projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Remove unnecessary le_scan_restart_work_complete() function
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
0381101f 39
2da9c55c 40#define MGMT_VERSION 1
e58627d1 41#define MGMT_REVISION 10
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 50 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
4375f103 82 MGMT_OP_SET_ADVERTISING,
0663ca2a 83 MGMT_OP_SET_BREDR,
d13eafce 84 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 85 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 86 MGMT_OP_SET_SECURE_CONN,
4e39ac81 87 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 88 MGMT_OP_SET_PRIVACY,
41edf160 89 MGMT_OP_LOAD_IRKS,
dd983808 90 MGMT_OP_GET_CONN_INFO,
95868426 91 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 94 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 95 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 96 MGMT_OP_READ_CONFIG_INFO,
dbece37a 97 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 98 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 99 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 101 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 102 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 103 MGMT_OP_ADD_ADVERTISING,
da929335 104 MGMT_OP_REMOVE_ADVERTISING,
e70bb2e8
JH		 105};
106
107static const u16 mgmt_events[] = {
108 MGMT_EV_CONTROLLER_ERROR,
109 MGMT_EV_INDEX_ADDED,
110 MGMT_EV_INDEX_REMOVED,
111 MGMT_EV_NEW_SETTINGS,
112 MGMT_EV_CLASS_OF_DEV_CHANGED,
113 MGMT_EV_LOCAL_NAME_CHANGED,
114 MGMT_EV_NEW_LINK_KEY,
115 MGMT_EV_NEW_LONG_TERM_KEY,
116 MGMT_EV_DEVICE_CONNECTED,
117 MGMT_EV_DEVICE_DISCONNECTED,
118 MGMT_EV_CONNECT_FAILED,
119 MGMT_EV_PIN_CODE_REQUEST,
120 MGMT_EV_USER_CONFIRM_REQUEST,
121 MGMT_EV_USER_PASSKEY_REQUEST,
122 MGMT_EV_AUTH_FAILED,
123 MGMT_EV_DEVICE_FOUND,
124 MGMT_EV_DISCOVERING,
125 MGMT_EV_DEVICE_BLOCKED,
126 MGMT_EV_DEVICE_UNBLOCKED,
127 MGMT_EV_DEVICE_UNPAIRED,
92a25256 128 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 129 MGMT_EV_NEW_IRK,
7ee4ea36 130 MGMT_EV_NEW_CSRK,
8afef092
MH		 131 MGMT_EV_DEVICE_ADDED,
132 MGMT_EV_DEVICE_REMOVED,
ffb5a827 133 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 134 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 135 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 136 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 137 MGMT_EV_EXT_INDEX_ADDED,
138 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 139 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 140 MGMT_EV_ADVERTISING_ADDED,
141 MGMT_EV_ADVERTISING_REMOVED,
e70bb2e8
JH		 142};
143
99c679ac
MH		 144static const u16 mgmt_untrusted_commands[] = {
145 MGMT_OP_READ_INDEX_LIST,
146 MGMT_OP_READ_INFO,
147 MGMT_OP_READ_UNCONF_INDEX_LIST,
148 MGMT_OP_READ_CONFIG_INFO,
149 MGMT_OP_READ_EXT_INDEX_LIST,
150};
151
152static const u16 mgmt_untrusted_events[] = {
153 MGMT_EV_INDEX_ADDED,
154 MGMT_EV_INDEX_REMOVED,
155 MGMT_EV_NEW_SETTINGS,
156 MGMT_EV_CLASS_OF_DEV_CHANGED,
157 MGMT_EV_LOCAL_NAME_CHANGED,
158 MGMT_EV_UNCONF_INDEX_ADDED,
159 MGMT_EV_UNCONF_INDEX_REMOVED,
160 MGMT_EV_NEW_CONFIG_OPTIONS,
161 MGMT_EV_EXT_INDEX_ADDED,
162 MGMT_EV_EXT_INDEX_REMOVED,
163};
164
17b02e62 165#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 166
d25b78e2
JH		 167#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
168 "\x00\x00\x00\x00\x00\x00\x00\x00"
169
ca69b795
JH		 170/* HCI to MGMT error code conversion table */
171static u8 mgmt_status_table[] = {
172 MGMT_STATUS_SUCCESS,
173 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
174 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
175 MGMT_STATUS_FAILED, /* Hardware Failure */
176 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
177 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 178 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 179 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
180 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
181 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
182 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
183 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
184 MGMT_STATUS_BUSY, /* Command Disallowed */
185 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
186 MGMT_STATUS_REJECTED, /* Rejected Security */
187 MGMT_STATUS_REJECTED, /* Rejected Personal */
188 MGMT_STATUS_TIMEOUT, /* Host Timeout */
189 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
190 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
191 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
192 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
193 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
194 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
195 MGMT_STATUS_BUSY, /* Repeated Attempts */
196 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
197 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
198 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
199 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
200 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
201 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
202 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
203 MGMT_STATUS_FAILED, /* Unspecified Error */
204 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
205 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
206 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
207 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
208 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
209 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
210 MGMT_STATUS_FAILED, /* Unit Link Key Used */
211 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
212 MGMT_STATUS_TIMEOUT, /* Instant Passed */
213 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
214 MGMT_STATUS_FAILED, /* Transaction Collision */
215 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
216 MGMT_STATUS_REJECTED, /* QoS Rejected */
217 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
218 MGMT_STATUS_REJECTED, /* Insufficient Security */
219 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
220 MGMT_STATUS_BUSY, /* Role Switch Pending */
221 MGMT_STATUS_FAILED, /* Slot Violation */
222 MGMT_STATUS_FAILED, /* Role Switch Failed */
223 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
224 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
225 MGMT_STATUS_BUSY, /* Host Busy Pairing */
226 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
227 MGMT_STATUS_BUSY, /* Controller Busy */
228 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
229 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
230 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
231 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
232 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
233};
234
235static u8 mgmt_status(u8 hci_status)
236{
237 if (hci_status < ARRAY_SIZE(mgmt_status_table))
238 return mgmt_status_table[hci_status];
239
240 return MGMT_STATUS_FAILED;
241}
242
c08b1a1d
MH		 243static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
244 u16 len, int flag)
f9207338 245{
c08b1a1d
MH		 246 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
247 flag, NULL);
f9207338
MH		 248}
249
72000df2
MH		 250static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag, struct sock *skip_sk)
252{
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
254 flag, skip_sk);
255}
256
f6b7712e
MH		 257static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, struct sock *skip_sk)
259{
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 HCI_MGMT_GENERIC_EVENTS, skip_sk);
262}
263
7a00ff44
JH		 264static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
266{
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 268 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 269}
270
85813a7e
JH		 271static u8 le_addr_type(u8 mgmt_addr_type)
272{
273 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
274 return ADDR_LE_DEV_PUBLIC;
275 else
276 return ADDR_LE_DEV_RANDOM;
277}
278
04124681
GP		 279static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
280 u16 data_len)
a38528f1
JH		 281{
282 struct mgmt_rp_read_version rp;
283
284 BT_DBG("sock %p", sk);
285
286 rp.version = MGMT_VERSION;
dcf4adbf 287 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 288
2a1afb5a
JH		 289 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
290 &rp, sizeof(rp));
a38528f1
JH		 291}
292
04124681
GP		 293static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
294 u16 data_len)
e70bb2e8
JH		 295{
296 struct mgmt_rp_read_commands *rp;
99c679ac 297 u16 num_commands, num_events;
e70bb2e8
JH		 298 size_t rp_size;
299 int i, err;
300
301 BT_DBG("sock %p", sk);
302
99c679ac
MH		 303 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
304 num_commands = ARRAY_SIZE(mgmt_commands);
305 num_events = ARRAY_SIZE(mgmt_events);
306 } else {
307 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
308 num_events = ARRAY_SIZE(mgmt_untrusted_events);
309 }
310
e70bb2e8
JH		 311 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
312
313 rp = kmalloc(rp_size, GFP_KERNEL);
314 if (!rp)
315 return -ENOMEM;
316
dcf4adbf
JP		 317 rp->num_commands = cpu_to_le16(num_commands);
318 rp->num_events = cpu_to_le16(num_events);
e70bb2e8 319
99c679ac
MH		 320 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
321 __le16 *opcode = rp->opcodes;
322
323 for (i = 0; i < num_commands; i++, opcode++)
324 put_unaligned_le16(mgmt_commands[i], opcode);
e70bb2e8 325
99c679ac
MH		 326 for (i = 0; i < num_events; i++, opcode++)
327 put_unaligned_le16(mgmt_events[i], opcode);
328 } else {
329 __le16 *opcode = rp->opcodes;
330
331 for (i = 0; i < num_commands; i++, opcode++)
332 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
333
334 for (i = 0; i < num_events; i++, opcode++)
335 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
336 }
e70bb2e8 337
2a1afb5a
JH		 338 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
339 rp, rp_size);
e70bb2e8
JH		 340 kfree(rp);
341
342 return err;
343}
344
04124681
GP		 345static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
346 u16 data_len)
faba42eb 347{
faba42eb 348 struct mgmt_rp_read_index_list *rp;
8035ded4 349 struct hci_dev *d;
a38528f1 350 size_t rp_len;
faba42eb 351 u16 count;
476e44cb 352 int err;
faba42eb
JH		 353
354 BT_DBG("sock %p", sk);
355
356 read_lock(&hci_dev_list_lock);
357
358 count = 0;
bb4b2a9a 359 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 360 if (d->dev_type == HCI_BREDR &&
d7a5a11d 361 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 362 count++;
faba42eb
JH		 363 }
364
a38528f1
JH		 365 rp_len = sizeof(*rp) + (2 * count);
366 rp = kmalloc(rp_len, GFP_ATOMIC);
367 if (!rp) {
b2c60d42 368 read_unlock(&hci_dev_list_lock);
faba42eb 369 return -ENOMEM;
b2c60d42 370 }
faba42eb 371
476e44cb 372 count = 0;
8035ded4 373 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 374 if (hci_dev_test_flag(d, HCI_SETUP) ||
375 hci_dev_test_flag(d, HCI_CONFIG) ||
376 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 377 continue;
378
73d1df2a
MH		 379 /* Devices marked as raw-only are neither configured
380 * nor unconfigured controllers.
381 */
382 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 383 continue;
384
73d1df2a 385 if (d->dev_type == HCI_BREDR &&
d7a5a11d 386 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 387 rp->index[count++] = cpu_to_le16(d->id);
388 BT_DBG("Added hci%u", d->id);
389 }
faba42eb
JH		 390 }
391
476e44cb
JH		 392 rp->num_controllers = cpu_to_le16(count);
393 rp_len = sizeof(*rp) + (2 * count);
394
faba42eb
JH		 395 read_unlock(&hci_dev_list_lock);
396
2a1afb5a
JH		 397 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
398 0, rp, rp_len);
faba42eb 399
a38528f1
JH		 400 kfree(rp);
401
402 return err;
faba42eb
JH		 403}
404
73d1df2a
MH		 405static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
406 void *data, u16 data_len)
407{
408 struct mgmt_rp_read_unconf_index_list *rp;
409 struct hci_dev *d;
410 size_t rp_len;
411 u16 count;
412 int err;
413
414 BT_DBG("sock %p", sk);
415
416 read_lock(&hci_dev_list_lock);
417
418 count = 0;
419 list_for_each_entry(d, &hci_dev_list, list) {
420 if (d->dev_type == HCI_BREDR &&
d7a5a11d 421 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 422 count++;
423 }
424
425 rp_len = sizeof(*rp) + (2 * count);
426 rp = kmalloc(rp_len, GFP_ATOMIC);
427 if (!rp) {
428 read_unlock(&hci_dev_list_lock);
429 return -ENOMEM;
430 }
431
432 count = 0;
433 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 434 if (hci_dev_test_flag(d, HCI_SETUP) ||
435 hci_dev_test_flag(d, HCI_CONFIG) ||
436 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 437 continue;
438
439 /* Devices marked as raw-only are neither configured
440 * nor unconfigured controllers.
441 */
442 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
443 continue;
444
445 if (d->dev_type == HCI_BREDR &&
d7a5a11d 446 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 447 rp->index[count++] = cpu_to_le16(d->id);
448 BT_DBG("Added hci%u", d->id);
449 }
450 }
451
452 rp->num_controllers = cpu_to_le16(count);
453 rp_len = sizeof(*rp) + (2 * count);
454
455 read_unlock(&hci_dev_list_lock);
456
2a1afb5a
JH		 457 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
458 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 459
460 kfree(rp);
461
462 return err;
463}
464
96f1474a
MH		 465static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
466 void *data, u16 data_len)
467{
468 struct mgmt_rp_read_ext_index_list *rp;
469 struct hci_dev *d;
470 size_t rp_len;
471 u16 count;
472 int err;
473
474 BT_DBG("sock %p", sk);
475
476 read_lock(&hci_dev_list_lock);
477
478 count = 0;
479 list_for_each_entry(d, &hci_dev_list, list) {
480 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
481 count++;
482 }
483
484 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
485 rp = kmalloc(rp_len, GFP_ATOMIC);
486 if (!rp) {
487 read_unlock(&hci_dev_list_lock);
488 return -ENOMEM;
489 }
490
491 count = 0;
492 list_for_each_entry(d, &hci_dev_list, list) {
493 if (hci_dev_test_flag(d, HCI_SETUP) ||
494 hci_dev_test_flag(d, HCI_CONFIG) ||
495 hci_dev_test_flag(d, HCI_USER_CHANNEL))
496 continue;
497
498 /* Devices marked as raw-only are neither configured
499 * nor unconfigured controllers.
500 */
501 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
502 continue;
503
504 if (d->dev_type == HCI_BREDR) {
505 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
506 rp->entry[count].type = 0x01;
507 else
508 rp->entry[count].type = 0x00;
509 } else if (d->dev_type == HCI_AMP) {
510 rp->entry[count].type = 0x02;
511 } else {
512 continue;
513 }
514
515 rp->entry[count].bus = d->bus;
516 rp->entry[count++].index = cpu_to_le16(d->id);
517 BT_DBG("Added hci%u", d->id);
518 }
519
520 rp->num_controllers = cpu_to_le16(count);
521 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
522
523 read_unlock(&hci_dev_list_lock);
524
525 /* If this command is called at least once, then all the
526 * default index and unconfigured index events are disabled
527 * and from now on only extended index events are used.
528 */
529 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
530 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
531 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
532
533 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
534 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
535
536 kfree(rp);
537
538 return err;
539}
540
dbece37a
MH		 541static bool is_configured(struct hci_dev *hdev)
542{
543 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 544 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 545 return false;
546
547 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
548 !bacmp(&hdev->public_addr, BDADDR_ANY))
549 return false;
550
551 return true;
552}
553
89bc22d2
MH		 554static __le32 get_missing_options(struct hci_dev *hdev)
555{
556 u32 options = 0;
557
dbece37a 558 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 559 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 560 options |= MGMT_OPTION_EXTERNAL_CONFIG;
561
89bc22d2
MH		 562 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
563 !bacmp(&hdev->public_addr, BDADDR_ANY))
564 options |= MGMT_OPTION_PUBLIC_ADDRESS;
565
566 return cpu_to_le32(options);
567}
568
f4537c04
MH		 569static int new_options(struct hci_dev *hdev, struct sock *skip)
570{
571 __le32 options = get_missing_options(hdev);
572
f6b7712e
MH		 573 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
574 sizeof(options), skip);
f4537c04
MH		 575}
576
dbece37a
MH		 577static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
578{
579 __le32 options = get_missing_options(hdev);
580
2a1afb5a
JH		 581 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
582 sizeof(options));
dbece37a
MH		 583}
584
9fc3bfb6
MH		 585static int read_config_info(struct sock *sk, struct hci_dev *hdev,
586 void *data, u16 data_len)
587{
588 struct mgmt_rp_read_config_info rp;
89bc22d2 589 u32 options = 0;
9fc3bfb6
MH		 590
591 BT_DBG("sock %p %s", sk, hdev->name);
592
593 hci_dev_lock(hdev);
594
595 memset(&rp, 0, sizeof(rp));
596 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 597
eb1904f4
MH		 598 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
599 options |= MGMT_OPTION_EXTERNAL_CONFIG;
600
9fc3bfb6 601 if (hdev->set_bdaddr)
89bc22d2
MH		 602 options |= MGMT_OPTION_PUBLIC_ADDRESS;
603
604 rp.supported_options = cpu_to_le32(options);
605 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 606
607 hci_dev_unlock(hdev);
608
2a1afb5a
JH		 609 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
610 &rp, sizeof(rp));
9fc3bfb6
MH		 611}
612
69ab39ea
JH		 613static u32 get_supported_settings(struct hci_dev *hdev)
614{
615 u32 settings = 0;
616
617 settings |= MGMT_SETTING_POWERED;
b2939475 618 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 619 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 620 settings |= MGMT_SETTING_CONNECTABLE;
621 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 622
ed3fa31f 623 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 624 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
625 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 626 settings |= MGMT_SETTING_BREDR;
627 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 628
629 if (lmp_ssp_capable(hdev)) {
630 settings |= MGMT_SETTING_SSP;
631 settings |= MGMT_SETTING_HS;
632 }
e98d2ce2 633
05b3c3e7 634 if (lmp_sc_capable(hdev))
e98d2ce2 635 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 636 }
d7b7e796 637
eeca6f89 638 if (lmp_le_capable(hdev)) {
9d42820f 639 settings |= MGMT_SETTING_LE;
eeca6f89 640 settings |= MGMT_SETTING_ADVERTISING;
a3209694 641 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 642 settings |= MGMT_SETTING_PRIVACY;
93690c22 643 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 644 }
69ab39ea 645
eb1904f4
MH		 646 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
647 hdev->set_bdaddr)
9fc3bfb6
MH		 648 settings |= MGMT_SETTING_CONFIGURATION;
649
69ab39ea
JH		 650 return settings;
651}
652
653static u32 get_current_settings(struct hci_dev *hdev)
654{
655 u32 settings = 0;
656
f1f0eb02 657 if (hdev_is_powered(hdev))
f0d4b78a
MH		 658 settings |= MGMT_SETTING_POWERED;
659
d7a5a11d 660 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 661 settings |= MGMT_SETTING_CONNECTABLE;
662
d7a5a11d 663 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 664 settings |= MGMT_SETTING_FAST_CONNECTABLE;
665
d7a5a11d 666 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 667 settings |= MGMT_SETTING_DISCOVERABLE;
668
d7a5a11d 669 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 670 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 671
d7a5a11d 672 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 673 settings |= MGMT_SETTING_BREDR;
674
d7a5a11d 675 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 676 settings |= MGMT_SETTING_LE;
677
d7a5a11d 678 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 679 settings |= MGMT_SETTING_LINK_SECURITY;
680
d7a5a11d 681 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 682 settings |= MGMT_SETTING_SSP;
683
d7a5a11d 684 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 685 settings |= MGMT_SETTING_HS;
686
d7a5a11d 687 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 688 settings |= MGMT_SETTING_ADVERTISING;
689
d7a5a11d 690 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 691 settings |= MGMT_SETTING_SECURE_CONN;
692
d7a5a11d 693 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 694 settings |= MGMT_SETTING_DEBUG_KEYS;
695
d7a5a11d 696 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 697 settings |= MGMT_SETTING_PRIVACY;
698
93690c22
MH		 699 /* The current setting for static address has two purposes. The
700 * first is to indicate if the static address will be used and
701 * the second is to indicate if it is actually set.
702 *
703 * This means if the static address is not configured, this flag
08dc0e98 704 * will never be set. If the address is configured, then if the
93690c22
MH		 705 * address is actually used decides if the flag is set or not.
706 *
707 * For single mode LE only controllers and dual-mode controllers
708 * with BR/EDR disabled, the existence of the static address will
709 * be evaluated.
710 */
b7cb93e5 711 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 712 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 713 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
714 if (bacmp(&hdev->static_addr, BDADDR_ANY))
715 settings |= MGMT_SETTING_STATIC_ADDRESS;
716 }
717
69ab39ea
JH		 718 return settings;
719}
720
ef580372
JH		 721#define PNP_INFO_SVCLASS_ID 0x1200
722
213202ed
JH		 723static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
724{
725 u8 *ptr = data, *uuids_start = NULL;
726 struct bt_uuid *uuid;
727
728 if (len < 4)
729 return ptr;
730
731 list_for_each_entry(uuid, &hdev->uuids, list) {
732 u16 uuid16;
733
734 if (uuid->size != 16)
735 continue;
736
737 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
738 if (uuid16 < 0x1100)
739 continue;
740
741 if (uuid16 == PNP_INFO_SVCLASS_ID)
742 continue;
743
744 if (!uuids_start) {
745 uuids_start = ptr;
746 uuids_start[0] = 1;
747 uuids_start[1] = EIR_UUID16_ALL;
748 ptr += 2;
749 }
750
751 /* Stop if not enough space to put next UUID */
752 if ((ptr - data) + sizeof(u16) > len) {
753 uuids_start[1] = EIR_UUID16_SOME;
754 break;
755 }
756
757 *ptr++ = (uuid16 & 0x00ff);
758 *ptr++ = (uuid16 & 0xff00) >> 8;
759 uuids_start[0] += sizeof(uuid16);
760 }
761
762 return ptr;
763}
764
cdf1963f
JH		 765static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
766{
767 u8 *ptr = data, *uuids_start = NULL;
768 struct bt_uuid *uuid;
769
770 if (len < 6)
771 return ptr;
772
773 list_for_each_entry(uuid, &hdev->uuids, list) {
774 if (uuid->size != 32)
775 continue;
776
777 if (!uuids_start) {
778 uuids_start = ptr;
779 uuids_start[0] = 1;
780 uuids_start[1] = EIR_UUID32_ALL;
781 ptr += 2;
782 }
783
784 /* Stop if not enough space to put next UUID */
785 if ((ptr - data) + sizeof(u32) > len) {
786 uuids_start[1] = EIR_UUID32_SOME;
787 break;
788 }
789
790 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
791 ptr += sizeof(u32);
792 uuids_start[0] += sizeof(u32);
793 }
794
795 return ptr;
796}
797
c00d575b
JH		 798static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
799{
800 u8 *ptr = data, *uuids_start = NULL;
801 struct bt_uuid *uuid;
802
803 if (len < 18)
804 return ptr;
805
806 list_for_each_entry(uuid, &hdev->uuids, list) {
807 if (uuid->size != 128)
808 continue;
809
810 if (!uuids_start) {
811 uuids_start = ptr;
812 uuids_start[0] = 1;
813 uuids_start[1] = EIR_UUID128_ALL;
814 ptr += 2;
815 }
816
817 /* Stop if not enough space to put next UUID */
818 if ((ptr - data) + 16 > len) {
819 uuids_start[1] = EIR_UUID128_SOME;
820 break;
821 }
822
823 memcpy(ptr, uuid->uuid, 16);
824 ptr += 16;
825 uuids_start[0] += 16;
826 }
827
828 return ptr;
829}
830
333ae95d
JH		 831static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
832{
833 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
834}
835
333ae95d
JH		 836static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
837 struct hci_dev *hdev,
838 const void *data)
839{
840 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
841}
842
91aa9bb2
FG		 843static u8 get_current_adv_instance(struct hci_dev *hdev)
844{
845 /* The "Set Advertising" setting supersedes the "Add Advertising"
846 * setting. Here we set the advertising data based on which
847 * setting was set. When neither apply, default to the global settings,
848 * represented by instance "0".
849 */
850 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
851 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
3ff37e6b 852 return hdev->cur_adv_instance;
91aa9bb2
FG		 853
854 return 0x00;
855}
856
4117ed70 857static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
f14d8f64 858{
7a5f4990
MH		 859 u8 ad_len = 0;
860 size_t name_len;
861
862 name_len = strlen(hdev->dev_name);
863 if (name_len > 0) {
864 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
865
866 if (name_len > max_len) {
867 name_len = max_len;
868 ptr[1] = EIR_NAME_SHORT;
869 } else
870 ptr[1] = EIR_NAME_COMPLETE;
871
872 ptr[0] = name_len + 1;
873
874 memcpy(ptr + 2, hdev->dev_name, name_len);
875
876 ad_len += (name_len + 2);
877 ptr += (name_len + 2);
878 }
879
880 return ad_len;
f14d8f64
MH		 881}
882
ca21fbe9
FG		 883static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 instance,
884 u8 *ptr)
4117ed70 885{
ca21fbe9
FG		 886 struct adv_info *adv_instance;
887
888 adv_instance = hci_find_adv_instance(hdev, instance);
889 if (!adv_instance)
890 return 0;
891
4117ed70
AU		 892 /* TODO: Set the appropriate entries based on advertising instance flags
893 * here once flags other than 0 are supported.
894 */
ca21fbe9
FG		 895 memcpy(ptr, adv_instance->scan_rsp_data,
896 adv_instance->scan_rsp_len);
4117ed70 897
ca21fbe9 898 return adv_instance->scan_rsp_len;
4117ed70
AU		 899}
900
efae002c 901static void update_inst_scan_rsp_data(struct hci_request *req, u8 instance)
f14d8f64
MH		 902{
903 struct hci_dev *hdev = req->hdev;
904 struct hci_cp_le_set_scan_rsp_data cp;
905 u8 len;
906
d7a5a11d 907 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
f14d8f64
MH		 908 return;
909
910 memset(&cp, 0, sizeof(cp));
911
4117ed70 912 if (instance)
ca21fbe9 913 len = create_instance_scan_rsp_data(hdev, instance, cp.data);
4117ed70
AU		 914 else
915 len = create_default_scan_rsp_data(hdev, cp.data);
f14d8f64 916
eb438b5f 917 if (hdev->scan_rsp_data_len == len &&
4117ed70 918 !memcmp(cp.data, hdev->scan_rsp_data, len))
f14d8f64
MH		 919 return;
920
eb438b5f
JH		 921 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
922 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 923
924 cp.length = len;
925
926 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
927}
928
4117ed70
AU		 929static void update_scan_rsp_data(struct hci_request *req)
930{
efae002c 931 update_inst_scan_rsp_data(req, get_current_adv_instance(req->hdev));
4117ed70
AU		 932}
933
9a43e25f
JH		 934static u8 get_adv_discov_flags(struct hci_dev *hdev)
935{
3b0602cd 936 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 937
938 /* If there's a pending mgmt command the flags will not yet have
939 * their final values, so check for this first.
940 */
333ae95d 941 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 942 if (cmd) {
943 struct mgmt_mode *cp = cmd->param;
944 if (cp->val == 0x01)
945 return LE_AD_GENERAL;
946 else if (cp->val == 0x02)
947 return LE_AD_LIMITED;
948 } else {
d7a5a11d 949 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 950 return LE_AD_LIMITED;
d7a5a11d 951 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 952 return LE_AD_GENERAL;
953 }
954
955 return 0;
956}
957
fdf51784
AU		 958static bool get_connectable(struct hci_dev *hdev)
959{
960 struct mgmt_pending_cmd *cmd;
441ad2d0 961
fdf51784
AU		 962 /* If there's a pending mgmt command the flag will not yet have
963 * it's final value, so check for this first.
964 */
965 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
966 if (cmd) {
967 struct mgmt_mode *cp = cmd->param;
441ad2d0 968
fdf51784 969 return cp->val;
441ad2d0
MH		 970 }
971
fdf51784
AU		 972 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
973}
441ad2d0 974
fdf51784
AU		 975static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
976{
977 u32 flags;
411b4121 978 struct adv_info *adv_instance;
441ad2d0 979
bea28e65
FG		 980 if (instance == 0x00) {
981 /* Instance 0 always manages the "Tx Power" and "Flags"
982 * fields
983 */
984 flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS;
411b4121 985
bea28e65
FG		 986 /* For instance 0, the HCI_ADVERTISING_CONNECTABLE setting
987 * corresponds to the "connectable" instance flag.
988 */
989 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
990 flags |= MGMT_ADV_FLAG_CONNECTABLE;
fdf51784 991
bea28e65 992 return flags;
411b4121 993 }
fdf51784 994
bea28e65 995 adv_instance = hci_find_adv_instance(hdev, instance);
fdf51784 996
bea28e65
FG		 997 /* Return 0 when we got an invalid instance identifier. */
998 if (!adv_instance)
999 return 0;
fdf51784 1000
bea28e65 1001 return adv_instance->flags;
441ad2d0
MH		 1002}
1003
7b683b74 1004static u8 get_cur_adv_instance_scan_rsp_len(struct hci_dev *hdev)
c7d4883b 1005{
7b683b74
FG		 1006 u8 instance = get_current_adv_instance(hdev);
1007 struct adv_info *adv_instance;
1008
1009 /* Ignore instance 0 */
1010 if (instance == 0x00)
1011 return 0;
1012
1013 adv_instance = hci_find_adv_instance(hdev, instance);
1014 if (!adv_instance)
c7d4883b
AU		 1015 return 0;
1016
1017 /* TODO: Take into account the "appearance" and "local-name" flags here.
1018 * These are currently being ignored as they are not supported.
1019 */
7b683b74 1020 return adv_instance->scan_rsp_len;
c7d4883b
AU		 1021}
1022
fdf51784 1023static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
24b4f38f 1024{
f63ba24b 1025 struct adv_info *adv_instance = NULL;
b44133ff 1026 u8 ad_len = 0, flags = 0;
f63ba24b
FG		 1027 u32 instance_flags;
1028
1029 /* Return 0 when the current instance identifier is invalid. */
1030 if (instance) {
1031 adv_instance = hci_find_adv_instance(hdev, instance);
1032 if (!adv_instance)
1033 return 0;
1034 }
1035
1036 instance_flags = get_adv_instance_flags(hdev, instance);
b44133ff 1037
807ec772
AU		 1038 /* The Add Advertising command allows userspace to set both the general
1039 * and limited discoverable flags.
1040 */
fdf51784 1041 if (instance_flags & MGMT_ADV_FLAG_DISCOV)
b44133ff
AU		 1042 flags |= LE_AD_GENERAL;
1043
fdf51784 1044 if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV)
807ec772
AU		 1045 flags |= LE_AD_LIMITED;
1046
fdf51784 1047 if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) {
67e0c0cd
AU		 1048 /* If a discovery flag wasn't provided, simply use the global
1049 * settings.
1050 */
1051 if (!flags)
1052 flags |= get_adv_discov_flags(hdev);
1053
b44133ff
AU		 1054 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1055 flags |= LE_AD_NO_BREDR;
1056
fdf51784
AU		 1057 /* If flags would still be empty, then there is no need to
1058 * include the "Flags" AD field".
