projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add function for generating LE SC out-of-band data
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
0381101f 38
2da9c55c 39#define MGMT_VERSION 1
beb1c21b 40#define MGMT_REVISION 9
02d98129 41
e70bb2e8
JH		 42static const u16 mgmt_commands[] = {
43 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_READ_INFO,
45 MGMT_OP_SET_POWERED,
46 MGMT_OP_SET_DISCOVERABLE,
47 MGMT_OP_SET_CONNECTABLE,
48 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 49 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 50 MGMT_OP_SET_LINK_SECURITY,
51 MGMT_OP_SET_SSP,
52 MGMT_OP_SET_HS,
53 MGMT_OP_SET_LE,
54 MGMT_OP_SET_DEV_CLASS,
55 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_ADD_UUID,
57 MGMT_OP_REMOVE_UUID,
58 MGMT_OP_LOAD_LINK_KEYS,
59 MGMT_OP_LOAD_LONG_TERM_KEYS,
60 MGMT_OP_DISCONNECT,
61 MGMT_OP_GET_CONNECTIONS,
62 MGMT_OP_PIN_CODE_REPLY,
63 MGMT_OP_PIN_CODE_NEG_REPLY,
64 MGMT_OP_SET_IO_CAPABILITY,
65 MGMT_OP_PAIR_DEVICE,
66 MGMT_OP_CANCEL_PAIR_DEVICE,
67 MGMT_OP_UNPAIR_DEVICE,
68 MGMT_OP_USER_CONFIRM_REPLY,
69 MGMT_OP_USER_CONFIRM_NEG_REPLY,
70 MGMT_OP_USER_PASSKEY_REPLY,
71 MGMT_OP_USER_PASSKEY_NEG_REPLY,
72 MGMT_OP_READ_LOCAL_OOB_DATA,
73 MGMT_OP_ADD_REMOTE_OOB_DATA,
74 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
75 MGMT_OP_START_DISCOVERY,
76 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_CONFIRM_NAME,
78 MGMT_OP_BLOCK_DEVICE,
79 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 80 MGMT_OP_SET_DEVICE_ID,
4375f103 81 MGMT_OP_SET_ADVERTISING,
0663ca2a 82 MGMT_OP_SET_BREDR,
d13eafce 83 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 84 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 85 MGMT_OP_SET_SECURE_CONN,
4e39ac81 86 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 87 MGMT_OP_SET_PRIVACY,
41edf160 88 MGMT_OP_LOAD_IRKS,
dd983808 89 MGMT_OP_GET_CONN_INFO,
95868426 90 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 91 MGMT_OP_ADD_DEVICE,
92 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 93 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 94 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 95 MGMT_OP_READ_CONFIG_INFO,
dbece37a 96 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 97 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 98 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 99 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 100 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 101 MGMT_OP_READ_ADV_FEATURES,
e70bb2e8
JH		 102};
103
104static const u16 mgmt_events[] = {
105 MGMT_EV_CONTROLLER_ERROR,
106 MGMT_EV_INDEX_ADDED,
107 MGMT_EV_INDEX_REMOVED,
108 MGMT_EV_NEW_SETTINGS,
109 MGMT_EV_CLASS_OF_DEV_CHANGED,
110 MGMT_EV_LOCAL_NAME_CHANGED,
111 MGMT_EV_NEW_LINK_KEY,
112 MGMT_EV_NEW_LONG_TERM_KEY,
113 MGMT_EV_DEVICE_CONNECTED,
114 MGMT_EV_DEVICE_DISCONNECTED,
115 MGMT_EV_CONNECT_FAILED,
116 MGMT_EV_PIN_CODE_REQUEST,
117 MGMT_EV_USER_CONFIRM_REQUEST,
118 MGMT_EV_USER_PASSKEY_REQUEST,
119 MGMT_EV_AUTH_FAILED,
120 MGMT_EV_DEVICE_FOUND,
121 MGMT_EV_DISCOVERING,
122 MGMT_EV_DEVICE_BLOCKED,
123 MGMT_EV_DEVICE_UNBLOCKED,
124 MGMT_EV_DEVICE_UNPAIRED,
92a25256 125 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 126 MGMT_EV_NEW_IRK,
7ee4ea36 127 MGMT_EV_NEW_CSRK,
8afef092
MH		 128 MGMT_EV_DEVICE_ADDED,
129 MGMT_EV_DEVICE_REMOVED,
ffb5a827 130 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 131 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 132 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 133 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 134 MGMT_EV_EXT_INDEX_ADDED,
135 MGMT_EV_EXT_INDEX_REMOVED,
e70bb2e8
JH		 136};
137
17b02e62 138#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 139
d25b78e2
JH		 140#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
141 "\x00\x00\x00\x00\x00\x00\x00\x00"
142
3b0602cd 143struct mgmt_pending_cmd {
eec8d2bc 144 struct list_head list;
fc2f4b13 145 u16 opcode;
eec8d2bc 146 int index;
c68fb7ff 147 void *param;
323b0b88 148 size_t param_len;
eec8d2bc 149 struct sock *sk;
e9a416b5 150 void *user_data;
3b0602cd 151 int (*cmd_complete)(struct mgmt_pending_cmd *cmd, u8 status);
eec8d2bc
JH		 152};
153
ca69b795
JH		 154/* HCI to MGMT error code conversion table */
155static u8 mgmt_status_table[] = {
156 MGMT_STATUS_SUCCESS,
157 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
158 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
159 MGMT_STATUS_FAILED, /* Hardware Failure */
160 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
161 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 162 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 163 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
164 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
165 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
166 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
167 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
168 MGMT_STATUS_BUSY, /* Command Disallowed */
169 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
170 MGMT_STATUS_REJECTED, /* Rejected Security */
171 MGMT_STATUS_REJECTED, /* Rejected Personal */
172 MGMT_STATUS_TIMEOUT, /* Host Timeout */
173 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
174 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
175 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
176 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
177 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
178 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
179 MGMT_STATUS_BUSY, /* Repeated Attempts */
180 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
181 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
182 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
183 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
184 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
185 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
186 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
187 MGMT_STATUS_FAILED, /* Unspecified Error */
188 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
189 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
190 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
191 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
192 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
193 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
194 MGMT_STATUS_FAILED, /* Unit Link Key Used */
195 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
196 MGMT_STATUS_TIMEOUT, /* Instant Passed */
197 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
198 MGMT_STATUS_FAILED, /* Transaction Collision */
199 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
200 MGMT_STATUS_REJECTED, /* QoS Rejected */
201 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
202 MGMT_STATUS_REJECTED, /* Insufficient Security */
203 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
204 MGMT_STATUS_BUSY, /* Role Switch Pending */
205 MGMT_STATUS_FAILED, /* Slot Violation */
206 MGMT_STATUS_FAILED, /* Role Switch Failed */
207 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
208 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
209 MGMT_STATUS_BUSY, /* Host Busy Pairing */
210 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
211 MGMT_STATUS_BUSY, /* Controller Busy */
212 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
213 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
214 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
215 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
216 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
217};
218
219static u8 mgmt_status(u8 hci_status)
220{
221 if (hci_status < ARRAY_SIZE(mgmt_status_table))
222 return mgmt_status_table[hci_status];
223
224 return MGMT_STATUS_FAILED;
225}
226
7a00ff44
JH		 227static int mgmt_send_event(u16 event, struct hci_dev *hdev,
228 unsigned short channel, void *data, u16 data_len,
c08b1a1d 229 int flag, struct sock *skip_sk)
04c60f05
MH		 230{
231 struct sk_buff *skb;
232 struct mgmt_hdr *hdr;
233
234 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
235 if (!skb)
236 return -ENOMEM;
237
238 hdr = (void *) skb_put(skb, sizeof(*hdr));
239 hdr->opcode = cpu_to_le16(event);
240 if (hdev)
241 hdr->index = cpu_to_le16(hdev->id);
242 else
243 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
244 hdr->len = cpu_to_le16(data_len);
245
246 if (data)
247 memcpy(skb_put(skb, data_len), data, data_len);
248
249 /* Time stamp */
250 __net_timestamp(skb);
251
c08b1a1d 252 hci_send_to_channel(channel, skb, flag, skip_sk);
04c60f05
MH		 253 kfree_skb(skb);
254
255 return 0;
256}
257
c08b1a1d
MH		 258static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
259 u16 len, int flag)
f9207338 260{
c08b1a1d
MH		 261 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
262 flag, NULL);
f9207338
MH		 263}
264
f6b7712e
MH		 265static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
266 u16 len, struct sock *skip_sk)
267{
268 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
269 HCI_MGMT_GENERIC_EVENTS, skip_sk);
270}
271
7a00ff44
JH		 272static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
273 struct sock *skip_sk)
274{
275 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 276 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 277}
278
a69e8375 279static int mgmt_cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 280{
281 struct sk_buff *skb;
282 struct mgmt_hdr *hdr;
283 struct mgmt_ev_cmd_status *ev;
56b7d137 284 int err;
f7b64e69 285
34eb525c 286 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 287
790eff44 288 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 289 if (!skb)
290 return -ENOMEM;
291
292 hdr = (void *) skb_put(skb, sizeof(*hdr));
293
dcf4adbf 294 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 295 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 296 hdr->len = cpu_to_le16(sizeof(*ev));
297
298 ev = (void *) skb_put(skb, sizeof(*ev));
299 ev->status = status;
eb55ef07 300 ev->opcode = cpu_to_le16(cmd);
f7b64e69 301
56b7d137
GP		 302 err = sock_queue_rcv_skb(sk, skb);
303 if (err < 0)
f7b64e69
JH		 304 kfree_skb(skb);
305
56b7d137 306 return err;
f7b64e69
JH		 307}
308
2a1afb5a
JH		 309static int mgmt_cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
310 void *rp, size_t rp_len)
02d98129
JH		 311{
312 struct sk_buff *skb;
313 struct mgmt_hdr *hdr;
314 struct mgmt_ev_cmd_complete *ev;
56b7d137 315 int err;
02d98129
JH		 316
317 BT_DBG("sock %p", sk);
318
790eff44 319 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 320 if (!skb)
321 return -ENOMEM;
322
323 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 324
dcf4adbf 325 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 326 hdr->index = cpu_to_le16(index);
a38528f1 327 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 328
a38528f1 329 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 330 ev->opcode = cpu_to_le16(cmd);
aee9b218 331 ev->status = status;
8020c16a
SJ		 332
333 if (rp)
334 memcpy(ev->data, rp, rp_len);
02d98129 335
56b7d137
GP		 336 err = sock_queue_rcv_skb(sk, skb);
337 if (err < 0)
02d98129
JH		 338 kfree_skb(skb);
339
e5f0e151 340 return err;
02d98129
JH		 341}
342
04124681
GP		 343static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
344 u16 data_len)
a38528f1
JH		 345{
346 struct mgmt_rp_read_version rp;
347
348 BT_DBG("sock %p", sk);
349
350 rp.version = MGMT_VERSION;
dcf4adbf 351 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 352
2a1afb5a
JH		 353 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
354 &rp, sizeof(rp));
a38528f1
JH		 355}
356
04124681
GP		 357static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
358 u16 data_len)
e70bb2e8
JH		 359{
360 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 361 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
362 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 363 __le16 *opcode;
e70bb2e8
JH		 364 size_t rp_size;
365 int i, err;
366
367 BT_DBG("sock %p", sk);
368
369 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
370
371 rp = kmalloc(rp_size, GFP_KERNEL);
372 if (!rp)
373 return -ENOMEM;
374
dcf4adbf
JP		 375 rp->num_commands = cpu_to_le16(num_commands);
376 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 377
378 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
379 put_unaligned_le16(mgmt_commands[i], opcode);
380
381 for (i = 0; i < num_events; i++, opcode++)
382 put_unaligned_le16(mgmt_events[i], opcode);
383
2a1afb5a
JH		 384 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
385 rp, rp_size);
e70bb2e8
JH		 386 kfree(rp);
387
388 return err;
389}
390
04124681
GP		 391static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
392 u16 data_len)
faba42eb 393{
faba42eb 394 struct mgmt_rp_read_index_list *rp;
8035ded4 395 struct hci_dev *d;
a38528f1 396 size_t rp_len;
faba42eb 397 u16 count;
476e44cb 398 int err;
faba42eb
JH		 399
400 BT_DBG("sock %p", sk);
401
402 read_lock(&hci_dev_list_lock);
403
404 count = 0;
bb4b2a9a 405 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 406 if (d->dev_type == HCI_BREDR &&
d7a5a11d 407 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 408 count++;
faba42eb
JH		 409 }
410
a38528f1
JH		 411 rp_len = sizeof(*rp) + (2 * count);
412 rp = kmalloc(rp_len, GFP_ATOMIC);
413 if (!rp) {
b2c60d42 414 read_unlock(&hci_dev_list_lock);
faba42eb 415 return -ENOMEM;
b2c60d42 416 }
faba42eb 417
476e44cb 418 count = 0;
8035ded4 419 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 420 if (hci_dev_test_flag(d, HCI_SETUP) ||
421 hci_dev_test_flag(d, HCI_CONFIG) ||
422 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 423 continue;
424
73d1df2a
MH		 425 /* Devices marked as raw-only are neither configured
426 * nor unconfigured controllers.
427 */
428 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 429 continue;
430
73d1df2a 431 if (d->dev_type == HCI_BREDR &&
d7a5a11d 432 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 433 rp->index[count++] = cpu_to_le16(d->id);
434 BT_DBG("Added hci%u", d->id);
435 }
faba42eb
JH		 436 }
437
476e44cb
JH		 438 rp->num_controllers = cpu_to_le16(count);
439 rp_len = sizeof(*rp) + (2 * count);
440
faba42eb
JH		 441 read_unlock(&hci_dev_list_lock);
442
2a1afb5a
JH		 443 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
444 0, rp, rp_len);
faba42eb 445
a38528f1
JH		 446 kfree(rp);
447
448 return err;
faba42eb
JH		 449}
450
73d1df2a
MH		 451static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
452 void *data, u16 data_len)
453{
454 struct mgmt_rp_read_unconf_index_list *rp;
455 struct hci_dev *d;
456 size_t rp_len;
457 u16 count;
458 int err;
459
460 BT_DBG("sock %p", sk);
461
462 read_lock(&hci_dev_list_lock);
463
464 count = 0;
465 list_for_each_entry(d, &hci_dev_list, list) {
466 if (d->dev_type == HCI_BREDR &&
d7a5a11d 467 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 468 count++;
469 }
470
471 rp_len = sizeof(*rp) + (2 * count);
472 rp = kmalloc(rp_len, GFP_ATOMIC);
473 if (!rp) {
474 read_unlock(&hci_dev_list_lock);
475 return -ENOMEM;
476 }
477
478 count = 0;
479 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 480 if (hci_dev_test_flag(d, HCI_SETUP) ||
481 hci_dev_test_flag(d, HCI_CONFIG) ||
482 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 483 continue;
484
485 /* Devices marked as raw-only are neither configured
486 * nor unconfigured controllers.
487 */
488 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
489 continue;
490
491 if (d->dev_type == HCI_BREDR &&
d7a5a11d 492 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 493 rp->index[count++] = cpu_to_le16(d->id);
494 BT_DBG("Added hci%u", d->id);
495 }
496 }
497
498 rp->num_controllers = cpu_to_le16(count);
499 rp_len = sizeof(*rp) + (2 * count);
500
501 read_unlock(&hci_dev_list_lock);
502
2a1afb5a
JH		 503 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
504 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 505
506 kfree(rp);
507
508 return err;
509}
510
96f1474a
MH		 511static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
512 void *data, u16 data_len)
513{
514 struct mgmt_rp_read_ext_index_list *rp;
515 struct hci_dev *d;
516 size_t rp_len;
517 u16 count;
518 int err;
519
520 BT_DBG("sock %p", sk);
521
522 read_lock(&hci_dev_list_lock);
523
524 count = 0;
525 list_for_each_entry(d, &hci_dev_list, list) {
526 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
527 count++;
528 }
529
530 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
531 rp = kmalloc(rp_len, GFP_ATOMIC);
532 if (!rp) {
533 read_unlock(&hci_dev_list_lock);
534 return -ENOMEM;
535 }
536
537 count = 0;
538 list_for_each_entry(d, &hci_dev_list, list) {
539 if (hci_dev_test_flag(d, HCI_SETUP) ||
540 hci_dev_test_flag(d, HCI_CONFIG) ||
541 hci_dev_test_flag(d, HCI_USER_CHANNEL))
542 continue;
543
544 /* Devices marked as raw-only are neither configured
545 * nor unconfigured controllers.
546 */
547 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
548 continue;
549
550 if (d->dev_type == HCI_BREDR) {
551 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
552 rp->entry[count].type = 0x01;
553 else
554 rp->entry[count].type = 0x00;
555 } else if (d->dev_type == HCI_AMP) {
556 rp->entry[count].type = 0x02;
557 } else {
558 continue;
559 }
560
561 rp->entry[count].bus = d->bus;
562 rp->entry[count++].index = cpu_to_le16(d->id);
563 BT_DBG("Added hci%u", d->id);
564 }
565
566 rp->num_controllers = cpu_to_le16(count);
567 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
568
569 read_unlock(&hci_dev_list_lock);
570
571 /* If this command is called at least once, then all the
572 * default index and unconfigured index events are disabled
573 * and from now on only extended index events are used.
574 */
575 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
576 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
577 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
578
579 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
580 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
581
582 kfree(rp);
583
584 return err;
585}
586
dbece37a
MH		 587static bool is_configured(struct hci_dev *hdev)
588{
589 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 590 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 591 return false;
592
593 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
594 !bacmp(&hdev->public_addr, BDADDR_ANY))
595 return false;
596
597 return true;
598}
599
89bc22d2
MH		 600static __le32 get_missing_options(struct hci_dev *hdev)
601{
602 u32 options = 0;
603
dbece37a 604 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 605 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 606 options |= MGMT_OPTION_EXTERNAL_CONFIG;
607
89bc22d2
MH		 608 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
609 !bacmp(&hdev->public_addr, BDADDR_ANY))
610 options |= MGMT_OPTION_PUBLIC_ADDRESS;
611
612 return cpu_to_le32(options);
613}
614
f4537c04
MH		 615static int new_options(struct hci_dev *hdev, struct sock *skip)
616{
617 __le32 options = get_missing_options(hdev);
618
f6b7712e
MH		 619 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
620 sizeof(options), skip);
f4537c04
MH		 621}
622
dbece37a
MH		 623static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
624{
625 __le32 options = get_missing_options(hdev);
626
2a1afb5a
JH		 627 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
628 sizeof(options));
dbece37a
MH		 629}
630
9fc3bfb6
MH		 631static int read_config_info(struct sock *sk, struct hci_dev *hdev,
632 void *data, u16 data_len)
633{
634 struct mgmt_rp_read_config_info rp;
89bc22d2 635 u32 options = 0;
9fc3bfb6
MH		 636
637 BT_DBG("sock %p %s", sk, hdev->name);
638
639 hci_dev_lock(hdev);
640
641 memset(&rp, 0, sizeof(rp));
642 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 643
eb1904f4
MH		 644 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
645 options |= MGMT_OPTION_EXTERNAL_CONFIG;
646
9fc3bfb6 647 if (hdev->set_bdaddr)
89bc22d2
MH		 648 options |= MGMT_OPTION_PUBLIC_ADDRESS;
649
650 rp.supported_options = cpu_to_le32(options);
651 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 652
653 hci_dev_unlock(hdev);
654
2a1afb5a
JH		 655 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
656 &rp, sizeof(rp));
9fc3bfb6
MH		 657}
658
69ab39ea
JH		 659static u32 get_supported_settings(struct hci_dev *hdev)
660{
661 u32 settings = 0;
662
663 settings |= MGMT_SETTING_POWERED;
b2939475 664 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 665 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 666 settings |= MGMT_SETTING_CONNECTABLE;
667 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 668
ed3fa31f 669 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 670 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
671 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 672 settings |= MGMT_SETTING_BREDR;
673 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 674
675 if (lmp_ssp_capable(hdev)) {
676 settings |= MGMT_SETTING_SSP;
677 settings |= MGMT_SETTING_HS;
678 }
e98d2ce2 679
05b3c3e7 680 if (lmp_sc_capable(hdev))
e98d2ce2 681 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 682 }
d7b7e796 683
eeca6f89 684 if (lmp_le_capable(hdev)) {
9d42820f 685 settings |= MGMT_SETTING_LE;
eeca6f89 686 settings |= MGMT_SETTING_ADVERTISING;
a3209694 687 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 688 settings |= MGMT_SETTING_PRIVACY;
93690c22 689 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 690 }
69ab39ea 691
eb1904f4
MH		 692 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
693 hdev->set_bdaddr)
9fc3bfb6
MH		 694 settings |= MGMT_SETTING_CONFIGURATION;
695
69ab39ea
JH		 696 return settings;
697}
698
699static u32 get_current_settings(struct hci_dev *hdev)
700{
701 u32 settings = 0;
702
f1f0eb02 703 if (hdev_is_powered(hdev))
f0d4b78a
MH		 704 settings |= MGMT_SETTING_POWERED;
705
d7a5a11d 706 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 707 settings |= MGMT_SETTING_CONNECTABLE;
708
d7a5a11d 709 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 710 settings |= MGMT_SETTING_FAST_CONNECTABLE;
711
d7a5a11d 712 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 713 settings |= MGMT_SETTING_DISCOVERABLE;
714
d7a5a11d 715 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 716 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 717
d7a5a11d 718 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 719 settings |= MGMT_SETTING_BREDR;
720
d7a5a11d 721 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 722 settings |= MGMT_SETTING_LE;
723
d7a5a11d 724 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 725 settings |= MGMT_SETTING_LINK_SECURITY;
726
d7a5a11d 727 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 728 settings |= MGMT_SETTING_SSP;
729
d7a5a11d 730 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 731 settings |= MGMT_SETTING_HS;
732
d7a5a11d 733 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 734 settings |= MGMT_SETTING_ADVERTISING;
735
d7a5a11d 736 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 737 settings |= MGMT_SETTING_SECURE_CONN;
738
d7a5a11d 739 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 740 settings |= MGMT_SETTING_DEBUG_KEYS;
741
d7a5a11d 742 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 743 settings |= MGMT_SETTING_PRIVACY;
744
93690c22
MH		 745 /* The current setting for static address has two purposes. The
746 * first is to indicate if the static address will be used and
747 * the second is to indicate if it is actually set.
748 *
749 * This means if the static address is not configured, this flag
750 * will never bet set. If the address is configured, then if the
751 * address is actually used decides if the flag is set or not.
752 *
753 * For single mode LE only controllers and dual-mode controllers
754 * with BR/EDR disabled, the existence of the static address will
755 * be evaluated.
756 */
b7cb93e5 757 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 758 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 759 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
760 if (bacmp(&hdev->static_addr, BDADDR_ANY))
761 settings |= MGMT_SETTING_STATIC_ADDRESS;
762 }
763
69ab39ea
JH		 764 return settings;
765}
766
ef580372
JH		 767#define PNP_INFO_SVCLASS_ID 0x1200
768
213202ed
JH		 769static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
770{
771 u8 *ptr = data, *uuids_start = NULL;
772 struct bt_uuid *uuid;
773
774 if (len < 4)
775 return ptr;
776
777 list_for_each_entry(uuid, &hdev->uuids, list) {
778 u16 uuid16;
779
780 if (uuid->size != 16)
781 continue;
782
783 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
784 if (uuid16 < 0x1100)
785 continue;
786
787 if (uuid16 == PNP_INFO_SVCLASS_ID)
788 continue;
789
790 if (!uuids_start) {
791 uuids_start = ptr;
792 uuids_start[0] = 1;
793 uuids_start[1] = EIR_UUID16_ALL;
794 ptr += 2;
795 }
796
797 /* Stop if not enough space to put next UUID */
798 if ((ptr - data) + sizeof(u16) > len) {
799 uuids_start[1] = EIR_UUID16_SOME;
800 break;
801 }
802
803 *ptr++ = (uuid16 & 0x00ff);
804 *ptr++ = (uuid16 & 0xff00) >> 8;
805 uuids_start[0] += sizeof(uuid16);
806 }
807
808 return ptr;
809}
810
cdf1963f
JH		 811static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
812{
813 u8 *ptr = data, *uuids_start = NULL;
814 struct bt_uuid *uuid;
815
816 if (len < 6)
817 return ptr;
818
819 list_for_each_entry(uuid, &hdev->uuids, list) {
820 if (uuid->size != 32)
821 continue;
822
823 if (!uuids_start) {
824 uuids_start = ptr;
825 uuids_start[0] = 1;
826 uuids_start[1] = EIR_UUID32_ALL;
827 ptr += 2;
828 }
829
830 /* Stop if not enough space to put next UUID */
831 if ((ptr - data) + sizeof(u32) > len) {
832 uuids_start[1] = EIR_UUID32_SOME;
833 break;
834 }
835
836 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
837 ptr += sizeof(u32);
838 uuids_start[0] += sizeof(u32);
839 }
840
841 return ptr;
842}
843
c00d575b
JH		 844static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
845{
846 u8 *ptr = data, *uuids_start = NULL;
847 struct bt_uuid *uuid;
848
849 if (len < 18)
850 return ptr;
851
852 list_for_each_entry(uuid, &hdev->uuids, list) {
853 if (uuid->size != 128)
854 continue;
855
856 if (!uuids_start) {
857 uuids_start = ptr;
858 uuids_start[0] = 1;
859 uuids_start[1] = EIR_UUID128_ALL;
860 ptr += 2;
861 }
862
863 /* Stop if not enough space to put next UUID */
864 if ((ptr - data) + 16 > len) {
865 uuids_start[1] = EIR_UUID128_SOME;
866 break;
867 }
868
869 memcpy(ptr, uuid->uuid, 16);
870 ptr += 16;
871 uuids_start[0] += 16;
872 }
873
874 return ptr;
875}
876
3b0602cd
JH		 877static struct mgmt_pending_cmd *mgmt_pending_find(u16 opcode,
878 struct hci_dev *hdev)
eb2a8d20 879{
3b0602cd 880 struct mgmt_pending_cmd *cmd;
eb2a8d20
JH		 881
882 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
883 if (cmd->opcode == opcode)
884 return cmd;
885 }
886
887 return NULL;
888}
889
3b0602cd
JH		 890static struct mgmt_pending_cmd *mgmt_pending_find_data(u16 opcode,
891 struct hci_dev *hdev,
892 const void *data)
95868426 893{
3b0602cd 894 struct mgmt_pending_cmd *cmd;
95868426
JH		 895
896 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
897 if (cmd->user_data != data)
898 continue;
899 if (cmd->opcode == opcode)
900 return cmd;
901 }
902
903 return NULL;
904}
905
f14d8f64
MH		 906static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
907{
7a5f4990
MH		 908 u8 ad_len = 0;
909 size_t name_len;
910
911 name_len = strlen(hdev->dev_name);
912 if (name_len > 0) {
913 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
914
915 if (name_len > max_len) {
916 name_len = max_len;
917 ptr[1] = EIR_NAME_SHORT;
918 } else
919 ptr[1] = EIR_NAME_COMPLETE;
920
921 ptr[0] = name_len + 1;
922
923 memcpy(ptr + 2, hdev->dev_name, name_len);
924
925 ad_len += (name_len + 2);
926 ptr += (name_len + 2);
927 }
928
929 return ad_len;
f14d8f64
MH		 930}
931
932static void update_scan_rsp_data(struct hci_request *req)
933{
934 struct hci_dev *hdev = req->hdev;
935 struct hci_cp_le_set_scan_rsp_data cp;
936 u8 len;
937
d7a5a11d 938 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
f14d8f64
MH		 939 return;
940
941 memset(&cp, 0, sizeof(cp));
942
943 len = create_scan_rsp_data(hdev, cp.data);
944
eb438b5f
JH		 945 if (hdev->scan_rsp_data_len == len &&
946 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 947 return;
948
eb438b5f
JH		 949 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
950 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 951
952 cp.length = len;
953
954 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
955}
956
9a43e25f
JH		 957static u8 get_adv_discov_flags(struct hci_dev *hdev)
958{
3b0602cd 959 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 960
961 /* If there's a pending mgmt command the flags will not yet have
962 * their final values, so check for this first.
