd *cmd;
0df4c185 3632 struct hci_conn *conn;
a5c29683
JH		 3633 int err;
3634
09fd0de5 3635 hci_dev_lock(hdev);
08ba5382 3636
4b34ee78 3637 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3638 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3639 MGMT_STATUS_NOT_POWERED, addr,
3640 sizeof(*addr));
0df4c185 3641 goto done;
a5c29683
JH		 3642 }
3643
1707c60e
JH		 3644 if (addr->type == BDADDR_BREDR)
3645 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3646 else
9d4c1cc1
JH		 3647 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3648 le_addr_type(addr->type));
272d90df
JH		 3649
3650 if (!conn) {
2a1afb5a
JH		 3651 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3652 MGMT_STATUS_NOT_CONNECTED, addr,
3653 sizeof(*addr));
272d90df
JH		 3654 goto done;
3655 }
47c15e2b 3656
1707c60e 3657 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3658 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3659 if (!err)
2a1afb5a
JH		 3660 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3661 MGMT_STATUS_SUCCESS, addr,
3662 sizeof(*addr));
5fe57d9e 3663 else
2a1afb5a
JH		 3664 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3665 MGMT_STATUS_FAILED, addr,
3666 sizeof(*addr));
47c15e2b 3667
47c15e2b
BG		 3668 goto done;
3669 }
3670
1707c60e 3671 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3672 if (!cmd) {
3673 err = -ENOMEM;
0df4c185 3674 goto done;
a5c29683
JH		 3675 }
3676
7776d1d8
JH		 3677 cmd->cmd_complete = addr_cmd_complete;
3678
0df4c185 3679 /* Continue with pairing via HCI */
604086b7
BG		 3680 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3681 struct hci_cp_user_passkey_reply cp;
3682
1707c60e 3683 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3684 cp.passkey = passkey;
3685 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3686 } else
1707c60e
JH		 3687 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3688 &addr->bdaddr);
604086b7 3689
a664b5bc
JH		 3690 if (err < 0)
3691 mgmt_pending_remove(cmd);
a5c29683 3692
0df4c185 3693done:
09fd0de5 3694 hci_dev_unlock(hdev);
a5c29683
JH		 3695 return err;
3696}
3697
afeb019d
JK		 3698static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3699 void *data, u16 len)
3700{
3701 struct mgmt_cp_pin_code_neg_reply *cp = data;
3702
3703 BT_DBG("");
3704
1707c60e 3705 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3706 MGMT_OP_PIN_CODE_NEG_REPLY,
3707 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3708}
3709
04124681
GP		 3710static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3711 u16 len)
0df4c185 3712{
650f726d 3713 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3714
3715 BT_DBG("");
3716
3717 if (len != sizeof(*cp))
a69e8375
JH		 3718 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3719 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3720
1707c60e 3721 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3722 MGMT_OP_USER_CONFIRM_REPLY,
3723 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3724}
3725
bdb6d971 3726static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3727 void *data, u16 len)
0df4c185 3728{
c9c2659f 3729 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3730
3731 BT_DBG("");
3732
1707c60e 3733 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3734 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3735 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3736}
3737
04124681
GP		 3738static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3739 u16 len)
604086b7 3740{
650f726d 3741 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3742
3743 BT_DBG("");
3744
1707c60e 3745 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3746 MGMT_OP_USER_PASSKEY_REPLY,
3747 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3748}
3749
bdb6d971 3750static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3751 void *data, u16 len)
604086b7 3752{
650f726d 3753 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3754
3755 BT_DBG("");
3756
1707c60e 3757 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3758 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3759 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3760}
3761
13928971 3762static void update_name(struct hci_request *req)
2b4bf397 3763{
13928971 3764 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3765 struct hci_cp_write_local_name cp;
3766
13928971 3767 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3768
890ea898 3769 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3770}
3771
1904a853 3772static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3773{
3774 struct mgmt_cp_set_local_name *cp;
3b0602cd 3775 struct mgmt_pending_cmd *cmd;
13928971
JH		 3776
3777 BT_DBG("status 0x%02x", status);
3778
3779 hci_dev_lock(hdev);
3780
333ae95d 3781 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 3782 if (!cmd)
3783 goto unlock;
3784
3785 cp = cmd->param;
3786
3787 if (status)
a69e8375
JH		 3788 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3789 mgmt_status(status));
13928971 3790 else
2a1afb5a
JH		 3791 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3792 cp, sizeof(*cp));
13928971
JH		 3793
3794 mgmt_pending_remove(cmd);
3795
3796unlock:
3797 hci_dev_unlock(hdev);
3798}
3799
bdb6d971 3800static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3801 u16 len)
b312b161 3802{
2b4bf397 3803 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3804 struct mgmt_pending_cmd *cmd;
890ea898 3805 struct hci_request req;
b312b161
JH		 3806 int err;
3807
3808 BT_DBG("");
3809
09fd0de5 3810 hci_dev_lock(hdev);
b312b161 3811
b3f2ca94
JH		 3812 /* If the old values are the same as the new ones just return a
3813 * direct command complete event.
3814 */
3815 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3816 !memcmp(hdev->short_name, cp->short_name,
3817 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3818 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3819 data, len);
b3f2ca94
JH		 3820 goto failed;
3821 }
3822
2b4bf397 3823 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3824
b5235a65 3825 if (!hdev_is_powered(hdev)) {
2b4bf397 3826 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3827
2a1afb5a
JH		 3828 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3829 data, len);
28cc7bde
JH		 3830 if (err < 0)
3831 goto failed;
3832
f6b7712e
MH		 3833 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3834 data, len, sk);
28cc7bde 3835
b5235a65
JH		 3836 goto failed;
3837 }
3838
28cc7bde 3839 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3840 if (!cmd) {
3841 err = -ENOMEM;
3842 goto failed;
3843 }
3844
13928971
JH		 3845 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3846
890ea898 3847 hci_req_init(&req, hdev);
3f985050
JH		 3848
3849 if (lmp_bredr_capable(hdev)) {
3850 update_name(&req);
3851 update_eir(&req);
3852 }
3853
7a5f4990
MH		 3854 /* The name is stored in the scan response data and so
3855 * no need to udpate the advertising data here.
3856 */
3f985050 3857 if (lmp_le_capable(hdev))
7a5f4990 3858 update_scan_rsp_data(&req);
3f985050 3859
13928971 3860 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3861 if (err < 0)
3862 mgmt_pending_remove(cmd);
3863
3864failed:
09fd0de5 3865 hci_dev_unlock(hdev);
b312b161
JH		 3866 return err;
3867}
3868
1b9441f8
JH		 3869static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3870 u16 opcode, struct sk_buff *skb)
3871{
3872 struct mgmt_rp_read_local_oob_data mgmt_rp;
3873 size_t rp_size = sizeof(mgmt_rp);
3874 struct mgmt_pending_cmd *cmd;
3875
3876 BT_DBG("%s status %u", hdev->name, status);
3877
3878 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3879 if (!cmd)
3880 return;
3881
3882 if (status || !skb) {
3883 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3884 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3885 goto remove;
3886 }
3887
3888 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3889
3890 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3891 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3892
3893 if (skb->len < sizeof(*rp)) {
3894 mgmt_cmd_status(cmd->sk, hdev->id,
3895 MGMT_OP_READ_LOCAL_OOB_DATA,
3896 MGMT_STATUS_FAILED);
3897 goto remove;
3898 }
3899
3900 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3901 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3902
3903 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3904 } else {
3905 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3906
3907 if (skb->len < sizeof(*rp)) {
3908 mgmt_cmd_status(cmd->sk, hdev->id,
3909 MGMT_OP_READ_LOCAL_OOB_DATA,
3910 MGMT_STATUS_FAILED);
3911 goto remove;
3912 }
3913
3914 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3915 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3916
3917 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3918 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3919 }
3920
3921 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3922 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3923
3924remove:
3925 mgmt_pending_remove(cmd);
3926}
3927
0f4e68cf 3928static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3929 void *data, u16 data_len)
c35938b2 3930{
3b0602cd 3931 struct mgmt_pending_cmd *cmd;
1b9441f8 3932 struct hci_request req;
c35938b2
SJ		 3933 int err;
3934
bdb6d971 3935 BT_DBG("%s", hdev->name);
c35938b2 3936
09fd0de5 3937 hci_dev_lock(hdev);
c35938b2 3938
4b34ee78 3939 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3940 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3941 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3942 goto unlock;
3943 }
3944
9a1a1996 3945 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3946 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3947 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3948 goto unlock;
3949 }
3950
333ae95d 3951 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3952 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3953 MGMT_STATUS_BUSY);
c35938b2
SJ		 3954 goto unlock;
3955 }
3956
2e58ef3e 3957 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3958 if (!cmd) {
3959 err = -ENOMEM;
3960 goto unlock;
3961 }
3962
1b9441f8
JH		 3963 hci_req_init(&req, hdev);
3964
710f11c0 3965 if (bredr_sc_enabled(hdev))
1b9441f8 3966 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4d2d2796 3967 else
1b9441f8 3968 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4d2d2796 3969
1b9441f8 3970 err = hci_req_run_skb(&req, read_local_oob_data_complete);
c35938b2
SJ		 3971 if (err < 0)
3972 mgmt_pending_remove(cmd);
3973
3974unlock:
09fd0de5 3975 hci_dev_unlock(hdev);
c35938b2
SJ		 3976 return err;
3977}
3978
bdb6d971 3979static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3980 void *data, u16 len)
2763eda6 3981{
5d57e796 3982 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3983 int err;
3984
bdb6d971 3985 BT_DBG("%s ", hdev->name);
2763eda6 3986
5d57e796 3987 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3988 return mgmt_cmd_complete(sk, hdev->id,
3989 MGMT_OP_ADD_REMOTE_OOB_DATA,
3990 MGMT_STATUS_INVALID_PARAMS,
3991 addr, sizeof(*addr));
5d57e796 3992
09fd0de5 3993 hci_dev_lock(hdev);
2763eda6 3994
ec109113
MH		 3995 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3996 struct mgmt_cp_add_remote_oob_data *cp = data;
3997 u8 status;
bf1e3541 3998
c19a495c 3999 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 4000 err = mgmt_cmd_complete(sk, hdev->id,
4001 MGMT_OP_ADD_REMOTE_OOB_DATA,
4002 MGMT_STATUS_INVALID_PARAMS,
4003 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 4004 goto unlock;
4005 }
4006
ec109113 4007 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 4008 cp->addr.type, cp->hash,
4009 cp->rand, NULL, NULL);
ec109113
MH		 4010 if (err < 0)
4011 status = MGMT_STATUS_FAILED;
4012 else
4013 status = MGMT_STATUS_SUCCESS;
4014
2a1afb5a
JH		 4015 err = mgmt_cmd_complete(sk, hdev->id,
4016 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
4017 &cp->addr, sizeof(cp->addr));
ec109113
MH		 4018 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
4019 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 4020 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 4021 u8 status;
4022
86df9200 4023 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 4024 /* Enforce zero-valued 192-bit parameters as
4025 * long as legacy SMP OOB isn't implemented.
4026 */
4027 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
4028 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 4029 err = mgmt_cmd_complete(sk, hdev->id,
4030 MGMT_OP_ADD_REMOTE_OOB_DATA,
4031 MGMT_STATUS_INVALID_PARAMS,
4032 addr, sizeof(*addr));
d25b78e2
JH		 4033 goto unlock;
4034 }
4035
86df9200
JH		 4036 rand192 = NULL;
4037 hash192 = NULL;
4038 } else {
41bcfd50
MH		 4039 /* In case one of the P-192 values is set to zero,
4040 * then just disable OOB data for P-192.
4041 */
4042 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
4043 !memcmp(cp->hash192, ZERO_KEY, 16)) {
4044 rand192 = NULL;
4045 hash192 = NULL;
4046 } else {
4047 rand192 = cp->rand192;
4048 hash192 = cp->hash192;
4049 }
4050 }
4051
4052 /* In case one of the P-256 values is set to zero, then just
4053 * disable OOB data for P-256.
4054 */
4055 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
4056 !memcmp(cp->hash256, ZERO_KEY, 16)) {
4057 rand256 = NULL;
4058 hash256 = NULL;
4059 } else {
4060 rand256 = cp->rand256;
4061 hash256 = cp->hash256;
86df9200
JH		 4062 }
4063
81328d5c 4064 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 4065 cp->addr.type, hash192, rand192,
41bcfd50 4066 hash256, rand256);
ec109113
MH		 4067 if (err < 0)
4068 status = MGMT_STATUS_FAILED;
4069 else
4070 status = MGMT_STATUS_SUCCESS;
4071
2a1afb5a
JH		 4072 err = mgmt_cmd_complete(sk, hdev->id,
4073 MGMT_OP_ADD_REMOTE_OOB_DATA,
4074 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 4075 } else {
4076 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 4077 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
4078 MGMT_STATUS_INVALID_PARAMS);
ec109113 4079 }
2763eda6 4080
c19a495c 4081unlock:
09fd0de5 4082 hci_dev_unlock(hdev);
2763eda6
SJ		 4083 return err;
4084}
4085
bdb6d971 4086static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 4087 void *data, u16 len)
2763eda6 4088{
650f726d 4089 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 4090 u8 status;
2763eda6
SJ		 4091 int err;
4092
bdb6d971 4093 BT_DBG("%s", hdev->name);
2763eda6 4094
c19a495c 4095 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 4096 return mgmt_cmd_complete(sk, hdev->id,
4097 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4098 MGMT_STATUS_INVALID_PARAMS,
4099 &cp->addr, sizeof(cp->addr));
c19a495c 4100
09fd0de5 4101 hci_dev_lock(hdev);
2763eda6 4102
eedbd581
JH		 4103 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4104 hci_remote_oob_data_clear(hdev);
4105 status = MGMT_STATUS_SUCCESS;
4106 goto done;
4107 }
4108
6928a924 4109 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 4110 if (err < 0)
bf1e3541 4111 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 4112 else
a6785be2 4113 status = MGMT_STATUS_SUCCESS;
bf1e3541 4114
eedbd581 4115done:
2a1afb5a
JH		 4116 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4117 status, &cp->addr, sizeof(cp->addr));
2763eda6 4118
09fd0de5 4119 hci_dev_unlock(hdev);
2763eda6
SJ		 4120 return err;
4121}
4122
e68f072b 4123void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
7c307720 4124{
3b0602cd 4125 struct mgmt_pending_cmd *cmd;
ae55f598 4126
7c307720
AG		 4127 BT_DBG("status %d", status);
4128
11e6e25d 4129 hci_dev_lock(hdev);
41dc2bd6 4130
333ae95d 4131 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 4132 if (!cmd)
333ae95d 4133 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 4134
11e6e25d 4135 if (cmd) {
2922a94f 4136 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 4137 mgmt_pending_remove(cmd);
4138 }
7c307720 4139
11e6e25d 4140 hci_dev_unlock(hdev);
7c307720
AG		 4141}
4142
591752af
JH		 4143static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
4144 uint8_t *mgmt_status)
4145{
4146 switch (type) {
4147 case DISCOV_TYPE_LE:
4148 *mgmt_status = mgmt_le_support(hdev);
4149 if (*mgmt_status)
4150 return false;
4151 break;
4152 case DISCOV_TYPE_INTERLEAVED:
4153 *mgmt_status = mgmt_le_support(hdev);
4154 if (*mgmt_status)
4155 return false;
4156 /* Intentional fall-through */
4157 case DISCOV_TYPE_BREDR:
4158 *mgmt_status = mgmt_bredr_support(hdev);
4159 if (*mgmt_status)
4160 return false;
4161 break;
4162 default:
4163 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
4164 return false;
4165 }
4166
4167 return true;
4168}
4169
bdb6d971 4170static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 4171 void *data, u16 len)
14a53664 4172{
650f726d 4173 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 4174 struct mgmt_pending_cmd *cmd;
8019044d 4175 u8 status;
14a53664
JH		 4176 int err;
4177
bdb6d971 4178 BT_DBG("%s", hdev->name);
14a53664 4179
09fd0de5 4180 hci_dev_lock(hdev);
14a53664 4181
4b34ee78 4182 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4183 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4184 MGMT_STATUS_NOT_POWERED,
4185 &cp->type, sizeof(cp->type));
bd2d1334
JH		 4186 goto failed;
4187 }
4188
f5a969f2 4189 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4190 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4191 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4192 MGMT_STATUS_BUSY, &cp->type,
4193 sizeof(cp->type));
642be6c7
AG		 4194 goto failed;
4195 }
4196
591752af
JH		 4197 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
4198 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4199 status, &cp->type, sizeof(cp->type));
4200 goto failed;
4201 }
4202
22078800
MH		 4203 /* Clear the discovery filter first to free any previously
4204 * allocated memory for the UUID list.
