projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix passkey endianess in user_confirm and notify_passkey
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
40456644 37#define MGMT_REVISION 5
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 82 MGMT_OP_SET_SECURE_CONN,
4e39ac81 83 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 84 MGMT_OP_SET_PRIVACY,
41edf160 85 MGMT_OP_LOAD_IRKS,
e70bb2e8
JH		 86};
87
88static const u16 mgmt_events[] = {
89 MGMT_EV_CONTROLLER_ERROR,
90 MGMT_EV_INDEX_ADDED,
91 MGMT_EV_INDEX_REMOVED,
92 MGMT_EV_NEW_SETTINGS,
93 MGMT_EV_CLASS_OF_DEV_CHANGED,
94 MGMT_EV_LOCAL_NAME_CHANGED,
95 MGMT_EV_NEW_LINK_KEY,
96 MGMT_EV_NEW_LONG_TERM_KEY,
97 MGMT_EV_DEVICE_CONNECTED,
98 MGMT_EV_DEVICE_DISCONNECTED,
99 MGMT_EV_CONNECT_FAILED,
100 MGMT_EV_PIN_CODE_REQUEST,
101 MGMT_EV_USER_CONFIRM_REQUEST,
102 MGMT_EV_USER_PASSKEY_REQUEST,
103 MGMT_EV_AUTH_FAILED,
104 MGMT_EV_DEVICE_FOUND,
105 MGMT_EV_DISCOVERING,
106 MGMT_EV_DEVICE_BLOCKED,
107 MGMT_EV_DEVICE_UNBLOCKED,
108 MGMT_EV_DEVICE_UNPAIRED,
92a25256 109 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 110 MGMT_EV_NEW_IRK,
7ee4ea36 111 MGMT_EV_NEW_CSRK,
e70bb2e8
JH		 112};
113
17b02e62 114#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 115
4b34ee78
JH		 116#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
117 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
118
eec8d2bc
JH		 119struct pending_cmd {
120 struct list_head list;
fc2f4b13 121 u16 opcode;
eec8d2bc 122 int index;
c68fb7ff 123 void *param;
eec8d2bc 124 struct sock *sk;
e9a416b5 125 void *user_data;
eec8d2bc
JH		 126};
127
ca69b795
JH		 128/* HCI to MGMT error code conversion table */
129static u8 mgmt_status_table[] = {
130 MGMT_STATUS_SUCCESS,
131 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
132 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
133 MGMT_STATUS_FAILED, /* Hardware Failure */
134 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
135 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 136 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 137 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
138 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
139 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
140 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
141 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
142 MGMT_STATUS_BUSY, /* Command Disallowed */
143 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
144 MGMT_STATUS_REJECTED, /* Rejected Security */
145 MGMT_STATUS_REJECTED, /* Rejected Personal */
146 MGMT_STATUS_TIMEOUT, /* Host Timeout */
147 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
148 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
149 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
150 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
151 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
152 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
153 MGMT_STATUS_BUSY, /* Repeated Attempts */
154 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
155 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
157 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
158 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
159 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
160 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
161 MGMT_STATUS_FAILED, /* Unspecified Error */
162 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
163 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
164 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
165 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
166 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
167 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
168 MGMT_STATUS_FAILED, /* Unit Link Key Used */
169 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
170 MGMT_STATUS_TIMEOUT, /* Instant Passed */
171 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
172 MGMT_STATUS_FAILED, /* Transaction Collision */
173 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
174 MGMT_STATUS_REJECTED, /* QoS Rejected */
175 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
176 MGMT_STATUS_REJECTED, /* Insufficient Security */
177 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
178 MGMT_STATUS_BUSY, /* Role Switch Pending */
179 MGMT_STATUS_FAILED, /* Slot Violation */
180 MGMT_STATUS_FAILED, /* Role Switch Failed */
181 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
182 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
183 MGMT_STATUS_BUSY, /* Host Busy Pairing */
184 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
185 MGMT_STATUS_BUSY, /* Controller Busy */
186 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
187 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
188 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
189 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
190 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
191};
192
193static u8 mgmt_status(u8 hci_status)
194{
195 if (hci_status < ARRAY_SIZE(mgmt_status_table))
196 return mgmt_status_table[hci_status];
197
198 return MGMT_STATUS_FAILED;
199}
200
4e51eae9 201static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 202{
203 struct sk_buff *skb;
204 struct mgmt_hdr *hdr;
205 struct mgmt_ev_cmd_status *ev;
56b7d137 206 int err;
f7b64e69 207
34eb525c 208 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 209
790eff44 210 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 211 if (!skb)
212 return -ENOMEM;
213
214 hdr = (void *) skb_put(skb, sizeof(*hdr));
215
dcf4adbf 216 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 217 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 218 hdr->len = cpu_to_le16(sizeof(*ev));
219
220 ev = (void *) skb_put(skb, sizeof(*ev));
221 ev->status = status;
eb55ef07 222 ev->opcode = cpu_to_le16(cmd);
f7b64e69 223
56b7d137
GP		 224 err = sock_queue_rcv_skb(sk, skb);
225 if (err < 0)
f7b64e69
JH		 226 kfree_skb(skb);
227
56b7d137 228 return err;
f7b64e69
JH		 229}
230
aee9b218 231static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 232 void *rp, size_t rp_len)
02d98129
JH		 233{
234 struct sk_buff *skb;
235 struct mgmt_hdr *hdr;
236 struct mgmt_ev_cmd_complete *ev;
56b7d137 237 int err;
02d98129
JH		 238
239 BT_DBG("sock %p", sk);
240
790eff44 241 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 242 if (!skb)
243 return -ENOMEM;
244
245 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 246
dcf4adbf 247 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 248 hdr->index = cpu_to_le16(index);
a38528f1 249 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 250
a38528f1 251 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 252 ev->opcode = cpu_to_le16(cmd);
aee9b218 253 ev->status = status;
8020c16a
SJ		 254
255 if (rp)
256 memcpy(ev->data, rp, rp_len);
02d98129 257
56b7d137
GP		 258 err = sock_queue_rcv_skb(sk, skb);
259 if (err < 0)
02d98129
JH		 260 kfree_skb(skb);
261
e5f0e151 262 return err;
02d98129
JH		 263}
264
04124681
GP		 265static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
266 u16 data_len)
a38528f1
JH		 267{
268 struct mgmt_rp_read_version rp;
269
270 BT_DBG("sock %p", sk);
271
272 rp.version = MGMT_VERSION;
dcf4adbf 273 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 274
aee9b218 275 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 276 sizeof(rp));
a38528f1
JH		 277}
278
04124681
GP		 279static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
280 u16 data_len)
e70bb2e8
JH		 281{
282 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 283 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
284 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 285 __le16 *opcode;
e70bb2e8
JH		 286 size_t rp_size;
287 int i, err;
288
289 BT_DBG("sock %p", sk);
290
291 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
292
293 rp = kmalloc(rp_size, GFP_KERNEL);
294 if (!rp)
295 return -ENOMEM;
296
dcf4adbf
JP		 297 rp->num_commands = cpu_to_le16(num_commands);
298 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 299
300 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
301 put_unaligned_le16(mgmt_commands[i], opcode);
302
303 for (i = 0; i < num_events; i++, opcode++)
304 put_unaligned_le16(mgmt_events[i], opcode);
305
aee9b218 306 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 307 rp_size);
e70bb2e8
JH		 308 kfree(rp);
309
310 return err;
311}
312
04124681
GP		 313static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
314 u16 data_len)
faba42eb 315{
faba42eb 316 struct mgmt_rp_read_index_list *rp;
8035ded4 317 struct hci_dev *d;
a38528f1 318 size_t rp_len;
faba42eb 319 u16 count;
476e44cb 320 int err;
faba42eb
JH		 321
322 BT_DBG("sock %p", sk);
323
324 read_lock(&hci_dev_list_lock);
325
326 count = 0;
bb4b2a9a 327 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 328 if (d->dev_type == HCI_BREDR)
329 count++;
faba42eb
JH		 330 }
331
a38528f1
JH		 332 rp_len = sizeof(*rp) + (2 * count);
333 rp = kmalloc(rp_len, GFP_ATOMIC);
334 if (!rp) {
b2c60d42 335 read_unlock(&hci_dev_list_lock);
faba42eb 336 return -ENOMEM;
b2c60d42 337 }
faba42eb 338
476e44cb 339 count = 0;
8035ded4 340 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 341 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 342 continue;
343
0736cfa8
MH		 344 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
345 continue;
346
1514b892
MH		 347 if (d->dev_type == HCI_BREDR) {
348 rp->index[count++] = cpu_to_le16(d->id);
349 BT_DBG("Added hci%u", d->id);
350 }
faba42eb
JH		 351 }
352
476e44cb
JH		 353 rp->num_controllers = cpu_to_le16(count);
354 rp_len = sizeof(*rp) + (2 * count);
355
faba42eb
JH		 356 read_unlock(&hci_dev_list_lock);
357
aee9b218 358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 359 rp_len);
faba42eb 360
a38528f1
JH		 361 kfree(rp);
362
363 return err;
faba42eb
JH		 364}
365
69ab39ea
JH		 366static u32 get_supported_settings(struct hci_dev *hdev)
367{
368 u32 settings = 0;
369
370 settings |= MGMT_SETTING_POWERED;
69ab39ea 371 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 372 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 373
ed3fa31f 374 if (lmp_bredr_capable(hdev)) {
33c525c0 375 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 376 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
377 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 378 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 379 settings |= MGMT_SETTING_BREDR;
380 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 381
382 if (lmp_ssp_capable(hdev)) {
383 settings |= MGMT_SETTING_SSP;
384 settings |= MGMT_SETTING_HS;
385 }
e98d2ce2 386
5afeac14
MH		 387 if (lmp_sc_capable(hdev) ||
388 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
e98d2ce2 389 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 390 }
d7b7e796 391
eeca6f89 392 if (lmp_le_capable(hdev)) {
9d42820f 393 settings |= MGMT_SETTING_LE;
eeca6f89 394 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 395 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 396 }
69ab39ea
JH		 397
398 return settings;
399}
400
401static u32 get_current_settings(struct hci_dev *hdev)
402{
403 u32 settings = 0;
404
f1f0eb02 405 if (hdev_is_powered(hdev))
f0d4b78a
MH		 406 settings |= MGMT_SETTING_POWERED;
407
5e5282bb 408 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_CONNECTABLE;
410
1a4d3c4b
JH		 411 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
412 settings |= MGMT_SETTING_FAST_CONNECTABLE;
413
5e5282bb 414 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_DISCOVERABLE;
416
a8b2d5c2 417 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 418 settings |= MGMT_SETTING_PAIRABLE;
419
56f87901 420 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 421 settings |= MGMT_SETTING_BREDR;
422
06199cf8 423 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 424 settings |= MGMT_SETTING_LE;
425
47990ea0 426 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 427 settings |= MGMT_SETTING_LINK_SECURITY;
428
84bde9d6 429 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 430 settings |= MGMT_SETTING_SSP;
431
6d80dfd0
JH		 432 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
433 settings |= MGMT_SETTING_HS;
434
f3d3444a 435 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 436 settings |= MGMT_SETTING_ADVERTISING;
437
e98d2ce2
MH		 438 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
439 settings |= MGMT_SETTING_SECURE_CONN;
440
b1de97d8
MH		 441 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
442 settings |= MGMT_SETTING_DEBUG_KEYS;
443
0f4bd942
JH		 444 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
445 settings |= MGMT_SETTING_PRIVACY;
446
69ab39ea
JH		 447 return settings;
448}
449
ef580372
JH		 450#define PNP_INFO_SVCLASS_ID 0x1200
451
213202ed
JH		 452static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
453{
454 u8 *ptr = data, *uuids_start = NULL;
455 struct bt_uuid *uuid;
456
457 if (len < 4)
458 return ptr;
459
460 list_for_each_entry(uuid, &hdev->uuids, list) {
461 u16 uuid16;
462
463 if (uuid->size != 16)
464 continue;
465
466 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
467 if (uuid16 < 0x1100)
468 continue;
469
470 if (uuid16 == PNP_INFO_SVCLASS_ID)
471 continue;
472
473 if (!uuids_start) {
474 uuids_start = ptr;
475 uuids_start[0] = 1;
476 uuids_start[1] = EIR_UUID16_ALL;
477 ptr += 2;
478 }
479
480 /* Stop if not enough space to put next UUID */
481 if ((ptr - data) + sizeof(u16) > len) {
482 uuids_start[1] = EIR_UUID16_SOME;
483 break;
484 }
485
486 *ptr++ = (uuid16 & 0x00ff);
487 *ptr++ = (uuid16 & 0xff00) >> 8;
488 uuids_start[0] += sizeof(uuid16);
489 }
490
491 return ptr;
492}
493
cdf1963f
JH		 494static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
495{
496 u8 *ptr = data, *uuids_start = NULL;
497 struct bt_uuid *uuid;
498
499 if (len < 6)
500 return ptr;
501
502 list_for_each_entry(uuid, &hdev->uuids, list) {
503 if (uuid->size != 32)
504 continue;
505
506 if (!uuids_start) {
507 uuids_start = ptr;
508 uuids_start[0] = 1;
509 uuids_start[1] = EIR_UUID32_ALL;
510 ptr += 2;
511 }
512
513 /* Stop if not enough space to put next UUID */
514 if ((ptr - data) + sizeof(u32) > len) {
515 uuids_start[1] = EIR_UUID32_SOME;
516 break;
517 }
518
519 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
520 ptr += sizeof(u32);
521 uuids_start[0] += sizeof(u32);
522 }
523
524 return ptr;
525}
526
c00d575b
JH		 527static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
528{
529 u8 *ptr = data, *uuids_start = NULL;
530 struct bt_uuid *uuid;
531
532 if (len < 18)
533 return ptr;
534
535 list_for_each_entry(uuid, &hdev->uuids, list) {
536 if (uuid->size != 128)
537 continue;
538
539 if (!uuids_start) {
540 uuids_start = ptr;
541 uuids_start[0] = 1;
542 uuids_start[1] = EIR_UUID128_ALL;
543 ptr += 2;
544 }
545
546 /* Stop if not enough space to put next UUID */
547 if ((ptr - data) + 16 > len) {
548 uuids_start[1] = EIR_UUID128_SOME;
549 break;
550 }
551
552 memcpy(ptr, uuid->uuid, 16);
553 ptr += 16;
554 uuids_start[0] += 16;
555 }
556
557 return ptr;
558}
559
eb2a8d20
JH		 560static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
561{
562 struct pending_cmd *cmd;
563
564 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
565 if (cmd->opcode == opcode)
566 return cmd;
567 }
568
569 return NULL;
570}
571
f14d8f64
MH		 572static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
573{
7a5f4990
MH		 574 u8 ad_len = 0;
575 size_t name_len;
576
577 name_len = strlen(hdev->dev_name);
578 if (name_len > 0) {
579 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
580
581 if (name_len > max_len) {
582 name_len = max_len;
583 ptr[1] = EIR_NAME_SHORT;
584 } else
585 ptr[1] = EIR_NAME_COMPLETE;
586
587 ptr[0] = name_len + 1;
588
589 memcpy(ptr + 2, hdev->dev_name, name_len);
590
591 ad_len += (name_len + 2);
592 ptr += (name_len + 2);
593 }
594
595 return ad_len;
f14d8f64
MH		 596}
597
598static void update_scan_rsp_data(struct hci_request *req)
599{
600 struct hci_dev *hdev = req->hdev;
601 struct hci_cp_le_set_scan_rsp_data cp;
602 u8 len;
603
7751ef1b 604 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 605 return;
606
607 memset(&cp, 0, sizeof(cp));
608
609 len = create_scan_rsp_data(hdev, cp.data);
610
eb438b5f
JH		 611 if (hdev->scan_rsp_data_len == len &&
612 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 613 return;
614
eb438b5f
JH		 615 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
616 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 617
618 cp.length = len;
619
620 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
621}
622
9a43e25f
JH		 623static u8 get_adv_discov_flags(struct hci_dev *hdev)
624{
625 struct pending_cmd *cmd;
626
627 /* If there's a pending mgmt command the flags will not yet have
628 * their final values, so check for this first.
629 */
630 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
631 if (cmd) {
632 struct mgmt_mode *cp = cmd->param;
633 if (cp->val == 0x01)
634 return LE_AD_GENERAL;
635 else if (cp->val == 0x02)
636 return LE_AD_LIMITED;
637 } else {
638 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
639 return LE_AD_LIMITED;
640 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
641 return LE_AD_GENERAL;
642 }
643
644 return 0;
645}
646
46cad2ed 647static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 648{
649 u8 ad_len = 0, flags = 0;
441ad2d0 650
9a43e25f 651 flags |= get_adv_discov_flags(hdev);
441ad2d0 652
e834004b 653 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 654 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 655
656 if (flags) {
657 BT_DBG("adv flags 0x%02x", flags);
658
659 ptr[0] = 2;
660 ptr[1] = EIR_FLAGS;
661 ptr[2] = flags;
662
663 ad_len += 3;
664 ptr += 3;
665 }
666
667 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
668 ptr[0] = 2;
669 ptr[1] = EIR_TX_POWER;
670 ptr[2] = (u8) hdev->adv_tx_power;
671
672 ad_len += 3;
673 ptr += 3;
674 }
675
441ad2d0
MH		 676 return ad_len;
677}
678
5947f4bc 679static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 680{
681 struct hci_dev *hdev = req->hdev;
682 struct hci_cp_le_set_adv_data cp;
683 u8 len;
684
10994ce6 685 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 686 return;
687
688 memset(&cp, 0, sizeof(cp));
689
46cad2ed 690 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 691
692 if (hdev->adv_data_len == len &&
693 memcmp(cp.data, hdev->adv_data, len) == 0)
694 return;
695
696 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
697 hdev->adv_data_len = len;
698
699 cp.length = len;
700
701 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
702}
703
ef580372
JH		 704static void create_eir(struct hci_dev *hdev, u8 *data)
705{
706 u8 *ptr = data;
ef580372
JH		 707 size_t name_len;
708
709 name_len = strlen(hdev->dev_name);
710
711 if (name_len > 0) {
712 /* EIR Data type */
713 if (name_len > 48) {
714 name_len = 48;
715 ptr[1] = EIR_NAME_SHORT;
716 } else
717 ptr[1] = EIR_NAME_COMPLETE;
718
719 /* EIR Data length */
720 ptr[0] = name_len + 1;
721
722 memcpy(ptr + 2, hdev->dev_name, name_len);
723
ef580372
JH		 724 ptr += (name_len + 2);
725 }
726
bbaf444a 727 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 728 ptr[0] = 2;
729 ptr[1] = EIR_TX_POWER;
730 ptr[2] = (u8) hdev->inq_tx_power;
731
91c4e9b1
MH		 732 ptr += 3;
733 }
734
2b9be137
MH		 735 if (hdev->devid_source > 0) {
736 ptr[0] = 9;
737 ptr[1] = EIR_DEVICE_ID;
738
739 put_unaligned_le16(hdev->devid_source, ptr + 2);
740 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
741 put_unaligned_le16(hdev->devid_product, ptr + 6);
742 put_unaligned_le16(hdev->devid_version, ptr + 8);
743
2b9be137
MH		 744 ptr += 10;
745 }
746
213202ed 747 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 748 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 749 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 750}
751
890ea898 752static void update_eir(struct hci_request *req)
ef580372 753{
890ea898 754 struct hci_dev *hdev = req->hdev;
ef580372
JH		 755 struct hci_cp_write_eir cp;
756
504c8dcd 757 if (!hdev_is_powered(hdev))
890ea898 758 return;
7770c4aa 759
976eb20e 760 if (!lmp_ext_inq_capable(hdev))
890ea898 761 return;
ef580372 762
84bde9d6 763 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 764 return;
ef580372 765
a8b2d5c2 766 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 767 return;
ef580372
JH		 768
769 memset(&cp, 0, sizeof(cp));
770
771 create_eir(hdev, cp.data);
772
773 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 774 return;
ef580372
JH		 775
776 memcpy(hdev->eir, cp.data, sizeof(cp.data));
777
890ea898 778 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 779}
780
781static u8 get_service_classes(struct hci_dev *hdev)
782{
783 struct bt_uuid *uuid;
784 u8 val = 0;
785
786 list_for_each_entry(uuid, &hdev->uuids, list)
787 val |= uuid->svc_hint;
788
789 return val;
790}
791
890ea898 792static void update_class(struct hci_request *req)
ef580372 793{
890ea898 794 struct hci_dev *hdev = req->hdev;
ef580372
JH		 795 u8 cod[3];
796
797 BT_DBG("%s", hdev->name);
798
504c8dcd 799 if (!hdev_is_powered(hdev))
890ea898 800 return;
7770c4aa 801
f87ea1da
JH		 802 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
803 return;
804
a8b2d5c2 805 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 806 return;
ef580372
JH		 807
808 cod[0] = hdev->minor_class;
809 cod[1] = hdev->major_class;
810 cod[2] = get_service_classes(hdev);
811
6acd7db4
MH		 812 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
813 cod[1] |= 0x20;
814
ef580372 815 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 816 return;
ef580372 817
890ea898 818 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 819}
820
a4858cb9 821static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 822{
823 struct pending_cmd *cmd;
199a2fb1
JH		 824
825 /* If there's a pending mgmt command the flag will not yet have
826 * it's final value, so check for this first.
