projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix Remove Device to wait for HCI before sending cmd_complete
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236 34
0857dd3b 35#include "hci_request.h"
ac4b7236 36#include "smp.h"
0381101f 37
2da9c55c 38#define MGMT_VERSION 1
854bda19 39#define MGMT_REVISION 8
02d98129 40
e70bb2e8
JH		 41static const u16 mgmt_commands[] = {
42 MGMT_OP_READ_INDEX_LIST,
43 MGMT_OP_READ_INFO,
44 MGMT_OP_SET_POWERED,
45 MGMT_OP_SET_DISCOVERABLE,
46 MGMT_OP_SET_CONNECTABLE,
47 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 48 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 49 MGMT_OP_SET_LINK_SECURITY,
50 MGMT_OP_SET_SSP,
51 MGMT_OP_SET_HS,
52 MGMT_OP_SET_LE,
53 MGMT_OP_SET_DEV_CLASS,
54 MGMT_OP_SET_LOCAL_NAME,
55 MGMT_OP_ADD_UUID,
56 MGMT_OP_REMOVE_UUID,
57 MGMT_OP_LOAD_LINK_KEYS,
58 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_DISCONNECT,
60 MGMT_OP_GET_CONNECTIONS,
61 MGMT_OP_PIN_CODE_REPLY,
62 MGMT_OP_PIN_CODE_NEG_REPLY,
63 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_PAIR_DEVICE,
65 MGMT_OP_CANCEL_PAIR_DEVICE,
66 MGMT_OP_UNPAIR_DEVICE,
67 MGMT_OP_USER_CONFIRM_REPLY,
68 MGMT_OP_USER_CONFIRM_NEG_REPLY,
69 MGMT_OP_USER_PASSKEY_REPLY,
70 MGMT_OP_USER_PASSKEY_NEG_REPLY,
71 MGMT_OP_READ_LOCAL_OOB_DATA,
72 MGMT_OP_ADD_REMOTE_OOB_DATA,
73 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
74 MGMT_OP_START_DISCOVERY,
75 MGMT_OP_STOP_DISCOVERY,
76 MGMT_OP_CONFIRM_NAME,
77 MGMT_OP_BLOCK_DEVICE,
78 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 79 MGMT_OP_SET_DEVICE_ID,
4375f103 80 MGMT_OP_SET_ADVERTISING,
0663ca2a 81 MGMT_OP_SET_BREDR,
d13eafce 82 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 83 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 84 MGMT_OP_SET_SECURE_CONN,
4e39ac81 85 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 86 MGMT_OP_SET_PRIVACY,
41edf160 87 MGMT_OP_LOAD_IRKS,
dd983808 88 MGMT_OP_GET_CONN_INFO,
95868426 89 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 90 MGMT_OP_ADD_DEVICE,
91 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 92 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 93 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 94 MGMT_OP_READ_CONFIG_INFO,
dbece37a 95 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 96 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 97 MGMT_OP_START_SERVICE_DISCOVERY,
e70bb2e8
JH		 98};
99
100static const u16 mgmt_events[] = {
101 MGMT_EV_CONTROLLER_ERROR,
102 MGMT_EV_INDEX_ADDED,
103 MGMT_EV_INDEX_REMOVED,
104 MGMT_EV_NEW_SETTINGS,
105 MGMT_EV_CLASS_OF_DEV_CHANGED,
106 MGMT_EV_LOCAL_NAME_CHANGED,
107 MGMT_EV_NEW_LINK_KEY,
108 MGMT_EV_NEW_LONG_TERM_KEY,
109 MGMT_EV_DEVICE_CONNECTED,
110 MGMT_EV_DEVICE_DISCONNECTED,
111 MGMT_EV_CONNECT_FAILED,
112 MGMT_EV_PIN_CODE_REQUEST,
113 MGMT_EV_USER_CONFIRM_REQUEST,
114 MGMT_EV_USER_PASSKEY_REQUEST,
115 MGMT_EV_AUTH_FAILED,
116 MGMT_EV_DEVICE_FOUND,
117 MGMT_EV_DISCOVERING,
118 MGMT_EV_DEVICE_BLOCKED,
119 MGMT_EV_DEVICE_UNBLOCKED,
120 MGMT_EV_DEVICE_UNPAIRED,
92a25256 121 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 122 MGMT_EV_NEW_IRK,
7ee4ea36 123 MGMT_EV_NEW_CSRK,
8afef092
MH		 124 MGMT_EV_DEVICE_ADDED,
125 MGMT_EV_DEVICE_REMOVED,
ffb5a827 126 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 127 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 128 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 129 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 130};
131
17b02e62 132#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 133
eec8d2bc
JH		 134struct pending_cmd {
135 struct list_head list;
fc2f4b13 136 u16 opcode;
eec8d2bc 137 int index;
c68fb7ff 138 void *param;
323b0b88 139 size_t param_len;
eec8d2bc 140 struct sock *sk;
e9a416b5 141 void *user_data;
1b9b5ee5 142 void (*cmd_complete)(struct pending_cmd *cmd, u8 status);
eec8d2bc
JH		 143};
144
ca69b795
JH		 145/* HCI to MGMT error code conversion table */
146static u8 mgmt_status_table[] = {
147 MGMT_STATUS_SUCCESS,
148 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
149 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
150 MGMT_STATUS_FAILED, /* Hardware Failure */
151 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
152 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 153 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 154 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
155 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
156 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
157 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
158 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
159 MGMT_STATUS_BUSY, /* Command Disallowed */
160 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
161 MGMT_STATUS_REJECTED, /* Rejected Security */
162 MGMT_STATUS_REJECTED, /* Rejected Personal */
163 MGMT_STATUS_TIMEOUT, /* Host Timeout */
164 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
166 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
167 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
168 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
169 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
170 MGMT_STATUS_BUSY, /* Repeated Attempts */
171 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
172 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
173 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
174 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
175 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
176 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
177 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
178 MGMT_STATUS_FAILED, /* Unspecified Error */
179 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
180 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
181 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
182 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
183 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
184 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
185 MGMT_STATUS_FAILED, /* Unit Link Key Used */
186 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
187 MGMT_STATUS_TIMEOUT, /* Instant Passed */
188 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
189 MGMT_STATUS_FAILED, /* Transaction Collision */
190 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
191 MGMT_STATUS_REJECTED, /* QoS Rejected */
192 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
193 MGMT_STATUS_REJECTED, /* Insufficient Security */
194 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
195 MGMT_STATUS_BUSY, /* Role Switch Pending */
196 MGMT_STATUS_FAILED, /* Slot Violation */
197 MGMT_STATUS_FAILED, /* Role Switch Failed */
198 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
199 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
200 MGMT_STATUS_BUSY, /* Host Busy Pairing */
201 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
202 MGMT_STATUS_BUSY, /* Controller Busy */
203 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
204 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
205 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
206 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
207 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
208};
209
210static u8 mgmt_status(u8 hci_status)
211{
212 if (hci_status < ARRAY_SIZE(mgmt_status_table))
213 return mgmt_status_table[hci_status];
214
215 return MGMT_STATUS_FAILED;
216}
217
04c60f05
MH		 218static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
219 struct sock *skip_sk)
220{
221 struct sk_buff *skb;
222 struct mgmt_hdr *hdr;
223
224 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
225 if (!skb)
226 return -ENOMEM;
227
228 hdr = (void *) skb_put(skb, sizeof(*hdr));
229 hdr->opcode = cpu_to_le16(event);
230 if (hdev)
231 hdr->index = cpu_to_le16(hdev->id);
232 else
233 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
234 hdr->len = cpu_to_le16(data_len);
235
236 if (data)
237 memcpy(skb_put(skb, data_len), data, data_len);
238
239 /* Time stamp */
240 __net_timestamp(skb);
241
242 hci_send_to_control(skb, skip_sk);
243 kfree_skb(skb);
244
245 return 0;
246}
247
4e51eae9 248static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 249{
250 struct sk_buff *skb;
251 struct mgmt_hdr *hdr;
252 struct mgmt_ev_cmd_status *ev;
56b7d137 253 int err;
f7b64e69 254
34eb525c 255 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 256
790eff44 257 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 258 if (!skb)
259 return -ENOMEM;
260
261 hdr = (void *) skb_put(skb, sizeof(*hdr));
262
dcf4adbf 263 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 264 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 265 hdr->len = cpu_to_le16(sizeof(*ev));
266
267 ev = (void *) skb_put(skb, sizeof(*ev));
268 ev->status = status;
eb55ef07 269 ev->opcode = cpu_to_le16(cmd);
f7b64e69 270
56b7d137
GP		 271 err = sock_queue_rcv_skb(sk, skb);
272 if (err < 0)
f7b64e69
JH		 273 kfree_skb(skb);
274
56b7d137 275 return err;
f7b64e69
JH		 276}
277
aee9b218 278static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 279 void *rp, size_t rp_len)
02d98129
JH		 280{
281 struct sk_buff *skb;
282 struct mgmt_hdr *hdr;
283 struct mgmt_ev_cmd_complete *ev;
56b7d137 284 int err;
02d98129
JH		 285
286 BT_DBG("sock %p", sk);
287
790eff44 288 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 289 if (!skb)
290 return -ENOMEM;
291
292 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 293
dcf4adbf 294 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 295 hdr->index = cpu_to_le16(index);
a38528f1 296 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 297
a38528f1 298 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 299 ev->opcode = cpu_to_le16(cmd);
aee9b218 300 ev->status = status;
8020c16a
SJ		 301
302 if (rp)
303 memcpy(ev->data, rp, rp_len);
02d98129 304
56b7d137
GP		 305 err = sock_queue_rcv_skb(sk, skb);
306 if (err < 0)
02d98129
JH		 307 kfree_skb(skb);
308
e5f0e151 309 return err;
02d98129
JH		 310}
311
04124681
GP		 312static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
313 u16 data_len)
a38528f1
JH		 314{
315 struct mgmt_rp_read_version rp;
316
317 BT_DBG("sock %p", sk);
318
319 rp.version = MGMT_VERSION;
dcf4adbf 320 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 321
aee9b218 322 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 323 sizeof(rp));
a38528f1
JH		 324}
325
04124681
GP		 326static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
327 u16 data_len)
e70bb2e8
JH		 328{
329 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 330 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
331 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 332 __le16 *opcode;
e70bb2e8
JH		 333 size_t rp_size;
334 int i, err;
335
336 BT_DBG("sock %p", sk);
337
338 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
339
340 rp = kmalloc(rp_size, GFP_KERNEL);
341 if (!rp)
342 return -ENOMEM;
343
dcf4adbf
JP		 344 rp->num_commands = cpu_to_le16(num_commands);
345 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 346
347 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
348 put_unaligned_le16(mgmt_commands[i], opcode);
349
350 for (i = 0; i < num_events; i++, opcode++)
351 put_unaligned_le16(mgmt_events[i], opcode);
352
aee9b218 353 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 354 rp_size);
e70bb2e8
JH		 355 kfree(rp);
356
357 return err;
358}
359
04124681
GP		 360static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
361 u16 data_len)
faba42eb 362{
faba42eb 363 struct mgmt_rp_read_index_list *rp;
8035ded4 364 struct hci_dev *d;
a38528f1 365 size_t rp_len;
faba42eb 366 u16 count;
476e44cb 367 int err;
faba42eb
JH		 368
369 BT_DBG("sock %p", sk);
370
371 read_lock(&hci_dev_list_lock);
372
373 count = 0;
bb4b2a9a 374 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 375 if (d->dev_type == HCI_BREDR &&
376 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 377 count++;
faba42eb
JH		 378 }
379
a38528f1
JH		 380 rp_len = sizeof(*rp) + (2 * count);
381 rp = kmalloc(rp_len, GFP_ATOMIC);
382 if (!rp) {
b2c60d42 383 read_unlock(&hci_dev_list_lock);
faba42eb 384 return -ENOMEM;
b2c60d42 385 }
faba42eb 386
476e44cb 387 count = 0;
8035ded4 388 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 389 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 390 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 391 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 392 continue;
393
73d1df2a
MH		 394 /* Devices marked as raw-only are neither configured
395 * nor unconfigured controllers.
396 */
397 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 398 continue;
399
73d1df2a
MH		 400 if (d->dev_type == HCI_BREDR &&
401 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 402 rp->index[count++] = cpu_to_le16(d->id);
403 BT_DBG("Added hci%u", d->id);
404 }
faba42eb
JH		 405 }
406
476e44cb
JH		 407 rp->num_controllers = cpu_to_le16(count);
408 rp_len = sizeof(*rp) + (2 * count);
409
faba42eb
JH		 410 read_unlock(&hci_dev_list_lock);
411
aee9b218 412 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 413 rp_len);
faba42eb 414
a38528f1
JH		 415 kfree(rp);
416
417 return err;
faba42eb
JH		 418}
419
73d1df2a
MH		 420static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
421 void *data, u16 data_len)
422{
423 struct mgmt_rp_read_unconf_index_list *rp;
424 struct hci_dev *d;
425 size_t rp_len;
426 u16 count;
427 int err;
428
429 BT_DBG("sock %p", sk);
430
431 read_lock(&hci_dev_list_lock);
432
433 count = 0;
434 list_for_each_entry(d, &hci_dev_list, list) {
435 if (d->dev_type == HCI_BREDR &&
436 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
437 count++;
438 }
439
440 rp_len = sizeof(*rp) + (2 * count);
441 rp = kmalloc(rp_len, GFP_ATOMIC);
442 if (!rp) {
443 read_unlock(&hci_dev_list_lock);
444 return -ENOMEM;
445 }
446
447 count = 0;
448 list_for_each_entry(d, &hci_dev_list, list) {
449 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 450 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 451 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
452 continue;
453
454 /* Devices marked as raw-only are neither configured
455 * nor unconfigured controllers.
456 */
457 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
458 continue;
459
460 if (d->dev_type == HCI_BREDR &&
461 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
462 rp->index[count++] = cpu_to_le16(d->id);
463 BT_DBG("Added hci%u", d->id);
464 }
465 }
466
467 rp->num_controllers = cpu_to_le16(count);
468 rp_len = sizeof(*rp) + (2 * count);
469
470 read_unlock(&hci_dev_list_lock);
471
472 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
473 0, rp, rp_len);
474
475 kfree(rp);
476
477 return err;
478}
479
dbece37a
MH		 480static bool is_configured(struct hci_dev *hdev)
481{
482 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
483 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
484 return false;
485
486 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
487 !bacmp(&hdev->public_addr, BDADDR_ANY))
488 return false;
489
490 return true;
491}
492
89bc22d2
MH		 493static __le32 get_missing_options(struct hci_dev *hdev)
494{
495 u32 options = 0;
496
dbece37a
MH		 497 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
498 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 499 options |= MGMT_OPTION_EXTERNAL_CONFIG;
500
89bc22d2
MH		 501 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
502 !bacmp(&hdev->public_addr, BDADDR_ANY))
503 options |= MGMT_OPTION_PUBLIC_ADDRESS;
504
505 return cpu_to_le32(options);
506}
507
f4537c04
MH		 508static int new_options(struct hci_dev *hdev, struct sock *skip)
509{
510 __le32 options = get_missing_options(hdev);
511
512 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
513 sizeof(options), skip);
514}
515
dbece37a
MH		 516static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
517{
518 __le32 options = get_missing_options(hdev);
519
520 return cmd_complete(sk, hdev->id, opcode, 0, &options,
521 sizeof(options));
522}
523
9fc3bfb6
MH		 524static int read_config_info(struct sock *sk, struct hci_dev *hdev,
525 void *data, u16 data_len)
526{
527 struct mgmt_rp_read_config_info rp;
89bc22d2 528 u32 options = 0;
9fc3bfb6
MH		 529
530 BT_DBG("sock %p %s", sk, hdev->name);
531
532 hci_dev_lock(hdev);
533
534 memset(&rp, 0, sizeof(rp));
535 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 536
eb1904f4
MH		 537 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
538 options |= MGMT_OPTION_EXTERNAL_CONFIG;
539
9fc3bfb6 540 if (hdev->set_bdaddr)
89bc22d2
MH		 541 options |= MGMT_OPTION_PUBLIC_ADDRESS;
542
543 rp.supported_options = cpu_to_le32(options);
544 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 545
546 hci_dev_unlock(hdev);
547
548 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
549 sizeof(rp));
550}
551
69ab39ea
JH		 552static u32 get_supported_settings(struct hci_dev *hdev)
553{
554 u32 settings = 0;
555
556 settings |= MGMT_SETTING_POWERED;
b2939475 557 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 558 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 559 settings |= MGMT_SETTING_CONNECTABLE;
560 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 561
ed3fa31f 562 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 563 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
564 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 565 settings |= MGMT_SETTING_BREDR;
566 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 567
568 if (lmp_ssp_capable(hdev)) {
569 settings |= MGMT_SETTING_SSP;
570 settings |= MGMT_SETTING_HS;
571 }
e98d2ce2 572
5afeac14 573 if (lmp_sc_capable(hdev) ||
111902f7 574 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 575 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 576 }
d7b7e796 577
eeca6f89 578 if (lmp_le_capable(hdev)) {
9d42820f 579 settings |= MGMT_SETTING_LE;
eeca6f89 580 settings |= MGMT_SETTING_ADVERTISING;
a3209694 581 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 582 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 583 }
69ab39ea 584
eb1904f4
MH		 585 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
586 hdev->set_bdaddr)
9fc3bfb6
MH		 587 settings |= MGMT_SETTING_CONFIGURATION;
588
69ab39ea
JH		 589 return settings;
590}
591
592static u32 get_current_settings(struct hci_dev *hdev)
593{
594 u32 settings = 0;
595
f1f0eb02 596 if (hdev_is_powered(hdev))
f0d4b78a
MH		 597 settings |= MGMT_SETTING_POWERED;
598
5e5282bb 599 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 600 settings |= MGMT_SETTING_CONNECTABLE;
601
1a4d3c4b
JH		 602 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
603 settings |= MGMT_SETTING_FAST_CONNECTABLE;
604
5e5282bb 605 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 606 settings |= MGMT_SETTING_DISCOVERABLE;
607
b6ae8457 608 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
b2939475 609 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 610
56f87901 611 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 612 settings |= MGMT_SETTING_BREDR;
613
06199cf8 614 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 615 settings |= MGMT_SETTING_LE;
616
47990ea0 617 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 618 settings |= MGMT_SETTING_LINK_SECURITY;
619
84bde9d6 620 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 621 settings |= MGMT_SETTING_SSP;
622
6d80dfd0
JH		 623 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
624 settings |= MGMT_SETTING_HS;
625
f3d3444a 626 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 627 settings |= MGMT_SETTING_ADVERTISING;
628
e98d2ce2
MH		 629 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
630 settings |= MGMT_SETTING_SECURE_CONN;
631
0663b297 632 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 633 settings |= MGMT_SETTING_DEBUG_KEYS;
634
0f4bd942
JH		 635 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
636 settings |= MGMT_SETTING_PRIVACY;
637
69ab39ea
JH		 638 return settings;
639}
640
ef580372
JH		 641#define PNP_INFO_SVCLASS_ID 0x1200
642
213202ed
JH		 643static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
644{
645 u8 *ptr = data, *uuids_start = NULL;
646 struct bt_uuid *uuid;
647
648 if (len < 4)
649 return ptr;
650
651 list_for_each_entry(uuid, &hdev->uuids, list) {
652 u16 uuid16;
653
654 if (uuid->size != 16)
655 continue;
656
657 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
658 if (uuid16 < 0x1100)
659 continue;
660
661 if (uuid16 == PNP_INFO_SVCLASS_ID)
662 continue;
663
664 if (!uuids_start) {
665 uuids_start = ptr;
666 uuids_start[0] = 1;
667 uuids_start[1] = EIR_UUID16_ALL;
668 ptr += 2;
669 }
670
671 /* Stop if not enough space to put next UUID */
672 if ((ptr - data) + sizeof(u16) > len) {
673 uuids_start[1] = EIR_UUID16_SOME;
674 break;
675 }
676
677 *ptr++ = (uuid16 & 0x00ff);
678 *ptr++ = (uuid16 & 0xff00) >> 8;
679 uuids_start[0] += sizeof(uuid16);
680 }
681
682 return ptr;
683}
684
cdf1963f
JH		 685static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
686{
687 u8 *ptr = data, *uuids_start = NULL;
688 struct bt_uuid *uuid;
689
690 if (len < 6)
691 return ptr;
692
693 list_for_each_entry(uuid, &hdev->uuids, list) {
694 if (uuid->size != 32)
695 continue;
696
697 if (!uuids_start) {
698 uuids_start = ptr;
699 uuids_start[0] = 1;
700 uuids_start[1] = EIR_UUID32_ALL;
701 ptr += 2;
702 }
703
704 /* Stop if not enough space to put next UUID */
705 if ((ptr - data) + sizeof(u32) > len) {
706 uuids_start[1] = EIR_UUID32_SOME;
707 break;
708 }
709
710 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
711 ptr += sizeof(u32);
712 uuids_start[0] += sizeof(u32);
713 }
714
715 return ptr;
716}
717
c00d575b
JH		 718static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
719{
720 u8 *ptr = data, *uuids_start = NULL;
721 struct bt_uuid *uuid;
722
723 if (len < 18)
724 return ptr;
725
726 list_for_each_entry(uuid, &hdev->uuids, list) {
727 if (uuid->size != 128)
728 continue;
729
730 if (!uuids_start) {
731 uuids_start = ptr;
732 uuids_start[0] = 1;
733 uuids_start[1] = EIR_UUID128_ALL;
734 ptr += 2;
735 }
736
737 /* Stop if not enough space to put next UUID */
738 if ((ptr - data) + 16 > len) {
739 uuids_start[1] = EIR_UUID128_SOME;
740 break;
741 }
742
743 memcpy(ptr, uuid->uuid, 16);
744 ptr += 16;
745 uuids_start[0] += 16;
746 }
747
748 return ptr;
749}
750
eb2a8d20
JH		 751static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
752{
753 struct pending_cmd *cmd;
754
755 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
756 if (cmd->opcode == opcode)
757 return cmd;
758 }
759
760 return NULL;
761}
762
95868426
JH		 763static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
764 struct hci_dev *hdev,
765 const void *data)
766{
767 struct pending_cmd *cmd;
768
769 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
770 if (cmd->user_data != data)
771 continue;
772 if (cmd->opcode == opcode)
773 return cmd;
774 }
775
776 return NULL;
777}
778
f14d8f64
MH		 779static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
780{
7a5f4990
MH		 781 u8 ad_len = 0;
782 size_t name_len;
783
784 name_len = strlen(hdev->dev_name);
785 if (name_len > 0) {
786 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
787
788 if (name_len > max_len) {
789 name_len = max_len;
790 ptr[1] = EIR_NAME_SHORT;
791 } else
792 ptr[1] = EIR_NAME_COMPLETE;
793
794 ptr[0] = name_len + 1;
795
796 memcpy(ptr + 2, hdev->dev_name, name_len);
797
798 ad_len += (name_len + 2);
799 ptr += (name_len + 2);
800 }
801
802 return ad_len;
f14d8f64
MH		 803}
804
805static void update_scan_rsp_data(struct hci_request *req)
806{
807 struct hci_dev *hdev = req->hdev;
808 struct hci_cp_le_set_scan_rsp_data cp;
809 u8 len;
810
7751ef1b 811 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 812 return;
813
814 memset(&cp, 0, sizeof(cp));
815
816 len = create_scan_rsp_data(hdev, cp.data);
817
eb438b5f
JH		 818 if (hdev->scan_rsp_data_len == len &&
819 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 820 return;
821
eb438b5f
JH		 822 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
823 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 824
825 cp.length = len;
826
827 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
828}
829
9a43e25f
JH		 830static u8 get_adv_discov_flags(struct hci_dev *hdev)
831{
832 struct pending_cmd *cmd;
833
834 /* If there's a pending mgmt command the flags will not yet have
835 * their final values, so check for this first.