4205 */
4206 hci_discovery_filter_clear(hdev);
4207
4aab14e5 4208 hdev->discovery.type = cp->type;
da25cf6a 4209 hdev->discovery.report_invalid_rssi = false;
4aab14e5 4210
e68f072b
JH		 4211 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
4212 if (!cmd) {
4213 err = -ENOMEM;
04106755 4214 goto failed;
f39799f5 4215 }
04106755 4216
e68f072b 4217 cmd->cmd_complete = generic_cmd_complete;
7c307720 4218
f5a969f2 4219 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 4220 queue_work(hdev->req_workqueue, &hdev->discov_update);
4221 err = 0;
7c307720 4222
14a53664 4223failed:
09fd0de5 4224 hci_dev_unlock(hdev);
14a53664
JH		 4225 return err;
4226}
f39799f5 4227
3b0602cd
JH		 4228static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4229 u8 status)
2922a94f 4230{
2a1afb5a
JH		 4231 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4232 cmd->param, 1);
2922a94f 4233}
04106755 4234
66ea9427
JP		 4235static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4236 void *data, u16 len)
4237{
4238 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 4239 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 4240 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4241 u16 uuid_count, expected_len;
4242 u8 status;
4243 int err;
04106755 4244
66ea9427 4245 BT_DBG("%s", hdev->name);
e8bb6b97 4246
66ea9427 4247 hci_dev_lock(hdev);
7c307720 4248
66ea9427 4249 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4250 err = mgmt_cmd_complete(sk, hdev->id,
4251 MGMT_OP_START_SERVICE_DISCOVERY,
4252 MGMT_STATUS_NOT_POWERED,
4253 &cp->type, sizeof(cp->type));
66ea9427
JP		 4254 goto failed;
4255 }
7c307720 4256
66ea9427 4257 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4258 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4259 err = mgmt_cmd_complete(sk, hdev->id,
4260 MGMT_OP_START_SERVICE_DISCOVERY,
4261 MGMT_STATUS_BUSY, &cp->type,
4262 sizeof(cp->type));
66ea9427
JP		 4263 goto failed;
4264 }
d9483943 4265
66ea9427
JP		 4266 uuid_count = __le16_to_cpu(cp->uuid_count);
4267 if (uuid_count > max_uuid_count) {
4268 BT_ERR("service_discovery: too big uuid_count value %u",
4269 uuid_count);
2a1afb5a
JH		 4270 err = mgmt_cmd_complete(sk, hdev->id,
4271 MGMT_OP_START_SERVICE_DISCOVERY,
4272 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4273 sizeof(cp->type));
66ea9427
JP		 4274 goto failed;
4275 }
4276
4277 expected_len = sizeof(*cp) + uuid_count * 16;
4278 if (expected_len != len) {
4279 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4280 expected_len, len);
2a1afb5a
JH		 4281 err = mgmt_cmd_complete(sk, hdev->id,
4282 MGMT_OP_START_SERVICE_DISCOVERY,
4283 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4284 sizeof(cp->type));
66ea9427
JP		 4285 goto failed;
4286 }
4287
591752af
JH		 4288 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
4289 err = mgmt_cmd_complete(sk, hdev->id,
4290 MGMT_OP_START_SERVICE_DISCOVERY,
4291 status, &cp->type, sizeof(cp->type));
4292 goto failed;
4293 }
4294
66ea9427 4295 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4296 hdev, data, len);
66ea9427
JP		 4297 if (!cmd) {
4298 err = -ENOMEM;
4299 goto failed;
4300 }
4301
2922a94f
JH		 4302 cmd->cmd_complete = service_discovery_cmd_complete;
4303
22078800
MH		 4304 /* Clear the discovery filter first to free any previously
4305 * allocated memory for the UUID list.
4306 */
4307 hci_discovery_filter_clear(hdev);
4308
82f8b651 4309 hdev->discovery.result_filtering = true;
66ea9427
JP		 4310 hdev->discovery.type = cp->type;
4311 hdev->discovery.rssi = cp->rssi;
4312 hdev->discovery.uuid_count = uuid_count;
4313
4314 if (uuid_count > 0) {
4315 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4316 GFP_KERNEL);
4317 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4318 err = mgmt_cmd_complete(sk, hdev->id,
4319 MGMT_OP_START_SERVICE_DISCOVERY,
4320 MGMT_STATUS_FAILED,
4321 &cp->type, sizeof(cp->type));
d9483943
JH		 4322 mgmt_pending_remove(cmd);
4323 goto failed;
4324 }
66ea9427 4325 }
d9483943 4326
66ea9427 4327 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 4328 queue_work(hdev->req_workqueue, &hdev->discov_update);
4329 err = 0;
14a53664
JH		 4330
4331failed:
09fd0de5 4332 hci_dev_unlock(hdev);
14a53664
JH		 4333 return err;
4334}
4335
2154d3f4 4336void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca 4337{
3b0602cd 4338 struct mgmt_pending_cmd *cmd;
1183fdca 4339
0e05bba6
AG		 4340 BT_DBG("status %d", status);
4341
4342 hci_dev_lock(hdev);
4343
333ae95d 4344 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 4345 if (cmd) {
2922a94f 4346 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4347 mgmt_pending_remove(cmd);
0e05bba6
AG		 4348 }
4349
0e05bba6
AG		 4350 hci_dev_unlock(hdev);
4351}
4352
bdb6d971 4353static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4354 u16 len)
14a53664 4355{
d930650b 4356 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4357 struct mgmt_pending_cmd *cmd;
14a53664
JH		 4358 int err;
4359
bdb6d971 4360 BT_DBG("%s", hdev->name);
14a53664 4361
09fd0de5 4362 hci_dev_lock(hdev);
14a53664 4363
30dc78e1 4364 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4365 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4366 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4367 sizeof(mgmt_cp->type));
d930650b
JH		 4368 goto unlock;
4369 }
4370
4371 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4372 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4373 MGMT_STATUS_INVALID_PARAMS,
4374 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4375 goto unlock;
ff9ef578
JH		 4376 }
4377
2922a94f 4378 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4379 if (!cmd) {
4380 err = -ENOMEM;
30dc78e1
JH		 4381 goto unlock;
4382 }
4383
2922a94f
JH		 4384 cmd->cmd_complete = generic_cmd_complete;
4385
2154d3f4
JH		 4386 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4387 queue_work(hdev->req_workqueue, &hdev->discov_update);
4388 err = 0;
14a53664 4389
30dc78e1 4390unlock:
09fd0de5 4391 hci_dev_unlock(hdev);
14a53664
JH		 4392 return err;
4393}
4394
bdb6d971 4395static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4396 u16 len)
561aafbc 4397{
650f726d 4398 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4399 struct inquiry_entry *e;
561aafbc
JH		 4400 int err;
4401
bdb6d971 4402 BT_DBG("%s", hdev->name);
561aafbc 4403
561aafbc
JH		 4404 hci_dev_lock(hdev);
4405
30dc78e1 4406 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4407 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4408 MGMT_STATUS_FAILED, &cp->addr,
4409 sizeof(cp->addr));
30dc78e1
JH		 4410 goto failed;
4411 }
4412
a198e7b1 4413 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4414 if (!e) {
2a1afb5a
JH		 4415 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4416 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4417 sizeof(cp->addr));
561aafbc
JH		 4418 goto failed;
4419 }
4420
4421 if (cp->name_known) {
4422 e->name_state = NAME_KNOWN;
4423 list_del(&e->list);
4424 } else {
4425 e->name_state = NAME_NEEDED;
a3d4e20a 4426 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4427 }
4428
2a1afb5a
JH		 4429 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4430 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4431
4432failed:
4433 hci_dev_unlock(hdev);
561aafbc
JH		 4434 return err;
4435}
4436
bdb6d971 4437static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4438 u16 len)
7fbec224 4439{
650f726d 4440 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4441 u8 status;
7fbec224
AJ		 4442 int err;
4443
bdb6d971 4444 BT_DBG("%s", hdev->name);
7fbec224 4445
4ee71b20 4446 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4447 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4448 MGMT_STATUS_INVALID_PARAMS,
4449 &cp->addr, sizeof(cp->addr));
4ee71b20 4450
09fd0de5 4451 hci_dev_lock(hdev);
5e762444 4452
dcc36c16
JH		 4453 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4454 cp->addr.type);
2a8357f2 4455 if (err < 0) {
f0eeea8b 4456 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4457 goto done;
4458 }
4459
4460 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4461 sk);
4462 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4463
2a8357f2 4464done:
2a1afb5a
JH		 4465 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4466 &cp->addr, sizeof(cp->addr));
5e762444 4467
09fd0de5 4468 hci_dev_unlock(hdev);
7fbec224
AJ		 4469
4470 return err;
4471}
4472
bdb6d971 4473static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4474 u16 len)
7fbec224 4475{
650f726d 4476 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4477 u8 status;
7fbec224
AJ		 4478 int err;
4479
bdb6d971 4480 BT_DBG("%s", hdev->name);
7fbec224 4481
4ee71b20 4482 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4483 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4484 MGMT_STATUS_INVALID_PARAMS,
4485 &cp->addr, sizeof(cp->addr));
4ee71b20 4486
09fd0de5 4487 hci_dev_lock(hdev);
5e762444 4488
dcc36c16
JH		 4489 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4490 cp->addr.type);
2a8357f2 4491 if (err < 0) {
f0eeea8b 4492 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4493 goto done;
4494 }
4495
4496 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4497 sk);
4498 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4499
2a8357f2 4500done:
2a1afb5a
JH		 4501 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4502 &cp->addr, sizeof(cp->addr));
5e762444 4503
09fd0de5 4504 hci_dev_unlock(hdev);
7fbec224
AJ		 4505
4506 return err;
4507}
4508
cdbaccca
MH		 4509static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4510 u16 len)
4511{
4512 struct mgmt_cp_set_device_id *cp = data;
890ea898 4513 struct hci_request req;
cdbaccca 4514 int err;
c72d4b8a 4515 __u16 source;
cdbaccca
MH		 4516
4517 BT_DBG("%s", hdev->name);
4518
c72d4b8a
SJ		 4519 source = __le16_to_cpu(cp->source);
4520
4521 if (source > 0x0002)
a69e8375
JH		 4522 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4523 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4524
cdbaccca
MH		 4525 hci_dev_lock(hdev);
4526
c72d4b8a 4527 hdev->devid_source = source;
cdbaccca
MH		 4528 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4529 hdev->devid_product = __le16_to_cpu(cp->product);
4530 hdev->devid_version = __le16_to_cpu(cp->version);
4531
2a1afb5a
JH		 4532 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4533 NULL, 0);
cdbaccca 4534
890ea898
JH		 4535 hci_req_init(&req, hdev);
4536 update_eir(&req);
4537 hci_req_run(&req, NULL);
cdbaccca
MH		 4538
4539 hci_dev_unlock(hdev);
4540
4541 return err;
4542}
4543
24b4f38f
AU		 4544static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4545 u16 opcode)
4546{
4547 BT_DBG("status %d", status);
4548}
4549
1904a853
MH		 4550static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4551 u16 opcode)
4375f103
JH		 4552{
4553 struct cmd_lookup match = { NULL, hdev };
24b4f38f 4554 struct hci_request req;
7816b820
FG		 4555 u8 instance;
4556 struct adv_info *adv_instance;
4557 int err;
4375f103 4558
3ad67582
JK		 4559 hci_dev_lock(hdev);
4560
4375f103
JH		 4561 if (status) {
4562 u8 mgmt_err = mgmt_status(status);
4563
4564 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4565 cmd_status_rsp, &mgmt_err);
3ad67582 4566 goto unlock;
4375f103
JH		 4567 }
4568
d7a5a11d 4569 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 4570 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 4571 else
a358dc11 4572 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 4573
4375f103
JH		 4574 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4575 &match);
4576
4577 new_settings(hdev, match.sk);
4578
4579 if (match.sk)
4580 sock_put(match.sk);
3ad67582 4581
24b4f38f 4582 /* If "Set Advertising" was just disabled and instance advertising was
7816b820 4583 * set up earlier, then re-enable multi-instance advertising.
24b4f38f
AU		 4584 */
4585 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7816b820
FG		 4586 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) ||
4587 list_empty(&hdev->adv_instances))
24b4f38f
AU		 4588 goto unlock;
4589
7816b820
FG		 4590 instance = hdev->cur_adv_instance;
4591 if (!instance) {
4592 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
4593 struct adv_info, list);
4594 if (!adv_instance)
4595 goto unlock;
4596
4597 instance = adv_instance->instance;
4598 }
4599
24b4f38f
AU		 4600 hci_req_init(&req, hdev);
4601
7816b820
FG		 4602 err = schedule_adv_instance(&req, instance, true);
4603
4604 if (!err)
4605 err = hci_req_run(&req, enable_advertising_instance);
24b4f38f 4606
7816b820 4607 if (err)
24b4f38f
AU		 4608 BT_ERR("Failed to re-configure advertising");
4609
3ad67582
JK		 4610unlock:
4611 hci_dev_unlock(hdev);
4375f103
JH		 4612}
4613
21b5187f
MH		 4614static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4615 u16 len)
4375f103
JH		 4616{
4617 struct mgmt_mode *cp = data;
3b0602cd 4618 struct mgmt_pending_cmd *cmd;
4375f103 4619 struct hci_request req;
cc91cb04 4620 u8 val, status;
4375f103
JH		 4621 int err;
4622
4623 BT_DBG("request for %s", hdev->name);
4624
e6fe7986
JH		 4625 status = mgmt_le_support(hdev);
4626 if (status)
a69e8375
JH		 4627 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4628 status);
4375f103 4629
cc91cb04 4630 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4631 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4632 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4633
4634 hci_dev_lock(hdev);
4635
4636 val = !!cp->val;
4375f103 4637
f74ca9b8
JH		 4638 /* The following conditions are ones which mean that we should
4639 * not do any HCI communication but directly send a mgmt
4640 * response to user space (after toggling the flag if
4641 * necessary).
4642 */
cc91cb04 4643 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 4644 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4645 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 4646 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 4647 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 4648 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 4649 bool changed;
4375f103 4650
cc91cb04 4651 if (cp->val) {
238be788 4652 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 4653 if (cp->val == 0x02)
a1536da2 4654 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4655 else
a358dc11 4656 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4657 } else {
a69d8927 4658 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 4659 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 4660 }
4661
4662 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4663 if (err < 0)
4664 goto unlock;
4665
4666 if (changed)
4667 err = new_settings(hdev, sk);
4668
4669 goto unlock;
4670 }
4671
333ae95d
JH		 4672 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4673 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4674 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4675 MGMT_STATUS_BUSY);
4375f103
JH		 4676 goto unlock;
4677 }
4678
4679 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4680 if (!cmd) {
4681 err = -ENOMEM;
4682 goto unlock;
4683 }
4684
4685 hci_req_init(&req, hdev);
4686
cc91cb04 4687 if (cp->val == 0x02)
a1536da2 4688 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4689 else
a358dc11 4690 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4691
7816b820
FG		 4692 cancel_adv_timeout(hdev);
4693
24b4f38f 4694 if (val) {
7816b820
FG		 4695 /* Switch to instance "0" for the Set Advertising setting.
4696 * We cannot use update_[adv|scan_rsp]_data() here as the
4697 * HCI_ADVERTISING flag is not yet set.
4698 */
efae002c
FG		 4699 update_inst_adv_data(&req, 0x00);
4700 update_inst_scan_rsp_data(&req, 0x00);
bba3aa55 4701 enable_advertising(&req);
24b4f38f 4702 } else {
bba3aa55 4703 disable_advertising(&req);
24b4f38f 4704 }
4375f103
JH		 4705
4706 err = hci_req_run(&req, set_advertising_complete);
4707 if (err < 0)
4708 mgmt_pending_remove(cmd);
4709
4710unlock:
4711 hci_dev_unlock(hdev);
4712 return err;
4713}
4714
d13eafce
MH		 4715static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4716 void *data, u16 len)
4717{
4718 struct mgmt_cp_set_static_address *cp = data;
4719 int err;
4720
4721 BT_DBG("%s", hdev->name);
4722
62af4443 4723 if (!lmp_le_capable(hdev))
a69e8375
JH		 4724 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4725 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4726
4727 if (hdev_is_powered(hdev))
a69e8375
JH		 4728 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4729 MGMT_STATUS_REJECTED);
d13eafce
MH		 4730
4731 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4732 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4733 return mgmt_cmd_status(sk, hdev->id,
4734 MGMT_OP_SET_STATIC_ADDRESS,
4735 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4736
4737 /* Two most significant bits shall be set */
4738 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4739 return mgmt_cmd_status(sk, hdev->id,
4740 MGMT_OP_SET_STATIC_ADDRESS,
4741 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4742 }
4743
4744 hci_dev_lock(hdev);
4745
4746 bacpy(&hdev->static_addr, &cp->bdaddr);
4747
93690c22
MH		 4748 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4749 if (err < 0)
4750 goto unlock;
4751
4752 err = new_settings(hdev, sk);
d13eafce 4753
93690c22 4754unlock:
d13eafce 4755 hci_dev_unlock(hdev);
d13eafce
MH		 4756 return err;
4757}
4758
14b49b9a
MH		 4759static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4760 void *data, u16 len)
4761{
4762 struct mgmt_cp_set_scan_params *cp = data;
4763 __u16 interval, window;
4764 int err;
4765
4766 BT_DBG("%s", hdev->name);
4767
4768 if (!lmp_le_capable(hdev))
a69e8375
JH		 4769 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4770 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4771
4772 interval = __le16_to_cpu(cp->interval);
4773
4774 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4775 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4776 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4777
4778 window = __le16_to_cpu(cp->window);
4779
4780 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4781 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4782 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4783
899e1075 4784 if (window > interval)
a69e8375
JH		 4785 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4786 MGMT_STATUS_INVALID_PARAMS);
899e1075 4787
14b49b9a
MH		 4788 hci_dev_lock(hdev);
4789
4790 hdev->le_scan_interval = interval;
4791 hdev->le_scan_window = window;
4792
2a1afb5a
JH		 4793 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4794 NULL, 0);
14b49b9a 4795
dd2ef8e2
AG		 4796 /* If background scan is running, restart it so new parameters are
4797 * loaded.