963 */
964 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
965 if (cmd) {
966 struct mgmt_mode *cp = cmd->param;
967 if (cp->val == 0x01)
968 return LE_AD_GENERAL;
969 else if (cp->val == 0x02)
970 return LE_AD_LIMITED;
971 } else {
d7a5a11d 972 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 973 return LE_AD_LIMITED;
d7a5a11d 974 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 975 return LE_AD_GENERAL;
976 }
977
978 return 0;
979}
980
46cad2ed 981static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 982{
983 u8 ad_len = 0, flags = 0;
441ad2d0 984
9a43e25f 985 flags |= get_adv_discov_flags(hdev);
441ad2d0 986
d7a5a11d 987 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
441ad2d0 988 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 989
990 if (flags) {
991 BT_DBG("adv flags 0x%02x", flags);
992
993 ptr[0] = 2;
994 ptr[1] = EIR_FLAGS;
995 ptr[2] = flags;
996
997 ad_len += 3;
998 ptr += 3;
999 }
1000
1001 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
1002 ptr[0] = 2;
1003 ptr[1] = EIR_TX_POWER;
1004 ptr[2] = (u8) hdev->adv_tx_power;
1005
1006 ad_len += 3;
1007 ptr += 3;
1008 }
1009
441ad2d0
MH		 1010 return ad_len;
1011}
1012
5947f4bc 1013static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 1014{
1015 struct hci_dev *hdev = req->hdev;
1016 struct hci_cp_le_set_adv_data cp;
1017 u8 len;
1018
d7a5a11d 1019 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
441ad2d0
MH		 1020 return;
1021
1022 memset(&cp, 0, sizeof(cp));
1023
46cad2ed 1024 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 1025
1026 if (hdev->adv_data_len == len &&
1027 memcmp(cp.data, hdev->adv_data, len) == 0)
1028 return;
1029
1030 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1031 hdev->adv_data_len = len;
1032
1033 cp.length = len;
1034
1035 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1036}
1037
bc6d2d04
JH		 1038int mgmt_update_adv_data(struct hci_dev *hdev)
1039{
1040 struct hci_request req;
1041
1042 hci_req_init(&req, hdev);
1043 update_adv_data(&req);
1044
1045 return hci_req_run(&req, NULL);
1046}
1047
ef580372
JH		 1048static void create_eir(struct hci_dev *hdev, u8 *data)
1049{
1050 u8 *ptr = data;
ef580372
JH		 1051 size_t name_len;
1052
1053 name_len = strlen(hdev->dev_name);
1054
1055 if (name_len > 0) {
1056 /* EIR Data type */
1057 if (name_len > 48) {
1058 name_len = 48;
1059 ptr[1] = EIR_NAME_SHORT;
1060 } else
1061 ptr[1] = EIR_NAME_COMPLETE;
1062
1063 /* EIR Data length */
1064 ptr[0] = name_len + 1;
1065
1066 memcpy(ptr + 2, hdev->dev_name, name_len);
1067
ef580372
JH		 1068 ptr += (name_len + 2);
1069 }
1070
bbaf444a 1071 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 1072 ptr[0] = 2;
1073 ptr[1] = EIR_TX_POWER;
1074 ptr[2] = (u8) hdev->inq_tx_power;
1075
91c4e9b1
MH		 1076 ptr += 3;
1077 }
1078
2b9be137
MH		 1079 if (hdev->devid_source > 0) {
1080 ptr[0] = 9;
1081 ptr[1] = EIR_DEVICE_ID;
1082
1083 put_unaligned_le16(hdev->devid_source, ptr + 2);
1084 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1085 put_unaligned_le16(hdev->devid_product, ptr + 6);
1086 put_unaligned_le16(hdev->devid_version, ptr + 8);
1087
2b9be137
MH		 1088 ptr += 10;
1089 }
1090
213202ed 1091 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 1092 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 1093 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 1094}
1095
890ea898 1096static void update_eir(struct hci_request *req)
ef580372 1097{
890ea898 1098 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1099 struct hci_cp_write_eir cp;
1100
504c8dcd 1101 if (!hdev_is_powered(hdev))
890ea898 1102 return;
7770c4aa 1103
976eb20e 1104 if (!lmp_ext_inq_capable(hdev))
890ea898 1105 return;
ef580372 1106
d7a5a11d 1107 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
890ea898 1108 return;
ef580372 1109
d7a5a11d 1110 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1111 return;
ef580372
JH		 1112
1113 memset(&cp, 0, sizeof(cp));
1114
1115 create_eir(hdev, cp.data);
1116
1117 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 1118 return;
ef580372
JH		 1119
1120 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1121
890ea898 1122 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 1123}
1124
1125static u8 get_service_classes(struct hci_dev *hdev)
1126{
1127 struct bt_uuid *uuid;
1128 u8 val = 0;
1129
1130 list_for_each_entry(uuid, &hdev->uuids, list)
1131 val |= uuid->svc_hint;
1132
1133 return val;
1134}
1135
890ea898 1136static void update_class(struct hci_request *req)
ef580372 1137{
890ea898 1138 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1139 u8 cod[3];
1140
1141 BT_DBG("%s", hdev->name);
1142
504c8dcd 1143 if (!hdev_is_powered(hdev))
890ea898 1144 return;
7770c4aa 1145
d7a5a11d 1146 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
f87ea1da
JH		 1147 return;
1148
d7a5a11d 1149 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1150 return;
ef580372
JH		 1151
1152 cod[0] = hdev->minor_class;
1153 cod[1] = hdev->major_class;
1154 cod[2] = get_service_classes(hdev);
1155
d7a5a11d 1156 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
6acd7db4
MH		 1157 cod[1] |= 0x20;
1158
ef580372 1159 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1160 return;
ef580372 1161
890ea898 1162 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1163}
1164
a4858cb9 1165static bool get_connectable(struct hci_dev *hdev)
199a2fb1 1166{
3b0602cd 1167 struct mgmt_pending_cmd *cmd;
199a2fb1
JH		 1168
1169 /* If there's a pending mgmt command the flag will not yet have
1170 * it's final value, so check for this first.
1171 */
1172 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1173 if (cmd) {
1174 struct mgmt_mode *cp = cmd->param;
a4858cb9 1175 return cp->val;
199a2fb1
JH		 1176 }
1177
d7a5a11d 1178 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
199a2fb1
JH		 1179}
1180
0ec5ae84
JH		 1181static void disable_advertising(struct hci_request *req)
1182{
1183 u8 enable = 0x00;
1184
1185 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1186}
1187
199a2fb1
JH		 1188static void enable_advertising(struct hci_request *req)
1189{
1190 struct hci_dev *hdev = req->hdev;
1191 struct hci_cp_le_set_adv_param cp;
8f2a0601 1192 u8 own_addr_type, enable = 0x01;
a4858cb9 1193 bool connectable;
199a2fb1 1194
0ec5ae84
JH		 1195 if (hci_conn_num(hdev, LE_LINK) > 0)
1196 return;
1197
d7a5a11d 1198 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
0ec5ae84
JH		 1199 disable_advertising(req);
1200
5ce194c4 1201 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1202 * hci_update_random_address knows that it's safe to go ahead
1203 * and write a new random address. The flag will be set back on
1204 * as soon as the SET_ADV_ENABLE HCI command completes.
1205 */
a358dc11 1206 hci_dev_clear_flag(hdev, HCI_LE_ADV);
8d97250e 1207
d7a5a11d 1208 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
cc91cb04
MH		 1209 connectable = true;
1210 else
1211 connectable = get_connectable(hdev);
8f2a0601 1212
a4858cb9
JH		 1213 /* Set require_privacy to true only when non-connectable
1214 * advertising is used. In that case it is fine to use a
1215 * non-resolvable private address.
1216 */
1217 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1218 return;
1219
41c90c18 1220 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1221 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1222 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1223 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1224 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1225 cp.channel_map = hdev->le_adv_channel_map;
1226
1227 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1228
1229 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1230}
1231
7d78525d
JH		 1232static void service_cache_off(struct work_struct *work)
1233{
1234 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1235 service_cache.work);
890ea898 1236 struct hci_request req;
7d78525d 1237
a69d8927 1238 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 1239 return;
1240
890ea898
JH		 1241 hci_req_init(&req, hdev);
1242
7d78525d
JH		 1243 hci_dev_lock(hdev);
1244
890ea898
JH		 1245 update_eir(&req);
1246 update_class(&req);
7d78525d
JH		 1247
1248 hci_dev_unlock(hdev);
890ea898
JH		 1249
1250 hci_req_run(&req, NULL);
7d78525d
JH		 1251}
1252
d6bfd59c
JH		 1253static void rpa_expired(struct work_struct *work)
1254{
1255 struct hci_dev *hdev = container_of(work, struct hci_dev,
1256 rpa_expired.work);
1257 struct hci_request req;
1258
1259 BT_DBG("");
1260
a1536da2 1261 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 1262
d7a5a11d 1263 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 1264 return;
1265
1266 /* The generation of a new RPA and programming it into the
1267 * controller happens in the enable_advertising() function.
1268 */
d6bfd59c 1269 hci_req_init(&req, hdev);
d6bfd59c 1270 enable_advertising(&req);
d6bfd59c
JH		 1271 hci_req_run(&req, NULL);
1272}
1273
6a919082 1274static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1275{
238be788 1276 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 1277 return;
1278
4f87da80 1279 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1280 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1281
4f87da80
JH		 1282 /* Non-mgmt controlled devices get this bit set
1283 * implicitly so that pairing works for them, however
1284 * for mgmt we require user-space to explicitly enable
1285 * it
1286 */
a358dc11 1287 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 1288}
1289
0f4e68cf 1290static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1291 void *data, u16 data_len)
0381101f 1292{
a38528f1 1293 struct mgmt_rp_read_info rp;
f7b64e69 1294
bdb6d971 1295 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1296
09fd0de5 1297 hci_dev_lock(hdev);
f7b64e69 1298
dc4fe30b
JH		 1299 memset(&rp, 0, sizeof(rp));
1300
69ab39ea 1301 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1302
69ab39ea 1303 rp.version = hdev->hci_ver;
eb55ef07 1304 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1305
1306 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1307 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1308
a38528f1 1309 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1310
dc4fe30b 1311 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1312 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1313
09fd0de5 1314 hci_dev_unlock(hdev);
0381101f 1315
2a1afb5a
JH		 1316 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1317 sizeof(rp));
0381101f
JH		 1318}
1319
3b0602cd 1320static void mgmt_pending_free(struct mgmt_pending_cmd *cmd)
eec8d2bc
JH		 1321{
1322 sock_put(cmd->sk);
c68fb7ff 1323 kfree(cmd->param);
eec8d2bc
JH		 1324 kfree(cmd);
1325}
1326
3b0602cd
JH		 1327static struct mgmt_pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1328 struct hci_dev *hdev,
1329 void *data, u16 len)
eec8d2bc 1330{
3b0602cd 1331 struct mgmt_pending_cmd *cmd;
eec8d2bc 1332
fca20018 1333 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1334 if (!cmd)
366a0336 1335 return NULL;
eec8d2bc
JH		 1336
1337 cmd->opcode = opcode;
2e58ef3e 1338 cmd->index = hdev->id;
eec8d2bc 1339
323b0b88 1340 cmd->param = kmemdup(data, len, GFP_KERNEL);
c68fb7ff 1341 if (!cmd->param) {
eec8d2bc 1342 kfree(cmd);
366a0336 1343 return NULL;
eec8d2bc
JH		 1344 }
1345
323b0b88 1346 cmd->param_len = len;
eec8d2bc
JH		 1347
1348 cmd->sk = sk;
1349 sock_hold(sk);
1350
2e58ef3e 1351 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1352
366a0336 1353 return cmd;
eec8d2bc
JH		 1354}
1355
744cf19e 1356static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
3b0602cd 1357 void (*cb)(struct mgmt_pending_cmd *cmd,
8fc9ced3 1358 void *data),
04124681 1359 void *data)
eec8d2bc 1360{
3b0602cd 1361 struct mgmt_pending_cmd *cmd, *tmp;
eec8d2bc 1362
a3d09356 1363 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1364 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1365 continue;
1366
eec8d2bc
JH		 1367 cb(cmd, data);
1368 }
1369}
1370
3b0602cd 1371static void mgmt_pending_remove(struct mgmt_pending_cmd *cmd)
73f22f62 1372{
73f22f62
JH		 1373 list_del(&cmd->list);
1374 mgmt_pending_free(cmd);
1375}
1376
69ab39ea 1377static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1378{
69ab39ea 1379 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1380
2a1afb5a
JH		 1381 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1382 sizeof(settings));
8680570b
JH		 1383}
1384
1904a853 1385static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1386{
1387 BT_DBG("%s status 0x%02x", hdev->name, status);
1388
a3172b7e
JH		 1389 if (hci_conn_count(hdev) == 0) {
1390 cancel_delayed_work(&hdev->power_off);
8b064a3a 1391 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1392 }
8b064a3a
JH		 1393}
1394
23a48093 1395static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1396{
1397 struct hci_dev *hdev = req->hdev;
1398 struct hci_cp_remote_name_req_cancel cp;
1399 struct inquiry_entry *e;
1400
1401 switch (hdev->discovery.state) {
1402 case DISCOVERY_FINDING:
1403 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1404 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1405 } else {
1406 cancel_delayed_work(&hdev->le_scan_disable);
1407 hci_req_add_le_scan_disable(req);
1408 }
1409
23a48093 1410 return true;
21a60d30
JH		 1411
1412 case DISCOVERY_RESOLVING:
1413 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1414 NAME_PENDING);
1415 if (!e)
23a48093 1416 break;
21a60d30
JH		 1417
1418 bacpy(&cp.bdaddr, &e->data.bdaddr);
1419 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1420 &cp);
1421
23a48093 1422 return true;
21a60d30
JH		 1423
1424 default:
1425 /* Passive scanning */
d7a5a11d 1426 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
21a60d30 1427 hci_req_add_le_scan_disable(req);
23a48093
JH		 1428 return true;
1429 }
1430
21a60d30
JH		 1431 break;
1432 }
23a48093
JH		 1433
1434 return false;
21a60d30
JH		 1435}
1436
8b064a3a
JH		 1437static int clean_up_hci_state(struct hci_dev *hdev)
1438{
1439 struct hci_request req;
1440 struct hci_conn *conn;
23a48093
JH		 1441 bool discov_stopped;
1442 int err;
8b064a3a
JH		 1443
1444 hci_req_init(&req, hdev);
1445
1446 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1447 test_bit(HCI_PSCAN, &hdev->flags)) {
1448 u8 scan = 0x00;
1449 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1450 }
1451
d7a5a11d 1452 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
8b064a3a
JH		 1453 disable_advertising(&req);
1454
23a48093 1455 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1456
1457 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1458 struct hci_cp_disconnect dc;
c9910d0f
JH		 1459 struct hci_cp_reject_conn_req rej;
1460
1461 switch (conn->state) {
1462 case BT_CONNECTED:
1463 case BT_CONFIG:
1464 dc.handle = cpu_to_le16(conn->handle);
1465 dc.reason = 0x15; /* Terminated due to Power Off */
1466 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1467 break;
1468 case BT_CONNECT:
1469 if (conn->type == LE_LINK)
1470 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1471 0, NULL);
1472 else if (conn->type == ACL_LINK)
1473 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1474 6, &conn->dst);
1475 break;
1476 case BT_CONNECT2:
1477 bacpy(&rej.bdaddr, &conn->dst);
1478 rej.reason = 0x15; /* Terminated due to Power Off */
1479 if (conn->type == ACL_LINK)
1480 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1481 sizeof(rej), &rej);
1482 else if (conn->type == SCO_LINK)
1483 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1484 sizeof(rej), &rej);
1485 break;
1486 }
8b064a3a
JH		 1487 }
1488
23a48093
JH		 1489 err = hci_req_run(&req, clean_up_hci_complete);
1490 if (!err && discov_stopped)
1491 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1492
1493 return err;
8b064a3a
JH		 1494}
1495
bdb6d971 1496static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1497 u16 len)
eec8d2bc 1498{
650f726d 1499 struct mgmt_mode *cp = data;
3b0602cd 1500 struct mgmt_pending_cmd *cmd;
4b34ee78 1501 int err;
eec8d2bc 1502
bdb6d971 1503 BT_DBG("request for %s", hdev->name);
eec8d2bc 1504
a7e80f25 1505 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1506 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1507 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1508
09fd0de5 1509 hci_dev_lock(hdev);
eec8d2bc 1510
87b95ba6 1511 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1512 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1513 MGMT_STATUS_BUSY);
87b95ba6
JH		 1514 goto failed;
1515 }
1516
a69d8927 1517 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
f0d4b78a
MH		 1518 cancel_delayed_work(&hdev->power_off);
1519
1520 if (cp->val) {
a1d70450
JH		 1521 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1522 data, len);
1523 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1524 goto failed;
1525 }
1526 }
1527
4b34ee78 1528 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1529 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1530 goto failed;
1531 }
1532
2e58ef3e 1533 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1534 if (!cmd) {
1535 err = -ENOMEM;
eec8d2bc 1536 goto failed;
366a0336 1537 }
eec8d2bc 1538
8b064a3a 1539 if (cp->val) {
19202573 1540 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1541 err = 0;
1542 } else {
1543 /* Disconnect connections, stop scans, etc */
1544 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1545 if (!err)
1546 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1547 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1548
8b064a3a
JH		 1549 /* ENODATA means there were no HCI commands queued */
1550 if (err == -ENODATA) {
a3172b7e 1551 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1552 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1553 err = 0;
1554 }
1555 }
eec8d2bc
JH		 1556
1557failed:
09fd0de5 1558 hci_dev_unlock(hdev);
366a0336 1559 return err;
eec8d2bc
JH		 1560}
1561
beadb2bd
JH		 1562static int new_settings(struct hci_dev *hdev, struct sock *skip)
1563{
f6b7712e 1564 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1565
f6b7712e
MH		 1566 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1567 sizeof(ev), skip);
beadb2bd
JH		 1568}
1569
91a668b0
JH		 1570int mgmt_new_settings(struct hci_dev *hdev)
1571{
1572 return new_settings(hdev, NULL);
1573}
1574
bd99abdd
JH		 1575struct cmd_lookup {
1576 struct sock *sk;
1577 struct hci_dev *hdev;
1578 u8 mgmt_status;
1579};
1580
3b0602cd 1581static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1582{
1583 struct cmd_lookup *match = data;
1584
1585 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1586
1587 list_del(&cmd->list);
1588
1589 if (match->sk == NULL) {
1590 match->sk = cmd->sk;
1591 sock_hold(match->sk);
1592 }
1593
1594 mgmt_pending_free(cmd);
1595}
1596
3b0602cd 1597static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1598{
1599 u8 *status = data;
1600
a69e8375 1601 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1602 mgmt_pending_remove(cmd);
1603}
1604
3b0602cd 1605static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1606{
1607 if (cmd->cmd_complete) {
1608 u8 *status = data;
1609
1610 cmd->cmd_complete(cmd, *status);
1611 mgmt_pending_remove(cmd);
1612
1613 return;
1614 }
1615
1616 cmd_status_rsp(cmd, data);
1617}
1618
3b0602cd 1619static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1620{
2a1afb5a
JH		 1621 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1622 cmd->param, cmd->param_len);
f5818c22
JH		 1623}
1624
3b0602cd 1625static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1626{
2a1afb5a
JH		 1627 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1628 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1629}
1630
e6fe7986
JH		 1631static u8 mgmt_bredr_support(struct hci_dev *hdev)
1632{
1633 if (!lmp_bredr_capable(hdev))
1634 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1635 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1636 return MGMT_STATUS_REJECTED;
1637 else
1638 return MGMT_STATUS_SUCCESS;
1639}
1640
1641static u8 mgmt_le_support(struct hci_dev *hdev)
1642{
1643 if (!lmp_le_capable(hdev))
1644 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1645 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1646 return MGMT_STATUS_REJECTED;
1647 else
1648 return MGMT_STATUS_SUCCESS;
1649}
1650
1904a853
MH		 1651static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1652 u16 opcode)
bfaf8c9f 1653{
3b0602cd 1654 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1655 struct mgmt_mode *cp;
970ba524 1656 struct hci_request req;
bfaf8c9f
JH		 1657 bool changed;
1658
1659 BT_DBG("status 0x%02x", status);
1660
1661 hci_dev_lock(hdev);
1662
1663 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1664 if (!cmd)
1665 goto unlock;
1666
1667 if (status) {
1668 u8 mgmt_err = mgmt_status(status);
a69e8375 1669 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1670 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1671 goto remove_cmd;
1672 }
1673
1674 cp = cmd->param;
d4462a07 1675 if (cp->val) {
238be788 1676 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
d4462a07
MH		 1677
1678 if (hdev->discov_timeout > 0) {
1679 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1680 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1681 to);
1682 }
1683 } else {
a69d8927 1684 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
d4462a07 1685 }
bfaf8c9f
JH		 1686
1687 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1688
1689 if (changed)
1690 new_settings(hdev, cmd->sk);
1691
970ba524
MH		 1692 /* When the discoverable mode gets changed, make sure
1693 * that class of device has the limited discoverable
432df05e
JH		 1694 * bit correctly set. Also update page scan based on whitelist
1695 * entries.
970ba524
MH		 1696 */
1697 hci_req_init(&req, hdev);
1d2dc5b7 1698 __hci_update_page_scan(&req);
970ba524
MH		 1699 update_class(&req);
1700 hci_req_run(&req, NULL);
1701
bfaf8c9f
JH		 1702remove_cmd:
1703 mgmt_pending_remove(cmd);
1704
1705unlock:
1706 hci_dev_unlock(hdev);
1707}
1708
bdb6d971 1709static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1710 u16 len)
73f22f62 1711{
650f726d 1712 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1713 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1714 struct hci_request req;
5e5282bb 1715 u16 timeout;
9a43e25f 1716 u8 scan;
73f22f62
JH		 1717 int err;
1718
bdb6d971 1719 BT_DBG("request for %s", hdev->name);
73f22f62 1720
d7a5a11d
MH		 1721 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1722 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1723 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1724 MGMT_STATUS_REJECTED);
33c525c0 1725
310a3d48 1726 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1727 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1728 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1729
1f350c87 1730 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1731
1732 /* Disabling discoverable requires that no timeout is set,
1733 * and enabling limited discoverable requires a timeout.
1734 */
1735 if ((cp->val == 0x00 && timeout > 0) ||
1736 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1737 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1738 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1739
09fd0de5 1740 hci_dev_lock(hdev);
73f22f62 1741
5e5282bb 1742 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1743 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1744 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1745 goto failed;
1746 }
1747
2e58ef3e 1748 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1749 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1750 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1751 MGMT_STATUS_BUSY);
73f22f62
JH		 1752 goto failed;
1753 }
1754
d7a5a11d 1755 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1756 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1757 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1758 goto failed;
1759 }
1760
1761 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1762 bool changed = false;
1763
310a3d48
MH		 1764 /* Setting limited discoverable when powered off is
1765 * not a valid operation since it requires a timeout
1766 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1767 */
d7a5a11d 1768 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1769 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1770 changed = true;
1771 }
1772
5e5282bb 1773 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1774 if (err < 0)
1775 goto failed;
1776
1777 if (changed)
1778 err = new_settings(hdev, sk);
1779
5e5282bb
JH		 1780 goto failed;
1781 }
1782
310a3d48
MH		 1783 /* If the current mode is the same, then just update the timeout
1784 * value with the new value. And if only the timeout gets updated,
1785 * then no need for any HCI transactions.
1786 */
d7a5a11d
MH		 1787 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1788 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1789 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1790 cancel_delayed_work(&hdev->discov_off);
1791 hdev->discov_timeout = timeout;
955638ec 1792
36261547
MH		 1793 if (cp->val && hdev->discov_timeout > 0) {
1794 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1795 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1796 to);
955638ec
MH		 1797 }
1798
69ab39ea 1799 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1800 goto failed;
1801 }
1802
2e58ef3e 1803 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1804 if (!cmd) {
1805 err = -ENOMEM;
73f22f62 1806 goto failed;
366a0336 1807 }
73f22f62 1808
310a3d48
MH		 1809 /* Cancel any potential discoverable timeout that might be
1810 * still active and store new timeout value. The arming of
1811 * the timeout happens in the complete handler.
1812 */
1813 cancel_delayed_work(&hdev->discov_off);
1814 hdev->discov_timeout = timeout;
1815
b456f87c
JH		 1816 /* Limited discoverable mode */
1817 if (cp->val == 0x02)
a1536da2 1818 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1819 else
a358dc11 1820 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1821
bfaf8c9f
JH		 1822 hci_req_init(&req, hdev);
1823
9a43e25f
JH		 1824 /* The procedure for LE-only controllers is much simpler - just
1825 * update the advertising data.