836 */
837 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
838 if (cmd) {
839 struct mgmt_mode *cp = cmd->param;
840 if (cp->val == 0x01)
841 return LE_AD_GENERAL;
842 else if (cp->val == 0x02)
843 return LE_AD_LIMITED;
844 } else {
845 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
846 return LE_AD_LIMITED;
847 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
848 return LE_AD_GENERAL;
849 }
850
851 return 0;
852}
853
46cad2ed 854static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 855{
856 u8 ad_len = 0, flags = 0;
441ad2d0 857
9a43e25f 858 flags |= get_adv_discov_flags(hdev);
441ad2d0 859
e834004b 860 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 861 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 862
863 if (flags) {
864 BT_DBG("adv flags 0x%02x", flags);
865
866 ptr[0] = 2;
867 ptr[1] = EIR_FLAGS;
868 ptr[2] = flags;
869
870 ad_len += 3;
871 ptr += 3;
872 }
873
874 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
875 ptr[0] = 2;
876 ptr[1] = EIR_TX_POWER;
877 ptr[2] = (u8) hdev->adv_tx_power;
878
879 ad_len += 3;
880 ptr += 3;
881 }
882
441ad2d0
MH		 883 return ad_len;
884}
885
5947f4bc 886static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 887{
888 struct hci_dev *hdev = req->hdev;
889 struct hci_cp_le_set_adv_data cp;
890 u8 len;
891
10994ce6 892 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 893 return;
894
895 memset(&cp, 0, sizeof(cp));
896
46cad2ed 897 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 898
899 if (hdev->adv_data_len == len &&
900 memcmp(cp.data, hdev->adv_data, len) == 0)
901 return;
902
903 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
904 hdev->adv_data_len = len;
905
906 cp.length = len;
907
908 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
909}
910
bc6d2d04
JH		 911int mgmt_update_adv_data(struct hci_dev *hdev)
912{
913 struct hci_request req;
914
915 hci_req_init(&req, hdev);
916 update_adv_data(&req);
917
918 return hci_req_run(&req, NULL);
919}
920
ef580372
JH		 921static void create_eir(struct hci_dev *hdev, u8 *data)
922{
923 u8 *ptr = data;
ef580372
JH		 924 size_t name_len;
925
926 name_len = strlen(hdev->dev_name);
927
928 if (name_len > 0) {
929 /* EIR Data type */
930 if (name_len > 48) {
931 name_len = 48;
932 ptr[1] = EIR_NAME_SHORT;
933 } else
934 ptr[1] = EIR_NAME_COMPLETE;
935
936 /* EIR Data length */
937 ptr[0] = name_len + 1;
938
939 memcpy(ptr + 2, hdev->dev_name, name_len);
940
ef580372
JH		 941 ptr += (name_len + 2);
942 }
943
bbaf444a 944 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 945 ptr[0] = 2;
946 ptr[1] = EIR_TX_POWER;
947 ptr[2] = (u8) hdev->inq_tx_power;
948
91c4e9b1
MH		 949 ptr += 3;
950 }
951
2b9be137
MH		 952 if (hdev->devid_source > 0) {
953 ptr[0] = 9;
954 ptr[1] = EIR_DEVICE_ID;
955
956 put_unaligned_le16(hdev->devid_source, ptr + 2);
957 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
958 put_unaligned_le16(hdev->devid_product, ptr + 6);
959 put_unaligned_le16(hdev->devid_version, ptr + 8);
960
2b9be137
MH		 961 ptr += 10;
962 }
963
213202ed 964 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 965 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 966 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 967}
968
890ea898 969static void update_eir(struct hci_request *req)
ef580372 970{
890ea898 971 struct hci_dev *hdev = req->hdev;
ef580372
JH		 972 struct hci_cp_write_eir cp;
973
504c8dcd 974 if (!hdev_is_powered(hdev))
890ea898 975 return;
7770c4aa 976
976eb20e 977 if (!lmp_ext_inq_capable(hdev))
890ea898 978 return;
ef580372 979
84bde9d6 980 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 981 return;
ef580372 982
a8b2d5c2 983 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 984 return;
ef580372
JH		 985
986 memset(&cp, 0, sizeof(cp));
987
988 create_eir(hdev, cp.data);
989
990 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 991 return;
ef580372
JH		 992
993 memcpy(hdev->eir, cp.data, sizeof(cp.data));
994
890ea898 995 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 996}
997
998static u8 get_service_classes(struct hci_dev *hdev)
999{
1000 struct bt_uuid *uuid;
1001 u8 val = 0;
1002
1003 list_for_each_entry(uuid, &hdev->uuids, list)
1004 val |= uuid->svc_hint;
1005
1006 return val;
1007}
1008
890ea898 1009static void update_class(struct hci_request *req)
ef580372 1010{
890ea898 1011 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1012 u8 cod[3];
1013
1014 BT_DBG("%s", hdev->name);
1015
504c8dcd 1016 if (!hdev_is_powered(hdev))
890ea898 1017 return;
7770c4aa 1018
f87ea1da
JH		 1019 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1020 return;
1021
a8b2d5c2 1022 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1023 return;
ef580372
JH		 1024
1025 cod[0] = hdev->minor_class;
1026 cod[1] = hdev->major_class;
1027 cod[2] = get_service_classes(hdev);
1028
6acd7db4
MH		 1029 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1030 cod[1] |= 0x20;
1031
ef580372 1032 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1033 return;
ef580372 1034
890ea898 1035 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1036}
1037
a4858cb9 1038static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 1039{
1040 struct pending_cmd *cmd;
199a2fb1
JH		 1041
1042 /* If there's a pending mgmt command the flag will not yet have
1043 * it's final value, so check for this first.
1044 */
1045 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1046 if (cmd) {
1047 struct mgmt_mode *cp = cmd->param;
a4858cb9 1048 return cp->val;
199a2fb1
JH		 1049 }
1050
a4858cb9 1051 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1052}
1053
0ec5ae84
JH		 1054static void disable_advertising(struct hci_request *req)
1055{
1056 u8 enable = 0x00;
1057
1058 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1059}
1060
199a2fb1
JH		 1061static void enable_advertising(struct hci_request *req)
1062{
1063 struct hci_dev *hdev = req->hdev;
1064 struct hci_cp_le_set_adv_param cp;
8f2a0601 1065 u8 own_addr_type, enable = 0x01;
a4858cb9 1066 bool connectable;
199a2fb1 1067
0ec5ae84
JH		 1068 if (hci_conn_num(hdev, LE_LINK) > 0)
1069 return;
1070
1071 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1072 disable_advertising(req);
1073
5ce194c4 1074 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1075 * hci_update_random_address knows that it's safe to go ahead
1076 * and write a new random address. The flag will be set back on
1077 * as soon as the SET_ADV_ENABLE HCI command completes.
1078 */
5ce194c4 1079 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
8d97250e 1080
a4858cb9 1081 connectable = get_connectable(hdev);
8f2a0601 1082
a4858cb9
JH		 1083 /* Set require_privacy to true only when non-connectable
1084 * advertising is used. In that case it is fine to use a
1085 * non-resolvable private address.
1086 */
1087 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1088 return;
1089
41c90c18 1090 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1091 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1092 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1093 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1094 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1095 cp.channel_map = hdev->le_adv_channel_map;
1096
1097 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1098
1099 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1100}
1101
7d78525d
JH		 1102static void service_cache_off(struct work_struct *work)
1103{
1104 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1105 service_cache.work);
890ea898 1106 struct hci_request req;
7d78525d 1107
a8b2d5c2 1108 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1109 return;
1110
890ea898
JH		 1111 hci_req_init(&req, hdev);
1112
7d78525d
JH		 1113 hci_dev_lock(hdev);
1114
890ea898
JH		 1115 update_eir(&req);
1116 update_class(&req);
7d78525d
JH		 1117
1118 hci_dev_unlock(hdev);
890ea898
JH		 1119
1120 hci_req_run(&req, NULL);
7d78525d
JH		 1121}
1122
d6bfd59c
JH		 1123static void rpa_expired(struct work_struct *work)
1124{
1125 struct hci_dev *hdev = container_of(work, struct hci_dev,
1126 rpa_expired.work);
1127 struct hci_request req;
1128
1129 BT_DBG("");
1130
1131 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1132
0ec5ae84 1133 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
d6bfd59c
JH		 1134 return;
1135
1136 /* The generation of a new RPA and programming it into the
1137 * controller happens in the enable_advertising() function.
1138 */
d6bfd59c 1139 hci_req_init(&req, hdev);
d6bfd59c 1140 enable_advertising(&req);
d6bfd59c
JH		 1141 hci_req_run(&req, NULL);
1142}
1143
6a919082 1144static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1145{
4f87da80 1146 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1147 return;
1148
4f87da80 1149 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1150 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1151
4f87da80
JH		 1152 /* Non-mgmt controlled devices get this bit set
1153 * implicitly so that pairing works for them, however
1154 * for mgmt we require user-space to explicitly enable
1155 * it
1156 */
b6ae8457 1157 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
7d78525d
JH		 1158}
1159
0f4e68cf 1160static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1161 void *data, u16 data_len)
0381101f 1162{
a38528f1 1163 struct mgmt_rp_read_info rp;
f7b64e69 1164
bdb6d971 1165 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1166
09fd0de5 1167 hci_dev_lock(hdev);
f7b64e69 1168
dc4fe30b
JH		 1169 memset(&rp, 0, sizeof(rp));
1170
69ab39ea 1171 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1172
69ab39ea 1173 rp.version = hdev->hci_ver;
eb55ef07 1174 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1175
1176 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1177 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1178
a38528f1 1179 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1180
dc4fe30b 1181 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1182 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1183
09fd0de5 1184 hci_dev_unlock(hdev);
0381101f 1185
bdb6d971 1186 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 1187 sizeof(rp));
0381101f
JH		 1188}
1189
eec8d2bc
JH		 1190static void mgmt_pending_free(struct pending_cmd *cmd)
1191{
1192 sock_put(cmd->sk);
c68fb7ff 1193 kfree(cmd->param);
eec8d2bc
JH		 1194 kfree(cmd);
1195}
1196
366a0336 1197static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1198 struct hci_dev *hdev, void *data,
1199 u16 len)
eec8d2bc
JH		 1200{
1201 struct pending_cmd *cmd;
1202
fca20018 1203 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1204 if (!cmd)
366a0336 1205 return NULL;
eec8d2bc
JH		 1206
1207 cmd->opcode = opcode;
2e58ef3e 1208 cmd->index = hdev->id;
eec8d2bc 1209
323b0b88 1210 cmd->param = kmemdup(data, len, GFP_KERNEL);
c68fb7ff 1211 if (!cmd->param) {
eec8d2bc 1212 kfree(cmd);
366a0336 1213 return NULL;
eec8d2bc
JH		 1214 }
1215
323b0b88 1216 cmd->param_len = len;
eec8d2bc
JH		 1217
1218 cmd->sk = sk;
1219 sock_hold(sk);
1220
2e58ef3e 1221 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1222
366a0336 1223 return cmd;
eec8d2bc
JH		 1224}
1225
744cf19e 1226static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1227 void (*cb)(struct pending_cmd *cmd,
1228 void *data),
04124681 1229 void *data)
eec8d2bc 1230{
a3d09356 1231 struct pending_cmd *cmd, *tmp;
eec8d2bc 1232
a3d09356 1233 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1234 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1235 continue;
1236
eec8d2bc
JH		 1237 cb(cmd, data);
1238 }
1239}
1240
a664b5bc 1241static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1242{
73f22f62
JH		 1243 list_del(&cmd->list);
1244 mgmt_pending_free(cmd);
1245}
1246
69ab39ea 1247static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1248{
69ab39ea 1249 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1250
aee9b218 1251 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1252 sizeof(settings));
8680570b
JH		 1253}
1254
8b064a3a
JH		 1255static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1256{
1257 BT_DBG("%s status 0x%02x", hdev->name, status);
1258
a3172b7e
JH		 1259 if (hci_conn_count(hdev) == 0) {
1260 cancel_delayed_work(&hdev->power_off);
8b064a3a 1261 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1262 }
8b064a3a
JH		 1263}
1264
23a48093 1265static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1266{
1267 struct hci_dev *hdev = req->hdev;
1268 struct hci_cp_remote_name_req_cancel cp;
1269 struct inquiry_entry *e;
1270
1271 switch (hdev->discovery.state) {
1272 case DISCOVERY_FINDING:
1273 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1274 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1275 } else {
1276 cancel_delayed_work(&hdev->le_scan_disable);
1277 hci_req_add_le_scan_disable(req);
1278 }
1279
23a48093 1280 return true;
21a60d30
JH		 1281
1282 case DISCOVERY_RESOLVING:
1283 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1284 NAME_PENDING);
1285 if (!e)
23a48093 1286 break;
21a60d30
JH		 1287
1288 bacpy(&cp.bdaddr, &e->data.bdaddr);
1289 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1290 &cp);
1291
23a48093 1292 return true;
21a60d30
JH		 1293
1294 default:
1295 /* Passive scanning */
23a48093 1296 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
21a60d30 1297 hci_req_add_le_scan_disable(req);
23a48093
JH		 1298 return true;
1299 }
1300
21a60d30
JH		 1301 break;
1302 }
23a48093
JH		 1303
1304 return false;
21a60d30
JH		 1305}
1306
8b064a3a
JH		 1307static int clean_up_hci_state(struct hci_dev *hdev)
1308{
1309 struct hci_request req;
1310 struct hci_conn *conn;
23a48093
JH		 1311 bool discov_stopped;
1312 int err;
8b064a3a
JH		 1313
1314 hci_req_init(&req, hdev);
1315
1316 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1317 test_bit(HCI_PSCAN, &hdev->flags)) {
1318 u8 scan = 0x00;
1319 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1320 }
1321
73e082f8 1322 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
8b064a3a
JH		 1323 disable_advertising(&req);
1324
23a48093 1325 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1326
1327 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1328 struct hci_cp_disconnect dc;
c9910d0f
JH		 1329 struct hci_cp_reject_conn_req rej;
1330
1331 switch (conn->state) {
1332 case BT_CONNECTED:
1333 case BT_CONFIG:
1334 dc.handle = cpu_to_le16(conn->handle);
1335 dc.reason = 0x15; /* Terminated due to Power Off */
1336 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1337 break;
1338 case BT_CONNECT:
1339 if (conn->type == LE_LINK)
1340 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1341 0, NULL);
1342 else if (conn->type == ACL_LINK)
1343 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1344 6, &conn->dst);
1345 break;
1346 case BT_CONNECT2:
1347 bacpy(&rej.bdaddr, &conn->dst);
1348 rej.reason = 0x15; /* Terminated due to Power Off */
1349 if (conn->type == ACL_LINK)
1350 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1351 sizeof(rej), &rej);
1352 else if (conn->type == SCO_LINK)
1353 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1354 sizeof(rej), &rej);
1355 break;
1356 }
8b064a3a
JH		 1357 }
1358
23a48093
JH		 1359 err = hci_req_run(&req, clean_up_hci_complete);
1360 if (!err && discov_stopped)
1361 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1362
1363 return err;
8b064a3a
JH		 1364}
1365
bdb6d971 1366static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1367 u16 len)
eec8d2bc 1368{
650f726d 1369 struct mgmt_mode *cp = data;
366a0336 1370 struct pending_cmd *cmd;
4b34ee78 1371 int err;
eec8d2bc 1372
bdb6d971 1373 BT_DBG("request for %s", hdev->name);
eec8d2bc 1374
a7e80f25
JH		 1375 if (cp->val != 0x00 && cp->val != 0x01)
1376 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1377 MGMT_STATUS_INVALID_PARAMS);
1378
09fd0de5 1379 hci_dev_lock(hdev);
eec8d2bc 1380
87b95ba6
JH		 1381 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1382 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1383 MGMT_STATUS_BUSY);
1384 goto failed;
1385 }
1386
f0d4b78a
MH		 1387 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1388 cancel_delayed_work(&hdev->power_off);
1389
1390 if (cp->val) {
a1d70450
JH		 1391 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1392 data, len);
1393 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1394 goto failed;
1395 }
1396 }
1397
4b34ee78 1398 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1399 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1400 goto failed;
1401 }
1402
2e58ef3e 1403 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1404 if (!cmd) {
1405 err = -ENOMEM;
eec8d2bc 1406 goto failed;
366a0336 1407 }
eec8d2bc 1408
8b064a3a 1409 if (cp->val) {
19202573 1410 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1411 err = 0;
1412 } else {
1413 /* Disconnect connections, stop scans, etc */
1414 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1415 if (!err)
1416 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1417 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1418
8b064a3a
JH		 1419 /* ENODATA means there were no HCI commands queued */
1420 if (err == -ENODATA) {
a3172b7e 1421 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1422 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1423 err = 0;
1424 }
1425 }
eec8d2bc
JH		 1426
1427failed:
09fd0de5 1428 hci_dev_unlock(hdev);
366a0336 1429 return err;
eec8d2bc
JH		 1430}
1431
beadb2bd
JH		 1432static int new_settings(struct hci_dev *hdev, struct sock *skip)
1433{
1434 __le32 ev;
1435
1436 ev = cpu_to_le32(get_current_settings(hdev));
1437
1438 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1439}
1440
91a668b0
JH		 1441int mgmt_new_settings(struct hci_dev *hdev)
1442{
1443 return new_settings(hdev, NULL);
1444}
1445
bd99abdd
JH		 1446struct cmd_lookup {
1447 struct sock *sk;
1448 struct hci_dev *hdev;
1449 u8 mgmt_status;
1450};
1451
1452static void settings_rsp(struct pending_cmd *cmd, void *data)
1453{
1454 struct cmd_lookup *match = data;
1455
1456 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1457
1458 list_del(&cmd->list);
1459
1460 if (match->sk == NULL) {
1461 match->sk = cmd->sk;
1462 sock_hold(match->sk);
1463 }
1464
1465 mgmt_pending_free(cmd);
1466}
1467
1468static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1469{
1470 u8 *status = data;
1471
1472 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1473 mgmt_pending_remove(cmd);
1474}
1475
1b9b5ee5
JH		 1476static void cmd_complete_rsp(struct pending_cmd *cmd, void *data)
1477{
1478 if (cmd->cmd_complete) {
1479 u8 *status = data;
1480
1481 cmd->cmd_complete(cmd, *status);
1482 mgmt_pending_remove(cmd);
1483
1484 return;
1485 }
1486
1487 cmd_status_rsp(cmd, data);
1488}
1489
f5818c22
JH		 1490static void generic_cmd_complete(struct pending_cmd *cmd, u8 status)
1491{
1492 cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param,
1493 cmd->param_len);
1494}
1495
7776d1d8
JH		 1496static void addr_cmd_complete(struct pending_cmd *cmd, u8 status)
1497{
1498 cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param,
1499 sizeof(struct mgmt_addr_info));
1500}
1501
e6fe7986
JH		 1502static u8 mgmt_bredr_support(struct hci_dev *hdev)
1503{
1504 if (!lmp_bredr_capable(hdev))
1505 return MGMT_STATUS_NOT_SUPPORTED;
1506 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1507 return MGMT_STATUS_REJECTED;
1508 else
1509 return MGMT_STATUS_SUCCESS;
1510}
1511
1512static u8 mgmt_le_support(struct hci_dev *hdev)
1513{
1514 if (!lmp_le_capable(hdev))
1515 return MGMT_STATUS_NOT_SUPPORTED;
1516 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1517 return MGMT_STATUS_REJECTED;
1518 else
1519 return MGMT_STATUS_SUCCESS;
1520}
1521
bfaf8c9f
JH		 1522static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1523{
1524 struct pending_cmd *cmd;
1525 struct mgmt_mode *cp;
970ba524 1526 struct hci_request req;
bfaf8c9f
JH		 1527 bool changed;
1528
1529 BT_DBG("status 0x%02x", status);
1530
1531 hci_dev_lock(hdev);
1532
1533 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1534 if (!cmd)
1535 goto unlock;
1536
1537 if (status) {
1538 u8 mgmt_err = mgmt_status(status);
1539 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1540 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1541 goto remove_cmd;
1542 }
1543
1544 cp = cmd->param;
d4462a07 1545 if (cp->val) {
bfaf8c9f
JH		 1546 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1547 &hdev->dev_flags);
d4462a07
MH		 1548
1549 if (hdev->discov_timeout > 0) {
1550 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1551 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1552 to);
1553 }
1554 } else {
bfaf8c9f
JH		 1555 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1556 &hdev->dev_flags);
d4462a07 1557 }
bfaf8c9f
JH		 1558
1559 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1560
1561 if (changed)
1562 new_settings(hdev, cmd->sk);
1563
970ba524
MH		 1564 /* When the discoverable mode gets changed, make sure
1565 * that class of device has the limited discoverable
432df05e
JH		 1566 * bit correctly set. Also update page scan based on whitelist
1567 * entries.
970ba524
MH		 1568 */
1569 hci_req_init(&req, hdev);
1d2dc5b7 1570 __hci_update_page_scan(&req);
970ba524
MH		 1571 update_class(&req);
1572 hci_req_run(&req, NULL);
1573
bfaf8c9f
JH		 1574remove_cmd:
1575 mgmt_pending_remove(cmd);
1576
1577unlock:
1578 hci_dev_unlock(hdev);
1579}
1580
bdb6d971 1581static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1582 u16 len)
73f22f62 1583{
650f726d 1584 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1585 struct pending_cmd *cmd;
bfaf8c9f 1586 struct hci_request req;
5e5282bb 1587 u16 timeout;
9a43e25f 1588 u8 scan;
73f22f62
JH		 1589 int err;
1590
bdb6d971 1591 BT_DBG("request for %s", hdev->name);
73f22f62 1592
9a43e25f
JH		 1593 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1594 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1595 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1596 MGMT_STATUS_REJECTED);
33c525c0 1597
310a3d48 1598 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1599 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1600 MGMT_STATUS_INVALID_PARAMS);
1601
1f350c87 1602 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1603
1604 /* Disabling discoverable requires that no timeout is set,
1605 * and enabling limited discoverable requires a timeout.
1606 */
1607 if ((cp->val == 0x00 && timeout > 0) ||
1608 (cp->val == 0x02 && timeout == 0))
bdb6d971 1609 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1610 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1611
09fd0de5 1612 hci_dev_lock(hdev);
73f22f62 1613
5e5282bb 1614 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1615 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1616 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1617 goto failed;
1618 }
1619
2e58ef3e 1620 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1621 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1622 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1623 MGMT_STATUS_BUSY);
73f22f62
JH		 1624 goto failed;
1625 }
1626
5e5282bb 1627 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1628 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1629 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1630 goto failed;
1631 }
1632
1633 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1634 bool changed = false;
1635
310a3d48
MH		 1636 /* Setting limited discoverable when powered off is
1637 * not a valid operation since it requires a timeout
1638 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1639 */
0224d2fa
JH		 1640 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1641 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1642 changed = true;
1643 }
1644
5e5282bb 1645 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1646 if (err < 0)
1647 goto failed;
1648
1649 if (changed)
1650 err = new_settings(hdev, sk);
1651
5e5282bb
JH		 1652 goto failed;
1653 }
1654
310a3d48
MH		 1655 /* If the current mode is the same, then just update the timeout
1656 * value with the new value. And if only the timeout gets updated,
1657 * then no need for any HCI transactions.
1658 */
1659 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1660 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1661 &hdev->dev_flags)) {
36261547
MH		 1662 cancel_delayed_work(&hdev->discov_off);
1663 hdev->discov_timeout = timeout;
955638ec 1664
36261547
MH		 1665 if (cp->val && hdev->discov_timeout > 0) {
1666 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1667 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1668 to);
955638ec
MH		 1669 }
1670
69ab39ea 1671 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1672 goto failed;
1673 }
1674
2e58ef3e 1675 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1676 if (!cmd) {
1677 err = -ENOMEM;
73f22f62 1678 goto failed;
366a0336 1679 }
73f22f62 1680
310a3d48
MH		 1681 /* Cancel any potential discoverable timeout that might be
1682 * still active and store new timeout value. The arming of
1683 * the timeout happens in the complete handler.
1684 */
1685 cancel_delayed_work(&hdev->discov_off);
1686 hdev->discov_timeout = timeout;
1687
b456f87c
JH		 1688 /* Limited discoverable mode */
1689 if (cp->val == 0x02)
1690 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1691 else
1692 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1693
bfaf8c9f
JH		 1694 hci_req_init(&req, hdev);
1695
9a43e25f
JH		 1696 /* The procedure for LE-only controllers is much simpler - just
1697 * update the advertising data.
1698 */
1699 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1700 goto update_ad;
1701
73f22f62
JH		 1702 scan = SCAN_PAGE;
1703
310a3d48
MH		 1704 if (cp->val) {
1705 struct hci_cp_write_current_iac_lap hci_cp;
1706
1707 if (cp->val == 0x02) {
1708 /* Limited discoverable mode */
33337dcb 1709 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1710 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1711 hci_cp.iac_lap[1] = 0x8b;
1712 hci_cp.iac_lap[2] = 0x9e;
1713 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1714 hci_cp.iac_lap[4] = 0x8b;
1715 hci_cp.iac_lap[5] = 0x9e;
1716 } else {
1717 /* General discoverable mode */
310a3d48
MH		 1718 hci_cp.num_iac = 1;
1719 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1720 hci_cp.iac_lap[1] = 0x8b;
1721 hci_cp.iac_lap[2] = 0x9e;
1722 }
1723
1724 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1725 (hci_cp.num_iac * 3) + 1, &hci_cp);
1726
73f22f62 1727 scan |= SCAN_INQUIRY;
310a3d48
MH		 1728 } else {
1729 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1730 }
73f22f62 1731
310a3d48 1732 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1733
9a43e25f
JH		 1734update_ad:
1735 update_adv_data(&req);
1736
bfaf8c9f 1737 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1738 if (err < 0)
a664b5bc 1739 mgmt_pending_remove(cmd);
73f22f62
JH		 1740
1741failed:
09fd0de5 1742 hci_dev_unlock(hdev);
73f22f62
JH		 1743 return err;
1744}
1745
406d7804
JH		 1746static void write_fast_connectable(struct hci_request *req, bool enable)
1747{
bd98b996 1748 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1749 struct hci_cp_write_page_scan_activity acp;
1750 u8 type;
1751
547003b1
JH		 1752 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1753 return;
1754
4c01f8b8
JH		 1755 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1756 return;
1757
406d7804
JH		 1758 if (enable) {
1759 type = PAGE_SCAN_TYPE_INTERLACED;
1760
1761 /* 160 msec page scan interval */
dcf4adbf 1762 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1763 } else {
1764 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1765
1766 /* default 1.28 sec page scan */
dcf4adbf 1767 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1768 }
1769
dcf4adbf 1770 acp.window = cpu_to_le16(0x0012);
406d7804 1771
bd98b996
JH		 1772 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1773 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1774 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1775 sizeof(acp), &acp);
1776
1777 if (hdev->page_scan_type != type)
1778 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1779}
1780
2b76f453
JH		 1781static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1782{
1783 struct pending_cmd *cmd;
d7b856f9 1784 struct mgmt_mode *cp;
bc6d2d04 1785 bool conn_changed, discov_changed;
2b76f453
JH		 1786
1787 BT_DBG("status 0x%02x", status);
1788
1789 hci_dev_lock(hdev);
1790
1791 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1792 if (!cmd)
1793 goto unlock;
1794
37438c1f
JH		 1795 if (status) {
1796 u8 mgmt_err = mgmt_status(status);
1797 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1798 goto remove_cmd;
1799 }
1800
d7b856f9 1801 cp = cmd->param;
bc6d2d04
JH		 1802 if (cp->val) {
1803 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1804 &hdev->dev_flags);
1805 discov_changed = false;
1806 } else {
1807 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1808 &hdev->dev_flags);
1809 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1810 &hdev->dev_flags);
1811 }
d7b856f9 1812
2b76f453
JH		 1813 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1814
bc6d2d04 1815 if (conn_changed || discov_changed) {
d7b856f9 1816 new_settings(hdev, cmd->sk);
1d2dc5b7 1817 hci_update_page_scan(hdev);
bc6d2d04
JH		 1818 if (discov_changed)
1819 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1820 hci_update_background_scan(hdev);
1821 }
d7b856f9 1822
37438c1f 1823remove_cmd:
2b76f453
JH		 1824 mgmt_pending_remove(cmd);
1825
1826unlock:
1827 hci_dev_unlock(hdev);
1828}
1829
e8ba3a1f
JH		 1830static int set_connectable_update_settings(struct hci_dev *hdev,
1831 struct sock *sk, u8 val)
1832{
1833 bool changed = false;
1834 int err;
1835
1836 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1837 changed = true;
1838
1839 if (val) {
1840 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1841 } else {
1842 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1843 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1844 }
1845
1846 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1847 if (err < 0)
1848 return err;
1849
562064e6 1850 if (changed) {
1d2dc5b7 1851 hci_update_page_scan(hdev);
562064e6 1852 hci_update_background_scan(hdev);
e8ba3a1f 1853 return new_settings(hdev, sk);
562064e6 1854 }
e8ba3a1f
JH		 1855
1856 return 0;
1857}
1858
bdb6d971 1859static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1860 u16 len)
9fbcbb45 1861{
650f726d 1862 struct mgmt_mode *cp = data;
366a0336 1863 struct pending_cmd *cmd;
2b76f453 1864 struct hci_request req;
1987fdc7 1865 u8 scan;
9fbcbb45
JH		 1866 int err;
1867
bdb6d971 1868 BT_DBG("request for %s", hdev->name);
9fbcbb45 1869
1987fdc7
JH		 1870 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1871 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1872 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1873 MGMT_STATUS_REJECTED);
33c525c0 1874
a7e80f25
JH		 1875 if (cp->val != 0x00 && cp->val != 0x01)
1876 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1877 MGMT_STATUS_INVALID_PARAMS);
1878
09fd0de5 1879 hci_dev_lock(hdev);
9fbcbb45 1880
4b34ee78 1881 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1882 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1883 goto failed;
1884 }
1885
2e58ef3e 1886 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1887 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1888 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1889 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1890 goto failed;
1891 }
1892
2e58ef3e 1893 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1894 if (!cmd) {
1895 err = -ENOMEM;
9fbcbb45 1896 goto failed;
366a0336 1897 }
9fbcbb45 1898
9b74246f 1899 hci_req_init(&req, hdev);
9fbcbb45 1900
9a43e25f
JH		 1901 /* If BR/EDR is not enabled and we disable advertising as a
1902 * by-product of disabling connectable, we need to update the
1903 * advertising flags.