1059 */
1060 if (flags) {
1061 ptr[0] = 0x02;
1062 ptr[1] = EIR_FLAGS;
1063 ptr[2] = flags;
b44133ff 1064
fdf51784
AU		 1065 ad_len += 3;
1066 ptr += 3;
1067 }
b44133ff
AU		 1068 }
1069
f63ba24b
FG		 1070 if (adv_instance) {
1071 memcpy(ptr, adv_instance->adv_data,
1072 adv_instance->adv_data_len);
1073 ad_len += adv_instance->adv_data_len;
1074 ptr += adv_instance->adv_data_len;
38c8af60
MH		 1075 }
1076
fdf51784 1077 /* Provide Tx Power only if we can provide a valid value for it */
5507e358 1078 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID &&
fdf51784 1079 (instance_flags & MGMT_ADV_FLAG_TX_POWER)) {
5507e358
AU		 1080 ptr[0] = 0x02;
1081 ptr[1] = EIR_TX_POWER;
1082 ptr[2] = (u8)hdev->adv_tx_power;
1083
1084 ad_len += 3;
1085 ptr += 3;
1086 }
1087
b44133ff 1088 return ad_len;
24b4f38f
AU		 1089}
1090
efae002c 1091static void update_inst_adv_data(struct hci_request *req, u8 instance)
441ad2d0
MH		 1092{
1093 struct hci_dev *hdev = req->hdev;
1094 struct hci_cp_le_set_adv_data cp;
1095 u8 len;
1096
d7a5a11d 1097 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
441ad2d0
MH		 1098 return;
1099
1100 memset(&cp, 0, sizeof(cp));
1101
fdf51784 1102 len = create_instance_adv_data(hdev, instance, cp.data);
441ad2d0 1103
24b4f38f 1104 /* There's nothing to do if the data hasn't changed */
441ad2d0
MH		 1105 if (hdev->adv_data_len == len &&
1106 memcmp(cp.data, hdev->adv_data, len) == 0)
1107 return;
1108
1109 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1110 hdev->adv_data_len = len;
1111
1112 cp.length = len;
1113
1114 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1115}
1116
e7a685d3
AU		 1117static void update_adv_data(struct hci_request *req)
1118{
efae002c 1119 update_inst_adv_data(req, get_current_adv_instance(req->hdev));
24b4f38f
AU		 1120}
1121
bc6d2d04
JH		 1122int mgmt_update_adv_data(struct hci_dev *hdev)
1123{
1124 struct hci_request req;
1125
1126 hci_req_init(&req, hdev);
1127 update_adv_data(&req);
1128
1129 return hci_req_run(&req, NULL);
1130}
1131
ef580372
JH		 1132static void create_eir(struct hci_dev *hdev, u8 *data)
1133{
1134 u8 *ptr = data;
ef580372
JH		 1135 size_t name_len;
1136
1137 name_len = strlen(hdev->dev_name);
1138
1139 if (name_len > 0) {
1140 /* EIR Data type */
1141 if (name_len > 48) {
1142 name_len = 48;
1143 ptr[1] = EIR_NAME_SHORT;
1144 } else
1145 ptr[1] = EIR_NAME_COMPLETE;
1146
1147 /* EIR Data length */
1148 ptr[0] = name_len + 1;
1149
1150 memcpy(ptr + 2, hdev->dev_name, name_len);
1151
ef580372
JH		 1152 ptr += (name_len + 2);
1153 }
1154
bbaf444a 1155 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 1156 ptr[0] = 2;
1157 ptr[1] = EIR_TX_POWER;
1158 ptr[2] = (u8) hdev->inq_tx_power;
1159
91c4e9b1
MH		 1160 ptr += 3;
1161 }
1162
2b9be137
MH		 1163 if (hdev->devid_source > 0) {
1164 ptr[0] = 9;
1165 ptr[1] = EIR_DEVICE_ID;
1166
1167 put_unaligned_le16(hdev->devid_source, ptr + 2);
1168 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1169 put_unaligned_le16(hdev->devid_product, ptr + 6);
1170 put_unaligned_le16(hdev->devid_version, ptr + 8);
1171
2b9be137
MH		 1172 ptr += 10;
1173 }
1174
213202ed 1175 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 1176 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 1177 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 1178}
1179
890ea898 1180static void update_eir(struct hci_request *req)
ef580372 1181{
890ea898 1182 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1183 struct hci_cp_write_eir cp;
1184
504c8dcd 1185 if (!hdev_is_powered(hdev))
890ea898 1186 return;
7770c4aa 1187
976eb20e 1188 if (!lmp_ext_inq_capable(hdev))
890ea898 1189 return;
ef580372 1190
d7a5a11d 1191 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
890ea898 1192 return;
ef580372 1193
d7a5a11d 1194 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1195 return;
ef580372
JH		 1196
1197 memset(&cp, 0, sizeof(cp));
1198
1199 create_eir(hdev, cp.data);
1200
1201 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 1202 return;
ef580372
JH		 1203
1204 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1205
890ea898 1206 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 1207}
1208
1209static u8 get_service_classes(struct hci_dev *hdev)
1210{
1211 struct bt_uuid *uuid;
1212 u8 val = 0;
1213
1214 list_for_each_entry(uuid, &hdev->uuids, list)
1215 val |= uuid->svc_hint;
1216
1217 return val;
1218}
1219
890ea898 1220static void update_class(struct hci_request *req)
ef580372 1221{
890ea898 1222 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1223 u8 cod[3];
1224
1225 BT_DBG("%s", hdev->name);
1226
504c8dcd 1227 if (!hdev_is_powered(hdev))
890ea898 1228 return;
7770c4aa 1229
d7a5a11d 1230 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
f87ea1da
JH		 1231 return;
1232
d7a5a11d 1233 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1234 return;
ef580372
JH		 1235
1236 cod[0] = hdev->minor_class;
1237 cod[1] = hdev->major_class;
1238 cod[2] = get_service_classes(hdev);
1239
d7a5a11d 1240 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
6acd7db4
MH		 1241 cod[1] |= 0x20;
1242
ef580372 1243 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1244 return;
ef580372 1245
890ea898 1246 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1247}
1248
0ec5ae84
JH		 1249static void disable_advertising(struct hci_request *req)
1250{
1251 u8 enable = 0x00;
1252
1253 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1254}
1255
199a2fb1
JH		 1256static void enable_advertising(struct hci_request *req)
1257{
1258 struct hci_dev *hdev = req->hdev;
1259 struct hci_cp_le_set_adv_param cp;
8f2a0601 1260 u8 own_addr_type, enable = 0x01;
a4858cb9 1261 bool connectable;
e7a685d3
AU		 1262 u8 instance;
1263 u32 flags;
199a2fb1 1264
0ec5ae84
JH		 1265 if (hci_conn_num(hdev, LE_LINK) > 0)
1266 return;
1267
d7a5a11d 1268 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
0ec5ae84
JH		 1269 disable_advertising(req);
1270
5ce194c4 1271 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1272 * hci_update_random_address knows that it's safe to go ahead
1273 * and write a new random address. The flag will be set back on
1274 * as soon as the SET_ADV_ENABLE HCI command completes.
1275 */
a358dc11 1276 hci_dev_clear_flag(hdev, HCI_LE_ADV);
8d97250e 1277
e7a685d3
AU		 1278 instance = get_current_adv_instance(hdev);
1279 flags = get_adv_instance_flags(hdev, instance);
faccb950
AU		 1280
1281 /* If the "connectable" instance flag was not set, then choose between
1282 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
1283 */
1284 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
1285 get_connectable(hdev);
8f2a0601 1286
a4858cb9
JH		 1287 /* Set require_privacy to true only when non-connectable
1288 * advertising is used. In that case it is fine to use a
1289 * non-resolvable private address.
1290 */
1291 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1292 return;
1293
41c90c18 1294 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1295 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1296 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
c7d4883b
AU		 1297
1298 if (connectable)
1299 cp.type = LE_ADV_IND;
7b683b74 1300 else if (get_cur_adv_instance_scan_rsp_len(hdev))
c7d4883b
AU		 1301 cp.type = LE_ADV_SCAN_IND;
1302 else
1303 cp.type = LE_ADV_NONCONN_IND;
1304
8f2a0601 1305 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1306 cp.channel_map = hdev->le_adv_channel_map;
1307
1308 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1309
1310 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1311}
1312
7d78525d
JH		 1313static void service_cache_off(struct work_struct *work)
1314{
1315 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1316 service_cache.work);
890ea898 1317 struct hci_request req;
7d78525d 1318
a69d8927 1319 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 1320 return;
1321
890ea898
JH		 1322 hci_req_init(&req, hdev);
1323
7d78525d
JH		 1324 hci_dev_lock(hdev);
1325
890ea898
JH		 1326 update_eir(&req);
1327 update_class(&req);
7d78525d
JH		 1328
1329 hci_dev_unlock(hdev);
890ea898
JH		 1330
1331 hci_req_run(&req, NULL);
7d78525d
JH		 1332}
1333
d6bfd59c
JH		 1334static void rpa_expired(struct work_struct *work)
1335{
1336 struct hci_dev *hdev = container_of(work, struct hci_dev,
1337 rpa_expired.work);
1338 struct hci_request req;
1339
1340 BT_DBG("");
1341
a1536da2 1342 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 1343
d7a5a11d 1344 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 1345 return;
1346
1347 /* The generation of a new RPA and programming it into the
1348 * controller happens in the enable_advertising() function.
1349 */
d6bfd59c 1350 hci_req_init(&req, hdev);
d6bfd59c 1351 enable_advertising(&req);
d6bfd59c
JH		 1352 hci_req_run(&req, NULL);
1353}
1354
6a919082 1355static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1356{
238be788 1357 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 1358 return;
1359
4f87da80 1360 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1361 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1362
4f87da80
JH		 1363 /* Non-mgmt controlled devices get this bit set
1364 * implicitly so that pairing works for them, however
1365 * for mgmt we require user-space to explicitly enable
1366 * it
1367 */
a358dc11 1368 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 1369}
1370
0f4e68cf 1371static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1372 void *data, u16 data_len)
0381101f 1373{
a38528f1 1374 struct mgmt_rp_read_info rp;
f7b64e69 1375
bdb6d971 1376 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1377
09fd0de5 1378 hci_dev_lock(hdev);
f7b64e69 1379
dc4fe30b
JH		 1380 memset(&rp, 0, sizeof(rp));
1381
69ab39ea 1382 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1383
69ab39ea 1384 rp.version = hdev->hci_ver;
eb55ef07 1385 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1386
1387 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1388 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1389
a38528f1 1390 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1391
dc4fe30b 1392 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1393 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1394
09fd0de5 1395 hci_dev_unlock(hdev);
0381101f 1396
2a1afb5a
JH		 1397 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1398 sizeof(rp));
0381101f
JH		 1399}
1400
69ab39ea 1401static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1402{
69ab39ea 1403 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1404
2a1afb5a
JH		 1405 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1406 sizeof(settings));
8680570b
JH		 1407}
1408
1904a853 1409static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1410{
1411 BT_DBG("%s status 0x%02x", hdev->name, status);
1412
a3172b7e
JH		 1413 if (hci_conn_count(hdev) == 0) {
1414 cancel_delayed_work(&hdev->power_off);
8b064a3a 1415 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1416 }
8b064a3a
JH		 1417}
1418
912098a6
AU		 1419static void advertising_added(struct sock *sk, struct hci_dev *hdev,
1420 u8 instance)
1421{
1422 struct mgmt_ev_advertising_added ev;
1423
1424 ev.instance = instance;
1425
1426 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1427}
1428
1429static void advertising_removed(struct sock *sk, struct hci_dev *hdev,
1430 u8 instance)
1431{
1432 struct mgmt_ev_advertising_removed ev;
1433
1434 ev.instance = instance;
1435
1436 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1437}
1438
7816b820
FG		 1439static int schedule_adv_instance(struct hci_request *req, u8 instance,
1440 bool force) {
1441 struct hci_dev *hdev = req->hdev;
1442 struct adv_info *adv_instance = NULL;
1443 u16 timeout;
1444
1445 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
1446 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
1447 return -EPERM;
1448
1449 if (hdev->adv_instance_timeout)
1450 return -EBUSY;
1451
1452 adv_instance = hci_find_adv_instance(hdev, instance);
1453 if (!adv_instance)
1454 return -ENOENT;
1455
1456 /* A zero timeout means unlimited advertising. As long as there is
1457 * only one instance, duration should be ignored. We still set a timeout
1458 * in case further instances are being added later on.
1459 *
1460 * If the remaining lifetime of the instance is more than the duration
1461 * then the timeout corresponds to the duration, otherwise it will be
1462 * reduced to the remaining instance lifetime.
1463 */
1464 if (adv_instance->timeout == 0 ||
1465 adv_instance->duration <= adv_instance->remaining_time)
1466 timeout = adv_instance->duration;
1467 else
1468 timeout = adv_instance->remaining_time;
1469
1470 /* The remaining time is being reduced unless the instance is being
1471 * advertised without time limit.
1472 */
1473 if (adv_instance->timeout)
1474 adv_instance->remaining_time =
1475 adv_instance->remaining_time - timeout;
1476
1477 hdev->adv_instance_timeout = timeout;
1478 queue_delayed_work(hdev->workqueue,
1479 &hdev->adv_instance_expire,
1480 msecs_to_jiffies(timeout * 1000));
1481
1482 /* If we're just re-scheduling the same instance again then do not
1483 * execute any HCI commands. This happens when a single instance is
1484 * being advertised.
1485 */
1486 if (!force && hdev->cur_adv_instance == instance &&
1487 hci_dev_test_flag(hdev, HCI_LE_ADV))
1488 return 0;
1489
1490 hdev->cur_adv_instance = instance;
1491 update_adv_data(req);
1492 update_scan_rsp_data(req);
1493 enable_advertising(req);
1494
1495 return 0;
1496}
1497
1498static void cancel_adv_timeout(struct hci_dev *hdev)
1499{
1500 if (hdev->adv_instance_timeout) {
1501 hdev->adv_instance_timeout = 0;
1502 cancel_delayed_work(&hdev->adv_instance_expire);
1503 }
1504}
1505
847818d9
FG		 1506/* For a single instance:
1507 * - force == true: The instance will be removed even when its remaining
1508 * lifetime is not zero.
1509 * - force == false: the instance will be deactivated but kept stored unless
1510 * the remaining lifetime is zero.
1511 *
1512 * For instance == 0x00:
1513 * - force == true: All instances will be removed regardless of their timeout
1514 * setting.
1515 * - force == false: Only instances that have a timeout will be removed.
1516 */
1517static void clear_adv_instance(struct hci_dev *hdev, struct hci_request *req,
1518 u8 instance, bool force)
912098a6 1519{
847818d9
FG		 1520 struct adv_info *adv_instance, *n, *next_instance = NULL;
1521 int err;
1522 u8 rem_inst;
912098a6 1523
847818d9
FG		 1524 /* Cancel any timeout concerning the removed instance(s). */
1525 if (!instance || hdev->cur_adv_instance == instance)
1526 cancel_adv_timeout(hdev);
912098a6 1527
847818d9
FG		 1528 /* Get the next instance to advertise BEFORE we remove
1529 * the current one. This can be the same instance again
1530 * if there is only one instance.
1531 */
1532 if (instance && hdev->cur_adv_instance == instance)
1533 next_instance = hci_get_next_instance(hdev, instance);
912098a6 1534
847818d9
FG		 1535 if (instance == 0x00) {
1536 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances,
1537 list) {
1538 if (!(force || adv_instance->timeout))
1539 continue;
912098a6 1540
847818d9
FG		 1541 rem_inst = adv_instance->instance;
1542 err = hci_remove_adv_instance(hdev, rem_inst);
1543 if (!err)
1544 advertising_removed(NULL, hdev, rem_inst);
1545 }
1546 hdev->cur_adv_instance = 0x00;
1547 } else {
1548 adv_instance = hci_find_adv_instance(hdev, instance);
1549
1550 if (force || (adv_instance && adv_instance->timeout &&
1551 !adv_instance->remaining_time)) {
1552 /* Don't advertise a removed instance. */
1553 if (next_instance &&
1554 next_instance->instance == instance)
1555 next_instance = NULL;
1556
1557 err = hci_remove_adv_instance(hdev, instance);
1558 if (!err)
1559 advertising_removed(NULL, hdev, instance);
1560 }
1561 }
1562
1563 if (list_empty(&hdev->adv_instances)) {
1564 hdev->cur_adv_instance = 0x00;
1565 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
1566 }
1567
1568 if (!req || !hdev_is_powered(hdev) ||
912098a6
AU		 1569 hci_dev_test_flag(hdev, HCI_ADVERTISING))
1570 return;
1571
847818d9
FG		 1572 if (next_instance)
1573 schedule_adv_instance(req, next_instance->instance, false);
912098a6
AU		 1574}
1575
8b064a3a
JH		 1576static int clean_up_hci_state(struct hci_dev *hdev)
1577{
1578 struct hci_request req;
1579 struct hci_conn *conn;
23a48093
JH		 1580 bool discov_stopped;
1581 int err;
8b064a3a
JH		 1582
1583 hci_req_init(&req, hdev);
1584
1585 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1586 test_bit(HCI_PSCAN, &hdev->flags)) {
1587 u8 scan = 0x00;
1588 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1589 }
1590
847818d9 1591 clear_adv_instance(hdev, NULL, 0x00, false);
912098a6 1592
d7a5a11d 1593 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
8b064a3a
JH		 1594 disable_advertising(&req);
1595
2154d3f4 1596 discov_stopped = hci_req_stop_discovery(&req);
8b064a3a
JH		 1597
1598 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
89e0ccc8
JH		 1599 /* 0x15 == Terminated due to Power Off */
1600 __hci_abort_conn(&req, conn, 0x15);
8b064a3a
JH		 1601 }
1602
23a48093
JH		 1603 err = hci_req_run(&req, clean_up_hci_complete);
1604 if (!err && discov_stopped)
1605 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1606
1607 return err;
8b064a3a
JH		 1608}
1609
bdb6d971 1610static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1611 u16 len)
eec8d2bc 1612{
650f726d 1613 struct mgmt_mode *cp = data;
3b0602cd 1614 struct mgmt_pending_cmd *cmd;
4b34ee78 1615 int err;
eec8d2bc 1616
bdb6d971 1617 BT_DBG("request for %s", hdev->name);
eec8d2bc 1618
a7e80f25 1619 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1620 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1621 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1622
09fd0de5 1623 hci_dev_lock(hdev);
eec8d2bc 1624
333ae95d 1625 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1626 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1627 MGMT_STATUS_BUSY);
87b95ba6
JH		 1628 goto failed;
1629 }
1630
a69d8927 1631 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
f0d4b78a
MH		 1632 cancel_delayed_work(&hdev->power_off);
1633
1634 if (cp->val) {
a1d70450
JH		 1635 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1636 data, len);
1637 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1638 goto failed;
1639 }
1640 }
1641
4b34ee78 1642 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1643 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1644 goto failed;
1645 }
1646
2e58ef3e 1647 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1648 if (!cmd) {
1649 err = -ENOMEM;
eec8d2bc 1650 goto failed;
366a0336 1651 }
eec8d2bc 1652
8b064a3a 1653 if (cp->val) {
19202573 1654 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1655 err = 0;
1656 } else {
1657 /* Disconnect connections, stop scans, etc */
1658 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1659 if (!err)
1660 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1661 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1662
8b064a3a
JH		 1663 /* ENODATA means there were no HCI commands queued */
1664 if (err == -ENODATA) {
a3172b7e 1665 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1666 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1667 err = 0;
1668 }
1669 }
eec8d2bc
JH		 1670
1671failed:
09fd0de5 1672 hci_dev_unlock(hdev);
366a0336 1673 return err;
eec8d2bc
JH		 1674}
1675
beadb2bd
JH		 1676static int new_settings(struct hci_dev *hdev, struct sock *skip)
1677{
f6b7712e 1678 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1679
f6b7712e
MH		 1680 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1681 sizeof(ev), skip);
beadb2bd
JH		 1682}
1683
91a668b0
JH		 1684int mgmt_new_settings(struct hci_dev *hdev)
1685{
1686 return new_settings(hdev, NULL);
1687}
1688
bd99abdd
JH		 1689struct cmd_lookup {
1690 struct sock *sk;
1691 struct hci_dev *hdev;
1692 u8 mgmt_status;
1693};
1694
3b0602cd 1695static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1696{
1697 struct cmd_lookup *match = data;
1698
1699 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1700
1701 list_del(&cmd->list);
1702
1703 if (match->sk == NULL) {
1704 match->sk = cmd->sk;
1705 sock_hold(match->sk);
1706 }
1707
1708 mgmt_pending_free(cmd);
1709}
1710
3b0602cd 1711static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1712{
1713 u8 *status = data;
1714
a69e8375 1715 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1716 mgmt_pending_remove(cmd);
1717}
1718
3b0602cd 1719static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1720{
1721 if (cmd->cmd_complete) {
1722 u8 *status = data;
1723
1724 cmd->cmd_complete(cmd, *status);
1725 mgmt_pending_remove(cmd);
1726
1727 return;
1728 }
1729
1730 cmd_status_rsp(cmd, data);
1731}
1732
3b0602cd 1733static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1734{
2a1afb5a
JH		 1735 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1736 cmd->param, cmd->param_len);
f5818c22
JH		 1737}
1738
3b0602cd 1739static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1740{
2a1afb5a
JH		 1741 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1742 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1743}
1744
e6fe7986
JH		 1745static u8 mgmt_bredr_support(struct hci_dev *hdev)
1746{
1747 if (!lmp_bredr_capable(hdev))
1748 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1749 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1750 return MGMT_STATUS_REJECTED;
1751 else
1752 return MGMT_STATUS_SUCCESS;
1753}
1754
1755static u8 mgmt_le_support(struct hci_dev *hdev)
1756{
1757 if (!lmp_le_capable(hdev))
1758 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1759 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1760 return MGMT_STATUS_REJECTED;
1761 else
1762 return MGMT_STATUS_SUCCESS;
1763}
1764
1904a853
MH		 1765static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1766 u16 opcode)
bfaf8c9f 1767{
3b0602cd 1768 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1769 struct mgmt_mode *cp;
970ba524 1770 struct hci_request req;
bfaf8c9f
JH		 1771 bool changed;
1772
1773 BT_DBG("status 0x%02x", status);
1774
1775 hci_dev_lock(hdev);
1776
333ae95d 1777 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1778 if (!cmd)
1779 goto unlock;
1780
1781 if (status) {
1782 u8 mgmt_err = mgmt_status(status);
a69e8375 1783 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1784 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1785 goto remove_cmd;
1786 }
1787
1788 cp = cmd->param;
d4462a07 1789 if (cp->val) {
238be788 1790 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
d4462a07
MH		 1791
1792 if (hdev->discov_timeout > 0) {
1793 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1794 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1795 to);
1796 }
1797 } else {
a69d8927 1798 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
d4462a07 1799 }
bfaf8c9f
JH		 1800
1801 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1802
1803 if (changed)
1804 new_settings(hdev, cmd->sk);
1805
970ba524
MH		 1806 /* When the discoverable mode gets changed, make sure
1807 * that class of device has the limited discoverable
432df05e
JH		 1808 * bit correctly set. Also update page scan based on whitelist
1809 * entries.
970ba524
MH		 1810 */
1811 hci_req_init(&req, hdev);
1d2dc5b7 1812 __hci_update_page_scan(&req);
970ba524
MH		 1813 update_class(&req);
1814 hci_req_run(&req, NULL);
1815
bfaf8c9f
JH		 1816remove_cmd:
1817 mgmt_pending_remove(cmd);
1818
1819unlock:
1820 hci_dev_unlock(hdev);
1821}
1822
bdb6d971 1823static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1824 u16 len)
73f22f62 1825{
650f726d 1826 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1827 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1828 struct hci_request req;
5e5282bb 1829 u16 timeout;
9a43e25f 1830 u8 scan;
73f22f62
JH		 1831 int err;
1832
bdb6d971 1833 BT_DBG("request for %s", hdev->name);
73f22f62 1834
d7a5a11d
MH		 1835 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1836 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1837 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1838 MGMT_STATUS_REJECTED);
33c525c0 1839
310a3d48 1840 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1841 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1842 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1843
1f350c87 1844 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1845
1846 /* Disabling discoverable requires that no timeout is set,
1847 * and enabling limited discoverable requires a timeout.
1848 */
1849 if ((cp->val == 0x00 && timeout > 0) ||
1850 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1851 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1852 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1853
09fd0de5 1854 hci_dev_lock(hdev);
73f22f62 1855
5e5282bb 1856 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1857 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1858 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1859 goto failed;
1860 }
1861
333ae95d
JH		 1862 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1863 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1864 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1865 MGMT_STATUS_BUSY);
73f22f62
JH		 1866 goto failed;
1867 }
1868
d7a5a11d 1869 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1870 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1871 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1872 goto failed;
1873 }
1874
1875 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1876 bool changed = false;
1877
310a3d48
MH		 1878 /* Setting limited discoverable when powered off is
1879 * not a valid operation since it requires a timeout
1880 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1881 */
d7a5a11d 1882 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1883 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1884 changed = true;
1885 }
1886
5e5282bb 1887 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1888 if (err < 0)
1889 goto failed;
1890
1891 if (changed)
1892 err = new_settings(hdev, sk);
1893
5e5282bb
JH		 1894 goto failed;
1895 }
1896
310a3d48
MH		 1897 /* If the current mode is the same, then just update the timeout
1898 * value with the new value. And if only the timeout gets updated,
1899 * then no need for any HCI transactions.
1900 */
d7a5a11d
MH		 1901 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1902 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1903 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1904 cancel_delayed_work(&hdev->discov_off);
1905 hdev->discov_timeout = timeout;
955638ec 1906
36261547
MH		 1907 if (cp->val && hdev->discov_timeout > 0) {
1908 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1909 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1910 to);
955638ec
MH		 1911 }
1912
69ab39ea 1913 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1914 goto failed;
1915 }
1916
2e58ef3e 1917 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1918 if (!cmd) {
1919 err = -ENOMEM;
73f22f62 1920 goto failed;
366a0336 1921 }
73f22f62 1922
310a3d48
MH		 1923 /* Cancel any potential discoverable timeout that might be
1924 * still active and store new timeout value. The arming of
1925 * the timeout happens in the complete handler.
1926 */
1927 cancel_delayed_work(&hdev->discov_off);
1928 hdev->discov_timeout = timeout;
1929
b456f87c
JH		 1930 /* Limited discoverable mode */
1931 if (cp->val == 0x02)
a1536da2 1932 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1933 else
a358dc11 1934 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1935
bfaf8c9f
JH		 1936 hci_req_init(&req, hdev);
1937
9a43e25f
JH		 1938 /* The procedure for LE-only controllers is much simpler - just
1939 * update the advertising data.
1940 */
d7a5a11d 1941 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
9a43e25f
JH		 1942 goto update_ad;
1943
73f22f62
JH		 1944 scan = SCAN_PAGE;
1945
310a3d48
MH		 1946 if (cp->val) {
1947 struct hci_cp_write_current_iac_lap hci_cp;
1948
1949 if (cp->val == 0x02) {
1950 /* Limited discoverable mode */
33337dcb 1951 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1952 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1953 hci_cp.iac_lap[1] = 0x8b;
1954 hci_cp.iac_lap[2] = 0x9e;
1955 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1956 hci_cp.iac_lap[4] = 0x8b;
1957 hci_cp.iac_lap[5] = 0x9e;
1958 } else {
1959 /* General discoverable mode */
310a3d48
MH		 1960 hci_cp.num_iac = 1;
1961 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1962 hci_cp.iac_lap[1] = 0x8b;
1963 hci_cp.iac_lap[2] = 0x9e;
1964 }
1965
1966 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1967 (hci_cp.num_iac * 3) + 1, &hci_cp);
1968
73f22f62 1969 scan |= SCAN_INQUIRY;
310a3d48 1970 } else {
a358dc11 1971 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
310a3d48 1972 }
73f22f62 1973
310a3d48 1974 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1975
9a43e25f
JH		 1976update_ad:
1977 update_adv_data(&req);
1978
bfaf8c9f 1979 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1980 if (err < 0)
a664b5bc 1981 mgmt_pending_remove(cmd);
73f22f62
JH		 1982
1983failed:
09fd0de5 1984 hci_dev_unlock(hdev);
73f22f62
JH		 1985 return err;
1986}
1987
406d7804
JH		 1988static void write_fast_connectable(struct hci_request *req, bool enable)
1989{
bd98b996 1990 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1991 struct hci_cp_write_page_scan_activity acp;
1992 u8 type;
1993
d7a5a11d 1994 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
547003b1
JH		 1995 return;
1996
4c01f8b8
JH		 1997 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1998 return;
1999
406d7804
JH		 2000 if (enable) {
2001 type = PAGE_SCAN_TYPE_INTERLACED;
2002
2003 /* 160 msec page scan interval */
dcf4adbf 2004 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 2005 } else {
2006 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2007
2008 /* default 1.28 sec page scan */
dcf4adbf 2009 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 2010 }
2011
dcf4adbf 2012 acp.window = cpu_to_le16(0x0012);
406d7804 2013
bd98b996
JH		 2014 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
2015 __cpu_to_le16(hdev->page_scan_window) != acp.window)
2016 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2017 sizeof(acp), &acp);
2018
2019 if (hdev->page_scan_type != type)
2020 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 2021}
2022
1904a853
MH		 2023static void set_connectable_complete(struct hci_dev *hdev, u8 status,
2024 u16 opcode)
2b76f453 2025{
3b0602cd 2026 struct mgmt_pending_cmd *cmd;
d7b856f9 2027 struct mgmt_mode *cp;
bc6d2d04 2028 bool conn_changed, discov_changed;
2b76f453
JH		 2029
2030 BT_DBG("status 0x%02x", status);
2031
2032 hci_dev_lock(hdev);
2033
333ae95d 2034 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 2035 if (!cmd)
2036 goto unlock;
2037
37438c1f
JH		 2038 if (status) {
2039 u8 mgmt_err = mgmt_status(status);
a69e8375 2040 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 2041 goto remove_cmd;
2042 }
2043
d7b856f9 2044 cp = cmd->param;
bc6d2d04 2045 if (cp->val) {
238be788
MH		 2046 conn_changed = !hci_dev_test_and_set_flag(hdev,
2047 HCI_CONNECTABLE);
bc6d2d04
JH		 2048 discov_changed = false;
2049 } else {
a69d8927
MH		 2050 conn_changed = hci_dev_test_and_clear_flag(hdev,
2051 HCI_CONNECTABLE);
2052 discov_changed = hci_dev_test_and_clear_flag(hdev,
2053 HCI_DISCOVERABLE);
bc6d2d04 2054 }
d7b856f9 2055
2b76f453
JH		 2056 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
2057
bc6d2d04 2058 if (conn_changed || discov_changed) {
d7b856f9 2059 new_settings(hdev, cmd->sk);
1d2dc5b7 2060 hci_update_page_scan(hdev);
bc6d2d04
JH		 2061 if (discov_changed)
2062 mgmt_update_adv_data(hdev);
2b7be33e
JH		 2063 hci_update_background_scan(hdev);
2064 }
d7b856f9 2065
37438c1f 2066remove_cmd:
2b76f453
JH		 2067 mgmt_pending_remove(cmd);
2068
2069unlock:
2070 hci_dev_unlock(hdev);
2071}
2072
e8ba3a1f
JH		 2073static int set_connectable_update_settings(struct hci_dev *hdev,
2074 struct sock *sk, u8 val)
2075{
2076 bool changed = false;
2077 int err;
2078
d7a5a11d 2079 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 2080 changed = true;
2081
2082 if (val) {
a1536da2 2083 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 2084 } else {
a358dc11
MH		 2085 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
2086 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 2087 }
2088
2089 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
2090 if (err < 0)
2091 return err;
2092
562064e6 2093 if (changed) {
1d2dc5b7 2094 hci_update_page_scan(hdev);
562064e6 2095 hci_update_background_scan(hdev);
e8ba3a1f 2096 return new_settings(hdev, sk);
562064e6 2097 }
e8ba3a1f
JH		 2098
2099 return 0;
2100}
2101
bdb6d971 2102static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2103 u16 len)
9fbcbb45 2104{
650f726d 2105 struct mgmt_mode *cp = data;
3b0602cd 2106 struct mgmt_pending_cmd *cmd;
2b76f453 2107 struct hci_request req;
1987fdc7 2108 u8 scan;
9fbcbb45
JH		 2109 int err;
2110
bdb6d971 2111 BT_DBG("request for %s", hdev->name);
9fbcbb45 2112
d7a5a11d
MH		 2113 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2114 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 2115 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2116 MGMT_STATUS_REJECTED);
33c525c0 2117
a7e80f25 2118 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2119 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2120 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2121
09fd0de5 2122 hci_dev_lock(hdev);
9fbcbb45 2123
4b34ee78 2124 if (!hdev_is_powered(hdev)) {
e8ba3a1f 2125 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 2126 goto failed;
2127 }
2128
333ae95d
JH		 2129 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
2130 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 2131 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2132 MGMT_STATUS_BUSY);
9fbcbb45
JH		 2133 goto failed;
2134 }
2135
2e58ef3e 2136 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 2137 if (!cmd) {
2138 err = -ENOMEM;
9fbcbb45 2139 goto failed;
366a0336 2140 }
9fbcbb45 2141
9b74246f 2142 hci_req_init(&req, hdev);
9fbcbb45 2143
9a43e25f
JH		 2144 /* If BR/EDR is not enabled and we disable advertising as a
2145 * by-product of disabling connectable, we need to update the
2146 * advertising flags.