827 */
828 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
829 if (cmd) {
830 struct mgmt_mode *cp = cmd->param;
a4858cb9 831 return cp->val;
199a2fb1
JH		 832 }
833
a4858cb9 834 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 835}
836
837static void enable_advertising(struct hci_request *req)
838{
839 struct hci_dev *hdev = req->hdev;
840 struct hci_cp_le_set_adv_param cp;
8f2a0601 841 u8 own_addr_type, enable = 0x01;
a4858cb9 842 bool connectable;
199a2fb1 843
8d97250e
JH		 844 /* Clear the HCI_ADVERTISING bit temporarily so that the
845 * hci_update_random_address knows that it's safe to go ahead
846 * and write a new random address. The flag will be set back on
847 * as soon as the SET_ADV_ENABLE HCI command completes.
848 */
849 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
850
a4858cb9 851 connectable = get_connectable(hdev);
8f2a0601 852
a4858cb9
JH		 853 /* Set require_privacy to true only when non-connectable
854 * advertising is used. In that case it is fine to use a
855 * non-resolvable private address.
856 */
857 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 858 return;
859
41c90c18 860 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 861 cp.min_interval = cpu_to_le16(0x0800);
862 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 863 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 864 cp.own_address_type = own_addr_type;
199a2fb1
JH		 865 cp.channel_map = hdev->le_adv_channel_map;
866
867 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
868
869 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
870}
871
872static void disable_advertising(struct hci_request *req)
873{
874 u8 enable = 0x00;
875
876 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
877}
878
7d78525d
JH		 879static void service_cache_off(struct work_struct *work)
880{
881 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 882 service_cache.work);
890ea898 883 struct hci_request req;
7d78525d 884
a8b2d5c2 885 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 886 return;
887
890ea898
JH		 888 hci_req_init(&req, hdev);
889
7d78525d
JH		 890 hci_dev_lock(hdev);
891
890ea898
JH		 892 update_eir(&req);
893 update_class(&req);
7d78525d
JH		 894
895 hci_dev_unlock(hdev);
890ea898
JH		 896
897 hci_req_run(&req, NULL);
7d78525d
JH		 898}
899
d6bfd59c
JH		 900static void rpa_expired(struct work_struct *work)
901{
902 struct hci_dev *hdev = container_of(work, struct hci_dev,
903 rpa_expired.work);
904 struct hci_request req;
905
906 BT_DBG("");
907
908 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
909
910 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
911 hci_conn_num(hdev, LE_LINK) > 0)
912 return;
913
914 /* The generation of a new RPA and programming it into the
915 * controller happens in the enable_advertising() function.
916 */
917
918 hci_req_init(&req, hdev);
919
920 disable_advertising(&req);
921 enable_advertising(&req);
922
923 hci_req_run(&req, NULL);
924}
925
6a919082 926static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 927{
4f87da80 928 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 929 return;
930
4f87da80 931 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 932 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 933
4f87da80
JH		 934 /* Non-mgmt controlled devices get this bit set
935 * implicitly so that pairing works for them, however
936 * for mgmt we require user-space to explicitly enable
937 * it
938 */
939 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 940}
941
0f4e68cf 942static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 943 void *data, u16 data_len)
0381101f 944{
a38528f1 945 struct mgmt_rp_read_info rp;
f7b64e69 946
bdb6d971 947 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 948
09fd0de5 949 hci_dev_lock(hdev);
f7b64e69 950
dc4fe30b
JH		 951 memset(&rp, 0, sizeof(rp));
952
69ab39ea 953 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 954
69ab39ea 955 rp.version = hdev->hci_ver;
eb55ef07 956 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 957
958 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
959 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 960
a38528f1 961 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 962
dc4fe30b 963 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 964 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 965
09fd0de5 966 hci_dev_unlock(hdev);
0381101f 967
bdb6d971 968 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 969 sizeof(rp));
0381101f
JH		 970}
971
eec8d2bc
JH		 972static void mgmt_pending_free(struct pending_cmd *cmd)
973{
974 sock_put(cmd->sk);
c68fb7ff 975 kfree(cmd->param);
eec8d2bc
JH		 976 kfree(cmd);
977}
978
366a0336 979static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 980 struct hci_dev *hdev, void *data,
981 u16 len)
eec8d2bc
JH		 982{
983 struct pending_cmd *cmd;
984
12b94565 985 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 986 if (!cmd)
366a0336 987 return NULL;
eec8d2bc
JH		 988
989 cmd->opcode = opcode;
2e58ef3e 990 cmd->index = hdev->id;
eec8d2bc 991
12b94565 992 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 993 if (!cmd->param) {
eec8d2bc 994 kfree(cmd);
366a0336 995 return NULL;
eec8d2bc
JH		 996 }
997
8fce6357
SJ		 998 if (data)
999 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1000
1001 cmd->sk = sk;
1002 sock_hold(sk);
1003
2e58ef3e 1004 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1005
366a0336 1006 return cmd;
eec8d2bc
JH		 1007}
1008
744cf19e 1009static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1010 void (*cb)(struct pending_cmd *cmd,
1011 void *data),
04124681 1012 void *data)
eec8d2bc 1013{
a3d09356 1014 struct pending_cmd *cmd, *tmp;
eec8d2bc 1015
a3d09356 1016 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1017 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1018 continue;
1019
eec8d2bc
JH		 1020 cb(cmd, data);
1021 }
1022}
1023
a664b5bc 1024static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1025{
73f22f62
JH		 1026 list_del(&cmd->list);
1027 mgmt_pending_free(cmd);
1028}
1029
69ab39ea 1030static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1031{
69ab39ea 1032 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1033
aee9b218 1034 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1035 sizeof(settings));
8680570b
JH		 1036}
1037
8b064a3a
JH		 1038static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1039{
1040 BT_DBG("%s status 0x%02x", hdev->name, status);
1041
a3172b7e
JH		 1042 if (hci_conn_count(hdev) == 0) {
1043 cancel_delayed_work(&hdev->power_off);
8b064a3a 1044 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1045 }
8b064a3a
JH		 1046}
1047
1048static int clean_up_hci_state(struct hci_dev *hdev)
1049{
1050 struct hci_request req;
1051 struct hci_conn *conn;
1052
1053 hci_req_init(&req, hdev);
1054
1055 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1056 test_bit(HCI_PSCAN, &hdev->flags)) {
1057 u8 scan = 0x00;
1058 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1059 }
1060
1061 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1062 disable_advertising(&req);
1063
1064 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
b1efcc28 1065 hci_req_add_le_scan_disable(&req);
8b064a3a
JH		 1066 }
1067
1068 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1069 struct hci_cp_disconnect dc;
c9910d0f
JH		 1070 struct hci_cp_reject_conn_req rej;
1071
1072 switch (conn->state) {
1073 case BT_CONNECTED:
1074 case BT_CONFIG:
1075 dc.handle = cpu_to_le16(conn->handle);
1076 dc.reason = 0x15; /* Terminated due to Power Off */
1077 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1078 break;
1079 case BT_CONNECT:
1080 if (conn->type == LE_LINK)
1081 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1082 0, NULL);
1083 else if (conn->type == ACL_LINK)
1084 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1085 6, &conn->dst);
1086 break;
1087 case BT_CONNECT2:
1088 bacpy(&rej.bdaddr, &conn->dst);
1089 rej.reason = 0x15; /* Terminated due to Power Off */
1090 if (conn->type == ACL_LINK)
1091 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1092 sizeof(rej), &rej);
1093 else if (conn->type == SCO_LINK)
1094 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1095 sizeof(rej), &rej);
1096 break;
1097 }
8b064a3a
JH		 1098 }
1099
1100 return hci_req_run(&req, clean_up_hci_complete);
1101}
1102
bdb6d971 1103static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1104 u16 len)
eec8d2bc 1105{
650f726d 1106 struct mgmt_mode *cp = data;
366a0336 1107 struct pending_cmd *cmd;
4b34ee78 1108 int err;
eec8d2bc 1109
bdb6d971 1110 BT_DBG("request for %s", hdev->name);
eec8d2bc 1111
a7e80f25
JH		 1112 if (cp->val != 0x00 && cp->val != 0x01)
1113 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1114 MGMT_STATUS_INVALID_PARAMS);
1115
09fd0de5 1116 hci_dev_lock(hdev);
eec8d2bc 1117
87b95ba6
JH		 1118 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1119 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1120 MGMT_STATUS_BUSY);
1121 goto failed;
1122 }
1123
f0d4b78a
MH		 1124 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1125 cancel_delayed_work(&hdev->power_off);
1126
1127 if (cp->val) {
a1d70450
JH		 1128 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1129 data, len);
1130 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1131 goto failed;
1132 }
1133 }
1134
4b34ee78 1135 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1136 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1137 goto failed;
1138 }
1139
2e58ef3e 1140 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1141 if (!cmd) {
1142 err = -ENOMEM;
eec8d2bc 1143 goto failed;
366a0336 1144 }
eec8d2bc 1145
8b064a3a 1146 if (cp->val) {
19202573 1147 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1148 err = 0;
1149 } else {
1150 /* Disconnect connections, stop scans, etc */
1151 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1152 if (!err)
1153 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1154 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1155
8b064a3a
JH		 1156 /* ENODATA means there were no HCI commands queued */
1157 if (err == -ENODATA) {
a3172b7e 1158 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1159 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1160 err = 0;
1161 }
1162 }
eec8d2bc
JH		 1163
1164failed:
09fd0de5 1165 hci_dev_unlock(hdev);
366a0336 1166 return err;
eec8d2bc
JH		 1167}
1168
04124681
GP		 1169static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1170 struct sock *skip_sk)
beadb2bd
JH		 1171{
1172 struct sk_buff *skb;
1173 struct mgmt_hdr *hdr;
1174
790eff44 1175 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1176 if (!skb)
1177 return -ENOMEM;
1178
1179 hdr = (void *) skb_put(skb, sizeof(*hdr));
1180 hdr->opcode = cpu_to_le16(event);
1181 if (hdev)
1182 hdr->index = cpu_to_le16(hdev->id);
1183 else
dcf4adbf 1184 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1185 hdr->len = cpu_to_le16(data_len);
1186
1187 if (data)
1188 memcpy(skb_put(skb, data_len), data, data_len);
1189
97e0bdeb
MH		 1190 /* Time stamp */
1191 __net_timestamp(skb);
1192
beadb2bd
JH		 1193 hci_send_to_control(skb, skip_sk);
1194 kfree_skb(skb);
1195
1196 return 0;
1197}
1198
1199static int new_settings(struct hci_dev *hdev, struct sock *skip)
1200{
1201 __le32 ev;
1202
1203 ev = cpu_to_le32(get_current_settings(hdev));
1204
1205 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1206}
1207
bd99abdd
JH		 1208struct cmd_lookup {
1209 struct sock *sk;
1210 struct hci_dev *hdev;
1211 u8 mgmt_status;
1212};
1213
1214static void settings_rsp(struct pending_cmd *cmd, void *data)
1215{
1216 struct cmd_lookup *match = data;
1217
1218 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1219
1220 list_del(&cmd->list);
1221
1222 if (match->sk == NULL) {
1223 match->sk = cmd->sk;
1224 sock_hold(match->sk);
1225 }
1226
1227 mgmt_pending_free(cmd);
1228}
1229
1230static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1231{
1232 u8 *status = data;
1233
1234 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1235 mgmt_pending_remove(cmd);
1236}
1237
e6fe7986
JH		 1238static u8 mgmt_bredr_support(struct hci_dev *hdev)
1239{
1240 if (!lmp_bredr_capable(hdev))
1241 return MGMT_STATUS_NOT_SUPPORTED;
1242 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1243 return MGMT_STATUS_REJECTED;
1244 else
1245 return MGMT_STATUS_SUCCESS;
1246}
1247
1248static u8 mgmt_le_support(struct hci_dev *hdev)
1249{
1250 if (!lmp_le_capable(hdev))
1251 return MGMT_STATUS_NOT_SUPPORTED;
1252 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1253 return MGMT_STATUS_REJECTED;
1254 else
1255 return MGMT_STATUS_SUCCESS;
1256}
1257
bfaf8c9f
JH		 1258static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1259{
1260 struct pending_cmd *cmd;
1261 struct mgmt_mode *cp;
970ba524 1262 struct hci_request req;
bfaf8c9f
JH		 1263 bool changed;
1264
1265 BT_DBG("status 0x%02x", status);
1266
1267 hci_dev_lock(hdev);
1268
1269 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1270 if (!cmd)
1271 goto unlock;
1272
1273 if (status) {
1274 u8 mgmt_err = mgmt_status(status);
1275 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1276 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1277 goto remove_cmd;
1278 }
1279
1280 cp = cmd->param;
d4462a07 1281 if (cp->val) {
bfaf8c9f
JH		 1282 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1283 &hdev->dev_flags);
d4462a07
MH		 1284
1285 if (hdev->discov_timeout > 0) {
1286 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1287 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1288 to);
1289 }
1290 } else {
bfaf8c9f
JH		 1291 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1292 &hdev->dev_flags);
d4462a07 1293 }
bfaf8c9f
JH		 1294
1295 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1296
1297 if (changed)
1298 new_settings(hdev, cmd->sk);
1299
970ba524
MH		 1300 /* When the discoverable mode gets changed, make sure
1301 * that class of device has the limited discoverable
1302 * bit correctly set.
1303 */
1304 hci_req_init(&req, hdev);
1305 update_class(&req);
1306 hci_req_run(&req, NULL);
1307
bfaf8c9f
JH		 1308remove_cmd:
1309 mgmt_pending_remove(cmd);
1310
1311unlock:
1312 hci_dev_unlock(hdev);
1313}
1314
bdb6d971 1315static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1316 u16 len)
73f22f62 1317{
650f726d 1318 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1319 struct pending_cmd *cmd;
bfaf8c9f 1320 struct hci_request req;
5e5282bb 1321 u16 timeout;
9a43e25f 1322 u8 scan;
73f22f62
JH		 1323 int err;
1324
bdb6d971 1325 BT_DBG("request for %s", hdev->name);
73f22f62 1326
9a43e25f
JH		 1327 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1328 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1329 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1330 MGMT_STATUS_REJECTED);
33c525c0 1331
310a3d48 1332 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1333 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1334 MGMT_STATUS_INVALID_PARAMS);
1335
1f350c87 1336 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1337
1338 /* Disabling discoverable requires that no timeout is set,
1339 * and enabling limited discoverable requires a timeout.
1340 */
1341 if ((cp->val == 0x00 && timeout > 0) ||
1342 (cp->val == 0x02 && timeout == 0))
bdb6d971 1343 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1344 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1345
09fd0de5 1346 hci_dev_lock(hdev);
73f22f62 1347
5e5282bb 1348 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1349 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1350 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1351 goto failed;
1352 }
1353
2e58ef3e 1354 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1355 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1356 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1357 MGMT_STATUS_BUSY);
73f22f62
JH		 1358 goto failed;
1359 }
1360
5e5282bb 1361 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1362 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1363 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1364 goto failed;
1365 }
1366
1367 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1368 bool changed = false;
1369
310a3d48
MH		 1370 /* Setting limited discoverable when powered off is
1371 * not a valid operation since it requires a timeout
1372 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1373 */
0224d2fa
JH		 1374 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1375 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1376 changed = true;
1377 }
1378
5e5282bb 1379 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1380 if (err < 0)
1381 goto failed;
1382
1383 if (changed)
1384 err = new_settings(hdev, sk);
1385
5e5282bb
JH		 1386 goto failed;
1387 }
1388
310a3d48
MH		 1389 /* If the current mode is the same, then just update the timeout
1390 * value with the new value. And if only the timeout gets updated,
1391 * then no need for any HCI transactions.
1392 */
1393 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1394 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1395 &hdev->dev_flags)) {
36261547
MH		 1396 cancel_delayed_work(&hdev->discov_off);
1397 hdev->discov_timeout = timeout;
955638ec 1398
36261547
MH		 1399 if (cp->val && hdev->discov_timeout > 0) {
1400 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1401 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1402 to);
955638ec
MH		 1403 }
1404
69ab39ea 1405 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1406 goto failed;
1407 }
1408
2e58ef3e 1409 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1410 if (!cmd) {
1411 err = -ENOMEM;
73f22f62 1412 goto failed;
366a0336 1413 }
73f22f62 1414
310a3d48
MH		 1415 /* Cancel any potential discoverable timeout that might be
1416 * still active and store new timeout value. The arming of
1417 * the timeout happens in the complete handler.
1418 */
1419 cancel_delayed_work(&hdev->discov_off);
1420 hdev->discov_timeout = timeout;
1421
b456f87c
JH		 1422 /* Limited discoverable mode */
1423 if (cp->val == 0x02)
1424 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1425 else
1426 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1427
bfaf8c9f
JH		 1428 hci_req_init(&req, hdev);
1429
9a43e25f
JH		 1430 /* The procedure for LE-only controllers is much simpler - just
1431 * update the advertising data.