1904 */
1905 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1906 if (!cp->val) {
1907 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1908 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1909 }
1910 update_adv_data(&req);
1911 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1912 if (cp->val) {
1913 scan = SCAN_PAGE;
1914 } else {
3bd27240
JH		 1915 /* If we don't have any whitelist entries just
1916 * disable all scanning. If there are entries
1917 * and we had both page and inquiry scanning
1918 * enabled then fall back to only page scanning.
1919 * Otherwise no changes are needed.
1920 */
1921 if (list_empty(&hdev->whitelist))
1922 scan = SCAN_DISABLED;
1923 else if (test_bit(HCI_ISCAN, &hdev->flags))
1924 scan = SCAN_PAGE;
1925 else
1926 goto no_scan_update;
9b74246f
JH		 1927
1928 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1929 hdev->discov_timeout > 0)
9b74246f
JH		 1930 cancel_delayed_work(&hdev->discov_off);
1931 }
2b76f453 1932
9b74246f
JH		 1933 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1934 }
2b76f453 1935
3bd27240 1936no_scan_update:
4c01f8b8
JH		 1937 /* If we're going from non-connectable to connectable or
1938 * vice-versa when fast connectable is enabled ensure that fast
1939 * connectable gets disabled. write_fast_connectable won't do
1940 * anything if the page scan parameters are already what they
1941 * should be.
1942 */
1943 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1944 write_fast_connectable(&req, false);
1945
e8b1202c
JH		 1946 /* Update the advertising parameters if necessary */
1947 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1987fdc7 1948 enable_advertising(&req);
1987fdc7 1949
2b76f453 1950 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1951 if (err < 0) {
a664b5bc 1952 mgmt_pending_remove(cmd);
9b74246f 1953 if (err == -ENODATA)
a81070ba
JH		 1954 err = set_connectable_update_settings(hdev, sk,
1955 cp->val);
9b74246f
JH		 1956 goto failed;
1957 }
9fbcbb45
JH		 1958
1959failed:
09fd0de5 1960 hci_dev_unlock(hdev);
9fbcbb45
JH		 1961 return err;
1962}
1963
b2939475 1964static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1965 u16 len)
c542a06c 1966{
650f726d 1967 struct mgmt_mode *cp = data;
55594356 1968 bool changed;
c542a06c
JH		 1969 int err;
1970
bdb6d971 1971 BT_DBG("request for %s", hdev->name);
c542a06c 1972
a7e80f25 1973 if (cp->val != 0x00 && cp->val != 0x01)
b2939475 1974 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
a7e80f25
JH		 1975 MGMT_STATUS_INVALID_PARAMS);
1976
09fd0de5 1977 hci_dev_lock(hdev);
c542a06c
JH		 1978
1979 if (cp->val)
b6ae8457 1980 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1981 else
b6ae8457 1982 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1983
b2939475 1984 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1985 if (err < 0)
55594356 1986 goto unlock;
c542a06c 1987
55594356
MH		 1988 if (changed)
1989 err = new_settings(hdev, sk);
c542a06c 1990
55594356 1991unlock:
09fd0de5 1992 hci_dev_unlock(hdev);
c542a06c
JH		 1993 return err;
1994}
1995
04124681
GP		 1996static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1997 u16 len)
33ef95ed
JH		 1998{
1999 struct mgmt_mode *cp = data;
2000 struct pending_cmd *cmd;
e6fe7986 2001 u8 val, status;
33ef95ed
JH		 2002 int err;
2003
bdb6d971 2004 BT_DBG("request for %s", hdev->name);
33ef95ed 2005
e6fe7986
JH		 2006 status = mgmt_bredr_support(hdev);
2007 if (status)
33c525c0 2008 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 2009 status);
33c525c0 2010
a7e80f25
JH		 2011 if (cp->val != 0x00 && cp->val != 0x01)
2012 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2013 MGMT_STATUS_INVALID_PARAMS);
2014
33ef95ed
JH		 2015 hci_dev_lock(hdev);
2016
4b34ee78 2017 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2018 bool changed = false;
2019
2020 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 2021 &hdev->dev_flags)) {
47990ea0
JH		 2022 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
2023 changed = true;
2024 }
2025
2026 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2027 if (err < 0)
2028 goto failed;
2029
2030 if (changed)
2031 err = new_settings(hdev, sk);
2032
33ef95ed
JH		 2033 goto failed;
2034 }
2035
2036 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 2037 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 2038 MGMT_STATUS_BUSY);
33ef95ed
JH		 2039 goto failed;
2040 }
2041
2042 val = !!cp->val;
2043
2044 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2045 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2046 goto failed;
2047 }
2048
2049 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2050 if (!cmd) {
2051 err = -ENOMEM;
2052 goto failed;
2053 }
2054
2055 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2056 if (err < 0) {
2057 mgmt_pending_remove(cmd);
2058 goto failed;
2059 }
2060
2061failed:
2062 hci_dev_unlock(hdev);
33ef95ed
JH		 2063 return err;
2064}
2065
bdb6d971 2066static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2067{
2068 struct mgmt_mode *cp = data;
2069 struct pending_cmd *cmd;
72ef0c1a 2070 u8 status;
ed2c4ee3
JH		 2071 int err;
2072
bdb6d971 2073 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2074
cdba5281
MH		 2075 status = mgmt_bredr_support(hdev);
2076 if (status)
2077 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2078
13ecd8b6
JH		 2079 if (!lmp_ssp_capable(hdev))
2080 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2081 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2082
a7e80f25
JH		 2083 if (cp->val != 0x00 && cp->val != 0x01)
2084 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2085 MGMT_STATUS_INVALID_PARAMS);
2086
13ecd8b6 2087 hci_dev_lock(hdev);
6c8f12c1 2088
4b34ee78 2089 if (!hdev_is_powered(hdev)) {
9ecb3e24 2090 bool changed;
c0ecddc2 2091
9ecb3e24
MH		 2092 if (cp->val) {
2093 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2094 &hdev->dev_flags);
2095 } else {
2096 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2097 &hdev->dev_flags);
2098 if (!changed)
2099 changed = test_and_clear_bit(HCI_HS_ENABLED,
2100 &hdev->dev_flags);
2101 else
2102 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2103 }
2104
2105 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2106 if (err < 0)
2107 goto failed;
2108
2109 if (changed)
2110 err = new_settings(hdev, sk);
2111
ed2c4ee3
JH		 2112 goto failed;
2113 }
2114
9ecb3e24
MH		 2115 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2116 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 2117 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2118 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2119 goto failed;
2120 }
2121
72ef0c1a 2122 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2123 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2124 goto failed;
2125 }
2126
2127 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2128 if (!cmd) {
2129 err = -ENOMEM;
2130 goto failed;
2131 }
2132
3769972b
JH		 2133 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2134 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2135 sizeof(cp->val), &cp->val);
2136
72ef0c1a 2137 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2138 if (err < 0) {
2139 mgmt_pending_remove(cmd);
2140 goto failed;
2141 }
2142
2143failed:
2144 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2145 return err;
2146}
2147
bdb6d971 2148static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2149{
2150 struct mgmt_mode *cp = data;
ee392693 2151 bool changed;
e6fe7986 2152 u8 status;
ee392693 2153 int err;
6d80dfd0 2154
bdb6d971 2155 BT_DBG("request for %s", hdev->name);
6d80dfd0 2156
e6fe7986
JH		 2157 status = mgmt_bredr_support(hdev);
2158 if (status)
2159 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2160
9ecb3e24
MH		 2161 if (!lmp_ssp_capable(hdev))
2162 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2163 MGMT_STATUS_NOT_SUPPORTED);
2164
2165 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2166 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2167 MGMT_STATUS_REJECTED);
2168
a7e80f25
JH		 2169 if (cp->val != 0x00 && cp->val != 0x01)
2170 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2171 MGMT_STATUS_INVALID_PARAMS);
2172
ee392693
MH		 2173 hci_dev_lock(hdev);
2174
a0cdf960 2175 if (cp->val) {
ee392693 2176 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2177 } else {
2178 if (hdev_is_powered(hdev)) {
2179 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2180 MGMT_STATUS_REJECTED);
2181 goto unlock;
2182 }
2183
ee392693 2184 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2185 }
ee392693
MH		 2186
2187 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2188 if (err < 0)
2189 goto unlock;
2190
2191 if (changed)
2192 err = new_settings(hdev, sk);
6d80dfd0 2193
ee392693
MH		 2194unlock:
2195 hci_dev_unlock(hdev);
2196 return err;
6d80dfd0
JH		 2197}
2198
416a4ae5
JH		 2199static void le_enable_complete(struct hci_dev *hdev, u8 status)
2200{
2201 struct cmd_lookup match = { NULL, hdev };
2202
3ad67582
JK		 2203 hci_dev_lock(hdev);
2204
416a4ae5
JH		 2205 if (status) {
2206 u8 mgmt_err = mgmt_status(status);
2207
2208 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2209 &mgmt_err);
3ad67582 2210 goto unlock;
416a4ae5
JH		 2211 }
2212
2213 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2214
2215 new_settings(hdev, match.sk);
2216
2217 if (match.sk)
2218 sock_put(match.sk);
441ad2d0
MH		 2219
2220 /* Make sure the controller has a good default for
2221 * advertising data. Restrict the update to when LE
2222 * has actually been enabled. During power on, the
2223 * update in powered_update_hci will take care of it.
2224 */
2225 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2226 struct hci_request req;
2227
441ad2d0 2228 hci_req_init(&req, hdev);
5947f4bc 2229 update_adv_data(&req);
f14d8f64 2230 update_scan_rsp_data(&req);
2cf22218 2231 __hci_update_background_scan(&req);
441ad2d0 2232 hci_req_run(&req, NULL);
441ad2d0 2233 }
3ad67582
JK		 2234
2235unlock:
2236 hci_dev_unlock(hdev);
416a4ae5
JH		 2237}
2238
bdb6d971 2239static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2240{
2241 struct mgmt_mode *cp = data;
2242 struct hci_cp_write_le_host_supported hci_cp;
2243 struct pending_cmd *cmd;
416a4ae5 2244 struct hci_request req;
06199cf8 2245 int err;
0b60eba1 2246 u8 val, enabled;
06199cf8 2247
bdb6d971 2248 BT_DBG("request for %s", hdev->name);
06199cf8 2249
13ecd8b6
JH		 2250 if (!lmp_le_capable(hdev))
2251 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2252 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2253
a7e80f25
JH		 2254 if (cp->val != 0x00 && cp->val != 0x01)
2255 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2256 MGMT_STATUS_INVALID_PARAMS);
2257
c73eee91 2258 /* LE-only devices do not allow toggling LE on/off */
56f87901 2259 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2260 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2261 MGMT_STATUS_REJECTED);
2262
13ecd8b6 2263 hci_dev_lock(hdev);
06199cf8
JH		 2264
2265 val = !!cp->val;
ffa88e02 2266 enabled = lmp_host_le_capable(hdev);
06199cf8 2267
0b60eba1 2268 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2269 bool changed = false;
2270
2271 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2272 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2273 changed = true;
2274 }
2275
f3d3444a
JH		 2276 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2277 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2278 changed = true;
2279 }
2280
06199cf8
JH		 2281 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2282 if (err < 0)
1de028ce 2283 goto unlock;
06199cf8
JH		 2284
2285 if (changed)
2286 err = new_settings(hdev, sk);
2287
1de028ce 2288 goto unlock;
06199cf8
JH		 2289 }
2290
4375f103
JH		 2291 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2292 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2293 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2294 MGMT_STATUS_BUSY);
1de028ce 2295 goto unlock;
06199cf8
JH		 2296 }
2297
2298 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2299 if (!cmd) {
2300 err = -ENOMEM;
1de028ce 2301 goto unlock;
06199cf8
JH		 2302 }
2303
441ad2d0
MH		 2304 hci_req_init(&req, hdev);
2305
06199cf8
JH		 2306 memset(&hci_cp, 0, sizeof(hci_cp));
2307
2308 if (val) {
2309 hci_cp.le = val;
32226e4f 2310 hci_cp.simul = 0x00;
441ad2d0 2311 } else {
73e082f8 2312 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
441ad2d0 2313 disable_advertising(&req);
06199cf8
JH		 2314 }
2315
416a4ae5
JH		 2316 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2317 &hci_cp);
2318
2319 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2320 if (err < 0)
06199cf8 2321 mgmt_pending_remove(cmd);
06199cf8 2322
1de028ce
JH		 2323unlock:
2324 hci_dev_unlock(hdev);
06199cf8
JH		 2325 return err;
2326}
2327
0cab9c80
JH		 2328/* This is a helper function to test for pending mgmt commands that can
2329 * cause CoD or EIR HCI commands. We can only allow one such pending
2330 * mgmt command at a time since otherwise we cannot easily track what
2331 * the current values are, will be, and based on that calculate if a new
2332 * HCI command needs to be sent and if yes with what value.
2333 */
2334static bool pending_eir_or_class(struct hci_dev *hdev)
2335{
2336 struct pending_cmd *cmd;
2337
2338 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2339 switch (cmd->opcode) {
2340 case MGMT_OP_ADD_UUID:
2341 case MGMT_OP_REMOVE_UUID:
2342 case MGMT_OP_SET_DEV_CLASS:
2343 case MGMT_OP_SET_POWERED:
2344 return true;
2345 }
2346 }
2347
2348 return false;
2349}
2350
83be8eca
JH		 2351static const u8 bluetooth_base_uuid[] = {
2352 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2353 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2354};
2355
2356static u8 get_uuid_size(const u8 *uuid)
2357{
2358 u32 val;
2359
2360 if (memcmp(uuid, bluetooth_base_uuid, 12))
2361 return 128;
2362
2363 val = get_unaligned_le32(&uuid[12]);
2364 if (val > 0xffff)
2365 return 32;
2366
2367 return 16;
2368}
2369
92da6097
JH		 2370static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2371{
2372 struct pending_cmd *cmd;
2373
2374 hci_dev_lock(hdev);
2375
2376 cmd = mgmt_pending_find(mgmt_op, hdev);
2377 if (!cmd)
2378 goto unlock;
2379
2380 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2381 hdev->dev_class, 3);
2382
2383 mgmt_pending_remove(cmd);
2384
2385unlock:
2386 hci_dev_unlock(hdev);
2387}
2388
2389static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2390{
2391 BT_DBG("status 0x%02x", status);
2392
2393 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2394}
2395
bdb6d971 2396static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2397{
650f726d 2398 struct mgmt_cp_add_uuid *cp = data;
90e70454 2399 struct pending_cmd *cmd;
890ea898 2400 struct hci_request req;
2aeb9a1a 2401 struct bt_uuid *uuid;
2aeb9a1a
JH		 2402 int err;
2403
bdb6d971 2404 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2405
09fd0de5 2406 hci_dev_lock(hdev);
2aeb9a1a 2407
0cab9c80 2408 if (pending_eir_or_class(hdev)) {
bdb6d971 2409 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2410 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2411 goto failed;
2412 }
2413
92c4c204 2414 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2415 if (!uuid) {
2416 err = -ENOMEM;
2417 goto failed;
2418 }
2419
2420 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2421 uuid->svc_hint = cp->svc_hint;
83be8eca 2422 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2423
de66aa63 2424 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2425
890ea898 2426 hci_req_init(&req, hdev);
1aff6f09 2427
890ea898
JH		 2428 update_class(&req);
2429 update_eir(&req);
2430
92da6097
JH		 2431 err = hci_req_run(&req, add_uuid_complete);
2432 if (err < 0) {
2433 if (err != -ENODATA)
2434 goto failed;
80a1e1db 2435
bdb6d971 2436 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2437 hdev->dev_class, 3);
90e70454
JH		 2438 goto failed;
2439 }
2440
2441 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2442 if (!cmd) {
90e70454 2443 err = -ENOMEM;
890ea898
JH		 2444 goto failed;
2445 }
2446
2447 err = 0;
2aeb9a1a
JH		 2448
2449failed:
09fd0de5 2450 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2451 return err;
2452}
2453
24b78d0f
JH		 2454static bool enable_service_cache(struct hci_dev *hdev)
2455{
2456 if (!hdev_is_powered(hdev))
2457 return false;
2458
2459 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2460 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2461 CACHE_TIMEOUT);
24b78d0f
JH		 2462 return true;
2463 }
2464
2465 return false;
2466}
2467
92da6097
JH		 2468static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2469{
2470 BT_DBG("status 0x%02x", status);
2471
2472 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2473}
2474
bdb6d971 2475static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2476 u16 len)
2aeb9a1a 2477{
650f726d 2478 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2479 struct pending_cmd *cmd;
056341c8 2480 struct bt_uuid *match, *tmp;
2aeb9a1a 2481 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2482 struct hci_request req;
2aeb9a1a
JH		 2483 int err, found;
2484
bdb6d971 2485 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2486
09fd0de5 2487 hci_dev_lock(hdev);
2aeb9a1a 2488
0cab9c80 2489 if (pending_eir_or_class(hdev)) {
bdb6d971 2490 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2491 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2492 goto unlock;
2493 }
2494
2aeb9a1a 2495 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2496 hci_uuids_clear(hdev);
4004b6d9 2497
24b78d0f 2498 if (enable_service_cache(hdev)) {
bdb6d971 2499 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2500 0, hdev->dev_class, 3);
24b78d0f
JH		 2501 goto unlock;
2502 }
4004b6d9 2503
9246a869 2504 goto update_class;
2aeb9a1a
JH		 2505 }
2506
2507 found = 0;
2508
056341c8 2509 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2510 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2511 continue;
2512
2513 list_del(&match->list);
482049f7 2514 kfree(match);
2aeb9a1a
JH		 2515 found++;
2516 }
2517
2518 if (found == 0) {
bdb6d971 2519 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2520 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2521 goto unlock;
2522 }
2523
9246a869 2524update_class:
890ea898 2525 hci_req_init(&req, hdev);
1aff6f09 2526
890ea898
JH		 2527 update_class(&req);
2528 update_eir(&req);
2529
92da6097
JH		 2530 err = hci_req_run(&req, remove_uuid_complete);
2531 if (err < 0) {
2532 if (err != -ENODATA)
2533 goto unlock;
80a1e1db 2534
bdb6d971 2535 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2536 hdev->dev_class, 3);
90e70454
JH		 2537 goto unlock;
2538 }
2539
2540 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2541 if (!cmd) {
90e70454 2542 err = -ENOMEM;
890ea898
JH		 2543 goto unlock;
2544 }
2545
2546 err = 0;
2aeb9a1a
JH		 2547
2548unlock:
09fd0de5 2549 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2550 return err;
2551}
2552
92da6097
JH		 2553static void set_class_complete(struct hci_dev *hdev, u8 status)
2554{
2555 BT_DBG("status 0x%02x", status);
2556
2557 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2558}
2559
bdb6d971 2560static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2561 u16 len)
1aff6f09 2562{
650f726d 2563 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2564 struct pending_cmd *cmd;
890ea898 2565 struct hci_request req;
1aff6f09
JH		 2566 int err;
2567
bdb6d971 2568 BT_DBG("request for %s", hdev->name);
1aff6f09 2569
6203fc98 2570 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2571 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2572 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2573
0cab9c80 2574 hci_dev_lock(hdev);
ee98f473 2575
0cab9c80
JH		 2576 if (pending_eir_or_class(hdev)) {
2577 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2578 MGMT_STATUS_BUSY);
2579 goto unlock;
2580 }
c95f0ba7 2581
0cab9c80
JH		 2582 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2583 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2584 MGMT_STATUS_INVALID_PARAMS);
2585 goto unlock;
2586 }
575b3a02 2587
932f5ff5
JH		 2588 hdev->major_class = cp->major;
2589 hdev->minor_class = cp->minor;
2590
b5235a65 2591 if (!hdev_is_powered(hdev)) {
bdb6d971 2592 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2593 hdev->dev_class, 3);
b5235a65
JH		 2594 goto unlock;
2595 }
2596
890ea898
JH		 2597 hci_req_init(&req, hdev);
2598
a8b2d5c2 2599 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2600 hci_dev_unlock(hdev);
2601 cancel_delayed_work_sync(&hdev->service_cache);
2602 hci_dev_lock(hdev);
890ea898 2603 update_eir(&req);
7d78525d 2604 }
14c0b608 2605
890ea898
JH		 2606 update_class(&req);
2607
92da6097
JH		 2608 err = hci_req_run(&req, set_class_complete);
2609 if (err < 0) {
2610 if (err != -ENODATA)
2611 goto unlock;
1aff6f09 2612
bdb6d971 2613 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2614 hdev->dev_class, 3);
90e70454
JH		 2615 goto unlock;
2616 }
2617
2618 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2619 if (!cmd) {
90e70454 2620 err = -ENOMEM;
890ea898
JH		 2621 goto unlock;
2622 }
2623
2624 err = 0;
1aff6f09 2625
b5235a65 2626unlock:
09fd0de5 2627 hci_dev_unlock(hdev);
1aff6f09
JH		 2628 return err;
2629}
2630
bdb6d971 2631static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2632 u16 len)
55ed8ca1 2633{
650f726d 2634 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2635 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2636 sizeof(struct mgmt_link_key_info));
4e51eae9 2637 u16 key_count, expected_len;
b1de97d8 2638 bool changed;
a492cd52 2639 int i;
55ed8ca1 2640
9060d5cf
MH		 2641 BT_DBG("request for %s", hdev->name);
2642
2643 if (!lmp_bredr_capable(hdev))
2644 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2645 MGMT_STATUS_NOT_SUPPORTED);
2646
1f350c87 2647 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2648 if (key_count > max_key_count) {
2649 BT_ERR("load_link_keys: too big key_count value %u",
2650 key_count);
2651 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2652 MGMT_STATUS_INVALID_PARAMS);
2653 }
55ed8ca1 2654
86742e1e
JH		 2655 expected_len = sizeof(*cp) + key_count *
2656 sizeof(struct mgmt_link_key_info);
a492cd52 2657 if (expected_len != len) {
86742e1e 2658 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2659 expected_len, len);
bdb6d971 2660 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2661 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2662 }
2663
4ae14301
JH		 2664 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2665 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2666 MGMT_STATUS_INVALID_PARAMS);
2667
bdb6d971 2668 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2669 key_count);
55ed8ca1 2670
4ee71b20
JH		 2671 for (i = 0; i < key_count; i++) {
2672 struct mgmt_link_key_info *key = &cp->keys[i];
2673
8e991132 2674 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2675 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2676 MGMT_STATUS_INVALID_PARAMS);
2677 }
2678
09fd0de5 2679 hci_dev_lock(hdev);
55ed8ca1
JH		 2680
2681 hci_link_keys_clear(hdev);
2682
55ed8ca1 2683 if (cp->debug_keys)
0663b297
JH		 2684 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2685 &hdev->dev_flags);
55ed8ca1 2686 else
0663b297
JH		 2687 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2688 &hdev->dev_flags);
b1de97d8
MH		 2689
2690 if (changed)
2691 new_settings(hdev, NULL);
55ed8ca1 2692
a492cd52 2693 for (i = 0; i < key_count; i++) {
86742e1e 2694 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2695
58e9293c
JH		 2696 /* Always ignore debug keys and require a new pairing if
2697 * the user wants to use them.
2698 */
2699 if (key->type == HCI_LK_DEBUG_COMBINATION)
2700 continue;
2701
7652ff6a
JH		 2702 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2703 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2704 }
2705
bdb6d971 2706 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2707
09fd0de5 2708 hci_dev_unlock(hdev);
55ed8ca1 2709
a492cd52 2710 return 0;
55ed8ca1
JH		 2711}
2712
b1078ad0 2713static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2714 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2715{
2716 struct mgmt_ev_device_unpaired ev;
2717
2718 bacpy(&ev.addr.bdaddr, bdaddr);
2719 ev.addr.type = addr_type;
2720
2721 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2722 skip_sk);
b1078ad0
JH		 2723}
2724
bdb6d971 2725static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2726 u16 len)
55ed8ca1 2727{
124f6e35
JH		 2728 struct mgmt_cp_unpair_device *cp = data;
2729 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2730 struct hci_cp_disconnect dc;
2731 struct pending_cmd *cmd;
55ed8ca1 2732 struct hci_conn *conn;
55ed8ca1
JH		 2733 int err;
2734
a8a1d19e 2735 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2736 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2737 rp.addr.type = cp->addr.type;
a8a1d19e 2738
4ee71b20
JH		 2739 if (!bdaddr_type_is_valid(cp->addr.type))
2740 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2741 MGMT_STATUS_INVALID_PARAMS,
2742 &rp, sizeof(rp));
2743
118da70b
JH		 2744 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2745 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2746 MGMT_STATUS_INVALID_PARAMS,
2747 &rp, sizeof(rp));
2748
4ee71b20
JH		 2749 hci_dev_lock(hdev);
2750
86a8cfc6 2751 if (!hdev_is_powered(hdev)) {
bdb6d971 2752 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2753 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2754 goto unlock;
2755 }
2756
e0b2b27e 2757 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2758 /* If disconnection is requested, then look up the
2759 * connection. If the remote device is connected, it
2760 * will be later used to terminate the link.