2147 */
d7a5a11d 2148 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
9a43e25f 2149 if (!cp->val) {
a358dc11
MH		 2150 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2151 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
9a43e25f
JH		 2152 }
2153 update_adv_data(&req);
2154 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 2155 if (cp->val) {
2156 scan = SCAN_PAGE;
2157 } else {
3bd27240
JH		 2158 /* If we don't have any whitelist entries just
2159 * disable all scanning. If there are entries
2160 * and we had both page and inquiry scanning
2161 * enabled then fall back to only page scanning.
2162 * Otherwise no changes are needed.
2163 */
2164 if (list_empty(&hdev->whitelist))
2165 scan = SCAN_DISABLED;
2166 else if (test_bit(HCI_ISCAN, &hdev->flags))
2167 scan = SCAN_PAGE;
2168 else
2169 goto no_scan_update;
9b74246f
JH		 2170
2171 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 2172 hdev->discov_timeout > 0)
9b74246f
JH		 2173 cancel_delayed_work(&hdev->discov_off);
2174 }
2b76f453 2175
9b74246f
JH		 2176 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2177 }
2b76f453 2178
3bd27240 2179no_scan_update:
e8b1202c 2180 /* Update the advertising parameters if necessary */
880897d4
AU		 2181 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2182 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
1987fdc7 2183 enable_advertising(&req);
1987fdc7 2184
2b76f453 2185 err = hci_req_run(&req, set_connectable_complete);
9b74246f 2186 if (err < 0) {
a664b5bc 2187 mgmt_pending_remove(cmd);
9b74246f 2188 if (err == -ENODATA)
a81070ba
JH		 2189 err = set_connectable_update_settings(hdev, sk,
2190 cp->val);
9b74246f
JH		 2191 goto failed;
2192 }
9fbcbb45
JH		 2193
2194failed:
09fd0de5 2195 hci_dev_unlock(hdev);
9fbcbb45
JH		 2196 return err;
2197}
2198
b2939475 2199static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2200 u16 len)
c542a06c 2201{
650f726d 2202 struct mgmt_mode *cp = data;
55594356 2203 bool changed;
c542a06c
JH		 2204 int err;
2205
bdb6d971 2206 BT_DBG("request for %s", hdev->name);
c542a06c 2207
a7e80f25 2208 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2209 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2210 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2211
09fd0de5 2212 hci_dev_lock(hdev);
c542a06c
JH		 2213
2214 if (cp->val)
238be788 2215 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 2216 else
a69d8927 2217 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 2218
b2939475 2219 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 2220 if (err < 0)
55594356 2221 goto unlock;
c542a06c 2222
55594356
MH		 2223 if (changed)
2224 err = new_settings(hdev, sk);
c542a06c 2225
55594356 2226unlock:
09fd0de5 2227 hci_dev_unlock(hdev);
c542a06c
JH		 2228 return err;
2229}
2230
04124681
GP		 2231static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2232 u16 len)
33ef95ed
JH		 2233{
2234 struct mgmt_mode *cp = data;
3b0602cd 2235 struct mgmt_pending_cmd *cmd;
e6fe7986 2236 u8 val, status;
33ef95ed
JH		 2237 int err;
2238
bdb6d971 2239 BT_DBG("request for %s", hdev->name);
33ef95ed 2240
e6fe7986
JH		 2241 status = mgmt_bredr_support(hdev);
2242 if (status)
a69e8375
JH		 2243 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2244 status);
33c525c0 2245
a7e80f25 2246 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2247 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2248 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2249
33ef95ed
JH		 2250 hci_dev_lock(hdev);
2251
4b34ee78 2252 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2253 bool changed = false;
2254
d7a5a11d 2255 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 2256 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 2257 changed = true;
2258 }
2259
2260 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2261 if (err < 0)
2262 goto failed;
2263
2264 if (changed)
2265 err = new_settings(hdev, sk);
2266
33ef95ed
JH		 2267 goto failed;
2268 }
2269
333ae95d 2270 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 2271 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2272 MGMT_STATUS_BUSY);
33ef95ed
JH		 2273 goto failed;
2274 }
2275
2276 val = !!cp->val;
2277
2278 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2279 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2280 goto failed;
2281 }
2282
2283 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2284 if (!cmd) {
2285 err = -ENOMEM;
2286 goto failed;
2287 }
2288
2289 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2290 if (err < 0) {
2291 mgmt_pending_remove(cmd);
2292 goto failed;
2293 }
2294
2295failed:
2296 hci_dev_unlock(hdev);
33ef95ed
JH		 2297 return err;
2298}
2299
bdb6d971 2300static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2301{
2302 struct mgmt_mode *cp = data;
3b0602cd 2303 struct mgmt_pending_cmd *cmd;
72ef0c1a 2304 u8 status;
ed2c4ee3
JH		 2305 int err;
2306
bdb6d971 2307 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2308
cdba5281
MH		 2309 status = mgmt_bredr_support(hdev);
2310 if (status)
a69e8375 2311 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 2312
13ecd8b6 2313 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2314 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2315 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2316
a7e80f25 2317 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2318 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2319 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2320
13ecd8b6 2321 hci_dev_lock(hdev);
6c8f12c1 2322
4b34ee78 2323 if (!hdev_is_powered(hdev)) {
9ecb3e24 2324 bool changed;
c0ecddc2 2325
9ecb3e24 2326 if (cp->val) {
238be788
MH		 2327 changed = !hci_dev_test_and_set_flag(hdev,
2328 HCI_SSP_ENABLED);
9ecb3e24 2329 } else {
a69d8927
MH		 2330 changed = hci_dev_test_and_clear_flag(hdev,
2331 HCI_SSP_ENABLED);
9ecb3e24 2332 if (!changed)
a69d8927
MH		 2333 changed = hci_dev_test_and_clear_flag(hdev,
2334 HCI_HS_ENABLED);
9ecb3e24 2335 else
a358dc11 2336 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 2337 }
2338
2339 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2340 if (err < 0)
2341 goto failed;
2342
2343 if (changed)
2344 err = new_settings(hdev, sk);
2345
ed2c4ee3
JH		 2346 goto failed;
2347 }
2348
333ae95d 2349 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2350 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2351 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2352 goto failed;
2353 }
2354
d7a5a11d 2355 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 2356 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2357 goto failed;
2358 }
2359
2360 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2361 if (!cmd) {
2362 err = -ENOMEM;
2363 goto failed;
2364 }
2365
d7a5a11d 2366 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 2367 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2368 sizeof(cp->val), &cp->val);
2369
72ef0c1a 2370 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2371 if (err < 0) {
2372 mgmt_pending_remove(cmd);
2373 goto failed;
2374 }
2375
2376failed:
2377 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2378 return err;
2379}
2380
bdb6d971 2381static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2382{
2383 struct mgmt_mode *cp = data;
ee392693 2384 bool changed;
e6fe7986 2385 u8 status;
ee392693 2386 int err;
6d80dfd0 2387
bdb6d971 2388 BT_DBG("request for %s", hdev->name);
6d80dfd0 2389
e6fe7986
JH		 2390 status = mgmt_bredr_support(hdev);
2391 if (status)
a69e8375 2392 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2393
9ecb3e24 2394 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2395 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2396 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 2397
d7a5a11d 2398 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 2399 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2400 MGMT_STATUS_REJECTED);
9ecb3e24 2401
a7e80f25 2402 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2403 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2404 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2405
ee392693
MH		 2406 hci_dev_lock(hdev);
2407
333ae95d 2408 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2409 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2410 MGMT_STATUS_BUSY);
a2cb01de
JH		 2411 goto unlock;
2412 }
2413
a0cdf960 2414 if (cp->val) {
238be788 2415 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 2416 } else {
2417 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2418 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2419 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2420 goto unlock;
2421 }
2422
a69d8927 2423 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 2424 }
ee392693
MH		 2425
2426 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2427 if (err < 0)
2428 goto unlock;
2429
2430 if (changed)
2431 err = new_settings(hdev, sk);
6d80dfd0 2432
ee392693
MH		 2433unlock:
2434 hci_dev_unlock(hdev);
2435 return err;
6d80dfd0
JH		 2436}
2437
1904a853 2438static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2439{
2440 struct cmd_lookup match = { NULL, hdev };
2441
3ad67582
JK		 2442 hci_dev_lock(hdev);
2443
416a4ae5
JH		 2444 if (status) {
2445 u8 mgmt_err = mgmt_status(status);
2446
2447 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2448 &mgmt_err);
3ad67582 2449 goto unlock;
416a4ae5
JH		 2450 }
2451
2452 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2453
2454 new_settings(hdev, match.sk);
2455
2456 if (match.sk)
2457 sock_put(match.sk);
441ad2d0
MH		 2458
2459 /* Make sure the controller has a good default for
2460 * advertising data. Restrict the update to when LE
2461 * has actually been enabled. During power on, the
2462 * update in powered_update_hci will take care of it.
2463 */
d7a5a11d 2464 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 2465 struct hci_request req;
2466
441ad2d0 2467 hci_req_init(&req, hdev);
5947f4bc 2468 update_adv_data(&req);
f14d8f64 2469 update_scan_rsp_data(&req);
441ad2d0 2470 hci_req_run(&req, NULL);
2e93e53b 2471 hci_update_background_scan(hdev);
441ad2d0 2472 }
3ad67582
JK		 2473
2474unlock:
2475 hci_dev_unlock(hdev);
416a4ae5
JH		 2476}
2477
bdb6d971 2478static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2479{
2480 struct mgmt_mode *cp = data;
2481 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 2482 struct mgmt_pending_cmd *cmd;
416a4ae5 2483 struct hci_request req;
06199cf8 2484 int err;
0b60eba1 2485 u8 val, enabled;
06199cf8 2486
bdb6d971 2487 BT_DBG("request for %s", hdev->name);
06199cf8 2488
13ecd8b6 2489 if (!lmp_le_capable(hdev))
a69e8375
JH		 2490 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2491 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2492
a7e80f25 2493 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2494 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2495 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2496
e7844ee5
MH		 2497 /* Bluetooth single mode LE only controllers or dual-mode
2498 * controllers configured as LE only devices, do not allow
2499 * switching LE off. These have either LE enabled explicitly
2500 * or BR/EDR has been previously switched off.
2501 *
2502 * When trying to enable an already enabled LE, then gracefully
2503 * send a positive response. Trying to disable it however will
2504 * result into rejection.
2505 */
2506 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2507 if (cp->val == 0x01)
2508 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2509
a69e8375
JH		 2510 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2511 MGMT_STATUS_REJECTED);
e7844ee5 2512 }
c73eee91 2513
13ecd8b6 2514 hci_dev_lock(hdev);
06199cf8
JH		 2515
2516 val = !!cp->val;
ffa88e02 2517 enabled = lmp_host_le_capable(hdev);
06199cf8 2518
847818d9
FG		 2519 if (!val)
2520 clear_adv_instance(hdev, NULL, 0x00, true);
2521
0b60eba1 2522 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2523 bool changed = false;
2524
d7a5a11d 2525 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 2526 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 2527 changed = true;
2528 }
2529
d7a5a11d 2530 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 2531 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 2532 changed = true;
2533 }
2534
06199cf8
JH		 2535 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2536 if (err < 0)
1de028ce 2537 goto unlock;
06199cf8
JH		 2538
2539 if (changed)
2540 err = new_settings(hdev, sk);
2541
1de028ce 2542 goto unlock;
06199cf8
JH		 2543 }
2544
333ae95d
JH		 2545 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2546 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2547 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2548 MGMT_STATUS_BUSY);
1de028ce 2549 goto unlock;
06199cf8
JH		 2550 }
2551
2552 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2553 if (!cmd) {
2554 err = -ENOMEM;
1de028ce 2555 goto unlock;
06199cf8
JH		 2556 }
2557
441ad2d0
MH		 2558 hci_req_init(&req, hdev);
2559
06199cf8
JH		 2560 memset(&hci_cp, 0, sizeof(hci_cp));
2561
2562 if (val) {
2563 hci_cp.le = val;
32226e4f 2564 hci_cp.simul = 0x00;
441ad2d0 2565 } else {
d7a5a11d 2566 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
441ad2d0 2567 disable_advertising(&req);
06199cf8
JH		 2568 }
2569
416a4ae5
JH		 2570 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2571 &hci_cp);
2572
2573 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2574 if (err < 0)
06199cf8 2575 mgmt_pending_remove(cmd);
06199cf8 2576
1de028ce
JH		 2577unlock:
2578 hci_dev_unlock(hdev);
06199cf8
JH		 2579 return err;
2580}
2581
0cab9c80
JH		 2582/* This is a helper function to test for pending mgmt commands that can
2583 * cause CoD or EIR HCI commands. We can only allow one such pending
2584 * mgmt command at a time since otherwise we cannot easily track what
2585 * the current values are, will be, and based on that calculate if a new
2586 * HCI command needs to be sent and if yes with what value.
2587 */
2588static bool pending_eir_or_class(struct hci_dev *hdev)
2589{
3b0602cd 2590 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2591
2592 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2593 switch (cmd->opcode) {
2594 case MGMT_OP_ADD_UUID:
2595 case MGMT_OP_REMOVE_UUID:
2596 case MGMT_OP_SET_DEV_CLASS:
2597 case MGMT_OP_SET_POWERED:
2598 return true;
2599 }
2600 }
2601
2602 return false;
2603}
2604
83be8eca
JH		 2605static const u8 bluetooth_base_uuid[] = {
2606 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2607 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2608};
2609
2610static u8 get_uuid_size(const u8 *uuid)
2611{
2612 u32 val;
2613
2614 if (memcmp(uuid, bluetooth_base_uuid, 12))
2615 return 128;
2616
2617 val = get_unaligned_le32(&uuid[12]);
2618 if (val > 0xffff)
2619 return 32;
2620
2621 return 16;
2622}
2623
92da6097
JH		 2624static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2625{
3b0602cd 2626 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2627
2628 hci_dev_lock(hdev);
2629
333ae95d 2630 cmd = pending_find(mgmt_op, hdev);
92da6097
JH		 2631 if (!cmd)
2632 goto unlock;
2633
2a1afb5a
JH		 2634 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2635 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2636
2637 mgmt_pending_remove(cmd);
2638
2639unlock:
2640 hci_dev_unlock(hdev);
2641}
2642
1904a853 2643static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2644{
2645 BT_DBG("status 0x%02x", status);
2646
2647 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2648}
2649
bdb6d971 2650static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2651{
650f726d 2652 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2653 struct mgmt_pending_cmd *cmd;
890ea898 2654 struct hci_request req;
2aeb9a1a 2655 struct bt_uuid *uuid;
2aeb9a1a
JH		 2656 int err;
2657
bdb6d971 2658 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2659
09fd0de5 2660 hci_dev_lock(hdev);
2aeb9a1a 2661
0cab9c80 2662 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2663 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2664 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2665 goto failed;
2666 }
2667
92c4c204 2668 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2669 if (!uuid) {
2670 err = -ENOMEM;
2671 goto failed;
2672 }
2673
2674 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2675 uuid->svc_hint = cp->svc_hint;
83be8eca 2676 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2677
de66aa63 2678 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2679
890ea898 2680 hci_req_init(&req, hdev);
1aff6f09 2681
890ea898
JH		 2682 update_class(&req);
2683 update_eir(&req);
2684
92da6097
JH		 2685 err = hci_req_run(&req, add_uuid_complete);
2686 if (err < 0) {
2687 if (err != -ENODATA)
2688 goto failed;
80a1e1db 2689
2a1afb5a
JH		 2690 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2691 hdev->dev_class, 3);
90e70454
JH		 2692 goto failed;
2693 }
2694
2695 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2696 if (!cmd) {
90e70454 2697 err = -ENOMEM;
890ea898
JH		 2698 goto failed;
2699 }
2700
2701 err = 0;
2aeb9a1a
JH		 2702
2703failed:
09fd0de5 2704 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2705 return err;
2706}
2707
24b78d0f
JH		 2708static bool enable_service_cache(struct hci_dev *hdev)
2709{
2710 if (!hdev_is_powered(hdev))
2711 return false;
2712
238be788 2713 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2714 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2715 CACHE_TIMEOUT);
24b78d0f
JH		 2716 return true;
2717 }
2718
2719 return false;
2720}
2721
1904a853 2722static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2723{
2724 BT_DBG("status 0x%02x", status);
2725
2726 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2727}
2728
bdb6d971 2729static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2730 u16 len)
2aeb9a1a 2731{
650f726d 2732 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2733 struct mgmt_pending_cmd *cmd;
056341c8 2734 struct bt_uuid *match, *tmp;
2aeb9a1a 2735 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2736 struct hci_request req;
2aeb9a1a
JH		 2737 int err, found;
2738
bdb6d971 2739 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2740
09fd0de5 2741 hci_dev_lock(hdev);
2aeb9a1a 2742
0cab9c80 2743 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2744 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2745 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2746 goto unlock;
2747 }
2748
2aeb9a1a 2749 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2750 hci_uuids_clear(hdev);
4004b6d9 2751
24b78d0f 2752 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2753 err = mgmt_cmd_complete(sk, hdev->id,
2754 MGMT_OP_REMOVE_UUID,
2755 0, hdev->dev_class, 3);
24b78d0f
JH		 2756 goto unlock;
2757 }
4004b6d9 2758
9246a869 2759 goto update_class;
2aeb9a1a
JH		 2760 }
2761
2762 found = 0;
2763
056341c8 2764 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2765 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2766 continue;
2767
2768 list_del(&match->list);
482049f7 2769 kfree(match);
2aeb9a1a
JH		 2770 found++;
2771 }
2772
2773 if (found == 0) {
a69e8375
JH		 2774 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2775 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2776 goto unlock;
2777 }
2778
9246a869 2779update_class:
890ea898 2780 hci_req_init(&req, hdev);
1aff6f09 2781
890ea898
JH		 2782 update_class(&req);
2783 update_eir(&req);
2784
92da6097
JH		 2785 err = hci_req_run(&req, remove_uuid_complete);
2786 if (err < 0) {
2787 if (err != -ENODATA)
2788 goto unlock;
80a1e1db 2789
2a1afb5a
JH		 2790 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2791 hdev->dev_class, 3);
90e70454
JH		 2792 goto unlock;
2793 }
2794
2795 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2796 if (!cmd) {
90e70454 2797 err = -ENOMEM;
890ea898
JH		 2798 goto unlock;
2799 }
2800
2801 err = 0;
2aeb9a1a
JH		 2802
2803unlock:
09fd0de5 2804 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2805 return err;
2806}
2807
1904a853 2808static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2809{
2810 BT_DBG("status 0x%02x", status);
2811
2812 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2813}
2814
bdb6d971 2815static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2816 u16 len)
1aff6f09 2817{
650f726d 2818 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2819 struct mgmt_pending_cmd *cmd;
890ea898 2820 struct hci_request req;
1aff6f09
JH		 2821 int err;
2822
bdb6d971 2823 BT_DBG("request for %s", hdev->name);
1aff6f09 2824
6203fc98 2825 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2826 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2827 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2828
0cab9c80 2829 hci_dev_lock(hdev);
ee98f473 2830
0cab9c80 2831 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2832 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2833 MGMT_STATUS_BUSY);
0cab9c80
JH		 2834 goto unlock;
2835 }
c95f0ba7 2836
0cab9c80 2837 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2838 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2839 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2840 goto unlock;
2841 }
575b3a02 2842
932f5ff5
JH		 2843 hdev->major_class = cp->major;
2844 hdev->minor_class = cp->minor;
2845
b5235a65 2846 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2847 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2848 hdev->dev_class, 3);
b5235a65
JH		 2849 goto unlock;
2850 }
2851
890ea898
JH		 2852 hci_req_init(&req, hdev);
2853
a69d8927 2854 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2855 hci_dev_unlock(hdev);
2856 cancel_delayed_work_sync(&hdev->service_cache);
2857 hci_dev_lock(hdev);
890ea898 2858 update_eir(&req);
7d78525d 2859 }
14c0b608 2860
890ea898
JH		 2861 update_class(&req);
2862
92da6097
JH		 2863 err = hci_req_run(&req, set_class_complete);
2864 if (err < 0) {
2865 if (err != -ENODATA)
2866 goto unlock;
1aff6f09 2867
2a1afb5a
JH		 2868 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2869 hdev->dev_class, 3);
90e70454
JH		 2870 goto unlock;
2871 }
2872
2873 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2874 if (!cmd) {
90e70454 2875 err = -ENOMEM;
890ea898
JH		 2876 goto unlock;
2877 }
2878
2879 err = 0;
1aff6f09 2880
b5235a65 2881unlock:
09fd0de5 2882 hci_dev_unlock(hdev);
1aff6f09
JH		 2883 return err;
2884}
2885
bdb6d971 2886static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2887 u16 len)
55ed8ca1 2888{
650f726d 2889 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2890 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2891 sizeof(struct mgmt_link_key_info));
4e51eae9 2892 u16 key_count, expected_len;
b1de97d8 2893 bool changed;
a492cd52 2894 int i;
55ed8ca1 2895
9060d5cf
MH		 2896 BT_DBG("request for %s", hdev->name);
2897
2898 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2899 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2900 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2901
1f350c87 2902 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2903 if (key_count > max_key_count) {
2904 BT_ERR("load_link_keys: too big key_count value %u",
2905 key_count);
a69e8375
JH		 2906 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2907 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2908 }
55ed8ca1 2909
86742e1e
JH		 2910 expected_len = sizeof(*cp) + key_count *
2911 sizeof(struct mgmt_link_key_info);
a492cd52 2912 if (expected_len != len) {
86742e1e 2913 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2914 expected_len, len);
a69e8375
JH		 2915 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2916 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2917 }
2918
4ae14301 2919 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2920 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2921 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2922
bdb6d971 2923 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2924 key_count);
55ed8ca1 2925
4ee71b20
JH		 2926 for (i = 0; i < key_count; i++) {
2927 struct mgmt_link_key_info *key = &cp->keys[i];
2928
8e991132 2929 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2930 return mgmt_cmd_status(sk, hdev->id,
2931 MGMT_OP_LOAD_LINK_KEYS,
2932 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2933 }
2934
09fd0de5 2935 hci_dev_lock(hdev);
55ed8ca1
JH		 2936
2937 hci_link_keys_clear(hdev);
2938
55ed8ca1 2939 if (cp->debug_keys)
238be788 2940 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2941 else
a69d8927
MH		 2942 changed = hci_dev_test_and_clear_flag(hdev,
2943 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2944
2945 if (changed)
2946 new_settings(hdev, NULL);
55ed8ca1 2947
a492cd52 2948 for (i = 0; i < key_count; i++) {
86742e1e 2949 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2950
58e9293c
JH		 2951 /* Always ignore debug keys and require a new pairing if
2952 * the user wants to use them.
2953 */
2954 if (key->type == HCI_LK_DEBUG_COMBINATION)
2955 continue;
2956
7652ff6a
JH		 2957 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2958 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2959 }
2960
2a1afb5a 2961 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2962
09fd0de5 2963 hci_dev_unlock(hdev);
55ed8ca1 2964
a492cd52 2965 return 0;
55ed8ca1
JH		 2966}
2967
b1078ad0 2968static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2969 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2970{
2971 struct mgmt_ev_device_unpaired ev;
2972
2973 bacpy(&ev.addr.bdaddr, bdaddr);
2974 ev.addr.type = addr_type;
2975
2976 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2977 skip_sk);
b1078ad0
JH		 2978}
2979
bdb6d971 2980static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2981 u16 len)
55ed8ca1 2982{
124f6e35
JH		 2983 struct mgmt_cp_unpair_device *cp = data;
2984 struct mgmt_rp_unpair_device rp;
fc64361a 2985 struct hci_conn_params *params;
3b0602cd 2986 struct mgmt_pending_cmd *cmd;
55ed8ca1 2987 struct hci_conn *conn;
ec182f03 2988 u8 addr_type;
55ed8ca1
JH		 2989 int err;
2990
a8a1d19e 2991 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2992 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2993 rp.addr.type = cp->addr.type;
a8a1d19e 2994
4ee71b20 2995 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2996 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2997 MGMT_STATUS_INVALID_PARAMS,
2998 &rp, sizeof(rp));
4ee71b20 2999
118da70b 3000 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 3001 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3002 MGMT_STATUS_INVALID_PARAMS,
3003 &rp, sizeof(rp));
118da70b 3004
4ee71b20
JH		 3005 hci_dev_lock(hdev);
3006
86a8cfc6 3007 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3008 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3009 MGMT_STATUS_NOT_POWERED, &rp,
3010 sizeof(rp));
86a8cfc6
JH		 3011 goto unlock;
3012 }
3013
e0b2b27e 3014 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 3015 /* If disconnection is requested, then look up the
3016 * connection. If the remote device is connected, it
3017 * will be later used to terminate the link.
3018 *
3019 * Setting it to NULL explicitly will cause no
3020 * termination of the link.
3021 */
3022 if (cp->disconnect)
3023 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3024 &cp->addr.bdaddr);
3025 else
3026 conn = NULL;
3027
124f6e35 3028 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
ec182f03
JH		 3029 if (err < 0) {
3030 err = mgmt_cmd_complete(sk, hdev->id,
3031 MGMT_OP_UNPAIR_DEVICE,
3032 MGMT_STATUS_NOT_PAIRED, &rp,
3033 sizeof(rp));
3034 goto unlock;
89cbb063
AA		 3035 }
3036
ec182f03 3037 goto done;
e0b2b27e 3038 }
b0dbfb46 3039
ec182f03
JH		 3040 /* LE address type */
3041 addr_type = le_addr_type(cp->addr.type);
3042
3043 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
3044
3045 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
55ed8ca1 3046 if (err < 0) {
2a1afb5a
JH		 3047 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3048 MGMT_STATUS_NOT_PAIRED, &rp,
3049 sizeof(rp));
55ed8ca1
JH		 3050 goto unlock;
3051 }
3052
ec182f03
JH		 3053 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
3054 if (!conn) {
3055 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
3056 goto done;
3057 }
3058
c81d555a
JH		 3059 /* Abort any ongoing SMP pairing */
3060 smp_cancel_pairing(conn);
3061
ec182f03
JH		 3062 /* Defer clearing up the connection parameters until closing to
3063 * give a chance of keeping them if a repairing happens.
3064 */
3065 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3066
fc64361a
JH		 3067 /* Disable auto-connection parameters if present */
3068 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
3069 if (params) {
3070 if (params->explicit_connect)
3071 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
3072 else
3073 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3074 }
3075
ec182f03
JH		 3076 /* If disconnection is not requested, then clear the connection
3077 * variable so that the link is not terminated.
3078 */
3079 if (!cp->disconnect)
3080 conn = NULL;
3081
3082done:
89cbb063
AA		 3083 /* If the connection variable is set, then termination of the
3084 * link is requested.
