projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Rename pending_cmd to mgmt_pending_cmd
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
0381101f 38
2da9c55c 39#define MGMT_VERSION 1
854bda19 40#define MGMT_REVISION 8
02d98129 41
e70bb2e8
JH		 42static const u16 mgmt_commands[] = {
43 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_READ_INFO,
45 MGMT_OP_SET_POWERED,
46 MGMT_OP_SET_DISCOVERABLE,
47 MGMT_OP_SET_CONNECTABLE,
48 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 49 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 50 MGMT_OP_SET_LINK_SECURITY,
51 MGMT_OP_SET_SSP,
52 MGMT_OP_SET_HS,
53 MGMT_OP_SET_LE,
54 MGMT_OP_SET_DEV_CLASS,
55 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_ADD_UUID,
57 MGMT_OP_REMOVE_UUID,
58 MGMT_OP_LOAD_LINK_KEYS,
59 MGMT_OP_LOAD_LONG_TERM_KEYS,
60 MGMT_OP_DISCONNECT,
61 MGMT_OP_GET_CONNECTIONS,
62 MGMT_OP_PIN_CODE_REPLY,
63 MGMT_OP_PIN_CODE_NEG_REPLY,
64 MGMT_OP_SET_IO_CAPABILITY,
65 MGMT_OP_PAIR_DEVICE,
66 MGMT_OP_CANCEL_PAIR_DEVICE,
67 MGMT_OP_UNPAIR_DEVICE,
68 MGMT_OP_USER_CONFIRM_REPLY,
69 MGMT_OP_USER_CONFIRM_NEG_REPLY,
70 MGMT_OP_USER_PASSKEY_REPLY,
71 MGMT_OP_USER_PASSKEY_NEG_REPLY,
72 MGMT_OP_READ_LOCAL_OOB_DATA,
73 MGMT_OP_ADD_REMOTE_OOB_DATA,
74 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
75 MGMT_OP_START_DISCOVERY,
76 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_CONFIRM_NAME,
78 MGMT_OP_BLOCK_DEVICE,
79 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 80 MGMT_OP_SET_DEVICE_ID,
4375f103 81 MGMT_OP_SET_ADVERTISING,
0663ca2a 82 MGMT_OP_SET_BREDR,
d13eafce 83 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 84 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 85 MGMT_OP_SET_SECURE_CONN,
4e39ac81 86 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 87 MGMT_OP_SET_PRIVACY,
41edf160 88 MGMT_OP_LOAD_IRKS,
dd983808 89 MGMT_OP_GET_CONN_INFO,
95868426 90 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 91 MGMT_OP_ADD_DEVICE,
92 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 93 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 94 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 95 MGMT_OP_READ_CONFIG_INFO,
dbece37a 96 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 97 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 98 MGMT_OP_START_SERVICE_DISCOVERY,
e70bb2e8
JH		 99};
100
101static const u16 mgmt_events[] = {
102 MGMT_EV_CONTROLLER_ERROR,
103 MGMT_EV_INDEX_ADDED,
104 MGMT_EV_INDEX_REMOVED,
105 MGMT_EV_NEW_SETTINGS,
106 MGMT_EV_CLASS_OF_DEV_CHANGED,
107 MGMT_EV_LOCAL_NAME_CHANGED,
108 MGMT_EV_NEW_LINK_KEY,
109 MGMT_EV_NEW_LONG_TERM_KEY,
110 MGMT_EV_DEVICE_CONNECTED,
111 MGMT_EV_DEVICE_DISCONNECTED,
112 MGMT_EV_CONNECT_FAILED,
113 MGMT_EV_PIN_CODE_REQUEST,
114 MGMT_EV_USER_CONFIRM_REQUEST,
115 MGMT_EV_USER_PASSKEY_REQUEST,
116 MGMT_EV_AUTH_FAILED,
117 MGMT_EV_DEVICE_FOUND,
118 MGMT_EV_DISCOVERING,
119 MGMT_EV_DEVICE_BLOCKED,
120 MGMT_EV_DEVICE_UNBLOCKED,
121 MGMT_EV_DEVICE_UNPAIRED,
92a25256 122 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 123 MGMT_EV_NEW_IRK,
7ee4ea36 124 MGMT_EV_NEW_CSRK,
8afef092
MH		 125 MGMT_EV_DEVICE_ADDED,
126 MGMT_EV_DEVICE_REMOVED,
ffb5a827 127 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 128 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 129 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 130 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 131};
132
17b02e62 133#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 134
d25b78e2
JH		 135#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
136 "\x00\x00\x00\x00\x00\x00\x00\x00"
137
3b0602cd 138struct mgmt_pending_cmd {
eec8d2bc 139 struct list_head list;
fc2f4b13 140 u16 opcode;
eec8d2bc 141 int index;
c68fb7ff 142 void *param;
323b0b88 143 size_t param_len;
eec8d2bc 144 struct sock *sk;
e9a416b5 145 void *user_data;
3b0602cd 146 int (*cmd_complete)(struct mgmt_pending_cmd *cmd, u8 status);
eec8d2bc
JH		 147};
148
ca69b795
JH		 149/* HCI to MGMT error code conversion table */
150static u8 mgmt_status_table[] = {
151 MGMT_STATUS_SUCCESS,
152 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
153 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
154 MGMT_STATUS_FAILED, /* Hardware Failure */
155 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
156 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 157 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 158 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
159 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
160 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
161 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
162 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
163 MGMT_STATUS_BUSY, /* Command Disallowed */
164 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
165 MGMT_STATUS_REJECTED, /* Rejected Security */
166 MGMT_STATUS_REJECTED, /* Rejected Personal */
167 MGMT_STATUS_TIMEOUT, /* Host Timeout */
168 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
169 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
170 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
171 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
172 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
173 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
174 MGMT_STATUS_BUSY, /* Repeated Attempts */
175 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
176 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
177 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
178 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
179 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
180 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
181 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
182 MGMT_STATUS_FAILED, /* Unspecified Error */
183 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
184 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
185 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
186 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
187 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
188 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
189 MGMT_STATUS_FAILED, /* Unit Link Key Used */
190 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
191 MGMT_STATUS_TIMEOUT, /* Instant Passed */
192 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
193 MGMT_STATUS_FAILED, /* Transaction Collision */
194 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
195 MGMT_STATUS_REJECTED, /* QoS Rejected */
196 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
197 MGMT_STATUS_REJECTED, /* Insufficient Security */
198 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
199 MGMT_STATUS_BUSY, /* Role Switch Pending */
200 MGMT_STATUS_FAILED, /* Slot Violation */
201 MGMT_STATUS_FAILED, /* Role Switch Failed */
202 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
203 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
204 MGMT_STATUS_BUSY, /* Host Busy Pairing */
205 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
206 MGMT_STATUS_BUSY, /* Controller Busy */
207 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
208 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
209 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
210 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
211 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
212};
213
214static u8 mgmt_status(u8 hci_status)
215{
216 if (hci_status < ARRAY_SIZE(mgmt_status_table))
217 return mgmt_status_table[hci_status];
218
219 return MGMT_STATUS_FAILED;
220}
221
04c60f05
MH		 222static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
223 struct sock *skip_sk)
224{
225 struct sk_buff *skb;
226 struct mgmt_hdr *hdr;
227
228 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
229 if (!skb)
230 return -ENOMEM;
231
232 hdr = (void *) skb_put(skb, sizeof(*hdr));
233 hdr->opcode = cpu_to_le16(event);
234 if (hdev)
235 hdr->index = cpu_to_le16(hdev->id);
236 else
237 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
238 hdr->len = cpu_to_le16(data_len);
239
240 if (data)
241 memcpy(skb_put(skb, data_len), data, data_len);
242
243 /* Time stamp */
244 __net_timestamp(skb);
245
7129069e 246 hci_send_to_channel(HCI_CHANNEL_CONTROL, skb, skip_sk);
04c60f05
MH		 247 kfree_skb(skb);
248
249 return 0;
250}
251
a69e8375 252static int mgmt_cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 253{
254 struct sk_buff *skb;
255 struct mgmt_hdr *hdr;
256 struct mgmt_ev_cmd_status *ev;
56b7d137 257 int err;
f7b64e69 258
34eb525c 259 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 260
790eff44 261 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 262 if (!skb)
263 return -ENOMEM;
264
265 hdr = (void *) skb_put(skb, sizeof(*hdr));
266
dcf4adbf 267 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 268 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 269 hdr->len = cpu_to_le16(sizeof(*ev));
270
271 ev = (void *) skb_put(skb, sizeof(*ev));
272 ev->status = status;
eb55ef07 273 ev->opcode = cpu_to_le16(cmd);
f7b64e69 274
56b7d137
GP		 275 err = sock_queue_rcv_skb(sk, skb);
276 if (err < 0)
f7b64e69
JH		 277 kfree_skb(skb);
278
56b7d137 279 return err;
f7b64e69
JH		 280}
281
2a1afb5a
JH		 282static int mgmt_cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
283 void *rp, size_t rp_len)
02d98129
JH		 284{
285 struct sk_buff *skb;
286 struct mgmt_hdr *hdr;
287 struct mgmt_ev_cmd_complete *ev;
56b7d137 288 int err;
02d98129
JH		 289
290 BT_DBG("sock %p", sk);
291
790eff44 292 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 293 if (!skb)
294 return -ENOMEM;
295
296 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 297
dcf4adbf 298 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 299 hdr->index = cpu_to_le16(index);
a38528f1 300 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 301
a38528f1 302 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 303 ev->opcode = cpu_to_le16(cmd);
aee9b218 304 ev->status = status;
8020c16a
SJ		 305
306 if (rp)
307 memcpy(ev->data, rp, rp_len);
02d98129 308
56b7d137
GP		 309 err = sock_queue_rcv_skb(sk, skb);
310 if (err < 0)
02d98129
JH		 311 kfree_skb(skb);
312
e5f0e151 313 return err;
02d98129
JH		 314}
315
04124681
GP		 316static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
317 u16 data_len)
a38528f1
JH		 318{
319 struct mgmt_rp_read_version rp;
320
321 BT_DBG("sock %p", sk);
322
323 rp.version = MGMT_VERSION;
dcf4adbf 324 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 325
2a1afb5a
JH		 326 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
327 &rp, sizeof(rp));
a38528f1
JH		 328}
329
04124681
GP		 330static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
331 u16 data_len)
e70bb2e8
JH		 332{
333 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 334 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
335 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 336 __le16 *opcode;
e70bb2e8
JH		 337 size_t rp_size;
338 int i, err;
339
340 BT_DBG("sock %p", sk);
341
342 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
343
344 rp = kmalloc(rp_size, GFP_KERNEL);
345 if (!rp)
346 return -ENOMEM;
347
dcf4adbf
JP		 348 rp->num_commands = cpu_to_le16(num_commands);
349 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 350
351 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
352 put_unaligned_le16(mgmt_commands[i], opcode);
353
354 for (i = 0; i < num_events; i++, opcode++)
355 put_unaligned_le16(mgmt_events[i], opcode);
356
2a1afb5a
JH		 357 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
358 rp, rp_size);
e70bb2e8
JH		 359 kfree(rp);
360
361 return err;
362}
363
04124681
GP		 364static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
365 u16 data_len)
faba42eb 366{
faba42eb 367 struct mgmt_rp_read_index_list *rp;
8035ded4 368 struct hci_dev *d;
a38528f1 369 size_t rp_len;
faba42eb 370 u16 count;
476e44cb 371 int err;
faba42eb
JH		 372
373 BT_DBG("sock %p", sk);
374
375 read_lock(&hci_dev_list_lock);
376
377 count = 0;
bb4b2a9a 378 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 379 if (d->dev_type == HCI_BREDR &&
380 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 381 count++;
faba42eb
JH		 382 }
383
a38528f1
JH		 384 rp_len = sizeof(*rp) + (2 * count);
385 rp = kmalloc(rp_len, GFP_ATOMIC);
386 if (!rp) {
b2c60d42 387 read_unlock(&hci_dev_list_lock);
faba42eb 388 return -ENOMEM;
b2c60d42 389 }
faba42eb 390
476e44cb 391 count = 0;
8035ded4 392 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 393 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 394 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 395 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 396 continue;
397
73d1df2a
MH		 398 /* Devices marked as raw-only are neither configured
399 * nor unconfigured controllers.
400 */
401 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 402 continue;
403
73d1df2a
MH		 404 if (d->dev_type == HCI_BREDR &&
405 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 406 rp->index[count++] = cpu_to_le16(d->id);
407 BT_DBG("Added hci%u", d->id);
408 }
faba42eb
JH		 409 }
410
476e44cb
JH		 411 rp->num_controllers = cpu_to_le16(count);
412 rp_len = sizeof(*rp) + (2 * count);
413
faba42eb
JH		 414 read_unlock(&hci_dev_list_lock);
415
2a1afb5a
JH		 416 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
417 0, rp, rp_len);
faba42eb 418
a38528f1
JH		 419 kfree(rp);
420
421 return err;
faba42eb
JH		 422}
423
73d1df2a
MH		 424static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
425 void *data, u16 data_len)
426{
427 struct mgmt_rp_read_unconf_index_list *rp;
428 struct hci_dev *d;
429 size_t rp_len;
430 u16 count;
431 int err;
432
433 BT_DBG("sock %p", sk);
434
435 read_lock(&hci_dev_list_lock);
436
437 count = 0;
438 list_for_each_entry(d, &hci_dev_list, list) {
439 if (d->dev_type == HCI_BREDR &&
440 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
441 count++;
442 }
443
444 rp_len = sizeof(*rp) + (2 * count);
445 rp = kmalloc(rp_len, GFP_ATOMIC);
446 if (!rp) {
447 read_unlock(&hci_dev_list_lock);
448 return -ENOMEM;
449 }
450
451 count = 0;
452 list_for_each_entry(d, &hci_dev_list, list) {
453 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 454 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 455 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
456 continue;
457
458 /* Devices marked as raw-only are neither configured
459 * nor unconfigured controllers.
460 */
461 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
462 continue;
463
464 if (d->dev_type == HCI_BREDR &&
465 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
466 rp->index[count++] = cpu_to_le16(d->id);
467 BT_DBG("Added hci%u", d->id);
468 }
469 }
470
471 rp->num_controllers = cpu_to_le16(count);
472 rp_len = sizeof(*rp) + (2 * count);
473
474 read_unlock(&hci_dev_list_lock);
475
2a1afb5a
JH		 476 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
477 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 478
479 kfree(rp);
480
481 return err;
482}
483
dbece37a
MH		 484static bool is_configured(struct hci_dev *hdev)
485{
486 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
487 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
488 return false;
489
490 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
491 !bacmp(&hdev->public_addr, BDADDR_ANY))
492 return false;
493
494 return true;
495}
496
89bc22d2
MH		 497static __le32 get_missing_options(struct hci_dev *hdev)
498{
499 u32 options = 0;
500
dbece37a
MH		 501 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
502 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 503 options |= MGMT_OPTION_EXTERNAL_CONFIG;
504
89bc22d2
MH		 505 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
506 !bacmp(&hdev->public_addr, BDADDR_ANY))
507 options |= MGMT_OPTION_PUBLIC_ADDRESS;
508
509 return cpu_to_le32(options);
510}
511
f4537c04
MH		 512static int new_options(struct hci_dev *hdev, struct sock *skip)
513{
514 __le32 options = get_missing_options(hdev);
515
516 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
517 sizeof(options), skip);
518}
519
dbece37a
MH		 520static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
521{
522 __le32 options = get_missing_options(hdev);
523
2a1afb5a
JH		 524 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
525 sizeof(options));
dbece37a
MH		 526}
527
9fc3bfb6
MH		 528static int read_config_info(struct sock *sk, struct hci_dev *hdev,
529 void *data, u16 data_len)
530{
531 struct mgmt_rp_read_config_info rp;
89bc22d2 532 u32 options = 0;
9fc3bfb6
MH		 533
534 BT_DBG("sock %p %s", sk, hdev->name);
535
536 hci_dev_lock(hdev);
537
538 memset(&rp, 0, sizeof(rp));
539 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 540
eb1904f4
MH		 541 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
542 options |= MGMT_OPTION_EXTERNAL_CONFIG;
543
9fc3bfb6 544 if (hdev->set_bdaddr)
89bc22d2
MH		 545 options |= MGMT_OPTION_PUBLIC_ADDRESS;
546
547 rp.supported_options = cpu_to_le32(options);
548 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 549
550 hci_dev_unlock(hdev);
551
2a1afb5a
JH		 552 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
553 &rp, sizeof(rp));
9fc3bfb6
MH		 554}
555
69ab39ea
JH		 556static u32 get_supported_settings(struct hci_dev *hdev)
557{
558 u32 settings = 0;
559
560 settings |= MGMT_SETTING_POWERED;
b2939475 561 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 562 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 563 settings |= MGMT_SETTING_CONNECTABLE;
564 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 565
ed3fa31f 566 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 567 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
568 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 569 settings |= MGMT_SETTING_BREDR;
570 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 571
572 if (lmp_ssp_capable(hdev)) {
573 settings |= MGMT_SETTING_SSP;
574 settings |= MGMT_SETTING_HS;
575 }
e98d2ce2 576
05b3c3e7 577 if (lmp_sc_capable(hdev))
e98d2ce2 578 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 579 }
d7b7e796 580
eeca6f89 581 if (lmp_le_capable(hdev)) {
9d42820f 582 settings |= MGMT_SETTING_LE;
eeca6f89 583 settings |= MGMT_SETTING_ADVERTISING;
a3209694 584 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 585 settings |= MGMT_SETTING_PRIVACY;
93690c22 586 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 587 }
69ab39ea 588
eb1904f4
MH		 589 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
590 hdev->set_bdaddr)
9fc3bfb6
MH		 591 settings |= MGMT_SETTING_CONFIGURATION;
592
69ab39ea
JH		 593 return settings;
594}
595
596static u32 get_current_settings(struct hci_dev *hdev)
597{
598 u32 settings = 0;
599
f1f0eb02 600 if (hdev_is_powered(hdev))
f0d4b78a
MH		 601 settings |= MGMT_SETTING_POWERED;
602
5e5282bb 603 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 604 settings |= MGMT_SETTING_CONNECTABLE;
605
1a4d3c4b
JH		 606 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
607 settings |= MGMT_SETTING_FAST_CONNECTABLE;
608
5e5282bb 609 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 610 settings |= MGMT_SETTING_DISCOVERABLE;
611
b6ae8457 612 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
b2939475 613 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 614
56f87901 615 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 616 settings |= MGMT_SETTING_BREDR;
617
06199cf8 618 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 619 settings |= MGMT_SETTING_LE;
620
47990ea0 621 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 622 settings |= MGMT_SETTING_LINK_SECURITY;
623
84bde9d6 624 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 625 settings |= MGMT_SETTING_SSP;
626
6d80dfd0
JH		 627 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
628 settings |= MGMT_SETTING_HS;
629
f3d3444a 630 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 631 settings |= MGMT_SETTING_ADVERTISING;
632
e98d2ce2
MH		 633 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
634 settings |= MGMT_SETTING_SECURE_CONN;
635
0663b297 636 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 637 settings |= MGMT_SETTING_DEBUG_KEYS;
638
0f4bd942
JH		 639 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
640 settings |= MGMT_SETTING_PRIVACY;
641
93690c22
MH		 642 /* The current setting for static address has two purposes. The
643 * first is to indicate if the static address will be used and
644 * the second is to indicate if it is actually set.
645 *
646 * This means if the static address is not configured, this flag
647 * will never bet set. If the address is configured, then if the
648 * address is actually used decides if the flag is set or not.
649 *
650 * For single mode LE only controllers and dual-mode controllers
651 * with BR/EDR disabled, the existence of the static address will
652 * be evaluated.
653 */
654 if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ||
655 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
656 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
657 if (bacmp(&hdev->static_addr, BDADDR_ANY))
658 settings |= MGMT_SETTING_STATIC_ADDRESS;
659 }
660
69ab39ea
JH		 661 return settings;
662}
663
ef580372
JH		 664#define PNP_INFO_SVCLASS_ID 0x1200
665
213202ed
JH		 666static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
667{
668 u8 *ptr = data, *uuids_start = NULL;
669 struct bt_uuid *uuid;
670
671 if (len < 4)
672 return ptr;
673
674 list_for_each_entry(uuid, &hdev->uuids, list) {
675 u16 uuid16;
676
677 if (uuid->size != 16)
678 continue;
679
680 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
681 if (uuid16 < 0x1100)
682 continue;
683
684 if (uuid16 == PNP_INFO_SVCLASS_ID)
685 continue;
686
687 if (!uuids_start) {
688 uuids_start = ptr;
689 uuids_start[0] = 1;
690 uuids_start[1] = EIR_UUID16_ALL;
691 ptr += 2;
692 }
693
694 /* Stop if not enough space to put next UUID */
695 if ((ptr - data) + sizeof(u16) > len) {
696 uuids_start[1] = EIR_UUID16_SOME;
697 break;
698 }
699
700 *ptr++ = (uuid16 & 0x00ff);
701 *ptr++ = (uuid16 & 0xff00) >> 8;
702 uuids_start[0] += sizeof(uuid16);
703 }
704
705 return ptr;
706}
707
cdf1963f
JH		 708static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
709{
710 u8 *ptr = data, *uuids_start = NULL;
711 struct bt_uuid *uuid;
712
713 if (len < 6)
714 return ptr;
715
716 list_for_each_entry(uuid, &hdev->uuids, list) {
717 if (uuid->size != 32)
718 continue;
719
720 if (!uuids_start) {
721 uuids_start = ptr;
722 uuids_start[0] = 1;
723 uuids_start[1] = EIR_UUID32_ALL;
724 ptr += 2;
725 }
726
727 /* Stop if not enough space to put next UUID */
728 if ((ptr - data) + sizeof(u32) > len) {
729 uuids_start[1] = EIR_UUID32_SOME;
730 break;
731 }
732
733 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
734 ptr += sizeof(u32);
735 uuids_start[0] += sizeof(u32);
736 }
737
738 return ptr;
739}
740
c00d575b
JH		 741static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
742{
743 u8 *ptr = data, *uuids_start = NULL;
744 struct bt_uuid *uuid;
745
746 if (len < 18)
747 return ptr;
748
749 list_for_each_entry(uuid, &hdev->uuids, list) {
750 if (uuid->size != 128)
751 continue;
752
753 if (!uuids_start) {
754 uuids_start = ptr;
755 uuids_start[0] = 1;
756 uuids_start[1] = EIR_UUID128_ALL;
757 ptr += 2;
758 }
759
760 /* Stop if not enough space to put next UUID */
761 if ((ptr - data) + 16 > len) {
762 uuids_start[1] = EIR_UUID128_SOME;
763 break;
764 }
765
766 memcpy(ptr, uuid->uuid, 16);
767 ptr += 16;
768 uuids_start[0] += 16;
769 }
770
771 return ptr;
772}
773
3b0602cd
JH		 774static struct mgmt_pending_cmd *mgmt_pending_find(u16 opcode,
775 struct hci_dev *hdev)
eb2a8d20 776{
3b0602cd 777 struct mgmt_pending_cmd *cmd;
eb2a8d20
JH		 778
779 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
780 if (cmd->opcode == opcode)
781 return cmd;
782 }
783
784 return NULL;
785}
786
3b0602cd
JH		 787static struct mgmt_pending_cmd *mgmt_pending_find_data(u16 opcode,
788 struct hci_dev *hdev,
789 const void *data)
95868426 790{
3b0602cd 791 struct mgmt_pending_cmd *cmd;
95868426
JH		 792
793 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
794 if (cmd->user_data != data)
795 continue;
796 if (cmd->opcode == opcode)
797 return cmd;
798 }
799
800 return NULL;
801}
802
f14d8f64
MH		 803static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
804{
7a5f4990
MH		 805 u8 ad_len = 0;
806 size_t name_len;
807
808 name_len = strlen(hdev->dev_name);
809 if (name_len > 0) {
810 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
811
812 if (name_len > max_len) {
813 name_len = max_len;
814 ptr[1] = EIR_NAME_SHORT;
815 } else
816 ptr[1] = EIR_NAME_COMPLETE;
817
818 ptr[0] = name_len + 1;
819
820 memcpy(ptr + 2, hdev->dev_name, name_len);
821
822 ad_len += (name_len + 2);
823 ptr += (name_len + 2);
824 }
825
826 return ad_len;
f14d8f64
MH		 827}
828
829static void update_scan_rsp_data(struct hci_request *req)
830{
831 struct hci_dev *hdev = req->hdev;
832 struct hci_cp_le_set_scan_rsp_data cp;
833 u8 len;
834
7751ef1b 835 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 836 return;
837
838 memset(&cp, 0, sizeof(cp));
839
840 len = create_scan_rsp_data(hdev, cp.data);
841
eb438b5f
JH		 842 if (hdev->scan_rsp_data_len == len &&
843 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 844 return;
845
eb438b5f
JH		 846 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
847 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 848
849 cp.length = len;
850
851 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
852}
853
9a43e25f
JH		 854static u8 get_adv_discov_flags(struct hci_dev *hdev)
855{
3b0602cd 856 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 857
858 /* If there's a pending mgmt command the flags will not yet have
859 * their final values, so check for this first.