1432 */
1433 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1434 goto update_ad;
1435
73f22f62
JH		 1436 scan = SCAN_PAGE;
1437
310a3d48
MH		 1438 if (cp->val) {
1439 struct hci_cp_write_current_iac_lap hci_cp;
1440
1441 if (cp->val == 0x02) {
1442 /* Limited discoverable mode */
33337dcb 1443 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1444 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1445 hci_cp.iac_lap[1] = 0x8b;
1446 hci_cp.iac_lap[2] = 0x9e;
1447 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1448 hci_cp.iac_lap[4] = 0x8b;
1449 hci_cp.iac_lap[5] = 0x9e;
1450 } else {
1451 /* General discoverable mode */
310a3d48
MH		 1452 hci_cp.num_iac = 1;
1453 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1454 hci_cp.iac_lap[1] = 0x8b;
1455 hci_cp.iac_lap[2] = 0x9e;
1456 }
1457
1458 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1459 (hci_cp.num_iac * 3) + 1, &hci_cp);
1460
73f22f62 1461 scan |= SCAN_INQUIRY;
310a3d48
MH		 1462 } else {
1463 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1464 }
73f22f62 1465
310a3d48 1466 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1467
9a43e25f
JH		 1468update_ad:
1469 update_adv_data(&req);
1470
bfaf8c9f 1471 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1472 if (err < 0)
a664b5bc 1473 mgmt_pending_remove(cmd);
73f22f62
JH		 1474
1475failed:
09fd0de5 1476 hci_dev_unlock(hdev);
73f22f62
JH		 1477 return err;
1478}
1479
406d7804
JH		 1480static void write_fast_connectable(struct hci_request *req, bool enable)
1481{
bd98b996 1482 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1483 struct hci_cp_write_page_scan_activity acp;
1484 u8 type;
1485
547003b1
JH		 1486 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1487 return;
1488
4c01f8b8
JH		 1489 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1490 return;
1491
406d7804
JH		 1492 if (enable) {
1493 type = PAGE_SCAN_TYPE_INTERLACED;
1494
1495 /* 160 msec page scan interval */
dcf4adbf 1496 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1497 } else {
1498 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1499
1500 /* default 1.28 sec page scan */
dcf4adbf 1501 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1502 }
1503
dcf4adbf 1504 acp.window = cpu_to_le16(0x0012);
406d7804 1505
bd98b996
JH		 1506 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1507 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1508 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1509 sizeof(acp), &acp);
1510
1511 if (hdev->page_scan_type != type)
1512 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1513}
1514
2b76f453
JH		 1515static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1516{
1517 struct pending_cmd *cmd;
d7b856f9
JH		 1518 struct mgmt_mode *cp;
1519 bool changed;
2b76f453
JH		 1520
1521 BT_DBG("status 0x%02x", status);
1522
1523 hci_dev_lock(hdev);
1524
1525 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1526 if (!cmd)
1527 goto unlock;
1528
37438c1f
JH		 1529 if (status) {
1530 u8 mgmt_err = mgmt_status(status);
1531 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1532 goto remove_cmd;
1533 }
1534
d7b856f9
JH		 1535 cp = cmd->param;
1536 if (cp->val)
1537 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1538 else
1539 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1540
2b76f453
JH		 1541 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1542
d7b856f9
JH		 1543 if (changed)
1544 new_settings(hdev, cmd->sk);
1545
37438c1f 1546remove_cmd:
2b76f453
JH		 1547 mgmt_pending_remove(cmd);
1548
1549unlock:
1550 hci_dev_unlock(hdev);
1551}
1552
e8ba3a1f
JH		 1553static int set_connectable_update_settings(struct hci_dev *hdev,
1554 struct sock *sk, u8 val)
1555{
1556 bool changed = false;
1557 int err;
1558
1559 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1560 changed = true;
1561
1562 if (val) {
1563 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1564 } else {
1565 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1566 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1567 }
1568
1569 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1570 if (err < 0)
1571 return err;
1572
1573 if (changed)
1574 return new_settings(hdev, sk);
1575
1576 return 0;
1577}
1578
bdb6d971 1579static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1580 u16 len)
9fbcbb45 1581{
650f726d 1582 struct mgmt_mode *cp = data;
366a0336 1583 struct pending_cmd *cmd;
2b76f453 1584 struct hci_request req;
1987fdc7 1585 u8 scan;
9fbcbb45
JH		 1586 int err;
1587
bdb6d971 1588 BT_DBG("request for %s", hdev->name);
9fbcbb45 1589
1987fdc7
JH		 1590 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1591 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1592 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1593 MGMT_STATUS_REJECTED);
33c525c0 1594
a7e80f25
JH		 1595 if (cp->val != 0x00 && cp->val != 0x01)
1596 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1597 MGMT_STATUS_INVALID_PARAMS);
1598
09fd0de5 1599 hci_dev_lock(hdev);
9fbcbb45 1600
4b34ee78 1601 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1602 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1603 goto failed;
1604 }
1605
2e58ef3e 1606 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1607 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1608 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1609 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1610 goto failed;
1611 }
1612
2e58ef3e 1613 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1614 if (!cmd) {
1615 err = -ENOMEM;
9fbcbb45 1616 goto failed;
366a0336 1617 }
9fbcbb45 1618
9b74246f 1619 hci_req_init(&req, hdev);
9fbcbb45 1620
9a43e25f
JH		 1621 /* If BR/EDR is not enabled and we disable advertising as a
1622 * by-product of disabling connectable, we need to update the
1623 * advertising flags.
1624 */
1625 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1626 if (!cp->val) {
1627 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1628 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1629 }
1630 update_adv_data(&req);
1631 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1632 if (cp->val) {
1633 scan = SCAN_PAGE;
1634 } else {
1635 scan = 0;
1636
1637 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1638 hdev->discov_timeout > 0)
9b74246f
JH		 1639 cancel_delayed_work(&hdev->discov_off);
1640 }
2b76f453 1641
9b74246f
JH		 1642 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1643 }
2b76f453 1644
4c01f8b8
JH		 1645 /* If we're going from non-connectable to connectable or
1646 * vice-versa when fast connectable is enabled ensure that fast
1647 * connectable gets disabled. write_fast_connectable won't do
1648 * anything if the page scan parameters are already what they
1649 * should be.
1650 */
1651 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1652 write_fast_connectable(&req, false);
1653
1987fdc7
JH		 1654 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1655 hci_conn_num(hdev, LE_LINK) == 0) {
1656 disable_advertising(&req);
1657 enable_advertising(&req);
1658 }
1659
2b76f453 1660 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1661 if (err < 0) {
a664b5bc 1662 mgmt_pending_remove(cmd);
9b74246f 1663 if (err == -ENODATA)
a81070ba
JH		 1664 err = set_connectable_update_settings(hdev, sk,
1665 cp->val);
9b74246f
JH		 1666 goto failed;
1667 }
9fbcbb45
JH		 1668
1669failed:
09fd0de5 1670 hci_dev_unlock(hdev);
9fbcbb45
JH		 1671 return err;
1672}
1673
bdb6d971 1674static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1675 u16 len)
c542a06c 1676{
650f726d 1677 struct mgmt_mode *cp = data;
55594356 1678 bool changed;
c542a06c
JH		 1679 int err;
1680
bdb6d971 1681 BT_DBG("request for %s", hdev->name);
c542a06c 1682
a7e80f25
JH		 1683 if (cp->val != 0x00 && cp->val != 0x01)
1684 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1685 MGMT_STATUS_INVALID_PARAMS);
1686
09fd0de5 1687 hci_dev_lock(hdev);
c542a06c
JH		 1688
1689 if (cp->val)
55594356 1690 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1691 else
55594356 1692 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1693
69ab39ea 1694 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1695 if (err < 0)
55594356 1696 goto unlock;
c542a06c 1697
55594356
MH		 1698 if (changed)
1699 err = new_settings(hdev, sk);
c542a06c 1700
55594356 1701unlock:
09fd0de5 1702 hci_dev_unlock(hdev);
c542a06c
JH		 1703 return err;
1704}
1705
04124681
GP		 1706static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1707 u16 len)
33ef95ed
JH		 1708{
1709 struct mgmt_mode *cp = data;
1710 struct pending_cmd *cmd;
e6fe7986 1711 u8 val, status;
33ef95ed
JH		 1712 int err;
1713
bdb6d971 1714 BT_DBG("request for %s", hdev->name);
33ef95ed 1715
e6fe7986
JH		 1716 status = mgmt_bredr_support(hdev);
1717 if (status)
33c525c0 1718 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1719 status);
33c525c0 1720
a7e80f25
JH		 1721 if (cp->val != 0x00 && cp->val != 0x01)
1722 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1723 MGMT_STATUS_INVALID_PARAMS);
1724
33ef95ed
JH		 1725 hci_dev_lock(hdev);
1726
4b34ee78 1727 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1728 bool changed = false;
1729
1730 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1731 &hdev->dev_flags)) {
47990ea0
JH		 1732 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1733 changed = true;
1734 }
1735
1736 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1737 if (err < 0)
1738 goto failed;
1739
1740 if (changed)
1741 err = new_settings(hdev, sk);
1742
33ef95ed
JH		 1743 goto failed;
1744 }
1745
1746 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1747 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1748 MGMT_STATUS_BUSY);
33ef95ed
JH		 1749 goto failed;
1750 }
1751
1752 val = !!cp->val;
1753
1754 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1755 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1756 goto failed;
1757 }
1758
1759 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1760 if (!cmd) {
1761 err = -ENOMEM;
1762 goto failed;
1763 }
1764
1765 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1766 if (err < 0) {
1767 mgmt_pending_remove(cmd);
1768 goto failed;
1769 }
1770
1771failed:
1772 hci_dev_unlock(hdev);
33ef95ed
JH		 1773 return err;
1774}
1775
bdb6d971 1776static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1777{
1778 struct mgmt_mode *cp = data;
1779 struct pending_cmd *cmd;
72ef0c1a 1780 u8 status;
ed2c4ee3
JH		 1781 int err;
1782
bdb6d971 1783 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1784
cdba5281
MH		 1785 status = mgmt_bredr_support(hdev);
1786 if (status)
1787 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1788
13ecd8b6
JH		 1789 if (!lmp_ssp_capable(hdev))
1790 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1791 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1792
a7e80f25
JH		 1793 if (cp->val != 0x00 && cp->val != 0x01)
1794 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1795 MGMT_STATUS_INVALID_PARAMS);
1796
13ecd8b6 1797 hci_dev_lock(hdev);
6c8f12c1 1798
4b34ee78 1799 if (!hdev_is_powered(hdev)) {
9ecb3e24 1800 bool changed;
c0ecddc2 1801
9ecb3e24
MH		 1802 if (cp->val) {
1803 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1804 &hdev->dev_flags);
1805 } else {
1806 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1807 &hdev->dev_flags);
1808 if (!changed)
1809 changed = test_and_clear_bit(HCI_HS_ENABLED,
1810 &hdev->dev_flags);
1811 else
1812 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1813 }
1814
1815 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1816 if (err < 0)
1817 goto failed;
1818
1819 if (changed)
1820 err = new_settings(hdev, sk);
1821
ed2c4ee3
JH		 1822 goto failed;
1823 }
1824
9ecb3e24
MH		 1825 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1826 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1827 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1828 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1829 goto failed;
1830 }
1831
72ef0c1a 1832 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1833 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1834 goto failed;
1835 }
1836
1837 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1838 if (!cmd) {
1839 err = -ENOMEM;
1840 goto failed;
1841 }
1842
72ef0c1a 1843 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1844 if (err < 0) {
1845 mgmt_pending_remove(cmd);
1846 goto failed;
1847 }
1848
1849failed:
1850 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1851 return err;
1852}
1853
bdb6d971 1854static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1855{
1856 struct mgmt_mode *cp = data;
ee392693 1857 bool changed;
e6fe7986 1858 u8 status;
ee392693 1859 int err;
6d80dfd0 1860
bdb6d971 1861 BT_DBG("request for %s", hdev->name);
6d80dfd0 1862
e6fe7986
JH		 1863 status = mgmt_bredr_support(hdev);
1864 if (status)
1865 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1866
9ecb3e24
MH		 1867 if (!lmp_ssp_capable(hdev))
1868 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1869 MGMT_STATUS_NOT_SUPPORTED);
1870
1871 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1872 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1873 MGMT_STATUS_REJECTED);
1874
a7e80f25
JH		 1875 if (cp->val != 0x00 && cp->val != 0x01)
1876 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1877 MGMT_STATUS_INVALID_PARAMS);
1878
ee392693
MH		 1879 hci_dev_lock(hdev);
1880
a0cdf960 1881 if (cp->val) {
ee392693 1882 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1883 } else {
1884 if (hdev_is_powered(hdev)) {
1885 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1886 MGMT_STATUS_REJECTED);
1887 goto unlock;
1888 }
1889
ee392693 1890 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1891 }
ee392693
MH		 1892
1893 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1894 if (err < 0)
1895 goto unlock;
1896
1897 if (changed)
1898 err = new_settings(hdev, sk);
6d80dfd0 1899
ee392693
MH		 1900unlock:
1901 hci_dev_unlock(hdev);
1902 return err;
6d80dfd0
JH		 1903}
1904
416a4ae5
JH		 1905static void le_enable_complete(struct hci_dev *hdev, u8 status)
1906{
1907 struct cmd_lookup match = { NULL, hdev };
1908
1909 if (status) {
1910 u8 mgmt_err = mgmt_status(status);
1911
1912 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1913 &mgmt_err);
1914 return;
1915 }
1916
1917 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1918
1919 new_settings(hdev, match.sk);
1920
1921 if (match.sk)
1922 sock_put(match.sk);
441ad2d0
MH		 1923
1924 /* Make sure the controller has a good default for
1925 * advertising data. Restrict the update to when LE
1926 * has actually been enabled. During power on, the
1927 * update in powered_update_hci will take care of it.
1928 */
1929 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1930 struct hci_request req;
1931
1932 hci_dev_lock(hdev);
1933
1934 hci_req_init(&req, hdev);
5947f4bc 1935 update_adv_data(&req);
f14d8f64 1936 update_scan_rsp_data(&req);
441ad2d0
MH		 1937 hci_req_run(&req, NULL);
1938
1939 hci_dev_unlock(hdev);
1940 }
416a4ae5
JH		 1941}
1942
bdb6d971 1943static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1944{
1945 struct mgmt_mode *cp = data;
1946 struct hci_cp_write_le_host_supported hci_cp;
1947 struct pending_cmd *cmd;
416a4ae5 1948 struct hci_request req;
06199cf8 1949 int err;
0b60eba1 1950 u8 val, enabled;
06199cf8 1951
bdb6d971 1952 BT_DBG("request for %s", hdev->name);
06199cf8 1953
13ecd8b6
JH		 1954 if (!lmp_le_capable(hdev))
1955 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1956 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1957
a7e80f25
JH		 1958 if (cp->val != 0x00 && cp->val != 0x01)
1959 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1960 MGMT_STATUS_INVALID_PARAMS);
1961
c73eee91 1962 /* LE-only devices do not allow toggling LE on/off */
56f87901 1963 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1964 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1965 MGMT_STATUS_REJECTED);
1966
13ecd8b6 1967 hci_dev_lock(hdev);
06199cf8
JH		 1968
1969 val = !!cp->val;
ffa88e02 1970 enabled = lmp_host_le_capable(hdev);
06199cf8 1971
0b60eba1 1972 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1973 bool changed = false;
1974
1975 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1976 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1977 changed = true;
1978 }
1979
f3d3444a
JH		 1980 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1981 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1982 changed = true;
1983 }
1984
06199cf8
JH		 1985 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1986 if (err < 0)
1de028ce 1987 goto unlock;
06199cf8
JH		 1988
1989 if (changed)
1990 err = new_settings(hdev, sk);
1991
1de028ce 1992 goto unlock;
06199cf8
JH		 1993 }
1994
4375f103
JH		 1995 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1996 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1997 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1998 MGMT_STATUS_BUSY);
1de028ce 1999 goto unlock;
06199cf8
JH		 2000 }
2001
2002 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2003 if (!cmd) {
2004 err = -ENOMEM;
1de028ce 2005 goto unlock;
06199cf8
JH		 2006 }
2007
441ad2d0
MH		 2008 hci_req_init(&req, hdev);
2009
06199cf8
JH		 2010 memset(&hci_cp, 0, sizeof(hci_cp));
2011
2012 if (val) {
2013 hci_cp.le = val;
ffa88e02 2014 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2015 } else {
2016 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2017 disable_advertising(&req);
06199cf8
JH		 2018 }
2019
416a4ae5
JH		 2020 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2021 &hci_cp);
2022
2023 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2024 if (err < 0)
06199cf8 2025 mgmt_pending_remove(cmd);
06199cf8 2026
1de028ce
JH		 2027unlock:
2028 hci_dev_unlock(hdev);
06199cf8
JH		 2029 return err;
2030}
2031
0cab9c80
JH		 2032/* This is a helper function to test for pending mgmt commands that can
2033 * cause CoD or EIR HCI commands. We can only allow one such pending
2034 * mgmt command at a time since otherwise we cannot easily track what
2035 * the current values are, will be, and based on that calculate if a new
2036 * HCI command needs to be sent and if yes with what value.