3085 */
a8a1d19e 3086 if (!conn) {
2a1afb5a
JH		 3087 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
3088 &rp, sizeof(rp));
b1078ad0 3089 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 3090 goto unlock;
3091 }
55ed8ca1 3092
124f6e35 3093 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 3094 sizeof(*cp));
a8a1d19e
JH		 3095 if (!cmd) {
3096 err = -ENOMEM;
3097 goto unlock;
55ed8ca1
JH		 3098 }
3099
d8b7b1e4
JH		 3100 cmd->cmd_complete = addr_cmd_complete;
3101
89e0ccc8 3102 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
a8a1d19e
JH		 3103 if (err < 0)
3104 mgmt_pending_remove(cmd);
3105
55ed8ca1 3106unlock:
09fd0de5 3107 hci_dev_unlock(hdev);
55ed8ca1
JH		 3108 return err;
3109}
3110
bdb6d971 3111static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3112 u16 len)
8962ee74 3113{
650f726d 3114 struct mgmt_cp_disconnect *cp = data;
06a63b19 3115 struct mgmt_rp_disconnect rp;
3b0602cd 3116 struct mgmt_pending_cmd *cmd;
8962ee74 3117 struct hci_conn *conn;
8962ee74
JH		 3118 int err;
3119
3120 BT_DBG("");
3121
06a63b19
JH		 3122 memset(&rp, 0, sizeof(rp));
3123 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3124 rp.addr.type = cp->addr.type;
3125
4ee71b20 3126 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3127 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3128 MGMT_STATUS_INVALID_PARAMS,
3129 &rp, sizeof(rp));
4ee71b20 3130
09fd0de5 3131 hci_dev_lock(hdev);
8962ee74
JH		 3132
3133 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 3134 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3135 MGMT_STATUS_NOT_POWERED, &rp,
3136 sizeof(rp));
8962ee74
JH		 3137 goto failed;
3138 }
3139
333ae95d 3140 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 3141 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3142 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 3143 goto failed;
3144 }
3145
591f47f3 3146 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 3147 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3148 &cp->addr.bdaddr);
88c3df13 3149 else
9d4c1cc1
JH		 3150 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
3151 le_addr_type(cp->addr.type));
365227e5 3152
f960727e 3153 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 3154 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3155 MGMT_STATUS_NOT_CONNECTED, &rp,
3156 sizeof(rp));
8962ee74
JH		 3157 goto failed;
3158 }
3159
2e58ef3e 3160 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 3161 if (!cmd) {
3162 err = -ENOMEM;
8962ee74 3163 goto failed;
366a0336 3164 }
8962ee74 3165
f5818c22
JH		 3166 cmd->cmd_complete = generic_cmd_complete;
3167
e3f2f92a 3168 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 3169 if (err < 0)
a664b5bc 3170 mgmt_pending_remove(cmd);
8962ee74
JH		 3171
3172failed:
09fd0de5 3173 hci_dev_unlock(hdev);
8962ee74
JH		 3174 return err;
3175}
3176
57c1477c 3177static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 3178{
3179 switch (link_type) {
3180 case LE_LINK:
48264f06
JH		 3181 switch (addr_type) {
3182 case ADDR_LE_DEV_PUBLIC:
591f47f3 3183 return BDADDR_LE_PUBLIC;
0ed09148 3184
48264f06 3185 default:
0ed09148 3186 /* Fallback to LE Random address type */
591f47f3 3187 return BDADDR_LE_RANDOM;
48264f06 3188 }
0ed09148 3189
4c659c39 3190 default:
0ed09148 3191 /* Fallback to BR/EDR type */
591f47f3 3192 return BDADDR_BREDR;
4c659c39
JH		 3193 }
3194}
3195
04124681
GP		 3196static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3197 u16 data_len)
2784eb41 3198{
2784eb41 3199 struct mgmt_rp_get_connections *rp;
8035ded4 3200 struct hci_conn *c;
a38528f1 3201 size_t rp_len;
60fc5fb6
JH		 3202 int err;
3203 u16 i;
2784eb41
JH		 3204
3205 BT_DBG("");
3206
09fd0de5 3207 hci_dev_lock(hdev);
2784eb41 3208
5f97c1df 3209 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3210 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3211 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3212 goto unlock;
3213 }
3214
60fc5fb6 3215 i = 0;
b644ba33
JH		 3216 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3217 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 3218 i++;
2784eb41
JH		 3219 }
3220
60fc5fb6 3221 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 3222 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 3223 if (!rp) {
2784eb41
JH		 3224 err = -ENOMEM;
3225 goto unlock;
3226 }
3227
2784eb41 3228 i = 0;
4c659c39 3229 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 3230 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3231 continue;
4c659c39 3232 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 3233 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 3234 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 3235 continue;
3236 i++;
3237 }
3238
eb55ef07 3239 rp->conn_count = cpu_to_le16(i);
60fc5fb6 3240
4c659c39
JH		 3241 /* Recalculate length in case of filtered SCO connections, etc */
3242 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 3243
2a1afb5a
JH		 3244 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3245 rp_len);
2784eb41 3246
a38528f1 3247 kfree(rp);
5f97c1df
JH		 3248
3249unlock:
09fd0de5 3250 hci_dev_unlock(hdev);
2784eb41
JH		 3251 return err;
3252}
3253
bdb6d971 3254static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3255 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 3256{
3b0602cd 3257 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 3258 int err;
3259
2e58ef3e 3260 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 3261 sizeof(*cp));
96d97a67
WR		 3262 if (!cmd)
3263 return -ENOMEM;
3264
d8457698 3265 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 3266 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 3267 if (err < 0)
3268 mgmt_pending_remove(cmd);
3269
3270 return err;
3271}
3272
bdb6d971 3273static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3274 u16 len)
980e1a53 3275{
96d97a67 3276 struct hci_conn *conn;
650f726d 3277 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3278 struct hci_cp_pin_code_reply reply;
3b0602cd 3279 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3280 int err;
3281
3282 BT_DBG("");
3283
09fd0de5 3284 hci_dev_lock(hdev);
980e1a53 3285
4b34ee78 3286 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3287 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3288 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3289 goto failed;
3290 }
3291
d8457698 3292 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3293 if (!conn) {
a69e8375
JH		 3294 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3295 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3296 goto failed;
3297 }
3298
3299 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3300 struct mgmt_cp_pin_code_neg_reply ncp;
3301
3302 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3303
3304 BT_ERR("PIN code is not 16 bytes long");
3305
bdb6d971 3306 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3307 if (err >= 0)
a69e8375
JH		 3308 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3309 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3310
3311 goto failed;
3312 }
3313
00abfe44 3314 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3315 if (!cmd) {
3316 err = -ENOMEM;
980e1a53 3317 goto failed;
366a0336 3318 }
980e1a53 3319
7776d1d8
JH		 3320 cmd->cmd_complete = addr_cmd_complete;
3321
d8457698 3322 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3323 reply.pin_len = cp->pin_len;
24718ca5 3324 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3325
3326 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3327 if (err < 0)
a664b5bc 3328 mgmt_pending_remove(cmd);
980e1a53
JH		 3329
3330failed:
09fd0de5 3331 hci_dev_unlock(hdev);
980e1a53
JH		 3332 return err;
3333}
3334
04124681
GP		 3335static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3336 u16 len)
17fa4b9d 3337{
650f726d 3338 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3339
3340 BT_DBG("");
3341
4ec86d4c 3342 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3343 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3344 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 3345
09fd0de5 3346 hci_dev_lock(hdev);
17fa4b9d
JH		 3347
3348 hdev->io_capability = cp->io_capability;
3349
3350 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3351 hdev->io_capability);
17fa4b9d 3352
09fd0de5 3353 hci_dev_unlock(hdev);
17fa4b9d 3354
2a1afb5a
JH		 3355 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3356 NULL, 0);
17fa4b9d
JH		 3357}
3358
3b0602cd 3359static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3360{
3361 struct hci_dev *hdev = conn->hdev;
3b0602cd 3362 struct mgmt_pending_cmd *cmd;
e9a416b5 3363
2e58ef3e 3364 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3365 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3366 continue;
3367
e9a416b5
JH		 3368 if (cmd->user_data != conn)
3369 continue;
3370
3371 return cmd;
3372 }
3373
3374 return NULL;
3375}
3376
3b0602cd 3377static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3378{
3379 struct mgmt_rp_pair_device rp;
3380 struct hci_conn *conn = cmd->user_data;
9df74653 3381 int err;
e9a416b5 3382
61b1a7fb
JH		 3383 bacpy(&rp.addr.bdaddr, &conn->dst);
3384 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3385
2a1afb5a
JH		 3386 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3387 status, &rp, sizeof(rp));
e9a416b5
JH		 3388
3389 /* So we don't get further callbacks for this connection */
3390 conn->connect_cfm_cb = NULL;
3391 conn->security_cfm_cb = NULL;
3392 conn->disconn_cfm_cb = NULL;
3393
76a68ba0 3394 hci_conn_drop(conn);
89cbb063
AA		 3395
3396 /* The device is paired so there is no need to remove
3397 * its connection parameters anymore.
3398 */
3399 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3400
3401 hci_conn_put(conn);
9df74653
JH		 3402
3403 return err;
e9a416b5
JH		 3404}
3405
f4a407be
JH		 3406void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3407{
3408 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3409 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3410
3411 cmd = find_pairing(conn);
a511b35b 3412 if (cmd) {
04ab2749 3413 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3414 mgmt_pending_remove(cmd);
3415 }
f4a407be
JH		 3416}
3417
e9a416b5
JH		 3418static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3419{
3b0602cd 3420 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3421
3422 BT_DBG("status %u", status);
3423
3424 cmd = find_pairing(conn);
a511b35b 3425 if (!cmd) {
e9a416b5 3426 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3427 return;
3428 }
3429
3430 cmd->cmd_complete(cmd, mgmt_status(status));
3431 mgmt_pending_remove(cmd);
e9a416b5
JH		 3432}
3433
f4a407be 3434static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3435{
3b0602cd 3436 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3437
3438 BT_DBG("status %u", status);
3439
3440 if (!status)
3441 return;
3442
3443 cmd = find_pairing(conn);
a511b35b 3444 if (!cmd) {
4c47d739 3445 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3446 return;
3447 }
3448
3449 cmd->cmd_complete(cmd, mgmt_status(status));
3450 mgmt_pending_remove(cmd);
4c47d739
VA		 3451}
3452
bdb6d971 3453static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3454 u16 len)
e9a416b5 3455{
650f726d 3456 struct mgmt_cp_pair_device *cp = data;
1425acb7 3457 struct mgmt_rp_pair_device rp;
3b0602cd 3458 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3459 u8 sec_level, auth_type;
3460 struct hci_conn *conn;
e9a416b5
JH		 3461 int err;
3462
3463 BT_DBG("");
3464
f950a30e
SJ		 3465 memset(&rp, 0, sizeof(rp));
3466 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3467 rp.addr.type = cp->addr.type;
3468
4ee71b20 3469 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3470 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3471 MGMT_STATUS_INVALID_PARAMS,
3472 &rp, sizeof(rp));
4ee71b20 3473
4ec86d4c 3474 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3475 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3476 MGMT_STATUS_INVALID_PARAMS,
3477 &rp, sizeof(rp));
4ec86d4c 3478
09fd0de5 3479 hci_dev_lock(hdev);
e9a416b5 3480
5f97c1df 3481 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3482 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3483 MGMT_STATUS_NOT_POWERED, &rp,
3484 sizeof(rp));
5f97c1df
JH		 3485 goto unlock;
3486 }
3487
55e76b38
JH		 3488 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3489 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3490 MGMT_STATUS_ALREADY_PAIRED, &rp,
3491 sizeof(rp));
3492 goto unlock;
3493 }
3494
c908df36 3495 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3496 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3497
6f77d8c7 3498 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3499 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3500 auth_type);
6f77d8c7 3501 } else {
85813a7e 3502 u8 addr_type = le_addr_type(cp->addr.type);
5157b8a5 3503 struct hci_conn_params *p;
6f77d8c7 3504
7c264b10
MH		 3505 /* When pairing a new device, it is expected to remember
3506 * this device for future connections. Adding the connection
3507 * parameter information ahead of time allows tracking
3508 * of the slave preferred values and will speed up any
3509 * further connection establishment.
3510 *
3511 * If connection parameters already exist, then they
3512 * will be kept and this function does nothing.
3513 */
5157b8a5
JP		 3514 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3515
3516 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
3517 p->auto_connect = HCI_AUTO_CONN_DISABLED;
7c264b10 3518
fa142220
JP		 3519 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
3520 addr_type, sec_level,
3521 HCI_LE_CONN_TIMEOUT,
3522 HCI_ROLE_MASTER);
6f77d8c7 3523 }
7a512d01 3524
30e76272 3525 if (IS_ERR(conn)) {
489dc48e
AK		 3526 int status;
3527
3528 if (PTR_ERR(conn) == -EBUSY)
3529 status = MGMT_STATUS_BUSY;
faa81030
LR		 3530 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3531 status = MGMT_STATUS_NOT_SUPPORTED;
3532 else if (PTR_ERR(conn) == -ECONNREFUSED)
3533 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3534 else
3535 status = MGMT_STATUS_CONNECT_FAILED;
3536
2a1afb5a
JH		 3537 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3538 status, &rp, sizeof(rp));
e9a416b5
JH		 3539 goto unlock;
3540 }
3541
3542 if (conn->connect_cfm_cb) {
76a68ba0 3543 hci_conn_drop(conn);
2a1afb5a
JH		 3544 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3545 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3546 goto unlock;
3547 }
3548
2e58ef3e 3549 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3550 if (!cmd) {
3551 err = -ENOMEM;
76a68ba0 3552 hci_conn_drop(conn);
e9a416b5
JH		 3553 goto unlock;
3554 }
3555
04ab2749
JH		 3556 cmd->cmd_complete = pairing_complete;
3557
7a512d01 3558 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3559 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3560 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3561 conn->security_cfm_cb = pairing_complete_cb;
3562 conn->disconn_cfm_cb = pairing_complete_cb;
3563 } else {
3564 conn->connect_cfm_cb = le_pairing_complete_cb;
3565 conn->security_cfm_cb = le_pairing_complete_cb;
3566 conn->disconn_cfm_cb = le_pairing_complete_cb;
3567 }
7a512d01 3568
e9a416b5 3569 conn->io_capability = cp->io_cap;
f8aaf9b6 3570 cmd->user_data = hci_conn_get(conn);
e9a416b5 3571
6f78fd4b 3572 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3573 hci_conn_security(conn, sec_level, auth_type, true)) {
3574 cmd->cmd_complete(cmd, 0);
3575 mgmt_pending_remove(cmd);
3576 }
e9a416b5
JH		 3577
3578 err = 0;
3579
3580unlock:
09fd0de5 3581 hci_dev_unlock(hdev);
e9a416b5
JH		 3582 return err;
3583}
3584
04124681
GP		 3585static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3586 u16 len)
28424707 3587{
0f4e68cf 3588 struct mgmt_addr_info *addr = data;
3b0602cd 3589 struct mgmt_pending_cmd *cmd;
28424707
JH		 3590 struct hci_conn *conn;
3591 int err;
3592
3593 BT_DBG("");
3594
28424707
JH		 3595 hci_dev_lock(hdev);
3596
5f97c1df 3597 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3598 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3599 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3600 goto unlock;
3601 }
3602
333ae95d 3603 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 3604 if (!cmd) {
a69e8375
JH		 3605 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3606 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3607 goto unlock;
3608 }
3609
3610 conn = cmd->user_data;
3611
3612 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3613 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3614 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3615 goto unlock;
3616 }
3617
a511b35b
JH		 3618 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3619 mgmt_pending_remove(cmd);
28424707 3620
2a1afb5a
JH		 3621 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3622 addr, sizeof(*addr));
28424707
JH		 3623unlock:
3624 hci_dev_unlock(hdev);
28424707
JH		 3625 return err;
3626}
3627
bdb6d971 3628static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3629 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3630 u16 hci_op, __le32 passkey)
a5c29683 3631{
3b0602cd 3632 struct mgmt_pending_cmd *cmd;
0df4c185 3633 struct hci_conn *conn;
a5c29683
JH		 3634 int err;
3635
09fd0de5 3636 hci_dev_lock(hdev);
08ba5382 3637
4b34ee78 3638 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3639 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3640 MGMT_STATUS_NOT_POWERED, addr,
3641 sizeof(*addr));
0df4c185 3642 goto done;
a5c29683
JH		 3643 }
3644
1707c60e
JH		 3645 if (addr->type == BDADDR_BREDR)
3646 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3647 else
9d4c1cc1
JH		 3648 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3649 le_addr_type(addr->type));
272d90df
JH		 3650
3651 if (!conn) {
2a1afb5a
JH		 3652 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3653 MGMT_STATUS_NOT_CONNECTED, addr,
3654 sizeof(*addr));
272d90df
JH		 3655 goto done;
3656 }
47c15e2b 3657
1707c60e 3658 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3659 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3660 if (!err)
2a1afb5a
JH		 3661 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3662 MGMT_STATUS_SUCCESS, addr,
3663 sizeof(*addr));
5fe57d9e 3664 else
2a1afb5a
JH		 3665 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3666 MGMT_STATUS_FAILED, addr,
3667 sizeof(*addr));
47c15e2b 3668
47c15e2b
BG		 3669 goto done;
3670 }
3671
1707c60e 3672 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3673 if (!cmd) {
3674 err = -ENOMEM;
0df4c185 3675 goto done;
a5c29683
JH		 3676 }
3677
7776d1d8
JH		 3678 cmd->cmd_complete = addr_cmd_complete;
3679
0df4c185 3680 /* Continue with pairing via HCI */
604086b7
BG		 3681 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3682 struct hci_cp_user_passkey_reply cp;
3683
1707c60e 3684 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3685 cp.passkey = passkey;
3686 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3687 } else
1707c60e
JH		 3688 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3689 &addr->bdaddr);
604086b7 3690
a664b5bc
JH		 3691 if (err < 0)
3692 mgmt_pending_remove(cmd);
a5c29683 3693
0df4c185 3694done:
09fd0de5 3695 hci_dev_unlock(hdev);
a5c29683
JH		 3696 return err;
3697}
3698
afeb019d
JK		 3699static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3700 void *data, u16 len)
3701{
3702 struct mgmt_cp_pin_code_neg_reply *cp = data;
3703
3704 BT_DBG("");
3705
1707c60e 3706 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3707 MGMT_OP_PIN_CODE_NEG_REPLY,
3708 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3709}
3710
04124681
GP		 3711static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3712 u16 len)
0df4c185 3713{
650f726d 3714 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3715
3716 BT_DBG("");
3717
3718 if (len != sizeof(*cp))
a69e8375
JH		 3719 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3720 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3721
1707c60e 3722 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3723 MGMT_OP_USER_CONFIRM_REPLY,
3724 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3725}
3726
bdb6d971 3727static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3728 void *data, u16 len)
0df4c185 3729{
c9c2659f 3730 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3731
3732 BT_DBG("");
3733
1707c60e 3734 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3735 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3736 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3737}
3738
04124681
GP		 3739static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3740 u16 len)
604086b7 3741{
650f726d 3742 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3743
3744 BT_DBG("");
3745
1707c60e 3746 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3747 MGMT_OP_USER_PASSKEY_REPLY,
3748 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3749}
3750
bdb6d971 3751static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3752 void *data, u16 len)
604086b7 3753{
650f726d 3754 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3755
3756 BT_DBG("");
3757
1707c60e 3758 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3759 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3760 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3761}
3762
13928971 3763static void update_name(struct hci_request *req)
2b4bf397 3764{
13928971 3765 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3766 struct hci_cp_write_local_name cp;
3767
13928971 3768 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3769
890ea898 3770 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3771}
3772
1904a853 3773static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3774{
3775 struct mgmt_cp_set_local_name *cp;
3b0602cd 3776 struct mgmt_pending_cmd *cmd;
13928971
JH		 3777
3778 BT_DBG("status 0x%02x", status);
3779
3780 hci_dev_lock(hdev);
3781
333ae95d 3782 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 3783 if (!cmd)
3784 goto unlock;
3785
3786 cp = cmd->param;
3787
3788 if (status)
a69e8375
JH		 3789 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3790 mgmt_status(status));
13928971 3791 else
2a1afb5a
JH		 3792 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3793 cp, sizeof(*cp));
13928971
JH		 3794
3795 mgmt_pending_remove(cmd);
3796
3797unlock:
3798 hci_dev_unlock(hdev);
3799}
3800
bdb6d971 3801static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3802 u16 len)
b312b161 3803{
2b4bf397 3804 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3805 struct mgmt_pending_cmd *cmd;
890ea898 3806 struct hci_request req;
b312b161
JH		 3807 int err;
3808
3809 BT_DBG("");
3810
09fd0de5 3811 hci_dev_lock(hdev);
b312b161 3812
b3f2ca94
JH		 3813 /* If the old values are the same as the new ones just return a
3814 * direct command complete event.
3815 */
3816 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3817 !memcmp(hdev->short_name, cp->short_name,
3818 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3819 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3820 data, len);
b3f2ca94
JH		 3821 goto failed;
3822 }
3823
2b4bf397 3824 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3825
b5235a65 3826 if (!hdev_is_powered(hdev)) {
2b4bf397 3827 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3828
2a1afb5a
JH		 3829 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3830 data, len);
28cc7bde
JH		 3831 if (err < 0)
3832 goto failed;
3833
f6b7712e
MH		 3834 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3835 data, len, sk);
28cc7bde 3836
b5235a65
JH		 3837 goto failed;
3838 }
3839
28cc7bde 3840 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3841 if (!cmd) {
3842 err = -ENOMEM;
3843 goto failed;
3844 }
3845
13928971
JH		 3846 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3847
890ea898 3848 hci_req_init(&req, hdev);
3f985050
JH		 3849
3850 if (lmp_bredr_capable(hdev)) {
3851 update_name(&req);
3852 update_eir(&req);
3853 }
3854
7a5f4990
MH		 3855 /* The name is stored in the scan response data and so
3856 * no need to udpate the advertising data here.
3857 */
3f985050 3858 if (lmp_le_capable(hdev))
7a5f4990 3859 update_scan_rsp_data(&req);
3f985050 3860
13928971 3861 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3862 if (err < 0)
3863 mgmt_pending_remove(cmd);
3864
3865failed:
09fd0de5 3866 hci_dev_unlock(hdev);
b312b161
JH		 3867 return err;
3868}
3869
1b9441f8
JH		 3870static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3871 u16 opcode, struct sk_buff *skb)
3872{
3873 struct mgmt_rp_read_local_oob_data mgmt_rp;
3874 size_t rp_size = sizeof(mgmt_rp);
3875 struct mgmt_pending_cmd *cmd;
3876
3877 BT_DBG("%s status %u", hdev->name, status);
3878
3879 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3880 if (!cmd)
3881 return;
3882
3883 if (status || !skb) {
3884 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3885 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3886 goto remove;
3887 }
3888
3889 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3890
3891 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3892 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3893
3894 if (skb->len < sizeof(*rp)) {
3895 mgmt_cmd_status(cmd->sk, hdev->id,
3896 MGMT_OP_READ_LOCAL_OOB_DATA,
3897 MGMT_STATUS_FAILED);
3898 goto remove;
3899 }
3900
3901 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3902 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3903
3904 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3905 } else {
3906 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3907
3908 if (skb->len < sizeof(*rp)) {
3909 mgmt_cmd_status(cmd->sk, hdev->id,
3910 MGMT_OP_READ_LOCAL_OOB_DATA,
3911 MGMT_STATUS_FAILED);
3912 goto remove;
3913 }
3914
3915 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3916 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3917
3918 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3919 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3920 }
3921
3922 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3923 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3924
3925remove:
3926 mgmt_pending_remove(cmd);
3927}
3928
0f4e68cf 3929static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3930 void *data, u16 data_len)
c35938b2 3931{
3b0602cd 3932 struct mgmt_pending_cmd *cmd;
1b9441f8 3933 struct hci_request req;
c35938b2
SJ		 3934 int err;
3935
bdb6d971 3936 BT_DBG("%s", hdev->name);
c35938b2 3937
09fd0de5 3938 hci_dev_lock(hdev);
c35938b2 3939
4b34ee78 3940 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3941 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3942 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3943 goto unlock;
3944 }
3945
9a1a1996 3946 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3947 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3948 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3949 goto unlock;
3950 }
3951
333ae95d 3952 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3953 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3954 MGMT_STATUS_BUSY);
c35938b2
SJ		 3955 goto unlock;
3956 }
3957
2e58ef3e 3958 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3959 if (!cmd) {
3960 err = -ENOMEM;
3961 goto unlock;
3962 }
3963
1b9441f8
JH		 3964 hci_req_init(&req, hdev);
3965
710f11c0 3966 if (bredr_sc_enabled(hdev))
1b9441f8 3967 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4d2d2796 3968 else
1b9441f8 3969 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4d2d2796 3970
1b9441f8 3971 err = hci_req_run_skb(&req, read_local_oob_data_complete);
c35938b2
SJ		 3972 if (err < 0)
3973 mgmt_pending_remove(cmd);
3974
3975unlock:
09fd0de5 3976 hci_dev_unlock(hdev);
c35938b2
SJ		 3977 return err;
3978}
3979
bdb6d971 3980static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3981 void *data, u16 len)
2763eda6 3982{
5d57e796 3983 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3984 int err;
3985
bdb6d971 3986 BT_DBG("%s ", hdev->name);
2763eda6 3987
5d57e796 3988 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3989 return mgmt_cmd_complete(sk, hdev->id,
3990 MGMT_OP_ADD_REMOTE_OOB_DATA,
3991 MGMT_STATUS_INVALID_PARAMS,
3992 addr, sizeof(*addr));
5d57e796 3993
09fd0de5 3994 hci_dev_lock(hdev);
2763eda6 3995
ec109113
MH		 3996 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3997 struct mgmt_cp_add_remote_oob_data *cp = data;
3998 u8 status;
bf1e3541 3999
c19a495c 4000 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 4001 err = mgmt_cmd_complete(sk, hdev->id,
4002 MGMT_OP_ADD_REMOTE_OOB_DATA,
4003 MGMT_STATUS_INVALID_PARAMS,
4004 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 4005 goto unlock;
4006 }
4007
ec109113 4008 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 4009 cp->addr.type, cp->hash,
4010 cp->rand, NULL, NULL);
ec109113
MH		 4011 if (err < 0)
4012 status = MGMT_STATUS_FAILED;
4013 else
4014 status = MGMT_STATUS_SUCCESS;
4015
2a1afb5a
JH		 4016 err = mgmt_cmd_complete(sk, hdev->id,
4017 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
4018 &cp->addr, sizeof(cp->addr));
ec109113
MH		 4019 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
4020 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 4021 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 4022 u8 status;
4023
86df9200 4024 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 4025 /* Enforce zero-valued 192-bit parameters as
4026 * long as legacy SMP OOB isn't implemented.
4027 */
4028 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
4029 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 4030 err = mgmt_cmd_complete(sk, hdev->id,
4031 MGMT_OP_ADD_REMOTE_OOB_DATA,
4032 MGMT_STATUS_INVALID_PARAMS,
4033 addr, sizeof(*addr));
d25b78e2
JH		 4034 goto unlock;
4035 }
4036
86df9200
JH		 4037 rand192 = NULL;
4038 hash192 = NULL;
4039 } else {
41bcfd50
MH		 4040 /* In case one of the P-192 values is set to zero,
4041 * then just disable OOB data for P-192.
4042 */
4043 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
4044 !memcmp(cp->hash192, ZERO_KEY, 16)) {
4045 rand192 = NULL;
4046 hash192 = NULL;
4047 } else {
4048 rand192 = cp->rand192;
4049 hash192 = cp->hash192;
4050 }
4051 }
4052
4053 /* In case one of the P-256 values is set to zero, then just
4054 * disable OOB data for P-256.
4055 */
4056 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
4057 !memcmp(cp->hash256, ZERO_KEY, 16)) {
4058 rand256 = NULL;
4059 hash256 = NULL;
4060 } else {
4061 rand256 = cp->rand256;
4062 hash256 = cp->hash256;
86df9200
JH		 4063 }
4064
81328d5c 4065 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 4066 cp->addr.type, hash192, rand192,
41bcfd50 4067 hash256, rand256);
ec109113
MH		 4068 if (err < 0)
4069 status = MGMT_STATUS_FAILED;
4070 else
4071 status = MGMT_STATUS_SUCCESS;
4072
2a1afb5a
JH		 4073 err = mgmt_cmd_complete(sk, hdev->id,
4074 MGMT_OP_ADD_REMOTE_OOB_DATA,
4075 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 4076 } else {
4077 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 4078 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
4079 MGMT_STATUS_INVALID_PARAMS);
ec109113 4080 }
2763eda6 4081
c19a495c 4082unlock:
09fd0de5 4083 hci_dev_unlock(hdev);
2763eda6
SJ		 4084 return err;
4085}
4086
bdb6d971 4087static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 4088 void *data, u16 len)
2763eda6 4089{
650f726d 4090 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 4091 u8 status;
2763eda6
SJ		 4092 int err;
4093
bdb6d971 4094 BT_DBG("%s", hdev->name);
2763eda6 4095
c19a495c 4096 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 4097 return mgmt_cmd_complete(sk, hdev->id,
4098 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4099 MGMT_STATUS_INVALID_PARAMS,
4100 &cp->addr, sizeof(cp->addr));
c19a495c 4101
09fd0de5 4102 hci_dev_lock(hdev);
2763eda6 4103
eedbd581
JH		 4104 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4105 hci_remote_oob_data_clear(hdev);
4106 status = MGMT_STATUS_SUCCESS;
4107 goto done;
4108 }
4109
6928a924 4110 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 4111 if (err < 0)
bf1e3541 4112 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 4113 else
a6785be2 4114 status = MGMT_STATUS_SUCCESS;
bf1e3541 4115
eedbd581 4116done:
2a1afb5a
JH		 4117 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4118 status, &cp->addr, sizeof(cp->addr));
2763eda6 4119
09fd0de5 4120 hci_dev_unlock(hdev);
2763eda6
SJ		 4121 return err;
4122}
4123
e68f072b 4124void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
7c307720 4125{
3b0602cd 4126 struct mgmt_pending_cmd *cmd;
ae55f598 4127
7c307720
AG		 4128 BT_DBG("status %d", status);
4129
11e6e25d 4130 hci_dev_lock(hdev);
41dc2bd6 4131
333ae95d 4132 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 4133 if (!cmd)
333ae95d 4134 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 4135
11e6e25d 4136 if (cmd) {
2922a94f 4137 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 4138 mgmt_pending_remove(cmd);
4139 }
7c307720 4140
11e6e25d 4141 hci_dev_unlock(hdev);
7c307720
AG		 4142}
4143
591752af
JH		 4144static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
4145 uint8_t *mgmt_status)
4146{
4147 switch (type) {
4148 case DISCOV_TYPE_LE:
4149 *mgmt_status = mgmt_le_support(hdev);
4150 if (*mgmt_status)
4151 return false;
4152 break;
4153 case DISCOV_TYPE_INTERLEAVED:
4154 *mgmt_status = mgmt_le_support(hdev);
4155 if (*mgmt_status)
4156 return false;
4157 /* Intentional fall-through */
4158 case DISCOV_TYPE_BREDR:
4159 *mgmt_status = mgmt_bredr_support(hdev);
4160 if (*mgmt_status)
4161 return false;
4162 break;
4163 default:
4164 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
4165 return false;
4166 }
4167
4168 return true;
4169}
4170
bdb6d971 4171static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 4172 void *data, u16 len)
14a53664 4173{
650f726d 4174 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 4175 struct mgmt_pending_cmd *cmd;
8019044d 4176 u8 status;
14a53664
JH		 4177 int err;
4178
bdb6d971 4179 BT_DBG("%s", hdev->name);
14a53664 4180
09fd0de5 4181 hci_dev_lock(hdev);
14a53664 4182
4b34ee78 4183 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4184 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4185 MGMT_STATUS_NOT_POWERED,
4186 &cp->type, sizeof(cp->type));
bd2d1334
JH		 4187 goto failed;
4188 }
4189
f5a969f2 4190 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4191 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4192 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4193 MGMT_STATUS_BUSY, &cp->type,
4194 sizeof(cp->type));
642be6c7
AG		 4195 goto failed;
4196 }
4197
591752af
JH		 4198 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
4199 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4200 status, &cp->type, sizeof(cp->type));
4201 goto failed;
4202 }
4203
22078800
MH		 4204 /* Clear the discovery filter first to free any previously
4205 * allocated memory for the UUID list.