860 */
861 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
862 if (cmd) {
863 struct mgmt_mode *cp = cmd->param;
864 if (cp->val == 0x01)
865 return LE_AD_GENERAL;
866 else if (cp->val == 0x02)
867 return LE_AD_LIMITED;
868 } else {
869 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
870 return LE_AD_LIMITED;
871 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
872 return LE_AD_GENERAL;
873 }
874
875 return 0;
876}
877
46cad2ed 878static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 879{
880 u8 ad_len = 0, flags = 0;
441ad2d0 881
9a43e25f 882 flags |= get_adv_discov_flags(hdev);
441ad2d0 883
e834004b 884 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 885 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 886
887 if (flags) {
888 BT_DBG("adv flags 0x%02x", flags);
889
890 ptr[0] = 2;
891 ptr[1] = EIR_FLAGS;
892 ptr[2] = flags;
893
894 ad_len += 3;
895 ptr += 3;
896 }
897
898 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
899 ptr[0] = 2;
900 ptr[1] = EIR_TX_POWER;
901 ptr[2] = (u8) hdev->adv_tx_power;
902
903 ad_len += 3;
904 ptr += 3;
905 }
906
441ad2d0
MH		 907 return ad_len;
908}
909
5947f4bc 910static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 911{
912 struct hci_dev *hdev = req->hdev;
913 struct hci_cp_le_set_adv_data cp;
914 u8 len;
915
10994ce6 916 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 917 return;
918
919 memset(&cp, 0, sizeof(cp));
920
46cad2ed 921 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 922
923 if (hdev->adv_data_len == len &&
924 memcmp(cp.data, hdev->adv_data, len) == 0)
925 return;
926
927 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
928 hdev->adv_data_len = len;
929
930 cp.length = len;
931
932 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
933}
934
bc6d2d04
JH		 935int mgmt_update_adv_data(struct hci_dev *hdev)
936{
937 struct hci_request req;
938
939 hci_req_init(&req, hdev);
940 update_adv_data(&req);
941
942 return hci_req_run(&req, NULL);
943}
944
ef580372
JH		 945static void create_eir(struct hci_dev *hdev, u8 *data)
946{
947 u8 *ptr = data;
ef580372
JH		 948 size_t name_len;
949
950 name_len = strlen(hdev->dev_name);
951
952 if (name_len > 0) {
953 /* EIR Data type */
954 if (name_len > 48) {
955 name_len = 48;
956 ptr[1] = EIR_NAME_SHORT;
957 } else
958 ptr[1] = EIR_NAME_COMPLETE;
959
960 /* EIR Data length */
961 ptr[0] = name_len + 1;
962
963 memcpy(ptr + 2, hdev->dev_name, name_len);
964
ef580372
JH		 965 ptr += (name_len + 2);
966 }
967
bbaf444a 968 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 969 ptr[0] = 2;
970 ptr[1] = EIR_TX_POWER;
971 ptr[2] = (u8) hdev->inq_tx_power;
972
91c4e9b1
MH		 973 ptr += 3;
974 }
975
2b9be137
MH		 976 if (hdev->devid_source > 0) {
977 ptr[0] = 9;
978 ptr[1] = EIR_DEVICE_ID;
979
980 put_unaligned_le16(hdev->devid_source, ptr + 2);
981 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
982 put_unaligned_le16(hdev->devid_product, ptr + 6);
983 put_unaligned_le16(hdev->devid_version, ptr + 8);
984
2b9be137
MH		 985 ptr += 10;
986 }
987
213202ed 988 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 989 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 990 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 991}
992
890ea898 993static void update_eir(struct hci_request *req)
ef580372 994{
890ea898 995 struct hci_dev *hdev = req->hdev;
ef580372
JH		 996 struct hci_cp_write_eir cp;
997
504c8dcd 998 if (!hdev_is_powered(hdev))
890ea898 999 return;
7770c4aa 1000
976eb20e 1001 if (!lmp_ext_inq_capable(hdev))
890ea898 1002 return;
ef580372 1003
84bde9d6 1004 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 1005 return;
ef580372 1006
a8b2d5c2 1007 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1008 return;
ef580372
JH		 1009
1010 memset(&cp, 0, sizeof(cp));
1011
1012 create_eir(hdev, cp.data);
1013
1014 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 1015 return;
ef580372
JH		 1016
1017 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1018
890ea898 1019 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 1020}
1021
1022static u8 get_service_classes(struct hci_dev *hdev)
1023{
1024 struct bt_uuid *uuid;
1025 u8 val = 0;
1026
1027 list_for_each_entry(uuid, &hdev->uuids, list)
1028 val |= uuid->svc_hint;
1029
1030 return val;
1031}
1032
890ea898 1033static void update_class(struct hci_request *req)
ef580372 1034{
890ea898 1035 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1036 u8 cod[3];
1037
1038 BT_DBG("%s", hdev->name);
1039
504c8dcd 1040 if (!hdev_is_powered(hdev))
890ea898 1041 return;
7770c4aa 1042
f87ea1da
JH		 1043 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1044 return;
1045
a8b2d5c2 1046 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1047 return;
ef580372
JH		 1048
1049 cod[0] = hdev->minor_class;
1050 cod[1] = hdev->major_class;
1051 cod[2] = get_service_classes(hdev);
1052
6acd7db4
MH		 1053 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1054 cod[1] |= 0x20;
1055
ef580372 1056 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1057 return;
ef580372 1058
890ea898 1059 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1060}
1061
a4858cb9 1062static bool get_connectable(struct hci_dev *hdev)
199a2fb1 1063{
3b0602cd 1064 struct mgmt_pending_cmd *cmd;
199a2fb1
JH		 1065
1066 /* If there's a pending mgmt command the flag will not yet have
1067 * it's final value, so check for this first.
1068 */
1069 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1070 if (cmd) {
1071 struct mgmt_mode *cp = cmd->param;
a4858cb9 1072 return cp->val;
199a2fb1
JH		 1073 }
1074
a4858cb9 1075 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1076}
1077
0ec5ae84
JH		 1078static void disable_advertising(struct hci_request *req)
1079{
1080 u8 enable = 0x00;
1081
1082 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1083}
1084
199a2fb1
JH		 1085static void enable_advertising(struct hci_request *req)
1086{
1087 struct hci_dev *hdev = req->hdev;
1088 struct hci_cp_le_set_adv_param cp;
8f2a0601 1089 u8 own_addr_type, enable = 0x01;
a4858cb9 1090 bool connectable;
199a2fb1 1091
0ec5ae84
JH		 1092 if (hci_conn_num(hdev, LE_LINK) > 0)
1093 return;
1094
1095 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1096 disable_advertising(req);
1097
5ce194c4 1098 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1099 * hci_update_random_address knows that it's safe to go ahead
1100 * and write a new random address. The flag will be set back on
1101 * as soon as the SET_ADV_ENABLE HCI command completes.
1102 */
5ce194c4 1103 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
8d97250e 1104
a4858cb9 1105 connectable = get_connectable(hdev);
8f2a0601 1106
a4858cb9
JH		 1107 /* Set require_privacy to true only when non-connectable
1108 * advertising is used. In that case it is fine to use a
1109 * non-resolvable private address.
1110 */
1111 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1112 return;
1113
41c90c18 1114 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1115 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1116 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1117 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1118 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1119 cp.channel_map = hdev->le_adv_channel_map;
1120
1121 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1122
1123 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1124}
1125
7d78525d
JH		 1126static void service_cache_off(struct work_struct *work)
1127{
1128 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1129 service_cache.work);
890ea898 1130 struct hci_request req;
7d78525d 1131
a8b2d5c2 1132 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1133 return;
1134
890ea898
JH		 1135 hci_req_init(&req, hdev);
1136
7d78525d
JH		 1137 hci_dev_lock(hdev);
1138
890ea898
JH		 1139 update_eir(&req);
1140 update_class(&req);
7d78525d
JH		 1141
1142 hci_dev_unlock(hdev);
890ea898
JH		 1143
1144 hci_req_run(&req, NULL);
7d78525d
JH		 1145}
1146
d6bfd59c
JH		 1147static void rpa_expired(struct work_struct *work)
1148{
1149 struct hci_dev *hdev = container_of(work, struct hci_dev,
1150 rpa_expired.work);
1151 struct hci_request req;
1152
1153 BT_DBG("");
1154
1155 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1156
0ec5ae84 1157 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
d6bfd59c
JH		 1158 return;
1159
1160 /* The generation of a new RPA and programming it into the
1161 * controller happens in the enable_advertising() function.
1162 */
d6bfd59c 1163 hci_req_init(&req, hdev);
d6bfd59c 1164 enable_advertising(&req);
d6bfd59c
JH		 1165 hci_req_run(&req, NULL);
1166}
1167
6a919082 1168static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1169{
4f87da80 1170 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1171 return;
1172
4f87da80 1173 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1174 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1175
4f87da80
JH		 1176 /* Non-mgmt controlled devices get this bit set
1177 * implicitly so that pairing works for them, however
1178 * for mgmt we require user-space to explicitly enable
1179 * it
1180 */
b6ae8457 1181 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
7d78525d
JH		 1182}
1183
0f4e68cf 1184static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1185 void *data, u16 data_len)
0381101f 1186{
a38528f1 1187 struct mgmt_rp_read_info rp;
f7b64e69 1188
bdb6d971 1189 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1190
09fd0de5 1191 hci_dev_lock(hdev);
f7b64e69 1192
dc4fe30b
JH		 1193 memset(&rp, 0, sizeof(rp));
1194
69ab39ea 1195 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1196
69ab39ea 1197 rp.version = hdev->hci_ver;
eb55ef07 1198 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1199
1200 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1201 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1202
a38528f1 1203 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1204
dc4fe30b 1205 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1206 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1207
09fd0de5 1208 hci_dev_unlock(hdev);
0381101f 1209
2a1afb5a
JH		 1210 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1211 sizeof(rp));
0381101f
JH		 1212}
1213
3b0602cd 1214static void mgmt_pending_free(struct mgmt_pending_cmd *cmd)
eec8d2bc
JH		 1215{
1216 sock_put(cmd->sk);
c68fb7ff 1217 kfree(cmd->param);
eec8d2bc
JH		 1218 kfree(cmd);
1219}
1220
3b0602cd
JH		 1221static struct mgmt_pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1222 struct hci_dev *hdev,
1223 void *data, u16 len)
eec8d2bc 1224{
3b0602cd 1225 struct mgmt_pending_cmd *cmd;
eec8d2bc 1226
fca20018 1227 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1228 if (!cmd)
366a0336 1229 return NULL;
eec8d2bc
JH		 1230
1231 cmd->opcode = opcode;
2e58ef3e 1232 cmd->index = hdev->id;
eec8d2bc 1233
323b0b88 1234 cmd->param = kmemdup(data, len, GFP_KERNEL);
c68fb7ff 1235 if (!cmd->param) {
eec8d2bc 1236 kfree(cmd);
366a0336 1237 return NULL;
eec8d2bc
JH		 1238 }
1239
323b0b88 1240 cmd->param_len = len;
eec8d2bc
JH		 1241
1242 cmd->sk = sk;
1243 sock_hold(sk);
1244
2e58ef3e 1245 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1246
366a0336 1247 return cmd;
eec8d2bc
JH		 1248}
1249
744cf19e 1250static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
3b0602cd 1251 void (*cb)(struct mgmt_pending_cmd *cmd,
8fc9ced3 1252 void *data),
04124681 1253 void *data)
eec8d2bc 1254{
3b0602cd 1255 struct mgmt_pending_cmd *cmd, *tmp;
eec8d2bc 1256
a3d09356 1257 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1258 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1259 continue;
1260
eec8d2bc
JH		 1261 cb(cmd, data);
1262 }
1263}
1264
3b0602cd 1265static void mgmt_pending_remove(struct mgmt_pending_cmd *cmd)
73f22f62 1266{
73f22f62
JH		 1267 list_del(&cmd->list);
1268 mgmt_pending_free(cmd);
1269}
1270
69ab39ea 1271static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1272{
69ab39ea 1273 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1274
2a1afb5a
JH		 1275 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1276 sizeof(settings));
8680570b
JH		 1277}
1278
1904a853 1279static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1280{
1281 BT_DBG("%s status 0x%02x", hdev->name, status);
1282
a3172b7e
JH		 1283 if (hci_conn_count(hdev) == 0) {
1284 cancel_delayed_work(&hdev->power_off);
8b064a3a 1285 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1286 }
8b064a3a
JH		 1287}
1288
23a48093 1289static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1290{
1291 struct hci_dev *hdev = req->hdev;
1292 struct hci_cp_remote_name_req_cancel cp;
1293 struct inquiry_entry *e;
1294
1295 switch (hdev->discovery.state) {
1296 case DISCOVERY_FINDING:
1297 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1298 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1299 } else {
1300 cancel_delayed_work(&hdev->le_scan_disable);
1301 hci_req_add_le_scan_disable(req);
1302 }
1303
23a48093 1304 return true;
21a60d30
JH		 1305
1306 case DISCOVERY_RESOLVING:
1307 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1308 NAME_PENDING);
1309 if (!e)
23a48093 1310 break;
21a60d30
JH		 1311
1312 bacpy(&cp.bdaddr, &e->data.bdaddr);
1313 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1314 &cp);
1315
23a48093 1316 return true;
21a60d30
JH		 1317
1318 default:
1319 /* Passive scanning */
23a48093 1320 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
21a60d30 1321 hci_req_add_le_scan_disable(req);
23a48093
JH		 1322 return true;
1323 }
1324
21a60d30
JH		 1325 break;
1326 }
23a48093
JH		 1327
1328 return false;
21a60d30
JH		 1329}
1330
8b064a3a
JH		 1331static int clean_up_hci_state(struct hci_dev *hdev)
1332{
1333 struct hci_request req;
1334 struct hci_conn *conn;
23a48093
JH		 1335 bool discov_stopped;
1336 int err;
8b064a3a
JH		 1337
1338 hci_req_init(&req, hdev);
1339
1340 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1341 test_bit(HCI_PSCAN, &hdev->flags)) {
1342 u8 scan = 0x00;
1343 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1344 }
1345
73e082f8 1346 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
8b064a3a
JH		 1347 disable_advertising(&req);
1348
23a48093 1349 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1350
1351 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1352 struct hci_cp_disconnect dc;
c9910d0f
JH		 1353 struct hci_cp_reject_conn_req rej;
1354
1355 switch (conn->state) {
1356 case BT_CONNECTED:
1357 case BT_CONFIG:
1358 dc.handle = cpu_to_le16(conn->handle);
1359 dc.reason = 0x15; /* Terminated due to Power Off */
1360 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1361 break;
1362 case BT_CONNECT:
1363 if (conn->type == LE_LINK)
1364 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1365 0, NULL);
1366 else if (conn->type == ACL_LINK)
1367 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1368 6, &conn->dst);
1369 break;
1370 case BT_CONNECT2:
1371 bacpy(&rej.bdaddr, &conn->dst);
1372 rej.reason = 0x15; /* Terminated due to Power Off */
1373 if (conn->type == ACL_LINK)
1374 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1375 sizeof(rej), &rej);
1376 else if (conn->type == SCO_LINK)
1377 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1378 sizeof(rej), &rej);
1379 break;
1380 }
8b064a3a
JH		 1381 }
1382
23a48093
JH		 1383 err = hci_req_run(&req, clean_up_hci_complete);
1384 if (!err && discov_stopped)
1385 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1386
1387 return err;
8b064a3a
JH		 1388}
1389
bdb6d971 1390static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1391 u16 len)
eec8d2bc 1392{
650f726d 1393 struct mgmt_mode *cp = data;
3b0602cd 1394 struct mgmt_pending_cmd *cmd;
4b34ee78 1395 int err;
eec8d2bc 1396
bdb6d971 1397 BT_DBG("request for %s", hdev->name);
eec8d2bc 1398
a7e80f25 1399 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1400 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1401 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1402
09fd0de5 1403 hci_dev_lock(hdev);
eec8d2bc 1404
87b95ba6 1405 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1406 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1407 MGMT_STATUS_BUSY);
87b95ba6
JH		 1408 goto failed;
1409 }
1410
f0d4b78a
MH		 1411 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1412 cancel_delayed_work(&hdev->power_off);
1413
1414 if (cp->val) {
a1d70450
JH		 1415 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1416 data, len);
1417 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1418 goto failed;
1419 }
1420 }
1421
4b34ee78 1422 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1423 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1424 goto failed;
1425 }
1426
2e58ef3e 1427 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1428 if (!cmd) {
1429 err = -ENOMEM;
eec8d2bc 1430 goto failed;
366a0336 1431 }
eec8d2bc 1432
8b064a3a 1433 if (cp->val) {
19202573 1434 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1435 err = 0;
1436 } else {
1437 /* Disconnect connections, stop scans, etc */
1438 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1439 if (!err)
1440 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1441 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1442
8b064a3a
JH		 1443 /* ENODATA means there were no HCI commands queued */
1444 if (err == -ENODATA) {
a3172b7e 1445 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1446 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1447 err = 0;
1448 }
1449 }
eec8d2bc
JH		 1450
1451failed:
09fd0de5 1452 hci_dev_unlock(hdev);
366a0336 1453 return err;
eec8d2bc
JH		 1454}
1455
beadb2bd
JH		 1456static int new_settings(struct hci_dev *hdev, struct sock *skip)
1457{
1458 __le32 ev;
1459
1460 ev = cpu_to_le32(get_current_settings(hdev));
1461
1462 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1463}
1464
91a668b0
JH		 1465int mgmt_new_settings(struct hci_dev *hdev)
1466{
1467 return new_settings(hdev, NULL);
1468}
1469
bd99abdd
JH		 1470struct cmd_lookup {
1471 struct sock *sk;
1472 struct hci_dev *hdev;
1473 u8 mgmt_status;
1474};
1475
3b0602cd 1476static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1477{
1478 struct cmd_lookup *match = data;
1479
1480 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1481
1482 list_del(&cmd->list);
1483
1484 if (match->sk == NULL) {
1485 match->sk = cmd->sk;
1486 sock_hold(match->sk);
1487 }
1488
1489 mgmt_pending_free(cmd);
1490}
1491
3b0602cd 1492static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1493{
1494 u8 *status = data;
1495
a69e8375 1496 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1497 mgmt_pending_remove(cmd);
1498}
1499
3b0602cd 1500static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1501{
1502 if (cmd->cmd_complete) {
1503 u8 *status = data;
1504
1505 cmd->cmd_complete(cmd, *status);
1506 mgmt_pending_remove(cmd);
1507
1508 return;
1509 }
1510
1511 cmd_status_rsp(cmd, data);
1512}
1513
3b0602cd 1514static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1515{
2a1afb5a
JH		 1516 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1517 cmd->param, cmd->param_len);
f5818c22
JH		 1518}
1519
3b0602cd 1520static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1521{
2a1afb5a
JH		 1522 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1523 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1524}
1525
e6fe7986
JH		 1526static u8 mgmt_bredr_support(struct hci_dev *hdev)
1527{
1528 if (!lmp_bredr_capable(hdev))
1529 return MGMT_STATUS_NOT_SUPPORTED;
1530 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1531 return MGMT_STATUS_REJECTED;
1532 else
1533 return MGMT_STATUS_SUCCESS;
1534}
1535
1536static u8 mgmt_le_support(struct hci_dev *hdev)
1537{
1538 if (!lmp_le_capable(hdev))
1539 return MGMT_STATUS_NOT_SUPPORTED;
1540 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1541 return MGMT_STATUS_REJECTED;
1542 else
1543 return MGMT_STATUS_SUCCESS;
1544}
1545
1904a853
MH		 1546static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1547 u16 opcode)
bfaf8c9f 1548{
3b0602cd 1549 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1550 struct mgmt_mode *cp;
970ba524 1551 struct hci_request req;
bfaf8c9f
JH		 1552 bool changed;
1553
1554 BT_DBG("status 0x%02x", status);
1555
1556 hci_dev_lock(hdev);
1557
1558 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1559 if (!cmd)
1560 goto unlock;
1561
1562 if (status) {
1563 u8 mgmt_err = mgmt_status(status);
a69e8375 1564 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1565 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1566 goto remove_cmd;
1567 }
1568
1569 cp = cmd->param;
d4462a07 1570 if (cp->val) {
bfaf8c9f
JH		 1571 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1572 &hdev->dev_flags);
d4462a07
MH		 1573
1574 if (hdev->discov_timeout > 0) {
1575 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1576 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1577 to);
1578 }
1579 } else {
bfaf8c9f
JH		 1580 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1581 &hdev->dev_flags);
d4462a07 1582 }
bfaf8c9f
JH		 1583
1584 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1585
1586 if (changed)
1587 new_settings(hdev, cmd->sk);
1588
970ba524
MH		 1589 /* When the discoverable mode gets changed, make sure
1590 * that class of device has the limited discoverable
432df05e
JH		 1591 * bit correctly set. Also update page scan based on whitelist
1592 * entries.
970ba524
MH		 1593 */
1594 hci_req_init(&req, hdev);
1d2dc5b7 1595 __hci_update_page_scan(&req);
970ba524
MH		 1596 update_class(&req);
1597 hci_req_run(&req, NULL);
1598
bfaf8c9f
JH		 1599remove_cmd:
1600 mgmt_pending_remove(cmd);
1601
1602unlock:
1603 hci_dev_unlock(hdev);
1604}
1605
bdb6d971 1606static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1607 u16 len)
73f22f62 1608{
650f726d 1609 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1610 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1611 struct hci_request req;
5e5282bb 1612 u16 timeout;
9a43e25f 1613 u8 scan;
73f22f62
JH		 1614 int err;
1615
bdb6d971 1616 BT_DBG("request for %s", hdev->name);
73f22f62 1617
9a43e25f
JH		 1618 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1619 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
a69e8375
JH		 1620 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1621 MGMT_STATUS_REJECTED);
33c525c0 1622
310a3d48 1623 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1624 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1625 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1626
1f350c87 1627 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1628
1629 /* Disabling discoverable requires that no timeout is set,
1630 * and enabling limited discoverable requires a timeout.
1631 */
1632 if ((cp->val == 0x00 && timeout > 0) ||
1633 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1634 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1635 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1636
09fd0de5 1637 hci_dev_lock(hdev);
73f22f62 1638
5e5282bb 1639 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1640 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1641 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1642 goto failed;
1643 }
1644
2e58ef3e 1645 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1646 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1647 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1648 MGMT_STATUS_BUSY);
73f22f62
JH		 1649 goto failed;
1650 }
1651
5e5282bb 1652 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
a69e8375
JH		 1653 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1654 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1655 goto failed;
1656 }
1657
1658 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1659 bool changed = false;
1660
310a3d48
MH		 1661 /* Setting limited discoverable when powered off is
1662 * not a valid operation since it requires a timeout
1663 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1664 */
0224d2fa
JH		 1665 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1666 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1667 changed = true;
1668 }
1669
5e5282bb 1670 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1671 if (err < 0)
1672 goto failed;
1673
1674 if (changed)
1675 err = new_settings(hdev, sk);
1676
5e5282bb
JH		 1677 goto failed;
1678 }
1679
310a3d48
MH		 1680 /* If the current mode is the same, then just update the timeout
1681 * value with the new value. And if only the timeout gets updated,
1682 * then no need for any HCI transactions.
1683 */
1684 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1685 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1686 &hdev->dev_flags)) {
36261547
MH		 1687 cancel_delayed_work(&hdev->discov_off);
1688 hdev->discov_timeout = timeout;
955638ec 1689
36261547
MH		 1690 if (cp->val && hdev->discov_timeout > 0) {
1691 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1692 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1693 to);
955638ec
MH		 1694 }
1695
69ab39ea 1696 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1697 goto failed;
1698 }
1699
2e58ef3e 1700 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1701 if (!cmd) {
1702 err = -ENOMEM;
73f22f62 1703 goto failed;
366a0336 1704 }
73f22f62 1705
310a3d48
MH		 1706 /* Cancel any potential discoverable timeout that might be
1707 * still active and store new timeout value. The arming of
1708 * the timeout happens in the complete handler.
1709 */
1710 cancel_delayed_work(&hdev->discov_off);
1711 hdev->discov_timeout = timeout;
1712
b456f87c
JH		 1713 /* Limited discoverable mode */
1714 if (cp->val == 0x02)
1715 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1716 else
1717 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1718
bfaf8c9f
JH		 1719 hci_req_init(&req, hdev);
1720
9a43e25f
JH		 1721 /* The procedure for LE-only controllers is much simpler - just
1722 * update the advertising data.
1723 */
1724 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1725 goto update_ad;
1726
73f22f62
JH		 1727 scan = SCAN_PAGE;
1728
310a3d48
MH		 1729 if (cp->val) {
1730 struct hci_cp_write_current_iac_lap hci_cp;
1731
1732 if (cp->val == 0x02) {
1733 /* Limited discoverable mode */
33337dcb 1734 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1735 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1736 hci_cp.iac_lap[1] = 0x8b;
1737 hci_cp.iac_lap[2] = 0x9e;
1738 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1739 hci_cp.iac_lap[4] = 0x8b;
1740 hci_cp.iac_lap[5] = 0x9e;
1741 } else {
1742 /* General discoverable mode */
310a3d48
MH		 1743 hci_cp.num_iac = 1;
1744 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1745 hci_cp.iac_lap[1] = 0x8b;
1746 hci_cp.iac_lap[2] = 0x9e;
1747 }
1748
1749 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1750 (hci_cp.num_iac * 3) + 1, &hci_cp);
1751
73f22f62 1752 scan |= SCAN_INQUIRY;
310a3d48
MH		 1753 } else {
1754 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1755 }
73f22f62 1756
310a3d48 1757 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1758
9a43e25f
JH		 1759update_ad:
1760 update_adv_data(&req);
1761
bfaf8c9f 1762 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1763 if (err < 0)
a664b5bc 1764 mgmt_pending_remove(cmd);
73f22f62
JH		 1765
1766failed:
09fd0de5 1767 hci_dev_unlock(hdev);
73f22f62
JH		 1768 return err;
1769}
1770
406d7804
JH		 1771static void write_fast_connectable(struct hci_request *req, bool enable)
1772{
bd98b996 1773 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1774 struct hci_cp_write_page_scan_activity acp;
1775 u8 type;
1776
547003b1
JH		 1777 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1778 return;
1779
4c01f8b8
JH		 1780 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1781 return;
1782
406d7804
JH		 1783 if (enable) {
1784 type = PAGE_SCAN_TYPE_INTERLACED;
1785
1786 /* 160 msec page scan interval */
dcf4adbf 1787 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1788 } else {
1789 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1790
1791 /* default 1.28 sec page scan */
dcf4adbf 1792 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1793 }
1794
dcf4adbf 1795 acp.window = cpu_to_le16(0x0012);
406d7804 1796
bd98b996
JH		 1797 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1798 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1799 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1800 sizeof(acp), &acp);
1801
1802 if (hdev->page_scan_type != type)
1803 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1804}
1805
1904a853
MH		 1806static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1807 u16 opcode)
2b76f453 1808{
3b0602cd 1809 struct mgmt_pending_cmd *cmd;
d7b856f9 1810 struct mgmt_mode *cp;
bc6d2d04 1811 bool conn_changed, discov_changed;
2b76f453
JH		 1812
1813 BT_DBG("status 0x%02x", status);
1814
1815 hci_dev_lock(hdev);
1816
1817 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1818 if (!cmd)
1819 goto unlock;
1820
37438c1f
JH		 1821 if (status) {
1822 u8 mgmt_err = mgmt_status(status);
a69e8375 1823 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1824 goto remove_cmd;
1825 }
1826
d7b856f9 1827 cp = cmd->param;
bc6d2d04
JH		 1828 if (cp->val) {
1829 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1830 &hdev->dev_flags);
1831 discov_changed = false;
1832 } else {
1833 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1834 &hdev->dev_flags);
1835 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1836 &hdev->dev_flags);
1837 }
d7b856f9 1838
2b76f453
JH		 1839 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1840
bc6d2d04 1841 if (conn_changed || discov_changed) {
d7b856f9 1842 new_settings(hdev, cmd->sk);
1d2dc5b7 1843 hci_update_page_scan(hdev);
bc6d2d04
JH		 1844 if (discov_changed)
1845 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1846 hci_update_background_scan(hdev);
1847 }
d7b856f9 1848
37438c1f 1849remove_cmd:
2b76f453
JH		 1850 mgmt_pending_remove(cmd);
1851
1852unlock:
1853 hci_dev_unlock(hdev);
1854}
1855
e8ba3a1f
JH		 1856static int set_connectable_update_settings(struct hci_dev *hdev,
1857 struct sock *sk, u8 val)
1858{
1859 bool changed = false;
1860 int err;
1861
1862 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1863 changed = true;
1864
1865 if (val) {
1866 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1867 } else {
1868 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1869 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1870 }
1871
1872 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1873 if (err < 0)
1874 return err;
1875
562064e6 1876 if (changed) {
1d2dc5b7 1877 hci_update_page_scan(hdev);
562064e6 1878 hci_update_background_scan(hdev);
e8ba3a1f 1879 return new_settings(hdev, sk);
562064e6 1880 }
e8ba3a1f
JH		 1881
1882 return 0;
1883}
1884
bdb6d971 1885static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1886 u16 len)
9fbcbb45 1887{
650f726d 1888 struct mgmt_mode *cp = data;
3b0602cd 1889 struct mgmt_pending_cmd *cmd;
2b76f453 1890 struct hci_request req;
1987fdc7 1891 u8 scan;
9fbcbb45
JH		 1892 int err;
1893
bdb6d971 1894 BT_DBG("request for %s", hdev->name);
9fbcbb45 1895
1987fdc7
JH		 1896 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1897 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
a69e8375
JH		 1898 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1899 MGMT_STATUS_REJECTED);
33c525c0 1900
a7e80f25 1901 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1902 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1903 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1904
09fd0de5 1905 hci_dev_lock(hdev);
9fbcbb45 1906
4b34ee78 1907 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1908 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1909 goto failed;
1910 }
1911
2e58ef3e 1912 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1913 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1914 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1915 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1916 goto failed;
1917 }
1918
2e58ef3e 1919 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1920 if (!cmd) {
1921 err = -ENOMEM;
9fbcbb45 1922 goto failed;
366a0336 1923 }
9fbcbb45 1924
9b74246f 1925 hci_req_init(&req, hdev);
9fbcbb45 1926
9a43e25f
JH		 1927 /* If BR/EDR is not enabled and we disable advertising as a
1928 * by-product of disabling connectable, we need to update the
1929 * advertising flags.