2761 *
2762 * Setting it to NULL explicitly will cause no
2763 * termination of the link.
2764 */
2765 if (cp->disconnect)
2766 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2767 &cp->addr.bdaddr);
2768 else
2769 conn = NULL;
2770
124f6e35 2771 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2772 } else {
2773 u8 addr_type;
2774
89cbb063
AA		 2775 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2776 &cp->addr.bdaddr);
2777 if (conn) {
2778 /* Defer clearing up the connection parameters
2779 * until closing to give a chance of keeping
2780 * them if a repairing happens.
2781 */
2782 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2783
2784 /* If disconnection is not requested, then
2785 * clear the connection variable so that the
2786 * link is not terminated.
2787 */
2788 if (!cp->disconnect)
2789 conn = NULL;
2790 }
2791
e0b2b27e
JH		 2792 if (cp->addr.type == BDADDR_LE_PUBLIC)
2793 addr_type = ADDR_LE_DEV_PUBLIC;
2794 else
2795 addr_type = ADDR_LE_DEV_RANDOM;
2796
a7ec7338
JH		 2797 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2798
e0b2b27e
JH		 2799 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2800 }
b0dbfb46 2801
55ed8ca1 2802 if (err < 0) {
bdb6d971 2803 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2804 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2805 goto unlock;
2806 }
2807
89cbb063
AA		 2808 /* If the connection variable is set, then termination of the
2809 * link is requested.
2810 */
a8a1d19e 2811 if (!conn) {
bdb6d971 2812 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2813 &rp, sizeof(rp));
b1078ad0 2814 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2815 goto unlock;
2816 }
55ed8ca1 2817
124f6e35 2818 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2819 sizeof(*cp));
a8a1d19e
JH		 2820 if (!cmd) {
2821 err = -ENOMEM;
2822 goto unlock;
55ed8ca1
JH		 2823 }
2824
d8b7b1e4
JH		 2825 cmd->cmd_complete = addr_cmd_complete;
2826
eb55ef07 2827 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2828 dc.reason = 0x13; /* Remote User Terminated Connection */
2829 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2830 if (err < 0)
2831 mgmt_pending_remove(cmd);
2832
55ed8ca1 2833unlock:
09fd0de5 2834 hci_dev_unlock(hdev);
55ed8ca1
JH		 2835 return err;
2836}
2837
bdb6d971 2838static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2839 u16 len)
8962ee74 2840{
650f726d 2841 struct mgmt_cp_disconnect *cp = data;
06a63b19 2842 struct mgmt_rp_disconnect rp;
366a0336 2843 struct pending_cmd *cmd;
8962ee74 2844 struct hci_conn *conn;
8962ee74
JH		 2845 int err;
2846
2847 BT_DBG("");
2848
06a63b19
JH		 2849 memset(&rp, 0, sizeof(rp));
2850 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2851 rp.addr.type = cp->addr.type;
2852
4ee71b20 2853 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2854 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2855 MGMT_STATUS_INVALID_PARAMS,
2856 &rp, sizeof(rp));
4ee71b20 2857
09fd0de5 2858 hci_dev_lock(hdev);
8962ee74
JH		 2859
2860 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2861 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2862 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2863 goto failed;
2864 }
2865
2e58ef3e 2866 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2867 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2868 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2869 goto failed;
2870 }
2871
591f47f3 2872 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2873 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2874 &cp->addr.bdaddr);
88c3df13
JH		 2875 else
2876 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2877
f960727e 2878 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2879 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2880 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2881 goto failed;
2882 }
2883
2e58ef3e 2884 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2885 if (!cmd) {
2886 err = -ENOMEM;
8962ee74 2887 goto failed;
366a0336 2888 }
8962ee74 2889
f5818c22
JH		 2890 cmd->cmd_complete = generic_cmd_complete;
2891
e3f2f92a 2892 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2893 if (err < 0)
a664b5bc 2894 mgmt_pending_remove(cmd);
8962ee74
JH		 2895
2896failed:
09fd0de5 2897 hci_dev_unlock(hdev);
8962ee74
JH		 2898 return err;
2899}
2900
57c1477c 2901static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2902{
2903 switch (link_type) {
2904 case LE_LINK:
48264f06
JH		 2905 switch (addr_type) {
2906 case ADDR_LE_DEV_PUBLIC:
591f47f3 2907 return BDADDR_LE_PUBLIC;
0ed09148 2908
48264f06 2909 default:
0ed09148 2910 /* Fallback to LE Random address type */
591f47f3 2911 return BDADDR_LE_RANDOM;
48264f06 2912 }
0ed09148 2913
4c659c39 2914 default:
0ed09148 2915 /* Fallback to BR/EDR type */
591f47f3 2916 return BDADDR_BREDR;
4c659c39
JH		 2917 }
2918}
2919
04124681
GP		 2920static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2921 u16 data_len)
2784eb41 2922{
2784eb41 2923 struct mgmt_rp_get_connections *rp;
8035ded4 2924 struct hci_conn *c;
a38528f1 2925 size_t rp_len;
60fc5fb6
JH		 2926 int err;
2927 u16 i;
2784eb41
JH		 2928
2929 BT_DBG("");
2930
09fd0de5 2931 hci_dev_lock(hdev);
2784eb41 2932
5f97c1df 2933 if (!hdev_is_powered(hdev)) {
bdb6d971 2934 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2935 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2936 goto unlock;
2937 }
2938
60fc5fb6 2939 i = 0;
b644ba33
JH		 2940 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2941 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2942 i++;
2784eb41
JH		 2943 }
2944
60fc5fb6 2945 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2946 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2947 if (!rp) {
2784eb41
JH		 2948 err = -ENOMEM;
2949 goto unlock;
2950 }
2951
2784eb41 2952 i = 0;
4c659c39 2953 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2954 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2955 continue;
4c659c39 2956 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2957 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2958 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2959 continue;
2960 i++;
2961 }
2962
eb55ef07 2963 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2964
4c659c39
JH		 2965 /* Recalculate length in case of filtered SCO connections, etc */
2966 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2967
bdb6d971 2968 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2969 rp_len);
2784eb41 2970
a38528f1 2971 kfree(rp);
5f97c1df
JH		 2972
2973unlock:
09fd0de5 2974 hci_dev_unlock(hdev);
2784eb41
JH		 2975 return err;
2976}
2977
bdb6d971 2978static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2979 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2980{
2981 struct pending_cmd *cmd;
2982 int err;
2983
2e58ef3e 2984 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2985 sizeof(*cp));
96d97a67
WR		 2986 if (!cmd)
2987 return -ENOMEM;
2988
d8457698 2989 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2990 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2991 if (err < 0)
2992 mgmt_pending_remove(cmd);
2993
2994 return err;
2995}
2996
bdb6d971 2997static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2998 u16 len)
980e1a53 2999{
96d97a67 3000 struct hci_conn *conn;
650f726d 3001 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3002 struct hci_cp_pin_code_reply reply;
366a0336 3003 struct pending_cmd *cmd;
980e1a53
JH		 3004 int err;
3005
3006 BT_DBG("");
3007
09fd0de5 3008 hci_dev_lock(hdev);
980e1a53 3009
4b34ee78 3010 if (!hdev_is_powered(hdev)) {
bdb6d971 3011 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3012 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3013 goto failed;
3014 }
3015
d8457698 3016 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3017 if (!conn) {
bdb6d971 3018 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3019 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3020 goto failed;
3021 }
3022
3023 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3024 struct mgmt_cp_pin_code_neg_reply ncp;
3025
3026 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3027
3028 BT_ERR("PIN code is not 16 bytes long");
3029
bdb6d971 3030 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3031 if (err >= 0)
bdb6d971 3032 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3033 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3034
3035 goto failed;
3036 }
3037
00abfe44 3038 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3039 if (!cmd) {
3040 err = -ENOMEM;
980e1a53 3041 goto failed;
366a0336 3042 }
980e1a53 3043
7776d1d8
JH		 3044 cmd->cmd_complete = addr_cmd_complete;
3045
d8457698 3046 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3047 reply.pin_len = cp->pin_len;
24718ca5 3048 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3049
3050 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3051 if (err < 0)
a664b5bc 3052 mgmt_pending_remove(cmd);
980e1a53
JH		 3053
3054failed:
09fd0de5 3055 hci_dev_unlock(hdev);
980e1a53
JH		 3056 return err;
3057}
3058
04124681
GP		 3059static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3060 u16 len)
17fa4b9d 3061{
650f726d 3062 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3063
3064 BT_DBG("");
3065
4ec86d4c
JH		 3066 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3067 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3068 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3069
09fd0de5 3070 hci_dev_lock(hdev);
17fa4b9d
JH		 3071
3072 hdev->io_capability = cp->io_capability;
3073
3074 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3075 hdev->io_capability);
17fa4b9d 3076
09fd0de5 3077 hci_dev_unlock(hdev);
17fa4b9d 3078
04124681
GP		 3079 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3080 0);
17fa4b9d
JH		 3081}
3082
6039aa73 3083static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3084{
3085 struct hci_dev *hdev = conn->hdev;
8035ded4 3086 struct pending_cmd *cmd;
e9a416b5 3087
2e58ef3e 3088 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3089 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3090 continue;
3091
e9a416b5
JH		 3092 if (cmd->user_data != conn)
3093 continue;
3094
3095 return cmd;
3096 }
3097
3098 return NULL;
3099}
3100
3101static void pairing_complete(struct pending_cmd *cmd, u8 status)
3102{
3103 struct mgmt_rp_pair_device rp;
3104 struct hci_conn *conn = cmd->user_data;
3105
61b1a7fb
JH		 3106 bacpy(&rp.addr.bdaddr, &conn->dst);
3107 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3108
aee9b218 3109 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 3110 &rp, sizeof(rp));
e9a416b5
JH		 3111
3112 /* So we don't get further callbacks for this connection */
3113 conn->connect_cfm_cb = NULL;
3114 conn->security_cfm_cb = NULL;
3115 conn->disconn_cfm_cb = NULL;
3116
76a68ba0 3117 hci_conn_drop(conn);
89cbb063
AA		 3118
3119 /* The device is paired so there is no need to remove
3120 * its connection parameters anymore.
3121 */
3122 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3123
3124 hci_conn_put(conn);
e9a416b5
JH		 3125}
3126
f4a407be
JH		 3127void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3128{
3129 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3130 struct pending_cmd *cmd;
3131
3132 cmd = find_pairing(conn);
a511b35b 3133 if (cmd) {
04ab2749 3134 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3135 mgmt_pending_remove(cmd);
3136 }
f4a407be
JH		 3137}
3138
e9a416b5
JH		 3139static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3140{
3141 struct pending_cmd *cmd;
3142
3143 BT_DBG("status %u", status);
3144
3145 cmd = find_pairing(conn);
a511b35b 3146 if (!cmd) {
e9a416b5 3147 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3148 return;
3149 }
3150
3151 cmd->cmd_complete(cmd, mgmt_status(status));
3152 mgmt_pending_remove(cmd);
e9a416b5
JH		 3153}
3154
f4a407be 3155static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 3156{
3157 struct pending_cmd *cmd;
3158
3159 BT_DBG("status %u", status);
3160
3161 if (!status)
3162 return;
3163
3164 cmd = find_pairing(conn);
a511b35b 3165 if (!cmd) {
4c47d739 3166 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3167 return;
3168 }
3169
3170 cmd->cmd_complete(cmd, mgmt_status(status));
3171 mgmt_pending_remove(cmd);
4c47d739
VA		 3172}
3173
bdb6d971 3174static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3175 u16 len)
e9a416b5 3176{
650f726d 3177 struct mgmt_cp_pair_device *cp = data;
1425acb7 3178 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 3179 struct pending_cmd *cmd;
3180 u8 sec_level, auth_type;
3181 struct hci_conn *conn;
e9a416b5
JH		 3182 int err;
3183
3184 BT_DBG("");
3185
f950a30e
SJ		 3186 memset(&rp, 0, sizeof(rp));
3187 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3188 rp.addr.type = cp->addr.type;
3189
4ee71b20
JH		 3190 if (!bdaddr_type_is_valid(cp->addr.type))
3191 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3192 MGMT_STATUS_INVALID_PARAMS,
3193 &rp, sizeof(rp));
3194
4ec86d4c
JH		 3195 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3196 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3197 MGMT_STATUS_INVALID_PARAMS,
3198 &rp, sizeof(rp));
3199
09fd0de5 3200 hci_dev_lock(hdev);
e9a416b5 3201
5f97c1df 3202 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 3203 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3204 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 3205 goto unlock;
3206 }
3207
c908df36 3208 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3209 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3210
6f77d8c7 3211 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3212 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3213 auth_type);
6f77d8c7
AG		 3214 } else {
3215 u8 addr_type;
3216
3217 /* Convert from L2CAP channel address type to HCI address type
3218 */
3219 if (cp->addr.type == BDADDR_LE_PUBLIC)
3220 addr_type = ADDR_LE_DEV_PUBLIC;
3221 else
3222 addr_type = ADDR_LE_DEV_RANDOM;
3223
7c264b10
MH		 3224 /* When pairing a new device, it is expected to remember
3225 * this device for future connections. Adding the connection
3226 * parameter information ahead of time allows tracking
3227 * of the slave preferred values and will speed up any
3228 * further connection establishment.
3229 *
3230 * If connection parameters already exist, then they
3231 * will be kept and this function does nothing.
3232 */
3233 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3234
6f77d8c7 3235 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3236 sec_level, HCI_LE_CONN_TIMEOUT,
3237 HCI_ROLE_MASTER);
6f77d8c7 3238 }
7a512d01 3239
30e76272 3240 if (IS_ERR(conn)) {
489dc48e
AK		 3241 int status;
3242
3243 if (PTR_ERR(conn) == -EBUSY)
3244 status = MGMT_STATUS_BUSY;
3245 else
3246 status = MGMT_STATUS_CONNECT_FAILED;
3247
bdb6d971 3248 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 3249 status, &rp,
04124681 3250 sizeof(rp));
e9a416b5
JH		 3251 goto unlock;
3252 }
3253
3254 if (conn->connect_cfm_cb) {
76a68ba0 3255 hci_conn_drop(conn);
bdb6d971 3256 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 3257 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3258 goto unlock;
3259 }
3260
2e58ef3e 3261 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3262 if (!cmd) {
3263 err = -ENOMEM;
76a68ba0 3264 hci_conn_drop(conn);
e9a416b5
JH		 3265 goto unlock;
3266 }
3267
04ab2749
JH		 3268 cmd->cmd_complete = pairing_complete;
3269
7a512d01 3270 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3271 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3272 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3273 conn->security_cfm_cb = pairing_complete_cb;
3274 conn->disconn_cfm_cb = pairing_complete_cb;
3275 } else {
3276 conn->connect_cfm_cb = le_pairing_complete_cb;
3277 conn->security_cfm_cb = le_pairing_complete_cb;
3278 conn->disconn_cfm_cb = le_pairing_complete_cb;
3279 }
7a512d01 3280
e9a416b5 3281 conn->io_capability = cp->io_cap;
f8aaf9b6 3282 cmd->user_data = hci_conn_get(conn);
e9a416b5 3283
6f78fd4b 3284 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3285 hci_conn_security(conn, sec_level, auth_type, true)) {
3286 cmd->cmd_complete(cmd, 0);
3287 mgmt_pending_remove(cmd);
3288 }
e9a416b5
JH		 3289
3290 err = 0;
3291
3292unlock:
09fd0de5 3293 hci_dev_unlock(hdev);
e9a416b5
JH		 3294 return err;
3295}
3296
04124681
GP		 3297static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3298 u16 len)
28424707 3299{
0f4e68cf 3300 struct mgmt_addr_info *addr = data;
28424707
JH		 3301 struct pending_cmd *cmd;
3302 struct hci_conn *conn;
3303 int err;
3304
3305 BT_DBG("");
3306
28424707
JH		 3307 hci_dev_lock(hdev);
3308
5f97c1df 3309 if (!hdev_is_powered(hdev)) {
bdb6d971 3310 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3311 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3312 goto unlock;
3313 }
3314
28424707
JH		 3315 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3316 if (!cmd) {
bdb6d971 3317 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3318 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3319 goto unlock;
3320 }
3321
3322 conn = cmd->user_data;
3323
3324 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3325 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3326 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3327 goto unlock;
3328 }
3329
a511b35b
JH		 3330 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3331 mgmt_pending_remove(cmd);
28424707 3332
bdb6d971 3333 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3334 addr, sizeof(*addr));
28424707
JH		 3335unlock:
3336 hci_dev_unlock(hdev);
28424707
JH		 3337 return err;
3338}
3339
bdb6d971 3340static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3341 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3342 u16 hci_op, __le32 passkey)
a5c29683 3343{
a5c29683 3344 struct pending_cmd *cmd;
0df4c185 3345 struct hci_conn *conn;
a5c29683
JH		 3346 int err;
3347
09fd0de5 3348 hci_dev_lock(hdev);
08ba5382 3349
4b34ee78 3350 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3351 err = cmd_complete(sk, hdev->id, mgmt_op,
3352 MGMT_STATUS_NOT_POWERED, addr,
3353 sizeof(*addr));
0df4c185 3354 goto done;
a5c29683
JH		 3355 }
3356
1707c60e
JH		 3357 if (addr->type == BDADDR_BREDR)
3358 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3359 else
1707c60e 3360 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3361
3362 if (!conn) {
feb94d3d
JH		 3363 err = cmd_complete(sk, hdev->id, mgmt_op,
3364 MGMT_STATUS_NOT_CONNECTED, addr,
3365 sizeof(*addr));
272d90df
JH		 3366 goto done;
3367 }
47c15e2b 3368
1707c60e 3369 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3370 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3371 if (!err)
feb94d3d
JH		 3372 err = cmd_complete(sk, hdev->id, mgmt_op,
3373 MGMT_STATUS_SUCCESS, addr,
3374 sizeof(*addr));
5fe57d9e 3375 else
feb94d3d
JH		 3376 err = cmd_complete(sk, hdev->id, mgmt_op,
3377 MGMT_STATUS_FAILED, addr,
3378 sizeof(*addr));
47c15e2b 3379
47c15e2b
BG		 3380 goto done;
3381 }
3382
1707c60e 3383 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3384 if (!cmd) {
3385 err = -ENOMEM;
0df4c185 3386 goto done;
a5c29683
JH		 3387 }
3388
7776d1d8
JH		 3389 cmd->cmd_complete = addr_cmd_complete;
3390
0df4c185 3391 /* Continue with pairing via HCI */
604086b7
BG		 3392 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3393 struct hci_cp_user_passkey_reply cp;
3394
1707c60e 3395 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3396 cp.passkey = passkey;
3397 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3398 } else
1707c60e
JH		 3399 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3400 &addr->bdaddr);
604086b7 3401
a664b5bc
JH		 3402 if (err < 0)
3403 mgmt_pending_remove(cmd);
a5c29683 3404
0df4c185 3405done:
09fd0de5 3406 hci_dev_unlock(hdev);
a5c29683
JH		 3407 return err;
3408}
3409
afeb019d
JK		 3410static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3411 void *data, u16 len)
3412{
3413 struct mgmt_cp_pin_code_neg_reply *cp = data;
3414
3415 BT_DBG("");
3416
1707c60e 3417 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3418 MGMT_OP_PIN_CODE_NEG_REPLY,
3419 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3420}
3421
04124681
GP		 3422static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3423 u16 len)
0df4c185 3424{
650f726d 3425 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3426
3427 BT_DBG("");
3428
3429 if (len != sizeof(*cp))
bdb6d971 3430 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3431 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3432
1707c60e 3433 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3434 MGMT_OP_USER_CONFIRM_REPLY,
3435 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3436}
3437
bdb6d971 3438static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3439 void *data, u16 len)
0df4c185 3440{
c9c2659f 3441 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3442
3443 BT_DBG("");
3444
1707c60e 3445 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3446 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3447 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3448}
3449
04124681
GP		 3450static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3451 u16 len)
604086b7 3452{
650f726d 3453 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3454
3455 BT_DBG("");
3456
1707c60e 3457 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3458 MGMT_OP_USER_PASSKEY_REPLY,
3459 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3460}
3461
bdb6d971 3462static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3463 void *data, u16 len)
604086b7 3464{
650f726d 3465 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3466
3467 BT_DBG("");
3468
1707c60e 3469 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3470 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3471 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3472}
3473
13928971 3474static void update_name(struct hci_request *req)
2b4bf397 3475{
13928971 3476 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3477 struct hci_cp_write_local_name cp;
3478
13928971 3479 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3480
890ea898 3481 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3482}
3483
13928971
JH		 3484static void set_name_complete(struct hci_dev *hdev, u8 status)
3485{
3486 struct mgmt_cp_set_local_name *cp;
3487 struct pending_cmd *cmd;
3488
3489 BT_DBG("status 0x%02x", status);
3490
3491 hci_dev_lock(hdev);
3492
3493 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3494 if (!cmd)
3495 goto unlock;
3496
3497 cp = cmd->param;
3498
3499 if (status)
3500 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3501 mgmt_status(status));
3502 else
3503 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3504 cp, sizeof(*cp));
3505
3506 mgmt_pending_remove(cmd);
3507
3508unlock:
3509 hci_dev_unlock(hdev);
3510}
3511
bdb6d971 3512static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3513 u16 len)
b312b161 3514{
2b4bf397 3515 struct mgmt_cp_set_local_name *cp = data;
b312b161 3516 struct pending_cmd *cmd;
890ea898 3517 struct hci_request req;
b312b161
JH		 3518 int err;
3519
3520 BT_DBG("");
3521
09fd0de5 3522 hci_dev_lock(hdev);
b312b161 3523
b3f2ca94
JH		 3524 /* If the old values are the same as the new ones just return a
3525 * direct command complete event.
3526 */
3527 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3528 !memcmp(hdev->short_name, cp->short_name,
3529 sizeof(hdev->short_name))) {
3530 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3531 data, len);
3532 goto failed;
3533 }
3534
2b4bf397 3535 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3536
b5235a65 3537 if (!hdev_is_powered(hdev)) {
2b4bf397 3538 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3539
3540 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3541 data, len);
28cc7bde
JH		 3542 if (err < 0)
3543 goto failed;
3544
3545 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3546 sk);
28cc7bde 3547
b5235a65
JH		 3548 goto failed;
3549 }
3550
28cc7bde 3551 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3552 if (!cmd) {
3553 err = -ENOMEM;
3554 goto failed;
3555 }
3556
13928971
JH		 3557 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3558
890ea898 3559 hci_req_init(&req, hdev);
3f985050
JH		 3560
3561 if (lmp_bredr_capable(hdev)) {
3562 update_name(&req);
3563 update_eir(&req);
3564 }
3565
7a5f4990
MH		 3566 /* The name is stored in the scan response data and so
3567 * no need to udpate the advertising data here.