4206 */
4207 hci_discovery_filter_clear(hdev);
4208
4aab14e5 4209 hdev->discovery.type = cp->type;
da25cf6a 4210 hdev->discovery.report_invalid_rssi = false;
4aab14e5 4211
e68f072b
JH		 4212 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
4213 if (!cmd) {
4214 err = -ENOMEM;
04106755 4215 goto failed;
f39799f5 4216 }
04106755 4217
e68f072b 4218 cmd->cmd_complete = generic_cmd_complete;
7c307720 4219
f5a969f2 4220 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 4221 queue_work(hdev->req_workqueue, &hdev->discov_update);
4222 err = 0;
7c307720 4223
14a53664 4224failed:
09fd0de5 4225 hci_dev_unlock(hdev);
14a53664
JH		 4226 return err;
4227}
f39799f5 4228
3b0602cd
JH		 4229static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4230 u8 status)
2922a94f 4231{
2a1afb5a
JH		 4232 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4233 cmd->param, 1);
2922a94f 4234}
04106755 4235
66ea9427
JP		 4236static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4237 void *data, u16 len)
4238{
4239 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 4240 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 4241 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4242 u16 uuid_count, expected_len;
4243 u8 status;
4244 int err;
04106755 4245
66ea9427 4246 BT_DBG("%s", hdev->name);
e8bb6b97 4247
66ea9427 4248 hci_dev_lock(hdev);
7c307720 4249
66ea9427 4250 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4251 err = mgmt_cmd_complete(sk, hdev->id,
4252 MGMT_OP_START_SERVICE_DISCOVERY,
4253 MGMT_STATUS_NOT_POWERED,
4254 &cp->type, sizeof(cp->type));
66ea9427
JP		 4255 goto failed;
4256 }
7c307720 4257
66ea9427 4258 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4259 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4260 err = mgmt_cmd_complete(sk, hdev->id,
4261 MGMT_OP_START_SERVICE_DISCOVERY,
4262 MGMT_STATUS_BUSY, &cp->type,
4263 sizeof(cp->type));
66ea9427
JP		 4264 goto failed;
4265 }
d9483943 4266
66ea9427
JP		 4267 uuid_count = __le16_to_cpu(cp->uuid_count);
4268 if (uuid_count > max_uuid_count) {
4269 BT_ERR("service_discovery: too big uuid_count value %u",
4270 uuid_count);
2a1afb5a
JH		 4271 err = mgmt_cmd_complete(sk, hdev->id,
4272 MGMT_OP_START_SERVICE_DISCOVERY,
4273 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4274 sizeof(cp->type));
66ea9427
JP		 4275 goto failed;
4276 }
4277
4278 expected_len = sizeof(*cp) + uuid_count * 16;
4279 if (expected_len != len) {
4280 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4281 expected_len, len);
2a1afb5a
JH		 4282 err = mgmt_cmd_complete(sk, hdev->id,
4283 MGMT_OP_START_SERVICE_DISCOVERY,
4284 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4285 sizeof(cp->type));
66ea9427
JP		 4286 goto failed;
4287 }
4288
591752af
JH		 4289 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
4290 err = mgmt_cmd_complete(sk, hdev->id,
4291 MGMT_OP_START_SERVICE_DISCOVERY,
4292 status, &cp->type, sizeof(cp->type));
4293 goto failed;
4294 }
4295
66ea9427 4296 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4297 hdev, data, len);
66ea9427
JP		 4298 if (!cmd) {
4299 err = -ENOMEM;
4300 goto failed;
4301 }
4302
2922a94f
JH		 4303 cmd->cmd_complete = service_discovery_cmd_complete;
4304
22078800
MH		 4305 /* Clear the discovery filter first to free any previously
4306 * allocated memory for the UUID list.
4307 */
4308 hci_discovery_filter_clear(hdev);
4309
82f8b651 4310 hdev->discovery.result_filtering = true;
66ea9427
JP		 4311 hdev->discovery.type = cp->type;
4312 hdev->discovery.rssi = cp->rssi;
4313 hdev->discovery.uuid_count = uuid_count;
4314
4315 if (uuid_count > 0) {
4316 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4317 GFP_KERNEL);
4318 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4319 err = mgmt_cmd_complete(sk, hdev->id,
4320 MGMT_OP_START_SERVICE_DISCOVERY,
4321 MGMT_STATUS_FAILED,
4322 &cp->type, sizeof(cp->type));
d9483943
JH		 4323 mgmt_pending_remove(cmd);
4324 goto failed;
4325 }
66ea9427 4326 }
d9483943 4327
66ea9427 4328 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 4329 queue_work(hdev->req_workqueue, &hdev->discov_update);
4330 err = 0;
14a53664
JH		 4331
4332failed:
09fd0de5 4333 hci_dev_unlock(hdev);
14a53664
JH		 4334 return err;
4335}
4336
2154d3f4 4337void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca 4338{
3b0602cd 4339 struct mgmt_pending_cmd *cmd;
1183fdca 4340
0e05bba6
AG		 4341 BT_DBG("status %d", status);
4342
4343 hci_dev_lock(hdev);
4344
333ae95d 4345 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 4346 if (cmd) {
2922a94f 4347 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4348 mgmt_pending_remove(cmd);
0e05bba6
AG		 4349 }
4350
0e05bba6
AG		 4351 hci_dev_unlock(hdev);
4352}
4353
bdb6d971 4354static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4355 u16 len)
14a53664 4356{
d930650b 4357 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4358 struct mgmt_pending_cmd *cmd;
14a53664
JH		 4359 int err;
4360
bdb6d971 4361 BT_DBG("%s", hdev->name);
14a53664 4362
09fd0de5 4363 hci_dev_lock(hdev);
14a53664 4364
30dc78e1 4365 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4366 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4367 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4368 sizeof(mgmt_cp->type));
d930650b
JH		 4369 goto unlock;
4370 }
4371
4372 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4373 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4374 MGMT_STATUS_INVALID_PARAMS,
4375 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4376 goto unlock;
ff9ef578
JH		 4377 }
4378
2922a94f 4379 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4380 if (!cmd) {
4381 err = -ENOMEM;
30dc78e1
JH		 4382 goto unlock;
4383 }
4384
2922a94f
JH		 4385 cmd->cmd_complete = generic_cmd_complete;
4386
2154d3f4
JH		 4387 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4388 queue_work(hdev->req_workqueue, &hdev->discov_update);
4389 err = 0;
14a53664 4390
30dc78e1 4391unlock:
09fd0de5 4392 hci_dev_unlock(hdev);
14a53664
JH		 4393 return err;
4394}
4395
bdb6d971 4396static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4397 u16 len)
561aafbc 4398{
650f726d 4399 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4400 struct inquiry_entry *e;
561aafbc
JH		 4401 int err;
4402
bdb6d971 4403 BT_DBG("%s", hdev->name);
561aafbc 4404
561aafbc
JH		 4405 hci_dev_lock(hdev);
4406
30dc78e1 4407 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4408 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4409 MGMT_STATUS_FAILED, &cp->addr,
4410 sizeof(cp->addr));
30dc78e1
JH		 4411 goto failed;
4412 }
4413
a198e7b1 4414 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4415 if (!e) {
2a1afb5a
JH		 4416 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4417 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4418 sizeof(cp->addr));
561aafbc
JH		 4419 goto failed;
4420 }
4421
4422 if (cp->name_known) {
4423 e->name_state = NAME_KNOWN;
4424 list_del(&e->list);
4425 } else {
4426 e->name_state = NAME_NEEDED;
a3d4e20a 4427 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4428 }
4429
2a1afb5a
JH		 4430 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4431 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4432
4433failed:
4434 hci_dev_unlock(hdev);
561aafbc
JH		 4435 return err;
4436}
4437
bdb6d971 4438static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4439 u16 len)
7fbec224 4440{
650f726d 4441 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4442 u8 status;
7fbec224
AJ		 4443 int err;
4444
bdb6d971 4445 BT_DBG("%s", hdev->name);
7fbec224 4446
4ee71b20 4447 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4448 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4449 MGMT_STATUS_INVALID_PARAMS,
4450 &cp->addr, sizeof(cp->addr));
4ee71b20 4451
09fd0de5 4452 hci_dev_lock(hdev);
5e762444 4453
dcc36c16
JH		 4454 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4455 cp->addr.type);
2a8357f2 4456 if (err < 0) {
f0eeea8b 4457 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4458 goto done;
4459 }
4460
4461 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4462 sk);
4463 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4464
2a8357f2 4465done:
2a1afb5a
JH		 4466 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4467 &cp->addr, sizeof(cp->addr));
5e762444 4468
09fd0de5 4469 hci_dev_unlock(hdev);
7fbec224
AJ		 4470
4471 return err;
4472}
4473
bdb6d971 4474static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4475 u16 len)
7fbec224 4476{
650f726d 4477 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4478 u8 status;
7fbec224
AJ		 4479 int err;
4480
bdb6d971 4481 BT_DBG("%s", hdev->name);
7fbec224 4482
4ee71b20 4483 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4484 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4485 MGMT_STATUS_INVALID_PARAMS,
4486 &cp->addr, sizeof(cp->addr));
4ee71b20 4487
09fd0de5 4488 hci_dev_lock(hdev);
5e762444 4489
dcc36c16
JH		 4490 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4491 cp->addr.type);
2a8357f2 4492 if (err < 0) {
f0eeea8b 4493 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4494 goto done;
4495 }
4496
4497 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4498 sk);
4499 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4500
2a8357f2 4501done:
2a1afb5a
JH		 4502 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4503 &cp->addr, sizeof(cp->addr));
5e762444 4504
09fd0de5 4505 hci_dev_unlock(hdev);
7fbec224
AJ		 4506
4507 return err;
4508}
4509
cdbaccca
MH		 4510static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4511 u16 len)
4512{
4513 struct mgmt_cp_set_device_id *cp = data;
890ea898 4514 struct hci_request req;
cdbaccca 4515 int err;
c72d4b8a 4516 __u16 source;
cdbaccca
MH		 4517
4518 BT_DBG("%s", hdev->name);
4519
c72d4b8a
SJ		 4520 source = __le16_to_cpu(cp->source);
4521
4522 if (source > 0x0002)
a69e8375
JH		 4523 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4524 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4525
cdbaccca
MH		 4526 hci_dev_lock(hdev);
4527
c72d4b8a 4528 hdev->devid_source = source;
cdbaccca
MH		 4529 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4530 hdev->devid_product = __le16_to_cpu(cp->product);
4531 hdev->devid_version = __le16_to_cpu(cp->version);
4532
2a1afb5a
JH		 4533 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4534 NULL, 0);
cdbaccca 4535
890ea898
JH		 4536 hci_req_init(&req, hdev);
4537 update_eir(&req);
4538 hci_req_run(&req, NULL);
cdbaccca
MH		 4539
4540 hci_dev_unlock(hdev);
4541
4542 return err;
4543}
4544
24b4f38f
AU		 4545static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4546 u16 opcode)
4547{
4548 BT_DBG("status %d", status);
4549}
4550
1904a853
MH		 4551static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4552 u16 opcode)
4375f103
JH		 4553{
4554 struct cmd_lookup match = { NULL, hdev };
24b4f38f 4555 struct hci_request req;
7816b820
FG		 4556 u8 instance;
4557 struct adv_info *adv_instance;
4558 int err;
4375f103 4559
3ad67582
JK		 4560 hci_dev_lock(hdev);
4561
4375f103
JH		 4562 if (status) {
4563 u8 mgmt_err = mgmt_status(status);
4564
4565 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4566 cmd_status_rsp, &mgmt_err);
3ad67582 4567 goto unlock;
4375f103
JH		 4568 }
4569
d7a5a11d 4570 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 4571 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 4572 else
a358dc11 4573 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 4574
4375f103
JH		 4575 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4576 &match);
4577
4578 new_settings(hdev, match.sk);
4579
4580 if (match.sk)
4581 sock_put(match.sk);
3ad67582 4582
24b4f38f 4583 /* If "Set Advertising" was just disabled and instance advertising was
7816b820 4584 * set up earlier, then re-enable multi-instance advertising.
24b4f38f
AU		 4585 */
4586 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7816b820
FG		 4587 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) ||
4588 list_empty(&hdev->adv_instances))
24b4f38f
AU		 4589 goto unlock;
4590
7816b820
FG		 4591 instance = hdev->cur_adv_instance;
4592 if (!instance) {
4593 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
4594 struct adv_info, list);
4595 if (!adv_instance)
4596 goto unlock;
4597
4598 instance = adv_instance->instance;
4599 }
4600
24b4f38f
AU		 4601 hci_req_init(&req, hdev);
4602
7816b820
FG		 4603 err = schedule_adv_instance(&req, instance, true);
4604
4605 if (!err)
4606 err = hci_req_run(&req, enable_advertising_instance);
24b4f38f 4607
7816b820 4608 if (err)
24b4f38f
AU		 4609 BT_ERR("Failed to re-configure advertising");
4610
3ad67582
JK		 4611unlock:
4612 hci_dev_unlock(hdev);
4375f103
JH		 4613}
4614
21b5187f
MH		 4615static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4616 u16 len)
4375f103
JH		 4617{
4618 struct mgmt_mode *cp = data;
3b0602cd 4619 struct mgmt_pending_cmd *cmd;
4375f103 4620 struct hci_request req;
cc91cb04 4621 u8 val, status;
4375f103
JH		 4622 int err;
4623
4624 BT_DBG("request for %s", hdev->name);
4625
e6fe7986
JH		 4626 status = mgmt_le_support(hdev);
4627 if (status)
a69e8375
JH		 4628 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4629 status);
4375f103 4630
cc91cb04 4631 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4632 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4633 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4634
4635 hci_dev_lock(hdev);
4636
4637 val = !!cp->val;
4375f103 4638
f74ca9b8
JH		 4639 /* The following conditions are ones which mean that we should
4640 * not do any HCI communication but directly send a mgmt
4641 * response to user space (after toggling the flag if
4642 * necessary).
4643 */
cc91cb04 4644 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 4645 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4646 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 4647 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 4648 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 4649 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 4650 bool changed;
4375f103 4651
cc91cb04 4652 if (cp->val) {
238be788 4653 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 4654 if (cp->val == 0x02)
a1536da2 4655 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4656 else
a358dc11 4657 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4658 } else {
a69d8927 4659 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 4660 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 4661 }
4662
4663 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4664 if (err < 0)
4665 goto unlock;
4666
4667 if (changed)
4668 err = new_settings(hdev, sk);
4669
4670 goto unlock;
4671 }
4672
333ae95d
JH		 4673 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4674 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4675 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4676 MGMT_STATUS_BUSY);
4375f103
JH		 4677 goto unlock;
4678 }
4679
4680 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4681 if (!cmd) {
4682 err = -ENOMEM;
4683 goto unlock;
4684 }
4685
4686 hci_req_init(&req, hdev);
4687
cc91cb04 4688 if (cp->val == 0x02)
a1536da2 4689 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4690 else
a358dc11 4691 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4692
7816b820
FG		 4693 cancel_adv_timeout(hdev);
4694
24b4f38f 4695 if (val) {
7816b820
FG		 4696 /* Switch to instance "0" for the Set Advertising setting.
4697 * We cannot use update_[adv|scan_rsp]_data() here as the
4698 * HCI_ADVERTISING flag is not yet set.
4699 */
efae002c
FG		 4700 update_inst_adv_data(&req, 0x00);
4701 update_inst_scan_rsp_data(&req, 0x00);
bba3aa55 4702 enable_advertising(&req);
24b4f38f 4703 } else {
bba3aa55 4704 disable_advertising(&req);
24b4f38f 4705 }
4375f103
JH		 4706
4707 err = hci_req_run(&req, set_advertising_complete);
4708 if (err < 0)
4709 mgmt_pending_remove(cmd);
4710
4711unlock:
4712 hci_dev_unlock(hdev);
4713 return err;
4714}
4715
d13eafce
MH		 4716static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4717 void *data, u16 len)
4718{
4719 struct mgmt_cp_set_static_address *cp = data;
4720 int err;
4721
4722 BT_DBG("%s", hdev->name);
4723
62af4443 4724 if (!lmp_le_capable(hdev))
a69e8375
JH		 4725 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4726 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4727
4728 if (hdev_is_powered(hdev))
a69e8375
JH		 4729 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4730 MGMT_STATUS_REJECTED);
d13eafce
MH		 4731
4732 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4733 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4734 return mgmt_cmd_status(sk, hdev->id,
4735 MGMT_OP_SET_STATIC_ADDRESS,
4736 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4737
4738 /* Two most significant bits shall be set */
4739 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4740 return mgmt_cmd_status(sk, hdev->id,
4741 MGMT_OP_SET_STATIC_ADDRESS,
4742 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4743 }
4744
4745 hci_dev_lock(hdev);
4746
4747 bacpy(&hdev->static_addr, &cp->bdaddr);
4748
93690c22
MH		 4749 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4750 if (err < 0)
4751 goto unlock;
4752
4753 err = new_settings(hdev, sk);
d13eafce 4754
93690c22 4755unlock:
d13eafce 4756 hci_dev_unlock(hdev);
d13eafce
MH		 4757 return err;
4758}
4759
14b49b9a
MH		 4760static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4761 void *data, u16 len)
4762{
4763 struct mgmt_cp_set_scan_params *cp = data;
4764 __u16 interval, window;
4765 int err;
4766
4767 BT_DBG("%s", hdev->name);
4768
4769 if (!lmp_le_capable(hdev))
a69e8375
JH		 4770 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4771 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4772
4773 interval = __le16_to_cpu(cp->interval);
4774
4775 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4776 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4777 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4778
4779 window = __le16_to_cpu(cp->window);
4780
4781 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4782 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4783 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4784
899e1075 4785 if (window > interval)
a69e8375
JH		 4786 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4787 MGMT_STATUS_INVALID_PARAMS);
899e1075 4788
14b49b9a
MH		 4789 hci_dev_lock(hdev);
4790
4791 hdev->le_scan_interval = interval;
4792 hdev->le_scan_window = window;
4793
2a1afb5a
JH		 4794 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4795 NULL, 0);
14b49b9a 4796
dd2ef8e2
AG		 4797 /* If background scan is running, restart it so new parameters are
4798 * loaded.
4799 */
d7a5a11d 4800 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4801 hdev->discovery.state == DISCOVERY_STOPPED) {
4802 struct hci_request req;
4803
4804 hci_req_init(&req, hdev);
4805
4806 hci_req_add_le_scan_disable(&req);
4807 hci_req_add_le_passive_scan(&req);
4808
4809 hci_req_run(&req, NULL);
4810 }
4811
14b49b9a
MH		 4812 hci_dev_unlock(hdev);
4813
4814 return err;
4815}
4816
1904a853
MH		 4817static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4818 u16 opcode)
33e38b3e 4819{
3b0602cd 4820 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4821
4822 BT_DBG("status 0x%02x", status);
4823
4824 hci_dev_lock(hdev);
4825
333ae95d 4826 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
33e38b3e
JH		 4827 if (!cmd)
4828 goto unlock;
4829
4830 if (status) {
a69e8375
JH		 4831 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4832 mgmt_status(status));
33e38b3e 4833 } else {
1a4d3c4b
JH		 4834 struct mgmt_mode *cp = cmd->param;
4835
4836 if (cp->val)
a1536da2 4837 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4838 else
a358dc11 4839 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4840
33e38b3e
JH		 4841 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4842 new_settings(hdev, cmd->sk);
4843 }
4844
4845 mgmt_pending_remove(cmd);
4846
4847unlock:
4848 hci_dev_unlock(hdev);
4849}
4850
bdb6d971 4851static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4852 void *data, u16 len)
f6422ec6 4853{
650f726d 4854 struct mgmt_mode *cp = data;
3b0602cd 4855 struct mgmt_pending_cmd *cmd;
33e38b3e 4856 struct hci_request req;
f6422ec6
AJ		 4857 int err;
4858
bdb6d971 4859 BT_DBG("%s", hdev->name);
f6422ec6 4860
d7a5a11d 4861 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4862 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4863 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4864 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4865
a7e80f25 4866 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4867 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4868 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4869
f6422ec6
AJ		 4870 hci_dev_lock(hdev);
4871
333ae95d 4872 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4873 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4874 MGMT_STATUS_BUSY);
05cbf29f
JH		 4875 goto unlock;
4876 }
4877
d7a5a11d 4878 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4879 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4880 hdev);
4881 goto unlock;
4882 }
4883
406ef2a6 4884 if (!hdev_is_powered(hdev)) {
ce05d603 4885 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4886 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4887 hdev);
4888 new_settings(hdev, sk);
4889 goto unlock;
4890 }
4891
33e38b3e
JH		 4892 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4893 data, len);
4894 if (!cmd) {
4895 err = -ENOMEM;
4896 goto unlock;
f6422ec6
AJ		 4897 }
4898
33e38b3e
JH		 4899 hci_req_init(&req, hdev);
4900
406d7804 4901 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4902
4903 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4904 if (err < 0) {
a69e8375
JH		 4905 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4906 MGMT_STATUS_FAILED);
33e38b3e 4907 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4908 }
4909
33e38b3e 4910unlock:
f6422ec6 4911 hci_dev_unlock(hdev);
33e38b3e 4912
f6422ec6
AJ		 4913 return err;
4914}
4915
1904a853 4916static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4917{
3b0602cd 4918 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4919
4920 BT_DBG("status 0x%02x", status);
4921
4922 hci_dev_lock(hdev);
4923
333ae95d 4924 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
0663ca2a
JH		 4925 if (!cmd)
4926 goto unlock;
4927
4928 if (status) {
4929 u8 mgmt_err = mgmt_status(status);
4930
4931 /* We need to restore the flag if related HCI commands
4932 * failed.
4933 */
a358dc11 4934 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4935
a69e8375 4936 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4937 } else {
4938 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4939 new_settings(hdev, cmd->sk);
4940 }
4941
4942 mgmt_pending_remove(cmd);
4943
4944unlock:
4945 hci_dev_unlock(hdev);
4946}
4947
4948static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4949{
4950 struct mgmt_mode *cp = data;
3b0602cd 4951 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4952 struct hci_request req;
4953 int err;
4954
4955 BT_DBG("request for %s", hdev->name);
4956
4957 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4958 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4959 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4960
d7a5a11d 4961 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4962 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4963 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4964
4965 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4966 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4967 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4968
4969 hci_dev_lock(hdev);
4970
d7a5a11d 4971 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4972 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4973 goto unlock;
4974 }
4975
4976 if (!hdev_is_powered(hdev)) {
4977 if (!cp->val) {
a358dc11
MH		 4978 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4979 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4980 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4981 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4982 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4983 }
4984
ce05d603 4985 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4986
4987 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4988 if (err < 0)
4989 goto unlock;
4990
4991 err = new_settings(hdev, sk);
4992 goto unlock;
4993 }
4994
4995 /* Reject disabling when powered on */
4996 if (!cp->val) {
a69e8375
JH		 4997 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4998 MGMT_STATUS_REJECTED);
0663ca2a 4999 goto unlock;
111e4bcc
MH		 5000 } else {
5001 /* When configuring a dual-mode controller to operate
5002 * with LE only and using a static address, then switching
5003 * BR/EDR back on is not allowed.
5004 *
5005 * Dual-mode controllers shall operate with the public
5006 * address as its identity address for BR/EDR and LE. So
5007 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 5008 *
5009 * The same restrictions applies when secure connections
5010 * has been enabled. For BR/EDR this is a controller feature
5011 * while for LE it is a host stack feature. This means that
5012 * switching BR/EDR back on when secure connections has been
5013 * enabled is not a supported transaction.
111e4bcc 5014 */
d7a5a11d 5015 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 5016 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 5017 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 5018 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5019 MGMT_STATUS_REJECTED);
111e4bcc
MH		 5020 goto unlock;
5021 }
0663ca2a
JH		 5022 }
5023
333ae95d 5024 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 5025 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5026 MGMT_STATUS_BUSY);
0663ca2a
JH		 5027 goto unlock;
5028 }
5029
5030 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5031 if (!cmd) {
5032 err = -ENOMEM;
5033 goto unlock;
5034 }
5035
5947f4bc 5036 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 5037 * generates the correct flags.
5038 */
a1536da2 5039 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 5040
5041 hci_req_init(&req, hdev);
aa8af46e 5042
432df05e 5043 write_fast_connectable(&req, false);
1d2dc5b7 5044 __hci_update_page_scan(&req);
aa8af46e 5045
f14d8f64
MH		 5046 /* Since only the advertising data flags will change, there
5047 * is no need to update the scan response data.
5048 */
5947f4bc 5049 update_adv_data(&req);
aa8af46e 5050
0663ca2a
JH		 5051 err = hci_req_run(&req, set_bredr_complete);
5052 if (err < 0)
5053 mgmt_pending_remove(cmd);
5054
5055unlock:
5056 hci_dev_unlock(hdev);
5057 return err;
5058}
5059
a1443f5a
JH		 5060static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5061{
3b0602cd 5062 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 5063 struct mgmt_mode *cp;
5064
5065 BT_DBG("%s status %u", hdev->name, status);
5066
5067 hci_dev_lock(hdev);
5068
333ae95d 5069 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
a1443f5a
JH		 5070 if (!cmd)
5071 goto unlock;
5072
5073 if (status) {
a69e8375
JH		 5074 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5075 mgmt_status(status));
a1443f5a
JH		 5076 goto remove;
5077 }
5078
5079 cp = cmd->param;
5080
5081 switch (cp->val) {
5082 case 0x00:
a358dc11
MH		 5083 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5084 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5085 break;
5086 case 0x01:
a1536da2 5087 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 5088 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5089 break;
5090 case 0x02:
a1536da2
MH		 5091 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5092 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5093 break;
5094 }
5095
5096 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5097 new_settings(hdev, cmd->sk);
5098
5099remove:
5100 mgmt_pending_remove(cmd);
5101unlock:
5102 hci_dev_unlock(hdev);
5103}
5104
eac83dc6
MH		 5105static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5106 void *data, u16 len)
5107{
5108 struct mgmt_mode *cp = data;
3b0602cd 5109 struct mgmt_pending_cmd *cmd;
a1443f5a 5110 struct hci_request req;
a3209694 5111 u8 val;
eac83dc6
MH		 5112 int err;
5113
5114 BT_DBG("request for %s", hdev->name);
5115
05b3c3e7 5116 if (!lmp_sc_capable(hdev) &&
d7a5a11d 5117 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 5118 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5119 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 5120
d7a5a11d 5121 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 5122 lmp_sc_capable(hdev) &&
d7a5a11d 5123 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 5124 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5125 MGMT_STATUS_REJECTED);
ed93ec69 5126
0ab04a9c 5127 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 5128 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 5129 MGMT_STATUS_INVALID_PARAMS);
5130
5131 hci_dev_lock(hdev);
5132
05b3c3e7 5133 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 5134 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 5135 bool changed;
5136
0ab04a9c 5137 if (cp->val) {
238be788
MH		 5138 changed = !hci_dev_test_and_set_flag(hdev,
5139 HCI_SC_ENABLED);
0ab04a9c 5140 if (cp->val == 0x02)
a1536da2 5141 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5142 else
a358dc11 5143 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5144 } else {
a69d8927
MH		 5145 changed = hci_dev_test_and_clear_flag(hdev,
5146 HCI_SC_ENABLED);
a358dc11 5147 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5148 }
eac83dc6
MH		 5149
5150 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5151 if (err < 0)
5152 goto failed;
5153
5154 if (changed)
5155 err = new_settings(hdev, sk);
5156
5157 goto failed;
5158 }
5159
333ae95d 5160 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 5161 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5162 MGMT_STATUS_BUSY);
eac83dc6
MH		 5163 goto failed;
5164 }
5165
0ab04a9c
MH		 5166 val = !!cp->val;
5167
d7a5a11d
MH		 5168 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5169 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 5170 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5171 goto failed;
5172 }
5173
5174 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5175 if (!cmd) {
5176 err = -ENOMEM;
5177 goto failed;
5178 }
5179
a1443f5a
JH		 5180 hci_req_init(&req, hdev);
5181 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5182 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 5183 if (err < 0) {
5184 mgmt_pending_remove(cmd);
5185 goto failed;
5186 }
5187
5188failed:
5189 hci_dev_unlock(hdev);
5190 return err;
5191}
5192
4e39ac81
MH		 5193static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5194 void *data, u16 len)
5195{
5196 struct mgmt_mode *cp = data;
b9710979 5197 bool changed, use_changed;
4e39ac81
MH		 5198 int err;
5199
5200 BT_DBG("request for %s", hdev->name);
5201
b9710979 5202 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 5203 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5204 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 5205
5206 hci_dev_lock(hdev);
5207
5208 if (cp->val)
238be788 5209 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 5210 else
a69d8927
MH		 5211 changed = hci_dev_test_and_clear_flag(hdev,
5212 HCI_KEEP_DEBUG_KEYS);
4e39ac81 5213
b9710979 5214 if (cp->val == 0x02)
238be788
MH		 5215 use_changed = !hci_dev_test_and_set_flag(hdev,
5216 HCI_USE_DEBUG_KEYS);
b9710979 5217 else
a69d8927
MH		 5218 use_changed = hci_dev_test_and_clear_flag(hdev,
5219 HCI_USE_DEBUG_KEYS);
b9710979
JH		 5220
5221 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 5222 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 5223 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5224 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5225 sizeof(mode), &mode);
5226 }
5227
4e39ac81
MH		 5228 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5229 if (err < 0)
5230 goto unlock;
5231
5232 if (changed)
5233 err = new_settings(hdev, sk);
5234
5235unlock:
5236 hci_dev_unlock(hdev);
5237 return err;
5238}
5239
62b04cd1
JH		 5240static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5241 u16 len)
5242{
5243 struct mgmt_cp_set_privacy *cp = cp_data;
5244 bool changed;
5245 int err;
5246
5247 BT_DBG("request for %s", hdev->name);
5248
5249 if (!lmp_le_capable(hdev))
a69e8375
JH		 5250 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5251 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 5252
5253 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 5254 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5255 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 5256
5257 if (hdev_is_powered(hdev))
a69e8375
JH		 5258 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5259 MGMT_STATUS_REJECTED);
62b04cd1
JH		 5260
5261 hci_dev_lock(hdev);
5262
c21c0ea0
JH		 5263 /* If user space supports this command it is also expected to
5264 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5265 */
a1536da2 5266 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 5267
62b04cd1 5268 if (cp->privacy) {
238be788 5269 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 5270 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 5271 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1 5272 } else {
a69d8927 5273 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 5274 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 5275 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 5276 }
5277
5278 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5279 if (err < 0)
5280 goto unlock;
5281
5282 if (changed)
5283 err = new_settings(hdev, sk);
5284
5285unlock:
5286 hci_dev_unlock(hdev);
5287 return err;
5288}
5289
41edf160
JH		 5290static bool irk_is_valid(struct mgmt_irk_info *irk)
5291{
5292 switch (irk->addr.type) {
5293 case BDADDR_LE_PUBLIC:
5294 return true;
5295
5296 case BDADDR_LE_RANDOM:
5297 /* Two most significant bits shall be set */
5298 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5299 return false;
5300 return true;
5301 }
5302
5303 return false;
5304}
5305
5306static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5307 u16 len)
5308{
5309 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5310 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5311 sizeof(struct mgmt_irk_info));
41edf160
JH		 5312 u16 irk_count, expected_len;
5313 int i, err;
5314
5315 BT_DBG("request for %s", hdev->name);
5316
5317 if (!lmp_le_capable(hdev))
a69e8375
JH		 5318 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5319 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5320
5321 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 5322 if (irk_count > max_irk_count) {
5323 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 5324 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5325 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5326 }
41edf160
JH		 5327
5328 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5329 if (expected_len != len) {
5330 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 5331 expected_len, len);
a69e8375
JH		 5332 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5333 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5334 }
5335
5336 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5337
5338 for (i = 0; i < irk_count; i++) {
5339 struct mgmt_irk_info *key = &cp->irks[i];
5340
5341 if (!irk_is_valid(key))
a69e8375
JH		 5342 return mgmt_cmd_status(sk, hdev->id,
5343 MGMT_OP_LOAD_IRKS,
5344 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5345 }
5346
5347 hci_dev_lock(hdev);
5348
5349 hci_smp_irks_clear(hdev);
5350
5351 for (i = 0; i < irk_count; i++) {
5352 struct mgmt_irk_info *irk = &cp->irks[i];
41edf160 5353
85813a7e
JH		 5354 hci_add_irk(hdev, &irk->addr.bdaddr,
5355 le_addr_type(irk->addr.type), irk->val,
41edf160
JH		 5356 BDADDR_ANY);
5357 }
5358
a1536da2 5359 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 5360
2a1afb5a 5361 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5362
5363 hci_dev_unlock(hdev);
5364
5365 return err;
5366}
5367
3f706b72
JH		 5368static bool ltk_is_valid(struct mgmt_ltk_info *key)
5369{
5370 if (key->master != 0x00 && key->master != 0x01)
5371 return false;
490cb0b3
MH		 5372
5373 switch (key->addr.type) {
5374 case BDADDR_LE_PUBLIC:
5375 return true;
5376
5377 case BDADDR_LE_RANDOM:
5378 /* Two most significant bits shall be set */
5379 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5380 return false;
5381 return true;
5382 }
5383
5384 return false;
3f706b72
JH		 5385}
5386
bdb6d971 5387static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5388 void *cp_data, u16 len)
346af67b 5389{
346af67b 5390 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5391 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5392 sizeof(struct mgmt_ltk_info));
346af67b 5393 u16 key_count, expected_len;
715a5bf2 5394 int i, err;
346af67b 5395
cf99ba13
MH		 5396 BT_DBG("request for %s", hdev->name);
5397
5398 if (!lmp_le_capable(hdev))
a69e8375
JH		 5399 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5400 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5401
1f350c87 5402 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5403 if (key_count > max_key_count) {
5404 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 5405 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5406 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5407 }
346af67b
VCG		 5408
5409 expected_len = sizeof(*cp) + key_count *
5410 sizeof(struct mgmt_ltk_info);
5411 if (expected_len != len) {
5412 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5413 expected_len, len);
a69e8375
JH		 5414 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5415 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5416 }
5417
bdb6d971 5418 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5419
54ad6d8a
JH		 5420 for (i = 0; i < key_count; i++) {
5421 struct mgmt_ltk_info *key = &cp->keys[i];
5422
3f706b72 5423 if (!ltk_is_valid(key))
a69e8375
JH		 5424 return mgmt_cmd_status(sk, hdev->id,
5425 MGMT_OP_LOAD_LONG_TERM_KEYS,
5426 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5427 }
5428
346af67b
VCG		 5429 hci_dev_lock(hdev);
5430
5431 hci_smp_ltks_clear(hdev);
5432
5433 for (i = 0; i < key_count; i++) {
5434 struct mgmt_ltk_info *key = &cp->keys[i];
85813a7e 5435 u8 type, authenticated;
346af67b 5436
61b43357
JH		 5437 switch (key->type) {
5438 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5439 authenticated = 0x00;
23fb8de3 5440 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5441 break;
5442 case MGMT_LTK_AUTHENTICATED:
d7b25450 5443 authenticated = 0x01;
23fb8de3
JH		 5444 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5445 break;
5446 case MGMT_LTK_P256_UNAUTH:
5447 authenticated = 0x00;
5448 type = SMP_LTK_P256;
61b43357 5449 break;
23fb8de3
JH		 5450 case MGMT_LTK_P256_AUTH:
5451 authenticated = 0x01;
5452 type = SMP_LTK_P256;
61b43357 5453 break;
23fb8de3
JH		 5454 case MGMT_LTK_P256_DEBUG:
5455 authenticated = 0x00;
5456 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5457 default:
5458 continue;
5459 }
d7b25450 5460
85813a7e
JH		 5461 hci_add_ltk(hdev, &key->addr.bdaddr,
5462 le_addr_type(key->addr.type), type, authenticated,
5463 key->val, key->enc_size, key->ediv, key->rand);
346af67b
VCG		 5464 }
5465
2a1afb5a 5466 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5467 NULL, 0);
5468
346af67b 5469 hci_dev_unlock(hdev);
346af67b 5470
715a5bf2 5471 return err;
346af67b
VCG		 5472}
5473
3b0602cd 5474static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5475{
dd983808 5476 struct hci_conn *conn = cmd->user_data;
9981bdb0 5477 struct mgmt_rp_get_conn_info rp;
9df74653 5478 int err;
dd983808 5479
9981bdb0 5480 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5481
9981bdb0 5482 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5483 rp.rssi = conn->rssi;
9981bdb0
JH		 5484 rp.tx_power = conn->tx_power;
5485 rp.max_tx_power = conn->max_tx_power;
5486 } else {
5487 rp.rssi = HCI_RSSI_INVALID;
5488 rp.tx_power = HCI_TX_POWER_INVALID;
5489 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5490 }
5491
2a1afb5a
JH		 5492 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5493 status, &rp, sizeof(rp));
dd983808
AK		 5494
5495 hci_conn_drop(conn);
f8aaf9b6 5496 hci_conn_put(conn);
9df74653
JH		 5497
5498 return err;
dd983808
AK		 5499}
5500
1904a853
MH		 5501static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5502 u16 opcode)
dd983808
AK		 5503{
5504 struct hci_cp_read_rssi *cp;
3b0602cd 5505 struct mgmt_pending_cmd *cmd;
dd983808 5506 struct hci_conn *conn;
dd983808 5507 u16 handle;
9981bdb0 5508 u8 status;
dd983808 5509
9981bdb0 5510 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5511
5512 hci_dev_lock(hdev);
5513
dd983808
AK		 5514 /* Commands sent in request are either Read RSSI or Read Transmit Power
5515 * Level so we check which one was last sent to retrieve connection
5516 * handle. Both commands have handle as first parameter so it's safe to
5517 * cast data on the same command struct.