1930 */
1931 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1932 if (!cp->val) {
1933 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1934 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1935 }
1936 update_adv_data(&req);
1937 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1938 if (cp->val) {
1939 scan = SCAN_PAGE;
1940 } else {
3bd27240
JH		 1941 /* If we don't have any whitelist entries just
1942 * disable all scanning. If there are entries
1943 * and we had both page and inquiry scanning
1944 * enabled then fall back to only page scanning.
1945 * Otherwise no changes are needed.
1946 */
1947 if (list_empty(&hdev->whitelist))
1948 scan = SCAN_DISABLED;
1949 else if (test_bit(HCI_ISCAN, &hdev->flags))
1950 scan = SCAN_PAGE;
1951 else
1952 goto no_scan_update;
9b74246f
JH		 1953
1954 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1955 hdev->discov_timeout > 0)
9b74246f
JH		 1956 cancel_delayed_work(&hdev->discov_off);
1957 }
2b76f453 1958
9b74246f
JH		 1959 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1960 }
2b76f453 1961
3bd27240 1962no_scan_update:
4c01f8b8
JH		 1963 /* If we're going from non-connectable to connectable or
1964 * vice-versa when fast connectable is enabled ensure that fast
1965 * connectable gets disabled. write_fast_connectable won't do
1966 * anything if the page scan parameters are already what they
1967 * should be.
1968 */
1969 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1970 write_fast_connectable(&req, false);
1971
e8b1202c
JH		 1972 /* Update the advertising parameters if necessary */
1973 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1987fdc7 1974 enable_advertising(&req);
1987fdc7 1975
2b76f453 1976 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1977 if (err < 0) {
a664b5bc 1978 mgmt_pending_remove(cmd);
9b74246f 1979 if (err == -ENODATA)
a81070ba
JH		 1980 err = set_connectable_update_settings(hdev, sk,
1981 cp->val);
9b74246f
JH		 1982 goto failed;
1983 }
9fbcbb45
JH		 1984
1985failed:
09fd0de5 1986 hci_dev_unlock(hdev);
9fbcbb45
JH		 1987 return err;
1988}
1989
b2939475 1990static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1991 u16 len)
c542a06c 1992{
650f726d 1993 struct mgmt_mode *cp = data;
55594356 1994 bool changed;
c542a06c
JH		 1995 int err;
1996
bdb6d971 1997 BT_DBG("request for %s", hdev->name);
c542a06c 1998
a7e80f25 1999 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2000 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2001 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2002
09fd0de5 2003 hci_dev_lock(hdev);
c542a06c
JH		 2004
2005 if (cp->val)
b6ae8457 2006 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 2007 else
b6ae8457 2008 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 2009
b2939475 2010 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 2011 if (err < 0)
55594356 2012 goto unlock;
c542a06c 2013
55594356
MH		 2014 if (changed)
2015 err = new_settings(hdev, sk);
c542a06c 2016
55594356 2017unlock:
09fd0de5 2018 hci_dev_unlock(hdev);
c542a06c
JH		 2019 return err;
2020}
2021
04124681
GP		 2022static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2023 u16 len)
33ef95ed
JH		 2024{
2025 struct mgmt_mode *cp = data;
3b0602cd 2026 struct mgmt_pending_cmd *cmd;
e6fe7986 2027 u8 val, status;
33ef95ed
JH		 2028 int err;
2029
bdb6d971 2030 BT_DBG("request for %s", hdev->name);
33ef95ed 2031
e6fe7986
JH		 2032 status = mgmt_bredr_support(hdev);
2033 if (status)
a69e8375
JH		 2034 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2035 status);
33c525c0 2036
a7e80f25 2037 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2038 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2039 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2040
33ef95ed
JH		 2041 hci_dev_lock(hdev);
2042
4b34ee78 2043 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2044 bool changed = false;
2045
2046 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 2047 &hdev->dev_flags)) {
47990ea0
JH		 2048 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
2049 changed = true;
2050 }
2051
2052 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2053 if (err < 0)
2054 goto failed;
2055
2056 if (changed)
2057 err = new_settings(hdev, sk);
2058
33ef95ed
JH		 2059 goto failed;
2060 }
2061
2062 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 2063 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2064 MGMT_STATUS_BUSY);
33ef95ed
JH		 2065 goto failed;
2066 }
2067
2068 val = !!cp->val;
2069
2070 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2071 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2072 goto failed;
2073 }
2074
2075 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2076 if (!cmd) {
2077 err = -ENOMEM;
2078 goto failed;
2079 }
2080
2081 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2082 if (err < 0) {
2083 mgmt_pending_remove(cmd);
2084 goto failed;
2085 }
2086
2087failed:
2088 hci_dev_unlock(hdev);
33ef95ed
JH		 2089 return err;
2090}
2091
bdb6d971 2092static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2093{
2094 struct mgmt_mode *cp = data;
3b0602cd 2095 struct mgmt_pending_cmd *cmd;
72ef0c1a 2096 u8 status;
ed2c4ee3
JH		 2097 int err;
2098
bdb6d971 2099 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2100
cdba5281
MH		 2101 status = mgmt_bredr_support(hdev);
2102 if (status)
a69e8375 2103 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 2104
13ecd8b6 2105 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2106 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2107 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2108
a7e80f25 2109 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2110 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2111 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2112
13ecd8b6 2113 hci_dev_lock(hdev);
6c8f12c1 2114
4b34ee78 2115 if (!hdev_is_powered(hdev)) {
9ecb3e24 2116 bool changed;
c0ecddc2 2117
9ecb3e24
MH		 2118 if (cp->val) {
2119 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2120 &hdev->dev_flags);
2121 } else {
2122 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2123 &hdev->dev_flags);
2124 if (!changed)
2125 changed = test_and_clear_bit(HCI_HS_ENABLED,
2126 &hdev->dev_flags);
2127 else
2128 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2129 }
2130
2131 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2132 if (err < 0)
2133 goto failed;
2134
2135 if (changed)
2136 err = new_settings(hdev, sk);
2137
ed2c4ee3
JH		 2138 goto failed;
2139 }
2140
94d52dad 2141 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2142 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2143 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2144 goto failed;
2145 }
2146
72ef0c1a 2147 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2148 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2149 goto failed;
2150 }
2151
2152 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2153 if (!cmd) {
2154 err = -ENOMEM;
2155 goto failed;
2156 }
2157
3769972b
JH		 2158 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2159 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2160 sizeof(cp->val), &cp->val);
2161
72ef0c1a 2162 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2163 if (err < 0) {
2164 mgmt_pending_remove(cmd);
2165 goto failed;
2166 }
2167
2168failed:
2169 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2170 return err;
2171}
2172
bdb6d971 2173static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2174{
2175 struct mgmt_mode *cp = data;
ee392693 2176 bool changed;
e6fe7986 2177 u8 status;
ee392693 2178 int err;
6d80dfd0 2179
bdb6d971 2180 BT_DBG("request for %s", hdev->name);
6d80dfd0 2181
e6fe7986
JH		 2182 status = mgmt_bredr_support(hdev);
2183 if (status)
a69e8375 2184 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2185
9ecb3e24 2186 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2187 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2188 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24
MH		 2189
2190 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
a69e8375
JH		 2191 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2192 MGMT_STATUS_REJECTED);
9ecb3e24 2193
a7e80f25 2194 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2195 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2196 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2197
ee392693
MH		 2198 hci_dev_lock(hdev);
2199
a2cb01de 2200 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2201 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2202 MGMT_STATUS_BUSY);
a2cb01de
JH		 2203 goto unlock;
2204 }
2205
a0cdf960 2206 if (cp->val) {
ee392693 2207 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2208 } else {
2209 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2210 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2211 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2212 goto unlock;
2213 }
2214
ee392693 2215 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2216 }
ee392693
MH		 2217
2218 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2219 if (err < 0)
2220 goto unlock;
2221
2222 if (changed)
2223 err = new_settings(hdev, sk);
6d80dfd0 2224
ee392693
MH		 2225unlock:
2226 hci_dev_unlock(hdev);
2227 return err;
6d80dfd0
JH		 2228}
2229
1904a853 2230static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2231{
2232 struct cmd_lookup match = { NULL, hdev };
2233
3ad67582
JK		 2234 hci_dev_lock(hdev);
2235
416a4ae5
JH		 2236 if (status) {
2237 u8 mgmt_err = mgmt_status(status);
2238
2239 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2240 &mgmt_err);
3ad67582 2241 goto unlock;
416a4ae5
JH		 2242 }
2243
2244 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2245
2246 new_settings(hdev, match.sk);
2247
2248 if (match.sk)
2249 sock_put(match.sk);
441ad2d0
MH		 2250
2251 /* Make sure the controller has a good default for
2252 * advertising data. Restrict the update to when LE
2253 * has actually been enabled. During power on, the
2254 * update in powered_update_hci will take care of it.
2255 */
2256 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2257 struct hci_request req;
2258
441ad2d0 2259 hci_req_init(&req, hdev);
5947f4bc 2260 update_adv_data(&req);
f14d8f64 2261 update_scan_rsp_data(&req);
2cf22218 2262 __hci_update_background_scan(&req);
441ad2d0 2263 hci_req_run(&req, NULL);
441ad2d0 2264 }
3ad67582
JK		 2265
2266unlock:
2267 hci_dev_unlock(hdev);
416a4ae5
JH		 2268}
2269
bdb6d971 2270static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2271{
2272 struct mgmt_mode *cp = data;
2273 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 2274 struct mgmt_pending_cmd *cmd;
416a4ae5 2275 struct hci_request req;
06199cf8 2276 int err;
0b60eba1 2277 u8 val, enabled;
06199cf8 2278
bdb6d971 2279 BT_DBG("request for %s", hdev->name);
06199cf8 2280
13ecd8b6 2281 if (!lmp_le_capable(hdev))
a69e8375
JH		 2282 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2283 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2284
a7e80f25 2285 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2286 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2287 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2288
c73eee91 2289 /* LE-only devices do not allow toggling LE on/off */
56f87901 2290 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
a69e8375
JH		 2291 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2292 MGMT_STATUS_REJECTED);
c73eee91 2293
13ecd8b6 2294 hci_dev_lock(hdev);
06199cf8
JH		 2295
2296 val = !!cp->val;
ffa88e02 2297 enabled = lmp_host_le_capable(hdev);
06199cf8 2298
0b60eba1 2299 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2300 bool changed = false;
2301
2302 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2303 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2304 changed = true;
2305 }
2306
f3d3444a
JH		 2307 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2308 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2309 changed = true;
2310 }
2311
06199cf8
JH		 2312 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2313 if (err < 0)
1de028ce 2314 goto unlock;
06199cf8
JH		 2315
2316 if (changed)
2317 err = new_settings(hdev, sk);
2318
1de028ce 2319 goto unlock;
06199cf8
JH		 2320 }
2321
4375f103
JH		 2322 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2323 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2324 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2325 MGMT_STATUS_BUSY);
1de028ce 2326 goto unlock;
06199cf8
JH		 2327 }
2328
2329 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2330 if (!cmd) {
2331 err = -ENOMEM;
1de028ce 2332 goto unlock;
06199cf8
JH		 2333 }
2334
441ad2d0
MH		 2335 hci_req_init(&req, hdev);
2336
06199cf8
JH		 2337 memset(&hci_cp, 0, sizeof(hci_cp));
2338
2339 if (val) {
2340 hci_cp.le = val;
32226e4f 2341 hci_cp.simul = 0x00;
441ad2d0 2342 } else {
73e082f8 2343 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
441ad2d0 2344 disable_advertising(&req);
06199cf8
JH		 2345 }
2346
416a4ae5
JH		 2347 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2348 &hci_cp);
2349
2350 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2351 if (err < 0)
06199cf8 2352 mgmt_pending_remove(cmd);
06199cf8 2353
1de028ce
JH		 2354unlock:
2355 hci_dev_unlock(hdev);
06199cf8
JH		 2356 return err;
2357}
2358
0cab9c80
JH		 2359/* This is a helper function to test for pending mgmt commands that can
2360 * cause CoD or EIR HCI commands. We can only allow one such pending
2361 * mgmt command at a time since otherwise we cannot easily track what
2362 * the current values are, will be, and based on that calculate if a new
2363 * HCI command needs to be sent and if yes with what value.
2364 */
2365static bool pending_eir_or_class(struct hci_dev *hdev)
2366{
3b0602cd 2367 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2368
2369 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2370 switch (cmd->opcode) {
2371 case MGMT_OP_ADD_UUID:
2372 case MGMT_OP_REMOVE_UUID:
2373 case MGMT_OP_SET_DEV_CLASS:
2374 case MGMT_OP_SET_POWERED:
2375 return true;
2376 }
2377 }
2378
2379 return false;
2380}
2381
83be8eca
JH		 2382static const u8 bluetooth_base_uuid[] = {
2383 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2384 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2385};
2386
2387static u8 get_uuid_size(const u8 *uuid)
2388{
2389 u32 val;
2390
2391 if (memcmp(uuid, bluetooth_base_uuid, 12))
2392 return 128;
2393
2394 val = get_unaligned_le32(&uuid[12]);
2395 if (val > 0xffff)
2396 return 32;
2397
2398 return 16;
2399}
2400
92da6097
JH		 2401static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2402{
3b0602cd 2403 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2404
2405 hci_dev_lock(hdev);
2406
2407 cmd = mgmt_pending_find(mgmt_op, hdev);
2408 if (!cmd)
2409 goto unlock;
2410
2a1afb5a
JH		 2411 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2412 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2413
2414 mgmt_pending_remove(cmd);
2415
2416unlock:
2417 hci_dev_unlock(hdev);
2418}
2419
1904a853 2420static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2421{
2422 BT_DBG("status 0x%02x", status);
2423
2424 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2425}
2426
bdb6d971 2427static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2428{
650f726d 2429 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2430 struct mgmt_pending_cmd *cmd;
890ea898 2431 struct hci_request req;
2aeb9a1a 2432 struct bt_uuid *uuid;
2aeb9a1a
JH		 2433 int err;
2434
bdb6d971 2435 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2436
09fd0de5 2437 hci_dev_lock(hdev);
2aeb9a1a 2438
0cab9c80 2439 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2440 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2441 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2442 goto failed;
2443 }
2444
92c4c204 2445 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2446 if (!uuid) {
2447 err = -ENOMEM;
2448 goto failed;
2449 }
2450
2451 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2452 uuid->svc_hint = cp->svc_hint;
83be8eca 2453 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2454
de66aa63 2455 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2456
890ea898 2457 hci_req_init(&req, hdev);
1aff6f09 2458
890ea898
JH		 2459 update_class(&req);
2460 update_eir(&req);
2461
92da6097
JH		 2462 err = hci_req_run(&req, add_uuid_complete);
2463 if (err < 0) {
2464 if (err != -ENODATA)
2465 goto failed;
80a1e1db 2466
2a1afb5a
JH		 2467 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2468 hdev->dev_class, 3);
90e70454
JH		 2469 goto failed;
2470 }
2471
2472 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2473 if (!cmd) {
90e70454 2474 err = -ENOMEM;
890ea898
JH		 2475 goto failed;
2476 }
2477
2478 err = 0;
2aeb9a1a
JH		 2479
2480failed:
09fd0de5 2481 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2482 return err;
2483}
2484
24b78d0f
JH		 2485static bool enable_service_cache(struct hci_dev *hdev)
2486{
2487 if (!hdev_is_powered(hdev))
2488 return false;
2489
2490 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2491 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2492 CACHE_TIMEOUT);
24b78d0f
JH		 2493 return true;
2494 }
2495
2496 return false;
2497}
2498
1904a853 2499static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2500{
2501 BT_DBG("status 0x%02x", status);
2502
2503 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2504}
2505
bdb6d971 2506static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2507 u16 len)
2aeb9a1a 2508{
650f726d 2509 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2510 struct mgmt_pending_cmd *cmd;
056341c8 2511 struct bt_uuid *match, *tmp;
2aeb9a1a 2512 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2513 struct hci_request req;
2aeb9a1a
JH		 2514 int err, found;
2515
bdb6d971 2516 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2517
09fd0de5 2518 hci_dev_lock(hdev);
2aeb9a1a 2519
0cab9c80 2520 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2521 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2522 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2523 goto unlock;
2524 }
2525
2aeb9a1a 2526 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2527 hci_uuids_clear(hdev);
4004b6d9 2528
24b78d0f 2529 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2530 err = mgmt_cmd_complete(sk, hdev->id,
2531 MGMT_OP_REMOVE_UUID,
2532 0, hdev->dev_class, 3);
24b78d0f
JH		 2533 goto unlock;
2534 }
4004b6d9 2535
9246a869 2536 goto update_class;
2aeb9a1a
JH		 2537 }
2538
2539 found = 0;
2540
056341c8 2541 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2542 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2543 continue;
2544
2545 list_del(&match->list);
482049f7 2546 kfree(match);
2aeb9a1a
JH		 2547 found++;
2548 }
2549
2550 if (found == 0) {
a69e8375
JH		 2551 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2552 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2553 goto unlock;
2554 }
2555
9246a869 2556update_class:
890ea898 2557 hci_req_init(&req, hdev);
1aff6f09 2558
890ea898
JH		 2559 update_class(&req);
2560 update_eir(&req);
2561
92da6097
JH		 2562 err = hci_req_run(&req, remove_uuid_complete);
2563 if (err < 0) {
2564 if (err != -ENODATA)
2565 goto unlock;
80a1e1db 2566
2a1afb5a
JH		 2567 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2568 hdev->dev_class, 3);
90e70454
JH		 2569 goto unlock;
2570 }
2571
2572 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2573 if (!cmd) {
90e70454 2574 err = -ENOMEM;
890ea898
JH		 2575 goto unlock;
2576 }
2577
2578 err = 0;
2aeb9a1a
JH		 2579
2580unlock:
09fd0de5 2581 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2582 return err;
2583}
2584
1904a853 2585static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2586{
2587 BT_DBG("status 0x%02x", status);
2588
2589 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2590}
2591
bdb6d971 2592static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2593 u16 len)
1aff6f09 2594{
650f726d 2595 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2596 struct mgmt_pending_cmd *cmd;
890ea898 2597 struct hci_request req;
1aff6f09
JH		 2598 int err;
2599
bdb6d971 2600 BT_DBG("request for %s", hdev->name);
1aff6f09 2601
6203fc98 2602 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2603 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2604 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2605
0cab9c80 2606 hci_dev_lock(hdev);
ee98f473 2607
0cab9c80 2608 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2609 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2610 MGMT_STATUS_BUSY);
0cab9c80
JH		 2611 goto unlock;
2612 }
c95f0ba7 2613
0cab9c80 2614 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2615 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2616 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2617 goto unlock;
2618 }
575b3a02 2619
932f5ff5
JH		 2620 hdev->major_class = cp->major;
2621 hdev->minor_class = cp->minor;
2622
b5235a65 2623 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2624 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2625 hdev->dev_class, 3);
b5235a65
JH		 2626 goto unlock;
2627 }
2628
890ea898
JH		 2629 hci_req_init(&req, hdev);
2630
a8b2d5c2 2631 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2632 hci_dev_unlock(hdev);
2633 cancel_delayed_work_sync(&hdev->service_cache);
2634 hci_dev_lock(hdev);
890ea898 2635 update_eir(&req);
7d78525d 2636 }
14c0b608 2637
890ea898
JH		 2638 update_class(&req);
2639
92da6097
JH		 2640 err = hci_req_run(&req, set_class_complete);
2641 if (err < 0) {
2642 if (err != -ENODATA)
2643 goto unlock;
1aff6f09 2644
2a1afb5a
JH		 2645 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2646 hdev->dev_class, 3);
90e70454
JH		 2647 goto unlock;
2648 }
2649
2650 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2651 if (!cmd) {
90e70454 2652 err = -ENOMEM;
890ea898
JH		 2653 goto unlock;
2654 }
2655
2656 err = 0;
1aff6f09 2657
b5235a65 2658unlock:
09fd0de5 2659 hci_dev_unlock(hdev);
1aff6f09
JH		 2660 return err;
2661}
2662
bdb6d971 2663static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2664 u16 len)
55ed8ca1 2665{
650f726d 2666 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2667 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2668 sizeof(struct mgmt_link_key_info));
4e51eae9 2669 u16 key_count, expected_len;
b1de97d8 2670 bool changed;
a492cd52 2671 int i;
55ed8ca1 2672
9060d5cf
MH		 2673 BT_DBG("request for %s", hdev->name);
2674
2675 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2676 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2677 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2678
1f350c87 2679 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2680 if (key_count > max_key_count) {
2681 BT_ERR("load_link_keys: too big key_count value %u",
2682 key_count);
a69e8375
JH		 2683 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2684 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2685 }
55ed8ca1 2686
86742e1e
JH		 2687 expected_len = sizeof(*cp) + key_count *
2688 sizeof(struct mgmt_link_key_info);
a492cd52 2689 if (expected_len != len) {
86742e1e 2690 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2691 expected_len, len);
a69e8375
JH		 2692 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2693 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2694 }
2695
4ae14301 2696 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2697 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2698 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2699
bdb6d971 2700 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2701 key_count);
55ed8ca1 2702
4ee71b20
JH		 2703 for (i = 0; i < key_count; i++) {
2704 struct mgmt_link_key_info *key = &cp->keys[i];
2705
8e991132 2706 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2707 return mgmt_cmd_status(sk, hdev->id,
2708 MGMT_OP_LOAD_LINK_KEYS,
2709 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2710 }
2711
09fd0de5 2712 hci_dev_lock(hdev);
55ed8ca1
JH		 2713
2714 hci_link_keys_clear(hdev);
2715
55ed8ca1 2716 if (cp->debug_keys)
0663b297
JH		 2717 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2718 &hdev->dev_flags);
55ed8ca1 2719 else
0663b297
JH		 2720 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2721 &hdev->dev_flags);
b1de97d8
MH		 2722
2723 if (changed)
2724 new_settings(hdev, NULL);
55ed8ca1 2725
a492cd52 2726 for (i = 0; i < key_count; i++) {
86742e1e 2727 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2728
58e9293c
JH		 2729 /* Always ignore debug keys and require a new pairing if
2730 * the user wants to use them.
2731 */
2732 if (key->type == HCI_LK_DEBUG_COMBINATION)
2733 continue;
2734
7652ff6a
JH		 2735 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2736 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2737 }
2738
2a1afb5a 2739 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2740
09fd0de5 2741 hci_dev_unlock(hdev);
55ed8ca1 2742
a492cd52 2743 return 0;
55ed8ca1
JH		 2744}
2745
b1078ad0 2746static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2747 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2748{
2749 struct mgmt_ev_device_unpaired ev;
2750
2751 bacpy(&ev.addr.bdaddr, bdaddr);
2752 ev.addr.type = addr_type;
2753
2754 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2755 skip_sk);
b1078ad0
JH		 2756}
2757
bdb6d971 2758static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2759 u16 len)
55ed8ca1 2760{
124f6e35
JH		 2761 struct mgmt_cp_unpair_device *cp = data;
2762 struct mgmt_rp_unpair_device rp;
a8a1d19e 2763 struct hci_cp_disconnect dc;
3b0602cd 2764 struct mgmt_pending_cmd *cmd;
55ed8ca1 2765 struct hci_conn *conn;
55ed8ca1
JH		 2766 int err;
2767
a8a1d19e 2768 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2769 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2770 rp.addr.type = cp->addr.type;
a8a1d19e 2771
4ee71b20 2772 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2773 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2774 MGMT_STATUS_INVALID_PARAMS,
2775 &rp, sizeof(rp));
4ee71b20 2776
118da70b 2777 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2778 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2779 MGMT_STATUS_INVALID_PARAMS,
2780 &rp, sizeof(rp));
118da70b 2781
4ee71b20
JH		 2782 hci_dev_lock(hdev);
2783
86a8cfc6 2784 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2785 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2786 MGMT_STATUS_NOT_POWERED, &rp,
2787 sizeof(rp));
86a8cfc6
JH		 2788 goto unlock;
2789 }
2790
e0b2b27e 2791 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2792 /* If disconnection is requested, then look up the
2793 * connection. If the remote device is connected, it
2794 * will be later used to terminate the link.
2795 *
2796 * Setting it to NULL explicitly will cause no
2797 * termination of the link.
2798 */
2799 if (cp->disconnect)
2800 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2801 &cp->addr.bdaddr);
2802 else
2803 conn = NULL;
2804
124f6e35 2805 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2806 } else {
2807 u8 addr_type;
2808
89cbb063
AA		 2809 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2810 &cp->addr.bdaddr);
2811 if (conn) {
2812 /* Defer clearing up the connection parameters
2813 * until closing to give a chance of keeping
2814 * them if a repairing happens.
2815 */
2816 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2817
2818 /* If disconnection is not requested, then
2819 * clear the connection variable so that the
2820 * link is not terminated.
2821 */
2822 if (!cp->disconnect)
2823 conn = NULL;
2824 }
2825
e0b2b27e
JH		 2826 if (cp->addr.type == BDADDR_LE_PUBLIC)
2827 addr_type = ADDR_LE_DEV_PUBLIC;
2828 else
2829 addr_type = ADDR_LE_DEV_RANDOM;
2830
a7ec7338
JH		 2831 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2832
e0b2b27e
JH		 2833 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2834 }
b0dbfb46 2835
55ed8ca1 2836 if (err < 0) {
2a1afb5a
JH		 2837 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2838 MGMT_STATUS_NOT_PAIRED, &rp,
2839 sizeof(rp));
55ed8ca1
JH		 2840 goto unlock;
2841 }
2842
89cbb063
AA		 2843 /* If the connection variable is set, then termination of the
2844 * link is requested.