2037 */
2038static bool pending_eir_or_class(struct hci_dev *hdev)
2039{
2040 struct pending_cmd *cmd;
2041
2042 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2043 switch (cmd->opcode) {
2044 case MGMT_OP_ADD_UUID:
2045 case MGMT_OP_REMOVE_UUID:
2046 case MGMT_OP_SET_DEV_CLASS:
2047 case MGMT_OP_SET_POWERED:
2048 return true;
2049 }
2050 }
2051
2052 return false;
2053}
2054
83be8eca
JH		 2055static const u8 bluetooth_base_uuid[] = {
2056 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2057 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2058};
2059
2060static u8 get_uuid_size(const u8 *uuid)
2061{
2062 u32 val;
2063
2064 if (memcmp(uuid, bluetooth_base_uuid, 12))
2065 return 128;
2066
2067 val = get_unaligned_le32(&uuid[12]);
2068 if (val > 0xffff)
2069 return 32;
2070
2071 return 16;
2072}
2073
92da6097
JH		 2074static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2075{
2076 struct pending_cmd *cmd;
2077
2078 hci_dev_lock(hdev);
2079
2080 cmd = mgmt_pending_find(mgmt_op, hdev);
2081 if (!cmd)
2082 goto unlock;
2083
2084 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2085 hdev->dev_class, 3);
2086
2087 mgmt_pending_remove(cmd);
2088
2089unlock:
2090 hci_dev_unlock(hdev);
2091}
2092
2093static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2094{
2095 BT_DBG("status 0x%02x", status);
2096
2097 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2098}
2099
bdb6d971 2100static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2101{
650f726d 2102 struct mgmt_cp_add_uuid *cp = data;
90e70454 2103 struct pending_cmd *cmd;
890ea898 2104 struct hci_request req;
2aeb9a1a 2105 struct bt_uuid *uuid;
2aeb9a1a
JH		 2106 int err;
2107
bdb6d971 2108 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2109
09fd0de5 2110 hci_dev_lock(hdev);
2aeb9a1a 2111
0cab9c80 2112 if (pending_eir_or_class(hdev)) {
bdb6d971 2113 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2114 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2115 goto failed;
2116 }
2117
92c4c204 2118 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2119 if (!uuid) {
2120 err = -ENOMEM;
2121 goto failed;
2122 }
2123
2124 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2125 uuid->svc_hint = cp->svc_hint;
83be8eca 2126 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2127
de66aa63 2128 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2129
890ea898 2130 hci_req_init(&req, hdev);
1aff6f09 2131
890ea898
JH		 2132 update_class(&req);
2133 update_eir(&req);
2134
92da6097
JH		 2135 err = hci_req_run(&req, add_uuid_complete);
2136 if (err < 0) {
2137 if (err != -ENODATA)
2138 goto failed;
80a1e1db 2139
bdb6d971 2140 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2141 hdev->dev_class, 3);
90e70454
JH		 2142 goto failed;
2143 }
2144
2145 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2146 if (!cmd) {
90e70454 2147 err = -ENOMEM;
890ea898
JH		 2148 goto failed;
2149 }
2150
2151 err = 0;
2aeb9a1a
JH		 2152
2153failed:
09fd0de5 2154 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2155 return err;
2156}
2157
24b78d0f
JH		 2158static bool enable_service_cache(struct hci_dev *hdev)
2159{
2160 if (!hdev_is_powered(hdev))
2161 return false;
2162
2163 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2164 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2165 CACHE_TIMEOUT);
24b78d0f
JH		 2166 return true;
2167 }
2168
2169 return false;
2170}
2171
92da6097
JH		 2172static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2173{
2174 BT_DBG("status 0x%02x", status);
2175
2176 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2177}
2178
bdb6d971 2179static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2180 u16 len)
2aeb9a1a 2181{
650f726d 2182 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2183 struct pending_cmd *cmd;
056341c8 2184 struct bt_uuid *match, *tmp;
2aeb9a1a 2185 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2186 struct hci_request req;
2aeb9a1a
JH		 2187 int err, found;
2188
bdb6d971 2189 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2190
09fd0de5 2191 hci_dev_lock(hdev);
2aeb9a1a 2192
0cab9c80 2193 if (pending_eir_or_class(hdev)) {
bdb6d971 2194 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2195 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2196 goto unlock;
2197 }
2198
2aeb9a1a 2199 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2200 hci_uuids_clear(hdev);
4004b6d9 2201
24b78d0f 2202 if (enable_service_cache(hdev)) {
bdb6d971 2203 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2204 0, hdev->dev_class, 3);
24b78d0f
JH		 2205 goto unlock;
2206 }
4004b6d9 2207
9246a869 2208 goto update_class;
2aeb9a1a
JH		 2209 }
2210
2211 found = 0;
2212
056341c8 2213 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2214 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2215 continue;
2216
2217 list_del(&match->list);
482049f7 2218 kfree(match);
2aeb9a1a
JH		 2219 found++;
2220 }
2221
2222 if (found == 0) {
bdb6d971 2223 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2224 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2225 goto unlock;
2226 }
2227
9246a869 2228update_class:
890ea898 2229 hci_req_init(&req, hdev);
1aff6f09 2230
890ea898
JH		 2231 update_class(&req);
2232 update_eir(&req);
2233
92da6097
JH		 2234 err = hci_req_run(&req, remove_uuid_complete);
2235 if (err < 0) {
2236 if (err != -ENODATA)
2237 goto unlock;
80a1e1db 2238
bdb6d971 2239 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2240 hdev->dev_class, 3);
90e70454
JH		 2241 goto unlock;
2242 }
2243
2244 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2245 if (!cmd) {
90e70454 2246 err = -ENOMEM;
890ea898
JH		 2247 goto unlock;
2248 }
2249
2250 err = 0;
2aeb9a1a
JH		 2251
2252unlock:
09fd0de5 2253 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2254 return err;
2255}
2256
92da6097
JH		 2257static void set_class_complete(struct hci_dev *hdev, u8 status)
2258{
2259 BT_DBG("status 0x%02x", status);
2260
2261 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2262}
2263
bdb6d971 2264static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2265 u16 len)
1aff6f09 2266{
650f726d 2267 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2268 struct pending_cmd *cmd;
890ea898 2269 struct hci_request req;
1aff6f09
JH		 2270 int err;
2271
bdb6d971 2272 BT_DBG("request for %s", hdev->name);
1aff6f09 2273
6203fc98 2274 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2275 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2276 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2277
0cab9c80 2278 hci_dev_lock(hdev);
ee98f473 2279
0cab9c80
JH		 2280 if (pending_eir_or_class(hdev)) {
2281 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2282 MGMT_STATUS_BUSY);
2283 goto unlock;
2284 }
c95f0ba7 2285
0cab9c80
JH		 2286 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2287 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2288 MGMT_STATUS_INVALID_PARAMS);
2289 goto unlock;
2290 }
575b3a02 2291
932f5ff5
JH		 2292 hdev->major_class = cp->major;
2293 hdev->minor_class = cp->minor;
2294
b5235a65 2295 if (!hdev_is_powered(hdev)) {
bdb6d971 2296 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2297 hdev->dev_class, 3);
b5235a65
JH		 2298 goto unlock;
2299 }
2300
890ea898
JH		 2301 hci_req_init(&req, hdev);
2302
a8b2d5c2 2303 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2304 hci_dev_unlock(hdev);
2305 cancel_delayed_work_sync(&hdev->service_cache);
2306 hci_dev_lock(hdev);
890ea898 2307 update_eir(&req);
7d78525d 2308 }
14c0b608 2309
890ea898
JH		 2310 update_class(&req);
2311
92da6097
JH		 2312 err = hci_req_run(&req, set_class_complete);
2313 if (err < 0) {
2314 if (err != -ENODATA)
2315 goto unlock;
1aff6f09 2316
bdb6d971 2317 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2318 hdev->dev_class, 3);
90e70454
JH		 2319 goto unlock;
2320 }
2321
2322 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2323 if (!cmd) {
90e70454 2324 err = -ENOMEM;
890ea898
JH		 2325 goto unlock;
2326 }
2327
2328 err = 0;
1aff6f09 2329
b5235a65 2330unlock:
09fd0de5 2331 hci_dev_unlock(hdev);
1aff6f09
JH		 2332 return err;
2333}
2334
bdb6d971 2335static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2336 u16 len)
55ed8ca1 2337{
650f726d 2338 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2339 u16 key_count, expected_len;
b1de97d8 2340 bool changed;
a492cd52 2341 int i;
55ed8ca1 2342
9060d5cf
MH		 2343 BT_DBG("request for %s", hdev->name);
2344
2345 if (!lmp_bredr_capable(hdev))
2346 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2347 MGMT_STATUS_NOT_SUPPORTED);
2348
1f350c87 2349 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2350
86742e1e
JH		 2351 expected_len = sizeof(*cp) + key_count *
2352 sizeof(struct mgmt_link_key_info);
a492cd52 2353 if (expected_len != len) {
86742e1e 2354 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2355 expected_len, len);
bdb6d971 2356 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2357 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2358 }
2359
4ae14301
JH		 2360 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2361 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2362 MGMT_STATUS_INVALID_PARAMS);
2363
bdb6d971 2364 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2365 key_count);
55ed8ca1 2366
4ee71b20
JH		 2367 for (i = 0; i < key_count; i++) {
2368 struct mgmt_link_key_info *key = &cp->keys[i];
2369
8e991132 2370 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2371 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2372 MGMT_STATUS_INVALID_PARAMS);
2373 }
2374
09fd0de5 2375 hci_dev_lock(hdev);
55ed8ca1
JH		 2376
2377 hci_link_keys_clear(hdev);
2378
55ed8ca1 2379 if (cp->debug_keys)
b1de97d8 2380 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2381 else
b1de97d8
MH		 2382 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2383
2384 if (changed)
2385 new_settings(hdev, NULL);
55ed8ca1 2386
a492cd52 2387 for (i = 0; i < key_count; i++) {
86742e1e 2388 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2389
d753fdc4 2390 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2391 key->type, key->pin_len);
55ed8ca1
JH		 2392 }
2393
bdb6d971 2394 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2395
09fd0de5 2396 hci_dev_unlock(hdev);
55ed8ca1 2397
a492cd52 2398 return 0;
55ed8ca1
JH		 2399}
2400
b1078ad0 2401static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2402 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2403{
2404 struct mgmt_ev_device_unpaired ev;
2405
2406 bacpy(&ev.addr.bdaddr, bdaddr);
2407 ev.addr.type = addr_type;
2408
2409 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2410 skip_sk);
b1078ad0
JH		 2411}
2412
bdb6d971 2413static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2414 u16 len)
55ed8ca1 2415{
124f6e35
JH		 2416 struct mgmt_cp_unpair_device *cp = data;
2417 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2418 struct hci_cp_disconnect dc;
2419 struct pending_cmd *cmd;
55ed8ca1 2420 struct hci_conn *conn;
55ed8ca1
JH		 2421 int err;
2422
a8a1d19e 2423 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2424 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2425 rp.addr.type = cp->addr.type;
a8a1d19e 2426
4ee71b20
JH		 2427 if (!bdaddr_type_is_valid(cp->addr.type))
2428 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2429 MGMT_STATUS_INVALID_PARAMS,
2430 &rp, sizeof(rp));
2431
118da70b
JH		 2432 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2433 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2434 MGMT_STATUS_INVALID_PARAMS,
2435 &rp, sizeof(rp));
2436
4ee71b20
JH		 2437 hci_dev_lock(hdev);
2438
86a8cfc6 2439 if (!hdev_is_powered(hdev)) {
bdb6d971 2440 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2441 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2442 goto unlock;
2443 }
2444
e0b2b27e 2445 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2446 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2447 } else {
2448 u8 addr_type;
2449
2450 if (cp->addr.type == BDADDR_LE_PUBLIC)
2451 addr_type = ADDR_LE_DEV_PUBLIC;
2452 else
2453 addr_type = ADDR_LE_DEV_RANDOM;
2454
a7ec7338
JH		 2455 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2456
a9b0a04c
AG		 2457 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2458
e0b2b27e
JH		 2459 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2460 }
b0dbfb46 2461
55ed8ca1 2462 if (err < 0) {
bdb6d971 2463 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2464 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2465 goto unlock;
2466 }
2467
86a8cfc6 2468 if (cp->disconnect) {
591f47f3 2469 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2470 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2471 &cp->addr.bdaddr);
86a8cfc6
JH		 2472 else
2473 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2474 &cp->addr.bdaddr);
86a8cfc6
JH		 2475 } else {
2476 conn = NULL;
2477 }
124f6e35 2478
a8a1d19e 2479 if (!conn) {
bdb6d971 2480 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2481 &rp, sizeof(rp));
b1078ad0 2482 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2483 goto unlock;
2484 }
55ed8ca1 2485
124f6e35 2486 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2487 sizeof(*cp));
a8a1d19e
JH		 2488 if (!cmd) {
2489 err = -ENOMEM;
2490 goto unlock;
55ed8ca1
JH		 2491 }
2492
eb55ef07 2493 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2494 dc.reason = 0x13; /* Remote User Terminated Connection */
2495 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2496 if (err < 0)
2497 mgmt_pending_remove(cmd);
2498
55ed8ca1 2499unlock:
09fd0de5 2500 hci_dev_unlock(hdev);
55ed8ca1
JH		 2501 return err;
2502}
2503
bdb6d971 2504static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2505 u16 len)
8962ee74 2506{
650f726d 2507 struct mgmt_cp_disconnect *cp = data;
06a63b19 2508 struct mgmt_rp_disconnect rp;
8962ee74 2509 struct hci_cp_disconnect dc;
366a0336 2510 struct pending_cmd *cmd;
8962ee74 2511 struct hci_conn *conn;
8962ee74
JH		 2512 int err;
2513
2514 BT_DBG("");
2515
06a63b19
JH		 2516 memset(&rp, 0, sizeof(rp));
2517 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2518 rp.addr.type = cp->addr.type;
2519
4ee71b20 2520 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2521 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2522 MGMT_STATUS_INVALID_PARAMS,
2523 &rp, sizeof(rp));
4ee71b20 2524
09fd0de5 2525 hci_dev_lock(hdev);
8962ee74
JH		 2526
2527 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2528 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2529 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2530 goto failed;
2531 }
2532
2e58ef3e 2533 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2534 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2535 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2536 goto failed;
2537 }
2538
591f47f3 2539 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2540 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2541 &cp->addr.bdaddr);
88c3df13
JH		 2542 else
2543 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2544
f960727e 2545 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2546 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2547 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2548 goto failed;
2549 }
2550
2e58ef3e 2551 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2552 if (!cmd) {
2553 err = -ENOMEM;
8962ee74 2554 goto failed;
366a0336 2555 }
8962ee74 2556
eb55ef07 2557 dc.handle = cpu_to_le16(conn->handle);
3701f944 2558 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2559
2560 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2561 if (err < 0)
a664b5bc 2562 mgmt_pending_remove(cmd);
8962ee74
JH		 2563
2564failed:
09fd0de5 2565 hci_dev_unlock(hdev);
8962ee74
JH		 2566 return err;
2567}
2568
57c1477c 2569static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2570{
2571 switch (link_type) {
2572 case LE_LINK:
48264f06
JH		 2573 switch (addr_type) {
2574 case ADDR_LE_DEV_PUBLIC:
591f47f3 2575 return BDADDR_LE_PUBLIC;
0ed09148 2576
48264f06 2577 default:
0ed09148 2578 /* Fallback to LE Random address type */
591f47f3 2579 return BDADDR_LE_RANDOM;
48264f06 2580 }
0ed09148 2581
4c659c39 2582 default:
0ed09148 2583 /* Fallback to BR/EDR type */
591f47f3 2584 return BDADDR_BREDR;
4c659c39
JH		 2585 }
2586}
2587
04124681
GP		 2588static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2589 u16 data_len)
2784eb41 2590{
2784eb41 2591 struct mgmt_rp_get_connections *rp;
8035ded4 2592 struct hci_conn *c;
a38528f1 2593 size_t rp_len;
60fc5fb6
JH		 2594 int err;
2595 u16 i;
2784eb41
JH		 2596
2597 BT_DBG("");
2598
09fd0de5 2599 hci_dev_lock(hdev);
2784eb41 2600
5f97c1df 2601 if (!hdev_is_powered(hdev)) {
bdb6d971 2602 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2603 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2604 goto unlock;
2605 }
2606
60fc5fb6 2607 i = 0;
b644ba33
JH		 2608 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2609 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2610 i++;
2784eb41
JH		 2611 }
2612
60fc5fb6 2613 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2614 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2615 if (!rp) {
2784eb41
JH		 2616 err = -ENOMEM;
2617 goto unlock;
2618 }
2619
2784eb41 2620 i = 0;
4c659c39 2621 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2622 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2623 continue;
4c659c39 2624 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2625 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2626 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2627 continue;
2628 i++;
2629 }
2630
eb55ef07 2631 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2632
4c659c39
JH		 2633 /* Recalculate length in case of filtered SCO connections, etc */
2634 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2635
bdb6d971 2636 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2637 rp_len);
2784eb41 2638
a38528f1 2639 kfree(rp);
5f97c1df
JH		 2640
2641unlock:
09fd0de5 2642 hci_dev_unlock(hdev);
2784eb41
JH		 2643 return err;
2644}
2645
bdb6d971 2646static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2647 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2648{
2649 struct pending_cmd *cmd;
2650 int err;
2651
2e58ef3e 2652 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2653 sizeof(*cp));
96d97a67
WR		 2654 if (!cmd)
2655 return -ENOMEM;
2656
d8457698 2657 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2658 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2659 if (err < 0)
2660 mgmt_pending_remove(cmd);
2661
2662 return err;
2663}
2664
bdb6d971 2665static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2666 u16 len)
980e1a53 2667{
96d97a67 2668 struct hci_conn *conn;
650f726d 2669 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2670 struct hci_cp_pin_code_reply reply;
366a0336 2671 struct pending_cmd *cmd;
980e1a53
JH		 2672 int err;
2673
2674 BT_DBG("");
2675
09fd0de5 2676 hci_dev_lock(hdev);
980e1a53 2677
4b34ee78 2678 if (!hdev_is_powered(hdev)) {
bdb6d971 2679 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2680 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2681 goto failed;
2682 }
2683
d8457698 2684 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2685 if (!conn) {
bdb6d971 2686 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2687 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2688 goto failed;
2689 }
2690
2691 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2692 struct mgmt_cp_pin_code_neg_reply ncp;
2693
2694 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2695
2696 BT_ERR("PIN code is not 16 bytes long");
2697
bdb6d971 2698 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2699 if (err >= 0)
bdb6d971 2700 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2701 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2702
2703 goto failed;
2704 }
2705
00abfe44 2706 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2707 if (!cmd) {
2708 err = -ENOMEM;
980e1a53 2709 goto failed;
366a0336 2710 }
980e1a53 2711
d8457698 2712 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2713 reply.pin_len = cp->pin_len;
24718ca5 2714 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2715
2716 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2717 if (err < 0)
a664b5bc 2718 mgmt_pending_remove(cmd);
980e1a53
JH		 2719
2720failed:
09fd0de5 2721 hci_dev_unlock(hdev);
980e1a53
JH		 2722 return err;
2723}
2724
04124681
GP		 2725static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2726 u16 len)
17fa4b9d 2727{
650f726d 2728 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2729
2730 BT_DBG("");
2731
09fd0de5 2732 hci_dev_lock(hdev);
17fa4b9d
JH		 2733
2734 hdev->io_capability = cp->io_capability;
2735
2736 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2737 hdev->io_capability);
17fa4b9d 2738
09fd0de5 2739 hci_dev_unlock(hdev);
17fa4b9d 2740
04124681
GP		 2741 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2742 0);
17fa4b9d
JH		 2743}
2744
6039aa73 2745static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2746{
2747 struct hci_dev *hdev = conn->hdev;
8035ded4 2748 struct pending_cmd *cmd;
e9a416b5 2749
2e58ef3e 2750 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2751 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2752 continue;
2753
e9a416b5
JH		 2754 if (cmd->user_data != conn)
2755 continue;
2756
2757 return cmd;
2758 }
2759
2760 return NULL;
2761}
2762
2763static void pairing_complete(struct pending_cmd *cmd, u8 status)
2764{
4e7b2030 2765 const struct mgmt_cp_pair_device *cp = cmd->param;
e9a416b5
JH		 2766 struct mgmt_rp_pair_device rp;
2767 struct hci_conn *conn = cmd->user_data;
2768
4e7b2030
JH		 2769 /* If we had a pairing failure we might have already received
2770 * the remote Identity Address Information and updated the
2771 * hci_conn variables with it, however we would not yet have
2772 * notified user space of the resolved identity. Therefore, use
2773 * the address given in the Pair Device command in case the
2774 * pairing failed.