3568 */
3f985050 3569 if (lmp_le_capable(hdev))
7a5f4990 3570 update_scan_rsp_data(&req);
3f985050 3571
13928971 3572 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3573 if (err < 0)
3574 mgmt_pending_remove(cmd);
3575
3576failed:
09fd0de5 3577 hci_dev_unlock(hdev);
b312b161
JH		 3578 return err;
3579}
3580
0f4e68cf 3581static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3582 void *data, u16 data_len)
c35938b2 3583{
c35938b2
SJ		 3584 struct pending_cmd *cmd;
3585 int err;
3586
bdb6d971 3587 BT_DBG("%s", hdev->name);
c35938b2 3588
09fd0de5 3589 hci_dev_lock(hdev);
c35938b2 3590
4b34ee78 3591 if (!hdev_is_powered(hdev)) {
bdb6d971 3592 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3593 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3594 goto unlock;
3595 }
3596
9a1a1996 3597 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3598 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3599 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3600 goto unlock;
3601 }
3602
2e58ef3e 3603 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3604 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3605 MGMT_STATUS_BUSY);
c35938b2
SJ		 3606 goto unlock;
3607 }
3608
2e58ef3e 3609 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3610 if (!cmd) {
3611 err = -ENOMEM;
3612 goto unlock;
3613 }
3614
710f11c0 3615 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3616 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3617 0, NULL);
3618 else
3619 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3620
c35938b2
SJ		 3621 if (err < 0)
3622 mgmt_pending_remove(cmd);
3623
3624unlock:
09fd0de5 3625 hci_dev_unlock(hdev);
c35938b2
SJ		 3626 return err;
3627}
3628
bdb6d971 3629static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3630 void *data, u16 len)
2763eda6 3631{
2763eda6
SJ		 3632 int err;
3633
bdb6d971 3634 BT_DBG("%s ", hdev->name);
2763eda6 3635
09fd0de5 3636 hci_dev_lock(hdev);
2763eda6 3637
ec109113
MH		 3638 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3639 struct mgmt_cp_add_remote_oob_data *cp = data;
3640 u8 status;
bf1e3541 3641
c19a495c
JH		 3642 if (cp->addr.type != BDADDR_BREDR) {
3643 err = cmd_complete(sk, hdev->id,
3644 MGMT_OP_ADD_REMOTE_OOB_DATA,
3645 MGMT_STATUS_INVALID_PARAMS,
3646 &cp->addr, sizeof(cp->addr));
3647 goto unlock;
3648 }
3649
ec109113 3650 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3651 cp->addr.type, cp->hash,
3652 cp->rand, NULL, NULL);
ec109113
MH		 3653 if (err < 0)
3654 status = MGMT_STATUS_FAILED;
3655 else
3656 status = MGMT_STATUS_SUCCESS;
3657
3658 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3659 status, &cp->addr, sizeof(cp->addr));
3660 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3661 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
86df9200 3662 u8 *rand192, *hash192;
ec109113
MH		 3663 u8 status;
3664
c19a495c
JH		 3665 if (cp->addr.type != BDADDR_BREDR) {
3666 err = cmd_complete(sk, hdev->id,
3667 MGMT_OP_ADD_REMOTE_OOB_DATA,
3668 MGMT_STATUS_INVALID_PARAMS,
3669 &cp->addr, sizeof(cp->addr));
3670 goto unlock;
3671 }
3672
86df9200
JH		 3673 if (bdaddr_type_is_le(cp->addr.type)) {
3674 rand192 = NULL;
3675 hash192 = NULL;
3676 } else {
3677 rand192 = cp->rand192;
3678 hash192 = cp->hash192;
3679 }
3680
81328d5c 3681 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200
JH		 3682 cp->addr.type, hash192, rand192,
3683 cp->hash256, cp->rand256);
ec109113
MH		 3684 if (err < 0)
3685 status = MGMT_STATUS_FAILED;
3686 else
3687 status = MGMT_STATUS_SUCCESS;
3688
3689 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3690 status, &cp->addr, sizeof(cp->addr));
3691 } else {
3692 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3693 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3694 MGMT_STATUS_INVALID_PARAMS);
3695 }
2763eda6 3696
c19a495c 3697unlock:
09fd0de5 3698 hci_dev_unlock(hdev);
2763eda6
SJ		 3699 return err;
3700}
3701
bdb6d971 3702static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3703 void *data, u16 len)
2763eda6 3704{
650f726d 3705 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3706 u8 status;
2763eda6
SJ		 3707 int err;
3708
bdb6d971 3709 BT_DBG("%s", hdev->name);
2763eda6 3710
c19a495c
JH		 3711 if (cp->addr.type != BDADDR_BREDR)
3712 return cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3713 MGMT_STATUS_INVALID_PARAMS,
3714 &cp->addr, sizeof(cp->addr));
3715
09fd0de5 3716 hci_dev_lock(hdev);
2763eda6 3717
eedbd581
JH		 3718 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3719 hci_remote_oob_data_clear(hdev);
3720 status = MGMT_STATUS_SUCCESS;
3721 goto done;
3722 }
3723
6928a924 3724 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3725 if (err < 0)
bf1e3541 3726 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3727 else
a6785be2 3728 status = MGMT_STATUS_SUCCESS;
bf1e3541 3729
eedbd581 3730done:
bdb6d971 3731 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3732 status, &cp->addr, sizeof(cp->addr));
2763eda6 3733
09fd0de5 3734 hci_dev_unlock(hdev);
2763eda6
SJ		 3735 return err;
3736}
3737
8019044d 3738static bool trigger_discovery(struct hci_request *req, u8 *status)
41dc2bd6 3739{
8019044d
MH		 3740 struct hci_dev *hdev = req->hdev;
3741 struct hci_cp_le_set_scan_param param_cp;
3742 struct hci_cp_le_set_scan_enable enable_cp;
3743 struct hci_cp_inquiry inq_cp;
3744 /* General inquiry access code (GIAC) */
3745 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3746 u8 own_addr_type;
41dc2bd6
AG		 3747 int err;
3748
8019044d
MH		 3749 switch (hdev->discovery.type) {
3750 case DISCOV_TYPE_BREDR:
3751 *status = mgmt_bredr_support(hdev);
3752 if (*status)
3753 return false;
41dc2bd6 3754
8019044d
MH		 3755 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3756 *status = MGMT_STATUS_BUSY;
3757 return false;
3758 }
41dc2bd6 3759
8019044d 3760 hci_inquiry_cache_flush(hdev);
41dc2bd6 3761
8019044d
MH		 3762 memset(&inq_cp, 0, sizeof(inq_cp));
3763 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3764 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3765 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3766 break;
41dc2bd6 3767
8019044d
MH		 3768 case DISCOV_TYPE_LE:
3769 case DISCOV_TYPE_INTERLEAVED:
3770 *status = mgmt_le_support(hdev);
3771 if (*status)
3772 return false;
3773
3774 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3775 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3776 *status = MGMT_STATUS_NOT_SUPPORTED;
3777 return false;
3778 }
3779
3780 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3781 /* Don't let discovery abort an outgoing
3782 * connection attempt that's using directed
3783 * advertising.
3784 */
3785 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3786 BT_CONNECT)) {
3787 *status = MGMT_STATUS_REJECTED;
3788 return false;
3789 }
3790
3791 disable_advertising(req);
3792 }
3793
3794 /* If controller is scanning, it means the background scanning
3795 * is running. Thus, we should temporarily stop it in order to
3796 * set the discovery scanning parameters.
3797 */
3798 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3799 hci_req_add_le_scan_disable(req);
3800
3801 memset(&param_cp, 0, sizeof(param_cp));
3802
3803 /* All active scans will be done with either a resolvable
3804 * private address (when privacy feature has been enabled)
9437d2ed 3805 * or non-resolvable private address.
8019044d
MH		 3806 */
3807 err = hci_update_random_address(req, true, &own_addr_type);
3808 if (err < 0) {
3809 *status = MGMT_STATUS_FAILED;
3810 return false;
3811 }
3812
3813 param_cp.type = LE_SCAN_ACTIVE;
3814 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3815 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3816 param_cp.own_address_type = own_addr_type;
3817 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3818 &param_cp);
3819
3820 memset(&enable_cp, 0, sizeof(enable_cp));
3821 enable_cp.enable = LE_SCAN_ENABLE;
3822 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3823 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3824 &enable_cp);
3825 break;
3826
3827 default:
3828 *status = MGMT_STATUS_INVALID_PARAMS;
3829 return false;
3830 }
3831
3832 return true;
41dc2bd6
AG		 3833}
3834
7c307720
AG		 3835static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3836{
41dc2bd6 3837 struct pending_cmd *cmd;
11e6e25d 3838 unsigned long timeout;
ae55f598 3839
7c307720
AG		 3840 BT_DBG("status %d", status);
3841
11e6e25d 3842 hci_dev_lock(hdev);
41dc2bd6 3843
11e6e25d 3844 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427
JP		 3845 if (!cmd)
3846 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3847
11e6e25d 3848 if (cmd) {
2922a94f 3849 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3850 mgmt_pending_remove(cmd);
3851 }
7c307720
AG		 3852
3853 if (status) {
11e6e25d
MH		 3854 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3855 goto unlock;
7c307720
AG		 3856 }
3857
7c307720 3858 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720
AG		 3859
3860 switch (hdev->discovery.type) {
3861 case DISCOV_TYPE_LE:
3d5a76f0 3862 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 3863 break;
7c307720 3864 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3865 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 3866 break;
7c307720 3867 case DISCOV_TYPE_BREDR:
11e6e25d 3868 timeout = 0;
7c307720 3869 break;
7c307720
AG		 3870 default:
3871 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 3872 timeout = 0;
3873 break;
7c307720 3874 }
ae55f598 3875
11e6e25d
MH		 3876 if (timeout)
3877 queue_delayed_work(hdev->workqueue,
3878 &hdev->le_scan_disable, timeout);
ae55f598 3879
11e6e25d
MH		 3880unlock:
3881 hci_dev_unlock(hdev);
7c307720
AG		 3882}
3883
bdb6d971 3884static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3885 void *data, u16 len)
14a53664 3886{
650f726d 3887 struct mgmt_cp_start_discovery *cp = data;
14a53664 3888 struct pending_cmd *cmd;
7c307720 3889 struct hci_request req;
8019044d 3890 u8 status;
14a53664
JH		 3891 int err;
3892
bdb6d971 3893 BT_DBG("%s", hdev->name);
14a53664 3894
09fd0de5 3895 hci_dev_lock(hdev);
14a53664 3896
4b34ee78 3897 if (!hdev_is_powered(hdev)) {
a736abc1
SJ		 3898 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3899 MGMT_STATUS_NOT_POWERED,
3900 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3901 goto failed;
3902 }
3903
f5a969f2
MH		 3904 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3905 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
a736abc1
SJ		 3906 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3907 MGMT_STATUS_BUSY, &cp->type,
3908 sizeof(cp->type));
642be6c7
AG		 3909 goto failed;
3910 }
3911
2922a94f 3912 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 3913 if (!cmd) {
3914 err = -ENOMEM;
3915 goto failed;
3916 }
3917
2922a94f
JH		 3918 cmd->cmd_complete = generic_cmd_complete;
3919
22078800
MH		 3920 /* Clear the discovery filter first to free any previously
3921 * allocated memory for the UUID list.
3922 */
3923 hci_discovery_filter_clear(hdev);
3924
4aab14e5 3925 hdev->discovery.type = cp->type;
da25cf6a 3926 hdev->discovery.report_invalid_rssi = false;
4aab14e5 3927
7c307720
AG		 3928 hci_req_init(&req, hdev);
3929
8019044d 3930 if (!trigger_discovery(&req, &status)) {
a736abc1 3931 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
8019044d 3932 status, &cp->type, sizeof(cp->type));
04106755
JH		 3933 mgmt_pending_remove(cmd);
3934 goto failed;
f39799f5 3935 }
04106755 3936
7c307720 3937 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 3938 if (err < 0) {
14a53664 3939 mgmt_pending_remove(cmd);
f5a969f2
MH		 3940 goto failed;
3941 }
7c307720 3942
f5a969f2 3943 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 3944
14a53664 3945failed:
09fd0de5 3946 hci_dev_unlock(hdev);
14a53664
JH		 3947 return err;
3948}
f39799f5 3949
2922a94f
JH		 3950static void service_discovery_cmd_complete(struct pending_cmd *cmd, u8 status)
3951{
3952 cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param, 1);
3953}
04106755 3954
66ea9427
JP		 3955static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3956 void *data, u16 len)
3957{
3958 struct mgmt_cp_start_service_discovery *cp = data;
3959 struct pending_cmd *cmd;
3960 struct hci_request req;
3961 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3962 u16 uuid_count, expected_len;
3963 u8 status;
3964 int err;
04106755 3965
66ea9427 3966 BT_DBG("%s", hdev->name);
e8bb6b97 3967
66ea9427 3968 hci_dev_lock(hdev);
7c307720 3969
66ea9427
JP		 3970 if (!hdev_is_powered(hdev)) {
3971 err = cmd_complete(sk, hdev->id,
3972 MGMT_OP_START_SERVICE_DISCOVERY,
3973 MGMT_STATUS_NOT_POWERED,
3974 &cp->type, sizeof(cp->type));
3975 goto failed;
3976 }
7c307720 3977
66ea9427
JP		 3978 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3979 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3980 err = cmd_complete(sk, hdev->id,
3981 MGMT_OP_START_SERVICE_DISCOVERY,
3982 MGMT_STATUS_BUSY, &cp->type,
3983 sizeof(cp->type));
3984 goto failed;
3985 }
d9483943 3986
66ea9427
JP		 3987 uuid_count = __le16_to_cpu(cp->uuid_count);
3988 if (uuid_count > max_uuid_count) {
3989 BT_ERR("service_discovery: too big uuid_count value %u",
3990 uuid_count);
3991 err = cmd_complete(sk, hdev->id,
3992 MGMT_OP_START_SERVICE_DISCOVERY,
3993 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3994 sizeof(cp->type));
3995 goto failed;
3996 }
3997
3998 expected_len = sizeof(*cp) + uuid_count * 16;
3999 if (expected_len != len) {
4000 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4001 expected_len, len);
4002 err = cmd_complete(sk, hdev->id,
4003 MGMT_OP_START_SERVICE_DISCOVERY,
4004 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4005 sizeof(cp->type));
4006 goto failed;
4007 }
4008
4009 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4010 hdev, data, len);
66ea9427
JP		 4011 if (!cmd) {
4012 err = -ENOMEM;
4013 goto failed;
4014 }
4015
2922a94f
JH		 4016 cmd->cmd_complete = service_discovery_cmd_complete;
4017
22078800
MH		 4018 /* Clear the discovery filter first to free any previously
4019 * allocated memory for the UUID list.
4020 */
4021 hci_discovery_filter_clear(hdev);
4022
66ea9427
JP		 4023 hdev->discovery.type = cp->type;
4024 hdev->discovery.rssi = cp->rssi;
4025 hdev->discovery.uuid_count = uuid_count;
4026
4027 if (uuid_count > 0) {
4028 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4029 GFP_KERNEL);
4030 if (!hdev->discovery.uuids) {
a736abc1 4031 err = cmd_complete(sk, hdev->id,
66ea9427 4032 MGMT_OP_START_SERVICE_DISCOVERY,
a736abc1
SJ		 4033 MGMT_STATUS_FAILED,
4034 &cp->type, sizeof(cp->type));
d9483943
JH		 4035 mgmt_pending_remove(cmd);
4036 goto failed;
4037 }
66ea9427 4038 }
d9483943 4039
66ea9427 4040 hci_req_init(&req, hdev);
5e0452c0 4041
66ea9427
JP		 4042 if (!trigger_discovery(&req, &status)) {
4043 err = cmd_complete(sk, hdev->id,
4044 MGMT_OP_START_SERVICE_DISCOVERY,
4045 status, &cp->type, sizeof(cp->type));
04106755
JH		 4046 mgmt_pending_remove(cmd);
4047 goto failed;
f39799f5 4048 }
3fd24153 4049
7c307720 4050 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4051 if (err < 0) {
14a53664 4052 mgmt_pending_remove(cmd);
66ea9427
JP		 4053 goto failed;
4054 }
4055
4056 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4057
4058failed:
09fd0de5 4059 hci_dev_unlock(hdev);
14a53664
JH		 4060 return err;
4061}
4062
11e6e25d 4063static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca
AG		 4064{
4065 struct pending_cmd *cmd;
1183fdca 4066
0e05bba6
AG		 4067 BT_DBG("status %d", status);
4068
4069 hci_dev_lock(hdev);
4070
11e6e25d
MH		 4071 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4072 if (cmd) {
2922a94f 4073 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4074 mgmt_pending_remove(cmd);
0e05bba6
AG		 4075 }
4076
11e6e25d
MH		 4077 if (!status)
4078 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4079
0e05bba6
AG		 4080 hci_dev_unlock(hdev);
4081}
4082
bdb6d971 4083static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4084 u16 len)
14a53664 4085{
d930650b 4086 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 4087 struct pending_cmd *cmd;
0e05bba6 4088 struct hci_request req;
14a53664
JH		 4089 int err;
4090
bdb6d971 4091 BT_DBG("%s", hdev->name);
14a53664 4092
09fd0de5 4093 hci_dev_lock(hdev);
14a53664 4094
30dc78e1 4095 if (!hci_discovery_active(hdev)) {
bdb6d971 4096 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 4097 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4098 sizeof(mgmt_cp->type));
d930650b
JH		 4099 goto unlock;
4100 }
4101
4102 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 4103 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 4104 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
4105 sizeof(mgmt_cp->type));
30dc78e1 4106 goto unlock;
ff9ef578
JH		 4107 }
4108
2922a94f 4109 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4110 if (!cmd) {
4111 err = -ENOMEM;
30dc78e1
JH		 4112 goto unlock;
4113 }
4114
2922a94f
JH		 4115 cmd->cmd_complete = generic_cmd_complete;
4116
0e05bba6
AG		 4117 hci_req_init(&req, hdev);
4118
21a60d30 4119 hci_stop_discovery(&req);
e0d9727e 4120
21a60d30
JH		 4121 err = hci_req_run(&req, stop_discovery_complete);
4122 if (!err) {
4123 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4124 goto unlock;
14a53664
JH		 4125 }
4126
21a60d30
JH		 4127 mgmt_pending_remove(cmd);
4128
4129 /* If no HCI commands were sent we're done */
4130 if (err == -ENODATA) {
4131 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4132 &mgmt_cp->type, sizeof(mgmt_cp->type));
4133 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4134 }
14a53664 4135
30dc78e1 4136unlock:
09fd0de5 4137 hci_dev_unlock(hdev);
14a53664
JH		 4138 return err;
4139}
4140
bdb6d971 4141static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4142 u16 len)
561aafbc 4143{
650f726d 4144 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4145 struct inquiry_entry *e;
561aafbc
JH		 4146 int err;
4147
bdb6d971 4148 BT_DBG("%s", hdev->name);
561aafbc 4149
561aafbc
JH		 4150 hci_dev_lock(hdev);
4151
30dc78e1 4152 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 4153 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4154 MGMT_STATUS_FAILED, &cp->addr,
4155 sizeof(cp->addr));
30dc78e1
JH		 4156 goto failed;
4157 }
4158
a198e7b1 4159 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4160 if (!e) {
d3a2541d
LR		 4161 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4162 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4163 sizeof(cp->addr));
561aafbc
JH		 4164 goto failed;
4165 }
4166
4167 if (cp->name_known) {
4168 e->name_state = NAME_KNOWN;
4169 list_del(&e->list);
4170 } else {
4171 e->name_state = NAME_NEEDED;
a3d4e20a 4172 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4173 }
4174
e384662b
JH		 4175 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
4176 sizeof(cp->addr));
561aafbc
JH		 4177
4178failed:
4179 hci_dev_unlock(hdev);
561aafbc
JH		 4180 return err;
4181}
4182
bdb6d971 4183static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4184 u16 len)
7fbec224 4185{
650f726d 4186 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4187 u8 status;
7fbec224
AJ		 4188 int err;
4189
bdb6d971 4190 BT_DBG("%s", hdev->name);
7fbec224 4191
4ee71b20 4192 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4193 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4194 MGMT_STATUS_INVALID_PARAMS,
4195 &cp->addr, sizeof(cp->addr));
4ee71b20 4196
09fd0de5 4197 hci_dev_lock(hdev);
5e762444 4198
dcc36c16
JH		 4199 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4200 cp->addr.type);
2a8357f2 4201 if (err < 0) {
f0eeea8b 4202 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4203 goto done;
4204 }
4205
4206 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4207 sk);
4208 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4209
2a8357f2 4210done:
bdb6d971 4211 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 4212 &cp->addr, sizeof(cp->addr));
5e762444 4213
09fd0de5 4214 hci_dev_unlock(hdev);
7fbec224
AJ		 4215
4216 return err;
4217}
4218
bdb6d971 4219static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4220 u16 len)
7fbec224 4221{
650f726d 4222 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4223 u8 status;
7fbec224
AJ		 4224 int err;
4225
bdb6d971 4226 BT_DBG("%s", hdev->name);
7fbec224 4227
4ee71b20 4228 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4229 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4230 MGMT_STATUS_INVALID_PARAMS,
4231 &cp->addr, sizeof(cp->addr));
4ee71b20 4232
09fd0de5 4233 hci_dev_lock(hdev);
5e762444 4234
dcc36c16
JH		 4235 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4236 cp->addr.type);
2a8357f2 4237 if (err < 0) {
f0eeea8b 4238 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4239 goto done;
4240 }
4241
4242 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4243 sk);
4244 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4245
2a8357f2 4246done:
bdb6d971 4247 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 4248 &cp->addr, sizeof(cp->addr));
5e762444 4249
09fd0de5 4250 hci_dev_unlock(hdev);
7fbec224
AJ		 4251
4252 return err;
4253}
4254
cdbaccca
MH		 4255static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4256 u16 len)
4257{
4258 struct mgmt_cp_set_device_id *cp = data;
890ea898 4259 struct hci_request req;
cdbaccca 4260 int err;
c72d4b8a 4261 __u16 source;
cdbaccca
MH		 4262
4263 BT_DBG("%s", hdev->name);
4264
c72d4b8a
SJ		 4265 source = __le16_to_cpu(cp->source);
4266
4267 if (source > 0x0002)
4268 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4269 MGMT_STATUS_INVALID_PARAMS);
4270
cdbaccca
MH		 4271 hci_dev_lock(hdev);
4272
c72d4b8a 4273 hdev->devid_source = source;
cdbaccca
MH		 4274 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4275 hdev->devid_product = __le16_to_cpu(cp->product);
4276 hdev->devid_version = __le16_to_cpu(cp->version);
4277
4278 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4279
890ea898
JH		 4280 hci_req_init(&req, hdev);
4281 update_eir(&req);
4282 hci_req_run(&req, NULL);
cdbaccca
MH		 4283
4284 hci_dev_unlock(hdev);
4285
4286 return err;
4287}
4288
4375f103
JH		 4289static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4290{
4291 struct cmd_lookup match = { NULL, hdev };
4292
3ad67582
JK		 4293 hci_dev_lock(hdev);
4294
4375f103
JH		 4295 if (status) {
4296 u8 mgmt_err = mgmt_status(status);
4297
4298 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4299 cmd_status_rsp, &mgmt_err);
3ad67582 4300 goto unlock;
4375f103
JH		 4301 }
4302
c93bd150
JH		 4303 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4304 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4305 else
4306 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4307
4375f103
JH		 4308 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4309 &match);
4310
4311 new_settings(hdev, match.sk);
4312
4313 if (match.sk)
4314 sock_put(match.sk);
3ad67582
JK		 4315
4316unlock:
4317 hci_dev_unlock(hdev);
4375f103
JH		 4318}
4319
21b5187f
MH		 4320static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4321 u16 len)
4375f103
JH		 4322{
4323 struct mgmt_mode *cp = data;
4324 struct pending_cmd *cmd;
4325 struct hci_request req;
e6fe7986 4326 u8 val, enabled, status;
4375f103
JH		 4327 int err;
4328
4329 BT_DBG("request for %s", hdev->name);
4330
e6fe7986
JH		 4331 status = mgmt_le_support(hdev);
4332 if (status)
4375f103 4333 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 4334 status);
4375f103
JH		 4335
4336 if (cp->val != 0x00 && cp->val != 0x01)
4337 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4338 MGMT_STATUS_INVALID_PARAMS);
4339
4340 hci_dev_lock(hdev);
4341
4342 val = !!cp->val;
f3d3444a 4343 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4344
f74ca9b8
JH		 4345 /* The following conditions are ones which mean that we should
4346 * not do any HCI communication but directly send a mgmt
4347 * response to user space (after toggling the flag if
4348 * necessary).
4349 */
4350 if (!hdev_is_powered(hdev) || val == enabled ||
e8bb6b97
JH		 4351 hci_conn_num(hdev, LE_LINK) > 0 ||
4352 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4353 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4375f103
JH		 4354 bool changed = false;
4355
f3d3444a
JH		 4356 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4357 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4358 changed = true;
4359 }
4360
4361 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4362 if (err < 0)
4363 goto unlock;
4364
4365 if (changed)
4366 err = new_settings(hdev, sk);
4367
4368 goto unlock;
4369 }
4370
4371 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4372 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4373 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4374 MGMT_STATUS_BUSY);
4375 goto unlock;
4376 }
4377
4378 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4379 if (!cmd) {
4380 err = -ENOMEM;
4381 goto unlock;
4382 }
4383
4384 hci_req_init(&req, hdev);
4385
bba3aa55
MH		 4386 if (val)
4387 enable_advertising(&req);
4388 else
4389 disable_advertising(&req);
4375f103
JH		 4390
4391 err = hci_req_run(&req, set_advertising_complete);
4392 if (err < 0)
4393 mgmt_pending_remove(cmd);
4394
4395unlock:
4396 hci_dev_unlock(hdev);
4397 return err;
4398}
4399
d13eafce
MH		 4400static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4401 void *data, u16 len)
4402{
4403 struct mgmt_cp_set_static_address *cp = data;
4404 int err;
4405
4406 BT_DBG("%s", hdev->name);
4407
62af4443 4408 if (!lmp_le_capable(hdev))
d13eafce 4409 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 4410 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4411
4412 if (hdev_is_powered(hdev))
4413 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4414 MGMT_STATUS_REJECTED);
4415
4416 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4417 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4418 return cmd_status(sk, hdev->id,
4419 MGMT_OP_SET_STATIC_ADDRESS,
4420 MGMT_STATUS_INVALID_PARAMS);
4421
4422 /* Two most significant bits shall be set */
4423 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4424 return cmd_status(sk, hdev->id,
4425 MGMT_OP_SET_STATIC_ADDRESS,
4426 MGMT_STATUS_INVALID_PARAMS);
4427 }
4428
4429 hci_dev_lock(hdev);
4430
4431 bacpy(&hdev->static_addr, &cp->bdaddr);
4432
4433 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4434
4435 hci_dev_unlock(hdev);
4436
4437 return err;
4438}
4439
14b49b9a
MH		 4440static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4441 void *data, u16 len)
4442{
4443 struct mgmt_cp_set_scan_params *cp = data;
4444 __u16 interval, window;
4445 int err;
4446
4447 BT_DBG("%s", hdev->name);
4448
4449 if (!lmp_le_capable(hdev))
4450 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4451 MGMT_STATUS_NOT_SUPPORTED);
4452
4453 interval = __le16_to_cpu(cp->interval);
4454
4455 if (interval < 0x0004 || interval > 0x4000)
4456 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4457 MGMT_STATUS_INVALID_PARAMS);
4458
4459 window = __le16_to_cpu(cp->window);
4460
4461 if (window < 0x0004 || window > 0x4000)
4462 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4463 MGMT_STATUS_INVALID_PARAMS);
4464
899e1075
MH		 4465 if (window > interval)
4466 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4467 MGMT_STATUS_INVALID_PARAMS);
4468
14b49b9a
MH		 4469 hci_dev_lock(hdev);
4470
4471 hdev->le_scan_interval = interval;
4472 hdev->le_scan_window = window;
4473
4474 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4475
dd2ef8e2
AG		 4476 /* If background scan is running, restart it so new parameters are
4477 * loaded.