2845 */
a8a1d19e 2846 if (!conn) {
2a1afb5a
JH		 2847 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2848 &rp, sizeof(rp));
b1078ad0 2849 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2850 goto unlock;
2851 }
55ed8ca1 2852
124f6e35 2853 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2854 sizeof(*cp));
a8a1d19e
JH		 2855 if (!cmd) {
2856 err = -ENOMEM;
2857 goto unlock;
55ed8ca1
JH		 2858 }
2859
d8b7b1e4
JH		 2860 cmd->cmd_complete = addr_cmd_complete;
2861
eb55ef07 2862 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2863 dc.reason = 0x13; /* Remote User Terminated Connection */
2864 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2865 if (err < 0)
2866 mgmt_pending_remove(cmd);
2867
55ed8ca1 2868unlock:
09fd0de5 2869 hci_dev_unlock(hdev);
55ed8ca1
JH		 2870 return err;
2871}
2872
bdb6d971 2873static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2874 u16 len)
8962ee74 2875{
650f726d 2876 struct mgmt_cp_disconnect *cp = data;
06a63b19 2877 struct mgmt_rp_disconnect rp;
3b0602cd 2878 struct mgmt_pending_cmd *cmd;
8962ee74 2879 struct hci_conn *conn;
8962ee74
JH		 2880 int err;
2881
2882 BT_DBG("");
2883
06a63b19
JH		 2884 memset(&rp, 0, sizeof(rp));
2885 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2886 rp.addr.type = cp->addr.type;
2887
4ee71b20 2888 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2889 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2890 MGMT_STATUS_INVALID_PARAMS,
2891 &rp, sizeof(rp));
4ee71b20 2892
09fd0de5 2893 hci_dev_lock(hdev);
8962ee74
JH		 2894
2895 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2896 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2897 MGMT_STATUS_NOT_POWERED, &rp,
2898 sizeof(rp));
8962ee74
JH		 2899 goto failed;
2900 }
2901
2e58ef3e 2902 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2903 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2904 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2905 goto failed;
2906 }
2907
591f47f3 2908 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2909 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2910 &cp->addr.bdaddr);
88c3df13
JH		 2911 else
2912 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2913
f960727e 2914 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2915 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2916 MGMT_STATUS_NOT_CONNECTED, &rp,
2917 sizeof(rp));
8962ee74
JH		 2918 goto failed;
2919 }
2920
2e58ef3e 2921 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2922 if (!cmd) {
2923 err = -ENOMEM;
8962ee74 2924 goto failed;
366a0336 2925 }
8962ee74 2926
f5818c22
JH		 2927 cmd->cmd_complete = generic_cmd_complete;
2928
e3f2f92a 2929 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2930 if (err < 0)
a664b5bc 2931 mgmt_pending_remove(cmd);
8962ee74
JH		 2932
2933failed:
09fd0de5 2934 hci_dev_unlock(hdev);
8962ee74
JH		 2935 return err;
2936}
2937
57c1477c 2938static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2939{
2940 switch (link_type) {
2941 case LE_LINK:
48264f06
JH		 2942 switch (addr_type) {
2943 case ADDR_LE_DEV_PUBLIC:
591f47f3 2944 return BDADDR_LE_PUBLIC;
0ed09148 2945
48264f06 2946 default:
0ed09148 2947 /* Fallback to LE Random address type */
591f47f3 2948 return BDADDR_LE_RANDOM;
48264f06 2949 }
0ed09148 2950
4c659c39 2951 default:
0ed09148 2952 /* Fallback to BR/EDR type */
591f47f3 2953 return BDADDR_BREDR;
4c659c39
JH		 2954 }
2955}
2956
04124681
GP		 2957static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2958 u16 data_len)
2784eb41 2959{
2784eb41 2960 struct mgmt_rp_get_connections *rp;
8035ded4 2961 struct hci_conn *c;
a38528f1 2962 size_t rp_len;
60fc5fb6
JH		 2963 int err;
2964 u16 i;
2784eb41
JH		 2965
2966 BT_DBG("");
2967
09fd0de5 2968 hci_dev_lock(hdev);
2784eb41 2969
5f97c1df 2970 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2971 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2972 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2973 goto unlock;
2974 }
2975
60fc5fb6 2976 i = 0;
b644ba33
JH		 2977 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2978 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2979 i++;
2784eb41
JH		 2980 }
2981
60fc5fb6 2982 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2983 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2984 if (!rp) {
2784eb41
JH		 2985 err = -ENOMEM;
2986 goto unlock;
2987 }
2988
2784eb41 2989 i = 0;
4c659c39 2990 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2991 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2992 continue;
4c659c39 2993 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2994 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2995 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2996 continue;
2997 i++;
2998 }
2999
eb55ef07 3000 rp->conn_count = cpu_to_le16(i);
60fc5fb6 3001
4c659c39
JH		 3002 /* Recalculate length in case of filtered SCO connections, etc */
3003 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 3004
2a1afb5a
JH		 3005 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3006 rp_len);
2784eb41 3007
a38528f1 3008 kfree(rp);
5f97c1df
JH		 3009
3010unlock:
09fd0de5 3011 hci_dev_unlock(hdev);
2784eb41
JH		 3012 return err;
3013}
3014
bdb6d971 3015static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3016 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 3017{
3b0602cd 3018 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 3019 int err;
3020
2e58ef3e 3021 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 3022 sizeof(*cp));
96d97a67
WR		 3023 if (!cmd)
3024 return -ENOMEM;
3025
d8457698 3026 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 3027 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 3028 if (err < 0)
3029 mgmt_pending_remove(cmd);
3030
3031 return err;
3032}
3033
bdb6d971 3034static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3035 u16 len)
980e1a53 3036{
96d97a67 3037 struct hci_conn *conn;
650f726d 3038 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3039 struct hci_cp_pin_code_reply reply;
3b0602cd 3040 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3041 int err;
3042
3043 BT_DBG("");
3044
09fd0de5 3045 hci_dev_lock(hdev);
980e1a53 3046
4b34ee78 3047 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3048 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3049 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3050 goto failed;
3051 }
3052
d8457698 3053 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3054 if (!conn) {
a69e8375
JH		 3055 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3056 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3057 goto failed;
3058 }
3059
3060 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3061 struct mgmt_cp_pin_code_neg_reply ncp;
3062
3063 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3064
3065 BT_ERR("PIN code is not 16 bytes long");
3066
bdb6d971 3067 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3068 if (err >= 0)
a69e8375
JH		 3069 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3070 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3071
3072 goto failed;
3073 }
3074
00abfe44 3075 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3076 if (!cmd) {
3077 err = -ENOMEM;
980e1a53 3078 goto failed;
366a0336 3079 }
980e1a53 3080
7776d1d8
JH		 3081 cmd->cmd_complete = addr_cmd_complete;
3082
d8457698 3083 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3084 reply.pin_len = cp->pin_len;
24718ca5 3085 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3086
3087 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3088 if (err < 0)
a664b5bc 3089 mgmt_pending_remove(cmd);
980e1a53
JH		 3090
3091failed:
09fd0de5 3092 hci_dev_unlock(hdev);
980e1a53
JH		 3093 return err;
3094}
3095
04124681
GP		 3096static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3097 u16 len)
17fa4b9d 3098{
650f726d 3099 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3100
3101 BT_DBG("");
3102
4ec86d4c 3103 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3104 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3105 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 3106
09fd0de5 3107 hci_dev_lock(hdev);
17fa4b9d
JH		 3108
3109 hdev->io_capability = cp->io_capability;
3110
3111 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3112 hdev->io_capability);
17fa4b9d 3113
09fd0de5 3114 hci_dev_unlock(hdev);
17fa4b9d 3115
2a1afb5a
JH		 3116 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3117 NULL, 0);
17fa4b9d
JH		 3118}
3119
3b0602cd 3120static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3121{
3122 struct hci_dev *hdev = conn->hdev;
3b0602cd 3123 struct mgmt_pending_cmd *cmd;
e9a416b5 3124
2e58ef3e 3125 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3126 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3127 continue;
3128
e9a416b5
JH		 3129 if (cmd->user_data != conn)
3130 continue;
3131
3132 return cmd;
3133 }
3134
3135 return NULL;
3136}
3137
3b0602cd 3138static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3139{
3140 struct mgmt_rp_pair_device rp;
3141 struct hci_conn *conn = cmd->user_data;
9df74653 3142 int err;
e9a416b5 3143
61b1a7fb
JH		 3144 bacpy(&rp.addr.bdaddr, &conn->dst);
3145 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3146
2a1afb5a
JH		 3147 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3148 status, &rp, sizeof(rp));
e9a416b5
JH		 3149
3150 /* So we don't get further callbacks for this connection */
3151 conn->connect_cfm_cb = NULL;
3152 conn->security_cfm_cb = NULL;
3153 conn->disconn_cfm_cb = NULL;
3154
76a68ba0 3155 hci_conn_drop(conn);
89cbb063
AA		 3156
3157 /* The device is paired so there is no need to remove
3158 * its connection parameters anymore.
3159 */
3160 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3161
3162 hci_conn_put(conn);
9df74653
JH		 3163
3164 return err;
e9a416b5
JH		 3165}
3166
f4a407be
JH		 3167void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3168{
3169 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3170 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3171
3172 cmd = find_pairing(conn);
a511b35b 3173 if (cmd) {
04ab2749 3174 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3175 mgmt_pending_remove(cmd);
3176 }
f4a407be
JH		 3177}
3178
e9a416b5
JH		 3179static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3180{
3b0602cd 3181 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3182
3183 BT_DBG("status %u", status);
3184
3185 cmd = find_pairing(conn);
a511b35b 3186 if (!cmd) {
e9a416b5 3187 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3188 return;
3189 }
3190
3191 cmd->cmd_complete(cmd, mgmt_status(status));
3192 mgmt_pending_remove(cmd);
e9a416b5
JH		 3193}
3194
f4a407be 3195static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3196{
3b0602cd 3197 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3198
3199 BT_DBG("status %u", status);
3200
3201 if (!status)
3202 return;
3203
3204 cmd = find_pairing(conn);
a511b35b 3205 if (!cmd) {
4c47d739 3206 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3207 return;
3208 }
3209
3210 cmd->cmd_complete(cmd, mgmt_status(status));
3211 mgmt_pending_remove(cmd);
4c47d739
VA		 3212}
3213
bdb6d971 3214static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3215 u16 len)
e9a416b5 3216{
650f726d 3217 struct mgmt_cp_pair_device *cp = data;
1425acb7 3218 struct mgmt_rp_pair_device rp;
3b0602cd 3219 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3220 u8 sec_level, auth_type;
3221 struct hci_conn *conn;
e9a416b5
JH		 3222 int err;
3223
3224 BT_DBG("");
3225
f950a30e
SJ		 3226 memset(&rp, 0, sizeof(rp));
3227 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3228 rp.addr.type = cp->addr.type;
3229
4ee71b20 3230 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3231 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3232 MGMT_STATUS_INVALID_PARAMS,
3233 &rp, sizeof(rp));
4ee71b20 3234
4ec86d4c 3235 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3236 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3237 MGMT_STATUS_INVALID_PARAMS,
3238 &rp, sizeof(rp));
4ec86d4c 3239
09fd0de5 3240 hci_dev_lock(hdev);
e9a416b5 3241
5f97c1df 3242 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3243 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3244 MGMT_STATUS_NOT_POWERED, &rp,
3245 sizeof(rp));
5f97c1df
JH		 3246 goto unlock;
3247 }
3248
c908df36 3249 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3250 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3251
6f77d8c7 3252 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3253 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3254 auth_type);
6f77d8c7
AG		 3255 } else {
3256 u8 addr_type;
3257
3258 /* Convert from L2CAP channel address type to HCI address type
3259 */
3260 if (cp->addr.type == BDADDR_LE_PUBLIC)
3261 addr_type = ADDR_LE_DEV_PUBLIC;
3262 else
3263 addr_type = ADDR_LE_DEV_RANDOM;
3264
7c264b10
MH		 3265 /* When pairing a new device, it is expected to remember
3266 * this device for future connections. Adding the connection
3267 * parameter information ahead of time allows tracking
3268 * of the slave preferred values and will speed up any
3269 * further connection establishment.
3270 *
3271 * If connection parameters already exist, then they
3272 * will be kept and this function does nothing.
3273 */
3274 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3275
6f77d8c7 3276 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3277 sec_level, HCI_LE_CONN_TIMEOUT,
3278 HCI_ROLE_MASTER);
6f77d8c7 3279 }
7a512d01 3280
30e76272 3281 if (IS_ERR(conn)) {
489dc48e
AK		 3282 int status;
3283
3284 if (PTR_ERR(conn) == -EBUSY)
3285 status = MGMT_STATUS_BUSY;
faa81030
LR		 3286 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3287 status = MGMT_STATUS_NOT_SUPPORTED;
3288 else if (PTR_ERR(conn) == -ECONNREFUSED)
3289 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3290 else
3291 status = MGMT_STATUS_CONNECT_FAILED;
3292
2a1afb5a
JH		 3293 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3294 status, &rp, sizeof(rp));
e9a416b5
JH		 3295 goto unlock;
3296 }
3297
3298 if (conn->connect_cfm_cb) {
76a68ba0 3299 hci_conn_drop(conn);
2a1afb5a
JH		 3300 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3301 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3302 goto unlock;
3303 }
3304
2e58ef3e 3305 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3306 if (!cmd) {
3307 err = -ENOMEM;
76a68ba0 3308 hci_conn_drop(conn);
e9a416b5
JH		 3309 goto unlock;
3310 }
3311
04ab2749
JH		 3312 cmd->cmd_complete = pairing_complete;
3313
7a512d01 3314 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3315 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3316 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3317 conn->security_cfm_cb = pairing_complete_cb;
3318 conn->disconn_cfm_cb = pairing_complete_cb;
3319 } else {
3320 conn->connect_cfm_cb = le_pairing_complete_cb;
3321 conn->security_cfm_cb = le_pairing_complete_cb;
3322 conn->disconn_cfm_cb = le_pairing_complete_cb;
3323 }
7a512d01 3324
e9a416b5 3325 conn->io_capability = cp->io_cap;
f8aaf9b6 3326 cmd->user_data = hci_conn_get(conn);
e9a416b5 3327
6f78fd4b 3328 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3329 hci_conn_security(conn, sec_level, auth_type, true)) {
3330 cmd->cmd_complete(cmd, 0);
3331 mgmt_pending_remove(cmd);
3332 }
e9a416b5
JH		 3333
3334 err = 0;
3335
3336unlock:
09fd0de5 3337 hci_dev_unlock(hdev);
e9a416b5
JH		 3338 return err;
3339}
3340
04124681
GP		 3341static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3342 u16 len)
28424707 3343{
0f4e68cf 3344 struct mgmt_addr_info *addr = data;
3b0602cd 3345 struct mgmt_pending_cmd *cmd;
28424707
JH		 3346 struct hci_conn *conn;
3347 int err;
3348
3349 BT_DBG("");
3350
28424707
JH		 3351 hci_dev_lock(hdev);
3352
5f97c1df 3353 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3354 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3355 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3356 goto unlock;
3357 }
3358
28424707
JH		 3359 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3360 if (!cmd) {
a69e8375
JH		 3361 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3362 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3363 goto unlock;
3364 }
3365
3366 conn = cmd->user_data;
3367
3368 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3369 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3370 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3371 goto unlock;
3372 }
3373
a511b35b
JH		 3374 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3375 mgmt_pending_remove(cmd);
28424707 3376
2a1afb5a
JH		 3377 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3378 addr, sizeof(*addr));
28424707
JH		 3379unlock:
3380 hci_dev_unlock(hdev);
28424707
JH		 3381 return err;
3382}
3383
bdb6d971 3384static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3385 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3386 u16 hci_op, __le32 passkey)
a5c29683 3387{
3b0602cd 3388 struct mgmt_pending_cmd *cmd;
0df4c185 3389 struct hci_conn *conn;
a5c29683
JH		 3390 int err;
3391
09fd0de5 3392 hci_dev_lock(hdev);
08ba5382 3393
4b34ee78 3394 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3395 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3396 MGMT_STATUS_NOT_POWERED, addr,
3397 sizeof(*addr));
0df4c185 3398 goto done;
a5c29683
JH		 3399 }
3400
1707c60e
JH		 3401 if (addr->type == BDADDR_BREDR)
3402 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3403 else
1707c60e 3404 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3405
3406 if (!conn) {
2a1afb5a
JH		 3407 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3408 MGMT_STATUS_NOT_CONNECTED, addr,
3409 sizeof(*addr));
272d90df
JH		 3410 goto done;
3411 }
47c15e2b 3412
1707c60e 3413 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3414 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3415 if (!err)
2a1afb5a
JH		 3416 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3417 MGMT_STATUS_SUCCESS, addr,
3418 sizeof(*addr));
5fe57d9e 3419 else
2a1afb5a
JH		 3420 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3421 MGMT_STATUS_FAILED, addr,
3422 sizeof(*addr));
47c15e2b 3423
47c15e2b
BG		 3424 goto done;
3425 }
3426
1707c60e 3427 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3428 if (!cmd) {
3429 err = -ENOMEM;
0df4c185 3430 goto done;
a5c29683
JH		 3431 }
3432
7776d1d8
JH		 3433 cmd->cmd_complete = addr_cmd_complete;
3434
0df4c185 3435 /* Continue with pairing via HCI */
604086b7
BG		 3436 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3437 struct hci_cp_user_passkey_reply cp;
3438
1707c60e 3439 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3440 cp.passkey = passkey;
3441 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3442 } else
1707c60e
JH		 3443 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3444 &addr->bdaddr);
604086b7 3445
a664b5bc
JH		 3446 if (err < 0)
3447 mgmt_pending_remove(cmd);
a5c29683 3448
0df4c185 3449done:
09fd0de5 3450 hci_dev_unlock(hdev);
a5c29683
JH		 3451 return err;
3452}
3453
afeb019d
JK		 3454static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3455 void *data, u16 len)
3456{
3457 struct mgmt_cp_pin_code_neg_reply *cp = data;
3458
3459 BT_DBG("");
3460
1707c60e 3461 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3462 MGMT_OP_PIN_CODE_NEG_REPLY,
3463 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3464}
3465
04124681
GP		 3466static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3467 u16 len)
0df4c185 3468{
650f726d 3469 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3470
3471 BT_DBG("");
3472
3473 if (len != sizeof(*cp))
a69e8375
JH		 3474 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3475 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3476
1707c60e 3477 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3478 MGMT_OP_USER_CONFIRM_REPLY,
3479 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3480}
3481
bdb6d971 3482static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3483 void *data, u16 len)
0df4c185 3484{
c9c2659f 3485 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3486
3487 BT_DBG("");
3488
1707c60e 3489 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3490 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3491 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3492}
3493
04124681
GP		 3494static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3495 u16 len)
604086b7 3496{
650f726d 3497 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3498
3499 BT_DBG("");
3500
1707c60e 3501 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3502 MGMT_OP_USER_PASSKEY_REPLY,
3503 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3504}
3505
bdb6d971 3506static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3507 void *data, u16 len)
604086b7 3508{
650f726d 3509 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3510
3511 BT_DBG("");
3512
1707c60e 3513 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3514 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3515 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3516}
3517
13928971 3518static void update_name(struct hci_request *req)
2b4bf397 3519{
13928971 3520 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3521 struct hci_cp_write_local_name cp;
3522
13928971 3523 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3524
890ea898 3525 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3526}
3527
1904a853 3528static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3529{
3530 struct mgmt_cp_set_local_name *cp;
3b0602cd 3531 struct mgmt_pending_cmd *cmd;
13928971
JH		 3532
3533 BT_DBG("status 0x%02x", status);
3534
3535 hci_dev_lock(hdev);
3536
3537 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3538 if (!cmd)
3539 goto unlock;
3540
3541 cp = cmd->param;
3542
3543 if (status)
a69e8375
JH		 3544 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3545 mgmt_status(status));
13928971 3546 else
2a1afb5a
JH		 3547 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3548 cp, sizeof(*cp));
13928971
JH		 3549
3550 mgmt_pending_remove(cmd);
3551
3552unlock:
3553 hci_dev_unlock(hdev);
3554}
3555
bdb6d971 3556static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3557 u16 len)
b312b161 3558{
2b4bf397 3559 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3560 struct mgmt_pending_cmd *cmd;
890ea898 3561 struct hci_request req;
b312b161
JH		 3562 int err;
3563
3564 BT_DBG("");
3565
09fd0de5 3566 hci_dev_lock(hdev);
b312b161 3567
b3f2ca94
JH		 3568 /* If the old values are the same as the new ones just return a
3569 * direct command complete event.
3570 */
3571 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3572 !memcmp(hdev->short_name, cp->short_name,
3573 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3574 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3575 data, len);
b3f2ca94
JH		 3576 goto failed;
3577 }
3578
2b4bf397 3579 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3580
b5235a65 3581 if (!hdev_is_powered(hdev)) {
2b4bf397 3582 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3583
2a1afb5a
JH		 3584 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3585 data, len);
28cc7bde
JH		 3586 if (err < 0)
3587 goto failed;
3588
3589 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3590 sk);
28cc7bde 3591
b5235a65
JH		 3592 goto failed;
3593 }
3594
28cc7bde 3595 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3596 if (!cmd) {
3597 err = -ENOMEM;
3598 goto failed;
3599 }
3600
13928971
JH		 3601 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3602
890ea898 3603 hci_req_init(&req, hdev);
3f985050
JH		 3604
3605 if (lmp_bredr_capable(hdev)) {
3606 update_name(&req);
3607 update_eir(&req);
3608 }
3609
7a5f4990
MH		 3610 /* The name is stored in the scan response data and so
3611 * no need to udpate the advertising data here.
3612 */
3f985050 3613 if (lmp_le_capable(hdev))
7a5f4990 3614 update_scan_rsp_data(&req);
3f985050 3615
13928971 3616 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3617 if (err < 0)
3618 mgmt_pending_remove(cmd);
3619
3620failed:
09fd0de5 3621 hci_dev_unlock(hdev);
b312b161
JH		 3622 return err;
3623}
3624
0f4e68cf 3625static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3626 void *data, u16 data_len)
c35938b2 3627{
3b0602cd 3628 struct mgmt_pending_cmd *cmd;
c35938b2
SJ		 3629 int err;
3630
bdb6d971 3631 BT_DBG("%s", hdev->name);
c35938b2 3632
09fd0de5 3633 hci_dev_lock(hdev);
c35938b2 3634
4b34ee78 3635 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3636 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3637 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3638 goto unlock;
3639 }
3640
9a1a1996 3641 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3642 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3643 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3644 goto unlock;
3645 }
3646
2e58ef3e 3647 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3648 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3649 MGMT_STATUS_BUSY);
c35938b2
SJ		 3650 goto unlock;
3651 }
3652
2e58ef3e 3653 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3654 if (!cmd) {
3655 err = -ENOMEM;
3656 goto unlock;
3657 }
3658
710f11c0 3659 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3660 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3661 0, NULL);
3662 else
3663 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3664
c35938b2
SJ		 3665 if (err < 0)
3666 mgmt_pending_remove(cmd);
3667
3668unlock:
09fd0de5 3669 hci_dev_unlock(hdev);
c35938b2
SJ		 3670 return err;
3671}
3672
bdb6d971 3673static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3674 void *data, u16 len)
2763eda6 3675{
5d57e796 3676 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3677 int err;
3678
bdb6d971 3679 BT_DBG("%s ", hdev->name);
2763eda6 3680
5d57e796 3681 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3682 return mgmt_cmd_complete(sk, hdev->id,
3683 MGMT_OP_ADD_REMOTE_OOB_DATA,
3684 MGMT_STATUS_INVALID_PARAMS,
3685 addr, sizeof(*addr));
5d57e796 3686
09fd0de5 3687 hci_dev_lock(hdev);
2763eda6 3688
ec109113
MH		 3689 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3690 struct mgmt_cp_add_remote_oob_data *cp = data;
3691 u8 status;
bf1e3541 3692
c19a495c 3693 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3694 err = mgmt_cmd_complete(sk, hdev->id,
3695 MGMT_OP_ADD_REMOTE_OOB_DATA,
3696 MGMT_STATUS_INVALID_PARAMS,
3697 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3698 goto unlock;
3699 }
3700
ec109113 3701 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3702 cp->addr.type, cp->hash,
3703 cp->rand, NULL, NULL);
ec109113
MH		 3704 if (err < 0)
3705 status = MGMT_STATUS_FAILED;
3706 else
3707 status = MGMT_STATUS_SUCCESS;
3708
2a1afb5a
JH		 3709 err = mgmt_cmd_complete(sk, hdev->id,
3710 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3711 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3712 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3713 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3714 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3715 u8 status;
3716
86df9200 3717 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3718 /* Enforce zero-valued 192-bit parameters as
3719 * long as legacy SMP OOB isn't implemented.
3720 */
3721 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3722 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3723 err = mgmt_cmd_complete(sk, hdev->id,
3724 MGMT_OP_ADD_REMOTE_OOB_DATA,
3725 MGMT_STATUS_INVALID_PARAMS,
3726 addr, sizeof(*addr));
d25b78e2
JH		 3727 goto unlock;
3728 }
3729
86df9200
JH		 3730 rand192 = NULL;
3731 hash192 = NULL;
3732 } else {
41bcfd50
MH		 3733 /* In case one of the P-192 values is set to zero,
3734 * then just disable OOB data for P-192.
3735 */
3736 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3737 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3738 rand192 = NULL;
3739 hash192 = NULL;
3740 } else {
3741 rand192 = cp->rand192;
3742 hash192 = cp->hash192;
3743 }
3744 }
3745
3746 /* In case one of the P-256 values is set to zero, then just
3747 * disable OOB data for P-256.
3748 */
3749 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3750 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3751 rand256 = NULL;
3752 hash256 = NULL;
3753 } else {
3754 rand256 = cp->rand256;
3755 hash256 = cp->hash256;
86df9200
JH		 3756 }
3757
81328d5c 3758 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3759 cp->addr.type, hash192, rand192,
41bcfd50 3760 hash256, rand256);
ec109113
MH		 3761 if (err < 0)
3762 status = MGMT_STATUS_FAILED;
3763 else
3764 status = MGMT_STATUS_SUCCESS;
3765
2a1afb5a
JH		 3766 err = mgmt_cmd_complete(sk, hdev->id,
3767 MGMT_OP_ADD_REMOTE_OOB_DATA,
3768 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3769 } else {
3770 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3771 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3772 MGMT_STATUS_INVALID_PARAMS);
ec109113 3773 }
2763eda6 3774
c19a495c 3775unlock:
09fd0de5 3776 hci_dev_unlock(hdev);
2763eda6
SJ		 3777 return err;
3778}
3779
bdb6d971 3780static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3781 void *data, u16 len)
2763eda6 3782{
650f726d 3783 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3784 u8 status;
2763eda6
SJ		 3785 int err;
3786
bdb6d971 3787 BT_DBG("%s", hdev->name);
2763eda6 3788
c19a495c 3789 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3790 return mgmt_cmd_complete(sk, hdev->id,
3791 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3792 MGMT_STATUS_INVALID_PARAMS,
3793 &cp->addr, sizeof(cp->addr));
c19a495c 3794
09fd0de5 3795 hci_dev_lock(hdev);
2763eda6 3796
eedbd581
JH		 3797 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3798 hci_remote_oob_data_clear(hdev);
3799 status = MGMT_STATUS_SUCCESS;
3800 goto done;
3801 }
3802
6928a924 3803 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3804 if (err < 0)
bf1e3541 3805 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3806 else
a6785be2 3807 status = MGMT_STATUS_SUCCESS;
bf1e3541 3808
eedbd581 3809done:
2a1afb5a
JH		 3810 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3811 status, &cp->addr, sizeof(cp->addr));
2763eda6 3812
09fd0de5 3813 hci_dev_unlock(hdev);
2763eda6
SJ		 3814 return err;
3815}
3816
8019044d 3817static bool trigger_discovery(struct hci_request *req, u8 *status)
41dc2bd6 3818{
8019044d
MH		 3819 struct hci_dev *hdev = req->hdev;
3820 struct hci_cp_le_set_scan_param param_cp;
3821 struct hci_cp_le_set_scan_enable enable_cp;
3822 struct hci_cp_inquiry inq_cp;
3823 /* General inquiry access code (GIAC) */
3824 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3825 u8 own_addr_type;
41dc2bd6
AG		 3826 int err;
3827
8019044d
MH		 3828 switch (hdev->discovery.type) {
3829 case DISCOV_TYPE_BREDR:
3830 *status = mgmt_bredr_support(hdev);
3831 if (*status)
3832 return false;
41dc2bd6 3833
8019044d
MH		 3834 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3835 *status = MGMT_STATUS_BUSY;
3836 return false;
3837 }
41dc2bd6 3838
8019044d 3839 hci_inquiry_cache_flush(hdev);
41dc2bd6 3840
8019044d
MH		 3841 memset(&inq_cp, 0, sizeof(inq_cp));
3842 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3843 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3844 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3845 break;
41dc2bd6 3846
8019044d
MH		 3847 case DISCOV_TYPE_LE:
3848 case DISCOV_TYPE_INTERLEAVED:
3849 *status = mgmt_le_support(hdev);
3850 if (*status)
3851 return false;
3852
3853 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3854 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3855 *status = MGMT_STATUS_NOT_SUPPORTED;
3856 return false;
3857 }
3858
3859 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3860 /* Don't let discovery abort an outgoing
3861 * connection attempt that's using directed
3862 * advertising.