2775 */
2776 if (status) {
2777 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
2778 } else {
2779 bacpy(&rp.addr.bdaddr, &conn->dst);
2780 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2781 }
e9a416b5 2782
aee9b218 2783 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2784 &rp, sizeof(rp));
e9a416b5
JH		 2785
2786 /* So we don't get further callbacks for this connection */
2787 conn->connect_cfm_cb = NULL;
2788 conn->security_cfm_cb = NULL;
2789 conn->disconn_cfm_cb = NULL;
2790
76a68ba0 2791 hci_conn_drop(conn);
e9a416b5 2792
a664b5bc 2793 mgmt_pending_remove(cmd);
e9a416b5
JH		 2794}
2795
f4a407be
JH		 2796void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2797{
2798 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2799 struct pending_cmd *cmd;
2800
2801 cmd = find_pairing(conn);
2802 if (cmd)
2803 pairing_complete(cmd, status);
2804}
2805
e9a416b5
JH		 2806static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2807{
2808 struct pending_cmd *cmd;
2809
2810 BT_DBG("status %u", status);
2811
2812 cmd = find_pairing(conn);
56e5cb86 2813 if (!cmd)
e9a416b5 2814 BT_DBG("Unable to find a pending command");
56e5cb86 2815 else
e211326c 2816 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2817}
2818
f4a407be 2819static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2820{
2821 struct pending_cmd *cmd;
2822
2823 BT_DBG("status %u", status);
2824
2825 if (!status)
2826 return;
2827
2828 cmd = find_pairing(conn);
2829 if (!cmd)
2830 BT_DBG("Unable to find a pending command");
2831 else
2832 pairing_complete(cmd, mgmt_status(status));
2833}
2834
bdb6d971 2835static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2836 u16 len)
e9a416b5 2837{
650f726d 2838 struct mgmt_cp_pair_device *cp = data;
1425acb7 2839 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2840 struct pending_cmd *cmd;
2841 u8 sec_level, auth_type;
2842 struct hci_conn *conn;
e9a416b5
JH		 2843 int err;
2844
2845 BT_DBG("");
2846
f950a30e
SJ		 2847 memset(&rp, 0, sizeof(rp));
2848 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2849 rp.addr.type = cp->addr.type;
2850
4ee71b20
JH		 2851 if (!bdaddr_type_is_valid(cp->addr.type))
2852 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2853 MGMT_STATUS_INVALID_PARAMS,
2854 &rp, sizeof(rp));
2855
09fd0de5 2856 hci_dev_lock(hdev);
e9a416b5 2857
5f97c1df 2858 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2859 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2860 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2861 goto unlock;
2862 }
2863
c908df36
VCG		 2864 sec_level = BT_SECURITY_MEDIUM;
2865 if (cp->io_cap == 0x03)
e9a416b5 2866 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2867 else
e9a416b5 2868 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2869
6f77d8c7 2870 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2871 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2872 auth_type);
6f77d8c7
AG		 2873 } else {
2874 u8 addr_type;
2875
2876 /* Convert from L2CAP channel address type to HCI address type
2877 */
2878 if (cp->addr.type == BDADDR_LE_PUBLIC)
2879 addr_type = ADDR_LE_DEV_PUBLIC;
2880 else
2881 addr_type = ADDR_LE_DEV_RANDOM;
2882
2883 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 2884 sec_level, auth_type);
6f77d8c7 2885 }
7a512d01 2886
30e76272 2887 if (IS_ERR(conn)) {
489dc48e
AK		 2888 int status;
2889
2890 if (PTR_ERR(conn) == -EBUSY)
2891 status = MGMT_STATUS_BUSY;
2892 else
2893 status = MGMT_STATUS_CONNECT_FAILED;
2894
bdb6d971 2895 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2896 status, &rp,
04124681 2897 sizeof(rp));
e9a416b5
JH		 2898 goto unlock;
2899 }
2900
2901 if (conn->connect_cfm_cb) {
76a68ba0 2902 hci_conn_drop(conn);
bdb6d971 2903 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2904 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2905 goto unlock;
2906 }
2907
2e58ef3e 2908 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2909 if (!cmd) {
2910 err = -ENOMEM;
76a68ba0 2911 hci_conn_drop(conn);
e9a416b5
JH		 2912 goto unlock;
2913 }
2914
7a512d01 2915 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2916 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2917 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2918 conn->security_cfm_cb = pairing_complete_cb;
2919 conn->disconn_cfm_cb = pairing_complete_cb;
2920 } else {
2921 conn->connect_cfm_cb = le_pairing_complete_cb;
2922 conn->security_cfm_cb = le_pairing_complete_cb;
2923 conn->disconn_cfm_cb = le_pairing_complete_cb;
2924 }
7a512d01 2925
e9a416b5
JH		 2926 conn->io_capability = cp->io_cap;
2927 cmd->user_data = conn;
2928
2929 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2930 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2931 pairing_complete(cmd, 0);
2932
2933 err = 0;
2934
2935unlock:
09fd0de5 2936 hci_dev_unlock(hdev);
e9a416b5
JH		 2937 return err;
2938}
2939
04124681
GP		 2940static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2941 u16 len)
28424707 2942{
0f4e68cf 2943 struct mgmt_addr_info *addr = data;
28424707
JH		 2944 struct pending_cmd *cmd;
2945 struct hci_conn *conn;
2946 int err;
2947
2948 BT_DBG("");
2949
28424707
JH		 2950 hci_dev_lock(hdev);
2951
5f97c1df 2952 if (!hdev_is_powered(hdev)) {
bdb6d971 2953 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2954 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2955 goto unlock;
2956 }
2957
28424707
JH		 2958 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2959 if (!cmd) {
bdb6d971 2960 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2961 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2962 goto unlock;
2963 }
2964
2965 conn = cmd->user_data;
2966
2967 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2968 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2969 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2970 goto unlock;
2971 }
2972
2973 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2974
bdb6d971 2975 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2976 addr, sizeof(*addr));
28424707
JH		 2977unlock:
2978 hci_dev_unlock(hdev);
28424707
JH		 2979 return err;
2980}
2981
bdb6d971 2982static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2983 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2984 u16 hci_op, __le32 passkey)
a5c29683 2985{
a5c29683 2986 struct pending_cmd *cmd;
0df4c185 2987 struct hci_conn *conn;
a5c29683
JH		 2988 int err;
2989
09fd0de5 2990 hci_dev_lock(hdev);
08ba5382 2991
4b34ee78 2992 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2993 err = cmd_complete(sk, hdev->id, mgmt_op,
2994 MGMT_STATUS_NOT_POWERED, addr,
2995 sizeof(*addr));
0df4c185 2996 goto done;
a5c29683
JH		 2997 }
2998
1707c60e
JH		 2999 if (addr->type == BDADDR_BREDR)
3000 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3001 else
1707c60e 3002 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3003
3004 if (!conn) {
feb94d3d
JH		 3005 err = cmd_complete(sk, hdev->id, mgmt_op,
3006 MGMT_STATUS_NOT_CONNECTED, addr,
3007 sizeof(*addr));
272d90df
JH		 3008 goto done;
3009 }
47c15e2b 3010
1707c60e 3011 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 3012 /* Continue with pairing via SMP */
5fe57d9e
BG		 3013 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3014
3015 if (!err)
feb94d3d
JH		 3016 err = cmd_complete(sk, hdev->id, mgmt_op,
3017 MGMT_STATUS_SUCCESS, addr,
3018 sizeof(*addr));
5fe57d9e 3019 else
feb94d3d
JH		 3020 err = cmd_complete(sk, hdev->id, mgmt_op,
3021 MGMT_STATUS_FAILED, addr,
3022 sizeof(*addr));
47c15e2b 3023
47c15e2b
BG		 3024 goto done;
3025 }
3026
1707c60e 3027 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3028 if (!cmd) {
3029 err = -ENOMEM;
0df4c185 3030 goto done;
a5c29683
JH		 3031 }
3032
0df4c185 3033 /* Continue with pairing via HCI */
604086b7
BG		 3034 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3035 struct hci_cp_user_passkey_reply cp;
3036
1707c60e 3037 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3038 cp.passkey = passkey;
3039 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3040 } else
1707c60e
JH		 3041 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3042 &addr->bdaddr);
604086b7 3043
a664b5bc
JH		 3044 if (err < 0)
3045 mgmt_pending_remove(cmd);
a5c29683 3046
0df4c185 3047done:
09fd0de5 3048 hci_dev_unlock(hdev);
a5c29683
JH		 3049 return err;
3050}
3051
afeb019d
JK		 3052static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3053 void *data, u16 len)
3054{
3055 struct mgmt_cp_pin_code_neg_reply *cp = data;
3056
3057 BT_DBG("");
3058
1707c60e 3059 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3060 MGMT_OP_PIN_CODE_NEG_REPLY,
3061 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3062}
3063
04124681
GP		 3064static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3065 u16 len)
0df4c185 3066{
650f726d 3067 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3068
3069 BT_DBG("");
3070
3071 if (len != sizeof(*cp))
bdb6d971 3072 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3073 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3074
1707c60e 3075 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3076 MGMT_OP_USER_CONFIRM_REPLY,
3077 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3078}
3079
bdb6d971 3080static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3081 void *data, u16 len)
0df4c185 3082{
c9c2659f 3083 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3084
3085 BT_DBG("");
3086
1707c60e 3087 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3088 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3089 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3090}
3091
04124681
GP		 3092static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3093 u16 len)
604086b7 3094{
650f726d 3095 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3096
3097 BT_DBG("");
3098
1707c60e 3099 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3100 MGMT_OP_USER_PASSKEY_REPLY,
3101 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3102}
3103
bdb6d971 3104static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3105 void *data, u16 len)
604086b7 3106{
650f726d 3107 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3108
3109 BT_DBG("");
3110
1707c60e 3111 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3112 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3113 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3114}
3115
13928971 3116static void update_name(struct hci_request *req)
2b4bf397 3117{
13928971 3118 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3119 struct hci_cp_write_local_name cp;
3120
13928971 3121 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3122
890ea898 3123 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3124}
3125
13928971
JH		 3126static void set_name_complete(struct hci_dev *hdev, u8 status)
3127{
3128 struct mgmt_cp_set_local_name *cp;
3129 struct pending_cmd *cmd;
3130
3131 BT_DBG("status 0x%02x", status);
3132
3133 hci_dev_lock(hdev);
3134
3135 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3136 if (!cmd)
3137 goto unlock;
3138
3139 cp = cmd->param;
3140
3141 if (status)
3142 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3143 mgmt_status(status));
3144 else
3145 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3146 cp, sizeof(*cp));
3147
3148 mgmt_pending_remove(cmd);
3149
3150unlock:
3151 hci_dev_unlock(hdev);
3152}
3153
bdb6d971 3154static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3155 u16 len)
b312b161 3156{
2b4bf397 3157 struct mgmt_cp_set_local_name *cp = data;
b312b161 3158 struct pending_cmd *cmd;
890ea898 3159 struct hci_request req;
b312b161
JH		 3160 int err;
3161
3162 BT_DBG("");
3163
09fd0de5 3164 hci_dev_lock(hdev);
b312b161 3165
b3f2ca94
JH		 3166 /* If the old values are the same as the new ones just return a
3167 * direct command complete event.
3168 */
3169 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3170 !memcmp(hdev->short_name, cp->short_name,
3171 sizeof(hdev->short_name))) {
3172 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3173 data, len);
3174 goto failed;
3175 }
3176
2b4bf397 3177 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3178
b5235a65 3179 if (!hdev_is_powered(hdev)) {
2b4bf397 3180 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3181
3182 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3183 data, len);
28cc7bde
JH		 3184 if (err < 0)
3185 goto failed;
3186
3187 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3188 sk);
28cc7bde 3189
b5235a65
JH		 3190 goto failed;
3191 }
3192
28cc7bde 3193 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3194 if (!cmd) {
3195 err = -ENOMEM;
3196 goto failed;
3197 }
3198
13928971
JH		 3199 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3200
890ea898 3201 hci_req_init(&req, hdev);
3f985050
JH		 3202
3203 if (lmp_bredr_capable(hdev)) {
3204 update_name(&req);
3205 update_eir(&req);
3206 }
3207
7a5f4990
MH		 3208 /* The name is stored in the scan response data and so
3209 * no need to udpate the advertising data here.
3210 */
3f985050 3211 if (lmp_le_capable(hdev))
7a5f4990 3212 update_scan_rsp_data(&req);
3f985050 3213
13928971 3214 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3215 if (err < 0)
3216 mgmt_pending_remove(cmd);
3217
3218failed:
09fd0de5 3219 hci_dev_unlock(hdev);
b312b161
JH		 3220 return err;
3221}
3222
0f4e68cf 3223static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3224 void *data, u16 data_len)
c35938b2 3225{
c35938b2
SJ		 3226 struct pending_cmd *cmd;
3227 int err;
3228
bdb6d971 3229 BT_DBG("%s", hdev->name);
c35938b2 3230
09fd0de5 3231 hci_dev_lock(hdev);
c35938b2 3232
4b34ee78 3233 if (!hdev_is_powered(hdev)) {
bdb6d971 3234 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3235 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3236 goto unlock;
3237 }
3238
9a1a1996 3239 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3240 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3241 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3242 goto unlock;
3243 }
3244
2e58ef3e 3245 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3246 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3247 MGMT_STATUS_BUSY);
c35938b2
SJ		 3248 goto unlock;
3249 }
3250
2e58ef3e 3251 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3252 if (!cmd) {
3253 err = -ENOMEM;
3254 goto unlock;
3255 }
3256
4d2d2796
MH		 3257 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3258 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3259 0, NULL);
3260 else
3261 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3262
c35938b2
SJ		 3263 if (err < 0)
3264 mgmt_pending_remove(cmd);
3265
3266unlock:
09fd0de5 3267 hci_dev_unlock(hdev);
c35938b2
SJ		 3268 return err;
3269}
3270
bdb6d971 3271static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3272 void *data, u16 len)
2763eda6 3273{
2763eda6
SJ		 3274 int err;
3275
bdb6d971 3276 BT_DBG("%s ", hdev->name);
2763eda6 3277
09fd0de5 3278 hci_dev_lock(hdev);
2763eda6 3279
ec109113
MH		 3280 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3281 struct mgmt_cp_add_remote_oob_data *cp = data;
3282 u8 status;
bf1e3541 3283
ec109113
MH		 3284 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3285 cp->hash, cp->randomizer);
3286 if (err < 0)
3287 status = MGMT_STATUS_FAILED;
3288 else
3289 status = MGMT_STATUS_SUCCESS;
3290
3291 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3292 status, &cp->addr, sizeof(cp->addr));
3293 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3294 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3295 u8 status;
3296
3297 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3298 cp->hash192,
3299 cp->randomizer192,
3300 cp->hash256,
3301 cp->randomizer256);
3302 if (err < 0)
3303 status = MGMT_STATUS_FAILED;
3304 else
3305 status = MGMT_STATUS_SUCCESS;
3306
3307 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3308 status, &cp->addr, sizeof(cp->addr));
3309 } else {
3310 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3311 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3312 MGMT_STATUS_INVALID_PARAMS);
3313 }
2763eda6 3314
09fd0de5 3315 hci_dev_unlock(hdev);
2763eda6
SJ		 3316 return err;
3317}
3318
bdb6d971 3319static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3320 void *data, u16 len)
2763eda6 3321{
650f726d 3322 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3323 u8 status;
2763eda6
SJ		 3324 int err;
3325
bdb6d971 3326 BT_DBG("%s", hdev->name);
2763eda6 3327
09fd0de5 3328 hci_dev_lock(hdev);
2763eda6 3329
664ce4cc 3330 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3331 if (err < 0)
bf1e3541 3332 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3333 else
a6785be2 3334 status = MGMT_STATUS_SUCCESS;
bf1e3541 3335
bdb6d971 3336 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3337 status, &cp->addr, sizeof(cp->addr));
2763eda6 3338
09fd0de5 3339 hci_dev_unlock(hdev);
2763eda6
SJ		 3340 return err;
3341}
3342
41dc2bd6
AG		 3343static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3344{
3345 struct pending_cmd *cmd;
3346 u8 type;
3347 int err;
3348
3349 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3350
3351 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3352 if (!cmd)
3353 return -ENOENT;
3354
3355 type = hdev->discovery.type;
3356
3357 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3358 &type, sizeof(type));
3359 mgmt_pending_remove(cmd);
3360
3361 return err;
3362}
3363
7c307720
AG		 3364static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3365{
3366 BT_DBG("status %d", status);
3367
3368 if (status) {
3369 hci_dev_lock(hdev);
3370 mgmt_start_discovery_failed(hdev, status);
3371 hci_dev_unlock(hdev);
3372 return;
3373 }
3374
3375 hci_dev_lock(hdev);
3376 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3377 hci_dev_unlock(hdev);
3378
3379 switch (hdev->discovery.type) {
3380 case DISCOV_TYPE_LE:
3381 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3382 DISCOV_LE_TIMEOUT);
7c307720
AG		 3383 break;
3384
3385 case DISCOV_TYPE_INTERLEAVED:
3386 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3387 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 3388 break;
3389
3390 case DISCOV_TYPE_BREDR:
3391 break;
3392
3393 default:
3394 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3395 }
3396}
3397
bdb6d971 3398static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3399 void *data, u16 len)
14a53664 3400{
650f726d 3401 struct mgmt_cp_start_discovery *cp = data;
14a53664 3402 struct pending_cmd *cmd;
7c307720
AG		 3403 struct hci_cp_le_set_scan_param param_cp;
3404 struct hci_cp_le_set_scan_enable enable_cp;
3405 struct hci_cp_inquiry inq_cp;
3406 struct hci_request req;
3407 /* General inquiry access code (GIAC) */
3408 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3409 u8 status, own_addr_type;
14a53664
JH		 3410 int err;
3411
bdb6d971 3412 BT_DBG("%s", hdev->name);
14a53664 3413
09fd0de5 3414 hci_dev_lock(hdev);
14a53664 3415
4b34ee78 3416 if (!hdev_is_powered(hdev)) {
bdb6d971 3417 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3418 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3419 goto failed;
3420 }
3421
642be6c7
AG		 3422 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3423 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3424 MGMT_STATUS_BUSY);
3425 goto failed;
3426 }
3427
ff9ef578 3428 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3429 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3430 MGMT_STATUS_BUSY);
ff9ef578
JH		 3431 goto failed;
3432 }
3433
2e58ef3e 3434 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3435 if (!cmd) {
3436 err = -ENOMEM;
3437 goto failed;
3438 }
3439
4aab14e5
AG		 3440 hdev->discovery.type = cp->type;
3441
7c307720
AG		 3442 hci_req_init(&req, hdev);
3443
4aab14e5 3444 switch (hdev->discovery.type) {
f39799f5 3445 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3446 status = mgmt_bredr_support(hdev);
3447 if (status) {
04106755 3448 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3449 status);
04106755
JH		 3450 mgmt_pending_remove(cmd);
3451 goto failed;
3452 }
3453
7c307720
AG		 3454 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3455 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3456 MGMT_STATUS_BUSY);
3457 mgmt_pending_remove(cmd);
3458 goto failed;
3459 }
3460
3461 hci_inquiry_cache_flush(hdev);
3462
3463 memset(&inq_cp, 0, sizeof(inq_cp));
3464 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3465 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3466 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3467 break;
3468
3469 case DISCOV_TYPE_LE:
7c307720 3470 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3471 status = mgmt_le_support(hdev);
3472 if (status) {
04106755 3473 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3474 status);
04106755
JH		 3475 mgmt_pending_remove(cmd);
3476 goto failed;
3477 }
3478
7c307720 3479 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3480 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3481 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3482 MGMT_STATUS_NOT_SUPPORTED);
3483 mgmt_pending_remove(cmd);
3484 goto failed;
3485 }
3486
f3d3444a 3487 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3488 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3489 MGMT_STATUS_REJECTED);
3490 mgmt_pending_remove(cmd);
3491 goto failed;
3492 }
3493
c54c3860
AG		 3494 /* If controller is scanning, it means the background scanning
3495 * is running. Thus, we should temporarily stop it in order to
3496 * set the discovery scanning parameters.
3497 */
3498 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3499 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3500
3501 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3502
94b1fc92
MH		 3503 /* All active scans will be done with either a resolvable
3504 * private address (when privacy feature has been enabled)
3505 * or unresolvable private address.