4798 */
d7a5a11d 4799 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4800 hdev->discovery.state == DISCOVERY_STOPPED) {
4801 struct hci_request req;
4802
4803 hci_req_init(&req, hdev);
4804
4805 hci_req_add_le_scan_disable(&req);
4806 hci_req_add_le_passive_scan(&req);
4807
4808 hci_req_run(&req, NULL);
4809 }
4810
14b49b9a
MH		 4811 hci_dev_unlock(hdev);
4812
4813 return err;
4814}
4815
1904a853
MH		 4816static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4817 u16 opcode)
33e38b3e 4818{
3b0602cd 4819 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4820
4821 BT_DBG("status 0x%02x", status);
4822
4823 hci_dev_lock(hdev);
4824
333ae95d 4825 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
33e38b3e
JH		 4826 if (!cmd)
4827 goto unlock;
4828
4829 if (status) {
a69e8375
JH		 4830 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4831 mgmt_status(status));
33e38b3e 4832 } else {
1a4d3c4b
JH		 4833 struct mgmt_mode *cp = cmd->param;
4834
4835 if (cp->val)
a1536da2 4836 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4837 else
a358dc11 4838 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4839
33e38b3e
JH		 4840 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4841 new_settings(hdev, cmd->sk);
4842 }
4843
4844 mgmt_pending_remove(cmd);
4845
4846unlock:
4847 hci_dev_unlock(hdev);
4848}
4849
bdb6d971 4850static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4851 void *data, u16 len)
f6422ec6 4852{
650f726d 4853 struct mgmt_mode *cp = data;
3b0602cd 4854 struct mgmt_pending_cmd *cmd;
33e38b3e 4855 struct hci_request req;
f6422ec6
AJ		 4856 int err;
4857
bdb6d971 4858 BT_DBG("%s", hdev->name);
f6422ec6 4859
d7a5a11d 4860 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4861 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4862 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4863 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4864
a7e80f25 4865 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4866 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4867 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4868
f6422ec6
AJ		 4869 hci_dev_lock(hdev);
4870
333ae95d 4871 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4872 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4873 MGMT_STATUS_BUSY);
05cbf29f
JH		 4874 goto unlock;
4875 }
4876
d7a5a11d 4877 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4878 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4879 hdev);
4880 goto unlock;
4881 }
4882
406ef2a6 4883 if (!hdev_is_powered(hdev)) {
ce05d603 4884 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4885 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4886 hdev);
4887 new_settings(hdev, sk);
4888 goto unlock;
4889 }
4890
33e38b3e
JH		 4891 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4892 data, len);
4893 if (!cmd) {
4894 err = -ENOMEM;
4895 goto unlock;
f6422ec6
AJ		 4896 }
4897
33e38b3e
JH		 4898 hci_req_init(&req, hdev);
4899
406d7804 4900 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4901
4902 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4903 if (err < 0) {
a69e8375
JH		 4904 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4905 MGMT_STATUS_FAILED);
33e38b3e 4906 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4907 }
4908
33e38b3e 4909unlock:
f6422ec6 4910 hci_dev_unlock(hdev);
33e38b3e 4911
f6422ec6
AJ		 4912 return err;
4913}
4914
1904a853 4915static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4916{
3b0602cd 4917 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4918
4919 BT_DBG("status 0x%02x", status);
4920
4921 hci_dev_lock(hdev);
4922
333ae95d 4923 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
0663ca2a
JH		 4924 if (!cmd)
4925 goto unlock;
4926
4927 if (status) {
4928 u8 mgmt_err = mgmt_status(status);
4929
4930 /* We need to restore the flag if related HCI commands
4931 * failed.
4932 */
a358dc11 4933 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4934
a69e8375 4935 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4936 } else {
4937 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4938 new_settings(hdev, cmd->sk);
4939 }
4940
4941 mgmt_pending_remove(cmd);
4942
4943unlock:
4944 hci_dev_unlock(hdev);
4945}
4946
4947static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4948{
4949 struct mgmt_mode *cp = data;
3b0602cd 4950 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4951 struct hci_request req;
4952 int err;
4953
4954 BT_DBG("request for %s", hdev->name);
4955
4956 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4957 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4958 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4959
d7a5a11d 4960 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4961 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4962 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4963
4964 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4965 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4966 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4967
4968 hci_dev_lock(hdev);
4969
d7a5a11d 4970 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4971 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4972 goto unlock;
4973 }
4974
4975 if (!hdev_is_powered(hdev)) {
4976 if (!cp->val) {
a358dc11
MH		 4977 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4978 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4979 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4980 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4981 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4982 }
4983
ce05d603 4984 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4985
4986 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4987 if (err < 0)
4988 goto unlock;
4989
4990 err = new_settings(hdev, sk);
4991 goto unlock;
4992 }
4993
4994 /* Reject disabling when powered on */
4995 if (!cp->val) {
a69e8375
JH		 4996 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4997 MGMT_STATUS_REJECTED);
0663ca2a 4998 goto unlock;
111e4bcc
MH		 4999 } else {
5000 /* When configuring a dual-mode controller to operate
5001 * with LE only and using a static address, then switching
5002 * BR/EDR back on is not allowed.
5003 *
5004 * Dual-mode controllers shall operate with the public
5005 * address as its identity address for BR/EDR and LE. So
5006 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 5007 *
5008 * The same restrictions applies when secure connections
5009 * has been enabled. For BR/EDR this is a controller feature
5010 * while for LE it is a host stack feature. This means that
5011 * switching BR/EDR back on when secure connections has been
5012 * enabled is not a supported transaction.
111e4bcc 5013 */
d7a5a11d 5014 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 5015 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 5016 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 5017 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5018 MGMT_STATUS_REJECTED);
111e4bcc
MH		 5019 goto unlock;
5020 }
0663ca2a
JH		 5021 }
5022
333ae95d 5023 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 5024 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5025 MGMT_STATUS_BUSY);
0663ca2a
JH		 5026 goto unlock;
5027 }
5028
5029 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5030 if (!cmd) {
5031 err = -ENOMEM;
5032 goto unlock;
5033 }
5034
5947f4bc 5035 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 5036 * generates the correct flags.
5037 */
a1536da2 5038 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 5039
5040 hci_req_init(&req, hdev);
aa8af46e 5041
432df05e 5042 write_fast_connectable(&req, false);
1d2dc5b7 5043 __hci_update_page_scan(&req);
aa8af46e 5044
f14d8f64
MH		 5045 /* Since only the advertising data flags will change, there
5046 * is no need to update the scan response data.
5047 */
5947f4bc 5048 update_adv_data(&req);
aa8af46e 5049
0663ca2a
JH		 5050 err = hci_req_run(&req, set_bredr_complete);
5051 if (err < 0)
5052 mgmt_pending_remove(cmd);
5053
5054unlock:
5055 hci_dev_unlock(hdev);
5056 return err;
5057}
5058
a1443f5a
JH		 5059static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5060{
3b0602cd 5061 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 5062 struct mgmt_mode *cp;
5063
5064 BT_DBG("%s status %u", hdev->name, status);
5065
5066 hci_dev_lock(hdev);
5067
333ae95d 5068 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
a1443f5a
JH		 5069 if (!cmd)
5070 goto unlock;
5071
5072 if (status) {
a69e8375
JH		 5073 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5074 mgmt_status(status));
a1443f5a
JH		 5075 goto remove;
5076 }
5077
5078 cp = cmd->param;
5079
5080 switch (cp->val) {
5081 case 0x00:
a358dc11
MH		 5082 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5083 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5084 break;
5085 case 0x01:
a1536da2 5086 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 5087 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5088 break;
5089 case 0x02:
a1536da2
MH		 5090 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5091 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5092 break;
5093 }
5094
5095 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5096 new_settings(hdev, cmd->sk);
5097
5098remove:
5099 mgmt_pending_remove(cmd);
5100unlock:
5101 hci_dev_unlock(hdev);
5102}
5103
eac83dc6
MH		 5104static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5105 void *data, u16 len)
5106{
5107 struct mgmt_mode *cp = data;
3b0602cd 5108 struct mgmt_pending_cmd *cmd;
a1443f5a 5109 struct hci_request req;
a3209694 5110 u8 val;
eac83dc6
MH		 5111 int err;
5112
5113 BT_DBG("request for %s", hdev->name);
5114
05b3c3e7 5115 if (!lmp_sc_capable(hdev) &&
d7a5a11d 5116 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 5117 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5118 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 5119
d7a5a11d 5120 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 5121 lmp_sc_capable(hdev) &&
d7a5a11d 5122 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 5123 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5124 MGMT_STATUS_REJECTED);
ed93ec69 5125
0ab04a9c 5126 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 5127 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 5128 MGMT_STATUS_INVALID_PARAMS);
5129
5130 hci_dev_lock(hdev);
5131
05b3c3e7 5132 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 5133 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 5134 bool changed;
5135
0ab04a9c 5136 if (cp->val) {
238be788
MH		 5137 changed = !hci_dev_test_and_set_flag(hdev,
5138 HCI_SC_ENABLED);
0ab04a9c 5139 if (cp->val == 0x02)
a1536da2 5140 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5141 else
a358dc11 5142 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5143 } else {
a69d8927
MH		 5144 changed = hci_dev_test_and_clear_flag(hdev,
5145 HCI_SC_ENABLED);
a358dc11 5146 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5147 }
eac83dc6
MH		 5148
5149 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5150 if (err < 0)
5151 goto failed;
5152
5153 if (changed)
5154 err = new_settings(hdev, sk);
5155
5156 goto failed;
5157 }
5158
333ae95d 5159 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 5160 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5161 MGMT_STATUS_BUSY);
eac83dc6
MH		 5162 goto failed;
5163 }
5164
0ab04a9c
MH		 5165 val = !!cp->val;
5166
d7a5a11d
MH		 5167 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5168 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 5169 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5170 goto failed;
5171 }
5172
5173 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5174 if (!cmd) {
5175 err = -ENOMEM;
5176 goto failed;
5177 }
5178
a1443f5a
JH		 5179 hci_req_init(&req, hdev);
5180 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5181 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 5182 if (err < 0) {
5183 mgmt_pending_remove(cmd);
5184 goto failed;
5185 }
5186
5187failed:
5188 hci_dev_unlock(hdev);
5189 return err;
5190}
5191
4e39ac81
MH		 5192static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5193 void *data, u16 len)
5194{
5195 struct mgmt_mode *cp = data;
b9710979 5196 bool changed, use_changed;
4e39ac81
MH		 5197 int err;
5198
5199 BT_DBG("request for %s", hdev->name);
5200
b9710979 5201 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 5202 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5203 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 5204
5205 hci_dev_lock(hdev);
5206
5207 if (cp->val)
238be788 5208 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 5209 else
a69d8927
MH		 5210 changed = hci_dev_test_and_clear_flag(hdev,
5211 HCI_KEEP_DEBUG_KEYS);
4e39ac81 5212
b9710979 5213 if (cp->val == 0x02)
238be788
MH		 5214 use_changed = !hci_dev_test_and_set_flag(hdev,
5215 HCI_USE_DEBUG_KEYS);
b9710979 5216 else
a69d8927
MH		 5217 use_changed = hci_dev_test_and_clear_flag(hdev,
5218 HCI_USE_DEBUG_KEYS);
b9710979
JH		 5219
5220 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 5221 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 5222 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5223 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5224 sizeof(mode), &mode);
5225 }
5226
4e39ac81
MH		 5227 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5228 if (err < 0)
5229 goto unlock;
5230
5231 if (changed)
5232 err = new_settings(hdev, sk);
5233
5234unlock:
5235 hci_dev_unlock(hdev);
5236 return err;
5237}
5238
62b04cd1
JH		 5239static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5240 u16 len)
5241{
5242 struct mgmt_cp_set_privacy *cp = cp_data;
5243 bool changed;
5244 int err;
5245
5246 BT_DBG("request for %s", hdev->name);
5247
5248 if (!lmp_le_capable(hdev))
a69e8375
JH		 5249 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5250 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 5251
5252 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 5253 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5254 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 5255
5256 if (hdev_is_powered(hdev))
a69e8375
JH		 5257 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5258 MGMT_STATUS_REJECTED);
62b04cd1
JH		 5259
5260 hci_dev_lock(hdev);
5261
c21c0ea0
JH		 5262 /* If user space supports this command it is also expected to
5263 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5264 */
a1536da2 5265 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 5266
62b04cd1 5267 if (cp->privacy) {
238be788 5268 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 5269 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 5270 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1 5271 } else {
a69d8927 5272 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 5273 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 5274 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 5275 }
5276
5277 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5278 if (err < 0)
5279 goto unlock;
5280
5281 if (changed)
5282 err = new_settings(hdev, sk);
5283
5284unlock:
5285 hci_dev_unlock(hdev);
5286 return err;
5287}
5288
41edf160
JH		 5289static bool irk_is_valid(struct mgmt_irk_info *irk)
5290{
5291 switch (irk->addr.type) {
5292 case BDADDR_LE_PUBLIC:
5293 return true;
5294
5295 case BDADDR_LE_RANDOM:
5296 /* Two most significant bits shall be set */
5297 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5298 return false;
5299 return true;
5300 }
5301
5302 return false;
5303}
5304
5305static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5306 u16 len)
5307{
5308 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5309 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5310 sizeof(struct mgmt_irk_info));
41edf160
JH		 5311 u16 irk_count, expected_len;
5312 int i, err;
5313
5314 BT_DBG("request for %s", hdev->name);
5315
5316 if (!lmp_le_capable(hdev))
a69e8375
JH		 5317 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5318 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5319
5320 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 5321 if (irk_count > max_irk_count) {
5322 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 5323 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5324 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5325 }
41edf160
JH		 5326
5327 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5328 if (expected_len != len) {
5329 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 5330 expected_len, len);
a69e8375
JH		 5331 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5332 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5333 }
5334
5335 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5336
5337 for (i = 0; i < irk_count; i++) {
5338 struct mgmt_irk_info *key = &cp->irks[i];
5339
5340 if (!irk_is_valid(key))
a69e8375
JH		 5341 return mgmt_cmd_status(sk, hdev->id,
5342 MGMT_OP_LOAD_IRKS,
5343 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5344 }
5345
5346 hci_dev_lock(hdev);
5347
5348 hci_smp_irks_clear(hdev);
5349
5350 for (i = 0; i < irk_count; i++) {
5351 struct mgmt_irk_info *irk = &cp->irks[i];
41edf160 5352
85813a7e
JH		 5353 hci_add_irk(hdev, &irk->addr.bdaddr,
5354 le_addr_type(irk->addr.type), irk->val,
41edf160
JH		 5355 BDADDR_ANY);
5356 }
5357
a1536da2 5358 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 5359
2a1afb5a 5360 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5361
5362 hci_dev_unlock(hdev);
5363
5364 return err;
5365}
5366
3f706b72
JH		 5367static bool ltk_is_valid(struct mgmt_ltk_info *key)
5368{
5369 if (key->master != 0x00 && key->master != 0x01)
5370 return false;
490cb0b3
MH		 5371
5372 switch (key->addr.type) {
5373 case BDADDR_LE_PUBLIC:
5374 return true;
5375
5376 case BDADDR_LE_RANDOM:
5377 /* Two most significant bits shall be set */
5378 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5379 return false;
5380 return true;
5381 }
5382
5383 return false;
3f706b72
JH		 5384}
5385
bdb6d971 5386static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5387 void *cp_data, u16 len)
346af67b 5388{
346af67b 5389 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5390 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5391 sizeof(struct mgmt_ltk_info));
346af67b 5392 u16 key_count, expected_len;
715a5bf2 5393 int i, err;
346af67b 5394
cf99ba13
MH		 5395 BT_DBG("request for %s", hdev->name);
5396
5397 if (!lmp_le_capable(hdev))
a69e8375
JH		 5398 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5399 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5400
1f350c87 5401 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5402 if (key_count > max_key_count) {
5403 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 5404 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5405 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5406 }
346af67b
VCG		 5407
5408 expected_len = sizeof(*cp) + key_count *
5409 sizeof(struct mgmt_ltk_info);
5410 if (expected_len != len) {
5411 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5412 expected_len, len);
a69e8375
JH		 5413 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5414 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5415 }
5416
bdb6d971 5417 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5418
54ad6d8a
JH		 5419 for (i = 0; i < key_count; i++) {
5420 struct mgmt_ltk_info *key = &cp->keys[i];
5421
3f706b72 5422 if (!ltk_is_valid(key))
a69e8375
JH		 5423 return mgmt_cmd_status(sk, hdev->id,
5424 MGMT_OP_LOAD_LONG_TERM_KEYS,
5425 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5426 }
5427
346af67b
VCG		 5428 hci_dev_lock(hdev);
5429
5430 hci_smp_ltks_clear(hdev);
5431
5432 for (i = 0; i < key_count; i++) {
5433 struct mgmt_ltk_info *key = &cp->keys[i];
85813a7e 5434 u8 type, authenticated;
346af67b 5435
61b43357
JH		 5436 switch (key->type) {
5437 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5438 authenticated = 0x00;
23fb8de3 5439 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5440 break;
5441 case MGMT_LTK_AUTHENTICATED:
d7b25450 5442 authenticated = 0x01;
23fb8de3
JH		 5443 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5444 break;
5445 case MGMT_LTK_P256_UNAUTH:
5446 authenticated = 0x00;
5447 type = SMP_LTK_P256;
61b43357 5448 break;
23fb8de3
JH		 5449 case MGMT_LTK_P256_AUTH:
5450 authenticated = 0x01;
5451 type = SMP_LTK_P256;
61b43357 5452 break;
23fb8de3
JH		 5453 case MGMT_LTK_P256_DEBUG:
5454 authenticated = 0x00;
5455 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5456 default:
5457 continue;
5458 }
d7b25450 5459
85813a7e
JH		 5460 hci_add_ltk(hdev, &key->addr.bdaddr,
5461 le_addr_type(key->addr.type), type, authenticated,
5462 key->val, key->enc_size, key->ediv, key->rand);
346af67b
VCG		 5463 }
5464
2a1afb5a 5465 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5466 NULL, 0);
5467
346af67b 5468 hci_dev_unlock(hdev);
346af67b 5469
715a5bf2 5470 return err;
346af67b
VCG		 5471}
5472
3b0602cd 5473static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5474{
dd983808 5475 struct hci_conn *conn = cmd->user_data;
9981bdb0 5476 struct mgmt_rp_get_conn_info rp;
9df74653 5477 int err;
dd983808 5478
9981bdb0 5479 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5480
9981bdb0 5481 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5482 rp.rssi = conn->rssi;
9981bdb0
JH		 5483 rp.tx_power = conn->tx_power;
5484 rp.max_tx_power = conn->max_tx_power;
5485 } else {
5486 rp.rssi = HCI_RSSI_INVALID;
5487 rp.tx_power = HCI_TX_POWER_INVALID;
5488 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5489 }
5490
2a1afb5a
JH		 5491 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5492 status, &rp, sizeof(rp));
dd983808
AK		 5493
5494 hci_conn_drop(conn);
f8aaf9b6 5495 hci_conn_put(conn);
9df74653
JH		 5496
5497 return err;
dd983808
AK		 5498}
5499
1904a853
MH		 5500static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5501 u16 opcode)
dd983808
AK		 5502{
5503 struct hci_cp_read_rssi *cp;
3b0602cd 5504 struct mgmt_pending_cmd *cmd;
dd983808 5505 struct hci_conn *conn;
dd983808 5506 u16 handle;
9981bdb0 5507 u8 status;
dd983808 5508
9981bdb0 5509 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5510
5511 hci_dev_lock(hdev);
5512
dd983808
AK		 5513 /* Commands sent in request are either Read RSSI or Read Transmit Power
5514 * Level so we check which one was last sent to retrieve connection
5515 * handle. Both commands have handle as first parameter so it's safe to
5516 * cast data on the same command struct.