5518 *
5519 * First command sent is always Read RSSI and we fail only if it fails.
5520 * In other case we simply override error to indicate success as we
5521 * already remembered if TX power value is actually valid.
5522 */
5523 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5524 if (!cp) {
5525 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5526 status = MGMT_STATUS_SUCCESS;
5527 } else {
5528 status = mgmt_status(hci_status);
dd983808
AK		 5529 }
5530
5531 if (!cp) {
9981bdb0 5532 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5533 goto unlock;
5534 }
5535
5536 handle = __le16_to_cpu(cp->handle);
5537 conn = hci_conn_hash_lookup_handle(hdev, handle);
5538 if (!conn) {
9981bdb0 5539 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5540 goto unlock;
5541 }
5542
333ae95d 5543 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
9981bdb0
JH		 5544 if (!cmd)
5545 goto unlock;
dd983808 5546
9981bdb0
JH		 5547 cmd->cmd_complete(cmd, status);
5548 mgmt_pending_remove(cmd);
dd983808
AK		 5549
5550unlock:
5551 hci_dev_unlock(hdev);
5552}
5553
5554static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5555 u16 len)
5556{
5557 struct mgmt_cp_get_conn_info *cp = data;
5558 struct mgmt_rp_get_conn_info rp;
5559 struct hci_conn *conn;
5560 unsigned long conn_info_age;
5561 int err = 0;
5562
5563 BT_DBG("%s", hdev->name);
5564
5565 memset(&rp, 0, sizeof(rp));
5566 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5567 rp.addr.type = cp->addr.type;
5568
5569 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5570 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5571 MGMT_STATUS_INVALID_PARAMS,
5572 &rp, sizeof(rp));
dd983808
AK		 5573
5574 hci_dev_lock(hdev);
5575
5576 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5577 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5578 MGMT_STATUS_NOT_POWERED, &rp,
5579 sizeof(rp));
dd983808
AK		 5580 goto unlock;
5581 }
5582
5583 if (cp->addr.type == BDADDR_BREDR)
5584 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5585 &cp->addr.bdaddr);
5586 else
5587 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5588
5589 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5590 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5591 MGMT_STATUS_NOT_CONNECTED, &rp,
5592 sizeof(rp));
dd983808
AK		 5593 goto unlock;
5594 }
5595
333ae95d 5596 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5597 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5598 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5599 goto unlock;
5600 }
5601
dd983808
AK		 5602 /* To avoid client trying to guess when to poll again for information we
5603 * calculate conn info age as random value between min/max set in hdev.
5604 */
5605 conn_info_age = hdev->conn_info_min_age +
5606 prandom_u32_max(hdev->conn_info_max_age -
5607 hdev->conn_info_min_age);
5608
5609 /* Query controller to refresh cached values if they are too old or were
5610 * never read.
5611 */
f4e2dd53
AK		 5612 if (time_after(jiffies, conn->conn_info_timestamp +
5613 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5614 !conn->conn_info_timestamp) {
5615 struct hci_request req;
5616 struct hci_cp_read_tx_power req_txp_cp;
5617 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5618 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5619
5620 hci_req_init(&req, hdev);
5621 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5622 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5623 &req_rssi_cp);
5624
f7faab0c
AK		 5625 /* For LE links TX power does not change thus we don't need to
5626 * query for it once value is known.
5627 */
5628 if (!bdaddr_type_is_le(cp->addr.type) ||
5629 conn->tx_power == HCI_TX_POWER_INVALID) {
5630 req_txp_cp.handle = cpu_to_le16(conn->handle);
5631 req_txp_cp.type = 0x00;
5632 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5633 sizeof(req_txp_cp), &req_txp_cp);
5634 }
dd983808 5635
eed5daf3
AK		 5636 /* Max TX power needs to be read only once per connection */
5637 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5638 req_txp_cp.handle = cpu_to_le16(conn->handle);
5639 req_txp_cp.type = 0x01;
5640 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5641 sizeof(req_txp_cp), &req_txp_cp);
5642 }
5643
dd983808
AK		 5644 err = hci_req_run(&req, conn_info_refresh_complete);
5645 if (err < 0)
5646 goto unlock;
5647
5648 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5649 data, len);
5650 if (!cmd) {
5651 err = -ENOMEM;
5652 goto unlock;
5653 }
5654
5655 hci_conn_hold(conn);
f8aaf9b6 5656 cmd->user_data = hci_conn_get(conn);
9981bdb0 5657 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5658
5659 conn->conn_info_timestamp = jiffies;
5660 } else {
5661 /* Cache is valid, just reply with values cached in hci_conn */
5662 rp.rssi = conn->rssi;
5663 rp.tx_power = conn->tx_power;
eed5daf3 5664 rp.max_tx_power = conn->max_tx_power;
dd983808 5665
2a1afb5a
JH		 5666 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5667 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5668 }
5669
5670unlock:
5671 hci_dev_unlock(hdev);
5672 return err;
5673}
5674
3b0602cd 5675static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5676{
69487371 5677 struct hci_conn *conn = cmd->user_data;
95868426 5678 struct mgmt_rp_get_clock_info rp;
69487371 5679 struct hci_dev *hdev;
9df74653 5680 int err;
69487371
JH		 5681
5682 memset(&rp, 0, sizeof(rp));
5683 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5684
5685 if (status)
5686 goto complete;
5687
5688 hdev = hci_dev_get(cmd->index);
5689 if (hdev) {
5690 rp.local_clock = cpu_to_le32(hdev->clock);
5691 hci_dev_put(hdev);
5692 }
5693
5694 if (conn) {
5695 rp.piconet_clock = cpu_to_le32(conn->clock);
5696 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5697 }
5698
5699complete:
2a1afb5a
JH		 5700 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5701 sizeof(rp));
69487371
JH		 5702
5703 if (conn) {
5704 hci_conn_drop(conn);
5705 hci_conn_put(conn);
5706 }
9df74653
JH		 5707
5708 return err;
69487371
JH		 5709}
5710
1904a853 5711static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5712{
95868426 5713 struct hci_cp_read_clock *hci_cp;
3b0602cd 5714 struct mgmt_pending_cmd *cmd;
95868426
JH		 5715 struct hci_conn *conn;
5716
5717 BT_DBG("%s status %u", hdev->name, status);
5718
5719 hci_dev_lock(hdev);
5720
5721 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5722 if (!hci_cp)
5723 goto unlock;
5724
5725 if (hci_cp->which) {
5726 u16 handle = __le16_to_cpu(hci_cp->handle);
5727 conn = hci_conn_hash_lookup_handle(hdev, handle);
5728 } else {
5729 conn = NULL;
5730 }
5731
333ae95d 5732 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
95868426
JH		 5733 if (!cmd)
5734 goto unlock;
5735
69487371 5736 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5737 mgmt_pending_remove(cmd);
95868426
JH		 5738
5739unlock:
5740 hci_dev_unlock(hdev);
5741}
5742
5743static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5744 u16 len)
5745{
5746 struct mgmt_cp_get_clock_info *cp = data;
5747 struct mgmt_rp_get_clock_info rp;
5748 struct hci_cp_read_clock hci_cp;
3b0602cd 5749 struct mgmt_pending_cmd *cmd;
95868426
JH		 5750 struct hci_request req;
5751 struct hci_conn *conn;
5752 int err;
5753
5754 BT_DBG("%s", hdev->name);
5755
5756 memset(&rp, 0, sizeof(rp));
5757 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5758 rp.addr.type = cp->addr.type;
5759
5760 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5761 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5762 MGMT_STATUS_INVALID_PARAMS,
5763 &rp, sizeof(rp));
95868426
JH		 5764
5765 hci_dev_lock(hdev);
5766
5767 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5768 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5769 MGMT_STATUS_NOT_POWERED, &rp,
5770 sizeof(rp));
95868426
JH		 5771 goto unlock;
5772 }
5773
5774 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5775 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5776 &cp->addr.bdaddr);
5777 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5778 err = mgmt_cmd_complete(sk, hdev->id,
5779 MGMT_OP_GET_CLOCK_INFO,
5780 MGMT_STATUS_NOT_CONNECTED,
5781 &rp, sizeof(rp));
95868426
JH		 5782 goto unlock;
5783 }
5784 } else {
5785 conn = NULL;
5786 }
5787
5788 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5789 if (!cmd) {
5790 err = -ENOMEM;
5791 goto unlock;
5792 }
5793
69487371
JH		 5794 cmd->cmd_complete = clock_info_cmd_complete;
5795
95868426
JH		 5796 hci_req_init(&req, hdev);
5797
5798 memset(&hci_cp, 0, sizeof(hci_cp));
5799 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5800
5801 if (conn) {
5802 hci_conn_hold(conn);
f8aaf9b6 5803 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5804
5805 hci_cp.handle = cpu_to_le16(conn->handle);
5806 hci_cp.which = 0x01; /* Piconet clock */
5807 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5808 }
5809
5810 err = hci_req_run(&req, get_clock_info_complete);
5811 if (err < 0)
5812 mgmt_pending_remove(cmd);
5813
5814unlock:
5815 hci_dev_unlock(hdev);
5816 return err;
5817}
5818
5a154e6f
JH		 5819static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5820{
5821 struct hci_conn *conn;
5822
5823 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5824 if (!conn)
5825 return false;
5826
5827 if (conn->dst_type != type)
5828 return false;
5829
5830 if (conn->state != BT_CONNECTED)
5831 return false;
5832
5833 return true;
5834}
5835
5836/* This function requires the caller holds hdev->lock */
51d7a94d 5837static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5a154e6f
JH		 5838 u8 addr_type, u8 auto_connect)
5839{
5a154e6f
JH		 5840 struct hci_conn_params *params;
5841
5842 params = hci_conn_params_add(hdev, addr, addr_type);
5843 if (!params)
5844 return -EIO;
5845
5846 if (params->auto_connect == auto_connect)
5847 return 0;
5848
5849 list_del_init(&params->action);
5850
5851 switch (auto_connect) {
5852 case HCI_AUTO_CONN_DISABLED:
5853 case HCI_AUTO_CONN_LINK_LOSS:
28a667c9
JP		 5854 /* If auto connect is being disabled when we're trying to
5855 * connect to device, keep connecting.
5856 */
5857 if (params->explicit_connect)
5858 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5859 break;
5860 case HCI_AUTO_CONN_REPORT:
49c50922
JH		 5861 if (params->explicit_connect)
5862 list_add(&params->action, &hdev->pend_le_conns);
5863 else
5864 list_add(&params->action, &hdev->pend_le_reports);
5a154e6f
JH		 5865 break;
5866 case HCI_AUTO_CONN_DIRECT:
5867 case HCI_AUTO_CONN_ALWAYS:
51d7a94d 5868 if (!is_connected(hdev, addr, addr_type))
5a154e6f 5869 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5870 break;
5871 }
5872
5873 params->auto_connect = auto_connect;
5874
5875 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5876 auto_connect);
5877
5878 return 0;
5879}
5880
8afef092
MH		 5881static void device_added(struct sock *sk, struct hci_dev *hdev,
5882 bdaddr_t *bdaddr, u8 type, u8 action)
5883{
5884 struct mgmt_ev_device_added ev;
5885
5886 bacpy(&ev.addr.bdaddr, bdaddr);
5887 ev.addr.type = type;
5888 ev.action = action;
5889
5890 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5891}
5892
2faade53
MH		 5893static int add_device(struct sock *sk, struct hci_dev *hdev,
5894 void *data, u16 len)
5895{
5896 struct mgmt_cp_add_device *cp = data;
5897 u8 auto_conn, addr_type;
5898 int err;
5899
5900 BT_DBG("%s", hdev->name);
5901
6659358e 5902 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5903 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5904 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5905 MGMT_STATUS_INVALID_PARAMS,
5906 &cp->addr, sizeof(cp->addr));
2faade53 5907
4b9e7e75 5908 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5909 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5910 MGMT_STATUS_INVALID_PARAMS,
5911 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5912
5913 hci_dev_lock(hdev);
5914
6659358e 5915 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5916 /* Only incoming connections action is supported for now */
6659358e 5917 if (cp->action != 0x01) {
51d7a94d
JH		 5918 err = mgmt_cmd_complete(sk, hdev->id,
5919 MGMT_OP_ADD_DEVICE,
5920 MGMT_STATUS_INVALID_PARAMS,
5921 &cp->addr, sizeof(cp->addr));
6659358e
JH		 5922 goto unlock;
5923 }
5924
5925 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5926 cp->addr.type);
5927 if (err)
5928 goto unlock;
a397407f 5929
2f274981 5930 hci_update_page_scan(hdev);
a397407f 5931
6659358e
JH		 5932 goto added;
5933 }
5934
85813a7e 5935 addr_type = le_addr_type(cp->addr.type);
2faade53 5936
4b9e7e75 5937 if (cp->action == 0x02)
2faade53 5938 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5939 else if (cp->action == 0x01)
5940 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5941 else
a3451d27 5942 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5943
9a0a8a8e
JP		 5944 /* Kernel internally uses conn_params with resolvable private
5945 * address, but Add Device allows only identity addresses.
5946 * Make sure it is enforced before calling
5947 * hci_conn_params_lookup.
5948 */
5949 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5950 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5951 MGMT_STATUS_INVALID_PARAMS,
5952 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5953 goto unlock;
5954 }
5955
bf5b3c8b
MH		 5956 /* If the connection parameters don't exist for this device,
5957 * they will be created and configured with defaults.
5958 */
51d7a94d 5959 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
d06b50ce 5960 auto_conn) < 0) {
51d7a94d
JH		 5961 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5962 MGMT_STATUS_FAILED, &cp->addr,
5963 sizeof(cp->addr));
2faade53
MH		 5964 goto unlock;
5965 }
5966
51d7a94d
JH		 5967 hci_update_background_scan(hdev);
5968
6659358e 5969added:
8afef092
MH		 5970 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5971
51d7a94d
JH		 5972 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5973 MGMT_STATUS_SUCCESS, &cp->addr,
5974 sizeof(cp->addr));
2faade53
MH		 5975
5976unlock:
5977 hci_dev_unlock(hdev);
5978 return err;
5979}
5980
8afef092
MH		 5981static void device_removed(struct sock *sk, struct hci_dev *hdev,
5982 bdaddr_t *bdaddr, u8 type)
5983{
5984 struct mgmt_ev_device_removed ev;
5985
5986 bacpy(&ev.addr.bdaddr, bdaddr);
5987 ev.addr.type = type;
5988
5989 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5990}
5991
2faade53
MH		 5992static int remove_device(struct sock *sk, struct hci_dev *hdev,
5993 void *data, u16 len)
5994{
5995 struct mgmt_cp_remove_device *cp = data;
5996 int err;
5997
5998 BT_DBG("%s", hdev->name);
5999
6000 hci_dev_lock(hdev);
6001
6002 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 6003 struct hci_conn_params *params;
2faade53
MH		 6004 u8 addr_type;
6005
6659358e 6006 if (!bdaddr_type_is_valid(cp->addr.type)) {
51d7a94d
JH		 6007 err = mgmt_cmd_complete(sk, hdev->id,
6008 MGMT_OP_REMOVE_DEVICE,
6009 MGMT_STATUS_INVALID_PARAMS,
6010 &cp->addr, sizeof(cp->addr));
2faade53
MH		 6011 goto unlock;
6012 }
6013
6659358e
JH		 6014 if (cp->addr.type == BDADDR_BREDR) {
6015 err = hci_bdaddr_list_del(&hdev->whitelist,
6016 &cp->addr.bdaddr,
6017 cp->addr.type);
6018 if (err) {
51d7a94d
JH		 6019 err = mgmt_cmd_complete(sk, hdev->id,
6020 MGMT_OP_REMOVE_DEVICE,
6021 MGMT_STATUS_INVALID_PARAMS,
6022 &cp->addr,
6023 sizeof(cp->addr));
6659358e
JH		 6024 goto unlock;
6025 }
6026
51d7a94d 6027 hci_update_page_scan(hdev);
a397407f 6028
6659358e
JH		 6029 device_removed(sk, hdev, &cp->addr.bdaddr,
6030 cp->addr.type);
6031 goto complete;
6032 }
6033
85813a7e 6034 addr_type = le_addr_type(cp->addr.type);
2faade53 6035
9a0a8a8e
JP		 6036 /* Kernel internally uses conn_params with resolvable private
6037 * address, but Remove Device allows only identity addresses.
6038 * Make sure it is enforced before calling
6039 * hci_conn_params_lookup.
6040 */
6041 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 6042 err = mgmt_cmd_complete(sk, hdev->id,
6043 MGMT_OP_REMOVE_DEVICE,
6044 MGMT_STATUS_INVALID_PARAMS,
6045 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 6046 goto unlock;
6047 }
6048
c71593dd
JH		 6049 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6050 addr_type);
6051 if (!params) {
51d7a94d
JH		 6052 err = mgmt_cmd_complete(sk, hdev->id,
6053 MGMT_OP_REMOVE_DEVICE,
6054 MGMT_STATUS_INVALID_PARAMS,
6055 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 6056 goto unlock;
6057 }
6058
679d2b6f
JH		 6059 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
6060 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
51d7a94d
JH		 6061 err = mgmt_cmd_complete(sk, hdev->id,
6062 MGMT_OP_REMOVE_DEVICE,
6063 MGMT_STATUS_INVALID_PARAMS,
6064 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 6065 goto unlock;
6066 }
6067
d1dbf12e 6068 list_del(&params->action);
c71593dd
JH		 6069 list_del(&params->list);
6070 kfree(params);
51d7a94d 6071 hci_update_background_scan(hdev);
8afef092
MH		 6072
6073 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 6074 } else {
19de0825 6075 struct hci_conn_params *p, *tmp;
6659358e 6076 struct bdaddr_list *b, *btmp;
19de0825 6077
2faade53 6078 if (cp->addr.type) {
51d7a94d
JH		 6079 err = mgmt_cmd_complete(sk, hdev->id,
6080 MGMT_OP_REMOVE_DEVICE,
6081 MGMT_STATUS_INVALID_PARAMS,
6082 &cp->addr, sizeof(cp->addr));
2faade53
MH		 6083 goto unlock;
6084 }
6085
6659358e
JH		 6086 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6087 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6088 list_del(&b->list);
6089 kfree(b);
6090 }
6091
51d7a94d 6092 hci_update_page_scan(hdev);
a397407f 6093
19de0825
JH		 6094 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6095 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6096 continue;
6097 device_removed(sk, hdev, &p->addr, p->addr_type);
679d2b6f
JH		 6098 if (p->explicit_connect) {
6099 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
6100 continue;
6101 }
19de0825
JH		 6102 list_del(&p->action);
6103 list_del(&p->list);
6104 kfree(p);
6105 }
6106
6107 BT_DBG("All LE connection parameters were removed");
6108
51d7a94d 6109 hci_update_background_scan(hdev);
2faade53
MH		 6110 }
6111
6659358e 6112complete:
51d7a94d
JH		 6113 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
6114 MGMT_STATUS_SUCCESS, &cp->addr,
6115 sizeof(cp->addr));
2faade53
MH		 6116unlock:
6117 hci_dev_unlock(hdev);
6118 return err;
6119}
6120
a26f3dcf
JH		 6121static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6122 u16 len)
6123{
6124 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 6125 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6126 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 6127 u16 param_count, expected_len;
6128 int i;
6129
6130 if (!lmp_le_capable(hdev))
a69e8375
JH		 6131 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6132 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 6133
6134 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 6135 if (param_count > max_param_count) {
6136 BT_ERR("load_conn_param: too big param_count value %u",
6137 param_count);
a69e8375
JH		 6138 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6139 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 6140 }
a26f3dcf
JH		 6141
6142 expected_len = sizeof(*cp) + param_count *
6143 sizeof(struct mgmt_conn_param);
6144 if (expected_len != len) {
6145 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6146 expected_len, len);
a69e8375
JH		 6147 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6148 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 6149 }
6150
6151 BT_DBG("%s param_count %u", hdev->name, param_count);
6152
6153 hci_dev_lock(hdev);
6154
6155 hci_conn_params_clear_disabled(hdev);
6156
6157 for (i = 0; i < param_count; i++) {
6158 struct mgmt_conn_param *param = &cp->params[i];
6159 struct hci_conn_params *hci_param;
6160 u16 min, max, latency, timeout;
6161 u8 addr_type;
6162
6163 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
6164 param->addr.type);
6165
6166 if (param->addr.type == BDADDR_LE_PUBLIC) {
6167 addr_type = ADDR_LE_DEV_PUBLIC;
6168 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6169 addr_type = ADDR_LE_DEV_RANDOM;
6170 } else {
6171 BT_ERR("Ignoring invalid connection parameters");
6172 continue;
6173 }
6174
6175 min = le16_to_cpu(param->min_interval);
6176 max = le16_to_cpu(param->max_interval);
6177 latency = le16_to_cpu(param->latency);
6178 timeout = le16_to_cpu(param->timeout);
6179
6180 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6181 min, max, latency, timeout);
6182
6183 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6184 BT_ERR("Ignoring invalid connection parameters");
6185 continue;
6186 }
6187
6188 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
6189 addr_type);
6190 if (!hci_param) {
6191 BT_ERR("Failed to add connection parameters");
6192 continue;
6193 }
6194
6195 hci_param->conn_min_interval = min;
6196 hci_param->conn_max_interval = max;
6197 hci_param->conn_latency = latency;
6198 hci_param->supervision_timeout = timeout;
6199 }
6200
6201 hci_dev_unlock(hdev);
6202
2a1afb5a
JH		 6203 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6204 NULL, 0);
a26f3dcf
JH		 6205}
6206
dbece37a
MH		 6207static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6208 void *data, u16 len)
6209{
6210 struct mgmt_cp_set_external_config *cp = data;
6211 bool changed;
6212 int err;
6213
6214 BT_DBG("%s", hdev->name);
6215
6216 if (hdev_is_powered(hdev))
a69e8375
JH		 6217 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6218 MGMT_STATUS_REJECTED);
dbece37a
MH		 6219
6220 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 6221 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6222 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 6223
6224 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 6225 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6226 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 6227
6228 hci_dev_lock(hdev);
6229
6230 if (cp->config)
238be788 6231 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 6232 else
a69d8927 6233 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 6234
6235 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6236 if (err < 0)
6237 goto unlock;
6238
6239 if (!changed)
6240 goto unlock;
6241
f4537c04
MH		 6242 err = new_options(hdev, sk);
6243
d7a5a11d 6244 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 6245 mgmt_index_removed(hdev);
d603b76b 6246
516018a9 6247 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 6248 hci_dev_set_flag(hdev, HCI_CONFIG);
6249 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 6250
6251 queue_work(hdev->req_workqueue, &hdev->power_on);
6252 } else {
5ea234d3 6253 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6254 mgmt_index_added(hdev);
6255 }
dbece37a
MH		 6256 }
6257
6258unlock:
6259 hci_dev_unlock(hdev);
6260 return err;
6261}
6262
9713c17b
MH		 6263static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6264 void *data, u16 len)
6265{
6266 struct mgmt_cp_set_public_address *cp = data;
6267 bool changed;
6268 int err;
6269
6270 BT_DBG("%s", hdev->name);
6271
6272 if (hdev_is_powered(hdev))
a69e8375
JH		 6273 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6274 MGMT_STATUS_REJECTED);
9713c17b
MH		 6275
6276 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 6277 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6278 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 6279
6280 if (!hdev->set_bdaddr)
a69e8375
JH		 6281 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6282 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 6283
6284 hci_dev_lock(hdev);
6285
6286 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6287 bacpy(&hdev->public_addr, &cp->bdaddr);
6288
6289 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6290 if (err < 0)
6291 goto unlock;
6292
6293 if (!changed)
6294 goto unlock;
6295
d7a5a11d 6296 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 6297 err = new_options(hdev, sk);
6298
6299 if (is_configured(hdev)) {
6300 mgmt_index_removed(hdev);
6301
a358dc11 6302 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 6303
a1536da2
MH		 6304 hci_dev_set_flag(hdev, HCI_CONFIG);
6305 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 6306
6307 queue_work(hdev->req_workqueue, &hdev->power_on);
6308 }
6309
6310unlock:
6311 hci_dev_unlock(hdev);
6312 return err;
6313}
6314
bea41609
MH		 6315static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6316 u8 data_len)
6317{
6318 eir[eir_len++] = sizeof(type) + data_len;
6319 eir[eir_len++] = type;
6320 memcpy(&eir[eir_len], data, data_len);
6321 eir_len += data_len;
6322
6323 return eir_len;
6324}
6325
40f66c05
JH		 6326static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6327 u16 opcode, struct sk_buff *skb)
6328{
6329 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6330 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6331 u8 *h192, *r192, *h256, *r256;
6332 struct mgmt_pending_cmd *cmd;
6333 u16 eir_len;
6334 int err;
6335
6336 BT_DBG("%s status %u", hdev->name, status);
6337
6338 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6339 if (!cmd)
6340 return;
6341
6342 mgmt_cp = cmd->param;
6343
6344 if (status) {
6345 status = mgmt_status(status);
6346 eir_len = 0;
6347
6348 h192 = NULL;
6349 r192 = NULL;
6350 h256 = NULL;
6351 r256 = NULL;
6352 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6353 struct hci_rp_read_local_oob_data *rp;
6354
6355 if (skb->len != sizeof(*rp)) {
6356 status = MGMT_STATUS_FAILED;
6357 eir_len = 0;
6358 } else {
6359 status = MGMT_STATUS_SUCCESS;
6360 rp = (void *)skb->data;
6361
6362 eir_len = 5 + 18 + 18;
6363 h192 = rp->hash;
6364 r192 = rp->rand;
6365 h256 = NULL;
6366 r256 = NULL;
6367 }
6368 } else {
6369 struct hci_rp_read_local_oob_ext_data *rp;
6370
6371 if (skb->len != sizeof(*rp)) {
6372 status = MGMT_STATUS_FAILED;
6373 eir_len = 0;
6374 } else {
6375 status = MGMT_STATUS_SUCCESS;
6376 rp = (void *)skb->data;
6377
6378 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6379 eir_len = 5 + 18 + 18;
6380 h192 = NULL;
6381 r192 = NULL;
6382 } else {
6383 eir_len = 5 + 18 + 18 + 18 + 18;
6384 h192 = rp->hash192;
6385 r192 = rp->rand192;
6386 }
6387
6388 h256 = rp->hash256;
6389 r256 = rp->rand256;
6390 }
6391 }
6392
6393 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6394 if (!mgmt_rp)
6395 goto done;
6396
6397 if (status)
6398 goto send_rsp;
6399
6400 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6401 hdev->dev_class, 3);
6402
6403 if (h192 && r192) {
6404 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6405 EIR_SSP_HASH_C192, h192, 16);
6406 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6407 EIR_SSP_RAND_R192, r192, 16);
6408 }
6409
6410 if (h256 && r256) {
6411 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6412 EIR_SSP_HASH_C256, h256, 16);
6413 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6414 EIR_SSP_RAND_R256, r256, 16);
6415 }
6416
6417send_rsp:
6418 mgmt_rp->type = mgmt_cp->type;
6419 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6420
6421 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6422 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6423 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6424 if (err < 0 || status)
6425 goto done;
6426
6427 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6428
6429 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6430 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6431 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6432done:
6433 kfree(mgmt_rp);
6434 mgmt_pending_remove(cmd);
6435}
6436
6437static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6438 struct mgmt_cp_read_local_oob_ext_data *cp)
6439{
6440 struct mgmt_pending_cmd *cmd;
6441 struct hci_request req;
6442 int err;
6443
6444 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6445 cp, sizeof(*cp));
6446 if (!cmd)
6447 return -ENOMEM;
6448
6449 hci_req_init(&req, hdev);
6450
6451 if (bredr_sc_enabled(hdev))
6452 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6453 else
6454 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6455
6456 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6457 if (err < 0) {
6458 mgmt_pending_remove(cmd);
6459 return err;
6460 }
6461
6462 return 0;
6463}
6464
4f0f155c
MH		 6465static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6466 void *data, u16 data_len)
6467{
6468 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6469 struct mgmt_rp_read_local_oob_ext_data *rp;
6470 size_t rp_len;
6471 u16 eir_len;
0821a2c5 6472 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 6473 int err;
6474
6475 BT_DBG("%s", hdev->name);
6476
57b0d3e8
MH		 6477 if (hdev_is_powered(hdev)) {
6478 switch (cp->type) {
6479 case BIT(BDADDR_BREDR):
6480 status = mgmt_bredr_support(hdev);
6481 if (status)
6482 eir_len = 0;
6483 else
6484 eir_len = 5;
6485 break;
6486 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6487 status = mgmt_le_support(hdev);
6488 if (status)
6489 eir_len = 0;
6490 else
6491 eir_len = 9 + 3 + 18 + 18 + 3;
6492 break;
6493 default:
6494 status = MGMT_STATUS_INVALID_PARAMS;
6495 eir_len = 0;
6496 break;
6497 }
6498 } else {
6499 status = MGMT_STATUS_NOT_POWERED;
6500 eir_len = 0;
4f0f155c
MH		 6501 }
6502
4f0f155c
MH		 6503 rp_len = sizeof(*rp) + eir_len;
6504 rp = kmalloc(rp_len, GFP_ATOMIC);
efcd8c98 6505 if (!rp)
4f0f155c 6506 return -ENOMEM;
efcd8c98 6507
57b0d3e8
MH		 6508 if (status)
6509 goto complete;
6510
efcd8c98 6511 hci_dev_lock(hdev);
4f0f155c
MH		 6512
6513 eir_len = 0;
6514 switch (cp->type) {
6515 case BIT(BDADDR_BREDR):
40f66c05
JH		 6516 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6517 err = read_local_ssp_oob_req(hdev, sk, cp);
6518 hci_dev_unlock(hdev);
6519 if (!err)
6520 goto done;
6521
6522 status = MGMT_STATUS_FAILED;
6523 goto complete;
6524 } else {
6525 eir_len = eir_append_data(rp->eir, eir_len,
6526 EIR_CLASS_OF_DEV,
6527 hdev->dev_class, 3);
6528 }
4f0f155c
MH		 6529 break;
6530 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 6531 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6532 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5 6533 hci_dev_unlock(hdev);
57b0d3e8
MH		 6534 status = MGMT_STATUS_FAILED;
6535 goto complete;
0821a2c5
MH		 6536 }
6537
e213568a
MH		 6538 /* This should return the active RPA, but since the RPA
6539 * is only programmed on demand, it is really hard to fill
6540 * this in at the moment. For now disallow retrieving
6541 * local out-of-band data when privacy is in use.