1826 */
d7a5a11d 1827 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
9a43e25f
JH		 1828 goto update_ad;
1829
73f22f62
JH		 1830 scan = SCAN_PAGE;
1831
310a3d48
MH		 1832 if (cp->val) {
1833 struct hci_cp_write_current_iac_lap hci_cp;
1834
1835 if (cp->val == 0x02) {
1836 /* Limited discoverable mode */
33337dcb 1837 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1838 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1839 hci_cp.iac_lap[1] = 0x8b;
1840 hci_cp.iac_lap[2] = 0x9e;
1841 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1842 hci_cp.iac_lap[4] = 0x8b;
1843 hci_cp.iac_lap[5] = 0x9e;
1844 } else {
1845 /* General discoverable mode */
310a3d48
MH		 1846 hci_cp.num_iac = 1;
1847 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1848 hci_cp.iac_lap[1] = 0x8b;
1849 hci_cp.iac_lap[2] = 0x9e;
1850 }
1851
1852 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1853 (hci_cp.num_iac * 3) + 1, &hci_cp);
1854
73f22f62 1855 scan |= SCAN_INQUIRY;
310a3d48 1856 } else {
a358dc11 1857 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
310a3d48 1858 }
73f22f62 1859
310a3d48 1860 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1861
9a43e25f
JH		 1862update_ad:
1863 update_adv_data(&req);
1864
bfaf8c9f 1865 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1866 if (err < 0)
a664b5bc 1867 mgmt_pending_remove(cmd);
73f22f62
JH		 1868
1869failed:
09fd0de5 1870 hci_dev_unlock(hdev);
73f22f62
JH		 1871 return err;
1872}
1873
406d7804
JH		 1874static void write_fast_connectable(struct hci_request *req, bool enable)
1875{
bd98b996 1876 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1877 struct hci_cp_write_page_scan_activity acp;
1878 u8 type;
1879
d7a5a11d 1880 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
547003b1
JH		 1881 return;
1882
4c01f8b8
JH		 1883 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1884 return;
1885
406d7804
JH		 1886 if (enable) {
1887 type = PAGE_SCAN_TYPE_INTERLACED;
1888
1889 /* 160 msec page scan interval */
dcf4adbf 1890 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1891 } else {
1892 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1893
1894 /* default 1.28 sec page scan */
dcf4adbf 1895 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1896 }
1897
dcf4adbf 1898 acp.window = cpu_to_le16(0x0012);
406d7804 1899
bd98b996
JH		 1900 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1901 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1902 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1903 sizeof(acp), &acp);
1904
1905 if (hdev->page_scan_type != type)
1906 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1907}
1908
1904a853
MH		 1909static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1910 u16 opcode)
2b76f453 1911{
3b0602cd 1912 struct mgmt_pending_cmd *cmd;
d7b856f9 1913 struct mgmt_mode *cp;
bc6d2d04 1914 bool conn_changed, discov_changed;
2b76f453
JH		 1915
1916 BT_DBG("status 0x%02x", status);
1917
1918 hci_dev_lock(hdev);
1919
1920 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1921 if (!cmd)
1922 goto unlock;
1923
37438c1f
JH		 1924 if (status) {
1925 u8 mgmt_err = mgmt_status(status);
a69e8375 1926 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1927 goto remove_cmd;
1928 }
1929
d7b856f9 1930 cp = cmd->param;
bc6d2d04 1931 if (cp->val) {
238be788
MH		 1932 conn_changed = !hci_dev_test_and_set_flag(hdev,
1933 HCI_CONNECTABLE);
bc6d2d04
JH		 1934 discov_changed = false;
1935 } else {
a69d8927
MH		 1936 conn_changed = hci_dev_test_and_clear_flag(hdev,
1937 HCI_CONNECTABLE);
1938 discov_changed = hci_dev_test_and_clear_flag(hdev,
1939 HCI_DISCOVERABLE);
bc6d2d04 1940 }
d7b856f9 1941
2b76f453
JH		 1942 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1943
bc6d2d04 1944 if (conn_changed || discov_changed) {
d7b856f9 1945 new_settings(hdev, cmd->sk);
1d2dc5b7 1946 hci_update_page_scan(hdev);
bc6d2d04
JH		 1947 if (discov_changed)
1948 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1949 hci_update_background_scan(hdev);
1950 }
d7b856f9 1951
37438c1f 1952remove_cmd:
2b76f453
JH		 1953 mgmt_pending_remove(cmd);
1954
1955unlock:
1956 hci_dev_unlock(hdev);
1957}
1958
e8ba3a1f
JH		 1959static int set_connectable_update_settings(struct hci_dev *hdev,
1960 struct sock *sk, u8 val)
1961{
1962 bool changed = false;
1963 int err;
1964
d7a5a11d 1965 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1966 changed = true;
1967
1968 if (val) {
a1536da2 1969 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1970 } else {
a358dc11
MH		 1971 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1972 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1973 }
1974
1975 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1976 if (err < 0)
1977 return err;
1978
562064e6 1979 if (changed) {
1d2dc5b7 1980 hci_update_page_scan(hdev);
562064e6 1981 hci_update_background_scan(hdev);
e8ba3a1f 1982 return new_settings(hdev, sk);
562064e6 1983 }
e8ba3a1f
JH		 1984
1985 return 0;
1986}
1987
bdb6d971 1988static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1989 u16 len)
9fbcbb45 1990{
650f726d 1991 struct mgmt_mode *cp = data;
3b0602cd 1992 struct mgmt_pending_cmd *cmd;
2b76f453 1993 struct hci_request req;
1987fdc7 1994 u8 scan;
9fbcbb45
JH		 1995 int err;
1996
bdb6d971 1997 BT_DBG("request for %s", hdev->name);
9fbcbb45 1998
d7a5a11d
MH		 1999 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2000 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 2001 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2002 MGMT_STATUS_REJECTED);
33c525c0 2003
a7e80f25 2004 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2005 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2006 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2007
09fd0de5 2008 hci_dev_lock(hdev);
9fbcbb45 2009
4b34ee78 2010 if (!hdev_is_powered(hdev)) {
e8ba3a1f 2011 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 2012 goto failed;
2013 }
2014
2e58ef3e 2015 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 2016 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 2017 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2018 MGMT_STATUS_BUSY);
9fbcbb45
JH		 2019 goto failed;
2020 }
2021
2e58ef3e 2022 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 2023 if (!cmd) {
2024 err = -ENOMEM;
9fbcbb45 2025 goto failed;
366a0336 2026 }
9fbcbb45 2027
9b74246f 2028 hci_req_init(&req, hdev);
9fbcbb45 2029
9a43e25f
JH		 2030 /* If BR/EDR is not enabled and we disable advertising as a
2031 * by-product of disabling connectable, we need to update the
2032 * advertising flags.
2033 */
d7a5a11d 2034 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
9a43e25f 2035 if (!cp->val) {
a358dc11
MH		 2036 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2037 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
9a43e25f
JH		 2038 }
2039 update_adv_data(&req);
2040 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 2041 if (cp->val) {
2042 scan = SCAN_PAGE;
2043 } else {
3bd27240
JH		 2044 /* If we don't have any whitelist entries just
2045 * disable all scanning. If there are entries
2046 * and we had both page and inquiry scanning
2047 * enabled then fall back to only page scanning.
2048 * Otherwise no changes are needed.
2049 */
2050 if (list_empty(&hdev->whitelist))
2051 scan = SCAN_DISABLED;
2052 else if (test_bit(HCI_ISCAN, &hdev->flags))
2053 scan = SCAN_PAGE;
2054 else
2055 goto no_scan_update;
9b74246f
JH		 2056
2057 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 2058 hdev->discov_timeout > 0)
9b74246f
JH		 2059 cancel_delayed_work(&hdev->discov_off);
2060 }
2b76f453 2061
9b74246f
JH		 2062 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2063 }
2b76f453 2064
3bd27240 2065no_scan_update:
e8b1202c 2066 /* Update the advertising parameters if necessary */
d7a5a11d 2067 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
1987fdc7 2068 enable_advertising(&req);
1987fdc7 2069
2b76f453 2070 err = hci_req_run(&req, set_connectable_complete);
9b74246f 2071 if (err < 0) {
a664b5bc 2072 mgmt_pending_remove(cmd);
9b74246f 2073 if (err == -ENODATA)
a81070ba
JH		 2074 err = set_connectable_update_settings(hdev, sk,
2075 cp->val);
9b74246f
JH		 2076 goto failed;
2077 }
9fbcbb45
JH		 2078
2079failed:
09fd0de5 2080 hci_dev_unlock(hdev);
9fbcbb45
JH		 2081 return err;
2082}
2083
b2939475 2084static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2085 u16 len)
c542a06c 2086{
650f726d 2087 struct mgmt_mode *cp = data;
55594356 2088 bool changed;
c542a06c
JH		 2089 int err;
2090
bdb6d971 2091 BT_DBG("request for %s", hdev->name);
c542a06c 2092
a7e80f25 2093 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2094 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2095 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2096
09fd0de5 2097 hci_dev_lock(hdev);
c542a06c
JH		 2098
2099 if (cp->val)
238be788 2100 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 2101 else
a69d8927 2102 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 2103
b2939475 2104 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 2105 if (err < 0)
55594356 2106 goto unlock;
c542a06c 2107
55594356
MH		 2108 if (changed)
2109 err = new_settings(hdev, sk);
c542a06c 2110
55594356 2111unlock:
09fd0de5 2112 hci_dev_unlock(hdev);
c542a06c
JH		 2113 return err;
2114}
2115
04124681
GP		 2116static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2117 u16 len)
33ef95ed
JH		 2118{
2119 struct mgmt_mode *cp = data;
3b0602cd 2120 struct mgmt_pending_cmd *cmd;
e6fe7986 2121 u8 val, status;
33ef95ed
JH		 2122 int err;
2123
bdb6d971 2124 BT_DBG("request for %s", hdev->name);
33ef95ed 2125
e6fe7986
JH		 2126 status = mgmt_bredr_support(hdev);
2127 if (status)
a69e8375
JH		 2128 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2129 status);
33c525c0 2130
a7e80f25 2131 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2132 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2133 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2134
33ef95ed
JH		 2135 hci_dev_lock(hdev);
2136
4b34ee78 2137 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2138 bool changed = false;
2139
d7a5a11d 2140 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 2141 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 2142 changed = true;
2143 }
2144
2145 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2146 if (err < 0)
2147 goto failed;
2148
2149 if (changed)
2150 err = new_settings(hdev, sk);
2151
33ef95ed
JH		 2152 goto failed;
2153 }
2154
2155 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 2156 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2157 MGMT_STATUS_BUSY);
33ef95ed
JH		 2158 goto failed;
2159 }
2160
2161 val = !!cp->val;
2162
2163 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2164 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2165 goto failed;
2166 }
2167
2168 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2169 if (!cmd) {
2170 err = -ENOMEM;
2171 goto failed;
2172 }
2173
2174 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2175 if (err < 0) {
2176 mgmt_pending_remove(cmd);
2177 goto failed;
2178 }
2179
2180failed:
2181 hci_dev_unlock(hdev);
33ef95ed
JH		 2182 return err;
2183}
2184
bdb6d971 2185static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2186{
2187 struct mgmt_mode *cp = data;
3b0602cd 2188 struct mgmt_pending_cmd *cmd;
72ef0c1a 2189 u8 status;
ed2c4ee3
JH		 2190 int err;
2191
bdb6d971 2192 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2193
cdba5281
MH		 2194 status = mgmt_bredr_support(hdev);
2195 if (status)
a69e8375 2196 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 2197
13ecd8b6 2198 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2199 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2200 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2201
a7e80f25 2202 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2203 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2204 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2205
13ecd8b6 2206 hci_dev_lock(hdev);
6c8f12c1 2207
4b34ee78 2208 if (!hdev_is_powered(hdev)) {
9ecb3e24 2209 bool changed;
c0ecddc2 2210
9ecb3e24 2211 if (cp->val) {
238be788
MH		 2212 changed = !hci_dev_test_and_set_flag(hdev,
2213 HCI_SSP_ENABLED);
9ecb3e24 2214 } else {
a69d8927
MH		 2215 changed = hci_dev_test_and_clear_flag(hdev,
2216 HCI_SSP_ENABLED);
9ecb3e24 2217 if (!changed)
a69d8927
MH		 2218 changed = hci_dev_test_and_clear_flag(hdev,
2219 HCI_HS_ENABLED);
9ecb3e24 2220 else
a358dc11 2221 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 2222 }
2223
2224 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2225 if (err < 0)
2226 goto failed;
2227
2228 if (changed)
2229 err = new_settings(hdev, sk);
2230
ed2c4ee3
JH		 2231 goto failed;
2232 }
2233
94d52dad 2234 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2235 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2236 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2237 goto failed;
2238 }
2239
d7a5a11d 2240 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 2241 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2242 goto failed;
2243 }
2244
2245 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2246 if (!cmd) {
2247 err = -ENOMEM;
2248 goto failed;
2249 }
2250
d7a5a11d 2251 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 2252 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2253 sizeof(cp->val), &cp->val);
2254
72ef0c1a 2255 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2256 if (err < 0) {
2257 mgmt_pending_remove(cmd);
2258 goto failed;
2259 }
2260
2261failed:
2262 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2263 return err;
2264}
2265
bdb6d971 2266static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2267{
2268 struct mgmt_mode *cp = data;
ee392693 2269 bool changed;
e6fe7986 2270 u8 status;
ee392693 2271 int err;
6d80dfd0 2272
bdb6d971 2273 BT_DBG("request for %s", hdev->name);
6d80dfd0 2274
e6fe7986
JH		 2275 status = mgmt_bredr_support(hdev);
2276 if (status)
a69e8375 2277 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2278
9ecb3e24 2279 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2280 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2281 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 2282
d7a5a11d 2283 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 2284 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2285 MGMT_STATUS_REJECTED);
9ecb3e24 2286
a7e80f25 2287 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2288 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2289 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2290
ee392693
MH		 2291 hci_dev_lock(hdev);
2292
a2cb01de 2293 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2294 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2295 MGMT_STATUS_BUSY);
a2cb01de
JH		 2296 goto unlock;
2297 }
2298
a0cdf960 2299 if (cp->val) {
238be788 2300 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 2301 } else {
2302 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2303 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2304 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2305 goto unlock;
2306 }
2307
a69d8927 2308 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 2309 }
ee392693
MH		 2310
2311 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2312 if (err < 0)
2313 goto unlock;
2314
2315 if (changed)
2316 err = new_settings(hdev, sk);
6d80dfd0 2317
ee392693
MH		 2318unlock:
2319 hci_dev_unlock(hdev);
2320 return err;
6d80dfd0
JH		 2321}
2322
1904a853 2323static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2324{
2325 struct cmd_lookup match = { NULL, hdev };
2326
3ad67582
JK		 2327 hci_dev_lock(hdev);
2328
416a4ae5
JH		 2329 if (status) {
2330 u8 mgmt_err = mgmt_status(status);
2331
2332 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2333 &mgmt_err);
3ad67582 2334 goto unlock;
416a4ae5
JH		 2335 }
2336
2337 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2338
2339 new_settings(hdev, match.sk);
2340
2341 if (match.sk)
2342 sock_put(match.sk);
441ad2d0
MH		 2343
2344 /* Make sure the controller has a good default for
2345 * advertising data. Restrict the update to when LE
2346 * has actually been enabled. During power on, the
2347 * update in powered_update_hci will take care of it.
2348 */
d7a5a11d 2349 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 2350 struct hci_request req;
2351
441ad2d0 2352 hci_req_init(&req, hdev);
5947f4bc 2353 update_adv_data(&req);
f14d8f64 2354 update_scan_rsp_data(&req);
2cf22218 2355 __hci_update_background_scan(&req);
441ad2d0 2356 hci_req_run(&req, NULL);
441ad2d0 2357 }
3ad67582
JK		 2358
2359unlock:
2360 hci_dev_unlock(hdev);
416a4ae5
JH		 2361}
2362
bdb6d971 2363static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2364{
2365 struct mgmt_mode *cp = data;
2366 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 2367 struct mgmt_pending_cmd *cmd;
416a4ae5 2368 struct hci_request req;
06199cf8 2369 int err;
0b60eba1 2370 u8 val, enabled;
06199cf8 2371
bdb6d971 2372 BT_DBG("request for %s", hdev->name);
06199cf8 2373
13ecd8b6 2374 if (!lmp_le_capable(hdev))
a69e8375
JH		 2375 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2376 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2377
a7e80f25 2378 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2379 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2380 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2381
c73eee91 2382 /* LE-only devices do not allow toggling LE on/off */
d7a5a11d 2383 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 2384 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2385 MGMT_STATUS_REJECTED);
c73eee91 2386
13ecd8b6 2387 hci_dev_lock(hdev);
06199cf8
JH		 2388
2389 val = !!cp->val;
ffa88e02 2390 enabled = lmp_host_le_capable(hdev);
06199cf8 2391
0b60eba1 2392 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2393 bool changed = false;
2394
d7a5a11d 2395 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 2396 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 2397 changed = true;
2398 }
2399
d7a5a11d 2400 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 2401 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 2402 changed = true;
2403 }
2404
06199cf8
JH		 2405 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2406 if (err < 0)
1de028ce 2407 goto unlock;
06199cf8
JH		 2408
2409 if (changed)
2410 err = new_settings(hdev, sk);
2411
1de028ce 2412 goto unlock;
06199cf8
JH		 2413 }
2414
4375f103
JH		 2415 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2416 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2417 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2418 MGMT_STATUS_BUSY);
1de028ce 2419 goto unlock;
06199cf8
JH		 2420 }
2421
2422 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2423 if (!cmd) {
2424 err = -ENOMEM;
1de028ce 2425 goto unlock;
06199cf8
JH		 2426 }
2427
441ad2d0
MH		 2428 hci_req_init(&req, hdev);
2429
06199cf8
JH		 2430 memset(&hci_cp, 0, sizeof(hci_cp));
2431
2432 if (val) {
2433 hci_cp.le = val;
32226e4f 2434 hci_cp.simul = 0x00;
441ad2d0 2435 } else {
d7a5a11d 2436 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
441ad2d0 2437 disable_advertising(&req);
06199cf8
JH		 2438 }
2439
416a4ae5
JH		 2440 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2441 &hci_cp);
2442
2443 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2444 if (err < 0)
06199cf8 2445 mgmt_pending_remove(cmd);
06199cf8 2446
1de028ce
JH		 2447unlock:
2448 hci_dev_unlock(hdev);
06199cf8
JH		 2449 return err;
2450}
2451
0cab9c80
JH		 2452/* This is a helper function to test for pending mgmt commands that can
2453 * cause CoD or EIR HCI commands. We can only allow one such pending
2454 * mgmt command at a time since otherwise we cannot easily track what
2455 * the current values are, will be, and based on that calculate if a new
2456 * HCI command needs to be sent and if yes with what value.
2457 */
2458static bool pending_eir_or_class(struct hci_dev *hdev)
2459{
3b0602cd 2460 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2461
2462 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2463 switch (cmd->opcode) {
2464 case MGMT_OP_ADD_UUID:
2465 case MGMT_OP_REMOVE_UUID:
2466 case MGMT_OP_SET_DEV_CLASS:
2467 case MGMT_OP_SET_POWERED:
2468 return true;
2469 }
2470 }
2471
2472 return false;
2473}
2474
83be8eca
JH		 2475static const u8 bluetooth_base_uuid[] = {
2476 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2477 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2478};
2479
2480static u8 get_uuid_size(const u8 *uuid)
2481{
2482 u32 val;
2483
2484 if (memcmp(uuid, bluetooth_base_uuid, 12))
2485 return 128;
2486
2487 val = get_unaligned_le32(&uuid[12]);
2488 if (val > 0xffff)
2489 return 32;
2490
2491 return 16;
2492}
2493
92da6097
JH		 2494static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2495{
3b0602cd 2496 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2497
2498 hci_dev_lock(hdev);
2499
2500 cmd = mgmt_pending_find(mgmt_op, hdev);
2501 if (!cmd)
2502 goto unlock;
2503
2a1afb5a
JH		 2504 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2505 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2506
2507 mgmt_pending_remove(cmd);
2508
2509unlock:
2510 hci_dev_unlock(hdev);
2511}
2512
1904a853 2513static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2514{
2515 BT_DBG("status 0x%02x", status);
2516
2517 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2518}
2519
bdb6d971 2520static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2521{
650f726d 2522 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2523 struct mgmt_pending_cmd *cmd;
890ea898 2524 struct hci_request req;
2aeb9a1a 2525 struct bt_uuid *uuid;
2aeb9a1a
JH		 2526 int err;
2527
bdb6d971 2528 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2529
09fd0de5 2530 hci_dev_lock(hdev);
2aeb9a1a 2531
0cab9c80 2532 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2533 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2534 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2535 goto failed;
2536 }
2537
92c4c204 2538 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2539 if (!uuid) {
2540 err = -ENOMEM;
2541 goto failed;
2542 }
2543
2544 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2545 uuid->svc_hint = cp->svc_hint;
83be8eca 2546 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2547
de66aa63 2548 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2549
890ea898 2550 hci_req_init(&req, hdev);
1aff6f09 2551
890ea898
JH		 2552 update_class(&req);
2553 update_eir(&req);
2554
92da6097
JH		 2555 err = hci_req_run(&req, add_uuid_complete);
2556 if (err < 0) {
2557 if (err != -ENODATA)
2558 goto failed;
80a1e1db 2559
2a1afb5a
JH		 2560 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2561 hdev->dev_class, 3);
90e70454
JH		 2562 goto failed;
2563 }
2564
2565 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2566 if (!cmd) {
90e70454 2567 err = -ENOMEM;
890ea898
JH		 2568 goto failed;
2569 }
2570
2571 err = 0;
2aeb9a1a
JH		 2572
2573failed:
09fd0de5 2574 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2575 return err;
2576}
2577
24b78d0f
JH		 2578static bool enable_service_cache(struct hci_dev *hdev)
2579{
2580 if (!hdev_is_powered(hdev))
2581 return false;
2582
238be788 2583 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2584 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2585 CACHE_TIMEOUT);
24b78d0f
JH		 2586 return true;
2587 }
2588
2589 return false;
2590}
2591
1904a853 2592static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2593{
2594 BT_DBG("status 0x%02x", status);
2595
2596 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2597}
2598
bdb6d971 2599static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2600 u16 len)
2aeb9a1a 2601{
650f726d 2602 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2603 struct mgmt_pending_cmd *cmd;
056341c8 2604 struct bt_uuid *match, *tmp;
2aeb9a1a 2605 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2606 struct hci_request req;
2aeb9a1a
JH		 2607 int err, found;
2608
bdb6d971 2609 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2610
09fd0de5 2611 hci_dev_lock(hdev);
2aeb9a1a 2612
0cab9c80 2613 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2614 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2615 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2616 goto unlock;
2617 }
2618
2aeb9a1a 2619 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2620 hci_uuids_clear(hdev);
4004b6d9 2621
24b78d0f 2622 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2623 err = mgmt_cmd_complete(sk, hdev->id,
2624 MGMT_OP_REMOVE_UUID,
2625 0, hdev->dev_class, 3);
24b78d0f
JH		 2626 goto unlock;
2627 }
4004b6d9 2628
9246a869 2629 goto update_class;
2aeb9a1a
JH		 2630 }
2631
2632 found = 0;
2633
056341c8 2634 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2635 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2636 continue;
2637
2638 list_del(&match->list);
482049f7 2639 kfree(match);
2aeb9a1a
JH		 2640 found++;
2641 }
2642
2643 if (found == 0) {
a69e8375
JH		 2644 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2645 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2646 goto unlock;
2647 }
2648
9246a869 2649update_class:
890ea898 2650 hci_req_init(&req, hdev);
1aff6f09 2651
890ea898
JH		 2652 update_class(&req);
2653 update_eir(&req);
2654
92da6097
JH		 2655 err = hci_req_run(&req, remove_uuid_complete);
2656 if (err < 0) {
2657 if (err != -ENODATA)
2658 goto unlock;
80a1e1db 2659
2a1afb5a
JH		 2660 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2661 hdev->dev_class, 3);
90e70454
JH		 2662 goto unlock;
2663 }
2664
2665 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2666 if (!cmd) {
90e70454 2667 err = -ENOMEM;
890ea898
JH		 2668 goto unlock;
2669 }
2670
2671 err = 0;
2aeb9a1a
JH		 2672
2673unlock:
09fd0de5 2674 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2675 return err;
2676}
2677
1904a853 2678static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2679{
2680 BT_DBG("status 0x%02x", status);
2681
2682 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2683}
2684
bdb6d971 2685static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2686 u16 len)
1aff6f09 2687{
650f726d 2688 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2689 struct mgmt_pending_cmd *cmd;
890ea898 2690 struct hci_request req;
1aff6f09
JH		 2691 int err;
2692
bdb6d971 2693 BT_DBG("request for %s", hdev->name);
1aff6f09 2694
6203fc98 2695 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2696 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2697 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2698
0cab9c80 2699 hci_dev_lock(hdev);
ee98f473 2700
0cab9c80 2701 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2702 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2703 MGMT_STATUS_BUSY);
0cab9c80
JH		 2704 goto unlock;
2705 }
c95f0ba7 2706
0cab9c80 2707 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2708 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2709 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2710 goto unlock;
2711 }
575b3a02 2712
932f5ff5
JH		 2713 hdev->major_class = cp->major;
2714 hdev->minor_class = cp->minor;
2715
b5235a65 2716 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2717 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2718 hdev->dev_class, 3);
b5235a65
JH		 2719 goto unlock;
2720 }
2721
890ea898
JH		 2722 hci_req_init(&req, hdev);
2723
a69d8927 2724 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2725 hci_dev_unlock(hdev);
2726 cancel_delayed_work_sync(&hdev->service_cache);
2727 hci_dev_lock(hdev);
890ea898 2728 update_eir(&req);
7d78525d 2729 }
14c0b608 2730
890ea898
JH		 2731 update_class(&req);
2732
92da6097
JH		 2733 err = hci_req_run(&req, set_class_complete);
2734 if (err < 0) {
2735 if (err != -ENODATA)
2736 goto unlock;
1aff6f09 2737
2a1afb5a
JH		 2738 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2739 hdev->dev_class, 3);
90e70454
JH		 2740 goto unlock;
2741 }
2742
2743 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2744 if (!cmd) {
90e70454 2745 err = -ENOMEM;
890ea898
JH		 2746 goto unlock;
2747 }
2748
2749 err = 0;
1aff6f09 2750
b5235a65 2751unlock:
09fd0de5 2752 hci_dev_unlock(hdev);
1aff6f09
JH		 2753 return err;
2754}
2755
bdb6d971 2756static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2757 u16 len)
55ed8ca1 2758{
650f726d 2759 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2760 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2761 sizeof(struct mgmt_link_key_info));
4e51eae9 2762 u16 key_count, expected_len;
b1de97d8 2763 bool changed;
a492cd52 2764 int i;
55ed8ca1 2765
9060d5cf
MH		 2766 BT_DBG("request for %s", hdev->name);
2767
2768 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2769 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2770 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2771
1f350c87 2772 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2773 if (key_count > max_key_count) {
2774 BT_ERR("load_link_keys: too big key_count value %u",
2775 key_count);
a69e8375
JH		 2776 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2777 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2778 }
55ed8ca1 2779
86742e1e
JH		 2780 expected_len = sizeof(*cp) + key_count *
2781 sizeof(struct mgmt_link_key_info);
a492cd52 2782 if (expected_len != len) {
86742e1e 2783 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2784 expected_len, len);
a69e8375
JH		 2785 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2786 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2787 }
2788
4ae14301 2789 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2790 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2791 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2792
bdb6d971 2793 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2794 key_count);
55ed8ca1 2795
4ee71b20
JH		 2796 for (i = 0; i < key_count; i++) {
2797 struct mgmt_link_key_info *key = &cp->keys[i];
2798
8e991132 2799 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2800 return mgmt_cmd_status(sk, hdev->id,
2801 MGMT_OP_LOAD_LINK_KEYS,
2802 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2803 }
2804
09fd0de5 2805 hci_dev_lock(hdev);
55ed8ca1
JH		 2806
2807 hci_link_keys_clear(hdev);
2808
55ed8ca1 2809 if (cp->debug_keys)
238be788 2810 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2811 else
a69d8927
MH		 2812 changed = hci_dev_test_and_clear_flag(hdev,
2813 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2814
2815 if (changed)
2816 new_settings(hdev, NULL);
55ed8ca1 2817
a492cd52 2818 for (i = 0; i < key_count; i++) {
86742e1e 2819 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2820
58e9293c
JH		 2821 /* Always ignore debug keys and require a new pairing if
2822 * the user wants to use them.