5517 *
5518 * First command sent is always Read RSSI and we fail only if it fails.
5519 * In other case we simply override error to indicate success as we
5520 * already remembered if TX power value is actually valid.
5521 */
5522 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5523 if (!cp) {
5524 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5525 status = MGMT_STATUS_SUCCESS;
5526 } else {
5527 status = mgmt_status(hci_status);
dd983808
AK		 5528 }
5529
5530 if (!cp) {
9981bdb0 5531 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5532 goto unlock;
5533 }
5534
5535 handle = __le16_to_cpu(cp->handle);
5536 conn = hci_conn_hash_lookup_handle(hdev, handle);
5537 if (!conn) {
9981bdb0 5538 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5539 goto unlock;
5540 }
5541
333ae95d 5542 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
9981bdb0
JH		 5543 if (!cmd)
5544 goto unlock;
dd983808 5545
9981bdb0
JH		 5546 cmd->cmd_complete(cmd, status);
5547 mgmt_pending_remove(cmd);
dd983808
AK		 5548
5549unlock:
5550 hci_dev_unlock(hdev);
5551}
5552
5553static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5554 u16 len)
5555{
5556 struct mgmt_cp_get_conn_info *cp = data;
5557 struct mgmt_rp_get_conn_info rp;
5558 struct hci_conn *conn;
5559 unsigned long conn_info_age;
5560 int err = 0;
5561
5562 BT_DBG("%s", hdev->name);
5563
5564 memset(&rp, 0, sizeof(rp));
5565 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5566 rp.addr.type = cp->addr.type;
5567
5568 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5569 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5570 MGMT_STATUS_INVALID_PARAMS,
5571 &rp, sizeof(rp));
dd983808
AK		 5572
5573 hci_dev_lock(hdev);
5574
5575 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5576 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5577 MGMT_STATUS_NOT_POWERED, &rp,
5578 sizeof(rp));
dd983808
AK		 5579 goto unlock;
5580 }
5581
5582 if (cp->addr.type == BDADDR_BREDR)
5583 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5584 &cp->addr.bdaddr);
5585 else
5586 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5587
5588 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5589 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5590 MGMT_STATUS_NOT_CONNECTED, &rp,
5591 sizeof(rp));
dd983808
AK		 5592 goto unlock;
5593 }
5594
333ae95d 5595 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5596 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5597 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5598 goto unlock;
5599 }
5600
dd983808
AK		 5601 /* To avoid client trying to guess when to poll again for information we
5602 * calculate conn info age as random value between min/max set in hdev.
5603 */
5604 conn_info_age = hdev->conn_info_min_age +
5605 prandom_u32_max(hdev->conn_info_max_age -
5606 hdev->conn_info_min_age);
5607
5608 /* Query controller to refresh cached values if they are too old or were
5609 * never read.
5610 */
f4e2dd53
AK		 5611 if (time_after(jiffies, conn->conn_info_timestamp +
5612 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5613 !conn->conn_info_timestamp) {
5614 struct hci_request req;
5615 struct hci_cp_read_tx_power req_txp_cp;
5616 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5617 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5618
5619 hci_req_init(&req, hdev);
5620 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5621 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5622 &req_rssi_cp);
5623
f7faab0c
AK		 5624 /* For LE links TX power does not change thus we don't need to
5625 * query for it once value is known.
5626 */
5627 if (!bdaddr_type_is_le(cp->addr.type) ||
5628 conn->tx_power == HCI_TX_POWER_INVALID) {
5629 req_txp_cp.handle = cpu_to_le16(conn->handle);
5630 req_txp_cp.type = 0x00;
5631 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5632 sizeof(req_txp_cp), &req_txp_cp);
5633 }
dd983808 5634
eed5daf3
AK		 5635 /* Max TX power needs to be read only once per connection */
5636 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5637 req_txp_cp.handle = cpu_to_le16(conn->handle);
5638 req_txp_cp.type = 0x01;
5639 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5640 sizeof(req_txp_cp), &req_txp_cp);
5641 }
5642
dd983808
AK		 5643 err = hci_req_run(&req, conn_info_refresh_complete);
5644 if (err < 0)
5645 goto unlock;
5646
5647 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5648 data, len);
5649 if (!cmd) {
5650 err = -ENOMEM;
5651 goto unlock;
5652 }
5653
5654 hci_conn_hold(conn);
f8aaf9b6 5655 cmd->user_data = hci_conn_get(conn);
9981bdb0 5656 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5657
5658 conn->conn_info_timestamp = jiffies;
5659 } else {
5660 /* Cache is valid, just reply with values cached in hci_conn */
5661 rp.rssi = conn->rssi;
5662 rp.tx_power = conn->tx_power;
eed5daf3 5663 rp.max_tx_power = conn->max_tx_power;
dd983808 5664
2a1afb5a
JH		 5665 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5666 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5667 }
5668
5669unlock:
5670 hci_dev_unlock(hdev);
5671 return err;
5672}
5673
3b0602cd 5674static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5675{
69487371 5676 struct hci_conn *conn = cmd->user_data;
95868426 5677 struct mgmt_rp_get_clock_info rp;
69487371 5678 struct hci_dev *hdev;
9df74653 5679 int err;
69487371
JH		 5680
5681 memset(&rp, 0, sizeof(rp));
5682 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5683
5684 if (status)
5685 goto complete;
5686
5687 hdev = hci_dev_get(cmd->index);
5688 if (hdev) {
5689 rp.local_clock = cpu_to_le32(hdev->clock);
5690 hci_dev_put(hdev);
5691 }
5692
5693 if (conn) {
5694 rp.piconet_clock = cpu_to_le32(conn->clock);
5695 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5696 }
5697
5698complete:
2a1afb5a
JH		 5699 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5700 sizeof(rp));
69487371
JH		 5701
5702 if (conn) {
5703 hci_conn_drop(conn);
5704 hci_conn_put(conn);
5705 }
9df74653
JH		 5706
5707 return err;
69487371
JH		 5708}
5709
1904a853 5710static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5711{
95868426 5712 struct hci_cp_read_clock *hci_cp;
3b0602cd 5713 struct mgmt_pending_cmd *cmd;
95868426
JH		 5714 struct hci_conn *conn;
5715
5716 BT_DBG("%s status %u", hdev->name, status);
5717
5718 hci_dev_lock(hdev);
5719
5720 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5721 if (!hci_cp)
5722 goto unlock;
5723
5724 if (hci_cp->which) {
5725 u16 handle = __le16_to_cpu(hci_cp->handle);
5726 conn = hci_conn_hash_lookup_handle(hdev, handle);
5727 } else {
5728 conn = NULL;
5729 }
5730
333ae95d 5731 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
95868426
JH		 5732 if (!cmd)
5733 goto unlock;
5734
69487371 5735 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5736 mgmt_pending_remove(cmd);
95868426
JH		 5737
5738unlock:
5739 hci_dev_unlock(hdev);
5740}
5741
5742static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5743 u16 len)
5744{
5745 struct mgmt_cp_get_clock_info *cp = data;
5746 struct mgmt_rp_get_clock_info rp;
5747 struct hci_cp_read_clock hci_cp;
3b0602cd 5748 struct mgmt_pending_cmd *cmd;
95868426
JH		 5749 struct hci_request req;
5750 struct hci_conn *conn;
5751 int err;
5752
5753 BT_DBG("%s", hdev->name);
5754
5755 memset(&rp, 0, sizeof(rp));
5756 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5757 rp.addr.type = cp->addr.type;
5758
5759 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5760 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5761 MGMT_STATUS_INVALID_PARAMS,
5762 &rp, sizeof(rp));
95868426
JH		 5763
5764 hci_dev_lock(hdev);
5765
5766 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5767 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5768 MGMT_STATUS_NOT_POWERED, &rp,
5769 sizeof(rp));
95868426
JH		 5770 goto unlock;
5771 }
5772
5773 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5774 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5775 &cp->addr.bdaddr);
5776 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5777 err = mgmt_cmd_complete(sk, hdev->id,
5778 MGMT_OP_GET_CLOCK_INFO,
5779 MGMT_STATUS_NOT_CONNECTED,
5780 &rp, sizeof(rp));
95868426
JH		 5781 goto unlock;
5782 }
5783 } else {
5784 conn = NULL;
5785 }
5786
5787 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5788 if (!cmd) {
5789 err = -ENOMEM;
5790 goto unlock;
5791 }
5792
69487371
JH		 5793 cmd->cmd_complete = clock_info_cmd_complete;
5794
95868426
JH		 5795 hci_req_init(&req, hdev);
5796
5797 memset(&hci_cp, 0, sizeof(hci_cp));
5798 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5799
5800 if (conn) {
5801 hci_conn_hold(conn);
f8aaf9b6 5802 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5803
5804 hci_cp.handle = cpu_to_le16(conn->handle);
5805 hci_cp.which = 0x01; /* Piconet clock */
5806 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5807 }
5808
5809 err = hci_req_run(&req, get_clock_info_complete);
5810 if (err < 0)
5811 mgmt_pending_remove(cmd);
5812
5813unlock:
5814 hci_dev_unlock(hdev);
5815 return err;
5816}
5817
5a154e6f
JH		 5818static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5819{
5820 struct hci_conn *conn;
5821
5822 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5823 if (!conn)
5824 return false;
5825
5826 if (conn->dst_type != type)
5827 return false;
5828
5829 if (conn->state != BT_CONNECTED)
5830 return false;
5831
5832 return true;
5833}
5834
5835/* This function requires the caller holds hdev->lock */
51d7a94d 5836static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5a154e6f
JH		 5837 u8 addr_type, u8 auto_connect)
5838{
5a154e6f
JH		 5839 struct hci_conn_params *params;
5840
5841 params = hci_conn_params_add(hdev, addr, addr_type);
5842 if (!params)
5843 return -EIO;
5844
5845 if (params->auto_connect == auto_connect)
5846 return 0;
5847
5848 list_del_init(&params->action);
5849
5850 switch (auto_connect) {
5851 case HCI_AUTO_CONN_DISABLED:
5852 case HCI_AUTO_CONN_LINK_LOSS:
28a667c9
JP		 5853 /* If auto connect is being disabled when we're trying to
5854 * connect to device, keep connecting.
5855 */
5856 if (params->explicit_connect)
5857 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5858 break;
5859 case HCI_AUTO_CONN_REPORT:
49c50922
JH		 5860 if (params->explicit_connect)
5861 list_add(&params->action, &hdev->pend_le_conns);
5862 else
5863 list_add(&params->action, &hdev->pend_le_reports);
5a154e6f
JH		 5864 break;
5865 case HCI_AUTO_CONN_DIRECT:
5866 case HCI_AUTO_CONN_ALWAYS:
51d7a94d 5867 if (!is_connected(hdev, addr, addr_type))
5a154e6f 5868 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5869 break;
5870 }
5871
5872 params->auto_connect = auto_connect;
5873
5874 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5875 auto_connect);
5876
5877 return 0;
5878}
5879
8afef092
MH		 5880static void device_added(struct sock *sk, struct hci_dev *hdev,
5881 bdaddr_t *bdaddr, u8 type, u8 action)
5882{
5883 struct mgmt_ev_device_added ev;
5884
5885 bacpy(&ev.addr.bdaddr, bdaddr);
5886 ev.addr.type = type;
5887 ev.action = action;
5888
5889 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5890}
5891
2faade53
MH		 5892static int add_device(struct sock *sk, struct hci_dev *hdev,
5893 void *data, u16 len)
5894{
5895 struct mgmt_cp_add_device *cp = data;
5896 u8 auto_conn, addr_type;
5897 int err;
5898
5899 BT_DBG("%s", hdev->name);
5900
6659358e 5901 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5902 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5903 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5904 MGMT_STATUS_INVALID_PARAMS,
5905 &cp->addr, sizeof(cp->addr));
2faade53 5906
4b9e7e75 5907 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5908 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5909 MGMT_STATUS_INVALID_PARAMS,
5910 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5911
5912 hci_dev_lock(hdev);
5913
6659358e 5914 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5915 /* Only incoming connections action is supported for now */
6659358e 5916 if (cp->action != 0x01) {
51d7a94d
JH		 5917 err = mgmt_cmd_complete(sk, hdev->id,
5918 MGMT_OP_ADD_DEVICE,
5919 MGMT_STATUS_INVALID_PARAMS,
5920 &cp->addr, sizeof(cp->addr));
6659358e
JH		 5921 goto unlock;
5922 }
5923
5924 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5925 cp->addr.type);
5926 if (err)
5927 goto unlock;
a397407f 5928
2f274981 5929 hci_update_page_scan(hdev);
a397407f 5930
6659358e
JH		 5931 goto added;
5932 }
5933
85813a7e 5934 addr_type = le_addr_type(cp->addr.type);
2faade53 5935
4b9e7e75 5936 if (cp->action == 0x02)
2faade53 5937 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5938 else if (cp->action == 0x01)
5939 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5940 else
a3451d27 5941 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5942
9a0a8a8e
JP		 5943 /* Kernel internally uses conn_params with resolvable private
5944 * address, but Add Device allows only identity addresses.
5945 * Make sure it is enforced before calling
5946 * hci_conn_params_lookup.
5947 */
5948 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5949 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5950 MGMT_STATUS_INVALID_PARAMS,
5951 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5952 goto unlock;
5953 }
5954
bf5b3c8b
MH		 5955 /* If the connection parameters don't exist for this device,
5956 * they will be created and configured with defaults.
5957 */
51d7a94d 5958 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
d06b50ce 5959 auto_conn) < 0) {
51d7a94d
JH		 5960 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5961 MGMT_STATUS_FAILED, &cp->addr,
5962 sizeof(cp->addr));
2faade53
MH		 5963 goto unlock;
5964 }
5965
51d7a94d
JH		 5966 hci_update_background_scan(hdev);
5967
6659358e 5968added:
8afef092
MH		 5969 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5970
51d7a94d
JH		 5971 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5972 MGMT_STATUS_SUCCESS, &cp->addr,
5973 sizeof(cp->addr));
2faade53
MH		 5974
5975unlock:
5976 hci_dev_unlock(hdev);
5977 return err;
5978}
5979
8afef092
MH		 5980static void device_removed(struct sock *sk, struct hci_dev *hdev,
5981 bdaddr_t *bdaddr, u8 type)
5982{
5983 struct mgmt_ev_device_removed ev;
5984
5985 bacpy(&ev.addr.bdaddr, bdaddr);
5986 ev.addr.type = type;
5987
5988 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5989}
5990
2faade53
MH		 5991static int remove_device(struct sock *sk, struct hci_dev *hdev,
5992 void *data, u16 len)
5993{
5994 struct mgmt_cp_remove_device *cp = data;
5995 int err;
5996
5997 BT_DBG("%s", hdev->name);
5998
5999 hci_dev_lock(hdev);
6000
6001 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 6002 struct hci_conn_params *params;
2faade53
MH		 6003 u8 addr_type;
6004
6659358e 6005 if (!bdaddr_type_is_valid(cp->addr.type)) {
51d7a94d
JH		 6006 err = mgmt_cmd_complete(sk, hdev->id,
6007 MGMT_OP_REMOVE_DEVICE,
6008 MGMT_STATUS_INVALID_PARAMS,
6009 &cp->addr, sizeof(cp->addr));
2faade53
MH		 6010 goto unlock;
6011 }
6012
6659358e
JH		 6013 if (cp->addr.type == BDADDR_BREDR) {
6014 err = hci_bdaddr_list_del(&hdev->whitelist,
6015 &cp->addr.bdaddr,
6016 cp->addr.type);
6017 if (err) {
51d7a94d
JH		 6018 err = mgmt_cmd_complete(sk, hdev->id,
6019 MGMT_OP_REMOVE_DEVICE,
6020 MGMT_STATUS_INVALID_PARAMS,
6021 &cp->addr,
6022 sizeof(cp->addr));
6659358e
JH		 6023 goto unlock;
6024 }
6025
51d7a94d 6026 hci_update_page_scan(hdev);
a397407f 6027
6659358e
JH		 6028 device_removed(sk, hdev, &cp->addr.bdaddr,
6029 cp->addr.type);
6030 goto complete;
6031 }
6032
85813a7e 6033 addr_type = le_addr_type(cp->addr.type);
2faade53 6034
9a0a8a8e
JP		 6035 /* Kernel internally uses conn_params with resolvable private
6036 * address, but Remove Device allows only identity addresses.
6037 * Make sure it is enforced before calling
6038 * hci_conn_params_lookup.