6542 *
6543 * Returning the identity address will not help here since
6544 * pairing happens before the identity resolving key is
6545 * known and thus the connection establishment happens
6546 * based on the RPA and not the identity address.
6547 */
4f0f155c 6548 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
e213568a
MH		 6549 hci_dev_unlock(hdev);
6550 status = MGMT_STATUS_REJECTED;
6551 goto complete;
6552 }
6553
6554 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6555 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6556 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6557 bacmp(&hdev->static_addr, BDADDR_ANY))) {
4f0f155c
MH		 6558 memcpy(addr, &hdev->static_addr, 6);
6559 addr[6] = 0x01;
6560 } else {
6561 memcpy(addr, &hdev->bdaddr, 6);
6562 addr[6] = 0x00;
6563 }
6564
6565 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6566 addr, sizeof(addr));
6567
6568 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6569 role = 0x02;
6570 else
6571 role = 0x01;
6572
6573 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6574 &role, sizeof(role));
6575
5082a599
MH		 6576 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6577 eir_len = eir_append_data(rp->eir, eir_len,
6578 EIR_LE_SC_CONFIRM,
6579 hash, sizeof(hash));
0821a2c5 6580
5082a599
MH		 6581 eir_len = eir_append_data(rp->eir, eir_len,
6582 EIR_LE_SC_RANDOM,
6583 rand, sizeof(rand));
6584 }
0821a2c5 6585
4f0f155c
MH		 6586 flags = get_adv_discov_flags(hdev);
6587
6588 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6589 flags |= LE_AD_NO_BREDR;
6590
6591 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6592 &flags, sizeof(flags));
6593 break;
6594 }
6595
4f0f155c
MH		 6596 hci_dev_unlock(hdev);
6597
72000df2
MH		 6598 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6599
57b0d3e8
MH		 6600 status = MGMT_STATUS_SUCCESS;
6601
6602complete:
efcd8c98
MH		 6603 rp->type = cp->type;
6604 rp->eir_len = cpu_to_le16(eir_len);
6605
4f0f155c 6606 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
57b0d3e8
MH		 6607 status, rp, sizeof(*rp) + eir_len);
6608 if (err < 0 || status)
72000df2
MH		 6609 goto done;
6610
6611 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6612 rp, sizeof(*rp) + eir_len,
6613 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 6614
0821a2c5 6615done:
4f0f155c
MH		 6616 kfree(rp);
6617
6618 return err;
6619}
6620
089fa8c0
AU		 6621static u32 get_supported_adv_flags(struct hci_dev *hdev)
6622{
6623 u32 flags = 0;
6624
6625 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6626 flags |= MGMT_ADV_FLAG_DISCOV;
6627 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6628 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6629
6630 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
6631 flags |= MGMT_ADV_FLAG_TX_POWER;
6632
6633 return flags;
6634}
6635
d3d5305b
MH		 6636static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6637 void *data, u16 data_len)
6638{
6639 struct mgmt_rp_read_adv_features *rp;
6640 size_t rp_len;
286e0c83 6641 int err, i;
24b4f38f 6642 bool instance;
286e0c83 6643 struct adv_info *adv_instance;
089fa8c0 6644 u32 supported_flags;
d3d5305b
MH		 6645
6646 BT_DBG("%s", hdev->name);
6647
089fa8c0
AU		 6648 if (!lmp_le_capable(hdev))
6649 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6650 MGMT_STATUS_REJECTED);
6651
d3d5305b
MH		 6652 hci_dev_lock(hdev);
6653
6654 rp_len = sizeof(*rp);
24b4f38f 6655
24b4f38f
AU		 6656 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
6657 if (instance)
286e0c83 6658 rp_len += hdev->adv_instance_cnt;
24b4f38f 6659
d3d5305b
MH		 6660 rp = kmalloc(rp_len, GFP_ATOMIC);
6661 if (!rp) {
6662 hci_dev_unlock(hdev);
6663 return -ENOMEM;
6664 }
6665
089fa8c0
AU		 6666 supported_flags = get_supported_adv_flags(hdev);
6667
6668 rp->supported_flags = cpu_to_le32(supported_flags);
dc5d82a9
MH		 6669 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6670 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
d2609b34 6671 rp->max_instances = HCI_MAX_ADV_INSTANCES;
24b4f38f 6672
24b4f38f 6673 if (instance) {
286e0c83
FG		 6674 i = 0;
6675 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6676 if (i >= hdev->adv_instance_cnt)
6677 break;
6678
6679 rp->instance[i] = adv_instance->instance;
6680 i++;
6681 }
6682 rp->num_instances = hdev->adv_instance_cnt;
24b4f38f
AU		 6683 } else {
6684 rp->num_instances = 0;
6685 }
d3d5305b
MH		 6686
6687 hci_dev_unlock(hdev);
6688
6689 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6690 MGMT_STATUS_SUCCESS, rp, rp_len);
6691
6692 kfree(rp);
6693
6694 return err;
6695}
6696
4117ed70 6697static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
b44133ff 6698 u8 len, bool is_adv_data)
24b4f38f 6699{
4117ed70 6700 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f 6701 int i, cur_len;
b44133ff 6702 bool flags_managed = false;
5507e358 6703 bool tx_power_managed = false;
67e0c0cd
AU		 6704 u32 flags_params = MGMT_ADV_FLAG_DISCOV | MGMT_ADV_FLAG_LIMITED_DISCOV |
6705 MGMT_ADV_FLAG_MANAGED_FLAGS;
24b4f38f 6706
807ec772 6707 if (is_adv_data && (adv_flags & flags_params)) {
b44133ff
AU		 6708 flags_managed = true;
6709 max_len -= 3;
6710 }
24b4f38f 6711
5507e358
AU		 6712 if (is_adv_data && (adv_flags & MGMT_ADV_FLAG_TX_POWER)) {
6713 tx_power_managed = true;
6714 max_len -= 3;
6715 }
6716
4117ed70 6717 if (len > max_len)
24b4f38f
AU		 6718 return false;
6719
4117ed70
AU		 6720 /* Make sure that the data is correctly formatted. */
6721 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6722 cur_len = data[i];
24b4f38f 6723
b44133ff
AU		 6724 if (flags_managed && data[i + 1] == EIR_FLAGS)
6725 return false;
6726
5507e358
AU		 6727 if (tx_power_managed && data[i + 1] == EIR_TX_POWER)
6728 return false;
6729
24b4f38f
AU		 6730 /* If the current field length would exceed the total data
6731 * length, then it's invalid.
6732 */
4117ed70 6733 if (i + cur_len >= len)
24b4f38f
AU		 6734 return false;
6735 }
6736
6737 return true;
6738}
6739
24b4f38f
AU		 6740static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6741 u16 opcode)
6742{
6743 struct mgmt_pending_cmd *cmd;
fffd38bc 6744 struct mgmt_cp_add_advertising *cp;
24b4f38f 6745 struct mgmt_rp_add_advertising rp;
fffd38bc
FG		 6746 struct adv_info *adv_instance, *n;
6747 u8 instance;
24b4f38f
AU		 6748
6749 BT_DBG("status %d", status);
6750
6751 hci_dev_lock(hdev);
6752
6753 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6754
fffd38bc 6755 if (status)
24b4f38f 6756 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
fffd38bc
FG		 6757
6758 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6759 if (!adv_instance->pending)
6760 continue;
6761
6762 if (!status) {
6763 adv_instance->pending = false;
6764 continue;
6765 }
6766
6767 instance = adv_instance->instance;
6768
6769 if (hdev->cur_adv_instance == instance)
6770 cancel_adv_timeout(hdev);
6771
6772 hci_remove_adv_instance(hdev, instance);
6773 advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
24b4f38f
AU		 6774 }
6775
6776 if (!cmd)
6777 goto unlock;
6778
fffd38bc
FG		 6779 cp = cmd->param;
6780 rp.instance = cp->instance;
24b4f38f
AU		 6781
6782 if (status)
6783 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6784 mgmt_status(status));
6785 else
6786 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6787 mgmt_status(status), &rp, sizeof(rp));
6788
6789 mgmt_pending_remove(cmd);
6790
6791unlock:
6792 hci_dev_unlock(hdev);
6793}
6794
5d900e46 6795void mgmt_adv_timeout_expired(struct hci_dev *hdev)
912098a6 6796{
847818d9
FG		 6797 u8 instance;
6798 struct hci_request req;
6799
5d900e46 6800 hdev->adv_instance_timeout = 0;
912098a6 6801
847818d9
FG		 6802 instance = get_current_adv_instance(hdev);
6803 if (instance == 0x00)
6804 return;
6805
912098a6 6806 hci_dev_lock(hdev);
847818d9
FG		 6807 hci_req_init(&req, hdev);
6808
6809 clear_adv_instance(hdev, &req, instance, false);
6810
6811 if (list_empty(&hdev->adv_instances))
6812 disable_advertising(&req);
6813
6814 if (!skb_queue_empty(&req.cmd_q))
6815 hci_req_run(&req, NULL);
6816
912098a6
AU		 6817 hci_dev_unlock(hdev);
6818}
6819
24b4f38f
AU		 6820static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6821 void *data, u16 data_len)
6822{
6823 struct mgmt_cp_add_advertising *cp = data;
6824 struct mgmt_rp_add_advertising rp;
6825 u32 flags;
089fa8c0 6826 u32 supported_flags;
24b4f38f 6827 u8 status;
fffd38bc
FG		 6828 u16 timeout, duration;
6829 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6830 u8 schedule_instance = 0;
6831 struct adv_info *next_instance;
24b4f38f
AU		 6832 int err;
6833 struct mgmt_pending_cmd *cmd;
6834 struct hci_request req;
6835
6836 BT_DBG("%s", hdev->name);
6837
6838 status = mgmt_le_support(hdev);
6839 if (status)
6840 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6841 status);
6842
6843 flags = __le32_to_cpu(cp->flags);
912098a6 6844 timeout = __le16_to_cpu(cp->timeout);
fffd38bc 6845 duration = __le16_to_cpu(cp->duration);
24b4f38f 6846
fffd38bc
FG		 6847 /* The current implementation only supports a subset of the specified
6848 * flags.
089fa8c0
AU		 6849 */
6850 supported_flags = get_supported_adv_flags(hdev);
fffd38bc 6851 if (flags & ~supported_flags)
24b4f38f
AU		 6852 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6853 MGMT_STATUS_INVALID_PARAMS);
6854
6855 hci_dev_lock(hdev);
6856
912098a6
AU		 6857 if (timeout && !hdev_is_powered(hdev)) {
6858 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6859 MGMT_STATUS_REJECTED);
6860 goto unlock;
6861 }
6862
24b4f38f 6863 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
da929335 6864 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
24b4f38f
AU		 6865 pending_find(MGMT_OP_SET_LE, hdev)) {
6866 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6867 MGMT_STATUS_BUSY);
6868 goto unlock;
6869 }
6870
b44133ff 6871 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
4117ed70 6872 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
b44133ff 6873 cp->scan_rsp_len, false)) {
24b4f38f
AU		 6874 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6875 MGMT_STATUS_INVALID_PARAMS);
6876 goto unlock;
6877 }
6878
fffd38bc
FG		 6879 err = hci_add_adv_instance(hdev, cp->instance, flags,
6880 cp->adv_data_len, cp->data,
6881 cp->scan_rsp_len,
6882 cp->data + cp->adv_data_len,
6883 timeout, duration);
6884 if (err < 0) {
6885 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6886 MGMT_STATUS_FAILED);
6887 goto unlock;
6888 }
24b4f38f 6889
fffd38bc
FG		 6890 /* Only trigger an advertising added event if a new instance was
6891 * actually added.
6892 */
6893 if (hdev->adv_instance_cnt > prev_instance_cnt)
6894 advertising_added(sk, hdev, cp->instance);
912098a6 6895
fffd38bc 6896 hci_dev_set_flag(hdev, HCI_ADVERTISING_INSTANCE);
912098a6 6897
fffd38bc
FG		 6898 if (hdev->cur_adv_instance == cp->instance) {
6899 /* If the currently advertised instance is being changed then
6900 * cancel the current advertising and schedule the next
6901 * instance. If there is only one instance then the overridden
6902 * advertising data will be visible right away.
6903 */
6904 cancel_adv_timeout(hdev);
912098a6 6905
fffd38bc
FG		 6906 next_instance = hci_get_next_instance(hdev, cp->instance);
6907 if (next_instance)
6908 schedule_instance = next_instance->instance;
6909 } else if (!hdev->adv_instance_timeout) {
6910 /* Immediately advertise the new instance if no other
6911 * instance is currently being advertised.
6912 */
6913 schedule_instance = cp->instance;
6914 }
24b4f38f 6915
fffd38bc
FG		 6916 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6917 * there is no instance to be advertised then we have no HCI
6918 * communication to make. Simply return.
24b4f38f
AU		 6919 */
6920 if (!hdev_is_powered(hdev) ||
fffd38bc
FG		 6921 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6922 !schedule_instance) {
6923 rp.instance = cp->instance;
24b4f38f
AU		 6924 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6925 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6926 goto unlock;
6927 }
6928
6929 /* We're good to go, update advertising data, parameters, and start
6930 * advertising.
6931 */
6932 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6933 data_len);
6934 if (!cmd) {
6935 err = -ENOMEM;
6936 goto unlock;
6937 }
6938
6939 hci_req_init(&req, hdev);
6940
fffd38bc
FG		 6941 err = schedule_adv_instance(&req, schedule_instance, true);
6942
6943 if (!err)
6944 err = hci_req_run(&req, add_advertising_complete);
24b4f38f 6945
24b4f38f
AU		 6946 if (err < 0)
6947 mgmt_pending_remove(cmd);
6948
6949unlock:
6950 hci_dev_unlock(hdev);
6951
6952 return err;
6953}
6954
da929335
AU		 6955static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6956 u16 opcode)
6957{
6958 struct mgmt_pending_cmd *cmd;
01948331 6959 struct mgmt_cp_remove_advertising *cp;
da929335
AU		 6960 struct mgmt_rp_remove_advertising rp;
6961
6962 BT_DBG("status %d", status);
6963
6964 hci_dev_lock(hdev);
6965
6966 /* A failure status here only means that we failed to disable
6967 * advertising. Otherwise, the advertising instance has been removed,
6968 * so report success.
6969 */
6970 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6971 if (!cmd)
6972 goto unlock;
6973
01948331
FG		 6974 cp = cmd->param;
6975 rp.instance = cp->instance;
da929335
AU		 6976
6977 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6978 &rp, sizeof(rp));
6979 mgmt_pending_remove(cmd);
6980
6981unlock:
6982 hci_dev_unlock(hdev);
6983}
6984
6985static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6986 void *data, u16 data_len)
6987{
6988 struct mgmt_cp_remove_advertising *cp = data;
6989 struct mgmt_rp_remove_advertising rp;
da929335
AU		 6990 struct mgmt_pending_cmd *cmd;
6991 struct hci_request req;
952497b1 6992 int err;
da929335
AU		 6993
6994 BT_DBG("%s", hdev->name);
6995
da929335
AU		 6996 hci_dev_lock(hdev);
6997
952497b1 6998 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
01948331
FG		 6999 err = mgmt_cmd_status(sk, hdev->id,
7000 MGMT_OP_REMOVE_ADVERTISING,
7001 MGMT_STATUS_INVALID_PARAMS);
7002 goto unlock;
7003 }
7004
da929335
AU		 7005 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7006 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7007 pending_find(MGMT_OP_SET_LE, hdev)) {
7008 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7009 MGMT_STATUS_BUSY);
7010 goto unlock;
7011 }
7012
7013 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
7014 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7015 MGMT_STATUS_INVALID_PARAMS);
7016 goto unlock;
7017 }
7018
01948331 7019 hci_req_init(&req, hdev);
da929335 7020
01948331 7021 clear_adv_instance(hdev, &req, cp->instance, true);
da929335 7022
01948331
FG		 7023 if (list_empty(&hdev->adv_instances))
7024 disable_advertising(&req);
da929335 7025
01948331
FG		 7026 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
7027 * flag is set or the device isn't powered then we have no HCI
7028 * communication to make. Simply return.
da929335 7029 */
01948331
FG		 7030 if (skb_queue_empty(&req.cmd_q) ||
7031 !hdev_is_powered(hdev) ||
da929335 7032 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
01948331 7033 rp.instance = cp->instance;
da929335
AU		 7034 err = mgmt_cmd_complete(sk, hdev->id,
7035 MGMT_OP_REMOVE_ADVERTISING,
7036 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7037 goto unlock;
7038 }
7039
7040 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
7041 data_len);
7042 if (!cmd) {
7043 err = -ENOMEM;
7044 goto unlock;
7045 }
7046
da929335
AU		 7047 err = hci_req_run(&req, remove_advertising_complete);
7048 if (err < 0)
7049 mgmt_pending_remove(cmd);
7050
7051unlock:
7052 hci_dev_unlock(hdev);
7053
7054 return err;
7055}
7056
6d785aa3 7057static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 7058 { NULL }, /* 0x0000 (no command) */
b9a245fb 7059 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 7060 HCI_MGMT_NO_HDEV |
7061 HCI_MGMT_UNTRUSTED },
b9a245fb 7062 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 7063 HCI_MGMT_NO_HDEV |
7064 HCI_MGMT_UNTRUSTED },
b9a245fb 7065 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 7066 HCI_MGMT_NO_HDEV |
7067 HCI_MGMT_UNTRUSTED },
7068 { read_controller_info, MGMT_READ_INFO_SIZE,
7069 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 7070 { set_powered, MGMT_SETTING_SIZE },
7071 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
7072 { set_connectable, MGMT_SETTING_SIZE },
7073 { set_fast_connectable, MGMT_SETTING_SIZE },
7074 { set_bondable, MGMT_SETTING_SIZE },
7075 { set_link_security, MGMT_SETTING_SIZE },
7076 { set_ssp, MGMT_SETTING_SIZE },
7077 { set_hs, MGMT_SETTING_SIZE },
7078 { set_le, MGMT_SETTING_SIZE },
7079 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
7080 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
7081 { add_uuid, MGMT_ADD_UUID_SIZE },
7082 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 7083 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
7084 HCI_MGMT_VAR_LEN },
7085 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
7086 HCI_MGMT_VAR_LEN },
7aea8616
MH		 7087 { disconnect, MGMT_DISCONNECT_SIZE },
7088 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
7089 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
7090 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
7091 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
7092 { pair_device, MGMT_PAIR_DEVICE_SIZE },
7093 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
7094 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
7095 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
7096 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
7097 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
7098 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 7099 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
7100 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
7101 HCI_MGMT_VAR_LEN },
7aea8616
MH		 7102 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
7103 { start_discovery, MGMT_START_DISCOVERY_SIZE },
7104 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
7105 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
7106 { block_device, MGMT_BLOCK_DEVICE_SIZE },
7107 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
7108 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
7109 { set_advertising, MGMT_SETTING_SIZE },
7110 { set_bredr, MGMT_SETTING_SIZE },
7111 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
7112 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
7113 { set_secure_conn, MGMT_SETTING_SIZE },
7114 { set_debug_keys, MGMT_SETTING_SIZE },
7115 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 7116 { load_irks, MGMT_LOAD_IRKS_SIZE,
7117 HCI_MGMT_VAR_LEN },
7aea8616
MH		 7118 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
7119 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
7120 { add_device, MGMT_ADD_DEVICE_SIZE },
7121 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 7122 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
7123 HCI_MGMT_VAR_LEN },
7124 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 7125 HCI_MGMT_NO_HDEV |
7126 HCI_MGMT_UNTRUSTED },
b9a245fb 7127 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 7128 HCI_MGMT_UNCONFIGURED |
7129 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 7130 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
7131 HCI_MGMT_UNCONFIGURED },
7132 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
7133 HCI_MGMT_UNCONFIGURED },
7134 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
7135 HCI_MGMT_VAR_LEN },
4f0f155c 7136 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 7137 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 7138 HCI_MGMT_NO_HDEV |
7139 HCI_MGMT_UNTRUSTED },
d3d5305b 7140 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 7141 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
7142 HCI_MGMT_VAR_LEN },
da929335 7143 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
0f4e68cf
JH		 7144};
7145
bf6b56db 7146void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 7147{
ced85549 7148 struct mgmt_ev_ext_index ev;
bb4b2a9a 7149
0602a8ad
MH		 7150 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7151 return;
7152
f9207338
MH		 7153 switch (hdev->dev_type) {
7154 case HCI_BREDR:
7155 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7156 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
7157 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 7158 ev.type = 0x01;
f9207338
MH		 7159 } else {
7160 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
7161 HCI_MGMT_INDEX_EVENTS);
ced85549 7162 ev.type = 0x00;
f9207338
MH		 7163 }
7164 break;
ced85549
MH		 7165 case HCI_AMP:
7166 ev.type = 0x02;
7167 break;
7168 default:
7169 return;
f9207338 7170 }
ced85549
MH		 7171
7172 ev.bus = hdev->bus;
7173
7174 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
7175 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 7176}
7177
bf6b56db 7178void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 7179{
ced85549 7180 struct mgmt_ev_ext_index ev;
5f159032 7181 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 7182
0602a8ad
MH		 7183 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7184 return;
7185
f9207338
MH		 7186 switch (hdev->dev_type) {
7187 case HCI_BREDR:
7188 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 7189
f9207338
MH		 7190 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7191 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
7192 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 7193 ev.type = 0x01;
f9207338
MH		 7194 } else {
7195 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
7196 HCI_MGMT_INDEX_EVENTS);
ced85549 7197 ev.type = 0x00;
f9207338
MH		 7198 }
7199 break;
ced85549
MH		 7200 case HCI_AMP:
7201 ev.type = 0x02;
7202 break;
7203 default:
7204 return;
f9207338 7205 }
ced85549
MH		 7206
7207 ev.bus = hdev->bus;
7208
7209 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
7210 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 7211}
7212
6046dc3e 7213/* This function requires the caller holds hdev->lock */
af02dd44 7214static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 7215{
7216 struct hci_conn_params *p;
7217
7218 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 7219 /* Needed for AUTO_OFF case where might not "really"
7220 * have been powered off.
7221 */
7222 list_del_init(&p->action);
7223
7224 switch (p->auto_connect) {
4b9e7e75 7225 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 7226 case HCI_AUTO_CONN_ALWAYS:
7227 list_add(&p->action, &hdev->pend_le_conns);
7228 break;
7229 case HCI_AUTO_CONN_REPORT:
7230 list_add(&p->action, &hdev->pend_le_reports);
7231 break;
7232 default:
7233 break;
c83ed19d 7234 }
6046dc3e
AG		 7235 }
7236}
7237
1904a853 7238static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 7239{
7240 struct cmd_lookup match = { NULL, hdev };
7241
7242 BT_DBG("status 0x%02x", status);
7243
162a3bac
MH		 7244 if (!status) {
7245 /* Register the available SMP channels (BR/EDR and LE) only
7246 * when successfully powering on the controller. This late
7247 * registration is required so that LE SMP can clearly
7248 * decide if the public address or static address is used.
7249 */
7250 smp_register(hdev);
af02dd44
JH		 7251
7252 restart_le_actions(hdev);
7253 hci_update_background_scan(hdev);
162a3bac
MH		 7254 }
7255
229ab39c
JH		 7256 hci_dev_lock(hdev);
7257
7258 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7259
7260 new_settings(hdev, match.sk);
7261
7262 hci_dev_unlock(hdev);
7263
7264 if (match.sk)
7265 sock_put(match.sk);
7266}
7267
70da6243 7268static int powered_update_hci(struct hci_dev *hdev)
5add6af8 7269{
890ea898 7270 struct hci_request req;
320b3bf7 7271 struct adv_info *adv_instance;
70da6243 7272 u8 link_sec;
5add6af8 7273
890ea898
JH		 7274 hci_req_init(&req, hdev);
7275
d7a5a11d 7276 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
70da6243 7277 !lmp_host_ssp_capable(hdev)) {
574ea3c7 7278 u8 mode = 0x01;
5e5282bb 7279
574ea3c7
MH		 7280 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
7281
7282 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
7283 u8 support = 0x01;
5add6af8 7284
574ea3c7
MH		 7285 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
7286 sizeof(support), &support);
7287 }
ec6f99b8
JH		 7288 }
7289
d7a5a11d 7290 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
c73eee91 7291 lmp_bredr_capable(hdev)) {
70da6243 7292 struct hci_cp_write_le_host_supported cp;
f0ff92fb 7293
32226e4f
MH		 7294 cp.le = 0x01;
7295 cp.simul = 0x00;
3d1cbdd6 7296
70da6243
JH		 7297 /* Check first if we already have the right
7298 * host state (host features set)
7299 */
7300 if (cp.le != lmp_host_le_capable(hdev) ||
7301 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 7302 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
7303 sizeof(cp), &cp);
70da6243 7304 }
3d1cbdd6 7305
d13eafce 7306 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 7307 /* Make sure the controller has a good default for
7308 * advertising data. This also applies to the case
7309 * where BR/EDR was toggled during the AUTO_OFF phase.