3506 */
3507 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3508 if (err < 0) {
3509 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3510 MGMT_STATUS_FAILED);
3511 mgmt_pending_remove(cmd);
3512 goto failed;
3513 }
3514
7c307720 3515 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3516 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3517 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3518 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3519 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3520 &param_cp);
3521
3522 memset(&enable_cp, 0, sizeof(enable_cp));
3523 enable_cp.enable = LE_SCAN_ENABLE;
3524 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3525 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3526 &enable_cp);
5e0452c0
AG		 3527 break;
3528
f39799f5 3529 default:
04106755
JH		 3530 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3531 MGMT_STATUS_INVALID_PARAMS);
3532 mgmt_pending_remove(cmd);
3533 goto failed;
f39799f5 3534 }
3fd24153 3535
7c307720 3536 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3537 if (err < 0)
3538 mgmt_pending_remove(cmd);
ff9ef578
JH		 3539 else
3540 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3541
3542failed:
09fd0de5 3543 hci_dev_unlock(hdev);
14a53664
JH		 3544 return err;
3545}
3546
1183fdca
AG		 3547static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3548{
3549 struct pending_cmd *cmd;
3550 int err;
3551
3552 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3553 if (!cmd)
3554 return -ENOENT;
3555
3556 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3557 &hdev->discovery.type, sizeof(hdev->discovery.type));
3558 mgmt_pending_remove(cmd);
3559
3560 return err;
3561}
3562
0e05bba6
AG		 3563static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3564{
3565 BT_DBG("status %d", status);
3566
3567 hci_dev_lock(hdev);
3568
3569 if (status) {
3570 mgmt_stop_discovery_failed(hdev, status);
3571 goto unlock;
3572 }
3573
3574 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3575
3576unlock:
3577 hci_dev_unlock(hdev);
3578}
3579
bdb6d971 3580static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3581 u16 len)
14a53664 3582{
d930650b 3583 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3584 struct pending_cmd *cmd;
30dc78e1
JH		 3585 struct hci_cp_remote_name_req_cancel cp;
3586 struct inquiry_entry *e;
0e05bba6 3587 struct hci_request req;
14a53664
JH		 3588 int err;
3589
bdb6d971 3590 BT_DBG("%s", hdev->name);
14a53664 3591
09fd0de5 3592 hci_dev_lock(hdev);
14a53664 3593
30dc78e1 3594 if (!hci_discovery_active(hdev)) {
bdb6d971 3595 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3596 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3597 sizeof(mgmt_cp->type));
d930650b
JH		 3598 goto unlock;
3599 }
3600
3601 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3602 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3603 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3604 sizeof(mgmt_cp->type));
30dc78e1 3605 goto unlock;
ff9ef578
JH		 3606 }
3607
2e58ef3e 3608 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3609 if (!cmd) {
3610 err = -ENOMEM;
30dc78e1
JH		 3611 goto unlock;
3612 }
3613
0e05bba6
AG		 3614 hci_req_init(&req, hdev);
3615
e0d9727e
AG		 3616 switch (hdev->discovery.state) {
3617 case DISCOVERY_FINDING:
0e05bba6
AG		 3618 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3619 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3620 } else {
3621 cancel_delayed_work(&hdev->le_scan_disable);
3622
b1efcc28 3623 hci_req_add_le_scan_disable(&req);
0e05bba6 3624 }
c9ecc48e 3625
e0d9727e
AG		 3626 break;
3627
3628 case DISCOVERY_RESOLVING:
3629 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3630 NAME_PENDING);
e0d9727e 3631 if (!e) {
30dc78e1 3632 mgmt_pending_remove(cmd);
e0d9727e
AG		 3633 err = cmd_complete(sk, hdev->id,
3634 MGMT_OP_STOP_DISCOVERY, 0,
3635 &mgmt_cp->type,
3636 sizeof(mgmt_cp->type));
3637 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3638 goto unlock;
3639 }
30dc78e1 3640
e0d9727e 3641 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3642 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3643 &cp);
e0d9727e
AG		 3644
3645 break;
3646
3647 default:
3648 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3649
3650 mgmt_pending_remove(cmd);
3651 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3652 MGMT_STATUS_FAILED, &mgmt_cp->type,
3653 sizeof(mgmt_cp->type));
3654 goto unlock;
14a53664
JH		 3655 }
3656
0e05bba6 3657 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3658 if (err < 0)
3659 mgmt_pending_remove(cmd);
ff9ef578
JH		 3660 else
3661 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3662
30dc78e1 3663unlock:
09fd0de5 3664 hci_dev_unlock(hdev);
14a53664
JH		 3665 return err;
3666}
3667
bdb6d971 3668static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3669 u16 len)
561aafbc 3670{
650f726d 3671 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3672 struct inquiry_entry *e;
561aafbc
JH		 3673 int err;
3674
bdb6d971 3675 BT_DBG("%s", hdev->name);
561aafbc 3676
561aafbc
JH		 3677 hci_dev_lock(hdev);
3678
30dc78e1 3679 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3680 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3681 MGMT_STATUS_FAILED, &cp->addr,
3682 sizeof(cp->addr));
30dc78e1
JH		 3683 goto failed;
3684 }
3685
a198e7b1 3686 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3687 if (!e) {
d3a2541d
LR		 3688 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3689 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3690 sizeof(cp->addr));
561aafbc
JH		 3691 goto failed;
3692 }
3693
3694 if (cp->name_known) {
3695 e->name_state = NAME_KNOWN;
3696 list_del(&e->list);
3697 } else {
3698 e->name_state = NAME_NEEDED;
a3d4e20a 3699 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3700 }
3701
e384662b
JH		 3702 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3703 sizeof(cp->addr));
561aafbc
JH		 3704
3705failed:
3706 hci_dev_unlock(hdev);
561aafbc
JH		 3707 return err;
3708}
3709
bdb6d971 3710static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3711 u16 len)
7fbec224 3712{
650f726d 3713 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3714 u8 status;
7fbec224
AJ		 3715 int err;
3716
bdb6d971 3717 BT_DBG("%s", hdev->name);
7fbec224 3718
4ee71b20 3719 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3720 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3721 MGMT_STATUS_INVALID_PARAMS,
3722 &cp->addr, sizeof(cp->addr));
4ee71b20 3723
09fd0de5 3724 hci_dev_lock(hdev);
5e762444 3725
88c1fe4b 3726 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3727 if (err < 0)
f0eeea8b 3728 status = MGMT_STATUS_FAILED;
7fbec224 3729 else
a6785be2 3730 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3731
bdb6d971 3732 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3733 &cp->addr, sizeof(cp->addr));
5e762444 3734
09fd0de5 3735 hci_dev_unlock(hdev);
7fbec224
AJ		 3736
3737 return err;
3738}
3739
bdb6d971 3740static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3741 u16 len)
7fbec224 3742{
650f726d 3743 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3744 u8 status;
7fbec224
AJ		 3745 int err;
3746
bdb6d971 3747 BT_DBG("%s", hdev->name);
7fbec224 3748
4ee71b20 3749 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3750 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3751 MGMT_STATUS_INVALID_PARAMS,
3752 &cp->addr, sizeof(cp->addr));
4ee71b20 3753
09fd0de5 3754 hci_dev_lock(hdev);
5e762444 3755
88c1fe4b 3756 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3757 if (err < 0)
f0eeea8b 3758 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3759 else
a6785be2 3760 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3761
bdb6d971 3762 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3763 &cp->addr, sizeof(cp->addr));
5e762444 3764
09fd0de5 3765 hci_dev_unlock(hdev);
7fbec224
AJ		 3766
3767 return err;
3768}
3769
cdbaccca
MH		 3770static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3771 u16 len)
3772{
3773 struct mgmt_cp_set_device_id *cp = data;
890ea898 3774 struct hci_request req;
cdbaccca 3775 int err;
c72d4b8a 3776 __u16 source;
cdbaccca
MH		 3777
3778 BT_DBG("%s", hdev->name);
3779
c72d4b8a
SJ		 3780 source = __le16_to_cpu(cp->source);
3781
3782 if (source > 0x0002)
3783 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3784 MGMT_STATUS_INVALID_PARAMS);
3785
cdbaccca
MH		 3786 hci_dev_lock(hdev);
3787
c72d4b8a 3788 hdev->devid_source = source;
cdbaccca
MH		 3789 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3790 hdev->devid_product = __le16_to_cpu(cp->product);
3791 hdev->devid_version = __le16_to_cpu(cp->version);
3792
3793 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3794
890ea898
JH		 3795 hci_req_init(&req, hdev);
3796 update_eir(&req);
3797 hci_req_run(&req, NULL);
cdbaccca
MH		 3798
3799 hci_dev_unlock(hdev);
3800
3801 return err;
3802}
3803
4375f103
JH		 3804static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3805{
3806 struct cmd_lookup match = { NULL, hdev };
3807
3808 if (status) {
3809 u8 mgmt_err = mgmt_status(status);
3810
3811 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3812 cmd_status_rsp, &mgmt_err);
3813 return;
3814 }
3815
3816 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3817 &match);
3818
3819 new_settings(hdev, match.sk);
3820
3821 if (match.sk)
3822 sock_put(match.sk);
3823}
3824
21b5187f
MH		 3825static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3826 u16 len)
4375f103
JH		 3827{
3828 struct mgmt_mode *cp = data;
3829 struct pending_cmd *cmd;
3830 struct hci_request req;
e6fe7986 3831 u8 val, enabled, status;
4375f103
JH		 3832 int err;
3833
3834 BT_DBG("request for %s", hdev->name);
3835
e6fe7986
JH		 3836 status = mgmt_le_support(hdev);
3837 if (status)
4375f103 3838 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3839 status);
4375f103
JH		 3840
3841 if (cp->val != 0x00 && cp->val != 0x01)
3842 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3843 MGMT_STATUS_INVALID_PARAMS);
3844
3845 hci_dev_lock(hdev);
3846
3847 val = !!cp->val;
f3d3444a 3848 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3849
f74ca9b8
JH		 3850 /* The following conditions are ones which mean that we should
3851 * not do any HCI communication but directly send a mgmt
3852 * response to user space (after toggling the flag if
3853 * necessary).
3854 */
3855 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3856 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3857 bool changed = false;
3858
f3d3444a
JH		 3859 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3860 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3861 changed = true;
3862 }
3863
3864 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3865 if (err < 0)
3866 goto unlock;
3867
3868 if (changed)
3869 err = new_settings(hdev, sk);
3870
3871 goto unlock;
3872 }
3873
3874 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3875 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3876 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3877 MGMT_STATUS_BUSY);
3878 goto unlock;
3879 }
3880
3881 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3882 if (!cmd) {
3883 err = -ENOMEM;
3884 goto unlock;
3885 }
3886
3887 hci_req_init(&req, hdev);
3888
bba3aa55
MH		 3889 if (val)
3890 enable_advertising(&req);
3891 else
3892 disable_advertising(&req);
4375f103
JH		 3893
3894 err = hci_req_run(&req, set_advertising_complete);
3895 if (err < 0)
3896 mgmt_pending_remove(cmd);
3897
3898unlock:
3899 hci_dev_unlock(hdev);
3900 return err;
3901}
3902
d13eafce
MH		 3903static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3904 void *data, u16 len)
3905{
3906 struct mgmt_cp_set_static_address *cp = data;
3907 int err;
3908
3909 BT_DBG("%s", hdev->name);
3910
62af4443 3911 if (!lmp_le_capable(hdev))
d13eafce 3912 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3913 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3914
3915 if (hdev_is_powered(hdev))
3916 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3917 MGMT_STATUS_REJECTED);
3918
3919 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3920 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3921 return cmd_status(sk, hdev->id,
3922 MGMT_OP_SET_STATIC_ADDRESS,
3923 MGMT_STATUS_INVALID_PARAMS);
3924
3925 /* Two most significant bits shall be set */
3926 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3927 return cmd_status(sk, hdev->id,
3928 MGMT_OP_SET_STATIC_ADDRESS,
3929 MGMT_STATUS_INVALID_PARAMS);
3930 }
3931
3932 hci_dev_lock(hdev);
3933
3934 bacpy(&hdev->static_addr, &cp->bdaddr);
3935
3936 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3937
3938 hci_dev_unlock(hdev);
3939
3940 return err;
3941}
3942
14b49b9a
MH		 3943static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3944 void *data, u16 len)
3945{
3946 struct mgmt_cp_set_scan_params *cp = data;
3947 __u16 interval, window;
3948 int err;
3949
3950 BT_DBG("%s", hdev->name);
3951
3952 if (!lmp_le_capable(hdev))
3953 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3954 MGMT_STATUS_NOT_SUPPORTED);
3955
3956 interval = __le16_to_cpu(cp->interval);
3957
3958 if (interval < 0x0004 || interval > 0x4000)
3959 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3960 MGMT_STATUS_INVALID_PARAMS);
3961
3962 window = __le16_to_cpu(cp->window);
3963
3964 if (window < 0x0004 || window > 0x4000)
3965 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3966 MGMT_STATUS_INVALID_PARAMS);
3967
899e1075
MH		 3968 if (window > interval)
3969 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3970 MGMT_STATUS_INVALID_PARAMS);
3971
14b49b9a
MH		 3972 hci_dev_lock(hdev);
3973
3974 hdev->le_scan_interval = interval;
3975 hdev->le_scan_window = window;
3976
3977 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3978
dd2ef8e2
AG		 3979 /* If background scan is running, restart it so new parameters are
3980 * loaded.
3981 */
3982 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
3983 hdev->discovery.state == DISCOVERY_STOPPED) {
3984 struct hci_request req;
3985
3986 hci_req_init(&req, hdev);
3987
3988 hci_req_add_le_scan_disable(&req);
3989 hci_req_add_le_passive_scan(&req);
3990
3991 hci_req_run(&req, NULL);
3992 }
3993
14b49b9a
MH		 3994 hci_dev_unlock(hdev);
3995
3996 return err;
3997}
3998
33e38b3e
JH		 3999static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4000{
4001 struct pending_cmd *cmd;
4002
4003 BT_DBG("status 0x%02x", status);
4004
4005 hci_dev_lock(hdev);
4006
4007 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4008 if (!cmd)
4009 goto unlock;
4010
4011 if (status) {
4012 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4013 mgmt_status(status));
4014 } else {
1a4d3c4b
JH		 4015 struct mgmt_mode *cp = cmd->param;
4016
4017 if (cp->val)
4018 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4019 else
4020 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4021
33e38b3e
JH		 4022 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4023 new_settings(hdev, cmd->sk);
4024 }
4025
4026 mgmt_pending_remove(cmd);
4027
4028unlock:
4029 hci_dev_unlock(hdev);
4030}
4031
bdb6d971 4032static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4033 void *data, u16 len)
f6422ec6 4034{
650f726d 4035 struct mgmt_mode *cp = data;
33e38b3e
JH		 4036 struct pending_cmd *cmd;
4037 struct hci_request req;
f6422ec6
AJ		 4038 int err;
4039
bdb6d971 4040 BT_DBG("%s", hdev->name);
f6422ec6 4041
56f87901
JH		 4042 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4043 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4044 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4045 MGMT_STATUS_NOT_SUPPORTED);
4046
a7e80f25
JH		 4047 if (cp->val != 0x00 && cp->val != 0x01)
4048 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4049 MGMT_STATUS_INVALID_PARAMS);
4050
5400c044 4051 if (!hdev_is_powered(hdev))
bdb6d971 4052 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4053 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4054
4055 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4056 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4057 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4058
4059 hci_dev_lock(hdev);
4060
05cbf29f
JH		 4061 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4062 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4063 MGMT_STATUS_BUSY);
4064 goto unlock;
4065 }
4066
1a4d3c4b
JH		 4067 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4068 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4069 hdev);
4070 goto unlock;
4071 }
4072
33e38b3e
JH		 4073 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4074 data, len);
4075 if (!cmd) {
4076 err = -ENOMEM;
4077 goto unlock;
f6422ec6
AJ		 4078 }
4079
33e38b3e
JH		 4080 hci_req_init(&req, hdev);
4081
406d7804 4082 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4083
4084 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4085 if (err < 0) {
bdb6d971 4086 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4087 MGMT_STATUS_FAILED);
33e38b3e 4088 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4089 }
4090
33e38b3e 4091unlock:
f6422ec6 4092 hci_dev_unlock(hdev);
33e38b3e 4093
f6422ec6
AJ		 4094 return err;
4095}
4096
67e5a7a3
JH		 4097static void set_bredr_scan(struct hci_request *req)
4098{
4099 struct hci_dev *hdev = req->hdev;
4100 u8 scan = 0;
4101
4102 /* Ensure that fast connectable is disabled. This function will
4103 * not do anything if the page scan parameters are already what
4104 * they should be.
4105 */
4106 write_fast_connectable(req, false);
4107
4108 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4109 scan |= SCAN_PAGE;
4110 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4111 scan |= SCAN_INQUIRY;
4112
4113 if (scan)
4114 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4115}
4116
0663ca2a
JH		 4117static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4118{
4119 struct pending_cmd *cmd;
4120
4121 BT_DBG("status 0x%02x", status);
4122
4123 hci_dev_lock(hdev);
4124
4125 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4126 if (!cmd)
4127 goto unlock;
4128
4129 if (status) {
4130 u8 mgmt_err = mgmt_status(status);
4131
4132 /* We need to restore the flag if related HCI commands
4133 * failed.
4134 */
4135 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4136
4137 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4138 } else {
4139 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4140 new_settings(hdev, cmd->sk);
4141 }
4142
4143 mgmt_pending_remove(cmd);
4144
4145unlock:
4146 hci_dev_unlock(hdev);
4147}
4148
4149static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4150{
4151 struct mgmt_mode *cp = data;
4152 struct pending_cmd *cmd;
4153 struct hci_request req;
4154 int err;
4155
4156 BT_DBG("request for %s", hdev->name);
4157
4158 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4159 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4160 MGMT_STATUS_NOT_SUPPORTED);
4161
4162 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4163 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4164 MGMT_STATUS_REJECTED);
4165
4166 if (cp->val != 0x00 && cp->val != 0x01)
4167 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4168 MGMT_STATUS_INVALID_PARAMS);
4169
4170 hci_dev_lock(hdev);
4171
4172 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4173 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4174 goto unlock;
4175 }
4176
4177 if (!hdev_is_powered(hdev)) {
4178 if (!cp->val) {
0663ca2a
JH		 4179 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4180 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4181 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4182 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4183 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4184 }
4185
4186 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4187
4188 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4189 if (err < 0)
4190 goto unlock;
4191
4192 err = new_settings(hdev, sk);
4193 goto unlock;
4194 }
4195
4196 /* Reject disabling when powered on */
4197 if (!cp->val) {
4198 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4199 MGMT_STATUS_REJECTED);
4200 goto unlock;
4201 }
4202
4203 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4204 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4205 MGMT_STATUS_BUSY);
4206 goto unlock;
4207 }
4208
4209 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4210 if (!cmd) {
4211 err = -ENOMEM;
4212 goto unlock;
4213 }
4214
5947f4bc 4215 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4216 * generates the correct flags.
4217 */
4218 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4219
4220 hci_req_init(&req, hdev);
aa8af46e
JH		 4221
4222 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4223 set_bredr_scan(&req);
4224
f14d8f64
MH		 4225 /* Since only the advertising data flags will change, there
4226 * is no need to update the scan response data.