4478 */
4479 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4480 hdev->discovery.state == DISCOVERY_STOPPED) {
4481 struct hci_request req;
4482
4483 hci_req_init(&req, hdev);
4484
4485 hci_req_add_le_scan_disable(&req);
4486 hci_req_add_le_passive_scan(&req);
4487
4488 hci_req_run(&req, NULL);
4489 }
4490
14b49b9a
MH		 4491 hci_dev_unlock(hdev);
4492
4493 return err;
4494}
4495
33e38b3e
JH		 4496static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4497{
4498 struct pending_cmd *cmd;
4499
4500 BT_DBG("status 0x%02x", status);
4501
4502 hci_dev_lock(hdev);
4503
4504 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4505 if (!cmd)
4506 goto unlock;
4507
4508 if (status) {
4509 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4510 mgmt_status(status));
4511 } else {
1a4d3c4b
JH		 4512 struct mgmt_mode *cp = cmd->param;
4513
4514 if (cp->val)
4515 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4516 else
4517 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4518
33e38b3e
JH		 4519 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4520 new_settings(hdev, cmd->sk);
4521 }
4522
4523 mgmt_pending_remove(cmd);
4524
4525unlock:
4526 hci_dev_unlock(hdev);
4527}
4528
bdb6d971 4529static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4530 void *data, u16 len)
f6422ec6 4531{
650f726d 4532 struct mgmt_mode *cp = data;
33e38b3e
JH		 4533 struct pending_cmd *cmd;
4534 struct hci_request req;
f6422ec6
AJ		 4535 int err;
4536
bdb6d971 4537 BT_DBG("%s", hdev->name);
f6422ec6 4538
56f87901
JH		 4539 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4540 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4541 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4542 MGMT_STATUS_NOT_SUPPORTED);
4543
a7e80f25
JH		 4544 if (cp->val != 0x00 && cp->val != 0x01)
4545 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4546 MGMT_STATUS_INVALID_PARAMS);
4547
5400c044 4548 if (!hdev_is_powered(hdev))
bdb6d971 4549 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4550 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4551
4552 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4553 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4554 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4555
4556 hci_dev_lock(hdev);
4557
05cbf29f
JH		 4558 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4559 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4560 MGMT_STATUS_BUSY);
4561 goto unlock;
4562 }
4563
1a4d3c4b
JH		 4564 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4565 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4566 hdev);
4567 goto unlock;
4568 }
4569
33e38b3e
JH		 4570 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4571 data, len);
4572 if (!cmd) {
4573 err = -ENOMEM;
4574 goto unlock;
f6422ec6
AJ		 4575 }
4576
33e38b3e
JH		 4577 hci_req_init(&req, hdev);
4578
406d7804 4579 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4580
4581 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4582 if (err < 0) {
bdb6d971 4583 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4584 MGMT_STATUS_FAILED);
33e38b3e 4585 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4586 }
4587
33e38b3e 4588unlock:
f6422ec6 4589 hci_dev_unlock(hdev);
33e38b3e 4590
f6422ec6
AJ		 4591 return err;
4592}
4593
0663ca2a
JH		 4594static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4595{
4596 struct pending_cmd *cmd;
4597
4598 BT_DBG("status 0x%02x", status);
4599
4600 hci_dev_lock(hdev);
4601
4602 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4603 if (!cmd)
4604 goto unlock;
4605
4606 if (status) {
4607 u8 mgmt_err = mgmt_status(status);
4608
4609 /* We need to restore the flag if related HCI commands
4610 * failed.
4611 */
4612 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4613
4614 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4615 } else {
4616 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4617 new_settings(hdev, cmd->sk);
4618 }
4619
4620 mgmt_pending_remove(cmd);
4621
4622unlock:
4623 hci_dev_unlock(hdev);
4624}
4625
4626static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4627{
4628 struct mgmt_mode *cp = data;
4629 struct pending_cmd *cmd;
4630 struct hci_request req;
4631 int err;
4632
4633 BT_DBG("request for %s", hdev->name);
4634
4635 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4636 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4637 MGMT_STATUS_NOT_SUPPORTED);
4638
4639 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4640 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4641 MGMT_STATUS_REJECTED);
4642
4643 if (cp->val != 0x00 && cp->val != 0x01)
4644 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4645 MGMT_STATUS_INVALID_PARAMS);
4646
4647 hci_dev_lock(hdev);
4648
4649 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4650 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4651 goto unlock;
4652 }
4653
4654 if (!hdev_is_powered(hdev)) {
4655 if (!cp->val) {
0663ca2a
JH		 4656 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4657 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4658 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4659 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4660 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4661 }
4662
4663 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4664
4665 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4666 if (err < 0)
4667 goto unlock;
4668
4669 err = new_settings(hdev, sk);
4670 goto unlock;
4671 }
4672
4673 /* Reject disabling when powered on */
4674 if (!cp->val) {
4675 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4676 MGMT_STATUS_REJECTED);
4677 goto unlock;
4678 }
4679
4680 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4681 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4682 MGMT_STATUS_BUSY);
4683 goto unlock;
4684 }
4685
4686 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4687 if (!cmd) {
4688 err = -ENOMEM;
4689 goto unlock;
4690 }
4691
5947f4bc 4692 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4693 * generates the correct flags.
4694 */
4695 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4696
4697 hci_req_init(&req, hdev);
aa8af46e 4698
432df05e 4699 write_fast_connectable(&req, false);
1d2dc5b7 4700 __hci_update_page_scan(&req);
aa8af46e 4701
f14d8f64
MH		 4702 /* Since only the advertising data flags will change, there
4703 * is no need to update the scan response data.
4704 */
5947f4bc 4705 update_adv_data(&req);
aa8af46e 4706
0663ca2a
JH		 4707 err = hci_req_run(&req, set_bredr_complete);
4708 if (err < 0)
4709 mgmt_pending_remove(cmd);
4710
4711unlock:
4712 hci_dev_unlock(hdev);
4713 return err;
4714}
4715
eac83dc6
MH		 4716static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4717 void *data, u16 len)
4718{
4719 struct mgmt_mode *cp = data;
4720 struct pending_cmd *cmd;
a3209694 4721 u8 val;
eac83dc6
MH		 4722 int err;
4723
4724 BT_DBG("request for %s", hdev->name);
4725
a3209694
JH		 4726 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4727 !lmp_sc_capable(hdev) && !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4728 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4729 MGMT_STATUS_NOT_SUPPORTED);
4730
0ab04a9c 4731 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4732 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4733 MGMT_STATUS_INVALID_PARAMS);
4734
4735 hci_dev_lock(hdev);
4736
a3209694
JH		 4737 if (!hdev_is_powered(hdev) ||
4738 (!lmp_sc_capable(hdev) &&
4739 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags)) ||
4740 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
eac83dc6
MH		 4741 bool changed;
4742
0ab04a9c 4743 if (cp->val) {
eac83dc6
MH		 4744 changed = !test_and_set_bit(HCI_SC_ENABLED,
4745 &hdev->dev_flags);
0ab04a9c
MH		 4746 if (cp->val == 0x02)
4747 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4748 else
4749 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4750 } else {
eac83dc6
MH		 4751 changed = test_and_clear_bit(HCI_SC_ENABLED,
4752 &hdev->dev_flags);
0ab04a9c
MH		 4753 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4754 }
eac83dc6
MH		 4755
4756 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4757 if (err < 0)
4758 goto failed;
4759
4760 if (changed)
4761 err = new_settings(hdev, sk);
4762
4763 goto failed;
4764 }
4765
4766 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4767 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4768 MGMT_STATUS_BUSY);
4769 goto failed;
4770 }
4771
0ab04a9c
MH		 4772 val = !!cp->val;
4773
4774 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4775 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4776 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4777 goto failed;
4778 }
4779
4780 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4781 if (!cmd) {
4782 err = -ENOMEM;
4783 goto failed;
4784 }
4785
0ab04a9c 4786 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4787 if (err < 0) {
4788 mgmt_pending_remove(cmd);
4789 goto failed;
4790 }
4791
0ab04a9c
MH		 4792 if (cp->val == 0x02)
4793 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4794 else
4795 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4796
eac83dc6
MH		 4797failed:
4798 hci_dev_unlock(hdev);
4799 return err;
4800}
4801
4e39ac81
MH		 4802static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4803 void *data, u16 len)
4804{
4805 struct mgmt_mode *cp = data;
b9710979 4806 bool changed, use_changed;
4e39ac81
MH		 4807 int err;
4808
4809 BT_DBG("request for %s", hdev->name);
4810
b9710979 4811 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4812 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4813 MGMT_STATUS_INVALID_PARAMS);
4814
4815 hci_dev_lock(hdev);
4816
4817 if (cp->val)
0663b297
JH		 4818 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4819 &hdev->dev_flags);
4e39ac81 4820 else
0663b297
JH		 4821 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4822 &hdev->dev_flags);
4e39ac81 4823
b9710979
JH		 4824 if (cp->val == 0x02)
4825 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4826 &hdev->dev_flags);
4827 else
4828 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4829 &hdev->dev_flags);
4830
4831 if (hdev_is_powered(hdev) && use_changed &&
4832 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4833 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4834 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4835 sizeof(mode), &mode);
4836 }
4837
4e39ac81
MH		 4838 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4839 if (err < 0)
4840 goto unlock;
4841
4842 if (changed)
4843 err = new_settings(hdev, sk);
4844
4845unlock:
4846 hci_dev_unlock(hdev);
4847 return err;
4848}
4849
62b04cd1
JH		 4850static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4851 u16 len)
4852{
4853 struct mgmt_cp_set_privacy *cp = cp_data;
4854 bool changed;
4855 int err;
4856
4857 BT_DBG("request for %s", hdev->name);
4858
4859 if (!lmp_le_capable(hdev))
4860 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4861 MGMT_STATUS_NOT_SUPPORTED);
4862
4863 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4864 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4865 MGMT_STATUS_INVALID_PARAMS);
4866
4867 if (hdev_is_powered(hdev))
4868 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4869 MGMT_STATUS_REJECTED);
4870
4871 hci_dev_lock(hdev);
4872
c21c0ea0
JH		 4873 /* If user space supports this command it is also expected to
4874 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4875 */
4876 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4877
62b04cd1
JH		 4878 if (cp->privacy) {
4879 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4880 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4881 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4882 } else {
4883 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4884 memset(hdev->irk, 0, sizeof(hdev->irk));
4885 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4886 }
4887
4888 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4889 if (err < 0)
4890 goto unlock;
4891
4892 if (changed)
4893 err = new_settings(hdev, sk);
4894
4895unlock:
4896 hci_dev_unlock(hdev);
4897 return err;
4898}
4899
41edf160
JH		 4900static bool irk_is_valid(struct mgmt_irk_info *irk)
4901{
4902 switch (irk->addr.type) {
4903 case BDADDR_LE_PUBLIC:
4904 return true;
4905
4906 case BDADDR_LE_RANDOM:
4907 /* Two most significant bits shall be set */
4908 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4909 return false;
4910 return true;
4911 }
4912
4913 return false;
4914}
4915
4916static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4917 u16 len)
4918{
4919 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4920 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4921 sizeof(struct mgmt_irk_info));
41edf160
JH		 4922 u16 irk_count, expected_len;
4923 int i, err;
4924
4925 BT_DBG("request for %s", hdev->name);
4926
4927 if (!lmp_le_capable(hdev))
4928 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4929 MGMT_STATUS_NOT_SUPPORTED);
4930
4931 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4932 if (irk_count > max_irk_count) {
4933 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4934 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4935 MGMT_STATUS_INVALID_PARAMS);
4936 }
41edf160
JH		 4937
4938 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4939 if (expected_len != len) {
4940 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4941 expected_len, len);
41edf160
JH		 4942 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4943 MGMT_STATUS_INVALID_PARAMS);
4944 }
4945
4946 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4947
4948 for (i = 0; i < irk_count; i++) {
4949 struct mgmt_irk_info *key = &cp->irks[i];
4950
4951 if (!irk_is_valid(key))
4952 return cmd_status(sk, hdev->id,
4953 MGMT_OP_LOAD_IRKS,
4954 MGMT_STATUS_INVALID_PARAMS);
4955 }
4956
4957 hci_dev_lock(hdev);
4958
4959 hci_smp_irks_clear(hdev);
4960
4961 for (i = 0; i < irk_count; i++) {
4962 struct mgmt_irk_info *irk = &cp->irks[i];
4963 u8 addr_type;
4964
4965 if (irk->addr.type == BDADDR_LE_PUBLIC)
4966 addr_type = ADDR_LE_DEV_PUBLIC;
4967 else
4968 addr_type = ADDR_LE_DEV_RANDOM;
4969
4970 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4971 BDADDR_ANY);
4972 }
4973
4974 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4975
4976 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4977
4978 hci_dev_unlock(hdev);
4979
4980 return err;
4981}
4982
3f706b72
JH		 4983static bool ltk_is_valid(struct mgmt_ltk_info *key)
4984{
4985 if (key->master != 0x00 && key->master != 0x01)
4986 return false;
490cb0b3
MH		 4987
4988 switch (key->addr.type) {
4989 case BDADDR_LE_PUBLIC:
4990 return true;
4991
4992 case BDADDR_LE_RANDOM:
4993 /* Two most significant bits shall be set */
4994 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4995 return false;
4996 return true;
4997 }
4998
4999 return false;
3f706b72
JH		 5000}
5001
bdb6d971 5002static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5003 void *cp_data, u16 len)
346af67b 5004{
346af67b 5005 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5006 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5007 sizeof(struct mgmt_ltk_info));
346af67b 5008 u16 key_count, expected_len;
715a5bf2 5009 int i, err;
346af67b 5010
cf99ba13
MH		 5011 BT_DBG("request for %s", hdev->name);
5012
5013 if (!lmp_le_capable(hdev))
5014 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5015 MGMT_STATUS_NOT_SUPPORTED);
5016
1f350c87 5017 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5018 if (key_count > max_key_count) {
5019 BT_ERR("load_ltks: too big key_count value %u", key_count);
5020 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5021 MGMT_STATUS_INVALID_PARAMS);
5022 }
346af67b
VCG		 5023
5024 expected_len = sizeof(*cp) + key_count *
5025 sizeof(struct mgmt_ltk_info);
5026 if (expected_len != len) {
5027 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5028 expected_len, len);
bdb6d971 5029 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 5030 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5031 }
5032
bdb6d971 5033 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5034
54ad6d8a
JH		 5035 for (i = 0; i < key_count; i++) {
5036 struct mgmt_ltk_info *key = &cp->keys[i];
5037
3f706b72 5038 if (!ltk_is_valid(key))
54ad6d8a
JH		 5039 return cmd_status(sk, hdev->id,
5040 MGMT_OP_LOAD_LONG_TERM_KEYS,
5041 MGMT_STATUS_INVALID_PARAMS);
5042 }
5043
346af67b
VCG		 5044 hci_dev_lock(hdev);
5045
5046 hci_smp_ltks_clear(hdev);
5047
5048 for (i = 0; i < key_count; i++) {
5049 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5050 u8 type, addr_type, authenticated;
79d95a19
MH		 5051
5052 if (key->addr.type == BDADDR_LE_PUBLIC)
5053 addr_type = ADDR_LE_DEV_PUBLIC;
5054 else
5055 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5056
61b43357
JH		 5057 switch (key->type) {
5058 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5059 authenticated = 0x00;
23fb8de3 5060 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5061 break;
5062 case MGMT_LTK_AUTHENTICATED:
d7b25450 5063 authenticated = 0x01;
23fb8de3
JH		 5064 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5065 break;
5066 case MGMT_LTK_P256_UNAUTH:
5067 authenticated = 0x00;
5068 type = SMP_LTK_P256;
61b43357 5069 break;
23fb8de3
JH		 5070 case MGMT_LTK_P256_AUTH:
5071 authenticated = 0x01;
5072 type = SMP_LTK_P256;
61b43357 5073 break;
23fb8de3
JH		 5074 case MGMT_LTK_P256_DEBUG:
5075 authenticated = 0x00;
5076 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5077 default:
5078 continue;
5079 }
d7b25450 5080
35d70271 5081 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5082 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5083 key->rand);
346af67b
VCG		 5084 }
5085
715a5bf2
JH		 5086 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5087 NULL, 0);
5088
346af67b 5089 hci_dev_unlock(hdev);
346af67b 5090
715a5bf2 5091 return err;
346af67b
VCG		 5092}
5093
9981bdb0 5094static void conn_info_cmd_complete(struct pending_cmd *cmd, u8 status)
dd983808 5095{
dd983808 5096 struct hci_conn *conn = cmd->user_data;
9981bdb0 5097 struct mgmt_rp_get_conn_info rp;
dd983808 5098
9981bdb0 5099 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5100
9981bdb0 5101 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5102 rp.rssi = conn->rssi;
9981bdb0
JH		 5103 rp.tx_power = conn->tx_power;
5104 rp.max_tx_power = conn->max_tx_power;
5105 } else {
5106 rp.rssi = HCI_RSSI_INVALID;
5107 rp.tx_power = HCI_TX_POWER_INVALID;
5108 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5109 }
5110
9981bdb0
JH		 5111 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
5112 &rp, sizeof(rp));
dd983808
AK		 5113
5114 hci_conn_drop(conn);
f8aaf9b6 5115 hci_conn_put(conn);
dd983808
AK		 5116}
5117
9981bdb0 5118static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status)
dd983808
AK		 5119{
5120 struct hci_cp_read_rssi *cp;
9981bdb0 5121 struct pending_cmd *cmd;
dd983808 5122 struct hci_conn *conn;
dd983808 5123 u16 handle;
9981bdb0 5124 u8 status;
dd983808 5125
9981bdb0 5126 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5127
5128 hci_dev_lock(hdev);
5129
dd983808
AK		 5130 /* Commands sent in request are either Read RSSI or Read Transmit Power
5131 * Level so we check which one was last sent to retrieve connection
5132 * handle. Both commands have handle as first parameter so it's safe to
5133 * cast data on the same command struct.
5134 *
5135 * First command sent is always Read RSSI and we fail only if it fails.
5136 * In other case we simply override error to indicate success as we
5137 * already remembered if TX power value is actually valid.
5138 */
5139 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5140 if (!cp) {
5141 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5142 status = MGMT_STATUS_SUCCESS;
5143 } else {
5144 status = mgmt_status(hci_status);
dd983808
AK		 5145 }
5146
5147 if (!cp) {
9981bdb0 5148 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5149 goto unlock;
5150 }
5151
5152 handle = __le16_to_cpu(cp->handle);
5153 conn = hci_conn_hash_lookup_handle(hdev, handle);
5154 if (!conn) {
9981bdb0 5155 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5156 goto unlock;
5157 }
5158
9981bdb0
JH		 5159 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5160 if (!cmd)
5161 goto unlock;
dd983808 5162
9981bdb0
JH		 5163 cmd->cmd_complete(cmd, status);
5164 mgmt_pending_remove(cmd);
dd983808
AK		 5165
5166unlock:
5167 hci_dev_unlock(hdev);
5168}
5169
5170static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5171 u16 len)
5172{
5173 struct mgmt_cp_get_conn_info *cp = data;
5174 struct mgmt_rp_get_conn_info rp;
5175 struct hci_conn *conn;
5176 unsigned long conn_info_age;
5177 int err = 0;
5178
5179 BT_DBG("%s", hdev->name);
5180
5181 memset(&rp, 0, sizeof(rp));
5182 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5183 rp.addr.type = cp->addr.type;
5184
5185 if (!bdaddr_type_is_valid(cp->addr.type))
5186 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5187 MGMT_STATUS_INVALID_PARAMS,
5188 &rp, sizeof(rp));
5189
5190 hci_dev_lock(hdev);
5191
5192 if (!hdev_is_powered(hdev)) {
5193 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5194 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5195 goto unlock;
5196 }
5197
5198 if (cp->addr.type == BDADDR_BREDR)
5199 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5200 &cp->addr.bdaddr);
5201 else
5202 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5203
5204 if (!conn || conn->state != BT_CONNECTED) {
5205 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5206 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
5207 goto unlock;
5208 }
5209
9981bdb0
JH		 5210 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5211 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5212 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5213 goto unlock;
5214 }
5215
dd983808
AK		 5216 /* To avoid client trying to guess when to poll again for information we
5217 * calculate conn info age as random value between min/max set in hdev.
5218 */
5219 conn_info_age = hdev->conn_info_min_age +
5220 prandom_u32_max(hdev->conn_info_max_age -
5221 hdev->conn_info_min_age);
5222
5223 /* Query controller to refresh cached values if they are too old or were
5224 * never read.
5225 */
f4e2dd53
AK		 5226 if (time_after(jiffies, conn->conn_info_timestamp +
5227 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5228 !conn->conn_info_timestamp) {
5229 struct hci_request req;
5230 struct hci_cp_read_tx_power req_txp_cp;
5231 struct hci_cp_read_rssi req_rssi_cp;
5232 struct pending_cmd *cmd;
5233
5234 hci_req_init(&req, hdev);
5235 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5236 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5237 &req_rssi_cp);
5238
f7faab0c
AK		 5239 /* For LE links TX power does not change thus we don't need to
5240 * query for it once value is known.
5241 */
5242 if (!bdaddr_type_is_le(cp->addr.type) ||
5243 conn->tx_power == HCI_TX_POWER_INVALID) {
5244 req_txp_cp.handle = cpu_to_le16(conn->handle);
5245 req_txp_cp.type = 0x00;
5246 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5247 sizeof(req_txp_cp), &req_txp_cp);
5248 }
dd983808 5249
eed5daf3
AK		 5250 /* Max TX power needs to be read only once per connection */
5251 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5252 req_txp_cp.handle = cpu_to_le16(conn->handle);
5253 req_txp_cp.type = 0x01;
5254 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5255 sizeof(req_txp_cp), &req_txp_cp);
5256 }
5257
dd983808
AK		 5258 err = hci_req_run(&req, conn_info_refresh_complete);
5259 if (err < 0)
5260 goto unlock;
5261
5262 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5263 data, len);
5264 if (!cmd) {
5265 err = -ENOMEM;
5266 goto unlock;
5267 }
5268
5269 hci_conn_hold(conn);
f8aaf9b6 5270 cmd->user_data = hci_conn_get(conn);
9981bdb0 5271 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5272
5273 conn->conn_info_timestamp = jiffies;
5274 } else {
5275 /* Cache is valid, just reply with values cached in hci_conn */
5276 rp.rssi = conn->rssi;
5277 rp.tx_power = conn->tx_power;
eed5daf3 5278 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 5279
5280 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5281 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5282 }
5283
5284unlock:
5285 hci_dev_unlock(hdev);
5286 return err;
5287}
5288
69487371 5289static void clock_info_cmd_complete(struct pending_cmd *cmd, u8 status)
95868426 5290{
69487371 5291 struct hci_conn *conn = cmd->user_data;
95868426 5292 struct mgmt_rp_get_clock_info rp;
69487371
JH		 5293 struct hci_dev *hdev;
5294
5295 memset(&rp, 0, sizeof(rp));
5296 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5297
5298 if (status)
5299 goto complete;
5300
5301 hdev = hci_dev_get(cmd->index);
5302 if (hdev) {
5303 rp.local_clock = cpu_to_le32(hdev->clock);
5304 hci_dev_put(hdev);
5305 }
5306
5307 if (conn) {
5308 rp.piconet_clock = cpu_to_le32(conn->clock);
5309 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5310 }
5311
5312complete:
5313 cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp, sizeof(rp));
5314
5315 if (conn) {
5316 hci_conn_drop(conn);
5317 hci_conn_put(conn);
5318 }
5319}
5320
5321static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5322{
95868426
JH		 5323 struct hci_cp_read_clock *hci_cp;
5324 struct pending_cmd *cmd;
5325 struct hci_conn *conn;
5326
5327 BT_DBG("%s status %u", hdev->name, status);
5328
5329 hci_dev_lock(hdev);
5330
5331 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5332 if (!hci_cp)
5333 goto unlock;
5334
5335 if (hci_cp->which) {
5336 u16 handle = __le16_to_cpu(hci_cp->handle);
5337 conn = hci_conn_hash_lookup_handle(hdev, handle);
5338 } else {
5339 conn = NULL;
5340 }
5341
5342 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5343 if (!cmd)
5344 goto unlock;
5345
69487371 5346 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5347 mgmt_pending_remove(cmd);
95868426
JH		 5348
5349unlock:
5350 hci_dev_unlock(hdev);
5351}
5352
5353static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5354 u16 len)
5355{
5356 struct mgmt_cp_get_clock_info *cp = data;
5357 struct mgmt_rp_get_clock_info rp;
5358 struct hci_cp_read_clock hci_cp;
5359 struct pending_cmd *cmd;
5360 struct hci_request req;
5361 struct hci_conn *conn;
5362 int err;
5363
5364 BT_DBG("%s", hdev->name);
5365
5366 memset(&rp, 0, sizeof(rp));
5367 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5368 rp.addr.type = cp->addr.type;
5369
5370 if (cp->addr.type != BDADDR_BREDR)
5371 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5372 MGMT_STATUS_INVALID_PARAMS,
5373 &rp, sizeof(rp));
5374
5375 hci_dev_lock(hdev);
5376
5377 if (!hdev_is_powered(hdev)) {
5378 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5379 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5380 goto unlock;
5381 }
5382
5383 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5384 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5385 &cp->addr.bdaddr);
5386 if (!conn || conn->state != BT_CONNECTED) {
5387 err = cmd_complete(sk, hdev->id,
5388 MGMT_OP_GET_CLOCK_INFO,
5389 MGMT_STATUS_NOT_CONNECTED,
5390 &rp, sizeof(rp));
5391 goto unlock;
5392 }
5393 } else {
5394 conn = NULL;
5395 }
5396
5397 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5398 if (!cmd) {
5399 err = -ENOMEM;
5400 goto unlock;
5401 }
5402
69487371
JH		 5403 cmd->cmd_complete = clock_info_cmd_complete;
5404
95868426
JH		 5405 hci_req_init(&req, hdev);
5406
5407 memset(&hci_cp, 0, sizeof(hci_cp));
5408 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5409
5410 if (conn) {
5411 hci_conn_hold(conn);
f8aaf9b6 5412 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5413
5414 hci_cp.handle = cpu_to_le16(conn->handle);
5415 hci_cp.which = 0x01; /* Piconet clock */
5416 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5417 }
5418
5419 err = hci_req_run(&req, get_clock_info_complete);
5420 if (err < 0)
5421 mgmt_pending_remove(cmd);
5422
5423unlock:
5424 hci_dev_unlock(hdev);
5425 return err;
5426}
5427
8afef092
MH		 5428static void device_added(struct sock *sk, struct hci_dev *hdev,
5429 bdaddr_t *bdaddr, u8 type, u8 action)
5430{
5431 struct mgmt_ev_device_added ev;
5432
5433 bacpy(&ev.addr.bdaddr, bdaddr);
5434 ev.addr.type = type;
5435 ev.action = action;
5436
5437 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5438}
5439
2faade53
MH		 5440static int add_device(struct sock *sk, struct hci_dev *hdev,
5441 void *data, u16 len)
5442{
5443 struct mgmt_cp_add_device *cp = data;
5444 u8 auto_conn, addr_type;
5445 int err;
5446
5447 BT_DBG("%s", hdev->name);
5448
6659358e 5449 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53
MH		 5450 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5451 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5452 MGMT_STATUS_INVALID_PARAMS,
5453 &cp->addr, sizeof(cp->addr));
5454
4b9e7e75 5455 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2faade53
MH		 5456 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5457 MGMT_STATUS_INVALID_PARAMS,
5458 &cp->addr, sizeof(cp->addr));
5459
5460 hci_dev_lock(hdev);
5461
6659358e 5462 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5463 /* Only incoming connections action is supported for now */
6659358e
JH		 5464 if (cp->action != 0x01) {
5465 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5466 MGMT_STATUS_INVALID_PARAMS,
5467 &cp->addr, sizeof(cp->addr));
5468 goto unlock;
5469 }
5470
5471 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5472 cp->addr.type);
5473 if (err)
5474 goto unlock;
a397407f 5475
1d2dc5b7 5476 hci_update_page_scan(hdev);
a397407f 5477
6659358e
JH		 5478 goto added;
5479 }
5480
2faade53
MH		 5481 if (cp->addr.type == BDADDR_LE_PUBLIC)
5482 addr_type = ADDR_LE_DEV_PUBLIC;
5483 else
5484 addr_type = ADDR_LE_DEV_RANDOM;
5485
4b9e7e75 5486 if (cp->action == 0x02)
2faade53 5487 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5488 else if (cp->action == 0x01)
5489 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5490 else
a3451d27 5491 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5492
bf5b3c8b
MH		 5493 /* If the connection parameters don't exist for this device,
5494 * they will be created and configured with defaults.