2823 */
2824 if (key->type == HCI_LK_DEBUG_COMBINATION)
2825 continue;
2826
7652ff6a
JH		 2827 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2828 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2829 }
2830
2a1afb5a 2831 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2832
09fd0de5 2833 hci_dev_unlock(hdev);
55ed8ca1 2834
a492cd52 2835 return 0;
55ed8ca1
JH		 2836}
2837
b1078ad0 2838static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2839 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2840{
2841 struct mgmt_ev_device_unpaired ev;
2842
2843 bacpy(&ev.addr.bdaddr, bdaddr);
2844 ev.addr.type = addr_type;
2845
2846 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2847 skip_sk);
b1078ad0
JH		 2848}
2849
bdb6d971 2850static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2851 u16 len)
55ed8ca1 2852{
124f6e35
JH		 2853 struct mgmt_cp_unpair_device *cp = data;
2854 struct mgmt_rp_unpair_device rp;
a8a1d19e 2855 struct hci_cp_disconnect dc;
3b0602cd 2856 struct mgmt_pending_cmd *cmd;
55ed8ca1 2857 struct hci_conn *conn;
55ed8ca1
JH		 2858 int err;
2859
a8a1d19e 2860 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2861 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2862 rp.addr.type = cp->addr.type;
a8a1d19e 2863
4ee71b20 2864 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2865 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2866 MGMT_STATUS_INVALID_PARAMS,
2867 &rp, sizeof(rp));
4ee71b20 2868
118da70b 2869 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2870 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2871 MGMT_STATUS_INVALID_PARAMS,
2872 &rp, sizeof(rp));
118da70b 2873
4ee71b20
JH		 2874 hci_dev_lock(hdev);
2875
86a8cfc6 2876 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2877 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2878 MGMT_STATUS_NOT_POWERED, &rp,
2879 sizeof(rp));
86a8cfc6
JH		 2880 goto unlock;
2881 }
2882
e0b2b27e 2883 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2884 /* If disconnection is requested, then look up the
2885 * connection. If the remote device is connected, it
2886 * will be later used to terminate the link.
2887 *
2888 * Setting it to NULL explicitly will cause no
2889 * termination of the link.
2890 */
2891 if (cp->disconnect)
2892 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2893 &cp->addr.bdaddr);
2894 else
2895 conn = NULL;
2896
124f6e35 2897 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2898 } else {
2899 u8 addr_type;
2900
89cbb063
AA		 2901 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2902 &cp->addr.bdaddr);
2903 if (conn) {
2904 /* Defer clearing up the connection parameters
2905 * until closing to give a chance of keeping
2906 * them if a repairing happens.
2907 */
2908 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2909
2910 /* If disconnection is not requested, then
2911 * clear the connection variable so that the
2912 * link is not terminated.
2913 */
2914 if (!cp->disconnect)
2915 conn = NULL;
2916 }
2917
e0b2b27e
JH		 2918 if (cp->addr.type == BDADDR_LE_PUBLIC)
2919 addr_type = ADDR_LE_DEV_PUBLIC;
2920 else
2921 addr_type = ADDR_LE_DEV_RANDOM;
2922
a7ec7338
JH		 2923 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2924
e0b2b27e
JH		 2925 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2926 }
b0dbfb46 2927
55ed8ca1 2928 if (err < 0) {
2a1afb5a
JH		 2929 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2930 MGMT_STATUS_NOT_PAIRED, &rp,
2931 sizeof(rp));
55ed8ca1
JH		 2932 goto unlock;
2933 }
2934
89cbb063
AA		 2935 /* If the connection variable is set, then termination of the
2936 * link is requested.
2937 */
a8a1d19e 2938 if (!conn) {
2a1afb5a
JH		 2939 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2940 &rp, sizeof(rp));
b1078ad0 2941 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2942 goto unlock;
2943 }
55ed8ca1 2944
124f6e35 2945 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2946 sizeof(*cp));
a8a1d19e
JH		 2947 if (!cmd) {
2948 err = -ENOMEM;
2949 goto unlock;
55ed8ca1
JH		 2950 }
2951
d8b7b1e4
JH		 2952 cmd->cmd_complete = addr_cmd_complete;
2953
eb55ef07 2954 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2955 dc.reason = 0x13; /* Remote User Terminated Connection */
2956 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2957 if (err < 0)
2958 mgmt_pending_remove(cmd);
2959
55ed8ca1 2960unlock:
09fd0de5 2961 hci_dev_unlock(hdev);
55ed8ca1
JH		 2962 return err;
2963}
2964
bdb6d971 2965static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2966 u16 len)
8962ee74 2967{
650f726d 2968 struct mgmt_cp_disconnect *cp = data;
06a63b19 2969 struct mgmt_rp_disconnect rp;
3b0602cd 2970 struct mgmt_pending_cmd *cmd;
8962ee74 2971 struct hci_conn *conn;
8962ee74
JH		 2972 int err;
2973
2974 BT_DBG("");
2975
06a63b19
JH		 2976 memset(&rp, 0, sizeof(rp));
2977 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2978 rp.addr.type = cp->addr.type;
2979
4ee71b20 2980 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2981 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2982 MGMT_STATUS_INVALID_PARAMS,
2983 &rp, sizeof(rp));
4ee71b20 2984
09fd0de5 2985 hci_dev_lock(hdev);
8962ee74
JH		 2986
2987 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2988 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2989 MGMT_STATUS_NOT_POWERED, &rp,
2990 sizeof(rp));
8962ee74
JH		 2991 goto failed;
2992 }
2993
2e58ef3e 2994 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2995 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2996 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2997 goto failed;
2998 }
2999
591f47f3 3000 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 3001 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3002 &cp->addr.bdaddr);
88c3df13
JH		 3003 else
3004 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 3005
f960727e 3006 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 3007 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3008 MGMT_STATUS_NOT_CONNECTED, &rp,
3009 sizeof(rp));
8962ee74
JH		 3010 goto failed;
3011 }
3012
2e58ef3e 3013 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 3014 if (!cmd) {
3015 err = -ENOMEM;
8962ee74 3016 goto failed;
366a0336 3017 }
8962ee74 3018
f5818c22
JH		 3019 cmd->cmd_complete = generic_cmd_complete;
3020
e3f2f92a 3021 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 3022 if (err < 0)
a664b5bc 3023 mgmt_pending_remove(cmd);
8962ee74
JH		 3024
3025failed:
09fd0de5 3026 hci_dev_unlock(hdev);
8962ee74
JH		 3027 return err;
3028}
3029
57c1477c 3030static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 3031{
3032 switch (link_type) {
3033 case LE_LINK:
48264f06
JH		 3034 switch (addr_type) {
3035 case ADDR_LE_DEV_PUBLIC:
591f47f3 3036 return BDADDR_LE_PUBLIC;
0ed09148 3037
48264f06 3038 default:
0ed09148 3039 /* Fallback to LE Random address type */
591f47f3 3040 return BDADDR_LE_RANDOM;
48264f06 3041 }
0ed09148 3042
4c659c39 3043 default:
0ed09148 3044 /* Fallback to BR/EDR type */
591f47f3 3045 return BDADDR_BREDR;
4c659c39
JH		 3046 }
3047}
3048
04124681
GP		 3049static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3050 u16 data_len)
2784eb41 3051{
2784eb41 3052 struct mgmt_rp_get_connections *rp;
8035ded4 3053 struct hci_conn *c;
a38528f1 3054 size_t rp_len;
60fc5fb6
JH		 3055 int err;
3056 u16 i;
2784eb41
JH		 3057
3058 BT_DBG("");
3059
09fd0de5 3060 hci_dev_lock(hdev);
2784eb41 3061
5f97c1df 3062 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3063 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3064 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3065 goto unlock;
3066 }
3067
60fc5fb6 3068 i = 0;
b644ba33
JH		 3069 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3070 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 3071 i++;
2784eb41
JH		 3072 }
3073
60fc5fb6 3074 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 3075 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 3076 if (!rp) {
2784eb41
JH		 3077 err = -ENOMEM;
3078 goto unlock;
3079 }
3080
2784eb41 3081 i = 0;
4c659c39 3082 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 3083 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3084 continue;
4c659c39 3085 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 3086 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 3087 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 3088 continue;
3089 i++;
3090 }
3091
eb55ef07 3092 rp->conn_count = cpu_to_le16(i);
60fc5fb6 3093
4c659c39
JH		 3094 /* Recalculate length in case of filtered SCO connections, etc */
3095 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 3096
2a1afb5a
JH		 3097 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3098 rp_len);
2784eb41 3099
a38528f1 3100 kfree(rp);
5f97c1df
JH		 3101
3102unlock:
09fd0de5 3103 hci_dev_unlock(hdev);
2784eb41
JH		 3104 return err;
3105}
3106
bdb6d971 3107static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3108 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 3109{
3b0602cd 3110 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 3111 int err;
3112
2e58ef3e 3113 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 3114 sizeof(*cp));
96d97a67
WR		 3115 if (!cmd)
3116 return -ENOMEM;
3117
d8457698 3118 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 3119 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 3120 if (err < 0)
3121 mgmt_pending_remove(cmd);
3122
3123 return err;
3124}
3125
bdb6d971 3126static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3127 u16 len)
980e1a53 3128{
96d97a67 3129 struct hci_conn *conn;
650f726d 3130 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3131 struct hci_cp_pin_code_reply reply;
3b0602cd 3132 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3133 int err;
3134
3135 BT_DBG("");
3136
09fd0de5 3137 hci_dev_lock(hdev);
980e1a53 3138
4b34ee78 3139 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3140 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3141 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3142 goto failed;
3143 }
3144
d8457698 3145 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3146 if (!conn) {
a69e8375
JH		 3147 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3148 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3149 goto failed;
3150 }
3151
3152 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3153 struct mgmt_cp_pin_code_neg_reply ncp;
3154
3155 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3156
3157 BT_ERR("PIN code is not 16 bytes long");
3158
bdb6d971 3159 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3160 if (err >= 0)
a69e8375
JH		 3161 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3162 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3163
3164 goto failed;
3165 }
3166
00abfe44 3167 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3168 if (!cmd) {
3169 err = -ENOMEM;
980e1a53 3170 goto failed;
366a0336 3171 }
980e1a53 3172
7776d1d8
JH		 3173 cmd->cmd_complete = addr_cmd_complete;
3174
d8457698 3175 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3176 reply.pin_len = cp->pin_len;
24718ca5 3177 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3178
3179 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3180 if (err < 0)
a664b5bc 3181 mgmt_pending_remove(cmd);
980e1a53
JH		 3182
3183failed:
09fd0de5 3184 hci_dev_unlock(hdev);
980e1a53
JH		 3185 return err;
3186}
3187
04124681
GP		 3188static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3189 u16 len)
17fa4b9d 3190{
650f726d 3191 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3192
3193 BT_DBG("");
3194
4ec86d4c 3195 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3196 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3197 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 3198
09fd0de5 3199 hci_dev_lock(hdev);
17fa4b9d
JH		 3200
3201 hdev->io_capability = cp->io_capability;
3202
3203 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3204 hdev->io_capability);
17fa4b9d 3205
09fd0de5 3206 hci_dev_unlock(hdev);
17fa4b9d 3207
2a1afb5a
JH		 3208 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3209 NULL, 0);
17fa4b9d
JH		 3210}
3211
3b0602cd 3212static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3213{
3214 struct hci_dev *hdev = conn->hdev;
3b0602cd 3215 struct mgmt_pending_cmd *cmd;
e9a416b5 3216
2e58ef3e 3217 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3218 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3219 continue;
3220
e9a416b5
JH		 3221 if (cmd->user_data != conn)
3222 continue;
3223
3224 return cmd;
3225 }
3226
3227 return NULL;
3228}
3229
3b0602cd 3230static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3231{
3232 struct mgmt_rp_pair_device rp;
3233 struct hci_conn *conn = cmd->user_data;
9df74653 3234 int err;
e9a416b5 3235
61b1a7fb
JH		 3236 bacpy(&rp.addr.bdaddr, &conn->dst);
3237 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3238
2a1afb5a
JH		 3239 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3240 status, &rp, sizeof(rp));
e9a416b5
JH		 3241
3242 /* So we don't get further callbacks for this connection */
3243 conn->connect_cfm_cb = NULL;
3244 conn->security_cfm_cb = NULL;
3245 conn->disconn_cfm_cb = NULL;
3246
76a68ba0 3247 hci_conn_drop(conn);
89cbb063
AA		 3248
3249 /* The device is paired so there is no need to remove
3250 * its connection parameters anymore.
3251 */
3252 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3253
3254 hci_conn_put(conn);
9df74653
JH		 3255
3256 return err;
e9a416b5
JH		 3257}
3258
f4a407be
JH		 3259void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3260{
3261 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3262 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3263
3264 cmd = find_pairing(conn);
a511b35b 3265 if (cmd) {
04ab2749 3266 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3267 mgmt_pending_remove(cmd);
3268 }
f4a407be
JH		 3269}
3270
e9a416b5
JH		 3271static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3272{
3b0602cd 3273 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3274
3275 BT_DBG("status %u", status);
3276
3277 cmd = find_pairing(conn);
a511b35b 3278 if (!cmd) {
e9a416b5 3279 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3280 return;
3281 }
3282
3283 cmd->cmd_complete(cmd, mgmt_status(status));
3284 mgmt_pending_remove(cmd);
e9a416b5
JH		 3285}
3286
f4a407be 3287static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3288{
3b0602cd 3289 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3290
3291 BT_DBG("status %u", status);
3292
3293 if (!status)
3294 return;
3295
3296 cmd = find_pairing(conn);
a511b35b 3297 if (!cmd) {
4c47d739 3298 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3299 return;
3300 }
3301
3302 cmd->cmd_complete(cmd, mgmt_status(status));
3303 mgmt_pending_remove(cmd);
4c47d739
VA		 3304}
3305
bdb6d971 3306static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3307 u16 len)
e9a416b5 3308{
650f726d 3309 struct mgmt_cp_pair_device *cp = data;
1425acb7 3310 struct mgmt_rp_pair_device rp;
3b0602cd 3311 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3312 u8 sec_level, auth_type;
3313 struct hci_conn *conn;
e9a416b5
JH		 3314 int err;
3315
3316 BT_DBG("");
3317
f950a30e
SJ		 3318 memset(&rp, 0, sizeof(rp));
3319 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3320 rp.addr.type = cp->addr.type;
3321
4ee71b20 3322 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3323 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3324 MGMT_STATUS_INVALID_PARAMS,
3325 &rp, sizeof(rp));
4ee71b20 3326
4ec86d4c 3327 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3328 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3329 MGMT_STATUS_INVALID_PARAMS,
3330 &rp, sizeof(rp));
4ec86d4c 3331
09fd0de5 3332 hci_dev_lock(hdev);
e9a416b5 3333
5f97c1df 3334 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3335 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3336 MGMT_STATUS_NOT_POWERED, &rp,
3337 sizeof(rp));
5f97c1df
JH		 3338 goto unlock;
3339 }
3340
55e76b38
JH		 3341 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3342 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3343 MGMT_STATUS_ALREADY_PAIRED, &rp,
3344 sizeof(rp));
3345 goto unlock;
3346 }
3347
c908df36 3348 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3349 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3350
6f77d8c7 3351 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3352 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3353 auth_type);
6f77d8c7
AG		 3354 } else {
3355 u8 addr_type;
3356
3357 /* Convert from L2CAP channel address type to HCI address type
3358 */
3359 if (cp->addr.type == BDADDR_LE_PUBLIC)
3360 addr_type = ADDR_LE_DEV_PUBLIC;
3361 else
3362 addr_type = ADDR_LE_DEV_RANDOM;
3363
7c264b10
MH		 3364 /* When pairing a new device, it is expected to remember
3365 * this device for future connections. Adding the connection
3366 * parameter information ahead of time allows tracking
3367 * of the slave preferred values and will speed up any
3368 * further connection establishment.
3369 *
3370 * If connection parameters already exist, then they
3371 * will be kept and this function does nothing.
3372 */
3373 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3374
6f77d8c7 3375 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3376 sec_level, HCI_LE_CONN_TIMEOUT,
3377 HCI_ROLE_MASTER);
6f77d8c7 3378 }
7a512d01 3379
30e76272 3380 if (IS_ERR(conn)) {
489dc48e
AK		 3381 int status;
3382
3383 if (PTR_ERR(conn) == -EBUSY)
3384 status = MGMT_STATUS_BUSY;
faa81030
LR		 3385 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3386 status = MGMT_STATUS_NOT_SUPPORTED;
3387 else if (PTR_ERR(conn) == -ECONNREFUSED)
3388 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3389 else
3390 status = MGMT_STATUS_CONNECT_FAILED;
3391
2a1afb5a
JH		 3392 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3393 status, &rp, sizeof(rp));
e9a416b5
JH		 3394 goto unlock;
3395 }
3396
3397 if (conn->connect_cfm_cb) {
76a68ba0 3398 hci_conn_drop(conn);
2a1afb5a
JH		 3399 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3400 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3401 goto unlock;
3402 }
3403
2e58ef3e 3404 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3405 if (!cmd) {
3406 err = -ENOMEM;
76a68ba0 3407 hci_conn_drop(conn);
e9a416b5
JH		 3408 goto unlock;
3409 }
3410
04ab2749
JH		 3411 cmd->cmd_complete = pairing_complete;
3412
7a512d01 3413 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3414 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3415 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3416 conn->security_cfm_cb = pairing_complete_cb;
3417 conn->disconn_cfm_cb = pairing_complete_cb;
3418 } else {
3419 conn->connect_cfm_cb = le_pairing_complete_cb;
3420 conn->security_cfm_cb = le_pairing_complete_cb;
3421 conn->disconn_cfm_cb = le_pairing_complete_cb;
3422 }
7a512d01 3423
e9a416b5 3424 conn->io_capability = cp->io_cap;
f8aaf9b6 3425 cmd->user_data = hci_conn_get(conn);
e9a416b5 3426
6f78fd4b 3427 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3428 hci_conn_security(conn, sec_level, auth_type, true)) {
3429 cmd->cmd_complete(cmd, 0);
3430 mgmt_pending_remove(cmd);
3431 }
e9a416b5
JH		 3432
3433 err = 0;
3434
3435unlock:
09fd0de5 3436 hci_dev_unlock(hdev);
e9a416b5
JH		 3437 return err;
3438}
3439
04124681
GP		 3440static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3441 u16 len)
28424707 3442{
0f4e68cf 3443 struct mgmt_addr_info *addr = data;
3b0602cd 3444 struct mgmt_pending_cmd *cmd;
28424707
JH		 3445 struct hci_conn *conn;
3446 int err;
3447
3448 BT_DBG("");
3449
28424707
JH		 3450 hci_dev_lock(hdev);
3451
5f97c1df 3452 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3453 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3454 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3455 goto unlock;
3456 }
3457
28424707
JH		 3458 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3459 if (!cmd) {
a69e8375
JH		 3460 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3461 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3462 goto unlock;
3463 }
3464
3465 conn = cmd->user_data;
3466
3467 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3468 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3469 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3470 goto unlock;
3471 }
3472
a511b35b
JH		 3473 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3474 mgmt_pending_remove(cmd);
28424707 3475
2a1afb5a
JH		 3476 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3477 addr, sizeof(*addr));
28424707
JH		 3478unlock:
3479 hci_dev_unlock(hdev);
28424707
JH		 3480 return err;
3481}
3482
bdb6d971 3483static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3484 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3485 u16 hci_op, __le32 passkey)
a5c29683 3486{
3b0602cd 3487 struct mgmt_pending_cmd *cmd;
0df4c185 3488 struct hci_conn *conn;
a5c29683
JH		 3489 int err;
3490
09fd0de5 3491 hci_dev_lock(hdev);
08ba5382 3492
4b34ee78 3493 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3494 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3495 MGMT_STATUS_NOT_POWERED, addr,
3496 sizeof(*addr));
0df4c185 3497 goto done;
a5c29683
JH		 3498 }
3499
1707c60e
JH		 3500 if (addr->type == BDADDR_BREDR)
3501 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3502 else
1707c60e 3503 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3504
3505 if (!conn) {
2a1afb5a
JH		 3506 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3507 MGMT_STATUS_NOT_CONNECTED, addr,
3508 sizeof(*addr));
272d90df
JH		 3509 goto done;
3510 }
47c15e2b 3511
1707c60e 3512 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3513 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3514 if (!err)
2a1afb5a
JH		 3515 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3516 MGMT_STATUS_SUCCESS, addr,
3517 sizeof(*addr));
5fe57d9e 3518 else
2a1afb5a
JH		 3519 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3520 MGMT_STATUS_FAILED, addr,
3521 sizeof(*addr));
47c15e2b 3522
47c15e2b
BG		 3523 goto done;
3524 }
3525
1707c60e 3526 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3527 if (!cmd) {
3528 err = -ENOMEM;
0df4c185 3529 goto done;
a5c29683
JH		 3530 }
3531
7776d1d8
JH		 3532 cmd->cmd_complete = addr_cmd_complete;
3533
0df4c185 3534 /* Continue with pairing via HCI */
604086b7
BG		 3535 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3536 struct hci_cp_user_passkey_reply cp;
3537
1707c60e 3538 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3539 cp.passkey = passkey;
3540 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3541 } else
1707c60e
JH		 3542 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3543 &addr->bdaddr);
604086b7 3544
a664b5bc
JH		 3545 if (err < 0)
3546 mgmt_pending_remove(cmd);
a5c29683 3547
0df4c185 3548done:
09fd0de5 3549 hci_dev_unlock(hdev);
a5c29683
JH		 3550 return err;
3551}
3552
afeb019d
JK		 3553static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3554 void *data, u16 len)
3555{
3556 struct mgmt_cp_pin_code_neg_reply *cp = data;
3557
3558 BT_DBG("");
3559
1707c60e 3560 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3561 MGMT_OP_PIN_CODE_NEG_REPLY,
3562 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3563}
3564
04124681
GP		 3565static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3566 u16 len)
0df4c185 3567{
650f726d 3568 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3569
3570 BT_DBG("");
3571
3572 if (len != sizeof(*cp))
a69e8375
JH		 3573 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3574 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3575
1707c60e 3576 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3577 MGMT_OP_USER_CONFIRM_REPLY,
3578 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3579}
3580
bdb6d971 3581static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3582 void *data, u16 len)
0df4c185 3583{
c9c2659f 3584 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3585
3586 BT_DBG("");
3587
1707c60e 3588 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3589 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3590 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3591}
3592
04124681
GP		 3593static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3594 u16 len)
604086b7 3595{
650f726d 3596 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3597
3598 BT_DBG("");
3599
1707c60e 3600 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3601 MGMT_OP_USER_PASSKEY_REPLY,
3602 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3603}
3604
bdb6d971 3605static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3606 void *data, u16 len)
604086b7 3607{
650f726d 3608 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3609
3610 BT_DBG("");
3611
1707c60e 3612 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3613 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3614 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3615}
3616
13928971 3617static void update_name(struct hci_request *req)
2b4bf397 3618{
13928971 3619 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3620 struct hci_cp_write_local_name cp;
3621
13928971 3622 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3623
890ea898 3624 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3625}
3626
1904a853 3627static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3628{
3629 struct mgmt_cp_set_local_name *cp;
3b0602cd 3630 struct mgmt_pending_cmd *cmd;
13928971
JH		 3631
3632 BT_DBG("status 0x%02x", status);
3633
3634 hci_dev_lock(hdev);
3635
3636 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3637 if (!cmd)
3638 goto unlock;
3639
3640 cp = cmd->param;
3641
3642 if (status)
a69e8375
JH		 3643 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3644 mgmt_status(status));
13928971 3645 else
2a1afb5a
JH		 3646 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3647 cp, sizeof(*cp));
13928971
JH		 3648
3649 mgmt_pending_remove(cmd);
3650
3651unlock:
3652 hci_dev_unlock(hdev);
3653}
3654
bdb6d971 3655static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3656 u16 len)
b312b161 3657{
2b4bf397 3658 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3659 struct mgmt_pending_cmd *cmd;
890ea898 3660 struct hci_request req;
b312b161
JH		 3661 int err;
3662
3663 BT_DBG("");
3664
09fd0de5 3665 hci_dev_lock(hdev);
b312b161 3666
b3f2ca94
JH		 3667 /* If the old values are the same as the new ones just return a
3668 * direct command complete event.
3669 */
3670 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3671 !memcmp(hdev->short_name, cp->short_name,
3672 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3673 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3674 data, len);
b3f2ca94
JH		 3675 goto failed;
3676 }
3677
2b4bf397 3678 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3679
b5235a65 3680 if (!hdev_is_powered(hdev)) {
2b4bf397 3681 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3682
2a1afb5a
JH		 3683 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3684 data, len);
28cc7bde
JH		 3685 if (err < 0)
3686 goto failed;
3687
f6b7712e
MH		 3688 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3689 data, len, sk);
28cc7bde 3690
b5235a65
JH		 3691 goto failed;
3692 }
3693
28cc7bde 3694 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3695 if (!cmd) {
3696 err = -ENOMEM;
3697 goto failed;
3698 }
3699
13928971
JH		 3700 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3701
890ea898 3702 hci_req_init(&req, hdev);
3f985050
JH		 3703
3704 if (lmp_bredr_capable(hdev)) {
3705 update_name(&req);
3706 update_eir(&req);
3707 }
3708
7a5f4990
MH		 3709 /* The name is stored in the scan response data and so
3710 * no need to udpate the advertising data here.
3711 */
3f985050 3712 if (lmp_le_capable(hdev))
7a5f4990 3713 update_scan_rsp_data(&req);
3f985050 3714
13928971 3715 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3716 if (err < 0)
3717 mgmt_pending_remove(cmd);
3718
3719failed:
09fd0de5 3720 hci_dev_unlock(hdev);
b312b161
JH		 3721 return err;
3722}
3723
0f4e68cf 3724static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3725 void *data, u16 data_len)
c35938b2 3726{
3b0602cd 3727 struct mgmt_pending_cmd *cmd;
c35938b2
SJ		 3728 int err;
3729
bdb6d971 3730 BT_DBG("%s", hdev->name);
c35938b2 3731
09fd0de5 3732 hci_dev_lock(hdev);
c35938b2 3733
4b34ee78 3734 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3735 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3736 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3737 goto unlock;
3738 }
3739
9a1a1996 3740 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3741 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3742 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3743 goto unlock;
3744 }
3745
2e58ef3e 3746 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3747 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3748 MGMT_STATUS_BUSY);
c35938b2
SJ		 3749 goto unlock;
3750 }
3751
2e58ef3e 3752 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3753 if (!cmd) {
3754 err = -ENOMEM;
3755 goto unlock;
3756 }
3757
710f11c0 3758 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3759 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3760 0, NULL);
3761 else
3762 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3763
c35938b2
SJ		 3764 if (err < 0)
3765 mgmt_pending_remove(cmd);
3766
3767unlock:
09fd0de5 3768 hci_dev_unlock(hdev);
c35938b2
SJ		 3769 return err;
3770}
3771
bdb6d971 3772static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3773 void *data, u16 len)
2763eda6 3774{
5d57e796 3775 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3776 int err;
3777
bdb6d971 3778 BT_DBG("%s ", hdev->name);
2763eda6 3779
5d57e796 3780 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3781 return mgmt_cmd_complete(sk, hdev->id,
3782 MGMT_OP_ADD_REMOTE_OOB_DATA,
3783 MGMT_STATUS_INVALID_PARAMS,
3784 addr, sizeof(*addr));
5d57e796 3785
09fd0de5 3786 hci_dev_lock(hdev);
2763eda6 3787
ec109113
MH		 3788 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3789 struct mgmt_cp_add_remote_oob_data *cp = data;
3790 u8 status;
bf1e3541 3791
c19a495c 3792 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3793 err = mgmt_cmd_complete(sk, hdev->id,
3794 MGMT_OP_ADD_REMOTE_OOB_DATA,
3795 MGMT_STATUS_INVALID_PARAMS,
3796 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3797 goto unlock;
3798 }
3799
ec109113 3800 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3801 cp->addr.type, cp->hash,
3802 cp->rand, NULL, NULL);
ec109113
MH		 3803 if (err < 0)
3804 status = MGMT_STATUS_FAILED;
3805 else
3806 status = MGMT_STATUS_SUCCESS;
3807
2a1afb5a
JH		 3808 err = mgmt_cmd_complete(sk, hdev->id,
3809 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3810 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3811 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3812 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3813 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3814 u8 status;
3815
86df9200 3816 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3817 /* Enforce zero-valued 192-bit parameters as
3818 * long as legacy SMP OOB isn't implemented.