6039 */
6040 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 6041 err = mgmt_cmd_complete(sk, hdev->id,
6042 MGMT_OP_REMOVE_DEVICE,
6043 MGMT_STATUS_INVALID_PARAMS,
6044 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 6045 goto unlock;
6046 }
6047
c71593dd
JH		 6048 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6049 addr_type);
6050 if (!params) {
51d7a94d
JH		 6051 err = mgmt_cmd_complete(sk, hdev->id,
6052 MGMT_OP_REMOVE_DEVICE,
6053 MGMT_STATUS_INVALID_PARAMS,
6054 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 6055 goto unlock;
6056 }
6057
679d2b6f
JH		 6058 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
6059 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
51d7a94d
JH		 6060 err = mgmt_cmd_complete(sk, hdev->id,
6061 MGMT_OP_REMOVE_DEVICE,
6062 MGMT_STATUS_INVALID_PARAMS,
6063 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 6064 goto unlock;
6065 }
6066
d1dbf12e 6067 list_del(&params->action);
c71593dd
JH		 6068 list_del(&params->list);
6069 kfree(params);
51d7a94d 6070 hci_update_background_scan(hdev);
8afef092
MH		 6071
6072 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 6073 } else {
19de0825 6074 struct hci_conn_params *p, *tmp;
6659358e 6075 struct bdaddr_list *b, *btmp;
19de0825 6076
2faade53 6077 if (cp->addr.type) {
51d7a94d
JH		 6078 err = mgmt_cmd_complete(sk, hdev->id,
6079 MGMT_OP_REMOVE_DEVICE,
6080 MGMT_STATUS_INVALID_PARAMS,
6081 &cp->addr, sizeof(cp->addr));
2faade53
MH		 6082 goto unlock;
6083 }
6084
6659358e
JH		 6085 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6086 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6087 list_del(&b->list);
6088 kfree(b);
6089 }
6090
51d7a94d 6091 hci_update_page_scan(hdev);
a397407f 6092
19de0825
JH		 6093 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6094 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6095 continue;
6096 device_removed(sk, hdev, &p->addr, p->addr_type);
679d2b6f
JH		 6097 if (p->explicit_connect) {
6098 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
6099 continue;
6100 }
19de0825
JH		 6101 list_del(&p->action);
6102 list_del(&p->list);
6103 kfree(p);
6104 }
6105
6106 BT_DBG("All LE connection parameters were removed");
6107
51d7a94d 6108 hci_update_background_scan(hdev);
2faade53
MH		 6109 }
6110
6659358e 6111complete:
51d7a94d
JH		 6112 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
6113 MGMT_STATUS_SUCCESS, &cp->addr,
6114 sizeof(cp->addr));
2faade53
MH		 6115unlock:
6116 hci_dev_unlock(hdev);
6117 return err;
6118}
6119
a26f3dcf
JH		 6120static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6121 u16 len)
6122{
6123 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 6124 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6125 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 6126 u16 param_count, expected_len;
6127 int i;
6128
6129 if (!lmp_le_capable(hdev))
a69e8375
JH		 6130 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6131 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 6132
6133 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 6134 if (param_count > max_param_count) {
6135 BT_ERR("load_conn_param: too big param_count value %u",
6136 param_count);
a69e8375
JH		 6137 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6138 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 6139 }
a26f3dcf
JH		 6140
6141 expected_len = sizeof(*cp) + param_count *
6142 sizeof(struct mgmt_conn_param);
6143 if (expected_len != len) {
6144 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6145 expected_len, len);
a69e8375
JH		 6146 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6147 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 6148 }
6149
6150 BT_DBG("%s param_count %u", hdev->name, param_count);
6151
6152 hci_dev_lock(hdev);
6153
6154 hci_conn_params_clear_disabled(hdev);
6155
6156 for (i = 0; i < param_count; i++) {
6157 struct mgmt_conn_param *param = &cp->params[i];
6158 struct hci_conn_params *hci_param;
6159 u16 min, max, latency, timeout;
6160 u8 addr_type;
6161
6162 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
6163 param->addr.type);
6164
6165 if (param->addr.type == BDADDR_LE_PUBLIC) {
6166 addr_type = ADDR_LE_DEV_PUBLIC;
6167 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6168 addr_type = ADDR_LE_DEV_RANDOM;
6169 } else {
6170 BT_ERR("Ignoring invalid connection parameters");
6171 continue;
6172 }
6173
6174 min = le16_to_cpu(param->min_interval);
6175 max = le16_to_cpu(param->max_interval);
6176 latency = le16_to_cpu(param->latency);
6177 timeout = le16_to_cpu(param->timeout);
6178
6179 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6180 min, max, latency, timeout);
6181
6182 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6183 BT_ERR("Ignoring invalid connection parameters");
6184 continue;
6185 }
6186
6187 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
6188 addr_type);
6189 if (!hci_param) {
6190 BT_ERR("Failed to add connection parameters");
6191 continue;
6192 }
6193
6194 hci_param->conn_min_interval = min;
6195 hci_param->conn_max_interval = max;
6196 hci_param->conn_latency = latency;
6197 hci_param->supervision_timeout = timeout;
6198 }
6199
6200 hci_dev_unlock(hdev);
6201
2a1afb5a
JH		 6202 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6203 NULL, 0);
a26f3dcf
JH		 6204}
6205
dbece37a
MH		 6206static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6207 void *data, u16 len)
6208{
6209 struct mgmt_cp_set_external_config *cp = data;
6210 bool changed;
6211 int err;
6212
6213 BT_DBG("%s", hdev->name);
6214
6215 if (hdev_is_powered(hdev))
a69e8375
JH		 6216 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6217 MGMT_STATUS_REJECTED);
dbece37a
MH		 6218
6219 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 6220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6221 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 6222
6223 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 6224 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6225 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 6226
6227 hci_dev_lock(hdev);
6228
6229 if (cp->config)
238be788 6230 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 6231 else
a69d8927 6232 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 6233
6234 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6235 if (err < 0)
6236 goto unlock;
6237
6238 if (!changed)
6239 goto unlock;
6240
f4537c04
MH		 6241 err = new_options(hdev, sk);
6242
d7a5a11d 6243 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 6244 mgmt_index_removed(hdev);
d603b76b 6245
516018a9 6246 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 6247 hci_dev_set_flag(hdev, HCI_CONFIG);
6248 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 6249
6250 queue_work(hdev->req_workqueue, &hdev->power_on);
6251 } else {
5ea234d3 6252 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6253 mgmt_index_added(hdev);
6254 }
dbece37a
MH		 6255 }
6256
6257unlock:
6258 hci_dev_unlock(hdev);
6259 return err;
6260}
6261
9713c17b
MH		 6262static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6263 void *data, u16 len)
6264{
6265 struct mgmt_cp_set_public_address *cp = data;
6266 bool changed;
6267 int err;
6268
6269 BT_DBG("%s", hdev->name);
6270
6271 if (hdev_is_powered(hdev))
a69e8375
JH		 6272 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6273 MGMT_STATUS_REJECTED);
9713c17b
MH		 6274
6275 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 6276 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6277 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 6278
6279 if (!hdev->set_bdaddr)
a69e8375
JH		 6280 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6281 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 6282
6283 hci_dev_lock(hdev);
6284
6285 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6286 bacpy(&hdev->public_addr, &cp->bdaddr);
6287
6288 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6289 if (err < 0)
6290 goto unlock;
6291
6292 if (!changed)
6293 goto unlock;
6294
d7a5a11d 6295 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 6296 err = new_options(hdev, sk);
6297
6298 if (is_configured(hdev)) {
6299 mgmt_index_removed(hdev);
6300
a358dc11 6301 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 6302
a1536da2
MH		 6303 hci_dev_set_flag(hdev, HCI_CONFIG);
6304 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 6305
6306 queue_work(hdev->req_workqueue, &hdev->power_on);
6307 }
6308
6309unlock:
6310 hci_dev_unlock(hdev);
6311 return err;
6312}
6313
bea41609
MH		 6314static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6315 u8 data_len)
6316{
6317 eir[eir_len++] = sizeof(type) + data_len;
6318 eir[eir_len++] = type;
6319 memcpy(&eir[eir_len], data, data_len);
6320 eir_len += data_len;
6321
6322 return eir_len;
6323}
6324
40f66c05
JH		 6325static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6326 u16 opcode, struct sk_buff *skb)
6327{
6328 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6329 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6330 u8 *h192, *r192, *h256, *r256;
6331 struct mgmt_pending_cmd *cmd;
6332 u16 eir_len;
6333 int err;
6334
6335 BT_DBG("%s status %u", hdev->name, status);
6336
6337 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6338 if (!cmd)
6339 return;
6340
6341 mgmt_cp = cmd->param;
6342
6343 if (status) {
6344 status = mgmt_status(status);
6345 eir_len = 0;
6346
6347 h192 = NULL;
6348 r192 = NULL;
6349 h256 = NULL;
6350 r256 = NULL;
6351 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6352 struct hci_rp_read_local_oob_data *rp;
6353
6354 if (skb->len != sizeof(*rp)) {
6355 status = MGMT_STATUS_FAILED;
6356 eir_len = 0;
6357 } else {
6358 status = MGMT_STATUS_SUCCESS;
6359 rp = (void *)skb->data;
6360
6361 eir_len = 5 + 18 + 18;
6362 h192 = rp->hash;
6363 r192 = rp->rand;
6364 h256 = NULL;
6365 r256 = NULL;
6366 }
6367 } else {
6368 struct hci_rp_read_local_oob_ext_data *rp;
6369
6370 if (skb->len != sizeof(*rp)) {
6371 status = MGMT_STATUS_FAILED;
6372 eir_len = 0;
6373 } else {
6374 status = MGMT_STATUS_SUCCESS;
6375 rp = (void *)skb->data;
6376
6377 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6378 eir_len = 5 + 18 + 18;
6379 h192 = NULL;
6380 r192 = NULL;
6381 } else {
6382 eir_len = 5 + 18 + 18 + 18 + 18;
6383 h192 = rp->hash192;
6384 r192 = rp->rand192;
6385 }
6386
6387 h256 = rp->hash256;
6388 r256 = rp->rand256;
6389 }
6390 }
6391
6392 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6393 if (!mgmt_rp)
6394 goto done;
6395
6396 if (status)
6397 goto send_rsp;
6398
6399 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6400 hdev->dev_class, 3);
6401
6402 if (h192 && r192) {
6403 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6404 EIR_SSP_HASH_C192, h192, 16);
6405 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6406 EIR_SSP_RAND_R192, r192, 16);
6407 }
6408
6409 if (h256 && r256) {
6410 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6411 EIR_SSP_HASH_C256, h256, 16);
6412 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6413 EIR_SSP_RAND_R256, r256, 16);
6414 }
6415
6416send_rsp:
6417 mgmt_rp->type = mgmt_cp->type;
6418 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6419
6420 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6421 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6422 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6423 if (err < 0 || status)
6424 goto done;
6425
6426 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6427
6428 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6429 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6430 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6431done:
6432 kfree(mgmt_rp);
6433 mgmt_pending_remove(cmd);
6434}
6435
6436static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6437 struct mgmt_cp_read_local_oob_ext_data *cp)
6438{
6439 struct mgmt_pending_cmd *cmd;
6440 struct hci_request req;
6441 int err;
6442
6443 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6444 cp, sizeof(*cp));
6445 if (!cmd)
6446 return -ENOMEM;
6447
6448 hci_req_init(&req, hdev);
6449
6450 if (bredr_sc_enabled(hdev))
6451 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6452 else
6453 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6454
6455 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6456 if (err < 0) {
6457 mgmt_pending_remove(cmd);
6458 return err;
6459 }
6460
6461 return 0;
6462}
6463
4f0f155c
MH		 6464static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6465 void *data, u16 data_len)
6466{
6467 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6468 struct mgmt_rp_read_local_oob_ext_data *rp;
6469 size_t rp_len;
6470 u16 eir_len;
0821a2c5 6471 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 6472 int err;
6473
6474 BT_DBG("%s", hdev->name);
6475
57b0d3e8
MH		 6476 if (hdev_is_powered(hdev)) {
6477 switch (cp->type) {
6478 case BIT(BDADDR_BREDR):
6479 status = mgmt_bredr_support(hdev);
6480 if (status)
6481 eir_len = 0;
6482 else
6483 eir_len = 5;
6484 break;
6485 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6486 status = mgmt_le_support(hdev);
6487 if (status)
6488 eir_len = 0;
6489 else
6490 eir_len = 9 + 3 + 18 + 18 + 3;
6491 break;
6492 default:
6493 status = MGMT_STATUS_INVALID_PARAMS;
6494 eir_len = 0;
6495 break;
6496 }
6497 } else {
6498 status = MGMT_STATUS_NOT_POWERED;
6499 eir_len = 0;
4f0f155c
MH		 6500 }
6501
4f0f155c
MH		 6502 rp_len = sizeof(*rp) + eir_len;
6503 rp = kmalloc(rp_len, GFP_ATOMIC);
efcd8c98 6504 if (!rp)
4f0f155c 6505 return -ENOMEM;
efcd8c98 6506
57b0d3e8
MH		 6507 if (status)
6508 goto complete;
6509
efcd8c98 6510 hci_dev_lock(hdev);
4f0f155c
MH		 6511
6512 eir_len = 0;
6513 switch (cp->type) {
6514 case BIT(BDADDR_BREDR):
40f66c05
JH		 6515 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6516 err = read_local_ssp_oob_req(hdev, sk, cp);
6517 hci_dev_unlock(hdev);
6518 if (!err)
6519 goto done;
6520
6521 status = MGMT_STATUS_FAILED;
6522 goto complete;
6523 } else {
6524 eir_len = eir_append_data(rp->eir, eir_len,
6525 EIR_CLASS_OF_DEV,
6526 hdev->dev_class, 3);
6527 }
4f0f155c
MH		 6528 break;
6529 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 6530 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6531 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5 6532 hci_dev_unlock(hdev);
57b0d3e8
MH		 6533 status = MGMT_STATUS_FAILED;
6534 goto complete;
0821a2c5
MH		 6535 }
6536
e213568a
MH		 6537 /* This should return the active RPA, but since the RPA
6538 * is only programmed on demand, it is really hard to fill
6539 * this in at the moment. For now disallow retrieving
6540 * local out-of-band data when privacy is in use.
6541 *
6542 * Returning the identity address will not help here since
6543 * pairing happens before the identity resolving key is
6544 * known and thus the connection establishment happens
6545 * based on the RPA and not the identity address.
6546 */
4f0f155c 6547 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
e213568a
MH		 6548 hci_dev_unlock(hdev);
6549 status = MGMT_STATUS_REJECTED;
6550 goto complete;
6551 }
6552
6553 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6554 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6555 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6556 bacmp(&hdev->static_addr, BDADDR_ANY))) {
4f0f155c
MH		 6557 memcpy(addr, &hdev->static_addr, 6);
6558 addr[6] = 0x01;
6559 } else {
6560 memcpy(addr, &hdev->bdaddr, 6);
6561 addr[6] = 0x00;
6562 }
6563
6564 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6565 addr, sizeof(addr));
6566
6567 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6568 role = 0x02;
6569 else
6570 role = 0x01;
6571
6572 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6573 &role, sizeof(role));
6574
5082a599
MH		 6575 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6576 eir_len = eir_append_data(rp->eir, eir_len,
6577 EIR_LE_SC_CONFIRM,
6578 hash, sizeof(hash));
0821a2c5 6579
5082a599
MH		 6580 eir_len = eir_append_data(rp->eir, eir_len,
6581 EIR_LE_SC_RANDOM,
6582 rand, sizeof(rand));
6583 }
0821a2c5 6584
4f0f155c
MH		 6585 flags = get_adv_discov_flags(hdev);
6586
6587 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6588 flags |= LE_AD_NO_BREDR;
6589
6590 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6591 &flags, sizeof(flags));
6592 break;
6593 }
6594
4f0f155c
MH		 6595 hci_dev_unlock(hdev);
6596
72000df2
MH		 6597 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6598
57b0d3e8
MH		 6599 status = MGMT_STATUS_SUCCESS;
6600
6601complete:
efcd8c98
MH		 6602 rp->type = cp->type;
6603 rp->eir_len = cpu_to_le16(eir_len);
6604
4f0f155c 6605 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
57b0d3e8
MH		 6606 status, rp, sizeof(*rp) + eir_len);
6607 if (err < 0 || status)
72000df2
MH		 6608 goto done;
6609
6610 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6611 rp, sizeof(*rp) + eir_len,
6612 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 6613
0821a2c5 6614done:
4f0f155c
MH		 6615 kfree(rp);
6616
6617 return err;
6618}
6619
089fa8c0
AU		 6620static u32 get_supported_adv_flags(struct hci_dev *hdev)
6621{
6622 u32 flags = 0;
6623
6624 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6625 flags |= MGMT_ADV_FLAG_DISCOV;
6626 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6627 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6628
6629 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
6630 flags |= MGMT_ADV_FLAG_TX_POWER;
6631
6632 return flags;
6633}
6634
d3d5305b
MH		 6635static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6636 void *data, u16 data_len)
6637{
6638 struct mgmt_rp_read_adv_features *rp;
6639 size_t rp_len;
286e0c83 6640 int err, i;
24b4f38f 6641 bool instance;
286e0c83 6642 struct adv_info *adv_instance;
089fa8c0 6643 u32 supported_flags;
d3d5305b
MH		 6644
6645 BT_DBG("%s", hdev->name);
6646
089fa8c0
AU		 6647 if (!lmp_le_capable(hdev))
6648 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6649 MGMT_STATUS_REJECTED);
6650
d3d5305b
MH		 6651 hci_dev_lock(hdev);
6652
6653 rp_len = sizeof(*rp);
24b4f38f 6654
24b4f38f
AU		 6655 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
6656 if (instance)
286e0c83 6657 rp_len += hdev->adv_instance_cnt;
24b4f38f 6658
d3d5305b
MH		 6659 rp = kmalloc(rp_len, GFP_ATOMIC);
6660 if (!rp) {
6661 hci_dev_unlock(hdev);
6662 return -ENOMEM;
6663 }
6664
089fa8c0
AU		 6665 supported_flags = get_supported_adv_flags(hdev);
6666
6667 rp->supported_flags = cpu_to_le32(supported_flags);
dc5d82a9
MH		 6668 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6669 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
d2609b34 6670 rp->max_instances = HCI_MAX_ADV_INSTANCES;
24b4f38f 6671
24b4f38f 6672 if (instance) {
286e0c83
FG		 6673 i = 0;
6674 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6675 if (i >= hdev->adv_instance_cnt)
6676 break;
6677
6678 rp->instance[i] = adv_instance->instance;
6679 i++;
6680 }
6681 rp->num_instances = hdev->adv_instance_cnt;
24b4f38f
AU		 6682 } else {
6683 rp->num_instances = 0;
6684 }
d3d5305b
MH		 6685
6686 hci_dev_unlock(hdev);
6687
6688 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6689 MGMT_STATUS_SUCCESS, rp, rp_len);
6690
6691 kfree(rp);
6692
6693 return err;
6694}
6695
4117ed70 6696static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
b44133ff 6697 u8 len, bool is_adv_data)
24b4f38f 6698{
4117ed70 6699 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f 6700 int i, cur_len;
b44133ff 6701 bool flags_managed = false;
5507e358 6702 bool tx_power_managed = false;
24b4f38f 6703
31a3248d
MH		 6704 if (is_adv_data) {
6705 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6706 MGMT_ADV_FLAG_LIMITED_DISCOV |
6707 MGMT_ADV_FLAG_MANAGED_FLAGS)) {
6708 flags_managed = true;
6709 max_len -= 3;
6710 }
24b4f38f 6711
31a3248d
MH		 6712 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) {
6713 tx_power_managed = true;
6714 max_len -= 3;
6715 }
5507e358
AU		 6716 }
6717
4117ed70 6718 if (len > max_len)
24b4f38f
AU		 6719 return false;
6720
4117ed70
AU		 6721 /* Make sure that the data is correctly formatted. */
6722 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6723 cur_len = data[i];
24b4f38f 6724
b44133ff
AU		 6725 if (flags_managed && data[i + 1] == EIR_FLAGS)
6726 return false;
6727
5507e358
AU		 6728 if (tx_power_managed && data[i + 1] == EIR_TX_POWER)
6729 return false;
6730
24b4f38f
AU		 6731 /* If the current field length would exceed the total data
6732 * length, then it's invalid.