3863 */
3864 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3865 BT_CONNECT)) {
3866 *status = MGMT_STATUS_REJECTED;
3867 return false;
3868 }
3869
3870 disable_advertising(req);
3871 }
3872
3873 /* If controller is scanning, it means the background scanning
3874 * is running. Thus, we should temporarily stop it in order to
3875 * set the discovery scanning parameters.
3876 */
3877 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3878 hci_req_add_le_scan_disable(req);
3879
3880 memset(&param_cp, 0, sizeof(param_cp));
3881
3882 /* All active scans will be done with either a resolvable
3883 * private address (when privacy feature has been enabled)
9437d2ed 3884 * or non-resolvable private address.
8019044d
MH		 3885 */
3886 err = hci_update_random_address(req, true, &own_addr_type);
3887 if (err < 0) {
3888 *status = MGMT_STATUS_FAILED;
3889 return false;
3890 }
3891
3892 param_cp.type = LE_SCAN_ACTIVE;
3893 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3894 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3895 param_cp.own_address_type = own_addr_type;
3896 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3897 &param_cp);
3898
3899 memset(&enable_cp, 0, sizeof(enable_cp));
3900 enable_cp.enable = LE_SCAN_ENABLE;
3901 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3902 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3903 &enable_cp);
3904 break;
3905
3906 default:
3907 *status = MGMT_STATUS_INVALID_PARAMS;
3908 return false;
3909 }
3910
3911 return true;
41dc2bd6
AG		 3912}
3913
1904a853
MH		 3914static void start_discovery_complete(struct hci_dev *hdev, u8 status,
3915 u16 opcode)
7c307720 3916{
3b0602cd 3917 struct mgmt_pending_cmd *cmd;
11e6e25d 3918 unsigned long timeout;
ae55f598 3919
7c307720
AG		 3920 BT_DBG("status %d", status);
3921
11e6e25d 3922 hci_dev_lock(hdev);
41dc2bd6 3923
11e6e25d 3924 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427
JP		 3925 if (!cmd)
3926 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3927
11e6e25d 3928 if (cmd) {
2922a94f 3929 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3930 mgmt_pending_remove(cmd);
3931 }
7c307720
AG		 3932
3933 if (status) {
11e6e25d
MH		 3934 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3935 goto unlock;
7c307720
AG		 3936 }
3937
7c307720 3938 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720 3939
2d28cfe7
JP		 3940 /* If the scan involves LE scan, pick proper timeout to schedule
3941 * hdev->le_scan_disable that will stop it.
3942 */
7c307720
AG		 3943 switch (hdev->discovery.type) {
3944 case DISCOV_TYPE_LE:
3d5a76f0 3945 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 3946 break;
7c307720 3947 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3948 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 3949 break;
7c307720 3950 case DISCOV_TYPE_BREDR:
11e6e25d 3951 timeout = 0;
7c307720 3952 break;
7c307720
AG		 3953 default:
3954 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 3955 timeout = 0;
3956 break;
7c307720 3957 }
ae55f598 3958
2d28cfe7
JP		 3959 if (timeout) {
3960 /* When service discovery is used and the controller has
3961 * a strict duplicate filter, it is important to remember
3962 * the start and duration of the scan. This is required
3963 * for restarting scanning during the discovery phase.
3964 */
3965 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
3966 &hdev->quirks) &&
82f8b651 3967 hdev->discovery.result_filtering) {
2d28cfe7
JP		 3968 hdev->discovery.scan_start = jiffies;
3969 hdev->discovery.scan_duration = timeout;
3970 }
3971
11e6e25d
MH		 3972 queue_delayed_work(hdev->workqueue,
3973 &hdev->le_scan_disable, timeout);
2d28cfe7 3974 }
ae55f598 3975
11e6e25d
MH		 3976unlock:
3977 hci_dev_unlock(hdev);
7c307720
AG		 3978}
3979
bdb6d971 3980static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3981 void *data, u16 len)
14a53664 3982{
650f726d 3983 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 3984 struct mgmt_pending_cmd *cmd;
7c307720 3985 struct hci_request req;
8019044d 3986 u8 status;
14a53664
JH		 3987 int err;
3988
bdb6d971 3989 BT_DBG("%s", hdev->name);
14a53664 3990
09fd0de5 3991 hci_dev_lock(hdev);
14a53664 3992
4b34ee78 3993 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3994 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3995 MGMT_STATUS_NOT_POWERED,
3996 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3997 goto failed;
3998 }
3999
f5a969f2
MH		 4000 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4001 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2a1afb5a
JH		 4002 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4003 MGMT_STATUS_BUSY, &cp->type,
4004 sizeof(cp->type));
642be6c7
AG		 4005 goto failed;
4006 }
4007
2922a94f 4008 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 4009 if (!cmd) {
4010 err = -ENOMEM;
4011 goto failed;
4012 }
4013
2922a94f
JH		 4014 cmd->cmd_complete = generic_cmd_complete;
4015
22078800
MH		 4016 /* Clear the discovery filter first to free any previously
4017 * allocated memory for the UUID list.
4018 */
4019 hci_discovery_filter_clear(hdev);
4020
4aab14e5 4021 hdev->discovery.type = cp->type;
da25cf6a 4022 hdev->discovery.report_invalid_rssi = false;
4aab14e5 4023
7c307720
AG		 4024 hci_req_init(&req, hdev);
4025
8019044d 4026 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4027 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4028 status, &cp->type, sizeof(cp->type));
04106755
JH		 4029 mgmt_pending_remove(cmd);
4030 goto failed;
f39799f5 4031 }
04106755 4032
7c307720 4033 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 4034 if (err < 0) {
14a53664 4035 mgmt_pending_remove(cmd);
f5a969f2
MH		 4036 goto failed;
4037 }
7c307720 4038
f5a969f2 4039 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 4040
14a53664 4041failed:
09fd0de5 4042 hci_dev_unlock(hdev);
14a53664
JH		 4043 return err;
4044}
f39799f5 4045
3b0602cd
JH		 4046static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4047 u8 status)
2922a94f 4048{
2a1afb5a
JH		 4049 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4050 cmd->param, 1);
2922a94f 4051}
04106755 4052
66ea9427
JP		 4053static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4054 void *data, u16 len)
4055{
4056 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 4057 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 4058 struct hci_request req;
4059 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4060 u16 uuid_count, expected_len;
4061 u8 status;
4062 int err;
04106755 4063
66ea9427 4064 BT_DBG("%s", hdev->name);
e8bb6b97 4065
66ea9427 4066 hci_dev_lock(hdev);
7c307720 4067
66ea9427 4068 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4069 err = mgmt_cmd_complete(sk, hdev->id,
4070 MGMT_OP_START_SERVICE_DISCOVERY,
4071 MGMT_STATUS_NOT_POWERED,
4072 &cp->type, sizeof(cp->type));
66ea9427
JP		 4073 goto failed;
4074 }
7c307720 4075
66ea9427
JP		 4076 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4077 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2a1afb5a
JH		 4078 err = mgmt_cmd_complete(sk, hdev->id,
4079 MGMT_OP_START_SERVICE_DISCOVERY,
4080 MGMT_STATUS_BUSY, &cp->type,
4081 sizeof(cp->type));
66ea9427
JP		 4082 goto failed;
4083 }
d9483943 4084
66ea9427
JP		 4085 uuid_count = __le16_to_cpu(cp->uuid_count);
4086 if (uuid_count > max_uuid_count) {
4087 BT_ERR("service_discovery: too big uuid_count value %u",
4088 uuid_count);
2a1afb5a
JH		 4089 err = mgmt_cmd_complete(sk, hdev->id,
4090 MGMT_OP_START_SERVICE_DISCOVERY,
4091 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4092 sizeof(cp->type));
66ea9427
JP		 4093 goto failed;
4094 }
4095
4096 expected_len = sizeof(*cp) + uuid_count * 16;
4097 if (expected_len != len) {
4098 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4099 expected_len, len);
2a1afb5a
JH		 4100 err = mgmt_cmd_complete(sk, hdev->id,
4101 MGMT_OP_START_SERVICE_DISCOVERY,
4102 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4103 sizeof(cp->type));
66ea9427
JP		 4104 goto failed;
4105 }
4106
4107 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4108 hdev, data, len);
66ea9427
JP		 4109 if (!cmd) {
4110 err = -ENOMEM;
4111 goto failed;
4112 }
4113
2922a94f
JH		 4114 cmd->cmd_complete = service_discovery_cmd_complete;
4115
22078800
MH		 4116 /* Clear the discovery filter first to free any previously
4117 * allocated memory for the UUID list.
4118 */
4119 hci_discovery_filter_clear(hdev);
4120
82f8b651 4121 hdev->discovery.result_filtering = true;
66ea9427
JP		 4122 hdev->discovery.type = cp->type;
4123 hdev->discovery.rssi = cp->rssi;
4124 hdev->discovery.uuid_count = uuid_count;
4125
4126 if (uuid_count > 0) {
4127 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4128 GFP_KERNEL);
4129 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4130 err = mgmt_cmd_complete(sk, hdev->id,
4131 MGMT_OP_START_SERVICE_DISCOVERY,
4132 MGMT_STATUS_FAILED,
4133 &cp->type, sizeof(cp->type));
d9483943
JH		 4134 mgmt_pending_remove(cmd);
4135 goto failed;
4136 }
66ea9427 4137 }
d9483943 4138
66ea9427 4139 hci_req_init(&req, hdev);
5e0452c0 4140
66ea9427 4141 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4142 err = mgmt_cmd_complete(sk, hdev->id,
4143 MGMT_OP_START_SERVICE_DISCOVERY,
4144 status, &cp->type, sizeof(cp->type));
04106755
JH		 4145 mgmt_pending_remove(cmd);
4146 goto failed;
f39799f5 4147 }
3fd24153 4148
7c307720 4149 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4150 if (err < 0) {
14a53664 4151 mgmt_pending_remove(cmd);
66ea9427
JP		 4152 goto failed;
4153 }
4154
4155 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4156
4157failed:
09fd0de5 4158 hci_dev_unlock(hdev);
14a53664
JH		 4159 return err;
4160}
4161
1904a853 4162static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1183fdca 4163{
3b0602cd 4164 struct mgmt_pending_cmd *cmd;
1183fdca 4165
0e05bba6
AG		 4166 BT_DBG("status %d", status);
4167
4168 hci_dev_lock(hdev);
4169
11e6e25d
MH		 4170 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4171 if (cmd) {
2922a94f 4172 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4173 mgmt_pending_remove(cmd);
0e05bba6
AG		 4174 }
4175
11e6e25d
MH		 4176 if (!status)
4177 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4178
0e05bba6
AG		 4179 hci_dev_unlock(hdev);
4180}
4181
bdb6d971 4182static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4183 u16 len)
14a53664 4184{
d930650b 4185 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4186 struct mgmt_pending_cmd *cmd;
0e05bba6 4187 struct hci_request req;
14a53664
JH		 4188 int err;
4189
bdb6d971 4190 BT_DBG("%s", hdev->name);
14a53664 4191
09fd0de5 4192 hci_dev_lock(hdev);
14a53664 4193
30dc78e1 4194 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4195 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4196 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4197 sizeof(mgmt_cp->type));
d930650b
JH		 4198 goto unlock;
4199 }
4200
4201 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4202 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4203 MGMT_STATUS_INVALID_PARAMS,
4204 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4205 goto unlock;
ff9ef578
JH		 4206 }
4207
2922a94f 4208 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4209 if (!cmd) {
4210 err = -ENOMEM;
30dc78e1
JH		 4211 goto unlock;
4212 }
4213
2922a94f
JH		 4214 cmd->cmd_complete = generic_cmd_complete;
4215
0e05bba6
AG		 4216 hci_req_init(&req, hdev);
4217
21a60d30 4218 hci_stop_discovery(&req);
e0d9727e 4219
21a60d30
JH		 4220 err = hci_req_run(&req, stop_discovery_complete);
4221 if (!err) {
4222 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4223 goto unlock;
14a53664
JH		 4224 }
4225
21a60d30
JH		 4226 mgmt_pending_remove(cmd);
4227
4228 /* If no HCI commands were sent we're done */
4229 if (err == -ENODATA) {
2a1afb5a
JH		 4230 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4231 &mgmt_cp->type, sizeof(mgmt_cp->type));
21a60d30
JH		 4232 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4233 }
14a53664 4234
30dc78e1 4235unlock:
09fd0de5 4236 hci_dev_unlock(hdev);
14a53664
JH		 4237 return err;
4238}
4239
bdb6d971 4240static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4241 u16 len)
561aafbc 4242{
650f726d 4243 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4244 struct inquiry_entry *e;
561aafbc
JH		 4245 int err;
4246
bdb6d971 4247 BT_DBG("%s", hdev->name);
561aafbc 4248
561aafbc
JH		 4249 hci_dev_lock(hdev);
4250
30dc78e1 4251 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4252 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4253 MGMT_STATUS_FAILED, &cp->addr,
4254 sizeof(cp->addr));
30dc78e1
JH		 4255 goto failed;
4256 }
4257
a198e7b1 4258 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4259 if (!e) {
2a1afb5a
JH		 4260 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4261 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4262 sizeof(cp->addr));
561aafbc
JH		 4263 goto failed;
4264 }
4265
4266 if (cp->name_known) {
4267 e->name_state = NAME_KNOWN;
4268 list_del(&e->list);
4269 } else {
4270 e->name_state = NAME_NEEDED;
a3d4e20a 4271 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4272 }
4273
2a1afb5a
JH		 4274 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4275 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4276
4277failed:
4278 hci_dev_unlock(hdev);
561aafbc
JH		 4279 return err;
4280}
4281
bdb6d971 4282static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4283 u16 len)
7fbec224 4284{
650f726d 4285 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4286 u8 status;
7fbec224
AJ		 4287 int err;
4288
bdb6d971 4289 BT_DBG("%s", hdev->name);
7fbec224 4290
4ee71b20 4291 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4292 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4293 MGMT_STATUS_INVALID_PARAMS,
4294 &cp->addr, sizeof(cp->addr));
4ee71b20 4295
09fd0de5 4296 hci_dev_lock(hdev);
5e762444 4297
dcc36c16
JH		 4298 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4299 cp->addr.type);
2a8357f2 4300 if (err < 0) {
f0eeea8b 4301 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4302 goto done;
4303 }
4304
4305 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4306 sk);
4307 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4308
2a8357f2 4309done:
2a1afb5a
JH		 4310 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4311 &cp->addr, sizeof(cp->addr));
5e762444 4312
09fd0de5 4313 hci_dev_unlock(hdev);
7fbec224
AJ		 4314
4315 return err;
4316}
4317
bdb6d971 4318static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4319 u16 len)
7fbec224 4320{
650f726d 4321 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4322 u8 status;
7fbec224
AJ		 4323 int err;
4324
bdb6d971 4325 BT_DBG("%s", hdev->name);
7fbec224 4326
4ee71b20 4327 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4328 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4329 MGMT_STATUS_INVALID_PARAMS,
4330 &cp->addr, sizeof(cp->addr));
4ee71b20 4331
09fd0de5 4332 hci_dev_lock(hdev);
5e762444 4333
dcc36c16
JH		 4334 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4335 cp->addr.type);
2a8357f2 4336 if (err < 0) {
f0eeea8b 4337 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4338 goto done;
4339 }
4340
4341 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4342 sk);
4343 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4344
2a8357f2 4345done:
2a1afb5a
JH		 4346 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4347 &cp->addr, sizeof(cp->addr));
5e762444 4348
09fd0de5 4349 hci_dev_unlock(hdev);
7fbec224
AJ		 4350
4351 return err;
4352}
4353
cdbaccca
MH		 4354static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4355 u16 len)
4356{
4357 struct mgmt_cp_set_device_id *cp = data;
890ea898 4358 struct hci_request req;
cdbaccca 4359 int err;
c72d4b8a 4360 __u16 source;
cdbaccca
MH		 4361
4362 BT_DBG("%s", hdev->name);
4363
c72d4b8a
SJ		 4364 source = __le16_to_cpu(cp->source);
4365
4366 if (source > 0x0002)
a69e8375
JH		 4367 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4368 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4369
cdbaccca
MH		 4370 hci_dev_lock(hdev);
4371
c72d4b8a 4372 hdev->devid_source = source;
cdbaccca
MH		 4373 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4374 hdev->devid_product = __le16_to_cpu(cp->product);
4375 hdev->devid_version = __le16_to_cpu(cp->version);
4376
2a1afb5a
JH		 4377 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4378 NULL, 0);
cdbaccca 4379
890ea898
JH		 4380 hci_req_init(&req, hdev);
4381 update_eir(&req);
4382 hci_req_run(&req, NULL);
cdbaccca
MH		 4383
4384 hci_dev_unlock(hdev);
4385
4386 return err;
4387}
4388
1904a853
MH		 4389static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4390 u16 opcode)
4375f103
JH		 4391{
4392 struct cmd_lookup match = { NULL, hdev };
4393
3ad67582
JK		 4394 hci_dev_lock(hdev);
4395
4375f103
JH		 4396 if (status) {
4397 u8 mgmt_err = mgmt_status(status);
4398
4399 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4400 cmd_status_rsp, &mgmt_err);
3ad67582 4401 goto unlock;
4375f103
JH		 4402 }
4403
c93bd150
JH		 4404 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4405 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4406 else
4407 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4408
4375f103
JH		 4409 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4410 &match);
4411
4412 new_settings(hdev, match.sk);
4413
4414 if (match.sk)
4415 sock_put(match.sk);
3ad67582
JK		 4416
4417unlock:
4418 hci_dev_unlock(hdev);
4375f103
JH		 4419}
4420
21b5187f
MH		 4421static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4422 u16 len)
4375f103
JH		 4423{
4424 struct mgmt_mode *cp = data;
3b0602cd 4425 struct mgmt_pending_cmd *cmd;
4375f103 4426 struct hci_request req;
e6fe7986 4427 u8 val, enabled, status;
4375f103
JH		 4428 int err;
4429
4430 BT_DBG("request for %s", hdev->name);
4431
e6fe7986
JH		 4432 status = mgmt_le_support(hdev);
4433 if (status)
a69e8375
JH		 4434 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4435 status);
4375f103
JH		 4436
4437 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4438 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4439 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4440
4441 hci_dev_lock(hdev);
4442
4443 val = !!cp->val;
f3d3444a 4444 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4445
f74ca9b8
JH		 4446 /* The following conditions are ones which mean that we should
4447 * not do any HCI communication but directly send a mgmt
4448 * response to user space (after toggling the flag if
4449 * necessary).
4450 */
4451 if (!hdev_is_powered(hdev) || val == enabled ||
e8bb6b97
JH		 4452 hci_conn_num(hdev, LE_LINK) > 0 ||
4453 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4454 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4375f103
JH		 4455 bool changed = false;
4456
f3d3444a
JH		 4457 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4458 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4459 changed = true;
4460 }
4461
4462 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4463 if (err < 0)
4464 goto unlock;
4465
4466 if (changed)
4467 err = new_settings(hdev, sk);
4468
4469 goto unlock;
4470 }
4471
4472 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4473 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4474 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4475 MGMT_STATUS_BUSY);
4375f103
JH		 4476 goto unlock;
4477 }
4478
4479 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4480 if (!cmd) {
4481 err = -ENOMEM;
4482 goto unlock;
4483 }
4484
4485 hci_req_init(&req, hdev);
4486
bba3aa55
MH		 4487 if (val)
4488 enable_advertising(&req);
4489 else
4490 disable_advertising(&req);
4375f103
JH		 4491
4492 err = hci_req_run(&req, set_advertising_complete);
4493 if (err < 0)
4494 mgmt_pending_remove(cmd);
4495
4496unlock:
4497 hci_dev_unlock(hdev);
4498 return err;
4499}
4500
d13eafce
MH		 4501static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4502 void *data, u16 len)
4503{
4504 struct mgmt_cp_set_static_address *cp = data;
4505 int err;
4506
4507 BT_DBG("%s", hdev->name);
4508
62af4443 4509 if (!lmp_le_capable(hdev))
a69e8375
JH		 4510 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4511 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4512
4513 if (hdev_is_powered(hdev))
a69e8375
JH		 4514 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4515 MGMT_STATUS_REJECTED);
d13eafce
MH		 4516
4517 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4518 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4519 return mgmt_cmd_status(sk, hdev->id,
4520 MGMT_OP_SET_STATIC_ADDRESS,
4521 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4522
4523 /* Two most significant bits shall be set */
4524 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4525 return mgmt_cmd_status(sk, hdev->id,
4526 MGMT_OP_SET_STATIC_ADDRESS,
4527 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4528 }
4529
4530 hci_dev_lock(hdev);
4531
4532 bacpy(&hdev->static_addr, &cp->bdaddr);
4533
93690c22
MH		 4534 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4535 if (err < 0)
4536 goto unlock;
4537
4538 err = new_settings(hdev, sk);
d13eafce 4539
93690c22 4540unlock:
d13eafce 4541 hci_dev_unlock(hdev);
d13eafce
MH		 4542 return err;
4543}
4544
14b49b9a
MH		 4545static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4546 void *data, u16 len)
4547{
4548 struct mgmt_cp_set_scan_params *cp = data;
4549 __u16 interval, window;
4550 int err;
4551
4552 BT_DBG("%s", hdev->name);
4553
4554 if (!lmp_le_capable(hdev))
a69e8375
JH		 4555 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4556 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4557
4558 interval = __le16_to_cpu(cp->interval);
4559
4560 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4561 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4562 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4563
4564 window = __le16_to_cpu(cp->window);
4565
4566 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4567 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4568 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4569
899e1075 4570 if (window > interval)
a69e8375
JH		 4571 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4572 MGMT_STATUS_INVALID_PARAMS);
899e1075 4573
14b49b9a
MH		 4574 hci_dev_lock(hdev);
4575
4576 hdev->le_scan_interval = interval;
4577 hdev->le_scan_window = window;
4578
2a1afb5a
JH		 4579 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4580 NULL, 0);
14b49b9a 4581
dd2ef8e2
AG		 4582 /* If background scan is running, restart it so new parameters are
4583 * loaded.
4584 */
4585 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4586 hdev->discovery.state == DISCOVERY_STOPPED) {
4587 struct hci_request req;
4588
4589 hci_req_init(&req, hdev);
4590
4591 hci_req_add_le_scan_disable(&req);
4592 hci_req_add_le_passive_scan(&req);
4593
4594 hci_req_run(&req, NULL);
4595 }
4596
14b49b9a
MH		 4597 hci_dev_unlock(hdev);
4598
4599 return err;
4600}
4601
1904a853
MH		 4602static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4603 u16 opcode)
33e38b3e 4604{
3b0602cd 4605 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4606
4607 BT_DBG("status 0x%02x", status);
4608
4609 hci_dev_lock(hdev);
4610
4611 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4612 if (!cmd)
4613 goto unlock;
4614
4615 if (status) {
a69e8375
JH		 4616 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4617 mgmt_status(status));
33e38b3e 4618 } else {
1a4d3c4b
JH		 4619 struct mgmt_mode *cp = cmd->param;
4620
4621 if (cp->val)
4622 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4623 else
4624 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4625
33e38b3e
JH		 4626 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4627 new_settings(hdev, cmd->sk);
4628 }
4629
4630 mgmt_pending_remove(cmd);
4631
4632unlock:
4633 hci_dev_unlock(hdev);
4634}
4635
bdb6d971 4636static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4637 void *data, u16 len)
f6422ec6 4638{
650f726d 4639 struct mgmt_mode *cp = data;
3b0602cd 4640 struct mgmt_pending_cmd *cmd;
33e38b3e 4641 struct hci_request req;
f6422ec6
AJ		 4642 int err;
4643
bdb6d971 4644 BT_DBG("%s", hdev->name);
f6422ec6 4645
56f87901
JH		 4646 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4647 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4648 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4649 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4650
a7e80f25 4651 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4652 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4653 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4654
5400c044 4655 if (!hdev_is_powered(hdev))
a69e8375
JH		 4656 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4657 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4658
4659 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
a69e8375
JH		 4660 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4661 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4662
4663 hci_dev_lock(hdev);
4664
05cbf29f 4665 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4666 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4667 MGMT_STATUS_BUSY);
05cbf29f
JH		 4668 goto unlock;
4669 }
4670
1a4d3c4b
JH		 4671 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4672 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4673 hdev);
4674 goto unlock;
4675 }
4676
33e38b3e
JH		 4677 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4678 data, len);
4679 if (!cmd) {
4680 err = -ENOMEM;
4681 goto unlock;
f6422ec6
AJ		 4682 }
4683
33e38b3e
JH		 4684 hci_req_init(&req, hdev);
4685
406d7804 4686 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4687
4688 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4689 if (err < 0) {
a69e8375
JH		 4690 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4691 MGMT_STATUS_FAILED);
33e38b3e 4692 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4693 }
4694
33e38b3e 4695unlock:
f6422ec6 4696 hci_dev_unlock(hdev);
33e38b3e 4697
f6422ec6
AJ		 4698 return err;
4699}
4700
1904a853 4701static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4702{
3b0602cd 4703 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4704
4705 BT_DBG("status 0x%02x", status);
4706
4707 hci_dev_lock(hdev);
4708
4709 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4710 if (!cmd)
4711 goto unlock;
4712
4713 if (status) {
4714 u8 mgmt_err = mgmt_status(status);
4715
4716 /* We need to restore the flag if related HCI commands
4717 * failed.
4718 */
4719 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4720
a69e8375 4721 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4722 } else {
4723 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4724 new_settings(hdev, cmd->sk);
4725 }
4726
4727 mgmt_pending_remove(cmd);
4728
4729unlock:
4730 hci_dev_unlock(hdev);
4731}
4732
4733static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4734{
4735 struct mgmt_mode *cp = data;
3b0602cd 4736 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4737 struct hci_request req;
4738 int err;
4739
4740 BT_DBG("request for %s", hdev->name);
4741
4742 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4743 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4744 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a
JH		 4745
4746 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
a69e8375
JH		 4747 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4748 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4749
4750 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4751 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4752 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4753
4754 hci_dev_lock(hdev);
4755
4756 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4757 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4758 goto unlock;
4759 }
4760
4761 if (!hdev_is_powered(hdev)) {
4762 if (!cp->val) {
0663ca2a
JH		 4763 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4764 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4765 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4766 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4767 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4768 }
4769
4770 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4771
4772 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4773 if (err < 0)
4774 goto unlock;
4775
4776 err = new_settings(hdev, sk);
4777 goto unlock;
4778 }
4779
4780 /* Reject disabling when powered on */
4781 if (!cp->val) {
a69e8375
JH		 4782 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4783 MGMT_STATUS_REJECTED);
0663ca2a 4784 goto unlock;
111e4bcc
MH		 4785 } else {
4786 /* When configuring a dual-mode controller to operate
4787 * with LE only and using a static address, then switching
4788 * BR/EDR back on is not allowed.