4227 */
5947f4bc 4228 update_adv_data(&req);
aa8af46e 4229
0663ca2a
JH		 4230 err = hci_req_run(&req, set_bredr_complete);
4231 if (err < 0)
4232 mgmt_pending_remove(cmd);
4233
4234unlock:
4235 hci_dev_unlock(hdev);
4236 return err;
4237}
4238
eac83dc6
MH		 4239static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4240 void *data, u16 len)
4241{
4242 struct mgmt_mode *cp = data;
4243 struct pending_cmd *cmd;
0ab04a9c 4244 u8 val, status;
eac83dc6
MH		 4245 int err;
4246
4247 BT_DBG("request for %s", hdev->name);
4248
4249 status = mgmt_bredr_support(hdev);
4250 if (status)
4251 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4252 status);
4253
5afeac14
MH		 4254 if (!lmp_sc_capable(hdev) &&
4255 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
eac83dc6
MH		 4256 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4257 MGMT_STATUS_NOT_SUPPORTED);
4258
0ab04a9c 4259 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4260 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4261 MGMT_STATUS_INVALID_PARAMS);
4262
4263 hci_dev_lock(hdev);
4264
4265 if (!hdev_is_powered(hdev)) {
4266 bool changed;
4267
0ab04a9c 4268 if (cp->val) {
eac83dc6
MH		 4269 changed = !test_and_set_bit(HCI_SC_ENABLED,
4270 &hdev->dev_flags);
0ab04a9c
MH		 4271 if (cp->val == 0x02)
4272 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4273 else
4274 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4275 } else {
eac83dc6
MH		 4276 changed = test_and_clear_bit(HCI_SC_ENABLED,
4277 &hdev->dev_flags);
0ab04a9c
MH		 4278 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4279 }
eac83dc6
MH		 4280
4281 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4282 if (err < 0)
4283 goto failed;
4284
4285 if (changed)
4286 err = new_settings(hdev, sk);
4287
4288 goto failed;
4289 }
4290
4291 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4292 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4293 MGMT_STATUS_BUSY);
4294 goto failed;
4295 }
4296
0ab04a9c
MH		 4297 val = !!cp->val;
4298
4299 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4300 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4301 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4302 goto failed;
4303 }
4304
4305 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4306 if (!cmd) {
4307 err = -ENOMEM;
4308 goto failed;
4309 }
4310
0ab04a9c 4311 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4312 if (err < 0) {
4313 mgmt_pending_remove(cmd);
4314 goto failed;
4315 }
4316
0ab04a9c
MH		 4317 if (cp->val == 0x02)
4318 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4319 else
4320 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4321
eac83dc6
MH		 4322failed:
4323 hci_dev_unlock(hdev);
4324 return err;
4325}
4326
4e39ac81
MH		 4327static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4328 void *data, u16 len)
4329{
4330 struct mgmt_mode *cp = data;
4331 bool changed;
4332 int err;
4333
4334 BT_DBG("request for %s", hdev->name);
4335
4336 if (cp->val != 0x00 && cp->val != 0x01)
4337 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4338 MGMT_STATUS_INVALID_PARAMS);
4339
4340 hci_dev_lock(hdev);
4341
4342 if (cp->val)
4343 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4344 else
4345 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4346
4347 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4348 if (err < 0)
4349 goto unlock;
4350
4351 if (changed)
4352 err = new_settings(hdev, sk);
4353
4354unlock:
4355 hci_dev_unlock(hdev);
4356 return err;
4357}
4358
62b04cd1
JH		 4359static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4360 u16 len)
4361{
4362 struct mgmt_cp_set_privacy *cp = cp_data;
4363 bool changed;
4364 int err;
4365
4366 BT_DBG("request for %s", hdev->name);
4367
4368 if (!lmp_le_capable(hdev))
4369 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4370 MGMT_STATUS_NOT_SUPPORTED);
4371
4372 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4373 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4374 MGMT_STATUS_INVALID_PARAMS);
4375
4376 if (hdev_is_powered(hdev))
4377 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4378 MGMT_STATUS_REJECTED);
4379
4380 hci_dev_lock(hdev);
4381
c21c0ea0
JH		 4382 /* If user space supports this command it is also expected to
4383 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4384 */
4385 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4386
62b04cd1
JH		 4387 if (cp->privacy) {
4388 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4389 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4390 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4391 } else {
4392 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4393 memset(hdev->irk, 0, sizeof(hdev->irk));
4394 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4395 }
4396
4397 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4398 if (err < 0)
4399 goto unlock;
4400
4401 if (changed)
4402 err = new_settings(hdev, sk);
4403
4404unlock:
4405 hci_dev_unlock(hdev);
4406 return err;
4407}
4408
41edf160
JH		 4409static bool irk_is_valid(struct mgmt_irk_info *irk)
4410{
4411 switch (irk->addr.type) {
4412 case BDADDR_LE_PUBLIC:
4413 return true;
4414
4415 case BDADDR_LE_RANDOM:
4416 /* Two most significant bits shall be set */
4417 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4418 return false;
4419 return true;
4420 }
4421
4422 return false;
4423}
4424
4425static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4426 u16 len)
4427{
4428 struct mgmt_cp_load_irks *cp = cp_data;
4429 u16 irk_count, expected_len;
4430 int i, err;
4431
4432 BT_DBG("request for %s", hdev->name);
4433
4434 if (!lmp_le_capable(hdev))
4435 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4436 MGMT_STATUS_NOT_SUPPORTED);
4437
4438 irk_count = __le16_to_cpu(cp->irk_count);
4439
4440 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4441 if (expected_len != len) {
4442 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4443 expected_len, len);
41edf160
JH		 4444 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4445 MGMT_STATUS_INVALID_PARAMS);
4446 }
4447
4448 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4449
4450 for (i = 0; i < irk_count; i++) {
4451 struct mgmt_irk_info *key = &cp->irks[i];
4452
4453 if (!irk_is_valid(key))
4454 return cmd_status(sk, hdev->id,
4455 MGMT_OP_LOAD_IRKS,
4456 MGMT_STATUS_INVALID_PARAMS);
4457 }
4458
4459 hci_dev_lock(hdev);
4460
4461 hci_smp_irks_clear(hdev);
4462
4463 for (i = 0; i < irk_count; i++) {
4464 struct mgmt_irk_info *irk = &cp->irks[i];
4465 u8 addr_type;
4466
4467 if (irk->addr.type == BDADDR_LE_PUBLIC)
4468 addr_type = ADDR_LE_DEV_PUBLIC;
4469 else
4470 addr_type = ADDR_LE_DEV_RANDOM;
4471
4472 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4473 BDADDR_ANY);
4474 }
4475
4476 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4477
4478 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4479
4480 hci_dev_unlock(hdev);
4481
4482 return err;
4483}
4484
3f706b72
JH		 4485static bool ltk_is_valid(struct mgmt_ltk_info *key)
4486{
4487 if (key->master != 0x00 && key->master != 0x01)
4488 return false;
490cb0b3
MH		 4489
4490 switch (key->addr.type) {
4491 case BDADDR_LE_PUBLIC:
4492 return true;
4493
4494 case BDADDR_LE_RANDOM:
4495 /* Two most significant bits shall be set */
4496 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4497 return false;
4498 return true;
4499 }
4500
4501 return false;
3f706b72
JH		 4502}
4503
bdb6d971 4504static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4505 void *cp_data, u16 len)
346af67b 4506{
346af67b
VCG		 4507 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4508 u16 key_count, expected_len;
715a5bf2 4509 int i, err;
346af67b 4510
cf99ba13
MH		 4511 BT_DBG("request for %s", hdev->name);
4512
4513 if (!lmp_le_capable(hdev))
4514 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4515 MGMT_STATUS_NOT_SUPPORTED);
4516
1f350c87 4517 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4518
4519 expected_len = sizeof(*cp) + key_count *
4520 sizeof(struct mgmt_ltk_info);
4521 if (expected_len != len) {
4522 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4523 expected_len, len);
bdb6d971 4524 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4525 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4526 }
4527
bdb6d971 4528 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4529
54ad6d8a
JH		 4530 for (i = 0; i < key_count; i++) {
4531 struct mgmt_ltk_info *key = &cp->keys[i];
4532
3f706b72 4533 if (!ltk_is_valid(key))
54ad6d8a
JH		 4534 return cmd_status(sk, hdev->id,
4535 MGMT_OP_LOAD_LONG_TERM_KEYS,
4536 MGMT_STATUS_INVALID_PARAMS);
4537 }
4538
346af67b
VCG		 4539 hci_dev_lock(hdev);
4540
4541 hci_smp_ltks_clear(hdev);
4542
4543 for (i = 0; i < key_count; i++) {
4544 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 4545 u8 type, addr_type;
4546
4547 if (key->addr.type == BDADDR_LE_PUBLIC)
4548 addr_type = ADDR_LE_DEV_PUBLIC;
4549 else
4550 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4551
4552 if (key->master)
4553 type = HCI_SMP_LTK;
4554 else
4555 type = HCI_SMP_LTK_SLAVE;
4556
35d70271
JH		 4557 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4558 key->type, key->val, key->enc_size, key->ediv,
4559 key->rand);
346af67b
VCG		 4560 }
4561
715a5bf2
JH		 4562 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4563 NULL, 0);
4564
346af67b 4565 hci_dev_unlock(hdev);
346af67b 4566
715a5bf2 4567 return err;
346af67b
VCG		 4568}
4569
2e3c35ea 4570static const struct mgmt_handler {
04124681
GP		 4571 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4572 u16 data_len);
be22b54e
JH		 4573 bool var_len;
4574 size_t data_len;
0f4e68cf
JH		 4575} mgmt_handlers[] = {
4576 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4577 { read_version, false, MGMT_READ_VERSION_SIZE },
4578 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4579 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4580 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4581 { set_powered, false, MGMT_SETTING_SIZE },
4582 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4583 { set_connectable, false, MGMT_SETTING_SIZE },
4584 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4585 { set_pairable, false, MGMT_SETTING_SIZE },
4586 { set_link_security, false, MGMT_SETTING_SIZE },
4587 { set_ssp, false, MGMT_SETTING_SIZE },
4588 { set_hs, false, MGMT_SETTING_SIZE },
4589 { set_le, false, MGMT_SETTING_SIZE },
4590 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4591 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4592 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4593 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4594 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4595 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4596 { disconnect, false, MGMT_DISCONNECT_SIZE },
4597 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4598 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4599 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4600 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4601 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4602 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4603 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4604 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4605 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4606 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4607 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4608 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 4609 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 4610 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4611 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4612 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4613 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4614 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4615 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4616 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4617 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4618 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4619 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4620 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 4621 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 4622 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 4623 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 4624 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
0f4e68cf
JH		 4625};
4626
4627
0381101f
JH		 4628int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4629{
650f726d
VCG		 4630 void *buf;
4631 u8 *cp;
0381101f 4632 struct mgmt_hdr *hdr;
4e51eae9 4633 u16 opcode, index, len;
bdb6d971 4634 struct hci_dev *hdev = NULL;
2e3c35ea 4635 const struct mgmt_handler *handler;
0381101f
JH		 4636 int err;
4637
4638 BT_DBG("got %zu bytes", msglen);
4639
4640 if (msglen < sizeof(*hdr))
4641 return -EINVAL;
4642
e63a15ec 4643 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4644 if (!buf)
4645 return -ENOMEM;
4646
4647 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4648 err = -EFAULT;
4649 goto done;
4650 }
4651
650f726d 4652 hdr = buf;
1f350c87
MH		 4653 opcode = __le16_to_cpu(hdr->opcode);
4654 index = __le16_to_cpu(hdr->index);
4655 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4656
4657 if (len != msglen - sizeof(*hdr)) {
4658 err = -EINVAL;
4659 goto done;
4660 }
4661
0f4e68cf 4662 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4663 hdev = hci_dev_get(index);
4664 if (!hdev) {
4665 err = cmd_status(sk, index, opcode,
04124681 4666 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4667 goto done;
4668 }
0736cfa8 4669
cebf4cfd
JH		 4670 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4671 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4672 err = cmd_status(sk, index, opcode,
4673 MGMT_STATUS_INVALID_INDEX);
4674 goto done;
4675 }
bdb6d971
JH		 4676 }
4677
0f4e68cf 4678 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4679 mgmt_handlers[opcode].func == NULL) {
0381101f 4680 BT_DBG("Unknown op %u", opcode);
ca69b795 4681 err = cmd_status(sk, index, opcode,
04124681 4682 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4683 goto done;
4684 }
4685
4686 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4687 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4688 err = cmd_status(sk, index, opcode,
04124681 4689 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4690 goto done;
0381101f
JH		 4691 }
4692
be22b54e
JH		 4693 handler = &mgmt_handlers[opcode];
4694
4695 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4696 (!handler->var_len && len != handler->data_len)) {
be22b54e 4697 err = cmd_status(sk, index, opcode,
04124681 4698 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4699 goto done;
4700 }
4701
0f4e68cf
JH		 4702 if (hdev)
4703 mgmt_init_hdev(sk, hdev);
4704
4705 cp = buf + sizeof(*hdr);
4706
be22b54e 4707 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4708 if (err < 0)
4709 goto done;
4710
0381101f
JH		 4711 err = msglen;
4712
4713done:
bdb6d971
JH		 4714 if (hdev)
4715 hci_dev_put(hdev);
4716
0381101f
JH		 4717 kfree(buf);
4718 return err;
4719}
c71e97bf 4720
bf6b56db 4721void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4722{
1514b892 4723 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4724 return;
bb4b2a9a 4725
bf6b56db 4726 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4727}
4728
bf6b56db 4729void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4730{
5f159032 4731 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4732
1514b892 4733 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4734 return;
bb4b2a9a 4735
744cf19e 4736 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4737
bf6b56db 4738 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4739}
4740
6046dc3e
AG		 4741/* This function requires the caller holds hdev->lock */
4742static void restart_le_auto_conns(struct hci_dev *hdev)
4743{
4744 struct hci_conn_params *p;
4745
4746 list_for_each_entry(p, &hdev->le_conn_params, list) {
4747 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS)
4748 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
4749 }
4750}
4751
229ab39c
JH		 4752static void powered_complete(struct hci_dev *hdev, u8 status)
4753{
4754 struct cmd_lookup match = { NULL, hdev };
4755
4756 BT_DBG("status 0x%02x", status);
4757
4758 hci_dev_lock(hdev);
4759
6046dc3e
AG		 4760 restart_le_auto_conns(hdev);
4761
229ab39c
JH		 4762 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4763
4764 new_settings(hdev, match.sk);
4765
4766 hci_dev_unlock(hdev);
4767
4768 if (match.sk)
4769 sock_put(match.sk);
4770}
4771
70da6243 4772static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4773{
890ea898 4774 struct hci_request req;
70da6243 4775 u8 link_sec;
5add6af8 4776
890ea898
JH		 4777 hci_req_init(&req, hdev);
4778
70da6243
JH		 4779 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4780 !lmp_host_ssp_capable(hdev)) {
4781 u8 ssp = 1;
5e5282bb 4782
890ea898 4783 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4784 }
5add6af8 4785
c73eee91
JH		 4786 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4787 lmp_bredr_capable(hdev)) {
70da6243 4788 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4789
70da6243
JH		 4790 cp.le = 1;
4791 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4792
70da6243
JH		 4793 /* Check first if we already have the right
4794 * host state (host features set)
4795 */
4796 if (cp.le != lmp_host_le_capable(hdev) ||
4797 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4798 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4799 sizeof(cp), &cp);
70da6243 4800 }
3d1cbdd6 4801
d13eafce 4802 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 4803 /* Make sure the controller has a good default for
4804 * advertising data. This also applies to the case
4805 * where BR/EDR was toggled during the AUTO_OFF phase.
4806 */
f14d8f64 4807 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 4808 update_adv_data(&req);
f14d8f64
MH		 4809 update_scan_rsp_data(&req);
4810 }
441ad2d0 4811
bba3aa55
MH		 4812 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4813 enable_advertising(&req);
eeca6f89
JH		 4814 }
4815
70da6243
JH		 4816 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4817 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4818 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4819 sizeof(link_sec), &link_sec);
562fcc24 4820
70da6243 4821 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4822 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4823 set_bredr_scan(&req);
890ea898 4824 update_class(&req);
13928971 4825 update_name(&req);
890ea898 4826 update_eir(&req);
70da6243 4827 }
562fcc24 4828
229ab39c 4829 return hci_req_run(&req, powered_complete);
70da6243 4830}
562fcc24 4831
70da6243
JH		 4832int mgmt_powered(struct hci_dev *hdev, u8 powered)
4833{
4834 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4835 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4836 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4837 int err;
f0ff92fb 4838
70da6243
JH		 4839 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4840 return 0;
4841
70da6243 4842 if (powered) {
229ab39c
JH		 4843 if (powered_update_hci(hdev) == 0)
4844 return 0;
fe038884 4845
229ab39c
JH		 4846 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4847 &match);
4848 goto new_settings;
b24752fe
JH		 4849 }
4850
229ab39c
JH		 4851 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4852 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4853
4854 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4855 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4856 zero_cod, sizeof(zero_cod), NULL);
4857
4858new_settings:
beadb2bd 4859 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4860
4861 if (match.sk)
4862 sock_put(match.sk);
4863
7bb895d6 4864 return err;
5add6af8 4865}
73f22f62 4866
3eec705e 4867void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4868{
4869 struct pending_cmd *cmd;
4870 u8 status;
4871
4872 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4873 if (!cmd)
3eec705e 4874 return;
96570ffc
JH		 4875
4876 if (err == -ERFKILL)
4877 status = MGMT_STATUS_RFKILLED;
4878 else
4879 status = MGMT_STATUS_FAILED;
4880
3eec705e 4881 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4882
4883 mgmt_pending_remove(cmd);
96570ffc
JH		 4884}
4885
d1967ff8
MH		 4886void mgmt_discoverable_timeout(struct hci_dev *hdev)
4887{
4888 struct hci_request req;
d1967ff8
MH		 4889
4890 hci_dev_lock(hdev);
4891
4892 /* When discoverable timeout triggers, then just make sure
4893 * the limited discoverable flag is cleared. Even in the case
4894 * of a timeout triggered from general discoverable, it is
4895 * safe to unconditionally clear the flag.
4896 */
4897 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 4898 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 4899
4900 hci_req_init(&req, hdev);
4b580614
JH		 4901 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4902 u8 scan = SCAN_PAGE;
4903 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4904 sizeof(scan), &scan);
4905 }
d1967ff8 4906 update_class(&req);
9a43e25f 4907 update_adv_data(&req);
d1967ff8
MH		 4908 hci_req_run(&req, NULL);
4909
4910 hdev->discov_timeout = 0;
4911
9a43e25f
JH		 4912 new_settings(hdev, NULL);
4913
d1967ff8
MH		 4914 hci_dev_unlock(hdev);
4915}
4916
86a75645 4917void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4918{
86a75645 4919 bool changed;
73f22f62 4920
bfaf8c9f
JH		 4921 /* Nothing needed here if there's a pending command since that
4922 * commands request completion callback takes care of everything
4923 * necessary.
4924 */
4925 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 4926 return;
bfaf8c9f 4927
bd107999
JH		 4928 /* Powering off may clear the scan mode - don't let that interfere */
4929 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4930 return;
4931
9a43e25f 4932 if (discoverable) {
86a75645 4933 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4934 } else {
4935 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 4936 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4937 }
4938
4939 if (changed) {
4940 struct hci_request req;
4941
4942 /* In case this change in discoverable was triggered by
4943 * a disabling of connectable there could be a need to
4944 * update the advertising flags.
4945 */
4946 hci_req_init(&req, hdev);
4947 update_adv_data(&req);
4948 hci_req_run(&req, NULL);
73f22f62 4949
86a75645 4950 new_settings(hdev, NULL);
9a43e25f 4951 }
73f22f62 4952}
9fbcbb45 4953
a330916c 4954void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4955{
a330916c 4956 bool changed;
9fbcbb45 4957
d7b856f9
JH		 4958 /* Nothing needed here if there's a pending command since that
4959 * commands request completion callback takes care of everything
4960 * necessary.
4961 */
4962 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 4963 return;
d7b856f9 4964
ce3f24cf
JH		 4965 /* Powering off may clear the scan mode - don't let that interfere */
4966 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4967 return;
4968
a330916c
MH		 4969 if (connectable)
4970 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4971 else
4972 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 4973
beadb2bd 4974 if (changed)
a330916c 4975 new_settings(hdev, NULL);
9fbcbb45 4976}
55ed8ca1 4977
778b235a
JH		 4978void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
4979{
7c4cfab8
JH		 4980 /* Powering off may stop advertising - don't let that interfere */
4981 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4982 return;
4983
778b235a
JH		 4984 if (advertising)
4985 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4986 else
4987 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4988}
4989
4796e8af 4990void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4991{
ca69b795
JH		 4992 u8 mgmt_err = mgmt_status(status);
4993
2d7cee58 4994 if (scan & SCAN_PAGE)
744cf19e 4995 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4996 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4997
4998 if (scan & SCAN_INQUIRY)
744cf19e 4999 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 5000 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5001}
5002
dc4a5ee2
MH		 5003void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
5004 bool persistent)
55ed8ca1 5005{
86742e1e 5006 struct mgmt_ev_new_link_key ev;
55ed8ca1 5007
a492cd52 5008 memset(&ev, 0, sizeof(ev));
55ed8ca1 5009
a492cd52 5010 ev.store_hint = persistent;
d753fdc4 5011 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 5012 ev.key.addr.type = BDADDR_BREDR;
a492cd52 5013 ev.key.type = key->type;
9b3b4460 5014 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 5015 ev.key.pin_len = key->pin_len;
55ed8ca1 5016
dc4a5ee2 5017 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 5018}
f7520543 5019
53ac6ab6 5020void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 5021{
5022 struct mgmt_ev_new_long_term_key ev;
5023
5024 memset(&ev, 0, sizeof(ev));
5025
5192d301
MH		 5026 /* Devices using resolvable or non-resolvable random addresses
5027 * without providing an indentity resolving key don't require
5028 * to store long term keys. Their addresses will change the
5029 * next time around.
5030 *
5031 * Only when a remote device provides an identity address
5032 * make sure the long term key is stored. If the remote
5033 * identity is known, the long term keys are internally
5034 * mapped to the identity address. So allow static random
5035 * and public addresses here.
5036 */
ba74b666
JH		 5037 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5038 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5039 ev.store_hint = 0x00;
5040 else
53ac6ab6 5041 ev.store_hint = persistent;
ba74b666 5042
346af67b 5043 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 5044 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d40f3eef 5045 ev.key.type = key->authenticated;
346af67b
VCG		 5046 ev.key.enc_size = key->enc_size;
5047 ev.key.ediv = key->ediv;
fe39c7b2 5048 ev.key.rand = key->rand;
346af67b
VCG		 5049
5050 if (key->type == HCI_SMP_LTK)
5051 ev.key.master = 1;
5052
346af67b
VCG		 5053 memcpy(ev.key.val, key->val, sizeof(key->val));
5054
083368f7 5055 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 5056}
5057
95fbac8a
JH		 5058void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5059{
5060 struct mgmt_ev_new_irk ev;
5061
5062 memset(&ev, 0, sizeof(ev));
5063
bab6d1e5
MH		 5064 /* For identity resolving keys from devices that are already
5065 * using a public address or static random address, do not
5066 * ask for storing this key. The identity resolving key really
5067 * is only mandatory for devices using resovlable random
5068 * addresses.
5069 *
5070 * Storing all identity resolving keys has the downside that
5071 * they will be also loaded on next boot of they system. More
5072 * identity resolving keys, means more time during scanning is
5073 * needed to actually resolve these addresses.
5074 */
5075 if (bacmp(&irk->rpa, BDADDR_ANY))
5076 ev.store_hint = 0x01;
5077 else
5078 ev.store_hint = 0x00;
5079
95fbac8a
JH		 5080 bacpy(&ev.rpa, &irk->rpa);
5081 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5082 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5083 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5084
5085 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5086}
5087
53ac6ab6
MH		 5088void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
5089 bool persistent)
7ee4ea36
MH		 5090{
5091 struct mgmt_ev_new_csrk ev;
5092
5093 memset(&ev, 0, sizeof(ev));
5094
5095 /* Devices using resolvable or non-resolvable random addresses
5096 * without providing an indentity resolving key don't require
5097 * to store signature resolving keys. Their addresses will change
5098 * the next time around.
5099 *
5100 * Only when a remote device provides an identity address
5101 * make sure the signature resolving key is stored. So allow
5102 * static random and public addresses here.