3819 */
3820 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3821 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3822 err = mgmt_cmd_complete(sk, hdev->id,
3823 MGMT_OP_ADD_REMOTE_OOB_DATA,
3824 MGMT_STATUS_INVALID_PARAMS,
3825 addr, sizeof(*addr));
d25b78e2
JH		 3826 goto unlock;
3827 }
3828
86df9200
JH		 3829 rand192 = NULL;
3830 hash192 = NULL;
3831 } else {
41bcfd50
MH		 3832 /* In case one of the P-192 values is set to zero,
3833 * then just disable OOB data for P-192.
3834 */
3835 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3836 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3837 rand192 = NULL;
3838 hash192 = NULL;
3839 } else {
3840 rand192 = cp->rand192;
3841 hash192 = cp->hash192;
3842 }
3843 }
3844
3845 /* In case one of the P-256 values is set to zero, then just
3846 * disable OOB data for P-256.
3847 */
3848 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3849 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3850 rand256 = NULL;
3851 hash256 = NULL;
3852 } else {
3853 rand256 = cp->rand256;
3854 hash256 = cp->hash256;
86df9200
JH		 3855 }
3856
81328d5c 3857 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3858 cp->addr.type, hash192, rand192,
41bcfd50 3859 hash256, rand256);
ec109113
MH		 3860 if (err < 0)
3861 status = MGMT_STATUS_FAILED;
3862 else
3863 status = MGMT_STATUS_SUCCESS;
3864
2a1afb5a
JH		 3865 err = mgmt_cmd_complete(sk, hdev->id,
3866 MGMT_OP_ADD_REMOTE_OOB_DATA,
3867 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3868 } else {
3869 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3870 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3871 MGMT_STATUS_INVALID_PARAMS);
ec109113 3872 }
2763eda6 3873
c19a495c 3874unlock:
09fd0de5 3875 hci_dev_unlock(hdev);
2763eda6
SJ		 3876 return err;
3877}
3878
bdb6d971 3879static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3880 void *data, u16 len)
2763eda6 3881{
650f726d 3882 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3883 u8 status;
2763eda6
SJ		 3884 int err;
3885
bdb6d971 3886 BT_DBG("%s", hdev->name);
2763eda6 3887
c19a495c 3888 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3889 return mgmt_cmd_complete(sk, hdev->id,
3890 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3891 MGMT_STATUS_INVALID_PARAMS,
3892 &cp->addr, sizeof(cp->addr));
c19a495c 3893
09fd0de5 3894 hci_dev_lock(hdev);
2763eda6 3895
eedbd581
JH		 3896 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3897 hci_remote_oob_data_clear(hdev);
3898 status = MGMT_STATUS_SUCCESS;
3899 goto done;
3900 }
3901
6928a924 3902 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3903 if (err < 0)
bf1e3541 3904 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3905 else
a6785be2 3906 status = MGMT_STATUS_SUCCESS;
bf1e3541 3907
eedbd581 3908done:
2a1afb5a
JH		 3909 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3910 status, &cp->addr, sizeof(cp->addr));
2763eda6 3911
09fd0de5 3912 hci_dev_unlock(hdev);
2763eda6
SJ		 3913 return err;
3914}
3915
8019044d 3916static bool trigger_discovery(struct hci_request *req, u8 *status)
41dc2bd6 3917{
8019044d
MH		 3918 struct hci_dev *hdev = req->hdev;
3919 struct hci_cp_le_set_scan_param param_cp;
3920 struct hci_cp_le_set_scan_enable enable_cp;
3921 struct hci_cp_inquiry inq_cp;
3922 /* General inquiry access code (GIAC) */
3923 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3924 u8 own_addr_type;
41dc2bd6
AG		 3925 int err;
3926
8019044d
MH		 3927 switch (hdev->discovery.type) {
3928 case DISCOV_TYPE_BREDR:
3929 *status = mgmt_bredr_support(hdev);
3930 if (*status)
3931 return false;
41dc2bd6 3932
8019044d
MH		 3933 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3934 *status = MGMT_STATUS_BUSY;
3935 return false;
3936 }
41dc2bd6 3937
8019044d 3938 hci_inquiry_cache_flush(hdev);
41dc2bd6 3939
8019044d
MH		 3940 memset(&inq_cp, 0, sizeof(inq_cp));
3941 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3942 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3943 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3944 break;
41dc2bd6 3945
8019044d
MH		 3946 case DISCOV_TYPE_LE:
3947 case DISCOV_TYPE_INTERLEAVED:
3948 *status = mgmt_le_support(hdev);
3949 if (*status)
3950 return false;
3951
3952 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
d7a5a11d 3953 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
8019044d
MH		 3954 *status = MGMT_STATUS_NOT_SUPPORTED;
3955 return false;
3956 }
3957
d7a5a11d 3958 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
8019044d
MH		 3959 /* Don't let discovery abort an outgoing
3960 * connection attempt that's using directed
3961 * advertising.
3962 */
3963 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3964 BT_CONNECT)) {
3965 *status = MGMT_STATUS_REJECTED;
3966 return false;
3967 }
3968
3969 disable_advertising(req);
3970 }
3971
3972 /* If controller is scanning, it means the background scanning
3973 * is running. Thus, we should temporarily stop it in order to
3974 * set the discovery scanning parameters.
3975 */
d7a5a11d 3976 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
8019044d
MH		 3977 hci_req_add_le_scan_disable(req);
3978
3979 memset(&param_cp, 0, sizeof(param_cp));
3980
3981 /* All active scans will be done with either a resolvable
3982 * private address (when privacy feature has been enabled)
9437d2ed 3983 * or non-resolvable private address.
8019044d
MH		 3984 */
3985 err = hci_update_random_address(req, true, &own_addr_type);
3986 if (err < 0) {
3987 *status = MGMT_STATUS_FAILED;
3988 return false;
3989 }
3990
3991 param_cp.type = LE_SCAN_ACTIVE;
3992 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3993 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3994 param_cp.own_address_type = own_addr_type;
3995 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3996 &param_cp);
3997
3998 memset(&enable_cp, 0, sizeof(enable_cp));
3999 enable_cp.enable = LE_SCAN_ENABLE;
4000 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
4001 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
4002 &enable_cp);
4003 break;
4004
4005 default:
4006 *status = MGMT_STATUS_INVALID_PARAMS;
4007 return false;
4008 }
4009
4010 return true;
41dc2bd6
AG		 4011}
4012
1904a853
MH		 4013static void start_discovery_complete(struct hci_dev *hdev, u8 status,
4014 u16 opcode)
7c307720 4015{
3b0602cd 4016 struct mgmt_pending_cmd *cmd;
11e6e25d 4017 unsigned long timeout;
ae55f598 4018
7c307720
AG		 4019 BT_DBG("status %d", status);
4020
11e6e25d 4021 hci_dev_lock(hdev);
41dc2bd6 4022
11e6e25d 4023 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427
JP		 4024 if (!cmd)
4025 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
4026
11e6e25d 4027 if (cmd) {
2922a94f 4028 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 4029 mgmt_pending_remove(cmd);
4030 }
7c307720
AG		 4031
4032 if (status) {
11e6e25d
MH		 4033 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4034 goto unlock;
7c307720
AG		 4035 }
4036
7c307720 4037 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720 4038
2d28cfe7
JP		 4039 /* If the scan involves LE scan, pick proper timeout to schedule
4040 * hdev->le_scan_disable that will stop it.
4041 */
7c307720
AG		 4042 switch (hdev->discovery.type) {
4043 case DISCOV_TYPE_LE:
3d5a76f0 4044 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 4045 break;
7c307720 4046 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 4047 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 4048 break;
7c307720 4049 case DISCOV_TYPE_BREDR:
11e6e25d 4050 timeout = 0;
7c307720 4051 break;
7c307720
AG		 4052 default:
4053 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 4054 timeout = 0;
4055 break;
7c307720 4056 }
ae55f598 4057
2d28cfe7
JP		 4058 if (timeout) {
4059 /* When service discovery is used and the controller has
4060 * a strict duplicate filter, it is important to remember
4061 * the start and duration of the scan. This is required
4062 * for restarting scanning during the discovery phase.
4063 */
4064 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
4065 &hdev->quirks) &&
82f8b651 4066 hdev->discovery.result_filtering) {
2d28cfe7
JP		 4067 hdev->discovery.scan_start = jiffies;
4068 hdev->discovery.scan_duration = timeout;
4069 }
4070
11e6e25d
MH		 4071 queue_delayed_work(hdev->workqueue,
4072 &hdev->le_scan_disable, timeout);
2d28cfe7 4073 }
ae55f598 4074
11e6e25d
MH		 4075unlock:
4076 hci_dev_unlock(hdev);
7c307720
AG		 4077}
4078
bdb6d971 4079static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 4080 void *data, u16 len)
14a53664 4081{
650f726d 4082 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 4083 struct mgmt_pending_cmd *cmd;
7c307720 4084 struct hci_request req;
8019044d 4085 u8 status;
14a53664
JH		 4086 int err;
4087
bdb6d971 4088 BT_DBG("%s", hdev->name);
14a53664 4089
09fd0de5 4090 hci_dev_lock(hdev);
14a53664 4091
4b34ee78 4092 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4093 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4094 MGMT_STATUS_NOT_POWERED,
4095 &cp->type, sizeof(cp->type));
bd2d1334
JH		 4096 goto failed;
4097 }
4098
f5a969f2 4099 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4100 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4101 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4102 MGMT_STATUS_BUSY, &cp->type,
4103 sizeof(cp->type));
642be6c7
AG		 4104 goto failed;
4105 }
4106
2922a94f 4107 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 4108 if (!cmd) {
4109 err = -ENOMEM;
4110 goto failed;
4111 }
4112
2922a94f
JH		 4113 cmd->cmd_complete = generic_cmd_complete;
4114
22078800
MH		 4115 /* Clear the discovery filter first to free any previously
4116 * allocated memory for the UUID list.
4117 */
4118 hci_discovery_filter_clear(hdev);
4119
4aab14e5 4120 hdev->discovery.type = cp->type;
da25cf6a 4121 hdev->discovery.report_invalid_rssi = false;
4aab14e5 4122
7c307720
AG		 4123 hci_req_init(&req, hdev);
4124
8019044d 4125 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4126 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4127 status, &cp->type, sizeof(cp->type));
04106755
JH		 4128 mgmt_pending_remove(cmd);
4129 goto failed;
f39799f5 4130 }
04106755 4131
7c307720 4132 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 4133 if (err < 0) {
14a53664 4134 mgmt_pending_remove(cmd);
f5a969f2
MH		 4135 goto failed;
4136 }
7c307720 4137
f5a969f2 4138 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 4139
14a53664 4140failed:
09fd0de5 4141 hci_dev_unlock(hdev);
14a53664
JH		 4142 return err;
4143}
f39799f5 4144
3b0602cd
JH		 4145static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4146 u8 status)
2922a94f 4147{
2a1afb5a
JH		 4148 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4149 cmd->param, 1);
2922a94f 4150}
04106755 4151
66ea9427
JP		 4152static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4153 void *data, u16 len)
4154{
4155 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 4156 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 4157 struct hci_request req;
4158 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4159 u16 uuid_count, expected_len;
4160 u8 status;
4161 int err;
04106755 4162
66ea9427 4163 BT_DBG("%s", hdev->name);
e8bb6b97 4164
66ea9427 4165 hci_dev_lock(hdev);
7c307720 4166
66ea9427 4167 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4168 err = mgmt_cmd_complete(sk, hdev->id,
4169 MGMT_OP_START_SERVICE_DISCOVERY,
4170 MGMT_STATUS_NOT_POWERED,
4171 &cp->type, sizeof(cp->type));
66ea9427
JP		 4172 goto failed;
4173 }
7c307720 4174
66ea9427 4175 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4176 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4177 err = mgmt_cmd_complete(sk, hdev->id,
4178 MGMT_OP_START_SERVICE_DISCOVERY,
4179 MGMT_STATUS_BUSY, &cp->type,
4180 sizeof(cp->type));
66ea9427
JP		 4181 goto failed;
4182 }
d9483943 4183
66ea9427
JP		 4184 uuid_count = __le16_to_cpu(cp->uuid_count);
4185 if (uuid_count > max_uuid_count) {
4186 BT_ERR("service_discovery: too big uuid_count value %u",
4187 uuid_count);
2a1afb5a
JH		 4188 err = mgmt_cmd_complete(sk, hdev->id,
4189 MGMT_OP_START_SERVICE_DISCOVERY,
4190 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4191 sizeof(cp->type));
66ea9427
JP		 4192 goto failed;
4193 }
4194
4195 expected_len = sizeof(*cp) + uuid_count * 16;
4196 if (expected_len != len) {
4197 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4198 expected_len, len);
2a1afb5a
JH		 4199 err = mgmt_cmd_complete(sk, hdev->id,
4200 MGMT_OP_START_SERVICE_DISCOVERY,
4201 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4202 sizeof(cp->type));
66ea9427
JP		 4203 goto failed;
4204 }
4205
4206 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4207 hdev, data, len);
66ea9427
JP		 4208 if (!cmd) {
4209 err = -ENOMEM;
4210 goto failed;
4211 }
4212
2922a94f
JH		 4213 cmd->cmd_complete = service_discovery_cmd_complete;
4214
22078800
MH		 4215 /* Clear the discovery filter first to free any previously
4216 * allocated memory for the UUID list.
4217 */
4218 hci_discovery_filter_clear(hdev);
4219
82f8b651 4220 hdev->discovery.result_filtering = true;
66ea9427
JP		 4221 hdev->discovery.type = cp->type;
4222 hdev->discovery.rssi = cp->rssi;
4223 hdev->discovery.uuid_count = uuid_count;
4224
4225 if (uuid_count > 0) {
4226 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4227 GFP_KERNEL);
4228 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4229 err = mgmt_cmd_complete(sk, hdev->id,
4230 MGMT_OP_START_SERVICE_DISCOVERY,
4231 MGMT_STATUS_FAILED,
4232 &cp->type, sizeof(cp->type));
d9483943
JH		 4233 mgmt_pending_remove(cmd);
4234 goto failed;
4235 }
66ea9427 4236 }
d9483943 4237
66ea9427 4238 hci_req_init(&req, hdev);
5e0452c0 4239
66ea9427 4240 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4241 err = mgmt_cmd_complete(sk, hdev->id,
4242 MGMT_OP_START_SERVICE_DISCOVERY,
4243 status, &cp->type, sizeof(cp->type));
04106755
JH		 4244 mgmt_pending_remove(cmd);
4245 goto failed;
f39799f5 4246 }
3fd24153 4247
7c307720 4248 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4249 if (err < 0) {
14a53664 4250 mgmt_pending_remove(cmd);
66ea9427
JP		 4251 goto failed;
4252 }
4253
4254 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4255
4256failed:
09fd0de5 4257 hci_dev_unlock(hdev);
14a53664
JH		 4258 return err;
4259}
4260
1904a853 4261static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1183fdca 4262{
3b0602cd 4263 struct mgmt_pending_cmd *cmd;
1183fdca 4264
0e05bba6
AG		 4265 BT_DBG("status %d", status);
4266
4267 hci_dev_lock(hdev);
4268
11e6e25d
MH		 4269 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4270 if (cmd) {
2922a94f 4271 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4272 mgmt_pending_remove(cmd);
0e05bba6
AG		 4273 }
4274
11e6e25d
MH		 4275 if (!status)
4276 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4277
0e05bba6
AG		 4278 hci_dev_unlock(hdev);
4279}
4280
bdb6d971 4281static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4282 u16 len)
14a53664 4283{
d930650b 4284 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4285 struct mgmt_pending_cmd *cmd;
0e05bba6 4286 struct hci_request req;
14a53664
JH		 4287 int err;
4288
bdb6d971 4289 BT_DBG("%s", hdev->name);
14a53664 4290
09fd0de5 4291 hci_dev_lock(hdev);
14a53664 4292
30dc78e1 4293 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4294 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4295 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4296 sizeof(mgmt_cp->type));
d930650b
JH		 4297 goto unlock;
4298 }
4299
4300 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4301 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4302 MGMT_STATUS_INVALID_PARAMS,
4303 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4304 goto unlock;
ff9ef578
JH		 4305 }
4306
2922a94f 4307 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4308 if (!cmd) {
4309 err = -ENOMEM;
30dc78e1
JH		 4310 goto unlock;
4311 }
4312
2922a94f
JH		 4313 cmd->cmd_complete = generic_cmd_complete;
4314
0e05bba6
AG		 4315 hci_req_init(&req, hdev);
4316
21a60d30 4317 hci_stop_discovery(&req);
e0d9727e 4318
21a60d30
JH		 4319 err = hci_req_run(&req, stop_discovery_complete);
4320 if (!err) {
4321 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4322 goto unlock;
14a53664
JH		 4323 }
4324
21a60d30
JH		 4325 mgmt_pending_remove(cmd);
4326
4327 /* If no HCI commands were sent we're done */
4328 if (err == -ENODATA) {
2a1afb5a
JH		 4329 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4330 &mgmt_cp->type, sizeof(mgmt_cp->type));
21a60d30
JH		 4331 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4332 }
14a53664 4333
30dc78e1 4334unlock:
09fd0de5 4335 hci_dev_unlock(hdev);
14a53664
JH		 4336 return err;
4337}
4338
bdb6d971 4339static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4340 u16 len)
561aafbc 4341{
650f726d 4342 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4343 struct inquiry_entry *e;
561aafbc
JH		 4344 int err;
4345
bdb6d971 4346 BT_DBG("%s", hdev->name);
561aafbc 4347
561aafbc
JH		 4348 hci_dev_lock(hdev);
4349
30dc78e1 4350 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4351 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4352 MGMT_STATUS_FAILED, &cp->addr,
4353 sizeof(cp->addr));
30dc78e1
JH		 4354 goto failed;
4355 }
4356
a198e7b1 4357 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4358 if (!e) {
2a1afb5a
JH		 4359 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4360 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4361 sizeof(cp->addr));
561aafbc
JH		 4362 goto failed;
4363 }
4364
4365 if (cp->name_known) {
4366 e->name_state = NAME_KNOWN;
4367 list_del(&e->list);
4368 } else {
4369 e->name_state = NAME_NEEDED;
a3d4e20a 4370 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4371 }
4372
2a1afb5a
JH		 4373 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4374 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4375
4376failed:
4377 hci_dev_unlock(hdev);
561aafbc
JH		 4378 return err;
4379}
4380
bdb6d971 4381static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4382 u16 len)
7fbec224 4383{
650f726d 4384 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4385 u8 status;
7fbec224
AJ		 4386 int err;
4387
bdb6d971 4388 BT_DBG("%s", hdev->name);
7fbec224 4389
4ee71b20 4390 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4391 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4392 MGMT_STATUS_INVALID_PARAMS,
4393 &cp->addr, sizeof(cp->addr));
4ee71b20 4394
09fd0de5 4395 hci_dev_lock(hdev);
5e762444 4396
dcc36c16
JH		 4397 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4398 cp->addr.type);
2a8357f2 4399 if (err < 0) {
f0eeea8b 4400 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4401 goto done;
4402 }
4403
4404 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4405 sk);
4406 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4407
2a8357f2 4408done:
2a1afb5a
JH		 4409 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4410 &cp->addr, sizeof(cp->addr));
5e762444 4411
09fd0de5 4412 hci_dev_unlock(hdev);
7fbec224
AJ		 4413
4414 return err;
4415}
4416
bdb6d971 4417static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4418 u16 len)
7fbec224 4419{
650f726d 4420 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4421 u8 status;
7fbec224
AJ		 4422 int err;
4423
bdb6d971 4424 BT_DBG("%s", hdev->name);
7fbec224 4425
4ee71b20 4426 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4427 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4428 MGMT_STATUS_INVALID_PARAMS,
4429 &cp->addr, sizeof(cp->addr));
4ee71b20 4430
09fd0de5 4431 hci_dev_lock(hdev);
5e762444 4432
dcc36c16
JH		 4433 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4434 cp->addr.type);
2a8357f2 4435 if (err < 0) {
f0eeea8b 4436 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4437 goto done;
4438 }
4439
4440 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4441 sk);
4442 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4443
2a8357f2 4444done:
2a1afb5a
JH		 4445 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4446 &cp->addr, sizeof(cp->addr));
5e762444 4447
09fd0de5 4448 hci_dev_unlock(hdev);
7fbec224
AJ		 4449
4450 return err;
4451}
4452
cdbaccca
MH		 4453static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4454 u16 len)
4455{
4456 struct mgmt_cp_set_device_id *cp = data;
890ea898 4457 struct hci_request req;
cdbaccca 4458 int err;
c72d4b8a 4459 __u16 source;
cdbaccca
MH		 4460
4461 BT_DBG("%s", hdev->name);
4462
c72d4b8a
SJ		 4463 source = __le16_to_cpu(cp->source);
4464
4465 if (source > 0x0002)
a69e8375
JH		 4466 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4467 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4468
cdbaccca
MH		 4469 hci_dev_lock(hdev);
4470
c72d4b8a 4471 hdev->devid_source = source;
cdbaccca
MH		 4472 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4473 hdev->devid_product = __le16_to_cpu(cp->product);
4474 hdev->devid_version = __le16_to_cpu(cp->version);
4475
2a1afb5a
JH		 4476 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4477 NULL, 0);
cdbaccca 4478
890ea898
JH		 4479 hci_req_init(&req, hdev);
4480 update_eir(&req);
4481 hci_req_run(&req, NULL);
cdbaccca
MH		 4482
4483 hci_dev_unlock(hdev);
4484
4485 return err;
4486}
4487
1904a853
MH		 4488static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4489 u16 opcode)
4375f103
JH		 4490{
4491 struct cmd_lookup match = { NULL, hdev };
4492
3ad67582
JK		 4493 hci_dev_lock(hdev);
4494
4375f103
JH		 4495 if (status) {
4496 u8 mgmt_err = mgmt_status(status);
4497
4498 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4499 cmd_status_rsp, &mgmt_err);
3ad67582 4500 goto unlock;
4375f103
JH		 4501 }
4502
d7a5a11d 4503 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 4504 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 4505 else
a358dc11 4506 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 4507
4375f103
JH		 4508 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4509 &match);
4510
4511 new_settings(hdev, match.sk);
4512
4513 if (match.sk)
4514 sock_put(match.sk);
3ad67582
JK		 4515
4516unlock:
4517 hci_dev_unlock(hdev);
4375f103
JH		 4518}
4519
21b5187f
MH		 4520static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4521 u16 len)
4375f103
JH		 4522{
4523 struct mgmt_mode *cp = data;
3b0602cd 4524 struct mgmt_pending_cmd *cmd;
4375f103 4525 struct hci_request req;
cc91cb04 4526 u8 val, status;
4375f103
JH		 4527 int err;
4528
4529 BT_DBG("request for %s", hdev->name);
4530
e6fe7986
JH		 4531 status = mgmt_le_support(hdev);
4532 if (status)
a69e8375
JH		 4533 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4534 status);
4375f103 4535
cc91cb04 4536 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4537 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4538 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4539
4540 hci_dev_lock(hdev);
4541
4542 val = !!cp->val;
4375f103 4543
f74ca9b8
JH		 4544 /* The following conditions are ones which mean that we should
4545 * not do any HCI communication but directly send a mgmt
4546 * response to user space (after toggling the flag if
4547 * necessary).
4548 */
cc91cb04 4549 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 4550 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4551 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 4552 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 4553 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 4554 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 4555 bool changed;
4375f103 4556
cc91cb04 4557 if (cp->val) {
238be788 4558 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 4559 if (cp->val == 0x02)
a1536da2 4560 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4561 else
a358dc11 4562 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4563 } else {
a69d8927 4564 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 4565 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 4566 }
4567
4568 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4569 if (err < 0)
4570 goto unlock;
4571
4572 if (changed)
4573 err = new_settings(hdev, sk);
4574
4575 goto unlock;
4576 }
4577
4578 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4579 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4580 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4581 MGMT_STATUS_BUSY);
4375f103
JH		 4582 goto unlock;
4583 }
4584
4585 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4586 if (!cmd) {
4587 err = -ENOMEM;
4588 goto unlock;
4589 }
4590
4591 hci_req_init(&req, hdev);
4592
cc91cb04 4593 if (cp->val == 0x02)
a1536da2 4594 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4595 else
a358dc11 4596 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4597
bba3aa55
MH		 4598 if (val)
4599 enable_advertising(&req);
4600 else
4601 disable_advertising(&req);
4375f103
JH		 4602
4603 err = hci_req_run(&req, set_advertising_complete);
4604 if (err < 0)
4605 mgmt_pending_remove(cmd);
4606
4607unlock:
4608 hci_dev_unlock(hdev);
4609 return err;
4610}
4611
d13eafce
MH		 4612static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4613 void *data, u16 len)
4614{
4615 struct mgmt_cp_set_static_address *cp = data;
4616 int err;
4617
4618 BT_DBG("%s", hdev->name);
4619
62af4443 4620 if (!lmp_le_capable(hdev))
a69e8375
JH		 4621 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4622 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4623
4624 if (hdev_is_powered(hdev))
a69e8375
JH		 4625 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4626 MGMT_STATUS_REJECTED);
d13eafce
MH		 4627
4628 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4629 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4630 return mgmt_cmd_status(sk, hdev->id,
4631 MGMT_OP_SET_STATIC_ADDRESS,
4632 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4633
4634 /* Two most significant bits shall be set */
4635 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4636 return mgmt_cmd_status(sk, hdev->id,
4637 MGMT_OP_SET_STATIC_ADDRESS,
4638 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4639 }
4640
4641 hci_dev_lock(hdev);
4642
4643 bacpy(&hdev->static_addr, &cp->bdaddr);
4644
93690c22
MH		 4645 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4646 if (err < 0)
4647 goto unlock;
4648
4649 err = new_settings(hdev, sk);
d13eafce 4650
93690c22 4651unlock:
d13eafce 4652 hci_dev_unlock(hdev);
d13eafce
MH		 4653 return err;
4654}
4655
14b49b9a
MH		 4656static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4657 void *data, u16 len)
4658{
4659 struct mgmt_cp_set_scan_params *cp = data;
4660 __u16 interval, window;
4661 int err;
4662
4663 BT_DBG("%s", hdev->name);
4664
4665 if (!lmp_le_capable(hdev))
a69e8375
JH		 4666 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4667 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4668
4669 interval = __le16_to_cpu(cp->interval);
4670
4671 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4672 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4673 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4674
4675 window = __le16_to_cpu(cp->window);
4676
4677 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4678 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4679 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4680
899e1075 4681 if (window > interval)
a69e8375
JH		 4682 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4683 MGMT_STATUS_INVALID_PARAMS);
899e1075 4684
14b49b9a
MH		 4685 hci_dev_lock(hdev);
4686
4687 hdev->le_scan_interval = interval;
4688 hdev->le_scan_window = window;
4689
2a1afb5a
JH		 4690 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4691 NULL, 0);
14b49b9a 4692
dd2ef8e2
AG		 4693 /* If background scan is running, restart it so new parameters are
4694 * loaded.