6733 */
4117ed70 6734 if (i + cur_len >= len)
24b4f38f
AU		 6735 return false;
6736 }
6737
6738 return true;
6739}
6740
24b4f38f
AU		 6741static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6742 u16 opcode)
6743{
6744 struct mgmt_pending_cmd *cmd;
fffd38bc 6745 struct mgmt_cp_add_advertising *cp;
24b4f38f 6746 struct mgmt_rp_add_advertising rp;
fffd38bc
FG		 6747 struct adv_info *adv_instance, *n;
6748 u8 instance;
24b4f38f
AU		 6749
6750 BT_DBG("status %d", status);
6751
6752 hci_dev_lock(hdev);
6753
6754 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6755
fffd38bc 6756 if (status)
24b4f38f 6757 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
fffd38bc
FG		 6758
6759 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6760 if (!adv_instance->pending)
6761 continue;
6762
6763 if (!status) {
6764 adv_instance->pending = false;
6765 continue;
6766 }
6767
6768 instance = adv_instance->instance;
6769
6770 if (hdev->cur_adv_instance == instance)
6771 cancel_adv_timeout(hdev);
6772
6773 hci_remove_adv_instance(hdev, instance);
6774 advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
24b4f38f
AU		 6775 }
6776
6777 if (!cmd)
6778 goto unlock;
6779
fffd38bc
FG		 6780 cp = cmd->param;
6781 rp.instance = cp->instance;
24b4f38f
AU		 6782
6783 if (status)
6784 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6785 mgmt_status(status));
6786 else
6787 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6788 mgmt_status(status), &rp, sizeof(rp));
6789
6790 mgmt_pending_remove(cmd);
6791
6792unlock:
6793 hci_dev_unlock(hdev);
6794}
6795
5d900e46 6796void mgmt_adv_timeout_expired(struct hci_dev *hdev)
912098a6 6797{
847818d9
FG		 6798 u8 instance;
6799 struct hci_request req;
6800
5d900e46 6801 hdev->adv_instance_timeout = 0;
912098a6 6802
847818d9
FG		 6803 instance = get_current_adv_instance(hdev);
6804 if (instance == 0x00)
6805 return;
6806
912098a6 6807 hci_dev_lock(hdev);
847818d9
FG		 6808 hci_req_init(&req, hdev);
6809
6810 clear_adv_instance(hdev, &req, instance, false);
6811
6812 if (list_empty(&hdev->adv_instances))
6813 disable_advertising(&req);
6814
6815 if (!skb_queue_empty(&req.cmd_q))
6816 hci_req_run(&req, NULL);
6817
912098a6
AU		 6818 hci_dev_unlock(hdev);
6819}
6820
24b4f38f
AU		 6821static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6822 void *data, u16 data_len)
6823{
6824 struct mgmt_cp_add_advertising *cp = data;
6825 struct mgmt_rp_add_advertising rp;
6826 u32 flags;
089fa8c0 6827 u32 supported_flags;
24b4f38f 6828 u8 status;
fffd38bc
FG		 6829 u16 timeout, duration;
6830 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6831 u8 schedule_instance = 0;
6832 struct adv_info *next_instance;
24b4f38f
AU		 6833 int err;
6834 struct mgmt_pending_cmd *cmd;
6835 struct hci_request req;
6836
6837 BT_DBG("%s", hdev->name);
6838
6839 status = mgmt_le_support(hdev);
6840 if (status)
6841 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6842 status);
6843
ceff86af
MH		 6844 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6845 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6846 MGMT_STATUS_INVALID_PARAMS);
6847
24b4f38f 6848 flags = __le32_to_cpu(cp->flags);
912098a6 6849 timeout = __le16_to_cpu(cp->timeout);
fffd38bc 6850 duration = __le16_to_cpu(cp->duration);
24b4f38f 6851
fffd38bc
FG		 6852 /* The current implementation only supports a subset of the specified
6853 * flags.
089fa8c0
AU		 6854 */
6855 supported_flags = get_supported_adv_flags(hdev);
fffd38bc 6856 if (flags & ~supported_flags)
24b4f38f
AU		 6857 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6858 MGMT_STATUS_INVALID_PARAMS);
6859
6860 hci_dev_lock(hdev);
6861
912098a6
AU		 6862 if (timeout && !hdev_is_powered(hdev)) {
6863 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6864 MGMT_STATUS_REJECTED);
6865 goto unlock;
6866 }
6867
24b4f38f 6868 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
da929335 6869 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
24b4f38f
AU		 6870 pending_find(MGMT_OP_SET_LE, hdev)) {
6871 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6872 MGMT_STATUS_BUSY);
6873 goto unlock;
6874 }
6875
b44133ff 6876 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
4117ed70 6877 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
b44133ff 6878 cp->scan_rsp_len, false)) {
24b4f38f
AU		 6879 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6880 MGMT_STATUS_INVALID_PARAMS);
6881 goto unlock;
6882 }
6883
fffd38bc
FG		 6884 err = hci_add_adv_instance(hdev, cp->instance, flags,
6885 cp->adv_data_len, cp->data,
6886 cp->scan_rsp_len,
6887 cp->data + cp->adv_data_len,
6888 timeout, duration);
6889 if (err < 0) {
6890 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6891 MGMT_STATUS_FAILED);
6892 goto unlock;
6893 }
24b4f38f 6894
fffd38bc
FG		 6895 /* Only trigger an advertising added event if a new instance was
6896 * actually added.
6897 */
6898 if (hdev->adv_instance_cnt > prev_instance_cnt)
6899 advertising_added(sk, hdev, cp->instance);
912098a6 6900
fffd38bc 6901 hci_dev_set_flag(hdev, HCI_ADVERTISING_INSTANCE);
912098a6 6902
fffd38bc
FG		 6903 if (hdev->cur_adv_instance == cp->instance) {
6904 /* If the currently advertised instance is being changed then
6905 * cancel the current advertising and schedule the next
6906 * instance. If there is only one instance then the overridden
6907 * advertising data will be visible right away.
6908 */
6909 cancel_adv_timeout(hdev);
912098a6 6910
fffd38bc
FG		 6911 next_instance = hci_get_next_instance(hdev, cp->instance);
6912 if (next_instance)
6913 schedule_instance = next_instance->instance;
6914 } else if (!hdev->adv_instance_timeout) {
6915 /* Immediately advertise the new instance if no other
6916 * instance is currently being advertised.
6917 */
6918 schedule_instance = cp->instance;
6919 }
24b4f38f 6920
fffd38bc
FG		 6921 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6922 * there is no instance to be advertised then we have no HCI
6923 * communication to make. Simply return.
24b4f38f
AU		 6924 */
6925 if (!hdev_is_powered(hdev) ||
fffd38bc
FG		 6926 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6927 !schedule_instance) {
6928 rp.instance = cp->instance;
24b4f38f
AU		 6929 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6930 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6931 goto unlock;
6932 }
6933
6934 /* We're good to go, update advertising data, parameters, and start
6935 * advertising.
6936 */
6937 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6938 data_len);
6939 if (!cmd) {
6940 err = -ENOMEM;
6941 goto unlock;
6942 }
6943
6944 hci_req_init(&req, hdev);
6945
fffd38bc
FG		 6946 err = schedule_adv_instance(&req, schedule_instance, true);
6947
6948 if (!err)
6949 err = hci_req_run(&req, add_advertising_complete);
24b4f38f 6950
24b4f38f
AU		 6951 if (err < 0)
6952 mgmt_pending_remove(cmd);
6953
6954unlock:
6955 hci_dev_unlock(hdev);
6956
6957 return err;
6958}
6959
da929335
AU		 6960static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6961 u16 opcode)
6962{
6963 struct mgmt_pending_cmd *cmd;
01948331 6964 struct mgmt_cp_remove_advertising *cp;
da929335
AU		 6965 struct mgmt_rp_remove_advertising rp;
6966
6967 BT_DBG("status %d", status);
6968
6969 hci_dev_lock(hdev);
6970
6971 /* A failure status here only means that we failed to disable
6972 * advertising. Otherwise, the advertising instance has been removed,
6973 * so report success.
6974 */
6975 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6976 if (!cmd)
6977 goto unlock;
6978
01948331
FG		 6979 cp = cmd->param;
6980 rp.instance = cp->instance;
da929335
AU		 6981
6982 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6983 &rp, sizeof(rp));
6984 mgmt_pending_remove(cmd);
6985
6986unlock:
6987 hci_dev_unlock(hdev);
6988}
6989
6990static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6991 void *data, u16 data_len)
6992{
6993 struct mgmt_cp_remove_advertising *cp = data;
6994 struct mgmt_rp_remove_advertising rp;
da929335
AU		 6995 struct mgmt_pending_cmd *cmd;
6996 struct hci_request req;
952497b1 6997 int err;
da929335
AU		 6998
6999 BT_DBG("%s", hdev->name);
7000
da929335
AU		 7001 hci_dev_lock(hdev);
7002
952497b1 7003 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
01948331
FG		 7004 err = mgmt_cmd_status(sk, hdev->id,
7005 MGMT_OP_REMOVE_ADVERTISING,
7006 MGMT_STATUS_INVALID_PARAMS);
7007 goto unlock;
7008 }
7009
da929335
AU		 7010 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7011 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7012 pending_find(MGMT_OP_SET_LE, hdev)) {
7013 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7014 MGMT_STATUS_BUSY);
7015 goto unlock;
7016 }
7017
7018 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
7019 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7020 MGMT_STATUS_INVALID_PARAMS);
7021 goto unlock;
7022 }
7023
01948331 7024 hci_req_init(&req, hdev);
da929335 7025
01948331 7026 clear_adv_instance(hdev, &req, cp->instance, true);
da929335 7027
01948331
FG		 7028 if (list_empty(&hdev->adv_instances))
7029 disable_advertising(&req);
da929335 7030
01948331
FG		 7031 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
7032 * flag is set or the device isn't powered then we have no HCI
7033 * communication to make. Simply return.
da929335 7034 */
01948331
FG		 7035 if (skb_queue_empty(&req.cmd_q) ||
7036 !hdev_is_powered(hdev) ||
da929335 7037 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
01948331 7038 rp.instance = cp->instance;
da929335
AU		 7039 err = mgmt_cmd_complete(sk, hdev->id,
7040 MGMT_OP_REMOVE_ADVERTISING,
7041 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7042 goto unlock;
7043 }
7044
7045 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
7046 data_len);
7047 if (!cmd) {
7048 err = -ENOMEM;
7049 goto unlock;
7050 }
7051
da929335
AU		 7052 err = hci_req_run(&req, remove_advertising_complete);
7053 if (err < 0)
7054 mgmt_pending_remove(cmd);
7055
7056unlock:
7057 hci_dev_unlock(hdev);
7058
7059 return err;
7060}
7061
6d785aa3 7062static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 7063 { NULL }, /* 0x0000 (no command) */
b9a245fb 7064 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 7065 HCI_MGMT_NO_HDEV |
7066 HCI_MGMT_UNTRUSTED },
b9a245fb 7067 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 7068 HCI_MGMT_NO_HDEV |
7069 HCI_MGMT_UNTRUSTED },
b9a245fb 7070 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 7071 HCI_MGMT_NO_HDEV |
7072 HCI_MGMT_UNTRUSTED },
7073 { read_controller_info, MGMT_READ_INFO_SIZE,
7074 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 7075 { set_powered, MGMT_SETTING_SIZE },
7076 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
7077 { set_connectable, MGMT_SETTING_SIZE },
7078 { set_fast_connectable, MGMT_SETTING_SIZE },
7079 { set_bondable, MGMT_SETTING_SIZE },
7080 { set_link_security, MGMT_SETTING_SIZE },
7081 { set_ssp, MGMT_SETTING_SIZE },
7082 { set_hs, MGMT_SETTING_SIZE },
7083 { set_le, MGMT_SETTING_SIZE },
7084 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
7085 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
7086 { add_uuid, MGMT_ADD_UUID_SIZE },
7087 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 7088 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
7089 HCI_MGMT_VAR_LEN },
7090 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
7091 HCI_MGMT_VAR_LEN },
7aea8616
MH		 7092 { disconnect, MGMT_DISCONNECT_SIZE },
7093 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
7094 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
7095 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
7096 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
7097 { pair_device, MGMT_PAIR_DEVICE_SIZE },
7098 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
7099 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
7100 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
7101 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
7102 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
7103 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 7104 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
7105 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
7106 HCI_MGMT_VAR_LEN },
7aea8616
MH		 7107 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
7108 { start_discovery, MGMT_START_DISCOVERY_SIZE },
7109 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
7110 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
7111 { block_device, MGMT_BLOCK_DEVICE_SIZE },
7112 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
7113 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
7114 { set_advertising, MGMT_SETTING_SIZE },
7115 { set_bredr, MGMT_SETTING_SIZE },
7116 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
7117 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
7118 { set_secure_conn, MGMT_SETTING_SIZE },
7119 { set_debug_keys, MGMT_SETTING_SIZE },
7120 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 7121 { load_irks, MGMT_LOAD_IRKS_SIZE,
7122 HCI_MGMT_VAR_LEN },
7aea8616
MH		 7123 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
7124 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
7125 { add_device, MGMT_ADD_DEVICE_SIZE },
7126 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 7127 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
7128 HCI_MGMT_VAR_LEN },
7129 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 7130 HCI_MGMT_NO_HDEV |
7131 HCI_MGMT_UNTRUSTED },
b9a245fb 7132 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 7133 HCI_MGMT_UNCONFIGURED |
7134 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 7135 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
7136 HCI_MGMT_UNCONFIGURED },
7137 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
7138 HCI_MGMT_UNCONFIGURED },
7139 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
7140 HCI_MGMT_VAR_LEN },
4f0f155c 7141 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 7142 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 7143 HCI_MGMT_NO_HDEV |
7144 HCI_MGMT_UNTRUSTED },
d3d5305b 7145 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 7146 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
7147 HCI_MGMT_VAR_LEN },
da929335 7148 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
0f4e68cf
JH		 7149};
7150
bf6b56db 7151void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 7152{
ced85549 7153 struct mgmt_ev_ext_index ev;
bb4b2a9a 7154
0602a8ad
MH		 7155 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7156 return;
7157
f9207338
MH		 7158 switch (hdev->dev_type) {
7159 case HCI_BREDR:
7160 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7161 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
7162 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 7163 ev.type = 0x01;
f9207338
MH		 7164 } else {
7165 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
7166 HCI_MGMT_INDEX_EVENTS);
ced85549 7167 ev.type = 0x00;
f9207338
MH		 7168 }
7169 break;
ced85549
MH		 7170 case HCI_AMP:
7171 ev.type = 0x02;
7172 break;
7173 default:
7174 return;
f9207338 7175 }
ced85549
MH		 7176
7177 ev.bus = hdev->bus;
7178
7179 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
7180 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 7181}
7182
bf6b56db 7183void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 7184{
ced85549 7185 struct mgmt_ev_ext_index ev;
5f159032 7186 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 7187
0602a8ad
MH		 7188 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7189 return;
7190
f9207338
MH		 7191 switch (hdev->dev_type) {
7192 case HCI_BREDR:
7193 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 7194
f9207338
MH		 7195 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7196 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
7197 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 7198 ev.type = 0x01;
f9207338
MH		 7199 } else {
7200 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
7201 HCI_MGMT_INDEX_EVENTS);
ced85549 7202 ev.type = 0x00;
f9207338
MH		 7203 }
7204 break;
ced85549
MH		 7205 case HCI_AMP:
7206 ev.type = 0x02;
7207 break;
7208 default:
7209 return;
f9207338 7210 }
ced85549
MH		 7211
7212 ev.bus = hdev->bus;
7213
7214 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
7215 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 7216}
7217
6046dc3e 7218/* This function requires the caller holds hdev->lock */
af02dd44 7219static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 7220{
7221 struct hci_conn_params *p;
7222
7223 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 7224 /* Needed for AUTO_OFF case where might not "really"
7225 * have been powered off.