4789 *
4790 * Dual-mode controllers shall operate with the public
4791 * address as its identity address for BR/EDR and LE. So
4792 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4793 *
4794 * The same restrictions applies when secure connections
4795 * has been enabled. For BR/EDR this is a controller feature
4796 * while for LE it is a host stack feature. This means that
4797 * switching BR/EDR back on when secure connections has been
4798 * enabled is not a supported transaction.
111e4bcc
MH		 4799 */
4800 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
3a5486e1
MH		 4801 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4802 test_bit(HCI_SC_ENABLED, &hdev->dev_flags))) {
a69e8375
JH		 4803 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4804 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4805 goto unlock;
4806 }
0663ca2a
JH		 4807 }
4808
4809 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4810 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4811 MGMT_STATUS_BUSY);
0663ca2a
JH		 4812 goto unlock;
4813 }
4814
4815 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4816 if (!cmd) {
4817 err = -ENOMEM;
4818 goto unlock;
4819 }
4820
5947f4bc 4821 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4822 * generates the correct flags.
4823 */
4824 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4825
4826 hci_req_init(&req, hdev);
aa8af46e 4827
432df05e 4828 write_fast_connectable(&req, false);
1d2dc5b7 4829 __hci_update_page_scan(&req);
aa8af46e 4830
f14d8f64
MH		 4831 /* Since only the advertising data flags will change, there
4832 * is no need to update the scan response data.
4833 */
5947f4bc 4834 update_adv_data(&req);
aa8af46e 4835
0663ca2a
JH		 4836 err = hci_req_run(&req, set_bredr_complete);
4837 if (err < 0)
4838 mgmt_pending_remove(cmd);
4839
4840unlock:
4841 hci_dev_unlock(hdev);
4842 return err;
4843}
4844
a1443f5a
JH		 4845static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4846{
3b0602cd 4847 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4848 struct mgmt_mode *cp;
4849
4850 BT_DBG("%s status %u", hdev->name, status);
4851
4852 hci_dev_lock(hdev);
4853
4854 cmd = mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4855 if (!cmd)
4856 goto unlock;
4857
4858 if (status) {
a69e8375
JH		 4859 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4860 mgmt_status(status));
a1443f5a
JH		 4861 goto remove;
4862 }
4863
4864 cp = cmd->param;
4865
4866 switch (cp->val) {
4867 case 0x00:
4868 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
4869 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4870 break;
4871 case 0x01:
4872 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
4873 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4874 break;
4875 case 0x02:
4876 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
4877 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4878 break;
4879 }
4880
4881 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4882 new_settings(hdev, cmd->sk);
4883
4884remove:
4885 mgmt_pending_remove(cmd);
4886unlock:
4887 hci_dev_unlock(hdev);
4888}
4889
eac83dc6
MH		 4890static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4891 void *data, u16 len)
4892{
4893 struct mgmt_mode *cp = data;
3b0602cd 4894 struct mgmt_pending_cmd *cmd;
a1443f5a 4895 struct hci_request req;
a3209694 4896 u8 val;
eac83dc6
MH		 4897 int err;
4898
4899 BT_DBG("request for %s", hdev->name);
4900
05b3c3e7
MH		 4901 if (!lmp_sc_capable(hdev) &&
4902 !test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
a69e8375
JH		 4903 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4904 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 4905
ed93ec69 4906 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
59200286 4907 lmp_sc_capable(hdev) &&
ed93ec69 4908 !test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
a69e8375
JH		 4909 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4910 MGMT_STATUS_REJECTED);
ed93ec69 4911
0ab04a9c 4912 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 4913 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 4914 MGMT_STATUS_INVALID_PARAMS);
4915
4916 hci_dev_lock(hdev);
4917
05b3c3e7 4918 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
a3209694 4919 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
eac83dc6
MH		 4920 bool changed;
4921
0ab04a9c 4922 if (cp->val) {
eac83dc6
MH		 4923 changed = !test_and_set_bit(HCI_SC_ENABLED,
4924 &hdev->dev_flags);
0ab04a9c
MH		 4925 if (cp->val == 0x02)
4926 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4927 else
4928 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4929 } else {
eac83dc6
MH		 4930 changed = test_and_clear_bit(HCI_SC_ENABLED,
4931 &hdev->dev_flags);
0ab04a9c
MH		 4932 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4933 }
eac83dc6
MH		 4934
4935 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4936 if (err < 0)
4937 goto failed;
4938
4939 if (changed)
4940 err = new_settings(hdev, sk);
4941
4942 goto failed;
4943 }
4944
4945 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 4946 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4947 MGMT_STATUS_BUSY);
eac83dc6
MH		 4948 goto failed;
4949 }
4950
0ab04a9c
MH		 4951 val = !!cp->val;
4952
4953 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4954 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4955 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4956 goto failed;
4957 }
4958
4959 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4960 if (!cmd) {
4961 err = -ENOMEM;
4962 goto failed;
4963 }
4964
a1443f5a
JH		 4965 hci_req_init(&req, hdev);
4966 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4967 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 4968 if (err < 0) {
4969 mgmt_pending_remove(cmd);
4970 goto failed;
4971 }
4972
4973failed:
4974 hci_dev_unlock(hdev);
4975 return err;
4976}
4977
4e39ac81
MH		 4978static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4979 void *data, u16 len)
4980{
4981 struct mgmt_mode *cp = data;
b9710979 4982 bool changed, use_changed;
4e39ac81
MH		 4983 int err;
4984
4985 BT_DBG("request for %s", hdev->name);
4986
b9710979 4987 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4988 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4989 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 4990
4991 hci_dev_lock(hdev);
4992
4993 if (cp->val)
0663b297
JH		 4994 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4995 &hdev->dev_flags);
4e39ac81 4996 else
0663b297
JH		 4997 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4998 &hdev->dev_flags);
4e39ac81 4999
b9710979
JH		 5000 if (cp->val == 0x02)
5001 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
5002 &hdev->dev_flags);
5003 else
5004 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
5005 &hdev->dev_flags);
5006
5007 if (hdev_is_powered(hdev) && use_changed &&
5008 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
5009 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5010 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5011 sizeof(mode), &mode);
5012 }
5013
4e39ac81
MH		 5014 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5015 if (err < 0)
5016 goto unlock;
5017
5018 if (changed)
5019 err = new_settings(hdev, sk);
5020
5021unlock:
5022 hci_dev_unlock(hdev);
5023 return err;
5024}
5025
62b04cd1
JH		 5026static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5027 u16 len)
5028{
5029 struct mgmt_cp_set_privacy *cp = cp_data;
5030 bool changed;
5031 int err;
5032
5033 BT_DBG("request for %s", hdev->name);
5034
5035 if (!lmp_le_capable(hdev))
a69e8375
JH		 5036 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5037 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 5038
5039 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 5040 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5041 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 5042
5043 if (hdev_is_powered(hdev))
a69e8375
JH		 5044 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5045 MGMT_STATUS_REJECTED);
62b04cd1
JH		 5046
5047 hci_dev_lock(hdev);
5048
c21c0ea0
JH		 5049 /* If user space supports this command it is also expected to
5050 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5051 */
5052 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5053
62b04cd1
JH		 5054 if (cp->privacy) {
5055 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
5056 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5057 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5058 } else {
5059 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
5060 memset(hdev->irk, 0, sizeof(hdev->irk));
5061 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5062 }
5063
5064 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5065 if (err < 0)
5066 goto unlock;
5067
5068 if (changed)
5069 err = new_settings(hdev, sk);
5070
5071unlock:
5072 hci_dev_unlock(hdev);
5073 return err;
5074}
5075
41edf160
JH		 5076static bool irk_is_valid(struct mgmt_irk_info *irk)
5077{
5078 switch (irk->addr.type) {
5079 case BDADDR_LE_PUBLIC:
5080 return true;
5081
5082 case BDADDR_LE_RANDOM:
5083 /* Two most significant bits shall be set */
5084 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5085 return false;
5086 return true;
5087 }
5088
5089 return false;
5090}
5091
5092static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5093 u16 len)
5094{
5095 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5096 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5097 sizeof(struct mgmt_irk_info));
41edf160
JH		 5098 u16 irk_count, expected_len;
5099 int i, err;
5100
5101 BT_DBG("request for %s", hdev->name);
5102
5103 if (!lmp_le_capable(hdev))
a69e8375
JH		 5104 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5105 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5106
5107 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 5108 if (irk_count > max_irk_count) {
5109 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 5110 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5111 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5112 }
41edf160
JH		 5113
5114 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5115 if (expected_len != len) {
5116 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 5117 expected_len, len);
a69e8375
JH		 5118 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5119 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5120 }
5121
5122 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5123
5124 for (i = 0; i < irk_count; i++) {
5125 struct mgmt_irk_info *key = &cp->irks[i];
5126
5127 if (!irk_is_valid(key))
a69e8375
JH		 5128 return mgmt_cmd_status(sk, hdev->id,
5129 MGMT_OP_LOAD_IRKS,
5130 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5131 }
5132
5133 hci_dev_lock(hdev);
5134
5135 hci_smp_irks_clear(hdev);
5136
5137 for (i = 0; i < irk_count; i++) {
5138 struct mgmt_irk_info *irk = &cp->irks[i];
5139 u8 addr_type;
5140
5141 if (irk->addr.type == BDADDR_LE_PUBLIC)
5142 addr_type = ADDR_LE_DEV_PUBLIC;
5143 else
5144 addr_type = ADDR_LE_DEV_RANDOM;
5145
5146 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5147 BDADDR_ANY);
5148 }
5149
5150 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5151
2a1afb5a 5152 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5153
5154 hci_dev_unlock(hdev);
5155
5156 return err;
5157}
5158
3f706b72
JH		 5159static bool ltk_is_valid(struct mgmt_ltk_info *key)
5160{
5161 if (key->master != 0x00 && key->master != 0x01)
5162 return false;
490cb0b3
MH		 5163
5164 switch (key->addr.type) {
5165 case BDADDR_LE_PUBLIC:
5166 return true;
5167
5168 case BDADDR_LE_RANDOM:
5169 /* Two most significant bits shall be set */
5170 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5171 return false;
5172 return true;
5173 }
5174
5175 return false;
3f706b72
JH		 5176}
5177
bdb6d971 5178static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5179 void *cp_data, u16 len)
346af67b 5180{
346af67b 5181 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5182 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5183 sizeof(struct mgmt_ltk_info));
346af67b 5184 u16 key_count, expected_len;
715a5bf2 5185 int i, err;
346af67b 5186
cf99ba13
MH		 5187 BT_DBG("request for %s", hdev->name);
5188
5189 if (!lmp_le_capable(hdev))
a69e8375
JH		 5190 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5191 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5192
1f350c87 5193 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5194 if (key_count > max_key_count) {
5195 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 5196 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5197 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5198 }
346af67b
VCG		 5199
5200 expected_len = sizeof(*cp) + key_count *
5201 sizeof(struct mgmt_ltk_info);
5202 if (expected_len != len) {
5203 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5204 expected_len, len);
a69e8375
JH		 5205 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5206 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5207 }
5208
bdb6d971 5209 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5210
54ad6d8a
JH		 5211 for (i = 0; i < key_count; i++) {
5212 struct mgmt_ltk_info *key = &cp->keys[i];
5213
3f706b72 5214 if (!ltk_is_valid(key))
a69e8375
JH		 5215 return mgmt_cmd_status(sk, hdev->id,
5216 MGMT_OP_LOAD_LONG_TERM_KEYS,
5217 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5218 }
5219
346af67b
VCG		 5220 hci_dev_lock(hdev);
5221
5222 hci_smp_ltks_clear(hdev);
5223
5224 for (i = 0; i < key_count; i++) {
5225 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5226 u8 type, addr_type, authenticated;
79d95a19
MH		 5227
5228 if (key->addr.type == BDADDR_LE_PUBLIC)
5229 addr_type = ADDR_LE_DEV_PUBLIC;
5230 else
5231 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5232
61b43357
JH		 5233 switch (key->type) {
5234 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5235 authenticated = 0x00;
23fb8de3 5236 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5237 break;
5238 case MGMT_LTK_AUTHENTICATED:
d7b25450 5239 authenticated = 0x01;
23fb8de3
JH		 5240 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5241 break;
5242 case MGMT_LTK_P256_UNAUTH:
5243 authenticated = 0x00;
5244 type = SMP_LTK_P256;
61b43357 5245 break;
23fb8de3
JH		 5246 case MGMT_LTK_P256_AUTH:
5247 authenticated = 0x01;
5248 type = SMP_LTK_P256;
61b43357 5249 break;
23fb8de3
JH		 5250 case MGMT_LTK_P256_DEBUG:
5251 authenticated = 0x00;
5252 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5253 default:
5254 continue;
5255 }
d7b25450 5256
35d70271 5257 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5258 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5259 key->rand);
346af67b
VCG		 5260 }
5261
2a1afb5a 5262 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5263 NULL, 0);
5264
346af67b 5265 hci_dev_unlock(hdev);
346af67b 5266
715a5bf2 5267 return err;
346af67b
VCG		 5268}
5269
3b0602cd 5270static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5271{
dd983808 5272 struct hci_conn *conn = cmd->user_data;
9981bdb0 5273 struct mgmt_rp_get_conn_info rp;
9df74653 5274 int err;
dd983808 5275
9981bdb0 5276 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5277
9981bdb0 5278 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5279 rp.rssi = conn->rssi;
9981bdb0
JH		 5280 rp.tx_power = conn->tx_power;
5281 rp.max_tx_power = conn->max_tx_power;
5282 } else {
5283 rp.rssi = HCI_RSSI_INVALID;
5284 rp.tx_power = HCI_TX_POWER_INVALID;
5285 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5286 }
5287
2a1afb5a
JH		 5288 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5289 status, &rp, sizeof(rp));
dd983808
AK		 5290
5291 hci_conn_drop(conn);
f8aaf9b6 5292 hci_conn_put(conn);
9df74653
JH		 5293
5294 return err;
dd983808
AK		 5295}
5296
1904a853
MH		 5297static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5298 u16 opcode)
dd983808
AK		 5299{
5300 struct hci_cp_read_rssi *cp;
3b0602cd 5301 struct mgmt_pending_cmd *cmd;
dd983808 5302 struct hci_conn *conn;
dd983808 5303 u16 handle;
9981bdb0 5304 u8 status;
dd983808 5305
9981bdb0 5306 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5307
5308 hci_dev_lock(hdev);
5309
dd983808
AK		 5310 /* Commands sent in request are either Read RSSI or Read Transmit Power
5311 * Level so we check which one was last sent to retrieve connection
5312 * handle. Both commands have handle as first parameter so it's safe to
5313 * cast data on the same command struct.
5314 *
5315 * First command sent is always Read RSSI and we fail only if it fails.
5316 * In other case we simply override error to indicate success as we
5317 * already remembered if TX power value is actually valid.
5318 */
5319 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5320 if (!cp) {
5321 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5322 status = MGMT_STATUS_SUCCESS;
5323 } else {
5324 status = mgmt_status(hci_status);
dd983808
AK		 5325 }
5326
5327 if (!cp) {
9981bdb0 5328 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5329 goto unlock;
5330 }
5331
5332 handle = __le16_to_cpu(cp->handle);
5333 conn = hci_conn_hash_lookup_handle(hdev, handle);
5334 if (!conn) {
9981bdb0 5335 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5336 goto unlock;
5337 }
5338
9981bdb0
JH		 5339 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5340 if (!cmd)
5341 goto unlock;
dd983808 5342
9981bdb0
JH		 5343 cmd->cmd_complete(cmd, status);
5344 mgmt_pending_remove(cmd);
dd983808
AK		 5345
5346unlock:
5347 hci_dev_unlock(hdev);
5348}
5349
5350static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5351 u16 len)
5352{
5353 struct mgmt_cp_get_conn_info *cp = data;
5354 struct mgmt_rp_get_conn_info rp;
5355 struct hci_conn *conn;
5356 unsigned long conn_info_age;
5357 int err = 0;
5358
5359 BT_DBG("%s", hdev->name);
5360
5361 memset(&rp, 0, sizeof(rp));
5362 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5363 rp.addr.type = cp->addr.type;
5364
5365 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5366 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5367 MGMT_STATUS_INVALID_PARAMS,
5368 &rp, sizeof(rp));
dd983808
AK		 5369
5370 hci_dev_lock(hdev);
5371
5372 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5373 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5374 MGMT_STATUS_NOT_POWERED, &rp,
5375 sizeof(rp));
dd983808
AK		 5376 goto unlock;
5377 }
5378
5379 if (cp->addr.type == BDADDR_BREDR)
5380 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5381 &cp->addr.bdaddr);
5382 else
5383 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5384
5385 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5386 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5387 MGMT_STATUS_NOT_CONNECTED, &rp,
5388 sizeof(rp));
dd983808
AK		 5389 goto unlock;
5390 }
5391
9981bdb0 5392 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5393 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5394 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5395 goto unlock;
5396 }
5397
dd983808
AK		 5398 /* To avoid client trying to guess when to poll again for information we
5399 * calculate conn info age as random value between min/max set in hdev.
5400 */
5401 conn_info_age = hdev->conn_info_min_age +
5402 prandom_u32_max(hdev->conn_info_max_age -
5403 hdev->conn_info_min_age);
5404
5405 /* Query controller to refresh cached values if they are too old or were
5406 * never read.
5407 */
f4e2dd53
AK		 5408 if (time_after(jiffies, conn->conn_info_timestamp +
5409 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5410 !conn->conn_info_timestamp) {
5411 struct hci_request req;
5412 struct hci_cp_read_tx_power req_txp_cp;
5413 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5414 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5415
5416 hci_req_init(&req, hdev);
5417 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5418 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5419 &req_rssi_cp);
5420
f7faab0c
AK		 5421 /* For LE links TX power does not change thus we don't need to
5422 * query for it once value is known.
5423 */
5424 if (!bdaddr_type_is_le(cp->addr.type) ||
5425 conn->tx_power == HCI_TX_POWER_INVALID) {
5426 req_txp_cp.handle = cpu_to_le16(conn->handle);
5427 req_txp_cp.type = 0x00;
5428 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5429 sizeof(req_txp_cp), &req_txp_cp);
5430 }
dd983808 5431
eed5daf3
AK		 5432 /* Max TX power needs to be read only once per connection */
5433 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5434 req_txp_cp.handle = cpu_to_le16(conn->handle);
5435 req_txp_cp.type = 0x01;
5436 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5437 sizeof(req_txp_cp), &req_txp_cp);
5438 }
5439
dd983808
AK		 5440 err = hci_req_run(&req, conn_info_refresh_complete);
5441 if (err < 0)
5442 goto unlock;
5443
5444 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5445 data, len);
5446 if (!cmd) {
5447 err = -ENOMEM;
5448 goto unlock;
5449 }
5450
5451 hci_conn_hold(conn);
f8aaf9b6 5452 cmd->user_data = hci_conn_get(conn);
9981bdb0 5453 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5454
5455 conn->conn_info_timestamp = jiffies;
5456 } else {
5457 /* Cache is valid, just reply with values cached in hci_conn */
5458 rp.rssi = conn->rssi;
5459 rp.tx_power = conn->tx_power;
eed5daf3 5460 rp.max_tx_power = conn->max_tx_power;
dd983808 5461
2a1afb5a
JH		 5462 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5463 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5464 }
5465
5466unlock:
5467 hci_dev_unlock(hdev);
5468 return err;
5469}
5470
3b0602cd 5471static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5472{
69487371 5473 struct hci_conn *conn = cmd->user_data;
95868426 5474 struct mgmt_rp_get_clock_info rp;
69487371 5475 struct hci_dev *hdev;
9df74653 5476 int err;
69487371
JH		 5477
5478 memset(&rp, 0, sizeof(rp));
5479 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5480
5481 if (status)
5482 goto complete;
5483
5484 hdev = hci_dev_get(cmd->index);
5485 if (hdev) {
5486 rp.local_clock = cpu_to_le32(hdev->clock);
5487 hci_dev_put(hdev);
5488 }
5489
5490 if (conn) {
5491 rp.piconet_clock = cpu_to_le32(conn->clock);
5492 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5493 }
5494
5495complete:
2a1afb5a
JH		 5496 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5497 sizeof(rp));
69487371
JH		 5498
5499 if (conn) {
5500 hci_conn_drop(conn);
5501 hci_conn_put(conn);
5502 }
9df74653
JH		 5503
5504 return err;
69487371
JH		 5505}
5506
1904a853 5507static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5508{
95868426 5509 struct hci_cp_read_clock *hci_cp;
3b0602cd 5510 struct mgmt_pending_cmd *cmd;
95868426
JH		 5511 struct hci_conn *conn;
5512
5513 BT_DBG("%s status %u", hdev->name, status);
5514
5515 hci_dev_lock(hdev);
5516
5517 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5518 if (!hci_cp)
5519 goto unlock;
5520
5521 if (hci_cp->which) {
5522 u16 handle = __le16_to_cpu(hci_cp->handle);
5523 conn = hci_conn_hash_lookup_handle(hdev, handle);
5524 } else {
5525 conn = NULL;
5526 }
5527
5528 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5529 if (!cmd)
5530 goto unlock;
5531
69487371 5532 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5533 mgmt_pending_remove(cmd);
95868426
JH		 5534
5535unlock:
5536 hci_dev_unlock(hdev);
5537}
5538
5539static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5540 u16 len)
5541{
5542 struct mgmt_cp_get_clock_info *cp = data;
5543 struct mgmt_rp_get_clock_info rp;
5544 struct hci_cp_read_clock hci_cp;
3b0602cd 5545 struct mgmt_pending_cmd *cmd;
95868426
JH		 5546 struct hci_request req;
5547 struct hci_conn *conn;
5548 int err;
5549
5550 BT_DBG("%s", hdev->name);
5551
5552 memset(&rp, 0, sizeof(rp));
5553 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5554 rp.addr.type = cp->addr.type;
5555
5556 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5557 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5558 MGMT_STATUS_INVALID_PARAMS,
5559 &rp, sizeof(rp));
95868426
JH		 5560
5561 hci_dev_lock(hdev);
5562
5563 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5564 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5565 MGMT_STATUS_NOT_POWERED, &rp,
5566 sizeof(rp));
95868426
JH		 5567 goto unlock;
5568 }
5569
5570 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5571 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5572 &cp->addr.bdaddr);
5573 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5574 err = mgmt_cmd_complete(sk, hdev->id,
5575 MGMT_OP_GET_CLOCK_INFO,
5576 MGMT_STATUS_NOT_CONNECTED,
5577 &rp, sizeof(rp));
95868426
JH		 5578 goto unlock;
5579 }
5580 } else {
5581 conn = NULL;
5582 }
5583
5584 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5585 if (!cmd) {
5586 err = -ENOMEM;
5587 goto unlock;
5588 }
5589
69487371
JH		 5590 cmd->cmd_complete = clock_info_cmd_complete;
5591
95868426
JH		 5592 hci_req_init(&req, hdev);
5593
5594 memset(&hci_cp, 0, sizeof(hci_cp));
5595 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5596
5597 if (conn) {
5598 hci_conn_hold(conn);
f8aaf9b6 5599 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5600
5601 hci_cp.handle = cpu_to_le16(conn->handle);
5602 hci_cp.which = 0x01; /* Piconet clock */
5603 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5604 }
5605
5606 err = hci_req_run(&req, get_clock_info_complete);
5607 if (err < 0)
5608 mgmt_pending_remove(cmd);
5609
5610unlock:
5611 hci_dev_unlock(hdev);
5612 return err;
5613}
5614
5a154e6f
JH		 5615static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5616{
5617 struct hci_conn *conn;
5618
5619 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5620 if (!conn)
5621 return false;
5622
5623 if (conn->dst_type != type)
5624 return false;
5625
5626 if (conn->state != BT_CONNECTED)
5627 return false;
5628
5629 return true;
5630}
5631
5632/* This function requires the caller holds hdev->lock */
5633static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5634 u8 addr_type, u8 auto_connect)
5635{
5636 struct hci_dev *hdev = req->hdev;
5637 struct hci_conn_params *params;
5638
5639 params = hci_conn_params_add(hdev, addr, addr_type);
5640 if (!params)
5641 return -EIO;
5642
5643 if (params->auto_connect == auto_connect)
5644 return 0;
5645
5646 list_del_init(&params->action);
5647
5648 switch (auto_connect) {
5649 case HCI_AUTO_CONN_DISABLED:
5650 case HCI_AUTO_CONN_LINK_LOSS:
5651 __hci_update_background_scan(req);
5652 break;
5653 case HCI_AUTO_CONN_REPORT:
5654 list_add(&params->action, &hdev->pend_le_reports);
5655 __hci_update_background_scan(req);
5656 break;
5657 case HCI_AUTO_CONN_DIRECT:
5658 case HCI_AUTO_CONN_ALWAYS:
5659 if (!is_connected(hdev, addr, addr_type)) {
5660 list_add(&params->action, &hdev->pend_le_conns);
5661 __hci_update_background_scan(req);
5662 }
5663 break;
5664 }
5665
5666 params->auto_connect = auto_connect;
5667
5668 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5669 auto_connect);
5670
5671 return 0;
5672}
5673
8afef092
MH		 5674static void device_added(struct sock *sk, struct hci_dev *hdev,
5675 bdaddr_t *bdaddr, u8 type, u8 action)
5676{
5677 struct mgmt_ev_device_added ev;
5678
5679 bacpy(&ev.addr.bdaddr, bdaddr);
5680 ev.addr.type = type;
5681 ev.action = action;
5682
5683 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5684}
5685
1904a853 5686static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5a154e6f 5687{
3b0602cd 5688 struct mgmt_pending_cmd *cmd;
5a154e6f
JH		 5689
5690 BT_DBG("status 0x%02x", status);
5691
5692 hci_dev_lock(hdev);
5693
5694 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
5695 if (!cmd)
5696 goto unlock;
5697
5698 cmd->cmd_complete(cmd, mgmt_status(status));
5699 mgmt_pending_remove(cmd);
5700
5701unlock:
5702 hci_dev_unlock(hdev);
5703}
5704
2faade53
MH		 5705static int add_device(struct sock *sk, struct hci_dev *hdev,
5706 void *data, u16 len)
5707{
5708 struct mgmt_cp_add_device *cp = data;
3b0602cd 5709 struct mgmt_pending_cmd *cmd;
5a154e6f 5710 struct hci_request req;
2faade53
MH		 5711 u8 auto_conn, addr_type;
5712 int err;
5713
5714 BT_DBG("%s", hdev->name);
5715
6659358e 5716 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5717 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5718 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5719 MGMT_STATUS_INVALID_PARAMS,
5720 &cp->addr, sizeof(cp->addr));
2faade53 5721
4b9e7e75 5722 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5723 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5724 MGMT_STATUS_INVALID_PARAMS,
5725 &cp->addr, sizeof(cp->addr));
2faade53 5726
5a154e6f
JH		 5727 hci_req_init(&req, hdev);
5728
2faade53
MH		 5729 hci_dev_lock(hdev);
5730
5a154e6f
JH		 5731 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5732 if (!cmd) {
5733 err = -ENOMEM;
5734 goto unlock;
5735 }
5736
5737 cmd->cmd_complete = addr_cmd_complete;
5738
6659358e 5739 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5740 /* Only incoming connections action is supported for now */
6659358e 5741 if (cp->action != 0x01) {
9df74653
JH		 5742 err = cmd->cmd_complete(cmd,
5743 MGMT_STATUS_INVALID_PARAMS);
5a154e6f 5744 mgmt_pending_remove(cmd);
6659358e
JH		 5745 goto unlock;
5746 }
5747
5748 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5749 cp->addr.type);
5750 if (err)
5751 goto unlock;
a397407f 5752
5a154e6f 5753 __hci_update_page_scan(&req);
a397407f 5754
6659358e
JH		 5755 goto added;
5756 }
5757
2faade53
MH		 5758 if (cp->addr.type == BDADDR_LE_PUBLIC)
5759 addr_type = ADDR_LE_DEV_PUBLIC;
5760 else
5761 addr_type = ADDR_LE_DEV_RANDOM;
5762
4b9e7e75 5763 if (cp->action == 0x02)
2faade53 5764 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5765 else if (cp->action == 0x01)
5766 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5767 else
a3451d27 5768 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5769
bf5b3c8b
MH		 5770 /* If the connection parameters don't exist for this device,
5771 * they will be created and configured with defaults.