4695 */
d7a5a11d 4696 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4697 hdev->discovery.state == DISCOVERY_STOPPED) {
4698 struct hci_request req;
4699
4700 hci_req_init(&req, hdev);
4701
4702 hci_req_add_le_scan_disable(&req);
4703 hci_req_add_le_passive_scan(&req);
4704
4705 hci_req_run(&req, NULL);
4706 }
4707
14b49b9a
MH		 4708 hci_dev_unlock(hdev);
4709
4710 return err;
4711}
4712
1904a853
MH		 4713static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4714 u16 opcode)
33e38b3e 4715{
3b0602cd 4716 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4717
4718 BT_DBG("status 0x%02x", status);
4719
4720 hci_dev_lock(hdev);
4721
4722 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4723 if (!cmd)
4724 goto unlock;
4725
4726 if (status) {
a69e8375
JH		 4727 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4728 mgmt_status(status));
33e38b3e 4729 } else {
1a4d3c4b
JH		 4730 struct mgmt_mode *cp = cmd->param;
4731
4732 if (cp->val)
a1536da2 4733 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4734 else
a358dc11 4735 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4736
33e38b3e
JH		 4737 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4738 new_settings(hdev, cmd->sk);
4739 }
4740
4741 mgmt_pending_remove(cmd);
4742
4743unlock:
4744 hci_dev_unlock(hdev);
4745}
4746
bdb6d971 4747static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4748 void *data, u16 len)
f6422ec6 4749{
650f726d 4750 struct mgmt_mode *cp = data;
3b0602cd 4751 struct mgmt_pending_cmd *cmd;
33e38b3e 4752 struct hci_request req;
f6422ec6
AJ		 4753 int err;
4754
bdb6d971 4755 BT_DBG("%s", hdev->name);
f6422ec6 4756
d7a5a11d 4757 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4758 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4759 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4760 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4761
a7e80f25 4762 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4763 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4764 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4765
f6422ec6
AJ		 4766 hci_dev_lock(hdev);
4767
05cbf29f 4768 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4769 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4770 MGMT_STATUS_BUSY);
05cbf29f
JH		 4771 goto unlock;
4772 }
4773
d7a5a11d 4774 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4775 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4776 hdev);
4777 goto unlock;
4778 }
4779
406ef2a6 4780 if (!hdev_is_powered(hdev)) {
ce05d603 4781 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4782 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4783 hdev);
4784 new_settings(hdev, sk);
4785 goto unlock;
4786 }
4787
33e38b3e
JH		 4788 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4789 data, len);
4790 if (!cmd) {
4791 err = -ENOMEM;
4792 goto unlock;
f6422ec6
AJ		 4793 }
4794
33e38b3e
JH		 4795 hci_req_init(&req, hdev);
4796
406d7804 4797 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4798
4799 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4800 if (err < 0) {
a69e8375
JH		 4801 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4802 MGMT_STATUS_FAILED);
33e38b3e 4803 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4804 }
4805
33e38b3e 4806unlock:
f6422ec6 4807 hci_dev_unlock(hdev);
33e38b3e 4808
f6422ec6
AJ		 4809 return err;
4810}
4811
1904a853 4812static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4813{
3b0602cd 4814 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4815
4816 BT_DBG("status 0x%02x", status);
4817
4818 hci_dev_lock(hdev);
4819
4820 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4821 if (!cmd)
4822 goto unlock;
4823
4824 if (status) {
4825 u8 mgmt_err = mgmt_status(status);
4826
4827 /* We need to restore the flag if related HCI commands
4828 * failed.
4829 */
a358dc11 4830 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4831
a69e8375 4832 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4833 } else {
4834 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4835 new_settings(hdev, cmd->sk);
4836 }
4837
4838 mgmt_pending_remove(cmd);
4839
4840unlock:
4841 hci_dev_unlock(hdev);
4842}
4843
4844static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4845{
4846 struct mgmt_mode *cp = data;
3b0602cd 4847 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4848 struct hci_request req;
4849 int err;
4850
4851 BT_DBG("request for %s", hdev->name);
4852
4853 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4854 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4855 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4856
d7a5a11d 4857 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4858 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4859 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4860
4861 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4862 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4863 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4864
4865 hci_dev_lock(hdev);
4866
d7a5a11d 4867 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4868 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4869 goto unlock;
4870 }
4871
4872 if (!hdev_is_powered(hdev)) {
4873 if (!cp->val) {
a358dc11
MH		 4874 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4875 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4876 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4877 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4878 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4879 }
4880
ce05d603 4881 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4882
4883 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4884 if (err < 0)
4885 goto unlock;
4886
4887 err = new_settings(hdev, sk);
4888 goto unlock;
4889 }
4890
4891 /* Reject disabling when powered on */
4892 if (!cp->val) {
a69e8375
JH		 4893 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4894 MGMT_STATUS_REJECTED);
0663ca2a 4895 goto unlock;
111e4bcc
MH		 4896 } else {
4897 /* When configuring a dual-mode controller to operate
4898 * with LE only and using a static address, then switching
4899 * BR/EDR back on is not allowed.
4900 *
4901 * Dual-mode controllers shall operate with the public
4902 * address as its identity address for BR/EDR and LE. So
4903 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4904 *
4905 * The same restrictions applies when secure connections
4906 * has been enabled. For BR/EDR this is a controller feature
4907 * while for LE it is a host stack feature. This means that
4908 * switching BR/EDR back on when secure connections has been
4909 * enabled is not a supported transaction.
111e4bcc 4910 */
d7a5a11d 4911 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 4912 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 4913 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 4914 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4915 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4916 goto unlock;
4917 }
0663ca2a
JH		 4918 }
4919
4920 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4921 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4922 MGMT_STATUS_BUSY);
0663ca2a
JH		 4923 goto unlock;
4924 }
4925
4926 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4927 if (!cmd) {
4928 err = -ENOMEM;
4929 goto unlock;
4930 }
4931
5947f4bc 4932 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4933 * generates the correct flags.
4934 */
a1536da2 4935 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4936
4937 hci_req_init(&req, hdev);
aa8af46e 4938
432df05e 4939 write_fast_connectable(&req, false);
1d2dc5b7 4940 __hci_update_page_scan(&req);
aa8af46e 4941
f14d8f64
MH		 4942 /* Since only the advertising data flags will change, there
4943 * is no need to update the scan response data.
4944 */
5947f4bc 4945 update_adv_data(&req);
aa8af46e 4946
0663ca2a
JH		 4947 err = hci_req_run(&req, set_bredr_complete);
4948 if (err < 0)
4949 mgmt_pending_remove(cmd);
4950
4951unlock:
4952 hci_dev_unlock(hdev);
4953 return err;
4954}
4955
a1443f5a
JH		 4956static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4957{
3b0602cd 4958 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4959 struct mgmt_mode *cp;
4960
4961 BT_DBG("%s status %u", hdev->name, status);
4962
4963 hci_dev_lock(hdev);
4964
4965 cmd = mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4966 if (!cmd)
4967 goto unlock;
4968
4969 if (status) {
a69e8375
JH		 4970 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4971 mgmt_status(status));
a1443f5a
JH		 4972 goto remove;
4973 }
4974
4975 cp = cmd->param;
4976
4977 switch (cp->val) {
4978 case 0x00:
a358dc11
MH		 4979 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4980 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4981 break;
4982 case 0x01:
a1536da2 4983 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 4984 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4985 break;
4986 case 0x02:
a1536da2
MH		 4987 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4988 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4989 break;
4990 }
4991
4992 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4993 new_settings(hdev, cmd->sk);
4994
4995remove:
4996 mgmt_pending_remove(cmd);
4997unlock:
4998 hci_dev_unlock(hdev);
4999}
5000
eac83dc6
MH		 5001static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5002 void *data, u16 len)
5003{
5004 struct mgmt_mode *cp = data;
3b0602cd 5005 struct mgmt_pending_cmd *cmd;
a1443f5a 5006 struct hci_request req;
a3209694 5007 u8 val;
eac83dc6
MH		 5008 int err;
5009
5010 BT_DBG("request for %s", hdev->name);
5011
05b3c3e7 5012 if (!lmp_sc_capable(hdev) &&
d7a5a11d 5013 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 5014 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5015 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 5016
d7a5a11d 5017 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 5018 lmp_sc_capable(hdev) &&
d7a5a11d 5019 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 5020 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5021 MGMT_STATUS_REJECTED);
ed93ec69 5022
0ab04a9c 5023 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 5024 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 5025 MGMT_STATUS_INVALID_PARAMS);
5026
5027 hci_dev_lock(hdev);
5028
05b3c3e7 5029 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 5030 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 5031 bool changed;
5032
0ab04a9c 5033 if (cp->val) {
238be788
MH		 5034 changed = !hci_dev_test_and_set_flag(hdev,
5035 HCI_SC_ENABLED);
0ab04a9c 5036 if (cp->val == 0x02)
a1536da2 5037 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5038 else
a358dc11 5039 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5040 } else {
a69d8927
MH		 5041 changed = hci_dev_test_and_clear_flag(hdev,
5042 HCI_SC_ENABLED);
a358dc11 5043 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5044 }
eac83dc6
MH		 5045
5046 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5047 if (err < 0)
5048 goto failed;
5049
5050 if (changed)
5051 err = new_settings(hdev, sk);
5052
5053 goto failed;
5054 }
5055
5056 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 5057 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5058 MGMT_STATUS_BUSY);
eac83dc6
MH		 5059 goto failed;
5060 }
5061
0ab04a9c
MH		 5062 val = !!cp->val;
5063
d7a5a11d
MH		 5064 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5065 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 5066 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5067 goto failed;
5068 }
5069
5070 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5071 if (!cmd) {
5072 err = -ENOMEM;
5073 goto failed;
5074 }
5075
a1443f5a
JH		 5076 hci_req_init(&req, hdev);
5077 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5078 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 5079 if (err < 0) {
5080 mgmt_pending_remove(cmd);
5081 goto failed;
5082 }
5083
5084failed:
5085 hci_dev_unlock(hdev);
5086 return err;
5087}
5088
4e39ac81
MH		 5089static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5090 void *data, u16 len)
5091{
5092 struct mgmt_mode *cp = data;
b9710979 5093 bool changed, use_changed;
4e39ac81
MH		 5094 int err;
5095
5096 BT_DBG("request for %s", hdev->name);
5097
b9710979 5098 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 5099 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5100 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 5101
5102 hci_dev_lock(hdev);
5103
5104 if (cp->val)
238be788 5105 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 5106 else
a69d8927
MH		 5107 changed = hci_dev_test_and_clear_flag(hdev,
5108 HCI_KEEP_DEBUG_KEYS);
4e39ac81 5109
b9710979 5110 if (cp->val == 0x02)
238be788
MH		 5111 use_changed = !hci_dev_test_and_set_flag(hdev,
5112 HCI_USE_DEBUG_KEYS);
b9710979 5113 else
a69d8927
MH		 5114 use_changed = hci_dev_test_and_clear_flag(hdev,
5115 HCI_USE_DEBUG_KEYS);
b9710979
JH		 5116
5117 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 5118 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 5119 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5120 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5121 sizeof(mode), &mode);
5122 }
5123
4e39ac81
MH		 5124 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5125 if (err < 0)
5126 goto unlock;
5127
5128 if (changed)
5129 err = new_settings(hdev, sk);
5130
5131unlock:
5132 hci_dev_unlock(hdev);
5133 return err;
5134}
5135
62b04cd1
JH		 5136static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5137 u16 len)
5138{
5139 struct mgmt_cp_set_privacy *cp = cp_data;
5140 bool changed;
5141 int err;
5142
5143 BT_DBG("request for %s", hdev->name);
5144
5145 if (!lmp_le_capable(hdev))
a69e8375
JH		 5146 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5147 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 5148
5149 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 5150 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5151 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 5152
5153 if (hdev_is_powered(hdev))
a69e8375
JH		 5154 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5155 MGMT_STATUS_REJECTED);
62b04cd1
JH		 5156
5157 hci_dev_lock(hdev);
5158
c21c0ea0
JH		 5159 /* If user space supports this command it is also expected to
5160 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5161 */
a1536da2 5162 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 5163
62b04cd1 5164 if (cp->privacy) {
238be788 5165 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 5166 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 5167 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1 5168 } else {
a69d8927 5169 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 5170 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 5171 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 5172 }
5173
5174 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5175 if (err < 0)
5176 goto unlock;
5177
5178 if (changed)
5179 err = new_settings(hdev, sk);
5180
5181unlock:
5182 hci_dev_unlock(hdev);
5183 return err;
5184}
5185
41edf160
JH		 5186static bool irk_is_valid(struct mgmt_irk_info *irk)
5187{
5188 switch (irk->addr.type) {
5189 case BDADDR_LE_PUBLIC:
5190 return true;
5191
5192 case BDADDR_LE_RANDOM:
5193 /* Two most significant bits shall be set */
5194 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5195 return false;
5196 return true;
5197 }
5198
5199 return false;
5200}
5201
5202static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5203 u16 len)
5204{
5205 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5206 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5207 sizeof(struct mgmt_irk_info));
41edf160
JH		 5208 u16 irk_count, expected_len;
5209 int i, err;
5210
5211 BT_DBG("request for %s", hdev->name);
5212
5213 if (!lmp_le_capable(hdev))
a69e8375
JH		 5214 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5215 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5216
5217 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 5218 if (irk_count > max_irk_count) {
5219 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 5220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5221 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5222 }
41edf160
JH		 5223
5224 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5225 if (expected_len != len) {
5226 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 5227 expected_len, len);
a69e8375
JH		 5228 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5229 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5230 }
5231
5232 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5233
5234 for (i = 0; i < irk_count; i++) {
5235 struct mgmt_irk_info *key = &cp->irks[i];
5236
5237 if (!irk_is_valid(key))
a69e8375
JH		 5238 return mgmt_cmd_status(sk, hdev->id,
5239 MGMT_OP_LOAD_IRKS,
5240 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5241 }
5242
5243 hci_dev_lock(hdev);
5244
5245 hci_smp_irks_clear(hdev);
5246
5247 for (i = 0; i < irk_count; i++) {
5248 struct mgmt_irk_info *irk = &cp->irks[i];
5249 u8 addr_type;
5250
5251 if (irk->addr.type == BDADDR_LE_PUBLIC)
5252 addr_type = ADDR_LE_DEV_PUBLIC;
5253 else
5254 addr_type = ADDR_LE_DEV_RANDOM;
5255
5256 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5257 BDADDR_ANY);
5258 }
5259
a1536da2 5260 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 5261
2a1afb5a 5262 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5263
5264 hci_dev_unlock(hdev);
5265
5266 return err;
5267}
5268
3f706b72
JH		 5269static bool ltk_is_valid(struct mgmt_ltk_info *key)
5270{
5271 if (key->master != 0x00 && key->master != 0x01)
5272 return false;
490cb0b3
MH		 5273
5274 switch (key->addr.type) {
5275 case BDADDR_LE_PUBLIC:
5276 return true;
5277
5278 case BDADDR_LE_RANDOM:
5279 /* Two most significant bits shall be set */
5280 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5281 return false;
5282 return true;
5283 }
5284
5285 return false;
3f706b72
JH		 5286}
5287
bdb6d971 5288static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5289 void *cp_data, u16 len)
346af67b 5290{
346af67b 5291 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5292 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5293 sizeof(struct mgmt_ltk_info));
346af67b 5294 u16 key_count, expected_len;
715a5bf2 5295 int i, err;
346af67b 5296
cf99ba13
MH		 5297 BT_DBG("request for %s", hdev->name);
5298
5299 if (!lmp_le_capable(hdev))
a69e8375
JH		 5300 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5301 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5302
1f350c87 5303 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5304 if (key_count > max_key_count) {
5305 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 5306 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5307 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5308 }
346af67b
VCG		 5309
5310 expected_len = sizeof(*cp) + key_count *
5311 sizeof(struct mgmt_ltk_info);
5312 if (expected_len != len) {
5313 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5314 expected_len, len);
a69e8375
JH		 5315 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5316 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5317 }
5318
bdb6d971 5319 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5320
54ad6d8a
JH		 5321 for (i = 0; i < key_count; i++) {
5322 struct mgmt_ltk_info *key = &cp->keys[i];
5323
3f706b72 5324 if (!ltk_is_valid(key))
a69e8375
JH		 5325 return mgmt_cmd_status(sk, hdev->id,
5326 MGMT_OP_LOAD_LONG_TERM_KEYS,
5327 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5328 }
5329
346af67b
VCG		 5330 hci_dev_lock(hdev);
5331
5332 hci_smp_ltks_clear(hdev);
5333
5334 for (i = 0; i < key_count; i++) {
5335 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5336 u8 type, addr_type, authenticated;
79d95a19
MH		 5337
5338 if (key->addr.type == BDADDR_LE_PUBLIC)
5339 addr_type = ADDR_LE_DEV_PUBLIC;
5340 else
5341 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5342
61b43357
JH		 5343 switch (key->type) {
5344 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5345 authenticated = 0x00;
23fb8de3 5346 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5347 break;
5348 case MGMT_LTK_AUTHENTICATED:
d7b25450 5349 authenticated = 0x01;
23fb8de3
JH		 5350 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5351 break;
5352 case MGMT_LTK_P256_UNAUTH:
5353 authenticated = 0x00;
5354 type = SMP_LTK_P256;
61b43357 5355 break;
23fb8de3
JH		 5356 case MGMT_LTK_P256_AUTH:
5357 authenticated = 0x01;
5358 type = SMP_LTK_P256;
61b43357 5359 break;
23fb8de3
JH		 5360 case MGMT_LTK_P256_DEBUG:
5361 authenticated = 0x00;
5362 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5363 default:
5364 continue;
5365 }
d7b25450 5366
35d70271 5367 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5368 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5369 key->rand);
346af67b
VCG		 5370 }
5371
2a1afb5a 5372 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5373 NULL, 0);
5374
346af67b 5375 hci_dev_unlock(hdev);
346af67b 5376
715a5bf2 5377 return err;
346af67b
VCG		 5378}
5379
3b0602cd 5380static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5381{
dd983808 5382 struct hci_conn *conn = cmd->user_data;
9981bdb0 5383 struct mgmt_rp_get_conn_info rp;
9df74653 5384 int err;
dd983808 5385
9981bdb0 5386 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5387
9981bdb0 5388 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5389 rp.rssi = conn->rssi;
9981bdb0
JH		 5390 rp.tx_power = conn->tx_power;
5391 rp.max_tx_power = conn->max_tx_power;
5392 } else {
5393 rp.rssi = HCI_RSSI_INVALID;
5394 rp.tx_power = HCI_TX_POWER_INVALID;
5395 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5396 }
5397
2a1afb5a
JH		 5398 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5399 status, &rp, sizeof(rp));
dd983808
AK		 5400
5401 hci_conn_drop(conn);
f8aaf9b6 5402 hci_conn_put(conn);
9df74653
JH		 5403
5404 return err;
dd983808
AK		 5405}
5406
1904a853
MH		 5407static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5408 u16 opcode)
dd983808
AK		 5409{
5410 struct hci_cp_read_rssi *cp;
3b0602cd 5411 struct mgmt_pending_cmd *cmd;
dd983808 5412 struct hci_conn *conn;
dd983808 5413 u16 handle;
9981bdb0 5414 u8 status;
dd983808 5415
9981bdb0 5416 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5417
5418 hci_dev_lock(hdev);
5419
dd983808
AK		 5420 /* Commands sent in request are either Read RSSI or Read Transmit Power
5421 * Level so we check which one was last sent to retrieve connection
5422 * handle. Both commands have handle as first parameter so it's safe to
5423 * cast data on the same command struct.
5424 *
5425 * First command sent is always Read RSSI and we fail only if it fails.
5426 * In other case we simply override error to indicate success as we
5427 * already remembered if TX power value is actually valid.
5428 */
5429 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5430 if (!cp) {
5431 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5432 status = MGMT_STATUS_SUCCESS;
5433 } else {
5434 status = mgmt_status(hci_status);
dd983808
AK		 5435 }
5436
5437 if (!cp) {
9981bdb0 5438 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5439 goto unlock;
5440 }
5441
5442 handle = __le16_to_cpu(cp->handle);
5443 conn = hci_conn_hash_lookup_handle(hdev, handle);
5444 if (!conn) {
9981bdb0 5445 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5446 goto unlock;
5447 }
5448
9981bdb0
JH		 5449 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5450 if (!cmd)
5451 goto unlock;
dd983808 5452
9981bdb0
JH		 5453 cmd->cmd_complete(cmd, status);
5454 mgmt_pending_remove(cmd);
dd983808
AK		 5455
5456unlock:
5457 hci_dev_unlock(hdev);
5458}
5459
5460static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5461 u16 len)
5462{
5463 struct mgmt_cp_get_conn_info *cp = data;
5464 struct mgmt_rp_get_conn_info rp;
5465 struct hci_conn *conn;
5466 unsigned long conn_info_age;
5467 int err = 0;
5468
5469 BT_DBG("%s", hdev->name);
5470
5471 memset(&rp, 0, sizeof(rp));
5472 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5473 rp.addr.type = cp->addr.type;
5474
5475 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5476 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5477 MGMT_STATUS_INVALID_PARAMS,
5478 &rp, sizeof(rp));
dd983808
AK		 5479
5480 hci_dev_lock(hdev);
5481
5482 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5483 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5484 MGMT_STATUS_NOT_POWERED, &rp,
5485 sizeof(rp));
dd983808
AK		 5486 goto unlock;
5487 }
5488
5489 if (cp->addr.type == BDADDR_BREDR)
5490 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5491 &cp->addr.bdaddr);
5492 else
5493 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5494
5495 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5496 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5497 MGMT_STATUS_NOT_CONNECTED, &rp,
5498 sizeof(rp));
dd983808
AK		 5499 goto unlock;
5500 }
5501
9981bdb0 5502 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5503 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5504 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5505 goto unlock;
5506 }
5507
dd983808
AK		 5508 /* To avoid client trying to guess when to poll again for information we
5509 * calculate conn info age as random value between min/max set in hdev.
5510 */
5511 conn_info_age = hdev->conn_info_min_age +
5512 prandom_u32_max(hdev->conn_info_max_age -
5513 hdev->conn_info_min_age);
5514
5515 /* Query controller to refresh cached values if they are too old or were
5516 * never read.
5517 */
f4e2dd53
AK		 5518 if (time_after(jiffies, conn->conn_info_timestamp +
5519 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5520 !conn->conn_info_timestamp) {
5521 struct hci_request req;
5522 struct hci_cp_read_tx_power req_txp_cp;
5523 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5524 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5525
5526 hci_req_init(&req, hdev);
5527 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5528 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5529 &req_rssi_cp);
5530
f7faab0c
AK		 5531 /* For LE links TX power does not change thus we don't need to
5532 * query for it once value is known.