7226 */
7227 list_del_init(&p->action);
7228
7229 switch (p->auto_connect) {
4b9e7e75 7230 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 7231 case HCI_AUTO_CONN_ALWAYS:
7232 list_add(&p->action, &hdev->pend_le_conns);
7233 break;
7234 case HCI_AUTO_CONN_REPORT:
7235 list_add(&p->action, &hdev->pend_le_reports);
7236 break;
7237 default:
7238 break;
c83ed19d 7239 }
6046dc3e
AG		 7240 }
7241}
7242
1904a853 7243static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 7244{
7245 struct cmd_lookup match = { NULL, hdev };
7246
7247 BT_DBG("status 0x%02x", status);
7248
162a3bac
MH		 7249 if (!status) {
7250 /* Register the available SMP channels (BR/EDR and LE) only
7251 * when successfully powering on the controller. This late
7252 * registration is required so that LE SMP can clearly
7253 * decide if the public address or static address is used.
7254 */
7255 smp_register(hdev);
af02dd44
JH		 7256
7257 restart_le_actions(hdev);
7258 hci_update_background_scan(hdev);
162a3bac
MH		 7259 }
7260
229ab39c
JH		 7261 hci_dev_lock(hdev);
7262
7263 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7264
7265 new_settings(hdev, match.sk);
7266
7267 hci_dev_unlock(hdev);
7268
7269 if (match.sk)
7270 sock_put(match.sk);
7271}
7272
70da6243 7273static int powered_update_hci(struct hci_dev *hdev)
5add6af8 7274{
890ea898 7275 struct hci_request req;
320b3bf7 7276 struct adv_info *adv_instance;
70da6243 7277 u8 link_sec;
5add6af8 7278
890ea898
JH		 7279 hci_req_init(&req, hdev);
7280
d7a5a11d 7281 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
70da6243 7282 !lmp_host_ssp_capable(hdev)) {
574ea3c7 7283 u8 mode = 0x01;
5e5282bb 7284
574ea3c7
MH		 7285 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
7286
7287 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
7288 u8 support = 0x01;
5add6af8 7289
574ea3c7
MH		 7290 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
7291 sizeof(support), &support);
7292 }
ec6f99b8
JH		 7293 }
7294
d7a5a11d 7295 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
c73eee91 7296 lmp_bredr_capable(hdev)) {
70da6243 7297 struct hci_cp_write_le_host_supported cp;
f0ff92fb 7298
32226e4f
MH		 7299 cp.le = 0x01;
7300 cp.simul = 0x00;
3d1cbdd6 7301
70da6243
JH		 7302 /* Check first if we already have the right
7303 * host state (host features set)
7304 */
7305 if (cp.le != lmp_host_le_capable(hdev) ||
7306 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 7307 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
7308 sizeof(cp), &cp);
70da6243 7309 }
3d1cbdd6 7310
d13eafce 7311 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 7312 /* Make sure the controller has a good default for
7313 * advertising data. This also applies to the case
7314 * where BR/EDR was toggled during the AUTO_OFF phase.
7315 */
320b3bf7
FG		 7316 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
7317 (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7318 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))) {
5947f4bc 7319 update_adv_data(&req);
f14d8f64
MH		 7320 update_scan_rsp_data(&req);
7321 }
441ad2d0 7322
320b3bf7
FG		 7323 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
7324 hdev->cur_adv_instance == 0x00 &&
7325 !list_empty(&hdev->adv_instances)) {
7326 adv_instance = list_first_entry(&hdev->adv_instances,
7327 struct adv_info, list);
7328 hdev->cur_adv_instance = adv_instance->instance;
7329 }
7330
7331 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
bba3aa55 7332 enable_advertising(&req);
320b3bf7
FG		 7333 else if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
7334 hdev->cur_adv_instance)
7335 schedule_adv_instance(&req, hdev->cur_adv_instance,
7336 true);
eeca6f89
JH		 7337 }
7338
d7a5a11d 7339 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
70da6243 7340 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 7341 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
7342 sizeof(link_sec), &link_sec);
562fcc24 7343
70da6243 7344 if (lmp_bredr_capable(hdev)) {
d7a5a11d 7345 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
406ef2a6
JH		 7346 write_fast_connectable(&req, true);
7347 else
7348 write_fast_connectable(&req, false);
1d2dc5b7 7349 __hci_update_page_scan(&req);
890ea898 7350 update_class(&req);
13928971 7351 update_name(&req);
890ea898 7352 update_eir(&req);
70da6243 7353 }
562fcc24 7354
229ab39c 7355 return hci_req_run(&req, powered_complete);
70da6243 7356}
562fcc24 7357
70da6243
JH		 7358int mgmt_powered(struct hci_dev *hdev, u8 powered)
7359{
7360 struct cmd_lookup match = { NULL, hdev };
9845904f 7361 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 7362 int err;
f0ff92fb 7363
d7a5a11d 7364 if (!hci_dev_test_flag(hdev, HCI_MGMT))
70da6243
JH		 7365 return 0;
7366
70da6243 7367 if (powered) {
229ab39c
JH		 7368 if (powered_update_hci(hdev) == 0)
7369 return 0;
fe038884 7370
229ab39c
JH		 7371 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
7372 &match);
7373 goto new_settings;
b24752fe
JH		 7374 }
7375
229ab39c 7376 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 7377
7378 /* If the power off is because of hdev unregistration let
7379 * use the appropriate INVALID_INDEX status. Otherwise use
7380 * NOT_POWERED. We cover both scenarios here since later in
7381 * mgmt_index_removed() any hci_conn callbacks will have already
7382 * been triggered, potentially causing misleading DISCONNECTED
7383 * status responses.
7384 */
d7a5a11d 7385 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 7386 status = MGMT_STATUS_INVALID_INDEX;
7387 else
7388 status = MGMT_STATUS_NOT_POWERED;
7389
7390 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 7391
7392 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
f6b7712e
MH		 7393 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7394 zero_cod, sizeof(zero_cod), NULL);
229ab39c
JH		 7395
7396new_settings:
beadb2bd 7397 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 7398
7399 if (match.sk)
7400 sock_put(match.sk);
7401
7bb895d6 7402 return err;
5add6af8 7403}
73f22f62 7404
3eec705e 7405void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 7406{
3b0602cd 7407 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 7408 u8 status;
7409
333ae95d 7410 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 7411 if (!cmd)
3eec705e 7412 return;
96570ffc
JH		 7413
7414 if (err == -ERFKILL)
7415 status = MGMT_STATUS_RFKILLED;
7416 else
7417 status = MGMT_STATUS_FAILED;
7418
a69e8375 7419 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 7420
7421 mgmt_pending_remove(cmd);
96570ffc
JH		 7422}
7423
d1967ff8
MH		 7424void mgmt_discoverable_timeout(struct hci_dev *hdev)
7425{
7426 struct hci_request req;
d1967ff8
MH		 7427
7428 hci_dev_lock(hdev);
7429
7430 /* When discoverable timeout triggers, then just make sure
7431 * the limited discoverable flag is cleared. Even in the case
7432 * of a timeout triggered from general discoverable, it is
7433 * safe to unconditionally clear the flag.
7434 */
a358dc11
MH		 7435 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
7436 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
d1967ff8
MH		 7437
7438 hci_req_init(&req, hdev);
d7a5a11d 7439 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4b580614
JH		 7440 u8 scan = SCAN_PAGE;
7441 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
7442 sizeof(scan), &scan);
7443 }
d1967ff8 7444 update_class(&req);
24b4f38f
AU		 7445
7446 /* Advertising instances don't use the global discoverable setting, so
7447 * only update AD if advertising was enabled using Set Advertising.
7448 */
7449 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7450 update_adv_data(&req);
7451
d1967ff8
MH		 7452 hci_req_run(&req, NULL);
7453
7454 hdev->discov_timeout = 0;
7455
9a43e25f
JH		 7456 new_settings(hdev, NULL);
7457
d1967ff8
MH		 7458 hci_dev_unlock(hdev);
7459}
7460
dc4a5ee2
MH		 7461void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7462 bool persistent)
55ed8ca1 7463{
86742e1e 7464 struct mgmt_ev_new_link_key ev;
55ed8ca1 7465
a492cd52 7466 memset(&ev, 0, sizeof(ev));
55ed8ca1 7467
a492cd52 7468 ev.store_hint = persistent;
d753fdc4 7469 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 7470 ev.key.addr.type = BDADDR_BREDR;
a492cd52 7471 ev.key.type = key->type;
9b3b4460 7472 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 7473 ev.key.pin_len = key->pin_len;
55ed8ca1 7474
dc4a5ee2 7475 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 7476}
f7520543 7477
d7b25450
JH		 7478static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7479{
23fb8de3
JH		 7480 switch (ltk->type) {
7481 case SMP_LTK:
7482 case SMP_LTK_SLAVE:
7483 if (ltk->authenticated)
7484 return MGMT_LTK_AUTHENTICATED;
7485 return MGMT_LTK_UNAUTHENTICATED;
7486 case SMP_LTK_P256:
7487 if (ltk->authenticated)
7488 return MGMT_LTK_P256_AUTH;
7489 return MGMT_LTK_P256_UNAUTH;
7490 case SMP_LTK_P256_DEBUG:
7491 return MGMT_LTK_P256_DEBUG;
7492 }
d7b25450
JH		 7493
7494 return MGMT_LTK_UNAUTHENTICATED;
7495}
7496
53ac6ab6 7497void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 7498{
7499 struct mgmt_ev_new_long_term_key ev;
7500
7501 memset(&ev, 0, sizeof(ev));
7502
5192d301 7503 /* Devices using resolvable or non-resolvable random addresses
f72186d2 7504 * without providing an identity resolving key don't require
5192d301
MH		 7505 * to store long term keys. Their addresses will change the
7506 * next time around.
7507 *
7508 * Only when a remote device provides an identity address
7509 * make sure the long term key is stored. If the remote
7510 * identity is known, the long term keys are internally
7511 * mapped to the identity address. So allow static random
7512 * and public addresses here.
7513 */
ba74b666
JH		 7514 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7515 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7516 ev.store_hint = 0x00;
7517 else
53ac6ab6 7518 ev.store_hint = persistent;
ba74b666 7519
346af67b 7520 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 7521 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 7522 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 7523 ev.key.enc_size = key->enc_size;
7524 ev.key.ediv = key->ediv;
fe39c7b2 7525 ev.key.rand = key->rand;
346af67b 7526
2ceba539 7527 if (key->type == SMP_LTK)
346af67b
VCG		 7528 ev.key.master = 1;
7529
1fc62c52
JH		 7530 /* Make sure we copy only the significant bytes based on the
7531 * encryption key size, and set the rest of the value to zeroes.
7532 */
cb92205b 7533 memcpy(ev.key.val, key->val, key->enc_size);
1fc62c52
JH		 7534 memset(ev.key.val + key->enc_size, 0,
7535 sizeof(ev.key.val) - key->enc_size);
346af67b 7536
083368f7 7537 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 7538}
7539
cad20c27 7540void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
95fbac8a
JH		 7541{
7542 struct mgmt_ev_new_irk ev;
7543
7544 memset(&ev, 0, sizeof(ev));
7545
cad20c27 7546 ev.store_hint = persistent;
bab6d1e5 7547
95fbac8a
JH		 7548 bacpy(&ev.rpa, &irk->rpa);
7549 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7550 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7551 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7552
7553 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7554}
7555
53ac6ab6
MH		 7556void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7557 bool persistent)
7ee4ea36
MH		 7558{
7559 struct mgmt_ev_new_csrk ev;
7560
7561 memset(&ev, 0, sizeof(ev));
7562
7563 /* Devices using resolvable or non-resolvable random addresses
f72186d2 7564 * without providing an identity resolving key don't require
7ee4ea36
MH		 7565 * to store signature resolving keys. Their addresses will change
7566 * the next time around.
7567 *
7568 * Only when a remote device provides an identity address
7569 * make sure the signature resolving key is stored. So allow
7570 * static random and public addresses here.
7571 */
7572 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7573 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7574 ev.store_hint = 0x00;
7575 else
53ac6ab6 7576 ev.store_hint = persistent;
7ee4ea36
MH		 7577
7578 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7579 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 7580 ev.key.type = csrk->type;
7ee4ea36
MH		 7581 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7582
7583 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7584}
7585
ffb5a827 7586void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 7587 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7588 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 7589{
7590 struct mgmt_ev_new_conn_param ev;
7591
c103aea6
JH		 7592 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7593 return;
7594
ffb5a827
AG		 7595 memset(&ev, 0, sizeof(ev));
7596 bacpy(&ev.addr.bdaddr, bdaddr);
7597 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 7598 ev.store_hint = store_hint;
ffb5a827
AG		 7599 ev.min_interval = cpu_to_le16(min_interval);
7600 ev.max_interval = cpu_to_le16(max_interval);
7601 ev.latency = cpu_to_le16(latency);
7602 ev.timeout = cpu_to_le16(timeout);
7603
7604 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7605}
7606
48ec92fa
AA		 7607void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7608 u32 flags, u8 *name, u8 name_len)
f7520543 7609{
b644ba33
JH		 7610 char buf[512];
7611 struct mgmt_ev_device_connected *ev = (void *) buf;
7612 u16 eir_len = 0;
f7520543 7613
48ec92fa
AA		 7614 bacpy(&ev->addr.bdaddr, &conn->dst);
7615 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 7616
c95f0ba7 7617 ev->flags = __cpu_to_le32(flags);
08c79b61 7618
fd45ada9
AA		 7619 /* We must ensure that the EIR Data fields are ordered and
7620 * unique. Keep it simple for now and avoid the problem by not
7621 * adding any BR/EDR data to the LE adv.
7622 */
7623 if (conn->le_adv_data_len > 0) {
7624 memcpy(&ev->eir[eir_len],
7625 conn->le_adv_data, conn->le_adv_data_len);
7626 eir_len = conn->le_adv_data_len;
7627 } else {
7628 if (name_len > 0)
7629 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7630 name, name_len);
b644ba33 7631
ddbea5cf 7632 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 7633 eir_len = eir_append_data(ev->eir, eir_len,
7634 EIR_CLASS_OF_DEV,
7635 conn->dev_class, 3);
7636 }
b644ba33 7637
eb55ef07 7638 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 7639
ecd90ae7
MH		 7640 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7641 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 7642}
7643
3b0602cd 7644static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 7645{
8962ee74 7646 struct sock **sk = data;
8962ee74 7647
f5818c22 7648 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 7649
7650 *sk = cmd->sk;
7651 sock_hold(*sk);
7652
a664b5bc 7653 mgmt_pending_remove(cmd);
8962ee74
JH		 7654}
7655
3b0602cd 7656static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 7657{
b1078ad0 7658 struct hci_dev *hdev = data;
124f6e35 7659 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 7660
b1078ad0
JH		 7661 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7662
d8b7b1e4 7663 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 7664 mgmt_pending_remove(cmd);
7665}
7666
84c61d92
JH		 7667bool mgmt_powering_down(struct hci_dev *hdev)
7668{
3b0602cd 7669 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 7670 struct mgmt_mode *cp;
7671
333ae95d 7672 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 7673 if (!cmd)
7674 return false;
7675
7676 cp = cmd->param;
7677 if (!cp->val)
7678 return true;
7679
7680 return false;
7681}
7682
9b80ec5e 7683void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 7684 u8 link_type, u8 addr_type, u8 reason,
7685 bool mgmt_connected)
f7520543 7686{
f0d6a0ea 7687 struct mgmt_ev_device_disconnected ev;
8962ee74 7688 struct sock *sk = NULL;
8962ee74 7689
84c61d92
JH		 7690 /* The connection is still in hci_conn_hash so test for 1
7691 * instead of 0 to know if this is the last one.
7692 */
7693 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7694 cancel_delayed_work(&hdev->power_off);
7695 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 7696 }
7697
12d4a3b2
JH		 7698 if (!mgmt_connected)
7699 return;
7700
57eb776f
AG		 7701 if (link_type != ACL_LINK && link_type != LE_LINK)
7702 return;
7703
744cf19e 7704 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 7705
f0d6a0ea
MA		 7706 bacpy(&ev.addr.bdaddr, bdaddr);
7707 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7708 ev.reason = reason;
f7520543 7709
9b80ec5e 7710 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 7711
7712 if (sk)
d97dcb66 7713 sock_put(sk);
8962ee74 7714
124f6e35 7715 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 7716 hdev);
8962ee74
JH		 7717}
7718
7892924c
MH		 7719void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7720 u8 link_type, u8 addr_type, u8 status)
8962ee74 7721{
3655bba8
AG		 7722 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7723 struct mgmt_cp_disconnect *cp;
3b0602cd 7724 struct mgmt_pending_cmd *cmd;
8962ee74 7725
36a75f1b
JD		 7726 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7727 hdev);
7728
333ae95d 7729 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 7730 if (!cmd)
7892924c 7731 return;
8962ee74 7732
3655bba8
AG		 7733 cp = cmd->param;
7734
7735 if (bacmp(bdaddr, &cp->addr.bdaddr))
7736 return;
7737
7738 if (cp->addr.type != bdaddr_type)
7739 return;
7740
f5818c22 7741 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7742 mgmt_pending_remove(cmd);
f7520543 7743}
17d5c04c 7744
445608d0
MH		 7745void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7746 u8 addr_type, u8 status)
17d5c04c
JH		 7747{
7748 struct mgmt_ev_connect_failed ev;
c9910d0f 7749
84c61d92
JH		 7750 /* The connection is still in hci_conn_hash so test for 1
7751 * instead of 0 to know if this is the last one.