5103 */
5104 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5105 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
5106 ev.store_hint = 0x00;
5107 else
53ac6ab6 5108 ev.store_hint = persistent;
7ee4ea36
MH		 5109
5110 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
5111 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
5112 ev.key.master = csrk->master;
5113 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
5114
5115 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
5116}
5117
94933991
MH		 5118static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5119 u8 data_len)
5120{
5121 eir[eir_len++] = sizeof(type) + data_len;
5122 eir[eir_len++] = type;
5123 memcpy(&eir[eir_len], data, data_len);
5124 eir_len += data_len;
5125
5126 return eir_len;
5127}
5128
ecd90ae7
MH		 5129void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5130 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5131 u8 *dev_class)
f7520543 5132{
b644ba33
JH		 5133 char buf[512];
5134 struct mgmt_ev_device_connected *ev = (void *) buf;
5135 u16 eir_len = 0;
f7520543 5136
b644ba33 5137 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5138 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 5139
c95f0ba7 5140 ev->flags = __cpu_to_le32(flags);
08c79b61 5141
b644ba33
JH		 5142 if (name_len > 0)
5143 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 5144 name, name_len);
b644ba33
JH		 5145
5146 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 5147 eir_len = eir_append_data(ev->eir, eir_len,
04124681 5148 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 5149
eb55ef07 5150 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 5151
ecd90ae7
MH		 5152 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5153 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 5154}
5155
8962ee74
JH		 5156static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5157{
c68fb7ff 5158 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 5159 struct sock **sk = data;
a38528f1 5160 struct mgmt_rp_disconnect rp;
8962ee74 5161
88c3df13
JH		 5162 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5163 rp.addr.type = cp->addr.type;
8962ee74 5164
aee9b218 5165 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 5166 sizeof(rp));
8962ee74
JH		 5167
5168 *sk = cmd->sk;
5169 sock_hold(*sk);
5170
a664b5bc 5171 mgmt_pending_remove(cmd);
8962ee74
JH		 5172}
5173
124f6e35 5174static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 5175{
b1078ad0 5176 struct hci_dev *hdev = data;
124f6e35
JH		 5177 struct mgmt_cp_unpair_device *cp = cmd->param;
5178 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 5179
5180 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 5181 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5182 rp.addr.type = cp->addr.type;
a8a1d19e 5183
b1078ad0
JH		 5184 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5185
aee9b218 5186 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 5187
5188 mgmt_pending_remove(cmd);
5189}
5190
9b80ec5e 5191void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 5192 u8 link_type, u8 addr_type, u8 reason,
5193 bool mgmt_connected)
f7520543 5194{
f0d6a0ea 5195 struct mgmt_ev_device_disconnected ev;
8b064a3a 5196 struct pending_cmd *power_off;
8962ee74 5197 struct sock *sk = NULL;
8962ee74 5198
8b064a3a
JH		 5199 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5200 if (power_off) {
5201 struct mgmt_mode *cp = power_off->param;
5202
5203 /* The connection is still in hci_conn_hash so test for 1
5204 * instead of 0 to know if this is the last one.
5205 */
a3172b7e
JH		 5206 if (!cp->val && hci_conn_count(hdev) == 1) {
5207 cancel_delayed_work(&hdev->power_off);
8b064a3a 5208 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5209 }
8b064a3a
JH		 5210 }
5211
12d4a3b2
JH		 5212 if (!mgmt_connected)
5213 return;
5214
57eb776f
AG		 5215 if (link_type != ACL_LINK && link_type != LE_LINK)
5216 return;
5217
744cf19e 5218 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5219
f0d6a0ea
MA		 5220 bacpy(&ev.addr.bdaddr, bdaddr);
5221 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5222 ev.reason = reason;
f7520543 5223
9b80ec5e 5224 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5225
5226 if (sk)
d97dcb66 5227 sock_put(sk);
8962ee74 5228
124f6e35 5229 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5230 hdev);
8962ee74
JH		 5231}
5232
7892924c
MH		 5233void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5234 u8 link_type, u8 addr_type, u8 status)
8962ee74 5235{
3655bba8
AG		 5236 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5237 struct mgmt_cp_disconnect *cp;
88c3df13 5238 struct mgmt_rp_disconnect rp;
8962ee74 5239 struct pending_cmd *cmd;
8962ee74 5240
36a75f1b
JD		 5241 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5242 hdev);
5243
2e58ef3e 5244 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5245 if (!cmd)
7892924c 5246 return;
8962ee74 5247
3655bba8
AG		 5248 cp = cmd->param;
5249
5250 if (bacmp(bdaddr, &cp->addr.bdaddr))
5251 return;
5252
5253 if (cp->addr.type != bdaddr_type)
5254 return;
5255
88c3df13 5256 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5257 rp.addr.type = bdaddr_type;
37d9ef76 5258
7892924c
MH		 5259 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5260 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5261
a664b5bc 5262 mgmt_pending_remove(cmd);
f7520543 5263}
17d5c04c 5264
445608d0
MH		 5265void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5266 u8 addr_type, u8 status)
17d5c04c
JH		 5267{
5268 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 5269 struct pending_cmd *power_off;
5270
5271 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5272 if (power_off) {
5273 struct mgmt_mode *cp = power_off->param;
5274
5275 /* The connection is still in hci_conn_hash so test for 1
5276 * instead of 0 to know if this is the last one.
5277 */
a3172b7e
JH		 5278 if (!cp->val && hci_conn_count(hdev) == 1) {
5279 cancel_delayed_work(&hdev->power_off);
c9910d0f 5280 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5281 }
c9910d0f 5282 }
17d5c04c 5283
4c659c39 5284 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5285 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5286 ev.status = mgmt_status(status);
17d5c04c 5287
445608d0 5288 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5289}
980e1a53 5290
ce0e4a0d 5291void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 5292{
5293 struct mgmt_ev_pin_code_request ev;
5294
d8457698 5295 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 5296 ev.addr.type = BDADDR_BREDR;
a770bb5a 5297 ev.secure = secure;
980e1a53 5298
ce0e4a0d 5299 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 5300}
5301
e669cf80
MH		 5302void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5303 u8 status)
980e1a53
JH		 5304{
5305 struct pending_cmd *cmd;
ac56fb13 5306 struct mgmt_rp_pin_code_reply rp;
980e1a53 5307
2e58ef3e 5308 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 5309 if (!cmd)
e669cf80 5310 return;
980e1a53 5311
d8457698 5312 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5313 rp.addr.type = BDADDR_BREDR;
ac56fb13 5314
e669cf80
MH		 5315 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5316 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5317
a664b5bc 5318 mgmt_pending_remove(cmd);
980e1a53
JH		 5319}
5320
3eb38528
MH		 5321void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5322 u8 status)
980e1a53
JH		 5323{
5324 struct pending_cmd *cmd;
ac56fb13 5325 struct mgmt_rp_pin_code_reply rp;
980e1a53 5326
2e58ef3e 5327 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 5328 if (!cmd)
3eb38528 5329 return;
980e1a53 5330
d8457698 5331 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5332 rp.addr.type = BDADDR_BREDR;
ac56fb13 5333
3eb38528
MH		 5334 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5335 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5336
a664b5bc 5337 mgmt_pending_remove(cmd);
980e1a53 5338}
a5c29683 5339
744cf19e 5340int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 5341 u8 link_type, u8 addr_type, u32 value,
04124681 5342 u8 confirm_hint)
a5c29683
JH		 5343{
5344 struct mgmt_ev_user_confirm_request ev;
5345
744cf19e 5346 BT_DBG("%s", hdev->name);
a5c29683 5347
272d90df 5348 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5349 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 5350 ev.confirm_hint = confirm_hint;
39adbffe 5351 ev.value = cpu_to_le32(value);
a5c29683 5352
744cf19e 5353 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 5354 NULL);
a5c29683
JH		 5355}
5356
272d90df 5357int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 5358 u8 link_type, u8 addr_type)
604086b7
BG		 5359{
5360 struct mgmt_ev_user_passkey_request ev;
5361
5362 BT_DBG("%s", hdev->name);
5363
272d90df 5364 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5365 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 5366
5367 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 5368 NULL);
604086b7
BG		 5369}
5370
0df4c185 5371static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 5372 u8 link_type, u8 addr_type, u8 status,
5373 u8 opcode)
a5c29683
JH		 5374{
5375 struct pending_cmd *cmd;
5376 struct mgmt_rp_user_confirm_reply rp;
5377 int err;
5378
2e58ef3e 5379 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 5380 if (!cmd)
5381 return -ENOENT;
5382
272d90df 5383 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 5384 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 5385 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 5386 &rp, sizeof(rp));
a5c29683 5387
a664b5bc 5388 mgmt_pending_remove(cmd);
a5c29683
JH		 5389
5390 return err;
5391}
5392
744cf19e 5393int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5394 u8 link_type, u8 addr_type, u8 status)
a5c29683 5395{
272d90df 5396 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5397 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 5398}
5399
272d90df 5400int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5401 u8 link_type, u8 addr_type, u8 status)
a5c29683 5402{
272d90df 5403 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5404 status,
5405 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 5406}
2a611692 5407
604086b7 5408int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5409 u8 link_type, u8 addr_type, u8 status)
604086b7 5410{
272d90df 5411 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5412 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 5413}
5414
272d90df 5415int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5416 u8 link_type, u8 addr_type, u8 status)
604086b7 5417{
272d90df 5418 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5419 status,
5420 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 5421}
5422
92a25256
JH		 5423int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5424 u8 link_type, u8 addr_type, u32 passkey,
5425 u8 entered)
5426{
5427 struct mgmt_ev_passkey_notify ev;
5428
5429 BT_DBG("%s", hdev->name);
5430
5431 bacpy(&ev.addr.bdaddr, bdaddr);
5432 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5433 ev.passkey = __cpu_to_le32(passkey);
5434 ev.entered = entered;
5435
5436 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5437}
5438
e546099c
MH		 5439void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5440 u8 addr_type, u8 status)
2a611692
JH		 5441{
5442 struct mgmt_ev_auth_failed ev;
5443
bab73cb6 5444 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5445 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5446 ev.status = mgmt_status(status);
2a611692 5447
e546099c 5448 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 5449}
b312b161 5450
464996ae 5451void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 5452{
5453 struct cmd_lookup match = { NULL, hdev };
464996ae 5454 bool changed;
33ef95ed
JH		 5455
5456 if (status) {
5457 u8 mgmt_err = mgmt_status(status);
5458 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 5459 cmd_status_rsp, &mgmt_err);
464996ae 5460 return;
33ef95ed
JH		 5461 }
5462
464996ae
MH		 5463 if (test_bit(HCI_AUTH, &hdev->flags))
5464 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5465 &hdev->dev_flags);
5466 else
5467 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5468 &hdev->dev_flags);
47990ea0 5469
33ef95ed 5470 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 5471 &match);
33ef95ed 5472
47990ea0 5473 if (changed)
464996ae 5474 new_settings(hdev, match.sk);
33ef95ed
JH		 5475
5476 if (match.sk)
5477 sock_put(match.sk);
33ef95ed
JH		 5478}
5479
890ea898 5480static void clear_eir(struct hci_request *req)
cacaf52f 5481{
890ea898 5482 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 5483 struct hci_cp_write_eir cp;
5484
976eb20e 5485 if (!lmp_ext_inq_capable(hdev))
890ea898 5486 return;
cacaf52f 5487
c80da27e
JH		 5488 memset(hdev->eir, 0, sizeof(hdev->eir));
5489
cacaf52f
JH		 5490 memset(&cp, 0, sizeof(cp));
5491
890ea898 5492 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 5493}
5494
3e248560 5495void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 5496{
5497 struct cmd_lookup match = { NULL, hdev };
890ea898 5498 struct hci_request req;
c0ecddc2 5499 bool changed = false;
ed2c4ee3
JH		 5500
5501 if (status) {
5502 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 5503
5504 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 5505 &hdev->dev_flags)) {
5506 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 5507 new_settings(hdev, NULL);
9ecb3e24 5508 }
c0ecddc2 5509
04124681
GP		 5510 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5511 &mgmt_err);
3e248560 5512 return;
c0ecddc2
JH		 5513 }
5514
5515 if (enable) {
9ecb3e24 5516 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 5517 } else {
9ecb3e24
MH		 5518 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5519 if (!changed)
5520 changed = test_and_clear_bit(HCI_HS_ENABLED,
5521 &hdev->dev_flags);
5522 else
5523 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 5524 }
5525
5526 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5527
c0ecddc2 5528 if (changed)
3e248560 5529 new_settings(hdev, match.sk);
ed2c4ee3 5530
5fc6ebb1 5531 if (match.sk)
ed2c4ee3
JH		 5532 sock_put(match.sk);
5533
890ea898
JH		 5534 hci_req_init(&req, hdev);
5535
5fc6ebb1 5536 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 5537 update_eir(&req);
5fc6ebb1 5538 else
890ea898
JH		 5539 clear_eir(&req);
5540
5541 hci_req_run(&req, NULL);
ed2c4ee3
JH		 5542}
5543
eac83dc6
MH		 5544void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5545{
5546 struct cmd_lookup match = { NULL, hdev };
5547 bool changed = false;
5548
5549 if (status) {
5550 u8 mgmt_err = mgmt_status(status);
5551
0ab04a9c
MH		 5552 if (enable) {
5553 if (test_and_clear_bit(HCI_SC_ENABLED,
5554 &hdev->dev_flags))
5555 new_settings(hdev, NULL);
5556 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5557 }
eac83dc6
MH		 5558
5559 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5560 cmd_status_rsp, &mgmt_err);
5561 return;
5562 }
5563
0ab04a9c 5564 if (enable) {
eac83dc6 5565 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 5566 } else {
eac83dc6 5567 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 5568 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5569 }
eac83dc6
MH		 5570
5571 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5572 settings_rsp, &match);
5573
5574 if (changed)
5575 new_settings(hdev, match.sk);
5576
5577 if (match.sk)
5578 sock_put(match.sk);
5579}
5580
92da6097 5581static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 5582{
5583 struct cmd_lookup *match = data;
5584
90e70454
JH		 5585 if (match->sk == NULL) {
5586 match->sk = cmd->sk;
5587 sock_hold(match->sk);
5588 }
90e70454
JH		 5589}
5590
4e1b0245
MH		 5591void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5592 u8 status)
7f9a903c 5593{
90e70454 5594 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 5595
92da6097
JH		 5596 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5597 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5598 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 5599
5600 if (!status)
4e1b0245
MH		 5601 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5602 NULL);
90e70454
JH		 5603
5604 if (match.sk)
5605 sock_put(match.sk);
7f9a903c
MH		 5606}
5607
7667da34 5608void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 5609{
b312b161 5610 struct mgmt_cp_set_local_name ev;
13928971 5611 struct pending_cmd *cmd;
28cc7bde 5612
13928971 5613 if (status)
7667da34 5614 return;
b312b161
JH		 5615
5616 memset(&ev, 0, sizeof(ev));
5617 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 5618 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 5619
2e58ef3e 5620 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 5621 if (!cmd) {
5622 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 5623
13928971
JH		 5624 /* If this is a HCI command related to powering on the
5625 * HCI dev don't send any mgmt signals.
5626 */
5627 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 5628 return;
890ea898 5629 }
b312b161 5630
7667da34
MH		 5631 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5632 cmd ? cmd->sk : NULL);
b312b161 5633}
c35938b2 5634
4d2d2796
MH		 5635void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5636 u8 *randomizer192, u8 *hash256,
5637 u8 *randomizer256, u8 status)
c35938b2
SJ		 5638{
5639 struct pending_cmd *cmd;
c35938b2 5640
744cf19e 5641 BT_DBG("%s status %u", hdev->name, status);
c35938b2 5642
2e58ef3e 5643 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 5644 if (!cmd)
3edaf092 5645 return;
c35938b2
SJ		 5646
5647 if (status) {
3edaf092
MH		 5648 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5649 mgmt_status(status));
c35938b2 5650 } else {
4d2d2796
MH		 5651 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5652 hash256 && randomizer256) {
5653 struct mgmt_rp_read_local_oob_ext_data rp;
5654
5655 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5656 memcpy(rp.randomizer192, randomizer192,
5657 sizeof(rp.randomizer192));
c35938b2 5658
4d2d2796
MH		 5659 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5660 memcpy(rp.randomizer256, randomizer256,
5661 sizeof(rp.randomizer256));
c35938b2 5662
4d2d2796
MH		 5663 cmd_complete(cmd->sk, hdev->id,
5664 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5665 &rp, sizeof(rp));
5666 } else {
5667 struct mgmt_rp_read_local_oob_data rp;
5668
5669 memcpy(rp.hash, hash192, sizeof(rp.hash));
5670 memcpy(rp.randomizer, randomizer192,
5671 sizeof(rp.randomizer));
5672
5673 cmd_complete(cmd->sk, hdev->id,
5674 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5675 &rp, sizeof(rp));
5676 }
c35938b2
SJ		 5677 }
5678
5679 mgmt_pending_remove(cmd);
c35938b2 5680}
e17acd40 5681
901801b9
MH		 5682void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5683 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
5684 ssp, u8 *eir, u16 eir_len)
e17acd40 5685{
e319d2e7
JH		 5686 char buf[512];
5687 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 5688 struct smp_irk *irk;
1dc06093 5689 size_t ev_size;
e17acd40 5690
12602d0c 5691 if (!hci_discovery_active(hdev))
901801b9 5692 return;
12602d0c 5693
1dc06093
JH		 5694 /* Leave 5 bytes for a potential CoD field */
5695 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 5696 return;
7d262f86 5697
1dc06093
JH		 5698 memset(buf, 0, sizeof(buf));
5699
5cedbb8d
JH		 5700 irk = hci_get_irk(hdev, bdaddr, addr_type);
5701 if (irk) {
5702 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5703 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5704 } else {
5705 bacpy(&ev->addr.bdaddr, bdaddr);
5706 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5707 }
5708
e319d2e7 5709 ev->rssi = rssi;
9a395a80 5710 if (cfm_name)
dcf4adbf 5711 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 5712 if (!ssp)
dcf4adbf 5713 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 5714
1dc06093 5715 if (eir_len > 0)
e319d2e7 5716 memcpy(ev->eir, eir, eir_len);
e17acd40 5717
1dc06093
JH		 5718 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5719 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 5720 dev_class, 3);
1dc06093 5721
eb55ef07 5722 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 5723 ev_size = sizeof(*ev) + eir_len;
f8523598 5724
901801b9 5725 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 5726}
a88a9652 5727
9cf12aee
MH		 5728void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5729 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 5730{
b644ba33
JH		 5731 struct mgmt_ev_device_found *ev;
5732 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5733 u16 eir_len;
a88a9652 5734
b644ba33 5735 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 5736
b644ba33
JH		 5737 memset(buf, 0, sizeof(buf));
5738
5739 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5740 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 5741 ev->rssi = rssi;
5742
5743 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 5744 name_len);
b644ba33 5745
eb55ef07 5746 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 5747
9cf12aee 5748 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 5749}
314b2381 5750
2f1e063b 5751void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 5752{
f963e8e9 5753 struct mgmt_ev_discovering ev;
164a6e78
JH		 5754 struct pending_cmd *cmd;
5755
343fb145
AG		 5756 BT_DBG("%s discovering %u", hdev->name, discovering);
5757
164a6e78 5758 if (discovering)
2e58ef3e 5759 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 5760 else
2e58ef3e 5761 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 5762
5763 if (cmd != NULL) {
f808e166
JH		 5764 u8 type = hdev->discovery.type;
5765
04124681
GP		 5766 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5767 sizeof(type));
164a6e78
JH		 5768 mgmt_pending_remove(cmd);
5769 }
5770
f963e8e9
JH		 5771 memset(&ev, 0, sizeof(ev));
5772 ev.type = hdev->discovery.type;
5773 ev.discovering = discovering;
5774
2f1e063b 5775 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 5776}
5e762444 5777
88c1fe4b 5778int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5779{
5780 struct pending_cmd *cmd;
5781 struct mgmt_ev_device_blocked ev;
5782
2e58ef3e 5783 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 5784
88c1fe4b
JH		 5785 bacpy(&ev.addr.bdaddr, bdaddr);
5786 ev.addr.type = type;
5e762444 5787
744cf19e 5788 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 5789 cmd ? cmd->sk : NULL);
5e762444
AJ		 5790}
5791
88c1fe4b 5792int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5793{
5794 struct pending_cmd *cmd;
5795 struct mgmt_ev_device_unblocked ev;
5796
2e58ef3e 5797 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 5798
88c1fe4b
JH		 5799 bacpy(&ev.addr.bdaddr, bdaddr);
5800 ev.addr.type = type;
5e762444 5801
744cf19e 5802 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 5803 cmd ? cmd->sk : NULL);
5e762444 5804}
5976e608
MH		 5805
5806static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5807{
5808 BT_DBG("%s status %u", hdev->name, status);
5809
5810 /* Clear the advertising mgmt setting if we failed to re-enable it */
5811 if (status) {
5812 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5813 new_settings(hdev, NULL);
5976e608
MH		 5814 }
5815}
5816
5817void mgmt_reenable_advertising(struct hci_dev *hdev)
5818{
5819 struct hci_request req;
5820
b145edcd 5821 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 5822 return;
5823
5824 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5825 return;
5826
5827 hci_req_init(&req, hdev);
5828 enable_advertising(&req);
5829
5830 /* If this fails we have no option but to let user space know
5831 * that we've disabled advertising.
5832 */
5833 if (hci_req_run(&req, adv_enable_complete) < 0) {
5834 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5835 new_settings(hdev, NULL);
5976e608
MH		 5836 }
5837}
Linux kernel - Deliverables
This page took 0.634867 seconds and 5 git commands to generate.