7310 */
320b3bf7
FG		 7311 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
7312 (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7313 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))) {
5947f4bc 7314 update_adv_data(&req);
f14d8f64
MH		 7315 update_scan_rsp_data(&req);
7316 }
441ad2d0 7317
320b3bf7
FG		 7318 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
7319 hdev->cur_adv_instance == 0x00 &&
7320 !list_empty(&hdev->adv_instances)) {
7321 adv_instance = list_first_entry(&hdev->adv_instances,
7322 struct adv_info, list);
7323 hdev->cur_adv_instance = adv_instance->instance;
7324 }
7325
7326 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
bba3aa55 7327 enable_advertising(&req);
320b3bf7
FG		 7328 else if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
7329 hdev->cur_adv_instance)
7330 schedule_adv_instance(&req, hdev->cur_adv_instance,
7331 true);
eeca6f89
JH		 7332 }
7333
d7a5a11d 7334 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
70da6243 7335 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 7336 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
7337 sizeof(link_sec), &link_sec);
562fcc24 7338
70da6243 7339 if (lmp_bredr_capable(hdev)) {
d7a5a11d 7340 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
406ef2a6
JH		 7341 write_fast_connectable(&req, true);
7342 else
7343 write_fast_connectable(&req, false);
1d2dc5b7 7344 __hci_update_page_scan(&req);
890ea898 7345 update_class(&req);
13928971 7346 update_name(&req);
890ea898 7347 update_eir(&req);
70da6243 7348 }
562fcc24 7349
229ab39c 7350 return hci_req_run(&req, powered_complete);
70da6243 7351}
562fcc24 7352
70da6243
JH		 7353int mgmt_powered(struct hci_dev *hdev, u8 powered)
7354{
7355 struct cmd_lookup match = { NULL, hdev };
9845904f 7356 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 7357 int err;
f0ff92fb 7358
d7a5a11d 7359 if (!hci_dev_test_flag(hdev, HCI_MGMT))
70da6243
JH		 7360 return 0;
7361
70da6243 7362 if (powered) {
229ab39c
JH		 7363 if (powered_update_hci(hdev) == 0)
7364 return 0;
fe038884 7365
229ab39c
JH		 7366 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
7367 &match);
7368 goto new_settings;
b24752fe
JH		 7369 }
7370
229ab39c 7371 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 7372
7373 /* If the power off is because of hdev unregistration let
7374 * use the appropriate INVALID_INDEX status. Otherwise use
7375 * NOT_POWERED. We cover both scenarios here since later in
7376 * mgmt_index_removed() any hci_conn callbacks will have already
7377 * been triggered, potentially causing misleading DISCONNECTED
7378 * status responses.
7379 */
d7a5a11d 7380 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 7381 status = MGMT_STATUS_INVALID_INDEX;
7382 else
7383 status = MGMT_STATUS_NOT_POWERED;
7384
7385 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 7386
7387 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
f6b7712e
MH		 7388 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7389 zero_cod, sizeof(zero_cod), NULL);
229ab39c
JH		 7390
7391new_settings:
beadb2bd 7392 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 7393
7394 if (match.sk)
7395 sock_put(match.sk);
7396
7bb895d6 7397 return err;
5add6af8 7398}
73f22f62 7399
3eec705e 7400void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 7401{
3b0602cd 7402 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 7403 u8 status;
7404
333ae95d 7405 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 7406 if (!cmd)
3eec705e 7407 return;
96570ffc
JH		 7408
7409 if (err == -ERFKILL)
7410 status = MGMT_STATUS_RFKILLED;
7411 else
7412 status = MGMT_STATUS_FAILED;
7413
a69e8375 7414 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 7415
7416 mgmt_pending_remove(cmd);
96570ffc
JH		 7417}
7418
d1967ff8
MH		 7419void mgmt_discoverable_timeout(struct hci_dev *hdev)
7420{
7421 struct hci_request req;
d1967ff8
MH		 7422
7423 hci_dev_lock(hdev);
7424
7425 /* When discoverable timeout triggers, then just make sure
7426 * the limited discoverable flag is cleared. Even in the case
7427 * of a timeout triggered from general discoverable, it is
7428 * safe to unconditionally clear the flag.
7429 */
a358dc11
MH		 7430 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
7431 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
d1967ff8
MH		 7432
7433 hci_req_init(&req, hdev);
d7a5a11d 7434 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4b580614
JH		 7435 u8 scan = SCAN_PAGE;
7436 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
7437 sizeof(scan), &scan);
7438 }
d1967ff8 7439 update_class(&req);
24b4f38f
AU		 7440
7441 /* Advertising instances don't use the global discoverable setting, so
7442 * only update AD if advertising was enabled using Set Advertising.
7443 */
7444 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7445 update_adv_data(&req);
7446
d1967ff8
MH		 7447 hci_req_run(&req, NULL);
7448
7449 hdev->discov_timeout = 0;
7450
9a43e25f
JH		 7451 new_settings(hdev, NULL);
7452
d1967ff8
MH		 7453 hci_dev_unlock(hdev);
7454}
7455
dc4a5ee2
MH		 7456void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7457 bool persistent)
55ed8ca1 7458{
86742e1e 7459 struct mgmt_ev_new_link_key ev;
55ed8ca1 7460
a492cd52 7461 memset(&ev, 0, sizeof(ev));
55ed8ca1 7462
a492cd52 7463 ev.store_hint = persistent;
d753fdc4 7464 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 7465 ev.key.addr.type = BDADDR_BREDR;
a492cd52 7466 ev.key.type = key->type;
9b3b4460 7467 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 7468 ev.key.pin_len = key->pin_len;
55ed8ca1 7469
dc4a5ee2 7470 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 7471}
f7520543 7472
d7b25450
JH		 7473static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7474{
23fb8de3
JH		 7475 switch (ltk->type) {
7476 case SMP_LTK:
7477 case SMP_LTK_SLAVE:
7478 if (ltk->authenticated)
7479 return MGMT_LTK_AUTHENTICATED;
7480 return MGMT_LTK_UNAUTHENTICATED;
7481 case SMP_LTK_P256:
7482 if (ltk->authenticated)
7483 return MGMT_LTK_P256_AUTH;
7484 return MGMT_LTK_P256_UNAUTH;
7485 case SMP_LTK_P256_DEBUG:
7486 return MGMT_LTK_P256_DEBUG;
7487 }
d7b25450
JH		 7488
7489 return MGMT_LTK_UNAUTHENTICATED;
7490}
7491
53ac6ab6 7492void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 7493{
7494 struct mgmt_ev_new_long_term_key ev;
7495
7496 memset(&ev, 0, sizeof(ev));
7497
5192d301 7498 /* Devices using resolvable or non-resolvable random addresses
f72186d2 7499 * without providing an identity resolving key don't require
5192d301
MH		 7500 * to store long term keys. Their addresses will change the
7501 * next time around.
7502 *
7503 * Only when a remote device provides an identity address
7504 * make sure the long term key is stored. If the remote
7505 * identity is known, the long term keys are internally
7506 * mapped to the identity address. So allow static random
7507 * and public addresses here.
7508 */
ba74b666
JH		 7509 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7510 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7511 ev.store_hint = 0x00;
7512 else
53ac6ab6 7513 ev.store_hint = persistent;
ba74b666 7514
346af67b 7515 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 7516 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 7517 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 7518 ev.key.enc_size = key->enc_size;
7519 ev.key.ediv = key->ediv;
fe39c7b2 7520 ev.key.rand = key->rand;
346af67b 7521
2ceba539 7522 if (key->type == SMP_LTK)
346af67b
VCG		 7523 ev.key.master = 1;
7524
1fc62c52
JH		 7525 /* Make sure we copy only the significant bytes based on the
7526 * encryption key size, and set the rest of the value to zeroes.
7527 */
cb92205b 7528 memcpy(ev.key.val, key->val, key->enc_size);
1fc62c52
JH		 7529 memset(ev.key.val + key->enc_size, 0,
7530 sizeof(ev.key.val) - key->enc_size);
346af67b 7531
083368f7 7532 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 7533}
7534
cad20c27 7535void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
95fbac8a
JH		 7536{
7537 struct mgmt_ev_new_irk ev;
7538
7539 memset(&ev, 0, sizeof(ev));
7540
cad20c27 7541 ev.store_hint = persistent;
bab6d1e5 7542
95fbac8a
JH		 7543 bacpy(&ev.rpa, &irk->rpa);
7544 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7545 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7546 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7547
7548 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7549}
7550
53ac6ab6
MH		 7551void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7552 bool persistent)
7ee4ea36
MH		 7553{
7554 struct mgmt_ev_new_csrk ev;
7555
7556 memset(&ev, 0, sizeof(ev));
7557
7558 /* Devices using resolvable or non-resolvable random addresses
f72186d2 7559 * without providing an identity resolving key don't require
7ee4ea36
MH		 7560 * to store signature resolving keys. Their addresses will change
7561 * the next time around.
7562 *
7563 * Only when a remote device provides an identity address
7564 * make sure the signature resolving key is stored. So allow
7565 * static random and public addresses here.
7566 */
7567 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7568 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7569 ev.store_hint = 0x00;
7570 else
53ac6ab6 7571 ev.store_hint = persistent;
7ee4ea36
MH		 7572
7573 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7574 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 7575 ev.key.type = csrk->type;
7ee4ea36
MH		 7576 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7577
7578 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7579}
7580
ffb5a827 7581void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 7582 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7583 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 7584{
7585 struct mgmt_ev_new_conn_param ev;
7586
c103aea6
JH		 7587 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7588 return;
7589
ffb5a827
AG		 7590 memset(&ev, 0, sizeof(ev));
7591 bacpy(&ev.addr.bdaddr, bdaddr);
7592 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 7593 ev.store_hint = store_hint;
ffb5a827
AG		 7594 ev.min_interval = cpu_to_le16(min_interval);
7595 ev.max_interval = cpu_to_le16(max_interval);
7596 ev.latency = cpu_to_le16(latency);
7597 ev.timeout = cpu_to_le16(timeout);
7598
7599 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7600}
7601
48ec92fa
AA		 7602void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7603 u32 flags, u8 *name, u8 name_len)
f7520543 7604{
b644ba33
JH		 7605 char buf[512];
7606 struct mgmt_ev_device_connected *ev = (void *) buf;
7607 u16 eir_len = 0;
f7520543 7608
48ec92fa
AA		 7609 bacpy(&ev->addr.bdaddr, &conn->dst);
7610 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 7611
c95f0ba7 7612 ev->flags = __cpu_to_le32(flags);
08c79b61 7613
fd45ada9
AA		 7614 /* We must ensure that the EIR Data fields are ordered and
7615 * unique. Keep it simple for now and avoid the problem by not
7616 * adding any BR/EDR data to the LE adv.
7617 */
7618 if (conn->le_adv_data_len > 0) {
7619 memcpy(&ev->eir[eir_len],
7620 conn->le_adv_data, conn->le_adv_data_len);
7621 eir_len = conn->le_adv_data_len;
7622 } else {
7623 if (name_len > 0)
7624 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7625 name, name_len);
b644ba33 7626
ddbea5cf 7627 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 7628 eir_len = eir_append_data(ev->eir, eir_len,
7629 EIR_CLASS_OF_DEV,
7630 conn->dev_class, 3);
7631 }
b644ba33 7632
eb55ef07 7633 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 7634
ecd90ae7
MH		 7635 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7636 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 7637}
7638
3b0602cd 7639static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 7640{
8962ee74 7641 struct sock **sk = data;
8962ee74 7642
f5818c22 7643 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 7644
7645 *sk = cmd->sk;
7646 sock_hold(*sk);
7647
a664b5bc 7648 mgmt_pending_remove(cmd);
8962ee74
JH		 7649}
7650
3b0602cd 7651static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 7652{
b1078ad0 7653 struct hci_dev *hdev = data;
124f6e35 7654 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 7655
b1078ad0
JH		 7656 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7657
d8b7b1e4 7658 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 7659 mgmt_pending_remove(cmd);
7660}
7661
84c61d92
JH		 7662bool mgmt_powering_down(struct hci_dev *hdev)
7663{
3b0602cd 7664 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 7665 struct mgmt_mode *cp;
7666
333ae95d 7667 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 7668 if (!cmd)
7669 return false;
7670
7671 cp = cmd->param;
7672 if (!cp->val)
7673 return true;
7674
7675 return false;
7676}
7677
9b80ec5e 7678void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 7679 u8 link_type, u8 addr_type, u8 reason,
7680 bool mgmt_connected)
f7520543 7681{
f0d6a0ea 7682 struct mgmt_ev_device_disconnected ev;
8962ee74 7683 struct sock *sk = NULL;
8962ee74 7684
84c61d92
JH		 7685 /* The connection is still in hci_conn_hash so test for 1
7686 * instead of 0 to know if this is the last one.
7687 */
7688 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7689 cancel_delayed_work(&hdev->power_off);
7690 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 7691 }
7692
12d4a3b2
JH		 7693 if (!mgmt_connected)
7694 return;
7695
57eb776f
AG		 7696 if (link_type != ACL_LINK && link_type != LE_LINK)
7697 return;
7698
744cf19e 7699 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 7700
f0d6a0ea
MA		 7701 bacpy(&ev.addr.bdaddr, bdaddr);
7702 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7703 ev.reason = reason;
f7520543 7704
9b80ec5e 7705 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 7706
7707 if (sk)
d97dcb66 7708 sock_put(sk);
8962ee74 7709
124f6e35 7710 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 7711 hdev);
8962ee74
JH		 7712}
7713
7892924c
MH		 7714void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7715 u8 link_type, u8 addr_type, u8 status)
8962ee74 7716{
3655bba8
AG		 7717 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7718 struct mgmt_cp_disconnect *cp;
3b0602cd 7719 struct mgmt_pending_cmd *cmd;
8962ee74 7720
36a75f1b
JD		 7721 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7722 hdev);
7723
333ae95d 7724 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 7725 if (!cmd)
7892924c 7726 return;
8962ee74 7727
3655bba8
AG		 7728 cp = cmd->param;
7729
7730 if (bacmp(bdaddr, &cp->addr.bdaddr))
7731 return;
7732
7733 if (cp->addr.type != bdaddr_type)
7734 return;
7735
f5818c22 7736 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7737 mgmt_pending_remove(cmd);
f7520543 7738}
17d5c04c 7739
445608d0
MH		 7740void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7741 u8 addr_type, u8 status)
17d5c04c
JH		 7742{
7743 struct mgmt_ev_connect_failed ev;
c9910d0f 7744
84c61d92
JH		 7745 /* The connection is still in hci_conn_hash so test for 1
7746 * instead of 0 to know if this is the last one.
7747 */
7748 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7749 cancel_delayed_work(&hdev->power_off);
7750 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 7751 }
17d5c04c 7752
4c659c39 7753 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7754 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 7755 ev.status = mgmt_status(status);
17d5c04c 7756
445608d0 7757 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 7758}
980e1a53 7759
ce0e4a0d 7760void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 7761{
7762 struct mgmt_ev_pin_code_request ev;
7763
d8457698 7764 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 7765 ev.addr.type = BDADDR_BREDR;
a770bb5a 7766 ev.secure = secure;
980e1a53 7767
ce0e4a0d 7768 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 7769}
7770
e669cf80
MH		 7771void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7772 u8 status)
980e1a53 7773{
3b0602cd 7774 struct mgmt_pending_cmd *cmd;
980e1a53 7775
333ae95d 7776 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 7777 if (!cmd)
e669cf80 7778 return;
980e1a53 7779
7776d1d8 7780 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7781 mgmt_pending_remove(cmd);
980e1a53
JH		 7782}
7783
3eb38528
MH		 7784void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7785 u8 status)
980e1a53 7786{
3b0602cd 7787 struct mgmt_pending_cmd *cmd;
980e1a53 7788
333ae95d 7789 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 7790 if (!cmd)
3eb38528 7791 return;
980e1a53 7792
7776d1d8 7793 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7794 mgmt_pending_remove(cmd);
980e1a53 7795}
a5c29683 7796
744cf19e 7797int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 7798 u8 link_type, u8 addr_type, u32 value,
04124681 7799 u8 confirm_hint)
a5c29683
JH		 7800{
7801 struct mgmt_ev_user_confirm_request ev;
7802
744cf19e 7803 BT_DBG("%s", hdev->name);
a5c29683 7804
272d90df 7805 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7806 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 7807 ev.confirm_hint = confirm_hint;
39adbffe 7808 ev.value = cpu_to_le32(value);
a5c29683 7809
744cf19e 7810 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 7811 NULL);
a5c29683
JH		 7812}
7813
272d90df 7814int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7815 u8 link_type, u8 addr_type)
604086b7
BG		 7816{
7817 struct mgmt_ev_user_passkey_request ev;
7818
7819 BT_DBG("%s", hdev->name);
7820
272d90df 7821 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7822 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7823
7824 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7825 NULL);
604086b7
BG		 7826}
7827
0df4c185 7828static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7829 u8 link_type, u8 addr_type, u8 status,
7830 u8 opcode)
a5c29683 7831{
3b0602cd 7832 struct mgmt_pending_cmd *cmd;
a5c29683 7833
333ae95d 7834 cmd = pending_find(opcode, hdev);
a5c29683
JH		 7835 if (!cmd)
7836 return -ENOENT;
7837
7776d1d8 7838 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7839 mgmt_pending_remove(cmd);
a5c29683 7840
7776d1d8 7841 return 0;
a5c29683
JH		 7842}
7843
744cf19e 7844int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7845 u8 link_type, u8 addr_type, u8 status)
a5c29683 7846{
272d90df 7847 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7848 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7849}
7850
272d90df 7851int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7852 u8 link_type, u8 addr_type, u8 status)
a5c29683 7853{
272d90df 7854 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7855 status,
7856 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7857}
2a611692 7858
604086b7 7859int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7860 u8 link_type, u8 addr_type, u8 status)
604086b7 7861{
272d90df 7862 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7863 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7864}
7865
272d90df 7866int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7867 u8 link_type, u8 addr_type, u8 status)
604086b7 7868{
272d90df 7869 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7870 status,
7871 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7872}
7873
92a25256
JH		 7874int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7875 u8 link_type, u8 addr_type, u32 passkey,
7876 u8 entered)
7877{
7878 struct mgmt_ev_passkey_notify ev;
7879
7880 BT_DBG("%s", hdev->name);
7881
7882 bacpy(&ev.addr.bdaddr, bdaddr);
7883 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7884 ev.passkey = __cpu_to_le32(passkey);
7885 ev.entered = entered;
7886
7887 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7888}
7889
e1e930f5 7890void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7891{
7892 struct mgmt_ev_auth_failed ev;
3b0602cd 7893 struct mgmt_pending_cmd *cmd;
e1e930f5 7894 u8 status = mgmt_status(hci_status);
2a611692 7895
e1e930f5
JH		 7896 bacpy(&ev.addr.bdaddr, &conn->dst);
7897 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7898 ev.status = status;
2a611692 7899
e1e930f5
JH		 7900 cmd = find_pairing(conn);
7901
7902 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7903 cmd ? cmd->sk : NULL);
7904
a511b35b
JH		 7905 if (cmd) {
7906 cmd->cmd_complete(cmd, status);
7907 mgmt_pending_remove(cmd);
7908 }
2a611692 7909}
b312b161 7910
464996ae 7911void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7912{
7913 struct cmd_lookup match = { NULL, hdev };
464996ae 7914 bool changed;
33ef95ed
JH		 7915
7916 if (status) {
7917 u8 mgmt_err = mgmt_status(status);
7918 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7919 cmd_status_rsp, &mgmt_err);
464996ae 7920 return;
33ef95ed
JH		 7921 }
7922
464996ae 7923 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7924 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7925 else
a69d8927 7926 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 7927
33ef95ed 7928 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7929 &match);
33ef95ed 7930
47990ea0 7931 if (changed)
464996ae 7932 new_settings(hdev, match.sk);
33ef95ed
JH		 7933
7934 if (match.sk)
7935 sock_put(match.sk);
33ef95ed
JH		 7936}
7937
890ea898 7938static void clear_eir(struct hci_request *req)
cacaf52f 7939{
890ea898 7940 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7941 struct hci_cp_write_eir cp;
7942
976eb20e 7943 if (!lmp_ext_inq_capable(hdev))
890ea898 7944 return;
cacaf52f 7945
c80da27e
JH		 7946 memset(hdev->eir, 0, sizeof(hdev->eir));
7947
cacaf52f
JH		 7948 memset(&cp, 0, sizeof(cp));
7949
890ea898 7950 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7951}
7952
3e248560 7953void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7954{
7955 struct cmd_lookup match = { NULL, hdev };
890ea898 7956 struct hci_request req;
c0ecddc2 7957 bool changed = false;
ed2c4ee3
JH		 7958
7959 if (status) {
7960 u8 mgmt_err = mgmt_status(status);
c0ecddc2 7961
a69d8927
MH		 7962 if (enable && hci_dev_test_and_clear_flag(hdev,
7963 HCI_SSP_ENABLED)) {
a358dc11 7964 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 7965 new_settings(hdev, NULL);
9ecb3e24 7966 }
c0ecddc2 7967
04124681
GP		 7968 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7969 &mgmt_err);
3e248560 7970 return;
c0ecddc2
JH		 7971 }
7972
7973 if (enable) {
238be788 7974 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7975 } else {
a69d8927 7976 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7977 if (!changed)
a69d8927
MH		 7978 changed = hci_dev_test_and_clear_flag(hdev,
7979 HCI_HS_ENABLED);
9ecb3e24 7980 else
a358dc11 7981 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7982 }
7983
7984 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7985
c0ecddc2 7986 if (changed)
3e248560 7987 new_settings(hdev, match.sk);
ed2c4ee3 7988
5fc6ebb1 7989 if (match.sk)
ed2c4ee3
JH		 7990 sock_put(match.sk);
7991
890ea898
JH		 7992 hci_req_init(&req, hdev);
7993
d7a5a11d
MH		 7994 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7995 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7996 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7997 sizeof(enable), &enable);
890ea898 7998 update_eir(&req);
3769972b 7999 } else {
890ea898 8000 clear_eir(&req);
3769972b 8001 }
890ea898
JH		 8002
8003 hci_req_run(&req, NULL);
ed2c4ee3
JH		 8004}
8005
3b0602cd 8006static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 8007{
8008 struct cmd_lookup *match = data;
8009
90e70454
JH		 8010 if (match->sk == NULL) {
8011 match->sk = cmd->sk;
8012 sock_hold(match->sk);
8013 }
90e70454
JH		 8014}
8015
4e1b0245
MH		 8016void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
8017 u8 status)
7f9a903c 8018{
90e70454 8019 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 8020
92da6097
JH		 8021 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
8022 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
8023 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 8024
8025 if (!status)
f6b7712e
MH		 8026 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
8027 dev_class, 3, NULL);
90e70454
JH		 8028
8029 if (match.sk)
8030 sock_put(match.sk);
7f9a903c
MH		 8031}
8032
7667da34 8033void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 8034{
b312b161 8035 struct mgmt_cp_set_local_name ev;
3b0602cd 8036 struct mgmt_pending_cmd *cmd;
28cc7bde 8037
13928971 8038 if (status)
7667da34 8039 return;
b312b161
JH		 8040
8041 memset(&ev, 0, sizeof(ev));
8042 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 8043 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 8044
333ae95d 8045 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 8046 if (!cmd) {
8047 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 8048
13928971
JH		 8049 /* If this is a HCI command related to powering on the
8050 * HCI dev don't send any mgmt signals.
8051 */
333ae95d 8052 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 8053 return;
890ea898 8054 }
b312b161 8055
f6b7712e
MH		 8056 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
8057 cmd ? cmd->sk : NULL);
b312b161 8058}
c35938b2 8059
799ce93d
JP		 8060static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
8061{
8062 int i;
8063
8064 for (i = 0; i < uuid_count; i++) {
8065 if (!memcmp(uuid, uuids[i], 16))
8066 return true;
8067 }
8068
8069 return false;
8070}
8071
b487b9ce
MH		 8072static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
8073{
799ce93d
JP		 8074 u16 parsed = 0;
8075
8076 while (parsed < eir_len) {
8077 u8 field_len = eir[0];
8078 u8 uuid[16];
8079 int i;
8080
8081 if (field_len == 0)
8082 break;
8083
8084 if (eir_len - parsed < field_len + 1)
8085 break;
8086
8087 switch (eir[1]) {
8088 case EIR_UUID16_ALL:
8089 case EIR_UUID16_SOME:
8090 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 8091 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 8092 uuid[13] = eir[i + 3];
8093 uuid[12] = eir[i + 2];
8094 if (has_uuid(uuid, uuid_count, uuids))
8095 return true;
8096 }
8097 break;
8098 case EIR_UUID32_ALL:
8099 case EIR_UUID32_SOME:
8100 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 8101 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 8102 uuid[15] = eir[i + 5];
8103 uuid[14] = eir[i + 4];
8104 uuid[13] = eir[i + 3];
8105 uuid[12] = eir[i + 2];
8106 if (has_uuid(uuid, uuid_count, uuids))
8107 return true;
8108 }
8109 break;
8110 case EIR_UUID128_ALL:
8111 case EIR_UUID128_SOME:
8112 for (i = 0; i + 17 <= field_len; i += 16) {
8113 memcpy(uuid, eir + i + 2, 16);
8114 if (has_uuid(uuid, uuid_count, uuids))
8115 return true;
8116 }
8117 break;
8118 }
8119
8120 parsed += field_len + 1;
8121 eir += field_len + 1;
8122 }
8123
b487b9ce
MH		 8124 return false;
8125}
8126
4b0e0ced
JP		 8127static void restart_le_scan(struct hci_dev *hdev)
8128{
8129 /* If controller is not scanning we are done. */
d7a5a11d 8130 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 8131 return;
8132
8133 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
8134 hdev->discovery.scan_start +
8135 hdev->discovery.scan_duration))
8136 return;
8137
7c1fbed2 8138 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
4b0e0ced
JP		 8139 DISCOV_LE_RESTART_DELAY);
8140}
8141
48f86b7f
JP		 8142static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
8143 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 8144{
48f86b7f
JP		 8145 /* If a RSSI threshold has been specified, and
8146 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
8147 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
8148 * is set, let it through for further processing, as we might need to
8149 * restart the scan.
efb2513f
MH		 8150 *
8151 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
8152 * the results are also dropped.
bda157a4
MH		 8153 */
8154 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 8155 (rssi == HCI_RSSI_INVALID ||
8156 (rssi < hdev->discovery.rssi &&
8157 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 8158 return false;
efb2513f 8159
2976cdeb
JP		 8160 if (hdev->discovery.uuid_count != 0) {
8161 /* If a list of UUIDs is provided in filter, results with no
8162 * matching UUID should be dropped.
b487b9ce 8163 */
2976cdeb
JP		 8164 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
8165 hdev->discovery.uuids) &&
8166 !eir_has_uuids(scan_rsp, scan_rsp_len,
8167 hdev->discovery.uuid_count,
8168 hdev->discovery.uuids))
8169 return false;
b487b9ce 8170 }
5d2e9fad 8171
2976cdeb
JP		 8172 /* If duplicate filtering does not report RSSI changes, then restart
8173 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 8174 */
2976cdeb
JP		 8175 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
8176 restart_le_scan(hdev);
8177
8178 /* Validate RSSI value against the RSSI threshold once more. */
8179 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8180 rssi < hdev->discovery.rssi)
8181 return false;
8182 }
48f86b7f
JP		 8183
8184 return true;
8185}
8186
8187void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8188 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
8189 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8190{
8191 char buf[512];
8192 struct mgmt_ev_device_found *ev = (void *)buf;
8193 size_t ev_size;
8194
8195 /* Don't send events for a non-kernel initiated discovery. With
8196 * LE one exception is if we have pend_le_reports > 0 in which
8197 * case we're doing passive scanning and want these events.
8198 */
8199 if (!hci_discovery_active(hdev)) {
8200 if (link_type == ACL_LINK)
8201 return;
8202 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
8203 return;
8204 }
8205
82f8b651 8206 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 8207 /* We are using service discovery */
8208 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
8209 scan_rsp_len))
8210 return;
8211 }
8212
8213 /* Make sure that the buffer is big enough. The 5 extra bytes
8214 * are for the potential CoD field.
8215 */
8216 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 8217 return;
8218
48f86b7f
JP		 8219 memset(buf, 0, sizeof(buf));
8220
8221 /* In case of device discovery with BR/EDR devices (pre 1.2), the
8222 * RSSI value was reported as 0 when not available. This behavior
8223 * is kept when using device discovery. This is required for full
8224 * backwards compatibility with the API.
8225 *
8226 * However when using service discovery, the value 127 will be
8227 * returned when the RSSI is not available.
8228 */
8229 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
8230 link_type == ACL_LINK)
8231 rssi = 0;
8232
8233 bacpy(&ev->addr.bdaddr, bdaddr);
8234 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8235 ev->rssi = rssi;
8236 ev->flags = cpu_to_le32(flags);
8237
8238 if (eir_len > 0)
8239 /* Copy EIR or advertising data into event */
8240 memcpy(ev->eir, eir, eir_len);
8241
8242 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
8243 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8244 dev_class, 3);
8245
8246 if (scan_rsp_len > 0)
8247 /* Append scan response data to event */
8248 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
8249
5d2e9fad
JH		 8250 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
8251 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 8252
901801b9 8253 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 8254}
a88a9652 8255
9cf12aee
MH		 8256void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8257 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 8258{
b644ba33
JH		 8259 struct mgmt_ev_device_found *ev;
8260 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
8261 u16 eir_len;
a88a9652 8262
b644ba33 8263 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 8264
b644ba33
JH		 8265 memset(buf, 0, sizeof(buf));
8266
8267 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 8268 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 8269 ev->rssi = rssi;
8270
8271 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 8272 name_len);
b644ba33 8273
eb55ef07 8274 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 8275
9cf12aee 8276 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 8277}
314b2381 8278
2f1e063b 8279void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 8280{
f963e8e9 8281 struct mgmt_ev_discovering ev;
164a6e78 8282
343fb145
AG		 8283 BT_DBG("%s discovering %u", hdev->name, discovering);
8284
f963e8e9
JH		 8285 memset(&ev, 0, sizeof(ev));
8286 ev.type = hdev->discovery.type;
8287 ev.discovering = discovering;
8288
2f1e063b 8289 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 8290}
5e762444 8291
1904a853 8292static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 8293{
8294 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 8295}
8296
8297void mgmt_reenable_advertising(struct hci_dev *hdev)
8298{
8299 struct hci_request req;
eb6f95f9 8300 u8 instance;
5976e608 8301
24b4f38f
AU		 8302 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
8303 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
5976e608
MH		 8304 return;
8305
eb6f95f9
FG		 8306 instance = get_current_adv_instance(hdev);
8307
5976e608 8308 hci_req_init(&req, hdev);
eb6f95f9
FG		 8309
8310 if (instance) {
8311 schedule_adv_instance(&req, instance, true);
8312 } else {
8313 update_adv_data(&req);
8314 update_scan_rsp_data(&req);
8315 enable_advertising(&req);
8316 }
8317
0ec5ae84 8318 hci_req_run(&req, adv_enable_complete);
5976e608 8319}
6d785aa3
JH		 8320
8321static struct hci_mgmt_chan chan = {
8322 .channel = HCI_CHANNEL_CONTROL,
8323 .handler_count = ARRAY_SIZE(mgmt_handlers),
8324 .handlers = mgmt_handlers,
88b94ce9 8325 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 8326};
8327
8328int mgmt_init(void)
8329{
8330 return hci_mgmt_chan_register(&chan);
8331}
8332
8333void mgmt_exit(void)
8334{
8335 hci_mgmt_chan_unregister(&chan);
8336}
Linux kernel - Deliverables
This page took 1.262566 seconds and 5 git commands to generate.