5533 */
5534 if (!bdaddr_type_is_le(cp->addr.type) ||
5535 conn->tx_power == HCI_TX_POWER_INVALID) {
5536 req_txp_cp.handle = cpu_to_le16(conn->handle);
5537 req_txp_cp.type = 0x00;
5538 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5539 sizeof(req_txp_cp), &req_txp_cp);
5540 }
dd983808 5541
eed5daf3
AK		 5542 /* Max TX power needs to be read only once per connection */
5543 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5544 req_txp_cp.handle = cpu_to_le16(conn->handle);
5545 req_txp_cp.type = 0x01;
5546 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5547 sizeof(req_txp_cp), &req_txp_cp);
5548 }
5549
dd983808
AK		 5550 err = hci_req_run(&req, conn_info_refresh_complete);
5551 if (err < 0)
5552 goto unlock;
5553
5554 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5555 data, len);
5556 if (!cmd) {
5557 err = -ENOMEM;
5558 goto unlock;
5559 }
5560
5561 hci_conn_hold(conn);
f8aaf9b6 5562 cmd->user_data = hci_conn_get(conn);
9981bdb0 5563 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5564
5565 conn->conn_info_timestamp = jiffies;
5566 } else {
5567 /* Cache is valid, just reply with values cached in hci_conn */
5568 rp.rssi = conn->rssi;
5569 rp.tx_power = conn->tx_power;
eed5daf3 5570 rp.max_tx_power = conn->max_tx_power;
dd983808 5571
2a1afb5a
JH		 5572 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5573 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5574 }
5575
5576unlock:
5577 hci_dev_unlock(hdev);
5578 return err;
5579}
5580
3b0602cd 5581static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5582{
69487371 5583 struct hci_conn *conn = cmd->user_data;
95868426 5584 struct mgmt_rp_get_clock_info rp;
69487371 5585 struct hci_dev *hdev;
9df74653 5586 int err;
69487371
JH		 5587
5588 memset(&rp, 0, sizeof(rp));
5589 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5590
5591 if (status)
5592 goto complete;
5593
5594 hdev = hci_dev_get(cmd->index);
5595 if (hdev) {
5596 rp.local_clock = cpu_to_le32(hdev->clock);
5597 hci_dev_put(hdev);
5598 }
5599
5600 if (conn) {
5601 rp.piconet_clock = cpu_to_le32(conn->clock);
5602 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5603 }
5604
5605complete:
2a1afb5a
JH		 5606 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5607 sizeof(rp));
69487371
JH		 5608
5609 if (conn) {
5610 hci_conn_drop(conn);
5611 hci_conn_put(conn);
5612 }
9df74653
JH		 5613
5614 return err;
69487371
JH		 5615}
5616
1904a853 5617static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5618{
95868426 5619 struct hci_cp_read_clock *hci_cp;
3b0602cd 5620 struct mgmt_pending_cmd *cmd;
95868426
JH		 5621 struct hci_conn *conn;
5622
5623 BT_DBG("%s status %u", hdev->name, status);
5624
5625 hci_dev_lock(hdev);
5626
5627 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5628 if (!hci_cp)
5629 goto unlock;
5630
5631 if (hci_cp->which) {
5632 u16 handle = __le16_to_cpu(hci_cp->handle);
5633 conn = hci_conn_hash_lookup_handle(hdev, handle);
5634 } else {
5635 conn = NULL;
5636 }
5637
5638 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5639 if (!cmd)
5640 goto unlock;
5641
69487371 5642 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5643 mgmt_pending_remove(cmd);
95868426
JH		 5644
5645unlock:
5646 hci_dev_unlock(hdev);
5647}
5648
5649static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5650 u16 len)
5651{
5652 struct mgmt_cp_get_clock_info *cp = data;
5653 struct mgmt_rp_get_clock_info rp;
5654 struct hci_cp_read_clock hci_cp;
3b0602cd 5655 struct mgmt_pending_cmd *cmd;
95868426
JH		 5656 struct hci_request req;
5657 struct hci_conn *conn;
5658 int err;
5659
5660 BT_DBG("%s", hdev->name);
5661
5662 memset(&rp, 0, sizeof(rp));
5663 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5664 rp.addr.type = cp->addr.type;
5665
5666 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5667 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5668 MGMT_STATUS_INVALID_PARAMS,
5669 &rp, sizeof(rp));
95868426
JH		 5670
5671 hci_dev_lock(hdev);
5672
5673 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5674 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5675 MGMT_STATUS_NOT_POWERED, &rp,
5676 sizeof(rp));
95868426
JH		 5677 goto unlock;
5678 }
5679
5680 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5681 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5682 &cp->addr.bdaddr);
5683 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5684 err = mgmt_cmd_complete(sk, hdev->id,
5685 MGMT_OP_GET_CLOCK_INFO,
5686 MGMT_STATUS_NOT_CONNECTED,
5687 &rp, sizeof(rp));
95868426
JH		 5688 goto unlock;
5689 }
5690 } else {
5691 conn = NULL;
5692 }
5693
5694 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5695 if (!cmd) {
5696 err = -ENOMEM;
5697 goto unlock;
5698 }
5699
69487371
JH		 5700 cmd->cmd_complete = clock_info_cmd_complete;
5701
95868426
JH		 5702 hci_req_init(&req, hdev);
5703
5704 memset(&hci_cp, 0, sizeof(hci_cp));
5705 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5706
5707 if (conn) {
5708 hci_conn_hold(conn);
f8aaf9b6 5709 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5710
5711 hci_cp.handle = cpu_to_le16(conn->handle);
5712 hci_cp.which = 0x01; /* Piconet clock */
5713 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5714 }
5715
5716 err = hci_req_run(&req, get_clock_info_complete);
5717 if (err < 0)
5718 mgmt_pending_remove(cmd);
5719
5720unlock:
5721 hci_dev_unlock(hdev);
5722 return err;
5723}
5724
5a154e6f
JH		 5725static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5726{
5727 struct hci_conn *conn;
5728
5729 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5730 if (!conn)
5731 return false;
5732
5733 if (conn->dst_type != type)
5734 return false;
5735
5736 if (conn->state != BT_CONNECTED)
5737 return false;
5738
5739 return true;
5740}
5741
5742/* This function requires the caller holds hdev->lock */
5743static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5744 u8 addr_type, u8 auto_connect)
5745{
5746 struct hci_dev *hdev = req->hdev;
5747 struct hci_conn_params *params;
5748
5749 params = hci_conn_params_add(hdev, addr, addr_type);
5750 if (!params)
5751 return -EIO;
5752
5753 if (params->auto_connect == auto_connect)
5754 return 0;
5755
5756 list_del_init(&params->action);
5757
5758 switch (auto_connect) {
5759 case HCI_AUTO_CONN_DISABLED:
5760 case HCI_AUTO_CONN_LINK_LOSS:
5761 __hci_update_background_scan(req);
5762 break;
5763 case HCI_AUTO_CONN_REPORT:
5764 list_add(&params->action, &hdev->pend_le_reports);
5765 __hci_update_background_scan(req);
5766 break;
5767 case HCI_AUTO_CONN_DIRECT:
5768 case HCI_AUTO_CONN_ALWAYS:
5769 if (!is_connected(hdev, addr, addr_type)) {
5770 list_add(&params->action, &hdev->pend_le_conns);
5771 __hci_update_background_scan(req);
5772 }
5773 break;
5774 }
5775
5776 params->auto_connect = auto_connect;
5777
5778 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5779 auto_connect);
5780
5781 return 0;
5782}
5783
8afef092
MH		 5784static void device_added(struct sock *sk, struct hci_dev *hdev,
5785 bdaddr_t *bdaddr, u8 type, u8 action)
5786{
5787 struct mgmt_ev_device_added ev;
5788
5789 bacpy(&ev.addr.bdaddr, bdaddr);
5790 ev.addr.type = type;
5791 ev.action = action;
5792
5793 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5794}
5795
1904a853 5796static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5a154e6f 5797{
3b0602cd 5798 struct mgmt_pending_cmd *cmd;
5a154e6f
JH		 5799
5800 BT_DBG("status 0x%02x", status);
5801
5802 hci_dev_lock(hdev);
5803
5804 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
5805 if (!cmd)
5806 goto unlock;
5807
5808 cmd->cmd_complete(cmd, mgmt_status(status));
5809 mgmt_pending_remove(cmd);
5810
5811unlock:
5812 hci_dev_unlock(hdev);
5813}
5814
2faade53
MH		 5815static int add_device(struct sock *sk, struct hci_dev *hdev,
5816 void *data, u16 len)
5817{
5818 struct mgmt_cp_add_device *cp = data;
3b0602cd 5819 struct mgmt_pending_cmd *cmd;
5a154e6f 5820 struct hci_request req;
2faade53
MH		 5821 u8 auto_conn, addr_type;
5822 int err;
5823
5824 BT_DBG("%s", hdev->name);
5825
6659358e 5826 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5827 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5828 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5829 MGMT_STATUS_INVALID_PARAMS,
5830 &cp->addr, sizeof(cp->addr));
2faade53 5831
4b9e7e75 5832 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5833 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5834 MGMT_STATUS_INVALID_PARAMS,
5835 &cp->addr, sizeof(cp->addr));
2faade53 5836
5a154e6f
JH		 5837 hci_req_init(&req, hdev);
5838
2faade53
MH		 5839 hci_dev_lock(hdev);
5840
5a154e6f
JH		 5841 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5842 if (!cmd) {
5843 err = -ENOMEM;
5844 goto unlock;
5845 }
5846
5847 cmd->cmd_complete = addr_cmd_complete;
5848
6659358e 5849 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5850 /* Only incoming connections action is supported for now */
6659358e 5851 if (cp->action != 0x01) {
9df74653
JH		 5852 err = cmd->cmd_complete(cmd,
5853 MGMT_STATUS_INVALID_PARAMS);
5a154e6f 5854 mgmt_pending_remove(cmd);
6659358e
JH		 5855 goto unlock;
5856 }
5857
5858 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5859 cp->addr.type);
5860 if (err)
5861 goto unlock;
a397407f 5862
5a154e6f 5863 __hci_update_page_scan(&req);
a397407f 5864
6659358e
JH		 5865 goto added;
5866 }
5867
2faade53
MH		 5868 if (cp->addr.type == BDADDR_LE_PUBLIC)
5869 addr_type = ADDR_LE_DEV_PUBLIC;
5870 else
5871 addr_type = ADDR_LE_DEV_RANDOM;
5872
4b9e7e75 5873 if (cp->action == 0x02)
2faade53 5874 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5875 else if (cp->action == 0x01)
5876 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5877 else
a3451d27 5878 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5879
bf5b3c8b
MH		 5880 /* If the connection parameters don't exist for this device,
5881 * they will be created and configured with defaults.
5882 */
5a154e6f 5883 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
d06b50ce 5884 auto_conn) < 0) {
9df74653 5885 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5a154e6f 5886 mgmt_pending_remove(cmd);
2faade53
MH		 5887 goto unlock;
5888 }
5889
6659358e 5890added:
8afef092
MH		 5891 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5892
5a154e6f
JH		 5893 err = hci_req_run(&req, add_device_complete);
5894 if (err < 0) {
5895 /* ENODATA means no HCI commands were needed (e.g. if
5896 * the adapter is powered off).
5897 */
9df74653
JH		 5898 if (err == -ENODATA)
5899 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5a154e6f
JH		 5900 mgmt_pending_remove(cmd);
5901 }
2faade53
MH		 5902
5903unlock:
5904 hci_dev_unlock(hdev);
5905 return err;
5906}
5907
8afef092
MH		 5908static void device_removed(struct sock *sk, struct hci_dev *hdev,
5909 bdaddr_t *bdaddr, u8 type)
5910{
5911 struct mgmt_ev_device_removed ev;
5912
5913 bacpy(&ev.addr.bdaddr, bdaddr);
5914 ev.addr.type = type;
5915
5916 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5917}
5918
1904a853 5919static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
51ef3ebe 5920{
3b0602cd 5921 struct mgmt_pending_cmd *cmd;
51ef3ebe
JH		 5922
5923 BT_DBG("status 0x%02x", status);
5924
5925 hci_dev_lock(hdev);
5926
5927 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
5928 if (!cmd)
5929 goto unlock;
5930
5931 cmd->cmd_complete(cmd, mgmt_status(status));
5932 mgmt_pending_remove(cmd);
5933
5934unlock:
5935 hci_dev_unlock(hdev);
5936}
5937
2faade53
MH		 5938static int remove_device(struct sock *sk, struct hci_dev *hdev,
5939 void *data, u16 len)
5940{
5941 struct mgmt_cp_remove_device *cp = data;
3b0602cd 5942 struct mgmt_pending_cmd *cmd;
51ef3ebe 5943 struct hci_request req;
2faade53
MH		 5944 int err;
5945
5946 BT_DBG("%s", hdev->name);
5947
51ef3ebe
JH		 5948 hci_req_init(&req, hdev);
5949
2faade53
MH		 5950 hci_dev_lock(hdev);
5951
51ef3ebe
JH		 5952 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5953 if (!cmd) {
5954 err = -ENOMEM;
5955 goto unlock;
5956 }
5957
5958 cmd->cmd_complete = addr_cmd_complete;
5959
2faade53 5960 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5961 struct hci_conn_params *params;
2faade53
MH		 5962 u8 addr_type;
5963
6659358e 5964 if (!bdaddr_type_is_valid(cp->addr.type)) {
9df74653
JH		 5965 err = cmd->cmd_complete(cmd,
5966 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5967 mgmt_pending_remove(cmd);
2faade53
MH		 5968 goto unlock;
5969 }
5970
6659358e
JH		 5971 if (cp->addr.type == BDADDR_BREDR) {
5972 err = hci_bdaddr_list_del(&hdev->whitelist,
5973 &cp->addr.bdaddr,
5974 cp->addr.type);
5975 if (err) {
9df74653
JH		 5976 err = cmd->cmd_complete(cmd,
5977 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5978 mgmt_pending_remove(cmd);
6659358e
JH		 5979 goto unlock;
5980 }
5981
51ef3ebe 5982 __hci_update_page_scan(&req);
a397407f 5983
6659358e
JH		 5984 device_removed(sk, hdev, &cp->addr.bdaddr,
5985 cp->addr.type);
5986 goto complete;
5987 }
5988
2faade53
MH		 5989 if (cp->addr.type == BDADDR_LE_PUBLIC)
5990 addr_type = ADDR_LE_DEV_PUBLIC;
5991 else
5992 addr_type = ADDR_LE_DEV_RANDOM;
5993
c71593dd
JH		 5994 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5995 addr_type);
5996 if (!params) {
9df74653
JH		 5997 err = cmd->cmd_complete(cmd,
5998 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5999 mgmt_pending_remove(cmd);
c71593dd
JH		 6000 goto unlock;
6001 }
6002
6003 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
9df74653
JH		 6004 err = cmd->cmd_complete(cmd,
6005 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6006 mgmt_pending_remove(cmd);
c71593dd
JH		 6007 goto unlock;
6008 }
6009
d1dbf12e 6010 list_del(&params->action);
c71593dd
JH		 6011 list_del(&params->list);
6012 kfree(params);
51ef3ebe 6013 __hci_update_background_scan(&req);
8afef092
MH		 6014
6015 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 6016 } else {
19de0825 6017 struct hci_conn_params *p, *tmp;
6659358e 6018 struct bdaddr_list *b, *btmp;
19de0825 6019
2faade53 6020 if (cp->addr.type) {
9df74653
JH		 6021 err = cmd->cmd_complete(cmd,
6022 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6023 mgmt_pending_remove(cmd);
2faade53
MH		 6024 goto unlock;
6025 }
6026
6659358e
JH		 6027 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6028 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6029 list_del(&b->list);
6030 kfree(b);
6031 }
6032
51ef3ebe 6033 __hci_update_page_scan(&req);
a397407f 6034
19de0825
JH		 6035 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6036 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6037 continue;
6038 device_removed(sk, hdev, &p->addr, p->addr_type);
6039 list_del(&p->action);
6040 list_del(&p->list);
6041 kfree(p);
6042 }
6043
6044 BT_DBG("All LE connection parameters were removed");
6045
51ef3ebe 6046 __hci_update_background_scan(&req);
2faade53
MH		 6047 }
6048
6659358e 6049complete:
51ef3ebe
JH		 6050 err = hci_req_run(&req, remove_device_complete);
6051 if (err < 0) {
6052 /* ENODATA means no HCI commands were needed (e.g. if
6053 * the adapter is powered off).
6054 */
9df74653
JH		 6055 if (err == -ENODATA)
6056 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
51ef3ebe
JH		 6057 mgmt_pending_remove(cmd);
6058 }
2faade53
MH		 6059
6060unlock:
6061 hci_dev_unlock(hdev);
6062 return err;
6063}
6064
a26f3dcf
JH		 6065static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6066 u16 len)
6067{
6068 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 6069 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6070 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 6071 u16 param_count, expected_len;
6072 int i;
6073
6074 if (!lmp_le_capable(hdev))
a69e8375
JH		 6075 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6076 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 6077
6078 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 6079 if (param_count > max_param_count) {
6080 BT_ERR("load_conn_param: too big param_count value %u",
6081 param_count);
a69e8375
JH		 6082 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6083 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 6084 }
a26f3dcf
JH		 6085
6086 expected_len = sizeof(*cp) + param_count *
6087 sizeof(struct mgmt_conn_param);
6088 if (expected_len != len) {
6089 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6090 expected_len, len);
a69e8375
JH		 6091 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6092 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 6093 }
6094
6095 BT_DBG("%s param_count %u", hdev->name, param_count);
6096
6097 hci_dev_lock(hdev);
6098
6099 hci_conn_params_clear_disabled(hdev);
6100
6101 for (i = 0; i < param_count; i++) {
6102 struct mgmt_conn_param *param = &cp->params[i];
6103 struct hci_conn_params *hci_param;
6104 u16 min, max, latency, timeout;
6105 u8 addr_type;
6106
6107 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
6108 param->addr.type);
6109
6110 if (param->addr.type == BDADDR_LE_PUBLIC) {
6111 addr_type = ADDR_LE_DEV_PUBLIC;
6112 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6113 addr_type = ADDR_LE_DEV_RANDOM;
6114 } else {
6115 BT_ERR("Ignoring invalid connection parameters");
6116 continue;
6117 }
6118
6119 min = le16_to_cpu(param->min_interval);
6120 max = le16_to_cpu(param->max_interval);
6121 latency = le16_to_cpu(param->latency);
6122 timeout = le16_to_cpu(param->timeout);
6123
6124 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6125 min, max, latency, timeout);
6126
6127 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6128 BT_ERR("Ignoring invalid connection parameters");
6129 continue;
6130 }
6131
6132 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
6133 addr_type);
6134 if (!hci_param) {
6135 BT_ERR("Failed to add connection parameters");
6136 continue;
6137 }
6138
6139 hci_param->conn_min_interval = min;
6140 hci_param->conn_max_interval = max;
6141 hci_param->conn_latency = latency;
6142 hci_param->supervision_timeout = timeout;
6143 }
6144
6145 hci_dev_unlock(hdev);
6146
2a1afb5a
JH		 6147 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6148 NULL, 0);
a26f3dcf
JH		 6149}
6150
dbece37a
MH		 6151static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6152 void *data, u16 len)
6153{
6154 struct mgmt_cp_set_external_config *cp = data;
6155 bool changed;
6156 int err;
6157
6158 BT_DBG("%s", hdev->name);
6159
6160 if (hdev_is_powered(hdev))
a69e8375
JH		 6161 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6162 MGMT_STATUS_REJECTED);
dbece37a
MH		 6163
6164 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 6165 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6166 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 6167
6168 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 6169 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6170 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 6171
6172 hci_dev_lock(hdev);
6173
6174 if (cp->config)
238be788 6175 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 6176 else
a69d8927 6177 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 6178
6179 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6180 if (err < 0)
6181 goto unlock;
6182
6183 if (!changed)
6184 goto unlock;
6185
f4537c04
MH		 6186 err = new_options(hdev, sk);
6187
d7a5a11d 6188 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 6189 mgmt_index_removed(hdev);
d603b76b 6190
516018a9 6191 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 6192 hci_dev_set_flag(hdev, HCI_CONFIG);
6193 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 6194
6195 queue_work(hdev->req_workqueue, &hdev->power_on);
6196 } else {
5ea234d3 6197 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6198 mgmt_index_added(hdev);
6199 }
dbece37a
MH		 6200 }
6201
6202unlock:
6203 hci_dev_unlock(hdev);
6204 return err;
6205}
6206
9713c17b
MH		 6207static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6208 void *data, u16 len)
6209{
6210 struct mgmt_cp_set_public_address *cp = data;
6211 bool changed;
6212 int err;
6213
6214 BT_DBG("%s", hdev->name);
6215
6216 if (hdev_is_powered(hdev))
a69e8375
JH		 6217 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6218 MGMT_STATUS_REJECTED);
9713c17b
MH		 6219
6220 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 6221 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6222 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 6223
6224 if (!hdev->set_bdaddr)
a69e8375
JH		 6225 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6226 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 6227
6228 hci_dev_lock(hdev);
6229
6230 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6231 bacpy(&hdev->public_addr, &cp->bdaddr);
6232
6233 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6234 if (err < 0)
6235 goto unlock;
6236
6237 if (!changed)
6238 goto unlock;
6239
d7a5a11d 6240 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 6241 err = new_options(hdev, sk);
6242
6243 if (is_configured(hdev)) {
6244 mgmt_index_removed(hdev);
6245
a358dc11 6246 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 6247
a1536da2
MH		 6248 hci_dev_set_flag(hdev, HCI_CONFIG);
6249 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 6250
6251 queue_work(hdev->req_workqueue, &hdev->power_on);
6252 }
6253
6254unlock:
6255 hci_dev_unlock(hdev);
6256 return err;
6257}
6258
bea41609
MH		 6259static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6260 u8 data_len)
6261{
6262 eir[eir_len++] = sizeof(type) + data_len;
6263 eir[eir_len++] = type;
6264 memcpy(&eir[eir_len], data, data_len);
6265 eir_len += data_len;
6266
6267 return eir_len;
6268}
6269
4f0f155c
MH		 6270static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6271 void *data, u16 data_len)
6272{
6273 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6274 struct mgmt_rp_read_local_oob_ext_data *rp;
6275 size_t rp_len;
6276 u16 eir_len;
6277 u8 status, flags, role, addr[7];
6278 int err;
6279
6280 BT_DBG("%s", hdev->name);
6281
6282 if (!hdev_is_powered(hdev))
6283 return mgmt_cmd_complete(sk, hdev->id,
6284 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6285 MGMT_STATUS_NOT_POWERED,
6286 &cp->type, sizeof(cp->type));
6287
6288 switch (cp->type) {
6289 case BIT(BDADDR_BREDR):
6290 status = mgmt_bredr_support(hdev);
6291 if (status)
6292 return mgmt_cmd_complete(sk, hdev->id,
6293 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6294 status, &cp->type,
6295 sizeof(cp->type));
6296 eir_len = 5;
6297 break;
6298 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6299 status = mgmt_le_support(hdev);
6300 if (status)
6301 return mgmt_cmd_complete(sk, hdev->id,
6302 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6303 status, &cp->type,
6304 sizeof(cp->type));
6305 eir_len = 15;
6306 break;
6307 default:
6308 return mgmt_cmd_complete(sk, hdev->id,
6309 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6310 MGMT_STATUS_INVALID_PARAMS,
6311 &cp->type, sizeof(cp->type));
6312 }
6313
6314 hci_dev_lock(hdev);
6315
6316 rp_len = sizeof(*rp) + eir_len;
6317 rp = kmalloc(rp_len, GFP_ATOMIC);
6318 if (!rp) {
6319 hci_dev_unlock(hdev);
6320 return -ENOMEM;
6321 }
6322
6323 eir_len = 0;
6324 switch (cp->type) {
6325 case BIT(BDADDR_BREDR):
6326 eir_len = eir_append_data(rp->eir, eir_len, EIR_CLASS_OF_DEV,
6327 hdev->dev_class, 3);
6328 break;
6329 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6330 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6331 memcpy(addr, &hdev->rpa, 6);
6332 addr[6] = 0x01;
6333 } else if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6334 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6335 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6336 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6337 memcpy(addr, &hdev->static_addr, 6);
6338 addr[6] = 0x01;
6339 } else {
6340 memcpy(addr, &hdev->bdaddr, 6);
6341 addr[6] = 0x00;
6342 }
6343
6344 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6345 addr, sizeof(addr));
6346
6347 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6348 role = 0x02;
6349 else
6350 role = 0x01;
6351
6352 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6353 &role, sizeof(role));
6354
6355 flags = get_adv_discov_flags(hdev);
6356
6357 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6358 flags |= LE_AD_NO_BREDR;
6359
6360 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6361 &flags, sizeof(flags));
6362 break;
6363 }
6364
6365 rp->type = cp->type;
6366 rp->eir_len = cpu_to_le16(eir_len);
6367
6368 hci_dev_unlock(hdev);
6369
6370 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6371 MGMT_STATUS_SUCCESS, rp, rp_len);
6372
6373 kfree(rp);
6374
6375 return err;
6376}
6377
d3d5305b
MH		 6378static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6379 void *data, u16 data_len)
6380{
6381 struct mgmt_rp_read_adv_features *rp;
6382 size_t rp_len;
6383 int err;
6384
6385 BT_DBG("%s", hdev->name);
6386
6387 hci_dev_lock(hdev);
6388
6389 rp_len = sizeof(*rp);
6390 rp = kmalloc(rp_len, GFP_ATOMIC);
6391 if (!rp) {
6392 hci_dev_unlock(hdev);
6393 return -ENOMEM;
6394 }
6395
6396 rp->supported_flags = cpu_to_le32(0);
6397 rp->max_adv_data_len = 31;
6398 rp->max_scan_rsp_len = 31;
6399 rp->max_instances = 0;
6400 rp->num_instances = 0;
6401
6402 hci_dev_unlock(hdev);
6403
6404 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6405 MGMT_STATUS_SUCCESS, rp, rp_len);
6406
6407 kfree(rp);
6408
6409 return err;
6410}
6411
6d785aa3 6412static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6413 { NULL }, /* 0x0000 (no command) */
b9a245fb 6414 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 6415 HCI_MGMT_NO_HDEV |
6416 HCI_MGMT_UNTRUSTED },
b9a245fb 6417 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 6418 HCI_MGMT_NO_HDEV |
6419 HCI_MGMT_UNTRUSTED },
b9a245fb 6420 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 6421 HCI_MGMT_NO_HDEV |
6422 HCI_MGMT_UNTRUSTED },
6423 { read_controller_info, MGMT_READ_INFO_SIZE,
6424 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 6425 { set_powered, MGMT_SETTING_SIZE },
6426 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6427 { set_connectable, MGMT_SETTING_SIZE },
6428 { set_fast_connectable, MGMT_SETTING_SIZE },
6429 { set_bondable, MGMT_SETTING_SIZE },
6430 { set_link_security, MGMT_SETTING_SIZE },
6431 { set_ssp, MGMT_SETTING_SIZE },
6432 { set_hs, MGMT_SETTING_SIZE },
6433 { set_le, MGMT_SETTING_SIZE },
6434 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6435 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6436 { add_uuid, MGMT_ADD_UUID_SIZE },
6437 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 6438 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6439 HCI_MGMT_VAR_LEN },
6440 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6441 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6442 { disconnect, MGMT_DISCONNECT_SIZE },
6443 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6444 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6445 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6446 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6447 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6448 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6449 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6450 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6451 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6452 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6453 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 6454 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6455 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6456 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6457 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6458 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6459 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6460 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6461 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6462 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6463 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6464 { set_advertising, MGMT_SETTING_SIZE },
6465 { set_bredr, MGMT_SETTING_SIZE },
6466 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6467 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6468 { set_secure_conn, MGMT_SETTING_SIZE },
6469 { set_debug_keys, MGMT_SETTING_SIZE },
6470 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 6471 { load_irks, MGMT_LOAD_IRKS_SIZE,
6472 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6473 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6474 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6475 { add_device, MGMT_ADD_DEVICE_SIZE },
6476 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 6477 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6478 HCI_MGMT_VAR_LEN },
6479 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 6480 HCI_MGMT_NO_HDEV |
6481 HCI_MGMT_UNTRUSTED },
b9a245fb 6482 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 6483 HCI_MGMT_UNCONFIGURED |
6484 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 6485 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6486 HCI_MGMT_UNCONFIGURED },
6487 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6488 HCI_MGMT_UNCONFIGURED },
6489 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6490 HCI_MGMT_VAR_LEN },
4f0f155c 6491 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 6492 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 6493 HCI_MGMT_NO_HDEV |
6494 HCI_MGMT_UNTRUSTED },
d3d5305b 6495 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
0f4e68cf
JH		 6496};
6497
6d785aa3
JH		 6498int mgmt_control(struct hci_mgmt_chan *chan, struct sock *sk,
6499 struct msghdr *msg, size_t msglen)
0381101f 6500{
650f726d
VCG		 6501 void *buf;
6502 u8 *cp;
0381101f 6503 struct mgmt_hdr *hdr;
4e51eae9 6504 u16 opcode, index, len;
bdb6d971 6505 struct hci_dev *hdev = NULL;
6d785aa3 6506 const struct hci_mgmt_handler *handler;
b9a245fb 6507 bool var_len, no_hdev;
0381101f
JH		 6508 int err;
6509
6510 BT_DBG("got %zu bytes", msglen);
6511
6512 if (msglen < sizeof(*hdr))
6513 return -EINVAL;
6514
e63a15ec 6515 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 6516 if (!buf)
6517 return -ENOMEM;
6518
6ce8e9ce 6519 if (memcpy_from_msg(buf, msg, msglen)) {
0381101f
JH		 6520 err = -EFAULT;
6521 goto done;
6522 }
6523
650f726d 6524 hdr = buf;
1f350c87
MH		 6525 opcode = __le16_to_cpu(hdr->opcode);
6526 index = __le16_to_cpu(hdr->index);
6527 len = __le16_to_cpu(hdr->len);
0381101f
JH		 6528
6529 if (len != msglen - sizeof(*hdr)) {
6530 err = -EINVAL;
6531 goto done;
6532 }
6533
b9a245fb
JH		 6534 if (opcode >= chan->handler_count ||
6535 chan->handlers[opcode].func == NULL) {
6536 BT_DBG("Unknown op %u", opcode);
a69e8375
JH		 6537 err = mgmt_cmd_status(sk, index, opcode,
6538 MGMT_STATUS_UNKNOWN_COMMAND);
b9a245fb
JH		 6539 goto done;
6540 }
6541
6542 handler = &chan->handlers[opcode];
6543
c927a104
MH		 6544 if (!hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) &&
6545 !(handler->flags & HCI_MGMT_UNTRUSTED)) {
6546 err = mgmt_cmd_status(sk, index, opcode,
6547 MGMT_STATUS_PERMISSION_DENIED);
6548 goto done;
6549 }
6550
0f4e68cf 6551 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 6552 hdev = hci_dev_get(index);
6553 if (!hdev) {
a69e8375
JH		 6554 err = mgmt_cmd_status(sk, index, opcode,
6555 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 6556 goto done;
6557 }
0736cfa8 6558
d7a5a11d
MH		 6559 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
6560 hci_dev_test_flag(hdev, HCI_CONFIG) ||
6561 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
a69e8375
JH		 6562 err = mgmt_cmd_status(sk, index, opcode,
6563 MGMT_STATUS_INVALID_INDEX);
0736cfa8
MH		 6564 goto done;
6565 }
42a9bc14 6566
d7a5a11d 6567 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
b9a245fb 6568 !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
a69e8375
JH		 6569 err = mgmt_cmd_status(sk, index, opcode,
6570 MGMT_STATUS_INVALID_INDEX);
42a9bc14
MH		 6571 goto done;
6572 }
bdb6d971
JH		 6573 }
6574
b9a245fb
JH		 6575 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
6576 if (no_hdev != !hdev) {
a69e8375
JH		 6577 err = mgmt_cmd_status(sk, index, opcode,
6578 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 6579 goto done;
0381101f
JH		 6580 }
6581
b9a245fb
JH		 6582 var_len = (handler->flags & HCI_MGMT_VAR_LEN);
6583 if ((var_len && len < handler->data_len) ||
6584 (!var_len && len != handler->data_len)) {
a69e8375
JH		 6585 err = mgmt_cmd_status(sk, index, opcode,
6586 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 6587 goto done;
6588 }
6589
0f4e68cf
JH		 6590 if (hdev)
6591 mgmt_init_hdev(sk, hdev);
6592
6593 cp = buf + sizeof(*hdr);
6594
be22b54e 6595 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 6596 if (err < 0)
6597 goto done;
6598
0381101f
JH		 6599 err = msglen;
6600
6601done:
bdb6d971
JH		 6602 if (hdev)
6603 hci_dev_put(hdev);
6604
0381101f
JH		 6605 kfree(buf);
6606 return err;
6607}
c71e97bf 6608
bf6b56db 6609void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6610{
ced85549 6611 struct mgmt_ev_ext_index ev;
bb4b2a9a 6612
0602a8ad
MH		 6613 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6614 return;
6615
f9207338
MH		 6616 switch (hdev->dev_type) {
6617 case HCI_BREDR:
6618 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6619 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6620 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6621 ev.type = 0x01;
f9207338
MH		 6622 } else {
6623 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6624 HCI_MGMT_INDEX_EVENTS);
ced85549 6625 ev.type = 0x00;
f9207338
MH		 6626 }
6627 break;
ced85549
MH		 6628 case HCI_AMP:
6629 ev.type = 0x02;
6630 break;
6631 default:
6632 return;
f9207338 6633 }
ced85549
MH		 6634
6635 ev.bus = hdev->bus;
6636
6637 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6638 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 6639}
6640
bf6b56db 6641void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6642{
ced85549 6643 struct mgmt_ev_ext_index ev;
5f159032 6644 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6645
0602a8ad
MH		 6646 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6647 return;
6648
f9207338
MH		 6649 switch (hdev->dev_type) {
6650 case HCI_BREDR:
6651 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6652
f9207338
MH		 6653 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6654 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6655 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6656 ev.type = 0x01;
f9207338
MH		 6657 } else {
6658 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6659 HCI_MGMT_INDEX_EVENTS);
ced85549 6660 ev.type = 0x00;
f9207338
MH		 6661 }
6662 break;
ced85549
MH		 6663 case HCI_AMP:
6664 ev.type = 0x02;
6665 break;
6666 default:
6667 return;
f9207338 6668 }
ced85549
MH		 6669
6670 ev.bus = hdev->bus;
6671
6672 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6673 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 6674}
6675
6046dc3e 6676/* This function requires the caller holds hdev->lock */
2cf22218 6677static void restart_le_actions(struct hci_request *req)
6046dc3e 6678{
2cf22218 6679 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 6680 struct hci_conn_params *p;
6681
6682 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6683 /* Needed for AUTO_OFF case where might not "really"
6684 * have been powered off.