5772 */
5a154e6f 5773 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
d06b50ce 5774 auto_conn) < 0) {
9df74653 5775 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5a154e6f 5776 mgmt_pending_remove(cmd);
2faade53
MH		 5777 goto unlock;
5778 }
5779
6659358e 5780added:
8afef092
MH		 5781 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5782
5a154e6f
JH		 5783 err = hci_req_run(&req, add_device_complete);
5784 if (err < 0) {
5785 /* ENODATA means no HCI commands were needed (e.g. if
5786 * the adapter is powered off).
5787 */
9df74653
JH		 5788 if (err == -ENODATA)
5789 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5a154e6f
JH		 5790 mgmt_pending_remove(cmd);
5791 }
2faade53
MH		 5792
5793unlock:
5794 hci_dev_unlock(hdev);
5795 return err;
5796}
5797
8afef092
MH		 5798static void device_removed(struct sock *sk, struct hci_dev *hdev,
5799 bdaddr_t *bdaddr, u8 type)
5800{
5801 struct mgmt_ev_device_removed ev;
5802
5803 bacpy(&ev.addr.bdaddr, bdaddr);
5804 ev.addr.type = type;
5805
5806 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5807}
5808
1904a853 5809static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
51ef3ebe 5810{
3b0602cd 5811 struct mgmt_pending_cmd *cmd;
51ef3ebe
JH		 5812
5813 BT_DBG("status 0x%02x", status);
5814
5815 hci_dev_lock(hdev);
5816
5817 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
5818 if (!cmd)
5819 goto unlock;
5820
5821 cmd->cmd_complete(cmd, mgmt_status(status));
5822 mgmt_pending_remove(cmd);
5823
5824unlock:
5825 hci_dev_unlock(hdev);
5826}
5827
2faade53
MH		 5828static int remove_device(struct sock *sk, struct hci_dev *hdev,
5829 void *data, u16 len)
5830{
5831 struct mgmt_cp_remove_device *cp = data;
3b0602cd 5832 struct mgmt_pending_cmd *cmd;
51ef3ebe 5833 struct hci_request req;
2faade53
MH		 5834 int err;
5835
5836 BT_DBG("%s", hdev->name);
5837
51ef3ebe
JH		 5838 hci_req_init(&req, hdev);
5839
2faade53
MH		 5840 hci_dev_lock(hdev);
5841
51ef3ebe
JH		 5842 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5843 if (!cmd) {
5844 err = -ENOMEM;
5845 goto unlock;
5846 }
5847
5848 cmd->cmd_complete = addr_cmd_complete;
5849
2faade53 5850 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5851 struct hci_conn_params *params;
2faade53
MH		 5852 u8 addr_type;
5853
6659358e 5854 if (!bdaddr_type_is_valid(cp->addr.type)) {
9df74653
JH		 5855 err = cmd->cmd_complete(cmd,
5856 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5857 mgmt_pending_remove(cmd);
2faade53
MH		 5858 goto unlock;
5859 }
5860
6659358e
JH		 5861 if (cp->addr.type == BDADDR_BREDR) {
5862 err = hci_bdaddr_list_del(&hdev->whitelist,
5863 &cp->addr.bdaddr,
5864 cp->addr.type);
5865 if (err) {
9df74653
JH		 5866 err = cmd->cmd_complete(cmd,
5867 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5868 mgmt_pending_remove(cmd);
6659358e
JH		 5869 goto unlock;
5870 }
5871
51ef3ebe 5872 __hci_update_page_scan(&req);
a397407f 5873
6659358e
JH		 5874 device_removed(sk, hdev, &cp->addr.bdaddr,
5875 cp->addr.type);
5876 goto complete;
5877 }
5878
2faade53
MH		 5879 if (cp->addr.type == BDADDR_LE_PUBLIC)
5880 addr_type = ADDR_LE_DEV_PUBLIC;
5881 else
5882 addr_type = ADDR_LE_DEV_RANDOM;
5883
c71593dd
JH		 5884 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5885 addr_type);
5886 if (!params) {
9df74653
JH		 5887 err = cmd->cmd_complete(cmd,
5888 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5889 mgmt_pending_remove(cmd);
c71593dd
JH		 5890 goto unlock;
5891 }
5892
5893 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
9df74653
JH		 5894 err = cmd->cmd_complete(cmd,
5895 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5896 mgmt_pending_remove(cmd);
c71593dd
JH		 5897 goto unlock;
5898 }
5899
d1dbf12e 5900 list_del(&params->action);
c71593dd
JH		 5901 list_del(&params->list);
5902 kfree(params);
51ef3ebe 5903 __hci_update_background_scan(&req);
8afef092
MH		 5904
5905 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5906 } else {
19de0825 5907 struct hci_conn_params *p, *tmp;
6659358e 5908 struct bdaddr_list *b, *btmp;
19de0825 5909
2faade53 5910 if (cp->addr.type) {
9df74653
JH		 5911 err = cmd->cmd_complete(cmd,
5912 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5913 mgmt_pending_remove(cmd);
2faade53
MH		 5914 goto unlock;
5915 }
5916
6659358e
JH		 5917 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5918 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5919 list_del(&b->list);
5920 kfree(b);
5921 }
5922
51ef3ebe 5923 __hci_update_page_scan(&req);
a397407f 5924
19de0825
JH		 5925 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5926 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5927 continue;
5928 device_removed(sk, hdev, &p->addr, p->addr_type);
5929 list_del(&p->action);
5930 list_del(&p->list);
5931 kfree(p);
5932 }
5933
5934 BT_DBG("All LE connection parameters were removed");
5935
51ef3ebe 5936 __hci_update_background_scan(&req);
2faade53
MH		 5937 }
5938
6659358e 5939complete:
51ef3ebe
JH		 5940 err = hci_req_run(&req, remove_device_complete);
5941 if (err < 0) {
5942 /* ENODATA means no HCI commands were needed (e.g. if
5943 * the adapter is powered off).
5944 */
9df74653
JH		 5945 if (err == -ENODATA)
5946 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
51ef3ebe
JH		 5947 mgmt_pending_remove(cmd);
5948 }
2faade53
MH		 5949
5950unlock:
5951 hci_dev_unlock(hdev);
5952 return err;
5953}
5954
a26f3dcf
JH		 5955static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5956 u16 len)
5957{
5958 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5959 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5960 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5961 u16 param_count, expected_len;
5962 int i;
5963
5964 if (!lmp_le_capable(hdev))
a69e8375
JH		 5965 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5966 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 5967
5968 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5969 if (param_count > max_param_count) {
5970 BT_ERR("load_conn_param: too big param_count value %u",
5971 param_count);
a69e8375
JH		 5972 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5973 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5974 }
a26f3dcf
JH		 5975
5976 expected_len = sizeof(*cp) + param_count *
5977 sizeof(struct mgmt_conn_param);
5978 if (expected_len != len) {
5979 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5980 expected_len, len);
a69e8375
JH		 5981 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5982 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 5983 }
5984
5985 BT_DBG("%s param_count %u", hdev->name, param_count);
5986
5987 hci_dev_lock(hdev);
5988
5989 hci_conn_params_clear_disabled(hdev);
5990
5991 for (i = 0; i < param_count; i++) {
5992 struct mgmt_conn_param *param = &cp->params[i];
5993 struct hci_conn_params *hci_param;
5994 u16 min, max, latency, timeout;
5995 u8 addr_type;
5996
5997 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5998 param->addr.type);
5999
6000 if (param->addr.type == BDADDR_LE_PUBLIC) {
6001 addr_type = ADDR_LE_DEV_PUBLIC;
6002 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6003 addr_type = ADDR_LE_DEV_RANDOM;
6004 } else {
6005 BT_ERR("Ignoring invalid connection parameters");
6006 continue;
6007 }
6008
6009 min = le16_to_cpu(param->min_interval);
6010 max = le16_to_cpu(param->max_interval);
6011 latency = le16_to_cpu(param->latency);
6012 timeout = le16_to_cpu(param->timeout);
6013
6014 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6015 min, max, latency, timeout);
6016
6017 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6018 BT_ERR("Ignoring invalid connection parameters");
6019 continue;
6020 }
6021
6022 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
6023 addr_type);
6024 if (!hci_param) {
6025 BT_ERR("Failed to add connection parameters");
6026 continue;
6027 }
6028
6029 hci_param->conn_min_interval = min;
6030 hci_param->conn_max_interval = max;
6031 hci_param->conn_latency = latency;
6032 hci_param->supervision_timeout = timeout;
6033 }
6034
6035 hci_dev_unlock(hdev);
6036
2a1afb5a
JH		 6037 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6038 NULL, 0);
a26f3dcf
JH		 6039}
6040
dbece37a
MH		 6041static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6042 void *data, u16 len)
6043{
6044 struct mgmt_cp_set_external_config *cp = data;
6045 bool changed;
6046 int err;
6047
6048 BT_DBG("%s", hdev->name);
6049
6050 if (hdev_is_powered(hdev))
a69e8375
JH		 6051 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6052 MGMT_STATUS_REJECTED);
dbece37a
MH		 6053
6054 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 6055 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6056 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 6057
6058 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 6059 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6060 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 6061
6062 hci_dev_lock(hdev);
6063
6064 if (cp->config)
6065 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
6066 &hdev->dev_flags);
6067 else
6068 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
6069 &hdev->dev_flags);
6070
6071 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6072 if (err < 0)
6073 goto unlock;
6074
6075 if (!changed)
6076 goto unlock;
6077
f4537c04
MH		 6078 err = new_options(hdev, sk);
6079
dbece37a
MH		 6080 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
6081 mgmt_index_removed(hdev);
d603b76b
MH		 6082
6083 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
6084 set_bit(HCI_CONFIG, &hdev->dev_flags);
6085 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
6086
6087 queue_work(hdev->req_workqueue, &hdev->power_on);
6088 } else {
5ea234d3 6089 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6090 mgmt_index_added(hdev);
6091 }
dbece37a
MH		 6092 }
6093
6094unlock:
6095 hci_dev_unlock(hdev);
6096 return err;
6097}
6098
9713c17b
MH		 6099static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6100 void *data, u16 len)
6101{
6102 struct mgmt_cp_set_public_address *cp = data;
6103 bool changed;
6104 int err;
6105
6106 BT_DBG("%s", hdev->name);
6107
6108 if (hdev_is_powered(hdev))
a69e8375
JH		 6109 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6110 MGMT_STATUS_REJECTED);
9713c17b
MH		 6111
6112 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 6113 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6114 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 6115
6116 if (!hdev->set_bdaddr)
a69e8375
JH		 6117 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6118 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 6119
6120 hci_dev_lock(hdev);
6121
6122 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6123 bacpy(&hdev->public_addr, &cp->bdaddr);
6124
6125 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6126 if (err < 0)
6127 goto unlock;
6128
6129 if (!changed)
6130 goto unlock;
6131
6132 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6133 err = new_options(hdev, sk);
6134
6135 if (is_configured(hdev)) {
6136 mgmt_index_removed(hdev);
6137
6138 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
6139
6140 set_bit(HCI_CONFIG, &hdev->dev_flags);
6141 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
6142
6143 queue_work(hdev->req_workqueue, &hdev->power_on);
6144 }
6145
6146unlock:
6147 hci_dev_unlock(hdev);
6148 return err;
6149}
6150
6d785aa3 6151static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6152 { NULL }, /* 0x0000 (no command) */
b9a245fb
JH		 6153 { read_version, MGMT_READ_VERSION_SIZE,
6154 HCI_MGMT_NO_HDEV },
6155 { read_commands, MGMT_READ_COMMANDS_SIZE,
6156 HCI_MGMT_NO_HDEV },
6157 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6158 HCI_MGMT_NO_HDEV },
6159 { read_controller_info, MGMT_READ_INFO_SIZE, 0 },
6160 { set_powered, MGMT_SETTING_SIZE, 0 },
6161 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE, 0 },
6162 { set_connectable, MGMT_SETTING_SIZE, 0 },
6163 { set_fast_connectable, MGMT_SETTING_SIZE, 0 },
6164 { set_bondable, MGMT_SETTING_SIZE, 0 },
6165 { set_link_security, MGMT_SETTING_SIZE, 0 },
6166 { set_ssp, MGMT_SETTING_SIZE, 0 },
6167 { set_hs, MGMT_SETTING_SIZE, 0 },
6168 { set_le, MGMT_SETTING_SIZE, 0 },
6169 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE, 0 },
6170 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE, 0 },
6171 { add_uuid, MGMT_ADD_UUID_SIZE, 0 },
6172 { remove_uuid, MGMT_REMOVE_UUID_SIZE, 0 },
6173 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6174 HCI_MGMT_VAR_LEN },
6175 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6176 HCI_MGMT_VAR_LEN },
6177 { disconnect, MGMT_DISCONNECT_SIZE, 0 },
6178 { get_connections, MGMT_GET_CONNECTIONS_SIZE, 0 },
6179 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE, 0 },
6180 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE, 0 },
6181 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE, 0 },
6182 { pair_device, MGMT_PAIR_DEVICE_SIZE, 0 },
6183 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE, 0 },
6184 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE, 0 },
6185 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE, 0 },
6186 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE, 0 },
6187 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE, 0 },
6188 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE, 0 },
6189 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6190 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6191 HCI_MGMT_VAR_LEN },
6192 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE, 0 },
6193 { start_discovery, MGMT_START_DISCOVERY_SIZE, 0 },
6194 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE, 0 },
6195 { confirm_name, MGMT_CONFIRM_NAME_SIZE, 0 },
6196 { block_device, MGMT_BLOCK_DEVICE_SIZE, 0 },
6197 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE, 0 },
6198 { set_device_id, MGMT_SET_DEVICE_ID_SIZE, 0 },
6199 { set_advertising, MGMT_SETTING_SIZE, 0 },
6200 { set_bredr, MGMT_SETTING_SIZE, 0 },
6201 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE, 0 },
6202 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE, 0 },
6203 { set_secure_conn, MGMT_SETTING_SIZE, 0 },
6204 { set_debug_keys, MGMT_SETTING_SIZE, 0 },
6205 { set_privacy, MGMT_SET_PRIVACY_SIZE, 0 },
6206 { load_irks, MGMT_LOAD_IRKS_SIZE,
6207 HCI_MGMT_VAR_LEN },
6208 { get_conn_info, MGMT_GET_CONN_INFO_SIZE, 0 },
6209 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE, 0 },
6210 { add_device, MGMT_ADD_DEVICE_SIZE, 0 },
6211 { remove_device, MGMT_REMOVE_DEVICE_SIZE, 0 },
6212 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6213 HCI_MGMT_VAR_LEN },
6214 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6215 HCI_MGMT_NO_HDEV },
6216 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6217 HCI_MGMT_UNCONFIGURED },
6218 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6219 HCI_MGMT_UNCONFIGURED },
6220 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6221 HCI_MGMT_UNCONFIGURED },
6222 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6223 HCI_MGMT_VAR_LEN },
0f4e68cf
JH		 6224};
6225
6d785aa3
JH		 6226int mgmt_control(struct hci_mgmt_chan *chan, struct sock *sk,
6227 struct msghdr *msg, size_t msglen)
0381101f 6228{
650f726d
VCG		 6229 void *buf;
6230 u8 *cp;
0381101f 6231 struct mgmt_hdr *hdr;
4e51eae9 6232 u16 opcode, index, len;
bdb6d971 6233 struct hci_dev *hdev = NULL;
6d785aa3 6234 const struct hci_mgmt_handler *handler;
b9a245fb 6235 bool var_len, no_hdev;
0381101f
JH		 6236 int err;
6237
6238 BT_DBG("got %zu bytes", msglen);
6239
6240 if (msglen < sizeof(*hdr))
6241 return -EINVAL;
6242
e63a15ec 6243 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 6244 if (!buf)
6245 return -ENOMEM;
6246
6ce8e9ce 6247 if (memcpy_from_msg(buf, msg, msglen)) {
0381101f
JH		 6248 err = -EFAULT;
6249 goto done;
6250 }
6251
650f726d 6252 hdr = buf;
1f350c87
MH		 6253 opcode = __le16_to_cpu(hdr->opcode);
6254 index = __le16_to_cpu(hdr->index);
6255 len = __le16_to_cpu(hdr->len);
0381101f
JH		 6256
6257 if (len != msglen - sizeof(*hdr)) {
6258 err = -EINVAL;
6259 goto done;
6260 }
6261
b9a245fb
JH		 6262 if (opcode >= chan->handler_count ||
6263 chan->handlers[opcode].func == NULL) {
6264 BT_DBG("Unknown op %u", opcode);
a69e8375
JH		 6265 err = mgmt_cmd_status(sk, index, opcode,
6266 MGMT_STATUS_UNKNOWN_COMMAND);
b9a245fb
JH		 6267 goto done;
6268 }
6269
6270 handler = &chan->handlers[opcode];
6271
0f4e68cf 6272 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 6273 hdev = hci_dev_get(index);
6274 if (!hdev) {
a69e8375
JH		 6275 err = mgmt_cmd_status(sk, index, opcode,
6276 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 6277 goto done;
6278 }
0736cfa8 6279
cebf4cfd 6280 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 6281 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 6282 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
a69e8375
JH		 6283 err = mgmt_cmd_status(sk, index, opcode,
6284 MGMT_STATUS_INVALID_INDEX);
0736cfa8
MH		 6285 goto done;
6286 }
42a9bc14
MH		 6287
6288 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
b9a245fb 6289 !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
a69e8375
JH		 6290 err = mgmt_cmd_status(sk, index, opcode,
6291 MGMT_STATUS_INVALID_INDEX);
42a9bc14
MH		 6292 goto done;
6293 }
bdb6d971
JH		 6294 }
6295
b9a245fb
JH		 6296 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
6297 if (no_hdev != !hdev) {
a69e8375
JH		 6298 err = mgmt_cmd_status(sk, index, opcode,
6299 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 6300 goto done;
0381101f
JH		 6301 }
6302
b9a245fb
JH		 6303 var_len = (handler->flags & HCI_MGMT_VAR_LEN);
6304 if ((var_len && len < handler->data_len) ||
6305 (!var_len && len != handler->data_len)) {
a69e8375
JH		 6306 err = mgmt_cmd_status(sk, index, opcode,
6307 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 6308 goto done;
6309 }
6310
0f4e68cf
JH		 6311 if (hdev)
6312 mgmt_init_hdev(sk, hdev);
6313
6314 cp = buf + sizeof(*hdr);
6315
be22b54e 6316 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 6317 if (err < 0)
6318 goto done;
6319
0381101f
JH		 6320 err = msglen;
6321
6322done:
bdb6d971
JH		 6323 if (hdev)
6324 hci_dev_put(hdev);
6325
0381101f
JH		 6326 kfree(buf);
6327 return err;
6328}
c71e97bf 6329
bf6b56db 6330void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6331{
1514b892 6332 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6333 return;
bb4b2a9a 6334
0602a8ad
MH		 6335 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6336 return;
6337
6338 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6339 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
6340 else
6341 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 6342}
6343
bf6b56db 6344void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6345{
5f159032 6346 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6347
1514b892 6348 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6349 return;
bb4b2a9a 6350
0602a8ad
MH		 6351 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6352 return;
6353
1b9b5ee5 6354 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6355
edd3896b
MH		 6356 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6357 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
6358 else
6359 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 6360}
6361
6046dc3e 6362/* This function requires the caller holds hdev->lock */
2cf22218 6363static void restart_le_actions(struct hci_request *req)
6046dc3e 6364{
2cf22218 6365 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 6366 struct hci_conn_params *p;
6367
6368 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6369 /* Needed for AUTO_OFF case where might not "really"
6370 * have been powered off.
6371 */
6372 list_del_init(&p->action);
6373
6374 switch (p->auto_connect) {
4b9e7e75 6375 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6376 case HCI_AUTO_CONN_ALWAYS:
6377 list_add(&p->action, &hdev->pend_le_conns);
6378 break;
6379 case HCI_AUTO_CONN_REPORT:
6380 list_add(&p->action, &hdev->pend_le_reports);
6381 break;
6382 default:
6383 break;
c83ed19d 6384 }
6046dc3e 6385 }
c83ed19d 6386
2cf22218 6387 __hci_update_background_scan(req);
6046dc3e
AG		 6388}
6389
1904a853 6390static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 6391{
6392 struct cmd_lookup match = { NULL, hdev };
6393
6394 BT_DBG("status 0x%02x", status);
6395
162a3bac
MH		 6396 if (!status) {
6397 /* Register the available SMP channels (BR/EDR and LE) only
6398 * when successfully powering on the controller. This late
6399 * registration is required so that LE SMP can clearly
6400 * decide if the public address or static address is used.
6401 */
6402 smp_register(hdev);
6403 }
6404
229ab39c
JH		 6405 hci_dev_lock(hdev);
6406
6407 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6408
6409 new_settings(hdev, match.sk);
6410
6411 hci_dev_unlock(hdev);
6412
6413 if (match.sk)
6414 sock_put(match.sk);
6415}
6416
70da6243 6417static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6418{
890ea898 6419 struct hci_request req;
70da6243 6420 u8 link_sec;
5add6af8 6421
890ea898
JH		 6422 hci_req_init(&req, hdev);
6423
70da6243
JH		 6424 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
6425 !lmp_host_ssp_capable(hdev)) {
574ea3c7 6426 u8 mode = 0x01;
5e5282bb 6427
574ea3c7
MH		 6428 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6429
6430 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6431 u8 support = 0x01;
5add6af8 6432
574ea3c7
MH		 6433 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6434 sizeof(support), &support);
6435 }
ec6f99b8
JH		 6436 }
6437
c73eee91
JH		 6438 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
6439 lmp_bredr_capable(hdev)) {
70da6243 6440 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6441
32226e4f
MH		 6442 cp.le = 0x01;
6443 cp.simul = 0x00;
3d1cbdd6 6444
70da6243
JH		 6445 /* Check first if we already have the right
6446 * host state (host features set)
6447 */
6448 if (cp.le != lmp_host_le_capable(hdev) ||
6449 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6450 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6451 sizeof(cp), &cp);
70da6243 6452 }
3d1cbdd6 6453
d13eafce 6454 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6455 /* Make sure the controller has a good default for
6456 * advertising data. This also applies to the case
6457 * where BR/EDR was toggled during the AUTO_OFF phase.
6458 */
f14d8f64 6459 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 6460 update_adv_data(&req);
f14d8f64
MH		 6461 update_scan_rsp_data(&req);
6462 }
441ad2d0 6463
bba3aa55
MH		 6464 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6465 enable_advertising(&req);
2cf22218
JH		 6466
6467 restart_le_actions(&req);
eeca6f89
JH		 6468 }
6469
70da6243
JH		 6470 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
6471 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6472 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6473 sizeof(link_sec), &link_sec);
562fcc24 6474
70da6243 6475 if (lmp_bredr_capable(hdev)) {
432df05e 6476 write_fast_connectable(&req, false);
1d2dc5b7 6477 __hci_update_page_scan(&req);
890ea898 6478 update_class(&req);
13928971 6479 update_name(&req);
890ea898 6480 update_eir(&req);
70da6243 6481 }
562fcc24 6482
229ab39c 6483 return hci_req_run(&req, powered_complete);
70da6243 6484}
562fcc24 6485
70da6243
JH		 6486int mgmt_powered(struct hci_dev *hdev, u8 powered)
6487{
6488 struct cmd_lookup match = { NULL, hdev };
9845904f 6489 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6490 int err;
f0ff92fb 6491
70da6243
JH		 6492 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
6493 return 0;
6494
70da6243 6495 if (powered) {
229ab39c
JH		 6496 if (powered_update_hci(hdev) == 0)
6497 return 0;
fe038884 6498
229ab39c
JH		 6499 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6500 &match);
6501 goto new_settings;
b24752fe
JH		 6502 }
6503
229ab39c 6504 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6505
6506 /* If the power off is because of hdev unregistration let
6507 * use the appropriate INVALID_INDEX status. Otherwise use
6508 * NOT_POWERED. We cover both scenarios here since later in
6509 * mgmt_index_removed() any hci_conn callbacks will have already
6510 * been triggered, potentially causing misleading DISCONNECTED
6511 * status responses.
6512 */
6513 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags))
6514 status = MGMT_STATUS_INVALID_INDEX;
6515 else
6516 status = MGMT_STATUS_NOT_POWERED;
6517
6518 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6519
6520 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6521 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6522 zero_cod, sizeof(zero_cod), NULL);
6523
6524new_settings:
beadb2bd 6525 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6526
6527 if (match.sk)
6528 sock_put(match.sk);
6529
7bb895d6 6530 return err;
5add6af8 6531}
73f22f62 6532
3eec705e 6533void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 6534{
3b0602cd 6535 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 6536 u8 status;
6537
6538 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6539 if (!cmd)
3eec705e 6540 return;
96570ffc
JH		 6541
6542 if (err == -ERFKILL)
6543 status = MGMT_STATUS_RFKILLED;
6544 else
6545 status = MGMT_STATUS_FAILED;
6546
a69e8375 6547 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6548
6549 mgmt_pending_remove(cmd);
96570ffc
JH		 6550}
6551
d1967ff8
MH		 6552void mgmt_discoverable_timeout(struct hci_dev *hdev)
6553{
6554 struct hci_request req;
d1967ff8
MH		 6555
6556 hci_dev_lock(hdev);
6557
6558 /* When discoverable timeout triggers, then just make sure
6559 * the limited discoverable flag is cleared. Even in the case
6560 * of a timeout triggered from general discoverable, it is
6561 * safe to unconditionally clear the flag.