5495 */
d06b50ce
MH		 5496 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5497 auto_conn) < 0) {
2faade53
MH		 5498 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5499 MGMT_STATUS_FAILED,
5500 &cp->addr, sizeof(cp->addr));
5501 goto unlock;
5502 }
5503
6659358e 5504added:
8afef092
MH		 5505 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5506
2faade53
MH		 5507 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5508 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5509
5510unlock:
5511 hci_dev_unlock(hdev);
5512 return err;
5513}
5514
8afef092
MH		 5515static void device_removed(struct sock *sk, struct hci_dev *hdev,
5516 bdaddr_t *bdaddr, u8 type)
5517{
5518 struct mgmt_ev_device_removed ev;
5519
5520 bacpy(&ev.addr.bdaddr, bdaddr);
5521 ev.addr.type = type;
5522
5523 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5524}
5525
51ef3ebe
JH		 5526static void remove_device_complete(struct hci_dev *hdev, u8 status)
5527{
5528 struct pending_cmd *cmd;
5529
5530 BT_DBG("status 0x%02x", status);
5531
5532 hci_dev_lock(hdev);
5533
5534 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
5535 if (!cmd)
5536 goto unlock;
5537
5538 cmd->cmd_complete(cmd, mgmt_status(status));
5539 mgmt_pending_remove(cmd);
5540
5541unlock:
5542 hci_dev_unlock(hdev);
5543}
5544
2faade53
MH		 5545static int remove_device(struct sock *sk, struct hci_dev *hdev,
5546 void *data, u16 len)
5547{
5548 struct mgmt_cp_remove_device *cp = data;
51ef3ebe
JH		 5549 struct pending_cmd *cmd;
5550 struct hci_request req;
2faade53
MH		 5551 int err;
5552
5553 BT_DBG("%s", hdev->name);
5554
51ef3ebe
JH		 5555 hci_req_init(&req, hdev);
5556
2faade53
MH		 5557 hci_dev_lock(hdev);
5558
51ef3ebe
JH		 5559 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5560 if (!cmd) {
5561 err = -ENOMEM;
5562 goto unlock;
5563 }
5564
5565 cmd->cmd_complete = addr_cmd_complete;
5566
2faade53 5567 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5568 struct hci_conn_params *params;
2faade53
MH		 5569 u8 addr_type;
5570
6659358e 5571 if (!bdaddr_type_is_valid(cp->addr.type)) {
51ef3ebe
JH		 5572 err = 0;
5573 cmd->cmd_complete(cmd, MGMT_STATUS_INVALID_PARAMS);
5574 mgmt_pending_remove(cmd);
2faade53
MH		 5575 goto unlock;
5576 }
5577
6659358e
JH		 5578 if (cp->addr.type == BDADDR_BREDR) {
5579 err = hci_bdaddr_list_del(&hdev->whitelist,
5580 &cp->addr.bdaddr,
5581 cp->addr.type);
5582 if (err) {
51ef3ebe
JH		 5583 err = 0;
5584 cmd->cmd_complete(cmd,
5585 MGMT_STATUS_INVALID_PARAMS);
5586 mgmt_pending_remove(cmd);
6659358e
JH		 5587 goto unlock;
5588 }
5589
51ef3ebe 5590 __hci_update_page_scan(&req);
a397407f 5591
6659358e
JH		 5592 device_removed(sk, hdev, &cp->addr.bdaddr,
5593 cp->addr.type);
5594 goto complete;
5595 }
5596
2faade53
MH		 5597 if (cp->addr.type == BDADDR_LE_PUBLIC)
5598 addr_type = ADDR_LE_DEV_PUBLIC;
5599 else
5600 addr_type = ADDR_LE_DEV_RANDOM;
5601
c71593dd
JH		 5602 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5603 addr_type);
5604 if (!params) {
51ef3ebe
JH		 5605 err = 0;
5606 cmd->cmd_complete(cmd, MGMT_STATUS_INVALID_PARAMS);
5607 mgmt_pending_remove(cmd);
c71593dd
JH		 5608 goto unlock;
5609 }
5610
5611 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
51ef3ebe
JH		 5612 err = 0;
5613 cmd->cmd_complete(cmd, MGMT_STATUS_INVALID_PARAMS);
5614 mgmt_pending_remove(cmd);
c71593dd
JH		 5615 goto unlock;
5616 }
5617
d1dbf12e 5618 list_del(&params->action);
c71593dd
JH		 5619 list_del(&params->list);
5620 kfree(params);
51ef3ebe 5621 __hci_update_background_scan(&req);
8afef092
MH		 5622
5623 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5624 } else {
19de0825 5625 struct hci_conn_params *p, *tmp;
6659358e 5626 struct bdaddr_list *b, *btmp;
19de0825 5627
2faade53 5628 if (cp->addr.type) {
51ef3ebe
JH		 5629 err = 0;
5630 cmd->cmd_complete(cmd, MGMT_STATUS_INVALID_PARAMS);
5631 mgmt_pending_remove(cmd);
2faade53
MH		 5632 goto unlock;
5633 }
5634
6659358e
JH		 5635 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5636 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5637 list_del(&b->list);
5638 kfree(b);
5639 }
5640
51ef3ebe 5641 __hci_update_page_scan(&req);
a397407f 5642
19de0825
JH		 5643 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5644 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5645 continue;
5646 device_removed(sk, hdev, &p->addr, p->addr_type);
5647 list_del(&p->action);
5648 list_del(&p->list);
5649 kfree(p);
5650 }
5651
5652 BT_DBG("All LE connection parameters were removed");
5653
51ef3ebe 5654 __hci_update_background_scan(&req);
2faade53
MH		 5655 }
5656
6659358e 5657complete:
51ef3ebe
JH		 5658 err = hci_req_run(&req, remove_device_complete);
5659 if (err < 0) {
5660 /* ENODATA means no HCI commands were needed (e.g. if
5661 * the adapter is powered off).
5662 */
5663 if (err == -ENODATA) {
5664 cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5665 err = 0;
5666 }
5667 mgmt_pending_remove(cmd);
5668 }
2faade53
MH		 5669
5670unlock:
5671 hci_dev_unlock(hdev);
5672 return err;
5673}
5674
a26f3dcf
JH		 5675static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5676 u16 len)
5677{
5678 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5679 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5680 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5681 u16 param_count, expected_len;
5682 int i;
5683
5684 if (!lmp_le_capable(hdev))
5685 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5686 MGMT_STATUS_NOT_SUPPORTED);
5687
5688 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5689 if (param_count > max_param_count) {
5690 BT_ERR("load_conn_param: too big param_count value %u",
5691 param_count);
5692 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5693 MGMT_STATUS_INVALID_PARAMS);
5694 }
a26f3dcf
JH		 5695
5696 expected_len = sizeof(*cp) + param_count *
5697 sizeof(struct mgmt_conn_param);
5698 if (expected_len != len) {
5699 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5700 expected_len, len);
5701 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5702 MGMT_STATUS_INVALID_PARAMS);
5703 }
5704
5705 BT_DBG("%s param_count %u", hdev->name, param_count);
5706
5707 hci_dev_lock(hdev);
5708
5709 hci_conn_params_clear_disabled(hdev);
5710
5711 for (i = 0; i < param_count; i++) {
5712 struct mgmt_conn_param *param = &cp->params[i];
5713 struct hci_conn_params *hci_param;
5714 u16 min, max, latency, timeout;
5715 u8 addr_type;
5716
5717 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5718 param->addr.type);
5719
5720 if (param->addr.type == BDADDR_LE_PUBLIC) {
5721 addr_type = ADDR_LE_DEV_PUBLIC;
5722 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5723 addr_type = ADDR_LE_DEV_RANDOM;
5724 } else {
5725 BT_ERR("Ignoring invalid connection parameters");
5726 continue;
5727 }
5728
5729 min = le16_to_cpu(param->min_interval);
5730 max = le16_to_cpu(param->max_interval);
5731 latency = le16_to_cpu(param->latency);
5732 timeout = le16_to_cpu(param->timeout);
5733
5734 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5735 min, max, latency, timeout);
5736
5737 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5738 BT_ERR("Ignoring invalid connection parameters");
5739 continue;
5740 }
5741
5742 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5743 addr_type);
5744 if (!hci_param) {
5745 BT_ERR("Failed to add connection parameters");
5746 continue;
5747 }
5748
5749 hci_param->conn_min_interval = min;
5750 hci_param->conn_max_interval = max;
5751 hci_param->conn_latency = latency;
5752 hci_param->supervision_timeout = timeout;
5753 }
5754
5755 hci_dev_unlock(hdev);
5756
5757 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5758}
5759
dbece37a
MH		 5760static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5761 void *data, u16 len)
5762{
5763 struct mgmt_cp_set_external_config *cp = data;
5764 bool changed;
5765 int err;
5766
5767 BT_DBG("%s", hdev->name);
5768
5769 if (hdev_is_powered(hdev))
5770 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5771 MGMT_STATUS_REJECTED);
5772
5773 if (cp->config != 0x00 && cp->config != 0x01)
5774 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5775 MGMT_STATUS_INVALID_PARAMS);
5776
5777 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5778 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5779 MGMT_STATUS_NOT_SUPPORTED);
5780
5781 hci_dev_lock(hdev);
5782
5783 if (cp->config)
5784 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5785 &hdev->dev_flags);
5786 else
5787 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5788 &hdev->dev_flags);
5789
5790 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5791 if (err < 0)
5792 goto unlock;
5793
5794 if (!changed)
5795 goto unlock;
5796
f4537c04
MH		 5797 err = new_options(hdev, sk);
5798
dbece37a
MH		 5799 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5800 mgmt_index_removed(hdev);
d603b76b
MH		 5801
5802 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5803 set_bit(HCI_CONFIG, &hdev->dev_flags);
5804 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5805
5806 queue_work(hdev->req_workqueue, &hdev->power_on);
5807 } else {
5ea234d3 5808 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5809 mgmt_index_added(hdev);
5810 }
dbece37a
MH		 5811 }
5812
5813unlock:
5814 hci_dev_unlock(hdev);
5815 return err;
5816}
5817
9713c17b
MH		 5818static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5819 void *data, u16 len)
5820{
5821 struct mgmt_cp_set_public_address *cp = data;
5822 bool changed;
5823 int err;
5824
5825 BT_DBG("%s", hdev->name);
5826
5827 if (hdev_is_powered(hdev))
5828 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5829 MGMT_STATUS_REJECTED);
5830
5831 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5832 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5833 MGMT_STATUS_INVALID_PARAMS);
5834
5835 if (!hdev->set_bdaddr)
5836 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5837 MGMT_STATUS_NOT_SUPPORTED);
5838
5839 hci_dev_lock(hdev);
5840
5841 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5842 bacpy(&hdev->public_addr, &cp->bdaddr);
5843
5844 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5845 if (err < 0)
5846 goto unlock;
5847
5848 if (!changed)
5849 goto unlock;
5850
5851 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5852 err = new_options(hdev, sk);
5853
5854 if (is_configured(hdev)) {
5855 mgmt_index_removed(hdev);
5856
5857 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5858
5859 set_bit(HCI_CONFIG, &hdev->dev_flags);
5860 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5861
5862 queue_work(hdev->req_workqueue, &hdev->power_on);
5863 }
5864
5865unlock:
5866 hci_dev_unlock(hdev);
5867 return err;
5868}
5869
2e3c35ea 5870static const struct mgmt_handler {
04124681
GP		 5871 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5872 u16 data_len);
be22b54e
JH		 5873 bool var_len;
5874 size_t data_len;
0f4e68cf
JH		 5875} mgmt_handlers[] = {
5876 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5877 { read_version, false, MGMT_READ_VERSION_SIZE },
5878 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5879 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5880 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5881 { set_powered, false, MGMT_SETTING_SIZE },
5882 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5883 { set_connectable, false, MGMT_SETTING_SIZE },
5884 { set_fast_connectable, false, MGMT_SETTING_SIZE },
b2939475 5885 { set_bondable, false, MGMT_SETTING_SIZE },
be22b54e
JH		 5886 { set_link_security, false, MGMT_SETTING_SIZE },
5887 { set_ssp, false, MGMT_SETTING_SIZE },
5888 { set_hs, false, MGMT_SETTING_SIZE },
5889 { set_le, false, MGMT_SETTING_SIZE },
5890 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5891 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5892 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5893 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5894 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5895 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5896 { disconnect, false, MGMT_DISCONNECT_SIZE },
5897 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5898 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5899 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5900 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5901 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5902 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5903 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5904 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5905 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5906 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5907 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5908 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5909 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5910 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5911 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5912 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5913 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5914 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5915 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5916 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5917 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5918 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5919 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5920 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5921 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5922 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5923 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5924 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5925 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5926 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5927 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5928 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
73d1df2a
MH		 5929 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
5930 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
9fc3bfb6 5931 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
dbece37a 5932 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
9713c17b 5933 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
66ea9427 5934 { start_service_discovery,true, MGMT_START_SERVICE_DISCOVERY_SIZE },
0f4e68cf
JH		 5935};
5936
0381101f
JH		 5937int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5938{
650f726d
VCG		 5939 void *buf;
5940 u8 *cp;
0381101f 5941 struct mgmt_hdr *hdr;
4e51eae9 5942 u16 opcode, index, len;
bdb6d971 5943 struct hci_dev *hdev = NULL;
2e3c35ea 5944 const struct mgmt_handler *handler;
0381101f
JH		 5945 int err;
5946
5947 BT_DBG("got %zu bytes", msglen);
5948
5949 if (msglen < sizeof(*hdr))
5950 return -EINVAL;
5951
e63a15ec 5952 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5953 if (!buf)
5954 return -ENOMEM;
5955
6ce8e9ce 5956 if (memcpy_from_msg(buf, msg, msglen)) {
0381101f
JH		 5957 err = -EFAULT;
5958 goto done;
5959 }
5960
650f726d 5961 hdr = buf;
1f350c87
MH		 5962 opcode = __le16_to_cpu(hdr->opcode);
5963 index = __le16_to_cpu(hdr->index);
5964 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5965
5966 if (len != msglen - sizeof(*hdr)) {
5967 err = -EINVAL;
5968 goto done;
5969 }
5970
0f4e68cf 5971 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5972 hdev = hci_dev_get(index);
5973 if (!hdev) {
5974 err = cmd_status(sk, index, opcode,
04124681 5975 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5976 goto done;
5977 }
0736cfa8 5978
cebf4cfd 5979 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 5980 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 5981 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 5982 err = cmd_status(sk, index, opcode,
5983 MGMT_STATUS_INVALID_INDEX);
5984 goto done;
5985 }
42a9bc14
MH		 5986
5987 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
dbece37a 5988 opcode != MGMT_OP_READ_CONFIG_INFO &&
9713c17b
MH		 5989 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
5990 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
42a9bc14
MH		 5991 err = cmd_status(sk, index, opcode,
5992 MGMT_STATUS_INVALID_INDEX);
5993 goto done;
5994 }
bdb6d971
JH		 5995 }
5996
0f4e68cf 5997 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5998 mgmt_handlers[opcode].func == NULL) {
0381101f 5999 BT_DBG("Unknown op %u", opcode);
ca69b795 6000 err = cmd_status(sk, index, opcode,
04124681 6001 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 6002 goto done;
6003 }
6004
73d1df2a
MH		 6005 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
6006 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
6007 err = cmd_status(sk, index, opcode,
6008 MGMT_STATUS_INVALID_INDEX);
6009 goto done;
6010 }
6011
6012 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
6013 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
0f4e68cf 6014 err = cmd_status(sk, index, opcode,
04124681 6015 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 6016 goto done;
0381101f
JH		 6017 }
6018
be22b54e
JH		 6019 handler = &mgmt_handlers[opcode];
6020
6021 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 6022 (!handler->var_len && len != handler->data_len)) {
be22b54e 6023 err = cmd_status(sk, index, opcode,
04124681 6024 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 6025 goto done;
6026 }
6027
0f4e68cf
JH		 6028 if (hdev)
6029 mgmt_init_hdev(sk, hdev);
6030
6031 cp = buf + sizeof(*hdr);
6032
be22b54e 6033 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 6034 if (err < 0)
6035 goto done;
6036
0381101f
JH		 6037 err = msglen;
6038
6039done:
bdb6d971
JH		 6040 if (hdev)
6041 hci_dev_put(hdev);
6042
0381101f
JH		 6043 kfree(buf);
6044 return err;
6045}
c71e97bf 6046
bf6b56db 6047void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6048{
1514b892 6049 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6050 return;
bb4b2a9a 6051
0602a8ad
MH		 6052 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6053 return;
6054
6055 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6056 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
6057 else
6058 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 6059}
6060
bf6b56db 6061void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6062{
5f159032 6063 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6064
1514b892 6065 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6066 return;
bb4b2a9a 6067
0602a8ad
MH		 6068 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6069 return;
6070
1b9b5ee5 6071 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6072
edd3896b
MH		 6073 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6074 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
6075 else
6076 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 6077}
6078
6046dc3e 6079/* This function requires the caller holds hdev->lock */
2cf22218 6080static void restart_le_actions(struct hci_request *req)
6046dc3e 6081{
2cf22218 6082 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 6083 struct hci_conn_params *p;
6084
6085 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6086 /* Needed for AUTO_OFF case where might not "really"
6087 * have been powered off.
6088 */
6089 list_del_init(&p->action);
6090
6091 switch (p->auto_connect) {
4b9e7e75 6092 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6093 case HCI_AUTO_CONN_ALWAYS:
6094 list_add(&p->action, &hdev->pend_le_conns);
6095 break;
6096 case HCI_AUTO_CONN_REPORT:
6097 list_add(&p->action, &hdev->pend_le_reports);
6098 break;
6099 default:
6100 break;
c83ed19d 6101 }
6046dc3e 6102 }
c83ed19d 6103
2cf22218 6104 __hci_update_background_scan(req);
6046dc3e
AG		 6105}
6106
229ab39c
JH		 6107static void powered_complete(struct hci_dev *hdev, u8 status)
6108{
6109 struct cmd_lookup match = { NULL, hdev };
6110
6111 BT_DBG("status 0x%02x", status);
6112
6113 hci_dev_lock(hdev);
6114
6115 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6116
6117 new_settings(hdev, match.sk);
6118
6119 hci_dev_unlock(hdev);
6120
6121 if (match.sk)
6122 sock_put(match.sk);
6123}
6124
70da6243 6125static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6126{
890ea898 6127 struct hci_request req;
70da6243 6128 u8 link_sec;
5add6af8 6129
890ea898
JH		 6130 hci_req_init(&req, hdev);
6131
70da6243
JH		 6132 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
6133 !lmp_host_ssp_capable(hdev)) {
6134 u8 ssp = 1;
5e5282bb 6135
890ea898 6136 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 6137 }
5add6af8 6138
ec6f99b8
JH		 6139 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6140 u8 sc = 0x01;
6141 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, sizeof(sc), &sc);
6142 }
6143
c73eee91
JH		 6144 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
6145 lmp_bredr_capable(hdev)) {
70da6243 6146 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6147
32226e4f
MH		 6148 cp.le = 0x01;
6149 cp.simul = 0x00;
3d1cbdd6 6150
70da6243
JH		 6151 /* Check first if we already have the right
6152 * host state (host features set)
6153 */
6154 if (cp.le != lmp_host_le_capable(hdev) ||
6155 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6156 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6157 sizeof(cp), &cp);
70da6243 6158 }
3d1cbdd6 6159
d13eafce 6160 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6161 /* Make sure the controller has a good default for
6162 * advertising data. This also applies to the case
6163 * where BR/EDR was toggled during the AUTO_OFF phase.
6164 */
f14d8f64 6165 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 6166 update_adv_data(&req);
f14d8f64
MH		 6167 update_scan_rsp_data(&req);
6168 }
441ad2d0 6169
bba3aa55
MH		 6170 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6171 enable_advertising(&req);
2cf22218
JH		 6172
6173 restart_le_actions(&req);
eeca6f89
JH		 6174 }
6175
70da6243
JH		 6176 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
6177 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6178 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6179 sizeof(link_sec), &link_sec);
562fcc24 6180
70da6243 6181 if (lmp_bredr_capable(hdev)) {
432df05e 6182 write_fast_connectable(&req, false);
1d2dc5b7 6183 __hci_update_page_scan(&req);
890ea898 6184 update_class(&req);
13928971 6185 update_name(&req);
890ea898 6186 update_eir(&req);
70da6243 6187 }
562fcc24 6188
229ab39c 6189 return hci_req_run(&req, powered_complete);
70da6243 6190}
562fcc24 6191
70da6243
JH		 6192int mgmt_powered(struct hci_dev *hdev, u8 powered)
6193{
6194 struct cmd_lookup match = { NULL, hdev };
9845904f 6195 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6196 int err;
f0ff92fb 6197
70da6243
JH		 6198 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
6199 return 0;
6200
70da6243 6201 if (powered) {
229ab39c
JH		 6202 if (powered_update_hci(hdev) == 0)
6203 return 0;
fe038884 6204
229ab39c
JH		 6205 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6206 &match);
6207 goto new_settings;
b24752fe
JH		 6208 }
6209
229ab39c 6210 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6211
6212 /* If the power off is because of hdev unregistration let
6213 * use the appropriate INVALID_INDEX status. Otherwise use
6214 * NOT_POWERED. We cover both scenarios here since later in
6215 * mgmt_index_removed() any hci_conn callbacks will have already
6216 * been triggered, potentially causing misleading DISCONNECTED
6217 * status responses.
6218 */
6219 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags))
6220 status = MGMT_STATUS_INVALID_INDEX;
6221 else
6222 status = MGMT_STATUS_NOT_POWERED;
6223
6224 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6225
6226 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6227 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6228 zero_cod, sizeof(zero_cod), NULL);
6229
6230new_settings:
beadb2bd 6231 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6232
6233 if (match.sk)
6234 sock_put(match.sk);
6235
7bb895d6 6236 return err;
5add6af8 6237}
73f22f62 6238
3eec705e 6239void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 6240{
6241 struct pending_cmd *cmd;
6242 u8 status;
6243
6244 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6245 if (!cmd)
3eec705e 6246 return;
96570ffc
JH		 6247
6248 if (err == -ERFKILL)
6249 status = MGMT_STATUS_RFKILLED;
6250 else
6251 status = MGMT_STATUS_FAILED;
6252
3eec705e 6253 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6254
6255 mgmt_pending_remove(cmd);
96570ffc
JH		 6256}
6257
d1967ff8
MH		 6258void mgmt_discoverable_timeout(struct hci_dev *hdev)
6259{
6260 struct hci_request req;
d1967ff8
MH		 6261
6262 hci_dev_lock(hdev);
6263
6264 /* When discoverable timeout triggers, then just make sure
6265 * the limited discoverable flag is cleared. Even in the case
6266 * of a timeout triggered from general discoverable, it is
6267 * safe to unconditionally clear the flag.
6268 */
6269 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 6270 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 6271
6272 hci_req_init(&req, hdev);
4b580614
JH		 6273 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6274 u8 scan = SCAN_PAGE;
6275 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6276 sizeof(scan), &scan);
6277 }
d1967ff8 6278 update_class(&req);
9a43e25f 6279 update_adv_data(&req);
d1967ff8
MH		 6280 hci_req_run(&req, NULL);
6281
6282 hdev->discov_timeout = 0;
6283
9a43e25f
JH		 6284 new_settings(hdev, NULL);
6285
d1967ff8
MH		 6286 hci_dev_unlock(hdev);
6287}
6288
dc4a5ee2
MH		 6289void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6290 bool persistent)
55ed8ca1 6291{
86742e1e 6292 struct mgmt_ev_new_link_key ev;
55ed8ca1 6293
a492cd52 6294 memset(&ev, 0, sizeof(ev));
55ed8ca1 6295
a492cd52 6296 ev.store_hint = persistent;
d753fdc4 6297 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6298 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6299 ev.key.type = key->type;
9b3b4460 6300 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6301 ev.key.pin_len = key->pin_len;
55ed8ca1 6302
dc4a5ee2 6303 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6304}
f7520543 6305
d7b25450
JH		 6306static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6307{
23fb8de3
JH		 6308 switch (ltk->type) {
6309 case SMP_LTK:
6310 case SMP_LTK_SLAVE:
6311 if (ltk->authenticated)
6312 return MGMT_LTK_AUTHENTICATED;
6313 return MGMT_LTK_UNAUTHENTICATED;
6314 case SMP_LTK_P256:
6315 if (ltk->authenticated)
6316 return MGMT_LTK_P256_AUTH;
6317 return MGMT_LTK_P256_UNAUTH;
6318 case SMP_LTK_P256_DEBUG:
6319 return MGMT_LTK_P256_DEBUG;
6320 }
d7b25450
JH		 6321
6322 return MGMT_LTK_UNAUTHENTICATED;
6323}
6324
53ac6ab6 6325void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6326{
6327 struct mgmt_ev_new_long_term_key ev;
6328
6329 memset(&ev, 0, sizeof(ev));
6330
5192d301
MH		 6331 /* Devices using resolvable or non-resolvable random addresses
6332 * without providing an indentity resolving key don't require
6333 * to store long term keys. Their addresses will change the
6334 * next time around.
6335 *
6336 * Only when a remote device provides an identity address
6337 * make sure the long term key is stored. If the remote
6338 * identity is known, the long term keys are internally
6339 * mapped to the identity address. So allow static random
6340 * and public addresses here.