7752 */
7753 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7754 cancel_delayed_work(&hdev->power_off);
7755 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 7756 }
17d5c04c 7757
4c659c39 7758 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7759 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 7760 ev.status = mgmt_status(status);
17d5c04c 7761
445608d0 7762 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 7763}
980e1a53 7764
ce0e4a0d 7765void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 7766{
7767 struct mgmt_ev_pin_code_request ev;
7768
d8457698 7769 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 7770 ev.addr.type = BDADDR_BREDR;
a770bb5a 7771 ev.secure = secure;
980e1a53 7772
ce0e4a0d 7773 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 7774}
7775
e669cf80
MH		 7776void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7777 u8 status)
980e1a53 7778{
3b0602cd 7779 struct mgmt_pending_cmd *cmd;
980e1a53 7780
333ae95d 7781 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 7782 if (!cmd)
e669cf80 7783 return;
980e1a53 7784
7776d1d8 7785 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7786 mgmt_pending_remove(cmd);
980e1a53
JH		 7787}
7788
3eb38528
MH		 7789void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7790 u8 status)
980e1a53 7791{
3b0602cd 7792 struct mgmt_pending_cmd *cmd;
980e1a53 7793
333ae95d 7794 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 7795 if (!cmd)
3eb38528 7796 return;
980e1a53 7797
7776d1d8 7798 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7799 mgmt_pending_remove(cmd);
980e1a53 7800}
a5c29683 7801
744cf19e 7802int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 7803 u8 link_type, u8 addr_type, u32 value,
04124681 7804 u8 confirm_hint)
a5c29683
JH		 7805{
7806 struct mgmt_ev_user_confirm_request ev;
7807
744cf19e 7808 BT_DBG("%s", hdev->name);
a5c29683 7809
272d90df 7810 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7811 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 7812 ev.confirm_hint = confirm_hint;
39adbffe 7813 ev.value = cpu_to_le32(value);
a5c29683 7814
744cf19e 7815 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 7816 NULL);
a5c29683
JH		 7817}
7818
272d90df 7819int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7820 u8 link_type, u8 addr_type)
604086b7
BG		 7821{
7822 struct mgmt_ev_user_passkey_request ev;
7823
7824 BT_DBG("%s", hdev->name);
7825
272d90df 7826 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7827 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7828
7829 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7830 NULL);
604086b7
BG		 7831}
7832
0df4c185 7833static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7834 u8 link_type, u8 addr_type, u8 status,
7835 u8 opcode)
a5c29683 7836{
3b0602cd 7837 struct mgmt_pending_cmd *cmd;
a5c29683 7838
333ae95d 7839 cmd = pending_find(opcode, hdev);
a5c29683
JH		 7840 if (!cmd)
7841 return -ENOENT;
7842
7776d1d8 7843 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7844 mgmt_pending_remove(cmd);
a5c29683 7845
7776d1d8 7846 return 0;
a5c29683
JH		 7847}
7848
744cf19e 7849int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7850 u8 link_type, u8 addr_type, u8 status)
a5c29683 7851{
272d90df 7852 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7853 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7854}
7855
272d90df 7856int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7857 u8 link_type, u8 addr_type, u8 status)
a5c29683 7858{
272d90df 7859 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7860 status,
7861 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7862}
2a611692 7863
604086b7 7864int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7865 u8 link_type, u8 addr_type, u8 status)
604086b7 7866{
272d90df 7867 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7868 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7869}
7870
272d90df 7871int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7872 u8 link_type, u8 addr_type, u8 status)
604086b7 7873{
272d90df 7874 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7875 status,
7876 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7877}
7878
92a25256
JH		 7879int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7880 u8 link_type, u8 addr_type, u32 passkey,
7881 u8 entered)
7882{
7883 struct mgmt_ev_passkey_notify ev;
7884
7885 BT_DBG("%s", hdev->name);
7886
7887 bacpy(&ev.addr.bdaddr, bdaddr);
7888 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7889 ev.passkey = __cpu_to_le32(passkey);
7890 ev.entered = entered;
7891
7892 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7893}
7894
e1e930f5 7895void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7896{
7897 struct mgmt_ev_auth_failed ev;
3b0602cd 7898 struct mgmt_pending_cmd *cmd;
e1e930f5 7899 u8 status = mgmt_status(hci_status);
2a611692 7900
e1e930f5
JH		 7901 bacpy(&ev.addr.bdaddr, &conn->dst);
7902 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7903 ev.status = status;
2a611692 7904
e1e930f5
JH		 7905 cmd = find_pairing(conn);
7906
7907 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7908 cmd ? cmd->sk : NULL);
7909
a511b35b
JH		 7910 if (cmd) {
7911 cmd->cmd_complete(cmd, status);
7912 mgmt_pending_remove(cmd);
7913 }
2a611692 7914}
b312b161 7915
464996ae 7916void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7917{
7918 struct cmd_lookup match = { NULL, hdev };
464996ae 7919 bool changed;
33ef95ed
JH		 7920
7921 if (status) {
7922 u8 mgmt_err = mgmt_status(status);
7923 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7924 cmd_status_rsp, &mgmt_err);
464996ae 7925 return;
33ef95ed
JH		 7926 }
7927
464996ae 7928 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7929 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7930 else
a69d8927 7931 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 7932
33ef95ed 7933 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7934 &match);
33ef95ed 7935
47990ea0 7936 if (changed)
464996ae 7937 new_settings(hdev, match.sk);
33ef95ed
JH		 7938
7939 if (match.sk)
7940 sock_put(match.sk);
33ef95ed
JH		 7941}
7942
890ea898 7943static void clear_eir(struct hci_request *req)
cacaf52f 7944{
890ea898 7945 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7946 struct hci_cp_write_eir cp;
7947
976eb20e 7948 if (!lmp_ext_inq_capable(hdev))
890ea898 7949 return;
cacaf52f 7950
c80da27e
JH		 7951 memset(hdev->eir, 0, sizeof(hdev->eir));
7952
cacaf52f
JH		 7953 memset(&cp, 0, sizeof(cp));
7954
890ea898 7955 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7956}
7957
3e248560 7958void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7959{
7960 struct cmd_lookup match = { NULL, hdev };
890ea898 7961 struct hci_request req;
c0ecddc2 7962 bool changed = false;
ed2c4ee3
JH		 7963
7964 if (status) {
7965 u8 mgmt_err = mgmt_status(status);
c0ecddc2 7966
a69d8927
MH		 7967 if (enable && hci_dev_test_and_clear_flag(hdev,
7968 HCI_SSP_ENABLED)) {
a358dc11 7969 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 7970 new_settings(hdev, NULL);
9ecb3e24 7971 }
c0ecddc2 7972
04124681
GP		 7973 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7974 &mgmt_err);
3e248560 7975 return;
c0ecddc2
JH		 7976 }
7977
7978 if (enable) {
238be788 7979 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7980 } else {
a69d8927 7981 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7982 if (!changed)
a69d8927
MH		 7983 changed = hci_dev_test_and_clear_flag(hdev,
7984 HCI_HS_ENABLED);
9ecb3e24 7985 else
a358dc11 7986 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7987 }
7988
7989 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7990
c0ecddc2 7991 if (changed)
3e248560 7992 new_settings(hdev, match.sk);
ed2c4ee3 7993
5fc6ebb1 7994 if (match.sk)
ed2c4ee3
JH		 7995 sock_put(match.sk);
7996
890ea898
JH		 7997 hci_req_init(&req, hdev);
7998
d7a5a11d
MH		 7999 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
8000 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 8001 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
8002 sizeof(enable), &enable);
890ea898 8003 update_eir(&req);
3769972b 8004 } else {
890ea898 8005 clear_eir(&req);
3769972b 8006 }
890ea898
JH		 8007
8008 hci_req_run(&req, NULL);
ed2c4ee3
JH		 8009}
8010
3b0602cd 8011static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 8012{
8013 struct cmd_lookup *match = data;
8014
90e70454
JH		 8015 if (match->sk == NULL) {
8016 match->sk = cmd->sk;
8017 sock_hold(match->sk);
8018 }
90e70454
JH		 8019}
8020
4e1b0245
MH		 8021void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
8022 u8 status)
7f9a903c 8023{
90e70454 8024 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 8025
92da6097
JH		 8026 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
8027 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
8028 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 8029
8030 if (!status)
f6b7712e
MH		 8031 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
8032 dev_class, 3, NULL);
90e70454
JH		 8033
8034 if (match.sk)
8035 sock_put(match.sk);
7f9a903c
MH		 8036}
8037
7667da34 8038void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 8039{
b312b161 8040 struct mgmt_cp_set_local_name ev;
3b0602cd 8041 struct mgmt_pending_cmd *cmd;
28cc7bde 8042
13928971 8043 if (status)
7667da34 8044 return;
b312b161
JH		 8045
8046 memset(&ev, 0, sizeof(ev));
8047 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 8048 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 8049
333ae95d 8050 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 8051 if (!cmd) {
8052 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 8053
13928971
JH		 8054 /* If this is a HCI command related to powering on the
8055 * HCI dev don't send any mgmt signals.
8056 */
333ae95d 8057 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 8058 return;
890ea898 8059 }
b312b161 8060
f6b7712e
MH		 8061 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
8062 cmd ? cmd->sk : NULL);
b312b161 8063}
c35938b2 8064
799ce93d
JP		 8065static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
8066{
8067 int i;
8068
8069 for (i = 0; i < uuid_count; i++) {
8070 if (!memcmp(uuid, uuids[i], 16))
8071 return true;
8072 }
8073
8074 return false;
8075}
8076
b487b9ce
MH		 8077static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
8078{
799ce93d
JP		 8079 u16 parsed = 0;
8080
8081 while (parsed < eir_len) {
8082 u8 field_len = eir[0];
8083 u8 uuid[16];
8084 int i;
8085
8086 if (field_len == 0)
8087 break;
8088
8089 if (eir_len - parsed < field_len + 1)
8090 break;
8091
8092 switch (eir[1]) {
8093 case EIR_UUID16_ALL:
8094 case EIR_UUID16_SOME:
8095 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 8096 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 8097 uuid[13] = eir[i + 3];
8098 uuid[12] = eir[i + 2];
8099 if (has_uuid(uuid, uuid_count, uuids))
8100 return true;
8101 }
8102 break;
8103 case EIR_UUID32_ALL:
8104 case EIR_UUID32_SOME:
8105 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 8106 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 8107 uuid[15] = eir[i + 5];
8108 uuid[14] = eir[i + 4];
8109 uuid[13] = eir[i + 3];
8110 uuid[12] = eir[i + 2];
8111 if (has_uuid(uuid, uuid_count, uuids))
8112 return true;
8113 }
8114 break;
8115 case EIR_UUID128_ALL:
8116 case EIR_UUID128_SOME:
8117 for (i = 0; i + 17 <= field_len; i += 16) {
8118 memcpy(uuid, eir + i + 2, 16);
8119 if (has_uuid(uuid, uuid_count, uuids))
8120 return true;
8121 }
8122 break;
8123 }
8124
8125 parsed += field_len + 1;
8126 eir += field_len + 1;
8127 }
8128
b487b9ce
MH		 8129 return false;
8130}
8131
4b0e0ced
JP		 8132static void restart_le_scan(struct hci_dev *hdev)
8133{
8134 /* If controller is not scanning we are done. */
d7a5a11d 8135 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 8136 return;
8137
8138 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
8139 hdev->discovery.scan_start +
8140 hdev->discovery.scan_duration))
8141 return;
8142
7c1fbed2 8143 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
4b0e0ced
JP		 8144 DISCOV_LE_RESTART_DELAY);
8145}
8146
48f86b7f
JP		 8147static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
8148 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 8149{
48f86b7f
JP		 8150 /* If a RSSI threshold has been specified, and
8151 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
8152 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
8153 * is set, let it through for further processing, as we might need to
8154 * restart the scan.
efb2513f
MH		 8155 *
8156 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
8157 * the results are also dropped.
bda157a4
MH		 8158 */
8159 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 8160 (rssi == HCI_RSSI_INVALID ||
8161 (rssi < hdev->discovery.rssi &&
8162 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 8163 return false;
efb2513f 8164
2976cdeb
JP		 8165 if (hdev->discovery.uuid_count != 0) {
8166 /* If a list of UUIDs is provided in filter, results with no
8167 * matching UUID should be dropped.
b487b9ce 8168 */
2976cdeb
JP		 8169 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
8170 hdev->discovery.uuids) &&
8171 !eir_has_uuids(scan_rsp, scan_rsp_len,
8172 hdev->discovery.uuid_count,
8173 hdev->discovery.uuids))
8174 return false;
b487b9ce 8175 }
5d2e9fad 8176
2976cdeb
JP		 8177 /* If duplicate filtering does not report RSSI changes, then restart
8178 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 8179 */
2976cdeb
JP		 8180 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
8181 restart_le_scan(hdev);
8182
8183 /* Validate RSSI value against the RSSI threshold once more. */
8184 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8185 rssi < hdev->discovery.rssi)
8186 return false;
8187 }
48f86b7f
JP		 8188
8189 return true;
8190}
8191
8192void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8193 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
8194 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8195{
8196 char buf[512];
8197 struct mgmt_ev_device_found *ev = (void *)buf;
8198 size_t ev_size;
8199
8200 /* Don't send events for a non-kernel initiated discovery. With
8201 * LE one exception is if we have pend_le_reports > 0 in which
8202 * case we're doing passive scanning and want these events.
8203 */
8204 if (!hci_discovery_active(hdev)) {
8205 if (link_type == ACL_LINK)
8206 return;
8207 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
8208 return;
8209 }
8210
82f8b651 8211 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 8212 /* We are using service discovery */
8213 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
8214 scan_rsp_len))
8215 return;
8216 }
8217
8218 /* Make sure that the buffer is big enough. The 5 extra bytes
8219 * are for the potential CoD field.
8220 */
8221 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 8222 return;
8223
48f86b7f
JP		 8224 memset(buf, 0, sizeof(buf));
8225
8226 /* In case of device discovery with BR/EDR devices (pre 1.2), the
8227 * RSSI value was reported as 0 when not available. This behavior
8228 * is kept when using device discovery. This is required for full
8229 * backwards compatibility with the API.
8230 *
8231 * However when using service discovery, the value 127 will be
8232 * returned when the RSSI is not available.
8233 */
8234 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
8235 link_type == ACL_LINK)
8236 rssi = 0;
8237
8238 bacpy(&ev->addr.bdaddr, bdaddr);
8239 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8240 ev->rssi = rssi;
8241 ev->flags = cpu_to_le32(flags);
8242
8243 if (eir_len > 0)
8244 /* Copy EIR or advertising data into event */
8245 memcpy(ev->eir, eir, eir_len);
8246
8247 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
8248 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8249 dev_class, 3);
8250
8251 if (scan_rsp_len > 0)
8252 /* Append scan response data to event */
8253 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
8254
5d2e9fad
JH		 8255 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
8256 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 8257
901801b9 8258 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 8259}
a88a9652 8260
9cf12aee
MH		 8261void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8262 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 8263{
b644ba33
JH		 8264 struct mgmt_ev_device_found *ev;
8265 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
8266 u16 eir_len;
a88a9652 8267
b644ba33 8268 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 8269
b644ba33
JH		 8270 memset(buf, 0, sizeof(buf));
8271
8272 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 8273 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 8274 ev->rssi = rssi;
8275
8276 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 8277 name_len);
b644ba33 8278
eb55ef07 8279 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 8280
9cf12aee 8281 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 8282}
314b2381 8283
2f1e063b 8284void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 8285{
f963e8e9 8286 struct mgmt_ev_discovering ev;
164a6e78 8287
343fb145
AG		 8288 BT_DBG("%s discovering %u", hdev->name, discovering);
8289
f963e8e9
JH		 8290 memset(&ev, 0, sizeof(ev));
8291 ev.type = hdev->discovery.type;
8292 ev.discovering = discovering;
8293
2f1e063b 8294 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 8295}
5e762444 8296
1904a853 8297static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 8298{
8299 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 8300}
8301
8302void mgmt_reenable_advertising(struct hci_dev *hdev)
8303{
8304 struct hci_request req;
eb6f95f9 8305 u8 instance;
5976e608 8306
24b4f38f
AU		 8307 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
8308 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
5976e608
MH		 8309 return;
8310
eb6f95f9
FG		 8311 instance = get_current_adv_instance(hdev);
8312
5976e608 8313 hci_req_init(&req, hdev);
eb6f95f9
FG		 8314
8315 if (instance) {
8316 schedule_adv_instance(&req, instance, true);
8317 } else {
8318 update_adv_data(&req);
8319 update_scan_rsp_data(&req);
8320 enable_advertising(&req);
8321 }
8322
0ec5ae84 8323 hci_req_run(&req, adv_enable_complete);
5976e608 8324}
6d785aa3
JH		 8325
8326static struct hci_mgmt_chan chan = {
8327 .channel = HCI_CHANNEL_CONTROL,
8328 .handler_count = ARRAY_SIZE(mgmt_handlers),
8329 .handlers = mgmt_handlers,
88b94ce9 8330 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 8331};
8332
8333int mgmt_init(void)
8334{
8335 return hci_mgmt_chan_register(&chan);
8336}
8337
8338void mgmt_exit(void)
8339{
8340 hci_mgmt_chan_unregister(&chan);
8341}
Linux kernel - Deliverables
This page took 1.536203 seconds and 5 git commands to generate.