6562 */
6563 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 6564 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 6565
6566 hci_req_init(&req, hdev);
4b580614
JH		 6567 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6568 u8 scan = SCAN_PAGE;
6569 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6570 sizeof(scan), &scan);
6571 }
d1967ff8 6572 update_class(&req);
9a43e25f 6573 update_adv_data(&req);
d1967ff8
MH		 6574 hci_req_run(&req, NULL);
6575
6576 hdev->discov_timeout = 0;
6577
9a43e25f
JH		 6578 new_settings(hdev, NULL);
6579
d1967ff8
MH		 6580 hci_dev_unlock(hdev);
6581}
6582
dc4a5ee2
MH		 6583void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6584 bool persistent)
55ed8ca1 6585{
86742e1e 6586 struct mgmt_ev_new_link_key ev;
55ed8ca1 6587
a492cd52 6588 memset(&ev, 0, sizeof(ev));
55ed8ca1 6589
a492cd52 6590 ev.store_hint = persistent;
d753fdc4 6591 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6592 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6593 ev.key.type = key->type;
9b3b4460 6594 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6595 ev.key.pin_len = key->pin_len;
55ed8ca1 6596
dc4a5ee2 6597 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6598}
f7520543 6599
d7b25450
JH		 6600static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6601{
23fb8de3
JH		 6602 switch (ltk->type) {
6603 case SMP_LTK:
6604 case SMP_LTK_SLAVE:
6605 if (ltk->authenticated)
6606 return MGMT_LTK_AUTHENTICATED;
6607 return MGMT_LTK_UNAUTHENTICATED;
6608 case SMP_LTK_P256:
6609 if (ltk->authenticated)
6610 return MGMT_LTK_P256_AUTH;
6611 return MGMT_LTK_P256_UNAUTH;
6612 case SMP_LTK_P256_DEBUG:
6613 return MGMT_LTK_P256_DEBUG;
6614 }
d7b25450
JH		 6615
6616 return MGMT_LTK_UNAUTHENTICATED;
6617}
6618
53ac6ab6 6619void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6620{
6621 struct mgmt_ev_new_long_term_key ev;
6622
6623 memset(&ev, 0, sizeof(ev));
6624
5192d301
MH		 6625 /* Devices using resolvable or non-resolvable random addresses
6626 * without providing an indentity resolving key don't require
6627 * to store long term keys. Their addresses will change the
6628 * next time around.
6629 *
6630 * Only when a remote device provides an identity address
6631 * make sure the long term key is stored. If the remote
6632 * identity is known, the long term keys are internally
6633 * mapped to the identity address. So allow static random
6634 * and public addresses here.
6635 */
ba74b666
JH		 6636 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6637 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6638 ev.store_hint = 0x00;
6639 else
53ac6ab6 6640 ev.store_hint = persistent;
ba74b666 6641
346af67b 6642 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6643 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6644 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6645 ev.key.enc_size = key->enc_size;
6646 ev.key.ediv = key->ediv;
fe39c7b2 6647 ev.key.rand = key->rand;
346af67b 6648
2ceba539 6649 if (key->type == SMP_LTK)
346af67b
VCG		 6650 ev.key.master = 1;
6651
346af67b
VCG		 6652 memcpy(ev.key.val, key->val, sizeof(key->val));
6653
083368f7 6654 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6655}
6656
95fbac8a
JH		 6657void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6658{
6659 struct mgmt_ev_new_irk ev;
6660
6661 memset(&ev, 0, sizeof(ev));
6662
bab6d1e5
MH		 6663 /* For identity resolving keys from devices that are already
6664 * using a public address or static random address, do not
6665 * ask for storing this key. The identity resolving key really
6666 * is only mandatory for devices using resovlable random
6667 * addresses.
6668 *
6669 * Storing all identity resolving keys has the downside that
6670 * they will be also loaded on next boot of they system. More
6671 * identity resolving keys, means more time during scanning is
6672 * needed to actually resolve these addresses.
6673 */
6674 if (bacmp(&irk->rpa, BDADDR_ANY))
6675 ev.store_hint = 0x01;
6676 else
6677 ev.store_hint = 0x00;
6678
95fbac8a
JH		 6679 bacpy(&ev.rpa, &irk->rpa);
6680 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6681 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6682 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6683
6684 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6685}
6686
53ac6ab6
MH		 6687void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6688 bool persistent)
7ee4ea36
MH		 6689{
6690 struct mgmt_ev_new_csrk ev;
6691
6692 memset(&ev, 0, sizeof(ev));
6693
6694 /* Devices using resolvable or non-resolvable random addresses
6695 * without providing an indentity resolving key don't require
6696 * to store signature resolving keys. Their addresses will change
6697 * the next time around.
6698 *
6699 * Only when a remote device provides an identity address
6700 * make sure the signature resolving key is stored. So allow
6701 * static random and public addresses here.
6702 */
6703 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6704 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6705 ev.store_hint = 0x00;
6706 else
53ac6ab6 6707 ev.store_hint = persistent;
7ee4ea36
MH		 6708
6709 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6710 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 6711 ev.key.type = csrk->type;
7ee4ea36
MH		 6712 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6713
6714 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6715}
6716
ffb5a827 6717void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6718 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6719 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6720{
6721 struct mgmt_ev_new_conn_param ev;
6722
c103aea6
JH		 6723 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6724 return;
6725
ffb5a827
AG		 6726 memset(&ev, 0, sizeof(ev));
6727 bacpy(&ev.addr.bdaddr, bdaddr);
6728 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6729 ev.store_hint = store_hint;
ffb5a827
AG		 6730 ev.min_interval = cpu_to_le16(min_interval);
6731 ev.max_interval = cpu_to_le16(max_interval);
6732 ev.latency = cpu_to_le16(latency);
6733 ev.timeout = cpu_to_le16(timeout);
6734
6735 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6736}
6737
94933991
MH		 6738static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6739 u8 data_len)
6740{
6741 eir[eir_len++] = sizeof(type) + data_len;
6742 eir[eir_len++] = type;
6743 memcpy(&eir[eir_len], data, data_len);
6744 eir_len += data_len;
6745
6746 return eir_len;
6747}
6748
48ec92fa
AA		 6749void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6750 u32 flags, u8 *name, u8 name_len)
f7520543 6751{
b644ba33
JH		 6752 char buf[512];
6753 struct mgmt_ev_device_connected *ev = (void *) buf;
6754 u16 eir_len = 0;
f7520543 6755
48ec92fa
AA		 6756 bacpy(&ev->addr.bdaddr, &conn->dst);
6757 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6758
c95f0ba7 6759 ev->flags = __cpu_to_le32(flags);
08c79b61 6760
fd45ada9
AA		 6761 /* We must ensure that the EIR Data fields are ordered and
6762 * unique. Keep it simple for now and avoid the problem by not
6763 * adding any BR/EDR data to the LE adv.
6764 */
6765 if (conn->le_adv_data_len > 0) {
6766 memcpy(&ev->eir[eir_len],
6767 conn->le_adv_data, conn->le_adv_data_len);
6768 eir_len = conn->le_adv_data_len;
6769 } else {
6770 if (name_len > 0)
6771 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6772 name, name_len);
b644ba33 6773
ddbea5cf 6774 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6775 eir_len = eir_append_data(ev->eir, eir_len,
6776 EIR_CLASS_OF_DEV,
6777 conn->dev_class, 3);
6778 }
b644ba33 6779
eb55ef07 6780 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6781
ecd90ae7
MH		 6782 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6783 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6784}
6785
3b0602cd 6786static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 6787{
8962ee74 6788 struct sock **sk = data;
8962ee74 6789
f5818c22 6790 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6791
6792 *sk = cmd->sk;
6793 sock_hold(*sk);
6794
a664b5bc 6795 mgmt_pending_remove(cmd);
8962ee74
JH		 6796}
6797
3b0602cd 6798static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 6799{
b1078ad0 6800 struct hci_dev *hdev = data;
124f6e35 6801 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6802
b1078ad0
JH		 6803 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6804
d8b7b1e4 6805 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6806 mgmt_pending_remove(cmd);
6807}
6808
84c61d92
JH		 6809bool mgmt_powering_down(struct hci_dev *hdev)
6810{
3b0602cd 6811 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 6812 struct mgmt_mode *cp;
6813
6814 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6815 if (!cmd)
6816 return false;
6817
6818 cp = cmd->param;
6819 if (!cp->val)
6820 return true;
6821
6822 return false;
6823}
6824
9b80ec5e 6825void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6826 u8 link_type, u8 addr_type, u8 reason,
6827 bool mgmt_connected)
f7520543 6828{
f0d6a0ea 6829 struct mgmt_ev_device_disconnected ev;
8962ee74 6830 struct sock *sk = NULL;
8962ee74 6831
84c61d92
JH		 6832 /* The connection is still in hci_conn_hash so test for 1
6833 * instead of 0 to know if this is the last one.
6834 */
6835 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6836 cancel_delayed_work(&hdev->power_off);
6837 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6838 }
6839
12d4a3b2
JH		 6840 if (!mgmt_connected)
6841 return;
6842
57eb776f
AG		 6843 if (link_type != ACL_LINK && link_type != LE_LINK)
6844 return;
6845
744cf19e 6846 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6847
f0d6a0ea
MA		 6848 bacpy(&ev.addr.bdaddr, bdaddr);
6849 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6850 ev.reason = reason;
f7520543 6851
9b80ec5e 6852 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6853
6854 if (sk)
d97dcb66 6855 sock_put(sk);
8962ee74 6856
124f6e35 6857 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6858 hdev);
8962ee74
JH		 6859}
6860
7892924c
MH		 6861void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6862 u8 link_type, u8 addr_type, u8 status)
8962ee74 6863{
3655bba8
AG		 6864 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6865 struct mgmt_cp_disconnect *cp;
3b0602cd 6866 struct mgmt_pending_cmd *cmd;
8962ee74 6867
36a75f1b
JD		 6868 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6869 hdev);
6870
2e58ef3e 6871 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6872 if (!cmd)
7892924c 6873 return;
8962ee74 6874
3655bba8
AG		 6875 cp = cmd->param;
6876
6877 if (bacmp(bdaddr, &cp->addr.bdaddr))
6878 return;
6879
6880 if (cp->addr.type != bdaddr_type)
6881 return;
6882
f5818c22 6883 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6884 mgmt_pending_remove(cmd);
f7520543 6885}
17d5c04c 6886
445608d0
MH		 6887void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6888 u8 addr_type, u8 status)
17d5c04c
JH		 6889{
6890 struct mgmt_ev_connect_failed ev;
c9910d0f 6891
84c61d92
JH		 6892 /* The connection is still in hci_conn_hash so test for 1
6893 * instead of 0 to know if this is the last one.
6894 */
6895 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6896 cancel_delayed_work(&hdev->power_off);
6897 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6898 }
17d5c04c 6899
4c659c39 6900 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6901 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6902 ev.status = mgmt_status(status);
17d5c04c 6903
445608d0 6904 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6905}
980e1a53 6906
ce0e4a0d 6907void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6908{
6909 struct mgmt_ev_pin_code_request ev;
6910
d8457698 6911 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6912 ev.addr.type = BDADDR_BREDR;
a770bb5a 6913 ev.secure = secure;
980e1a53 6914
ce0e4a0d 6915 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6916}
6917
e669cf80
MH		 6918void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6919 u8 status)
980e1a53 6920{
3b0602cd 6921 struct mgmt_pending_cmd *cmd;
980e1a53 6922
2e58ef3e 6923 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6924 if (!cmd)
e669cf80 6925 return;
980e1a53 6926
7776d1d8 6927 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6928 mgmt_pending_remove(cmd);
980e1a53
JH		 6929}
6930
3eb38528
MH		 6931void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6932 u8 status)
980e1a53 6933{
3b0602cd 6934 struct mgmt_pending_cmd *cmd;
980e1a53 6935
2e58ef3e 6936 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6937 if (!cmd)
3eb38528 6938 return;
980e1a53 6939
7776d1d8 6940 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6941 mgmt_pending_remove(cmd);
980e1a53 6942}
a5c29683 6943
744cf19e 6944int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6945 u8 link_type, u8 addr_type, u32 value,
04124681 6946 u8 confirm_hint)
a5c29683
JH		 6947{
6948 struct mgmt_ev_user_confirm_request ev;
6949
744cf19e 6950 BT_DBG("%s", hdev->name);
a5c29683 6951
272d90df 6952 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6953 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6954 ev.confirm_hint = confirm_hint;
39adbffe 6955 ev.value = cpu_to_le32(value);
a5c29683 6956
744cf19e 6957 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6958 NULL);
a5c29683
JH		 6959}
6960
272d90df 6961int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6962 u8 link_type, u8 addr_type)
604086b7
BG		 6963{
6964 struct mgmt_ev_user_passkey_request ev;
6965
6966 BT_DBG("%s", hdev->name);
6967
272d90df 6968 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6969 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6970
6971 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6972 NULL);
604086b7
BG		 6973}
6974
0df4c185 6975static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6976 u8 link_type, u8 addr_type, u8 status,
6977 u8 opcode)
a5c29683 6978{
3b0602cd 6979 struct mgmt_pending_cmd *cmd;
a5c29683 6980
2e58ef3e 6981 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6982 if (!cmd)
6983 return -ENOENT;
6984
7776d1d8 6985 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6986 mgmt_pending_remove(cmd);
a5c29683 6987
7776d1d8 6988 return 0;
a5c29683
JH		 6989}
6990
744cf19e 6991int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6992 u8 link_type, u8 addr_type, u8 status)
a5c29683 6993{
272d90df 6994 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6995 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6996}
6997
272d90df 6998int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6999 u8 link_type, u8 addr_type, u8 status)
a5c29683 7000{
272d90df 7001 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7002 status,
7003 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7004}
2a611692 7005
604086b7 7006int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7007 u8 link_type, u8 addr_type, u8 status)
604086b7 7008{
272d90df 7009 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7010 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7011}
7012
272d90df 7013int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7014 u8 link_type, u8 addr_type, u8 status)
604086b7 7015{
272d90df 7016 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7017 status,
7018 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7019}
7020
92a25256
JH		 7021int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7022 u8 link_type, u8 addr_type, u32 passkey,
7023 u8 entered)
7024{
7025 struct mgmt_ev_passkey_notify ev;
7026
7027 BT_DBG("%s", hdev->name);
7028
7029 bacpy(&ev.addr.bdaddr, bdaddr);
7030 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7031 ev.passkey = __cpu_to_le32(passkey);
7032 ev.entered = entered;
7033
7034 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7035}
7036
e1e930f5 7037void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7038{
7039 struct mgmt_ev_auth_failed ev;
3b0602cd 7040 struct mgmt_pending_cmd *cmd;
e1e930f5 7041 u8 status = mgmt_status(hci_status);
2a611692 7042
e1e930f5
JH		 7043 bacpy(&ev.addr.bdaddr, &conn->dst);
7044 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7045 ev.status = status;
2a611692 7046
e1e930f5
JH		 7047 cmd = find_pairing(conn);
7048
7049 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7050 cmd ? cmd->sk : NULL);
7051
a511b35b
JH		 7052 if (cmd) {
7053 cmd->cmd_complete(cmd, status);
7054 mgmt_pending_remove(cmd);
7055 }
2a611692 7056}
b312b161 7057
464996ae 7058void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7059{
7060 struct cmd_lookup match = { NULL, hdev };
464996ae 7061 bool changed;
33ef95ed
JH		 7062
7063 if (status) {
7064 u8 mgmt_err = mgmt_status(status);
7065 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7066 cmd_status_rsp, &mgmt_err);
464996ae 7067 return;
33ef95ed
JH		 7068 }
7069
464996ae
MH		 7070 if (test_bit(HCI_AUTH, &hdev->flags))
7071 changed = !test_and_set_bit(HCI_LINK_SECURITY,
7072 &hdev->dev_flags);
7073 else
7074 changed = test_and_clear_bit(HCI_LINK_SECURITY,
7075 &hdev->dev_flags);
47990ea0 7076
33ef95ed 7077 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7078 &match);
33ef95ed 7079
47990ea0 7080 if (changed)
464996ae 7081 new_settings(hdev, match.sk);
33ef95ed
JH		 7082
7083 if (match.sk)
7084 sock_put(match.sk);
33ef95ed
JH		 7085}
7086
890ea898 7087static void clear_eir(struct hci_request *req)
cacaf52f 7088{
890ea898 7089 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7090 struct hci_cp_write_eir cp;
7091
976eb20e 7092 if (!lmp_ext_inq_capable(hdev))
890ea898 7093 return;
cacaf52f 7094
c80da27e
JH		 7095 memset(hdev->eir, 0, sizeof(hdev->eir));
7096
cacaf52f
JH		 7097 memset(&cp, 0, sizeof(cp));
7098
890ea898 7099 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7100}
7101
3e248560 7102void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7103{
7104 struct cmd_lookup match = { NULL, hdev };
890ea898 7105 struct hci_request req;
c0ecddc2 7106 bool changed = false;
ed2c4ee3
JH		 7107
7108 if (status) {
7109 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 7110
7111 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 7112 &hdev->dev_flags)) {
7113 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 7114 new_settings(hdev, NULL);
9ecb3e24 7115 }
c0ecddc2 7116
04124681
GP		 7117 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7118 &mgmt_err);
3e248560 7119 return;
c0ecddc2
JH		 7120 }
7121
7122 if (enable) {
9ecb3e24 7123 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 7124 } else {
9ecb3e24
MH		 7125 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
7126 if (!changed)
7127 changed = test_and_clear_bit(HCI_HS_ENABLED,
7128 &hdev->dev_flags);
7129 else
7130 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 7131 }
7132
7133 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7134
c0ecddc2 7135 if (changed)
3e248560 7136 new_settings(hdev, match.sk);
ed2c4ee3 7137
5fc6ebb1 7138 if (match.sk)
ed2c4ee3
JH		 7139 sock_put(match.sk);
7140
890ea898
JH		 7141 hci_req_init(&req, hdev);
7142
3769972b
JH		 7143 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
7144 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
7145 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7146 sizeof(enable), &enable);
890ea898 7147 update_eir(&req);
3769972b 7148 } else {
890ea898 7149 clear_eir(&req);
3769972b 7150 }
890ea898
JH		 7151
7152 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7153}
7154
3b0602cd 7155static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7156{
7157 struct cmd_lookup *match = data;
7158
90e70454
JH		 7159 if (match->sk == NULL) {
7160 match->sk = cmd->sk;
7161 sock_hold(match->sk);
7162 }
90e70454
JH		 7163}
7164
4e1b0245
MH		 7165void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7166 u8 status)
7f9a903c 7167{
90e70454 7168 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7169
92da6097
JH		 7170 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7171 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7172 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7173
7174 if (!status)
4e1b0245
MH		 7175 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
7176 NULL);
90e70454
JH		 7177
7178 if (match.sk)
7179 sock_put(match.sk);
7f9a903c
MH		 7180}
7181
7667da34 7182void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7183{
b312b161 7184 struct mgmt_cp_set_local_name ev;
3b0602cd 7185 struct mgmt_pending_cmd *cmd;
28cc7bde 7186
13928971 7187 if (status)
7667da34 7188 return;
b312b161
JH		 7189
7190 memset(&ev, 0, sizeof(ev));
7191 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7192 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7193
2e58ef3e 7194 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7195 if (!cmd) {
7196 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7197
13928971
JH		 7198 /* If this is a HCI command related to powering on the
7199 * HCI dev don't send any mgmt signals.
7200 */
7201 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7202 return;
890ea898 7203 }
b312b161 7204
7667da34
MH		 7205 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7206 cmd ? cmd->sk : NULL);
b312b161 7207}
c35938b2 7208
4d2d2796 7209void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 7210 u8 *rand192, u8 *hash256, u8 *rand256,
7211 u8 status)
c35938b2 7212{
3b0602cd 7213 struct mgmt_pending_cmd *cmd;
c35938b2 7214
744cf19e 7215 BT_DBG("%s status %u", hdev->name, status);
c35938b2 7216
2e58ef3e 7217 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 7218 if (!cmd)
3edaf092 7219 return;
c35938b2
SJ		 7220
7221 if (status) {
a69e8375
JH		 7222 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7223 mgmt_status(status));
c35938b2 7224 } else {
66f096f7
JH		 7225 struct mgmt_rp_read_local_oob_data rp;
7226 size_t rp_size = sizeof(rp);
4d2d2796 7227
66f096f7
JH		 7228 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7229 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 7230
66f096f7 7231 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796 7232 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 7233 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
4d2d2796 7234 } else {
66f096f7 7235 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
4d2d2796 7236 }
66f096f7 7237
2a1afb5a
JH		 7238 mgmt_cmd_complete(cmd->sk, hdev->id,
7239 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7240 &rp, rp_size);
c35938b2
SJ		 7241 }
7242
7243 mgmt_pending_remove(cmd);
c35938b2 7244}
e17acd40 7245
799ce93d
JP		 7246static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7247{
7248 int i;
7249
7250 for (i = 0; i < uuid_count; i++) {
7251 if (!memcmp(uuid, uuids[i], 16))
7252 return true;
7253 }
7254
7255 return false;
7256}
7257
b487b9ce
MH		 7258static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7259{
799ce93d
JP		 7260 u16 parsed = 0;
7261
7262 while (parsed < eir_len) {
7263 u8 field_len = eir[0];
7264 u8 uuid[16];
7265 int i;
7266
7267 if (field_len == 0)
7268 break;
7269
7270 if (eir_len - parsed < field_len + 1)
7271 break;
7272
7273 switch (eir[1]) {
7274 case EIR_UUID16_ALL:
7275 case EIR_UUID16_SOME:
7276 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7277 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7278 uuid[13] = eir[i + 3];
7279 uuid[12] = eir[i + 2];
7280 if (has_uuid(uuid, uuid_count, uuids))
7281 return true;
7282 }
7283 break;
7284 case EIR_UUID32_ALL:
7285 case EIR_UUID32_SOME:
7286 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7287 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7288 uuid[15] = eir[i + 5];
7289 uuid[14] = eir[i + 4];
7290 uuid[13] = eir[i + 3];
7291 uuid[12] = eir[i + 2];
7292 if (has_uuid(uuid, uuid_count, uuids))
7293 return true;
7294 }
7295 break;
7296 case EIR_UUID128_ALL:
7297 case EIR_UUID128_SOME:
7298 for (i = 0; i + 17 <= field_len; i += 16) {
7299 memcpy(uuid, eir + i + 2, 16);
7300 if (has_uuid(uuid, uuid_count, uuids))
7301 return true;
7302 }
7303 break;
7304 }
7305
7306 parsed += field_len + 1;
7307 eir += field_len + 1;
7308 }
7309
b487b9ce
MH		 7310 return false;
7311}
7312
4b0e0ced
JP		 7313static void restart_le_scan(struct hci_dev *hdev)
7314{
7315 /* If controller is not scanning we are done. */
7316 if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags))
7317 return;
7318
7319 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7320 hdev->discovery.scan_start +
7321 hdev->discovery.scan_duration))
7322 return;
7323
7324 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
7325 DISCOV_LE_RESTART_DELAY);
7326}
7327
48f86b7f
JP		 7328static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7329 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7330{
48f86b7f
JP		 7331 /* If a RSSI threshold has been specified, and
7332 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7333 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7334 * is set, let it through for further processing, as we might need to
7335 * restart the scan.
efb2513f
MH		 7336 *
7337 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7338 * the results are also dropped.
bda157a4
MH		 7339 */
7340 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7341 (rssi == HCI_RSSI_INVALID ||
7342 (rssi < hdev->discovery.rssi &&
7343 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7344 return false;
efb2513f 7345
2976cdeb
JP		 7346 if (hdev->discovery.uuid_count != 0) {
7347 /* If a list of UUIDs is provided in filter, results with no
7348 * matching UUID should be dropped.
b487b9ce 7349 */
2976cdeb
JP		 7350 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7351 hdev->discovery.uuids) &&
7352 !eir_has_uuids(scan_rsp, scan_rsp_len,
7353 hdev->discovery.uuid_count,
7354 hdev->discovery.uuids))
7355 return false;
b487b9ce 7356 }
5d2e9fad 7357
2976cdeb
JP		 7358 /* If duplicate filtering does not report RSSI changes, then restart
7359 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7360 */
2976cdeb
JP		 7361 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7362 restart_le_scan(hdev);
7363
7364 /* Validate RSSI value against the RSSI threshold once more. */
7365 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7366 rssi < hdev->discovery.rssi)
7367 return false;
7368 }
48f86b7f
JP		 7369
7370 return true;
7371}
7372
7373void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7374 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7375 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7376{
7377 char buf[512];
7378 struct mgmt_ev_device_found *ev = (void *)buf;
7379 size_t ev_size;
7380
7381 /* Don't send events for a non-kernel initiated discovery. With
7382 * LE one exception is if we have pend_le_reports > 0 in which
7383 * case we're doing passive scanning and want these events.
7384 */
7385 if (!hci_discovery_active(hdev)) {
7386 if (link_type == ACL_LINK)
7387 return;
7388 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7389 return;
7390 }
7391
82f8b651 7392 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7393 /* We are using service discovery */
7394 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7395 scan_rsp_len))
7396 return;
7397 }
7398
7399 /* Make sure that the buffer is big enough. The 5 extra bytes
7400 * are for the potential CoD field.
7401 */
7402 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7403 return;
7404
48f86b7f
JP		 7405 memset(buf, 0, sizeof(buf));
7406
7407 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7408 * RSSI value was reported as 0 when not available. This behavior
7409 * is kept when using device discovery. This is required for full
7410 * backwards compatibility with the API.
7411 *
7412 * However when using service discovery, the value 127 will be
7413 * returned when the RSSI is not available.
7414 */
7415 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7416 link_type == ACL_LINK)
7417 rssi = 0;
7418
7419 bacpy(&ev->addr.bdaddr, bdaddr);
7420 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7421 ev->rssi = rssi;
7422 ev->flags = cpu_to_le32(flags);
7423
7424 if (eir_len > 0)
7425 /* Copy EIR or advertising data into event */
7426 memcpy(ev->eir, eir, eir_len);
7427
7428 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7429 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7430 dev_class, 3);
7431
7432 if (scan_rsp_len > 0)
7433 /* Append scan response data to event */
7434 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7435
5d2e9fad
JH		 7436 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7437 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7438
901801b9 7439 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7440}
a88a9652 7441
9cf12aee
MH		 7442void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7443 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7444{
b644ba33
JH		 7445 struct mgmt_ev_device_found *ev;
7446 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7447 u16 eir_len;
a88a9652 7448
b644ba33 7449 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7450
b644ba33
JH		 7451 memset(buf, 0, sizeof(buf));
7452
7453 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7454 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7455 ev->rssi = rssi;
7456
7457 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7458 name_len);
b644ba33 7459
eb55ef07 7460 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7461
9cf12aee 7462 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7463}
314b2381 7464
2f1e063b 7465void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7466{
f963e8e9 7467 struct mgmt_ev_discovering ev;
164a6e78 7468
343fb145
AG		 7469 BT_DBG("%s discovering %u", hdev->name, discovering);
7470
f963e8e9
JH		 7471 memset(&ev, 0, sizeof(ev));
7472 ev.type = hdev->discovery.type;
7473 ev.discovering = discovering;
7474
2f1e063b 7475 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7476}
5e762444 7477
1904a853 7478static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 7479{
7480 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 7481}
7482
7483void mgmt_reenable_advertising(struct hci_dev *hdev)
7484{
7485 struct hci_request req;
7486
5976e608
MH		 7487 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
7488 return;
7489
7490 hci_req_init(&req, hdev);
7491 enable_advertising(&req);
0ec5ae84 7492 hci_req_run(&req, adv_enable_complete);
5976e608 7493}
6d785aa3
JH		 7494
7495static struct hci_mgmt_chan chan = {
7496 .channel = HCI_CHANNEL_CONTROL,
7497 .handler_count = ARRAY_SIZE(mgmt_handlers),
7498 .handlers = mgmt_handlers,
7499};
7500
7501int mgmt_init(void)
7502{
7503 return hci_mgmt_chan_register(&chan);
7504}
7505
7506void mgmt_exit(void)
7507{
7508 hci_mgmt_chan_unregister(&chan);
7509}
Linux kernel - Deliverables
This page took 0.857328 seconds and 5 git commands to generate.