6341 */
ba74b666
JH		 6342 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6343 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6344 ev.store_hint = 0x00;
6345 else
53ac6ab6 6346 ev.store_hint = persistent;
ba74b666 6347
346af67b 6348 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6349 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6350 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6351 ev.key.enc_size = key->enc_size;
6352 ev.key.ediv = key->ediv;
fe39c7b2 6353 ev.key.rand = key->rand;
346af67b 6354
2ceba539 6355 if (key->type == SMP_LTK)
346af67b
VCG		 6356 ev.key.master = 1;
6357
346af67b
VCG		 6358 memcpy(ev.key.val, key->val, sizeof(key->val));
6359
083368f7 6360 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6361}
6362
95fbac8a
JH		 6363void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6364{
6365 struct mgmt_ev_new_irk ev;
6366
6367 memset(&ev, 0, sizeof(ev));
6368
bab6d1e5
MH		 6369 /* For identity resolving keys from devices that are already
6370 * using a public address or static random address, do not
6371 * ask for storing this key. The identity resolving key really
6372 * is only mandatory for devices using resovlable random
6373 * addresses.
6374 *
6375 * Storing all identity resolving keys has the downside that
6376 * they will be also loaded on next boot of they system. More
6377 * identity resolving keys, means more time during scanning is
6378 * needed to actually resolve these addresses.
6379 */
6380 if (bacmp(&irk->rpa, BDADDR_ANY))
6381 ev.store_hint = 0x01;
6382 else
6383 ev.store_hint = 0x00;
6384
95fbac8a
JH		 6385 bacpy(&ev.rpa, &irk->rpa);
6386 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6387 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6388 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6389
6390 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6391}
6392
53ac6ab6
MH		 6393void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6394 bool persistent)
7ee4ea36
MH		 6395{
6396 struct mgmt_ev_new_csrk ev;
6397
6398 memset(&ev, 0, sizeof(ev));
6399
6400 /* Devices using resolvable or non-resolvable random addresses
6401 * without providing an indentity resolving key don't require
6402 * to store signature resolving keys. Their addresses will change
6403 * the next time around.
6404 *
6405 * Only when a remote device provides an identity address
6406 * make sure the signature resolving key is stored. So allow
6407 * static random and public addresses here.
6408 */
6409 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6410 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6411 ev.store_hint = 0x00;
6412 else
53ac6ab6 6413 ev.store_hint = persistent;
7ee4ea36
MH		 6414
6415 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6416 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6417 ev.key.master = csrk->master;
6418 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6419
6420 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6421}
6422
ffb5a827 6423void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6424 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6425 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6426{
6427 struct mgmt_ev_new_conn_param ev;
6428
c103aea6
JH		 6429 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6430 return;
6431
ffb5a827
AG		 6432 memset(&ev, 0, sizeof(ev));
6433 bacpy(&ev.addr.bdaddr, bdaddr);
6434 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6435 ev.store_hint = store_hint;
ffb5a827
AG		 6436 ev.min_interval = cpu_to_le16(min_interval);
6437 ev.max_interval = cpu_to_le16(max_interval);
6438 ev.latency = cpu_to_le16(latency);
6439 ev.timeout = cpu_to_le16(timeout);
6440
6441 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6442}
6443
94933991
MH		 6444static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6445 u8 data_len)
6446{
6447 eir[eir_len++] = sizeof(type) + data_len;
6448 eir[eir_len++] = type;
6449 memcpy(&eir[eir_len], data, data_len);
6450 eir_len += data_len;
6451
6452 return eir_len;
6453}
6454
48ec92fa
AA		 6455void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6456 u32 flags, u8 *name, u8 name_len)
f7520543 6457{
b644ba33
JH		 6458 char buf[512];
6459 struct mgmt_ev_device_connected *ev = (void *) buf;
6460 u16 eir_len = 0;
f7520543 6461
48ec92fa
AA		 6462 bacpy(&ev->addr.bdaddr, &conn->dst);
6463 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6464
c95f0ba7 6465 ev->flags = __cpu_to_le32(flags);
08c79b61 6466
fd45ada9
AA		 6467 /* We must ensure that the EIR Data fields are ordered and
6468 * unique. Keep it simple for now and avoid the problem by not
6469 * adding any BR/EDR data to the LE adv.
6470 */
6471 if (conn->le_adv_data_len > 0) {
6472 memcpy(&ev->eir[eir_len],
6473 conn->le_adv_data, conn->le_adv_data_len);
6474 eir_len = conn->le_adv_data_len;
6475 } else {
6476 if (name_len > 0)
6477 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6478 name, name_len);
b644ba33 6479
ddbea5cf 6480 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6481 eir_len = eir_append_data(ev->eir, eir_len,
6482 EIR_CLASS_OF_DEV,
6483 conn->dev_class, 3);
6484 }
b644ba33 6485
eb55ef07 6486 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6487
ecd90ae7
MH		 6488 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6489 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6490}
6491
8962ee74
JH		 6492static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6493{
8962ee74 6494 struct sock **sk = data;
8962ee74 6495
f5818c22 6496 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6497
6498 *sk = cmd->sk;
6499 sock_hold(*sk);
6500
a664b5bc 6501 mgmt_pending_remove(cmd);
8962ee74
JH		 6502}
6503
124f6e35 6504static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 6505{
b1078ad0 6506 struct hci_dev *hdev = data;
124f6e35 6507 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6508
b1078ad0
JH		 6509 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6510
d8b7b1e4 6511 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6512 mgmt_pending_remove(cmd);
6513}
6514
84c61d92
JH		 6515bool mgmt_powering_down(struct hci_dev *hdev)
6516{
6517 struct pending_cmd *cmd;
6518 struct mgmt_mode *cp;
6519
6520 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6521 if (!cmd)
6522 return false;
6523
6524 cp = cmd->param;
6525 if (!cp->val)
6526 return true;
6527
6528 return false;
6529}
6530
9b80ec5e 6531void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6532 u8 link_type, u8 addr_type, u8 reason,
6533 bool mgmt_connected)
f7520543 6534{
f0d6a0ea 6535 struct mgmt_ev_device_disconnected ev;
8962ee74 6536 struct sock *sk = NULL;
8962ee74 6537
84c61d92
JH		 6538 /* The connection is still in hci_conn_hash so test for 1
6539 * instead of 0 to know if this is the last one.
6540 */
6541 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6542 cancel_delayed_work(&hdev->power_off);
6543 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6544 }
6545
12d4a3b2
JH		 6546 if (!mgmt_connected)
6547 return;
6548
57eb776f
AG		 6549 if (link_type != ACL_LINK && link_type != LE_LINK)
6550 return;
6551
744cf19e 6552 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6553
f0d6a0ea
MA		 6554 bacpy(&ev.addr.bdaddr, bdaddr);
6555 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6556 ev.reason = reason;
f7520543 6557
9b80ec5e 6558 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6559
6560 if (sk)
d97dcb66 6561 sock_put(sk);
8962ee74 6562
124f6e35 6563 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6564 hdev);
8962ee74
JH		 6565}
6566
7892924c
MH		 6567void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6568 u8 link_type, u8 addr_type, u8 status)
8962ee74 6569{
3655bba8
AG		 6570 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6571 struct mgmt_cp_disconnect *cp;
8962ee74 6572 struct pending_cmd *cmd;
8962ee74 6573
36a75f1b
JD		 6574 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6575 hdev);
6576
2e58ef3e 6577 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6578 if (!cmd)
7892924c 6579 return;
8962ee74 6580
3655bba8
AG		 6581 cp = cmd->param;
6582
6583 if (bacmp(bdaddr, &cp->addr.bdaddr))
6584 return;
6585
6586 if (cp->addr.type != bdaddr_type)
6587 return;
6588
f5818c22 6589 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6590 mgmt_pending_remove(cmd);
f7520543 6591}
17d5c04c 6592
445608d0
MH		 6593void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6594 u8 addr_type, u8 status)
17d5c04c
JH		 6595{
6596 struct mgmt_ev_connect_failed ev;
c9910d0f 6597
84c61d92
JH		 6598 /* The connection is still in hci_conn_hash so test for 1
6599 * instead of 0 to know if this is the last one.
6600 */
6601 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6602 cancel_delayed_work(&hdev->power_off);
6603 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6604 }
17d5c04c 6605
4c659c39 6606 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6607 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6608 ev.status = mgmt_status(status);
17d5c04c 6609
445608d0 6610 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6611}
980e1a53 6612
ce0e4a0d 6613void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6614{
6615 struct mgmt_ev_pin_code_request ev;
6616
d8457698 6617 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6618 ev.addr.type = BDADDR_BREDR;
a770bb5a 6619 ev.secure = secure;
980e1a53 6620
ce0e4a0d 6621 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6622}
6623
e669cf80
MH		 6624void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6625 u8 status)
980e1a53
JH		 6626{
6627 struct pending_cmd *cmd;
980e1a53 6628
2e58ef3e 6629 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6630 if (!cmd)
e669cf80 6631 return;
980e1a53 6632
7776d1d8 6633 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6634 mgmt_pending_remove(cmd);
980e1a53
JH		 6635}
6636
3eb38528
MH		 6637void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6638 u8 status)
980e1a53
JH		 6639{
6640 struct pending_cmd *cmd;
980e1a53 6641
2e58ef3e 6642 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6643 if (!cmd)
3eb38528 6644 return;
980e1a53 6645
7776d1d8 6646 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6647 mgmt_pending_remove(cmd);
980e1a53 6648}
a5c29683 6649
744cf19e 6650int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6651 u8 link_type, u8 addr_type, u32 value,
04124681 6652 u8 confirm_hint)
a5c29683
JH		 6653{
6654 struct mgmt_ev_user_confirm_request ev;
6655
744cf19e 6656 BT_DBG("%s", hdev->name);
a5c29683 6657
272d90df 6658 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6659 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6660 ev.confirm_hint = confirm_hint;
39adbffe 6661 ev.value = cpu_to_le32(value);
a5c29683 6662
744cf19e 6663 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6664 NULL);
a5c29683
JH		 6665}
6666
272d90df 6667int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6668 u8 link_type, u8 addr_type)
604086b7
BG		 6669{
6670 struct mgmt_ev_user_passkey_request ev;
6671
6672 BT_DBG("%s", hdev->name);
6673
272d90df 6674 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6675 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6676
6677 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6678 NULL);
604086b7
BG		 6679}
6680
0df4c185 6681static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6682 u8 link_type, u8 addr_type, u8 status,
6683 u8 opcode)
a5c29683
JH		 6684{
6685 struct pending_cmd *cmd;
a5c29683 6686
2e58ef3e 6687 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6688 if (!cmd)
6689 return -ENOENT;
6690
7776d1d8 6691 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6692 mgmt_pending_remove(cmd);
a5c29683 6693
7776d1d8 6694 return 0;
a5c29683
JH		 6695}
6696
744cf19e 6697int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6698 u8 link_type, u8 addr_type, u8 status)
a5c29683 6699{
272d90df 6700 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6701 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6702}
6703
272d90df 6704int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6705 u8 link_type, u8 addr_type, u8 status)
a5c29683 6706{
272d90df 6707 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6708 status,
6709 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6710}
2a611692 6711
604086b7 6712int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6713 u8 link_type, u8 addr_type, u8 status)
604086b7 6714{
272d90df 6715 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6716 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6717}
6718
272d90df 6719int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6720 u8 link_type, u8 addr_type, u8 status)
604086b7 6721{
272d90df 6722 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6723 status,
6724 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6725}
6726
92a25256
JH		 6727int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6728 u8 link_type, u8 addr_type, u32 passkey,
6729 u8 entered)
6730{
6731 struct mgmt_ev_passkey_notify ev;
6732
6733 BT_DBG("%s", hdev->name);
6734
6735 bacpy(&ev.addr.bdaddr, bdaddr);
6736 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6737 ev.passkey = __cpu_to_le32(passkey);
6738 ev.entered = entered;
6739
6740 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6741}
6742
e1e930f5 6743void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 6744{
6745 struct mgmt_ev_auth_failed ev;
e1e930f5
JH		 6746 struct pending_cmd *cmd;
6747 u8 status = mgmt_status(hci_status);
2a611692 6748
e1e930f5
JH		 6749 bacpy(&ev.addr.bdaddr, &conn->dst);
6750 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6751 ev.status = status;
2a611692 6752
e1e930f5
JH		 6753 cmd = find_pairing(conn);
6754
6755 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
6756 cmd ? cmd->sk : NULL);
6757
a511b35b
JH		 6758 if (cmd) {
6759 cmd->cmd_complete(cmd, status);
6760 mgmt_pending_remove(cmd);
6761 }
2a611692 6762}
b312b161 6763
464996ae 6764void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6765{
6766 struct cmd_lookup match = { NULL, hdev };
464996ae 6767 bool changed;
33ef95ed
JH		 6768
6769 if (status) {
6770 u8 mgmt_err = mgmt_status(status);
6771 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6772 cmd_status_rsp, &mgmt_err);
464996ae 6773 return;
33ef95ed
JH		 6774 }
6775
464996ae
MH		 6776 if (test_bit(HCI_AUTH, &hdev->flags))
6777 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6778 &hdev->dev_flags);
6779 else
6780 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6781 &hdev->dev_flags);
47990ea0 6782
33ef95ed 6783 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6784 &match);
33ef95ed 6785
47990ea0 6786 if (changed)
464996ae 6787 new_settings(hdev, match.sk);
33ef95ed
JH		 6788
6789 if (match.sk)
6790 sock_put(match.sk);
33ef95ed
JH		 6791}
6792
890ea898 6793static void clear_eir(struct hci_request *req)
cacaf52f 6794{
890ea898 6795 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6796 struct hci_cp_write_eir cp;
6797
976eb20e 6798 if (!lmp_ext_inq_capable(hdev))
890ea898 6799 return;
cacaf52f 6800
c80da27e
JH		 6801 memset(hdev->eir, 0, sizeof(hdev->eir));
6802
cacaf52f
JH		 6803 memset(&cp, 0, sizeof(cp));
6804
890ea898 6805 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6806}
6807
3e248560 6808void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6809{
6810 struct cmd_lookup match = { NULL, hdev };
890ea898 6811 struct hci_request req;
c0ecddc2 6812 bool changed = false;
ed2c4ee3
JH		 6813
6814 if (status) {
6815 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6816
6817 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6818 &hdev->dev_flags)) {
6819 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6820 new_settings(hdev, NULL);
9ecb3e24 6821 }
c0ecddc2 6822
04124681
GP		 6823 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6824 &mgmt_err);
3e248560 6825 return;
c0ecddc2
JH		 6826 }
6827
6828 if (enable) {
9ecb3e24 6829 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6830 } else {
9ecb3e24
MH		 6831 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6832 if (!changed)
6833 changed = test_and_clear_bit(HCI_HS_ENABLED,
6834 &hdev->dev_flags);
6835 else
6836 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6837 }
6838
6839 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6840
c0ecddc2 6841 if (changed)
3e248560 6842 new_settings(hdev, match.sk);
ed2c4ee3 6843
5fc6ebb1 6844 if (match.sk)
ed2c4ee3
JH		 6845 sock_put(match.sk);
6846
890ea898
JH		 6847 hci_req_init(&req, hdev);
6848
3769972b
JH		 6849 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6850 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6851 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6852 sizeof(enable), &enable);
890ea898 6853 update_eir(&req);
3769972b 6854 } else {
890ea898 6855 clear_eir(&req);
3769972b 6856 }
890ea898
JH		 6857
6858 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6859}
6860
eac83dc6
MH		 6861void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6862{
6863 struct cmd_lookup match = { NULL, hdev };
6864 bool changed = false;
6865
6866 if (status) {
6867 u8 mgmt_err = mgmt_status(status);
6868
0ab04a9c
MH		 6869 if (enable) {
6870 if (test_and_clear_bit(HCI_SC_ENABLED,
6871 &hdev->dev_flags))
6872 new_settings(hdev, NULL);
6873 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6874 }
eac83dc6
MH		 6875
6876 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6877 cmd_status_rsp, &mgmt_err);
6878 return;
6879 }
6880
0ab04a9c 6881 if (enable) {
eac83dc6 6882 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6883 } else {
eac83dc6 6884 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6885 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6886 }
eac83dc6
MH		 6887
6888 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6889 settings_rsp, &match);
6890
6891 if (changed)
6892 new_settings(hdev, match.sk);
6893
6894 if (match.sk)
6895 sock_put(match.sk);
6896}
6897
92da6097 6898static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6899{
6900 struct cmd_lookup *match = data;
6901
90e70454
JH		 6902 if (match->sk == NULL) {
6903 match->sk = cmd->sk;
6904 sock_hold(match->sk);
6905 }
90e70454
JH		 6906}
6907
4e1b0245
MH		 6908void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6909 u8 status)
7f9a903c 6910{
90e70454 6911 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6912
92da6097
JH		 6913 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6914 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6915 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6916
6917 if (!status)
4e1b0245
MH		 6918 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6919 NULL);
90e70454
JH		 6920
6921 if (match.sk)
6922 sock_put(match.sk);
7f9a903c
MH		 6923}
6924
7667da34 6925void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6926{
b312b161 6927 struct mgmt_cp_set_local_name ev;
13928971 6928 struct pending_cmd *cmd;
28cc7bde 6929
13928971 6930 if (status)
7667da34 6931 return;
b312b161
JH		 6932
6933 memset(&ev, 0, sizeof(ev));
6934 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6935 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6936
2e58ef3e 6937 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6938 if (!cmd) {
6939 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6940
13928971
JH		 6941 /* If this is a HCI command related to powering on the
6942 * HCI dev don't send any mgmt signals.
6943 */
6944 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6945 return;
890ea898 6946 }
b312b161 6947
7667da34
MH		 6948 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6949 cmd ? cmd->sk : NULL);
b312b161 6950}
c35938b2 6951
4d2d2796 6952void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 6953 u8 *rand192, u8 *hash256, u8 *rand256,
6954 u8 status)
c35938b2
SJ		 6955{
6956 struct pending_cmd *cmd;
c35938b2 6957
744cf19e 6958 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6959
2e58ef3e 6960 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6961 if (!cmd)
3edaf092 6962 return;
c35938b2
SJ		 6963
6964 if (status) {
3edaf092
MH		 6965 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6966 mgmt_status(status));
c35938b2 6967 } else {
710f11c0 6968 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796
MH		 6969 struct mgmt_rp_read_local_oob_ext_data rp;
6970
6971 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
38da1703 6972 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 6973
4d2d2796 6974 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 6975 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
c35938b2 6976
4d2d2796
MH		 6977 cmd_complete(cmd->sk, hdev->id,
6978 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6979 &rp, sizeof(rp));
6980 } else {
6981 struct mgmt_rp_read_local_oob_data rp;
6982
6983 memcpy(rp.hash, hash192, sizeof(rp.hash));
38da1703 6984 memcpy(rp.rand, rand192, sizeof(rp.rand));
4d2d2796
MH		 6985
6986 cmd_complete(cmd->sk, hdev->id,
6987 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6988 &rp, sizeof(rp));
6989 }
c35938b2
SJ		 6990 }
6991
6992 mgmt_pending_remove(cmd);
c35938b2 6993}
e17acd40 6994
799ce93d
JP		 6995static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
6996{
6997 int i;
6998
6999 for (i = 0; i < uuid_count; i++) {
7000 if (!memcmp(uuid, uuids[i], 16))
7001 return true;
7002 }
7003
7004 return false;
7005}
7006
b487b9ce
MH		 7007static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7008{
799ce93d
JP		 7009 u16 parsed = 0;
7010
7011 while (parsed < eir_len) {
7012 u8 field_len = eir[0];
7013 u8 uuid[16];
7014 int i;
7015
7016 if (field_len == 0)
7017 break;
7018
7019 if (eir_len - parsed < field_len + 1)
7020 break;
7021
7022 switch (eir[1]) {
7023 case EIR_UUID16_ALL:
7024 case EIR_UUID16_SOME:
7025 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7026 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7027 uuid[13] = eir[i + 3];
7028 uuid[12] = eir[i + 2];
7029 if (has_uuid(uuid, uuid_count, uuids))
7030 return true;
7031 }
7032 break;
7033 case EIR_UUID32_ALL:
7034 case EIR_UUID32_SOME:
7035 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7036 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7037 uuid[15] = eir[i + 5];
7038 uuid[14] = eir[i + 4];
7039 uuid[13] = eir[i + 3];
7040 uuid[12] = eir[i + 2];
7041 if (has_uuid(uuid, uuid_count, uuids))
7042 return true;
7043 }
7044 break;
7045 case EIR_UUID128_ALL:
7046 case EIR_UUID128_SOME:
7047 for (i = 0; i + 17 <= field_len; i += 16) {
7048 memcpy(uuid, eir + i + 2, 16);
7049 if (has_uuid(uuid, uuid_count, uuids))
7050 return true;
7051 }
7052 break;
7053 }
7054
7055 parsed += field_len + 1;
7056 eir += field_len + 1;
7057 }
7058
b487b9ce
MH		 7059 return false;
7060}
7061
901801b9 7062void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 7063 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7064 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7065{
e319d2e7
JH		 7066 char buf[512];
7067 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 7068 size_t ev_size;
b487b9ce 7069 bool match;
e17acd40 7070
75ce208c
JH		 7071 /* Don't send events for a non-kernel initiated discovery. With
7072 * LE one exception is if we have pend_le_reports > 0 in which
7073 * case we're doing passive scanning and want these events.
7074 */
7075 if (!hci_discovery_active(hdev)) {
7076 if (link_type == ACL_LINK)
7077 return;
66f8455a 7078 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
75ce208c
JH		 7079 return;
7080 }
12602d0c 7081
bda157a4
MH		 7082 /* When using service discovery with a RSSI threshold, then check
7083 * if such a RSSI threshold is specified. If a RSSI threshold has
7084 * been specified, then all results with a RSSI smaller than the
7085 * RSSI threshold will be dropped.
efb2513f
MH		 7086 *
7087 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7088 * the results are also dropped.
bda157a4
MH		 7089 */
7090 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
efb2513f 7091 (rssi < hdev->discovery.rssi || rssi == HCI_RSSI_INVALID))
bda157a4
MH		 7092 return;
7093
5d2e9fad
JH		 7094 /* Make sure that the buffer is big enough. The 5 extra bytes
7095 * are for the potential CoD field.
7096 */
7097 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 7098 return;
7d262f86 7099
1dc06093
JH		 7100 memset(buf, 0, sizeof(buf));
7101
da25cf6a
MH		 7102 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7103 * RSSI value was reported as 0 when not available. This behavior
7104 * is kept when using device discovery. This is required for full
7105 * backwards compatibility with the API.
7106 *
7107 * However when using service discovery, the value 127 will be
7108 * returned when the RSSI is not available.
7109 */
7110 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi)
efb2513f
MH		 7111 rssi = 0;
7112
841c5644
JH		 7113 bacpy(&ev->addr.bdaddr, bdaddr);
7114 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 7115 ev->rssi = rssi;
af58925c 7116 ev->flags = cpu_to_le32(flags);
e17acd40 7117
b487b9ce
MH		 7118 if (eir_len > 0) {
7119 /* When using service discovery and a list of UUID is
7120 * provided, results with no matching UUID should be
7121 * dropped. In case there is a match the result is
7122 * kept and checking possible scan response data
7123 * will be skipped.
7124 */
ea8ae251 7125 if (hdev->discovery.uuid_count > 0)
b487b9ce
MH		 7126 match = eir_has_uuids(eir, eir_len,
7127 hdev->discovery.uuid_count,
7128 hdev->discovery.uuids);
ea8ae251
MH		 7129 else
7130 match = true;
7131
7132 if (!match && !scan_rsp_len)
7133 return;
b487b9ce
MH		 7134
7135 /* Copy EIR or advertising data into event */
e319d2e7 7136 memcpy(ev->eir, eir, eir_len);
b487b9ce
MH		 7137 } else {
7138 /* When using service discovery and a list of UUID is
7139 * provided, results with empty EIR or advertising data
7140 * should be dropped since they do not match any UUID.
7141 */
ea8ae251 7142 if (hdev->discovery.uuid_count > 0 && !scan_rsp_len)
b487b9ce 7143 return;
ea8ae251
MH		 7144
7145 match = false;
b487b9ce 7146 }
e17acd40 7147
1dc06093
JH		 7148 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7149 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 7150 dev_class, 3);
1dc06093 7151
b487b9ce
MH		 7152 if (scan_rsp_len > 0) {
7153 /* When using service discovery and a list of UUID is
7154 * provided, results with no matching UUID should be
7155 * dropped if there is no previous match from the
7156 * advertising data.
7157 */
7158 if (hdev->discovery.uuid_count > 0) {
7159 if (!match && !eir_has_uuids(scan_rsp, scan_rsp_len,
7160 hdev->discovery.uuid_count,
7161 hdev->discovery.uuids))
7162 return;
7163 }
7164
7165 /* Append scan response data to event */
5d2e9fad 7166 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
b487b9ce
MH		 7167 } else {
7168 /* When using service discovery and a list of UUID is
7169 * provided, results with empty scan response and no
7170 * previous matched advertising data should be dropped.
7171 */
7172 if (hdev->discovery.uuid_count > 0 && !match)
7173 return;
7174 }
5d2e9fad
JH		 7175
7176 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7177 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7178
901801b9 7179 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7180}
a88a9652 7181
9cf12aee
MH		 7182void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7183 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7184{
b644ba33
JH		 7185 struct mgmt_ev_device_found *ev;
7186 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7187 u16 eir_len;
a88a9652 7188
b644ba33 7189 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7190
b644ba33
JH		 7191 memset(buf, 0, sizeof(buf));
7192
7193 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7194 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7195 ev->rssi = rssi;
7196
7197 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7198 name_len);
b644ba33 7199
eb55ef07 7200 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7201
9cf12aee 7202 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7203}
314b2381 7204
2f1e063b 7205void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7206{
f963e8e9 7207 struct mgmt_ev_discovering ev;
164a6e78 7208
343fb145
AG		 7209 BT_DBG("%s discovering %u", hdev->name, discovering);
7210
f963e8e9
JH		 7211 memset(&ev, 0, sizeof(ev));
7212 ev.type = hdev->discovery.type;
7213 ev.discovering = discovering;
7214
2f1e063b 7215 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7216}
5e762444 7217
5976e608
MH		 7218static void adv_enable_complete(struct hci_dev *hdev, u8 status)
7219{
7220 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 7221}
7222
7223void mgmt_reenable_advertising(struct hci_dev *hdev)
7224{
7225 struct hci_request req;
7226
5976e608
MH		 7227 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
7228 return;
7229
7230 hci_req_init(&req, hdev);
7231 enable_advertising(&req);
0ec5ae84 7232 hci_req_run(&req, adv_enable_complete);
5976e608 7233}
Linux kernel - Deliverables
This page took 0.89013 seconds and 5 git commands to generate.