6685 */
6686 list_del_init(&p->action);
6687
6688 switch (p->auto_connect) {
4b9e7e75 6689 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6690 case HCI_AUTO_CONN_ALWAYS:
6691 list_add(&p->action, &hdev->pend_le_conns);
6692 break;
6693 case HCI_AUTO_CONN_REPORT:
6694 list_add(&p->action, &hdev->pend_le_reports);
6695 break;
6696 default:
6697 break;
c83ed19d 6698 }
6046dc3e 6699 }
c83ed19d 6700
2cf22218 6701 __hci_update_background_scan(req);
6046dc3e
AG		 6702}
6703
1904a853 6704static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 6705{
6706 struct cmd_lookup match = { NULL, hdev };
6707
6708 BT_DBG("status 0x%02x", status);
6709
162a3bac
MH		 6710 if (!status) {
6711 /* Register the available SMP channels (BR/EDR and LE) only
6712 * when successfully powering on the controller. This late
6713 * registration is required so that LE SMP can clearly
6714 * decide if the public address or static address is used.
6715 */
6716 smp_register(hdev);
6717 }
6718
229ab39c
JH		 6719 hci_dev_lock(hdev);
6720
6721 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6722
6723 new_settings(hdev, match.sk);
6724
6725 hci_dev_unlock(hdev);
6726
6727 if (match.sk)
6728 sock_put(match.sk);
6729}
6730
70da6243 6731static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6732{
890ea898 6733 struct hci_request req;
70da6243 6734 u8 link_sec;
5add6af8 6735
890ea898
JH		 6736 hci_req_init(&req, hdev);
6737
d7a5a11d 6738 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
70da6243 6739 !lmp_host_ssp_capable(hdev)) {
574ea3c7 6740 u8 mode = 0x01;
5e5282bb 6741
574ea3c7
MH		 6742 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6743
6744 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6745 u8 support = 0x01;
5add6af8 6746
574ea3c7
MH		 6747 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6748 sizeof(support), &support);
6749 }
ec6f99b8
JH		 6750 }
6751
d7a5a11d 6752 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
c73eee91 6753 lmp_bredr_capable(hdev)) {
70da6243 6754 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6755
32226e4f
MH		 6756 cp.le = 0x01;
6757 cp.simul = 0x00;
3d1cbdd6 6758
70da6243
JH		 6759 /* Check first if we already have the right
6760 * host state (host features set)
6761 */
6762 if (cp.le != lmp_host_le_capable(hdev) ||
6763 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6764 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6765 sizeof(cp), &cp);
70da6243 6766 }
3d1cbdd6 6767
d13eafce 6768 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6769 /* Make sure the controller has a good default for
6770 * advertising data. This also applies to the case
6771 * where BR/EDR was toggled during the AUTO_OFF phase.
6772 */
d7a5a11d 6773 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
5947f4bc 6774 update_adv_data(&req);
f14d8f64
MH		 6775 update_scan_rsp_data(&req);
6776 }
441ad2d0 6777
d7a5a11d 6778 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
bba3aa55 6779 enable_advertising(&req);
2cf22218
JH		 6780
6781 restart_le_actions(&req);
eeca6f89
JH		 6782 }
6783
d7a5a11d 6784 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
70da6243 6785 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6786 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6787 sizeof(link_sec), &link_sec);
562fcc24 6788
70da6243 6789 if (lmp_bredr_capable(hdev)) {
d7a5a11d 6790 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
406ef2a6
JH		 6791 write_fast_connectable(&req, true);
6792 else
6793 write_fast_connectable(&req, false);
1d2dc5b7 6794 __hci_update_page_scan(&req);
890ea898 6795 update_class(&req);
13928971 6796 update_name(&req);
890ea898 6797 update_eir(&req);
70da6243 6798 }
562fcc24 6799
229ab39c 6800 return hci_req_run(&req, powered_complete);
70da6243 6801}
562fcc24 6802
70da6243
JH		 6803int mgmt_powered(struct hci_dev *hdev, u8 powered)
6804{
6805 struct cmd_lookup match = { NULL, hdev };
9845904f 6806 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6807 int err;
f0ff92fb 6808
d7a5a11d 6809 if (!hci_dev_test_flag(hdev, HCI_MGMT))
70da6243
JH		 6810 return 0;
6811
70da6243 6812 if (powered) {
229ab39c
JH		 6813 if (powered_update_hci(hdev) == 0)
6814 return 0;
fe038884 6815
229ab39c
JH		 6816 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6817 &match);
6818 goto new_settings;
b24752fe
JH		 6819 }
6820
229ab39c 6821 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6822
6823 /* If the power off is because of hdev unregistration let
6824 * use the appropriate INVALID_INDEX status. Otherwise use
6825 * NOT_POWERED. We cover both scenarios here since later in
6826 * mgmt_index_removed() any hci_conn callbacks will have already
6827 * been triggered, potentially causing misleading DISCONNECTED
6828 * status responses.
6829 */
d7a5a11d 6830 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 6831 status = MGMT_STATUS_INVALID_INDEX;
6832 else
6833 status = MGMT_STATUS_NOT_POWERED;
6834
6835 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6836
6837 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
f6b7712e
MH		 6838 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6839 zero_cod, sizeof(zero_cod), NULL);
229ab39c
JH		 6840
6841new_settings:
beadb2bd 6842 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6843
6844 if (match.sk)
6845 sock_put(match.sk);
6846
7bb895d6 6847 return err;
5add6af8 6848}
73f22f62 6849
3eec705e 6850void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 6851{
3b0602cd 6852 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 6853 u8 status;
6854
6855 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6856 if (!cmd)
3eec705e 6857 return;
96570ffc
JH		 6858
6859 if (err == -ERFKILL)
6860 status = MGMT_STATUS_RFKILLED;
6861 else
6862 status = MGMT_STATUS_FAILED;
6863
a69e8375 6864 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6865
6866 mgmt_pending_remove(cmd);
96570ffc
JH		 6867}
6868
d1967ff8
MH		 6869void mgmt_discoverable_timeout(struct hci_dev *hdev)
6870{
6871 struct hci_request req;
d1967ff8
MH		 6872
6873 hci_dev_lock(hdev);
6874
6875 /* When discoverable timeout triggers, then just make sure
6876 * the limited discoverable flag is cleared. Even in the case
6877 * of a timeout triggered from general discoverable, it is
6878 * safe to unconditionally clear the flag.
6879 */
a358dc11
MH		 6880 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
6881 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
d1967ff8
MH		 6882
6883 hci_req_init(&req, hdev);
d7a5a11d 6884 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4b580614
JH		 6885 u8 scan = SCAN_PAGE;
6886 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6887 sizeof(scan), &scan);
6888 }
d1967ff8 6889 update_class(&req);
9a43e25f 6890 update_adv_data(&req);
d1967ff8
MH		 6891 hci_req_run(&req, NULL);
6892
6893 hdev->discov_timeout = 0;
6894
9a43e25f
JH		 6895 new_settings(hdev, NULL);
6896
d1967ff8
MH		 6897 hci_dev_unlock(hdev);
6898}
6899
dc4a5ee2
MH		 6900void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6901 bool persistent)
55ed8ca1 6902{
86742e1e 6903 struct mgmt_ev_new_link_key ev;
55ed8ca1 6904
a492cd52 6905 memset(&ev, 0, sizeof(ev));
55ed8ca1 6906
a492cd52 6907 ev.store_hint = persistent;
d753fdc4 6908 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6909 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6910 ev.key.type = key->type;
9b3b4460 6911 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6912 ev.key.pin_len = key->pin_len;
55ed8ca1 6913
dc4a5ee2 6914 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6915}
f7520543 6916
d7b25450
JH		 6917static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6918{
23fb8de3
JH		 6919 switch (ltk->type) {
6920 case SMP_LTK:
6921 case SMP_LTK_SLAVE:
6922 if (ltk->authenticated)
6923 return MGMT_LTK_AUTHENTICATED;
6924 return MGMT_LTK_UNAUTHENTICATED;
6925 case SMP_LTK_P256:
6926 if (ltk->authenticated)
6927 return MGMT_LTK_P256_AUTH;
6928 return MGMT_LTK_P256_UNAUTH;
6929 case SMP_LTK_P256_DEBUG:
6930 return MGMT_LTK_P256_DEBUG;
6931 }
d7b25450
JH		 6932
6933 return MGMT_LTK_UNAUTHENTICATED;
6934}
6935
53ac6ab6 6936void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6937{
6938 struct mgmt_ev_new_long_term_key ev;
6939
6940 memset(&ev, 0, sizeof(ev));
6941
5192d301
MH		 6942 /* Devices using resolvable or non-resolvable random addresses
6943 * without providing an indentity resolving key don't require
6944 * to store long term keys. Their addresses will change the
6945 * next time around.
6946 *
6947 * Only when a remote device provides an identity address
6948 * make sure the long term key is stored. If the remote
6949 * identity is known, the long term keys are internally
6950 * mapped to the identity address. So allow static random
6951 * and public addresses here.
6952 */
ba74b666
JH		 6953 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6954 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6955 ev.store_hint = 0x00;
6956 else
53ac6ab6 6957 ev.store_hint = persistent;
ba74b666 6958
346af67b 6959 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6960 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6961 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6962 ev.key.enc_size = key->enc_size;
6963 ev.key.ediv = key->ediv;
fe39c7b2 6964 ev.key.rand = key->rand;
346af67b 6965
2ceba539 6966 if (key->type == SMP_LTK)
346af67b
VCG		 6967 ev.key.master = 1;
6968
346af67b
VCG		 6969 memcpy(ev.key.val, key->val, sizeof(key->val));
6970
083368f7 6971 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6972}
6973
95fbac8a
JH		 6974void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6975{
6976 struct mgmt_ev_new_irk ev;
6977
6978 memset(&ev, 0, sizeof(ev));
6979
bab6d1e5
MH		 6980 /* For identity resolving keys from devices that are already
6981 * using a public address or static random address, do not
6982 * ask for storing this key. The identity resolving key really
6983 * is only mandatory for devices using resovlable random
6984 * addresses.
6985 *
6986 * Storing all identity resolving keys has the downside that
6987 * they will be also loaded on next boot of they system. More
6988 * identity resolving keys, means more time during scanning is
6989 * needed to actually resolve these addresses.
6990 */
6991 if (bacmp(&irk->rpa, BDADDR_ANY))
6992 ev.store_hint = 0x01;
6993 else
6994 ev.store_hint = 0x00;
6995
95fbac8a
JH		 6996 bacpy(&ev.rpa, &irk->rpa);
6997 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6998 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6999 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7000
7001 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7002}
7003
53ac6ab6
MH		 7004void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7005 bool persistent)
7ee4ea36
MH		 7006{
7007 struct mgmt_ev_new_csrk ev;
7008
7009 memset(&ev, 0, sizeof(ev));
7010
7011 /* Devices using resolvable or non-resolvable random addresses
7012 * without providing an indentity resolving key don't require
7013 * to store signature resolving keys. Their addresses will change
7014 * the next time around.
7015 *
7016 * Only when a remote device provides an identity address
7017 * make sure the signature resolving key is stored. So allow
7018 * static random and public addresses here.
7019 */
7020 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7021 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7022 ev.store_hint = 0x00;
7023 else
53ac6ab6 7024 ev.store_hint = persistent;
7ee4ea36
MH		 7025
7026 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7027 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 7028 ev.key.type = csrk->type;
7ee4ea36
MH		 7029 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7030
7031 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7032}
7033
ffb5a827 7034void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 7035 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7036 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 7037{
7038 struct mgmt_ev_new_conn_param ev;
7039
c103aea6
JH		 7040 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7041 return;
7042
ffb5a827
AG		 7043 memset(&ev, 0, sizeof(ev));
7044 bacpy(&ev.addr.bdaddr, bdaddr);
7045 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 7046 ev.store_hint = store_hint;
ffb5a827
AG		 7047 ev.min_interval = cpu_to_le16(min_interval);
7048 ev.max_interval = cpu_to_le16(max_interval);
7049 ev.latency = cpu_to_le16(latency);
7050 ev.timeout = cpu_to_le16(timeout);
7051
7052 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7053}
7054
48ec92fa
AA		 7055void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7056 u32 flags, u8 *name, u8 name_len)
f7520543 7057{
b644ba33
JH		 7058 char buf[512];
7059 struct mgmt_ev_device_connected *ev = (void *) buf;
7060 u16 eir_len = 0;
f7520543 7061
48ec92fa
AA		 7062 bacpy(&ev->addr.bdaddr, &conn->dst);
7063 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 7064
c95f0ba7 7065 ev->flags = __cpu_to_le32(flags);
08c79b61 7066
fd45ada9
AA		 7067 /* We must ensure that the EIR Data fields are ordered and
7068 * unique. Keep it simple for now and avoid the problem by not
7069 * adding any BR/EDR data to the LE adv.
7070 */
7071 if (conn->le_adv_data_len > 0) {
7072 memcpy(&ev->eir[eir_len],
7073 conn->le_adv_data, conn->le_adv_data_len);
7074 eir_len = conn->le_adv_data_len;
7075 } else {
7076 if (name_len > 0)
7077 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7078 name, name_len);
b644ba33 7079
ddbea5cf 7080 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 7081 eir_len = eir_append_data(ev->eir, eir_len,
7082 EIR_CLASS_OF_DEV,
7083 conn->dev_class, 3);
7084 }
b644ba33 7085
eb55ef07 7086 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 7087
ecd90ae7
MH		 7088 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7089 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 7090}
7091
3b0602cd 7092static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 7093{
8962ee74 7094 struct sock **sk = data;
8962ee74 7095
f5818c22 7096 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 7097
7098 *sk = cmd->sk;
7099 sock_hold(*sk);
7100
a664b5bc 7101 mgmt_pending_remove(cmd);
8962ee74
JH		 7102}
7103
3b0602cd 7104static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 7105{
b1078ad0 7106 struct hci_dev *hdev = data;
124f6e35 7107 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 7108
b1078ad0
JH		 7109 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7110
d8b7b1e4 7111 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 7112 mgmt_pending_remove(cmd);
7113}
7114
84c61d92
JH		 7115bool mgmt_powering_down(struct hci_dev *hdev)
7116{
3b0602cd 7117 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 7118 struct mgmt_mode *cp;
7119
7120 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
7121 if (!cmd)
7122 return false;
7123
7124 cp = cmd->param;
7125 if (!cp->val)
7126 return true;
7127
7128 return false;
7129}
7130
9b80ec5e 7131void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 7132 u8 link_type, u8 addr_type, u8 reason,
7133 bool mgmt_connected)
f7520543 7134{
f0d6a0ea 7135 struct mgmt_ev_device_disconnected ev;
8962ee74 7136 struct sock *sk = NULL;
8962ee74 7137
84c61d92
JH		 7138 /* The connection is still in hci_conn_hash so test for 1
7139 * instead of 0 to know if this is the last one.
7140 */
7141 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7142 cancel_delayed_work(&hdev->power_off);
7143 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 7144 }
7145
12d4a3b2
JH		 7146 if (!mgmt_connected)
7147 return;
7148
57eb776f
AG		 7149 if (link_type != ACL_LINK && link_type != LE_LINK)
7150 return;
7151
744cf19e 7152 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 7153
f0d6a0ea
MA		 7154 bacpy(&ev.addr.bdaddr, bdaddr);
7155 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7156 ev.reason = reason;
f7520543 7157
9b80ec5e 7158 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 7159
7160 if (sk)
d97dcb66 7161 sock_put(sk);
8962ee74 7162
124f6e35 7163 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 7164 hdev);
8962ee74
JH		 7165}
7166
7892924c
MH		 7167void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7168 u8 link_type, u8 addr_type, u8 status)
8962ee74 7169{
3655bba8
AG		 7170 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7171 struct mgmt_cp_disconnect *cp;
3b0602cd 7172 struct mgmt_pending_cmd *cmd;
8962ee74 7173
36a75f1b
JD		 7174 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7175 hdev);
7176
2e58ef3e 7177 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 7178 if (!cmd)
7892924c 7179 return;
8962ee74 7180
3655bba8
AG		 7181 cp = cmd->param;
7182
7183 if (bacmp(bdaddr, &cp->addr.bdaddr))
7184 return;
7185
7186 if (cp->addr.type != bdaddr_type)
7187 return;
7188
f5818c22 7189 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7190 mgmt_pending_remove(cmd);
f7520543 7191}
17d5c04c 7192
445608d0
MH		 7193void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7194 u8 addr_type, u8 status)
17d5c04c
JH		 7195{
7196 struct mgmt_ev_connect_failed ev;
c9910d0f 7197
84c61d92
JH		 7198 /* The connection is still in hci_conn_hash so test for 1
7199 * instead of 0 to know if this is the last one.
7200 */
7201 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7202 cancel_delayed_work(&hdev->power_off);
7203 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 7204 }
17d5c04c 7205
4c659c39 7206 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7207 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 7208 ev.status = mgmt_status(status);
17d5c04c 7209
445608d0 7210 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 7211}
980e1a53 7212
ce0e4a0d 7213void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 7214{
7215 struct mgmt_ev_pin_code_request ev;
7216
d8457698 7217 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 7218 ev.addr.type = BDADDR_BREDR;
a770bb5a 7219 ev.secure = secure;
980e1a53 7220
ce0e4a0d 7221 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 7222}
7223
e669cf80
MH		 7224void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7225 u8 status)
980e1a53 7226{
3b0602cd 7227 struct mgmt_pending_cmd *cmd;
980e1a53 7228
2e58ef3e 7229 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 7230 if (!cmd)
e669cf80 7231 return;
980e1a53 7232
7776d1d8 7233 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7234 mgmt_pending_remove(cmd);
980e1a53
JH		 7235}
7236
3eb38528
MH		 7237void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7238 u8 status)
980e1a53 7239{
3b0602cd 7240 struct mgmt_pending_cmd *cmd;
980e1a53 7241
2e58ef3e 7242 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 7243 if (!cmd)
3eb38528 7244 return;
980e1a53 7245
7776d1d8 7246 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7247 mgmt_pending_remove(cmd);
980e1a53 7248}
a5c29683 7249
744cf19e 7250int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 7251 u8 link_type, u8 addr_type, u32 value,
04124681 7252 u8 confirm_hint)
a5c29683
JH		 7253{
7254 struct mgmt_ev_user_confirm_request ev;
7255
744cf19e 7256 BT_DBG("%s", hdev->name);
a5c29683 7257
272d90df 7258 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7259 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 7260 ev.confirm_hint = confirm_hint;
39adbffe 7261 ev.value = cpu_to_le32(value);
a5c29683 7262
744cf19e 7263 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 7264 NULL);
a5c29683
JH		 7265}
7266
272d90df 7267int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7268 u8 link_type, u8 addr_type)
604086b7
BG		 7269{
7270 struct mgmt_ev_user_passkey_request ev;
7271
7272 BT_DBG("%s", hdev->name);
7273
272d90df 7274 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7275 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7276
7277 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7278 NULL);
604086b7
BG		 7279}
7280
0df4c185 7281static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7282 u8 link_type, u8 addr_type, u8 status,
7283 u8 opcode)
a5c29683 7284{
3b0602cd 7285 struct mgmt_pending_cmd *cmd;
a5c29683 7286
2e58ef3e 7287 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 7288 if (!cmd)
7289 return -ENOENT;
7290
7776d1d8 7291 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7292 mgmt_pending_remove(cmd);
a5c29683 7293
7776d1d8 7294 return 0;
a5c29683
JH		 7295}
7296
744cf19e 7297int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7298 u8 link_type, u8 addr_type, u8 status)
a5c29683 7299{
272d90df 7300 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7301 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7302}
7303
272d90df 7304int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7305 u8 link_type, u8 addr_type, u8 status)
a5c29683 7306{
272d90df 7307 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7308 status,
7309 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7310}
2a611692 7311
604086b7 7312int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7313 u8 link_type, u8 addr_type, u8 status)
604086b7 7314{
272d90df 7315 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7316 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7317}
7318
272d90df 7319int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7320 u8 link_type, u8 addr_type, u8 status)
604086b7 7321{
272d90df 7322 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7323 status,
7324 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7325}
7326
92a25256
JH		 7327int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7328 u8 link_type, u8 addr_type, u32 passkey,
7329 u8 entered)
7330{
7331 struct mgmt_ev_passkey_notify ev;
7332
7333 BT_DBG("%s", hdev->name);
7334
7335 bacpy(&ev.addr.bdaddr, bdaddr);
7336 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7337 ev.passkey = __cpu_to_le32(passkey);
7338 ev.entered = entered;
7339
7340 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7341}
7342
e1e930f5 7343void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7344{
7345 struct mgmt_ev_auth_failed ev;
3b0602cd 7346 struct mgmt_pending_cmd *cmd;
e1e930f5 7347 u8 status = mgmt_status(hci_status);
2a611692 7348
e1e930f5
JH		 7349 bacpy(&ev.addr.bdaddr, &conn->dst);
7350 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7351 ev.status = status;
2a611692 7352
e1e930f5
JH		 7353 cmd = find_pairing(conn);
7354
7355 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7356 cmd ? cmd->sk : NULL);
7357
a511b35b
JH		 7358 if (cmd) {
7359 cmd->cmd_complete(cmd, status);
7360 mgmt_pending_remove(cmd);
7361 }
2a611692 7362}
b312b161 7363
464996ae 7364void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7365{
7366 struct cmd_lookup match = { NULL, hdev };
464996ae 7367 bool changed;
33ef95ed
JH		 7368
7369 if (status) {
7370 u8 mgmt_err = mgmt_status(status);
7371 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7372 cmd_status_rsp, &mgmt_err);
464996ae 7373 return;
33ef95ed
JH		 7374 }
7375
464996ae 7376 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7377 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7378 else
a69d8927 7379 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 7380
33ef95ed 7381 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7382 &match);
33ef95ed 7383
47990ea0 7384 if (changed)
464996ae 7385 new_settings(hdev, match.sk);
33ef95ed
JH		 7386
7387 if (match.sk)
7388 sock_put(match.sk);
33ef95ed
JH		 7389}
7390
890ea898 7391static void clear_eir(struct hci_request *req)
cacaf52f 7392{
890ea898 7393 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7394 struct hci_cp_write_eir cp;
7395
976eb20e 7396 if (!lmp_ext_inq_capable(hdev))
890ea898 7397 return;
cacaf52f 7398
c80da27e
JH		 7399 memset(hdev->eir, 0, sizeof(hdev->eir));
7400
cacaf52f
JH		 7401 memset(&cp, 0, sizeof(cp));
7402
890ea898 7403 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7404}
7405
3e248560 7406void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7407{
7408 struct cmd_lookup match = { NULL, hdev };
890ea898 7409 struct hci_request req;
c0ecddc2 7410 bool changed = false;
ed2c4ee3
JH		 7411
7412 if (status) {
7413 u8 mgmt_err = mgmt_status(status);
c0ecddc2 7414
a69d8927
MH		 7415 if (enable && hci_dev_test_and_clear_flag(hdev,
7416 HCI_SSP_ENABLED)) {
a358dc11 7417 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 7418 new_settings(hdev, NULL);
9ecb3e24 7419 }
c0ecddc2 7420
04124681
GP		 7421 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7422 &mgmt_err);
3e248560 7423 return;
c0ecddc2
JH		 7424 }
7425
7426 if (enable) {
238be788 7427 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7428 } else {
a69d8927 7429 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7430 if (!changed)
a69d8927
MH		 7431 changed = hci_dev_test_and_clear_flag(hdev,
7432 HCI_HS_ENABLED);
9ecb3e24 7433 else
a358dc11 7434 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7435 }
7436
7437 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7438
c0ecddc2 7439 if (changed)
3e248560 7440 new_settings(hdev, match.sk);
ed2c4ee3 7441
5fc6ebb1 7442 if (match.sk)
ed2c4ee3
JH		 7443 sock_put(match.sk);
7444
890ea898
JH		 7445 hci_req_init(&req, hdev);
7446
d7a5a11d
MH		 7447 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7448 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7449 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7450 sizeof(enable), &enable);
890ea898 7451 update_eir(&req);
3769972b 7452 } else {
890ea898 7453 clear_eir(&req);
3769972b 7454 }
890ea898
JH		 7455
7456 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7457}
7458
3b0602cd 7459static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7460{
7461 struct cmd_lookup *match = data;
7462
90e70454
JH		 7463 if (match->sk == NULL) {
7464 match->sk = cmd->sk;
7465 sock_hold(match->sk);
7466 }
90e70454
JH		 7467}
7468
4e1b0245
MH		 7469void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7470 u8 status)
7f9a903c 7471{
90e70454 7472 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7473
92da6097
JH		 7474 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7475 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7476 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7477
7478 if (!status)
f6b7712e
MH		 7479 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7480 dev_class, 3, NULL);
90e70454
JH		 7481
7482 if (match.sk)
7483 sock_put(match.sk);
7f9a903c
MH		 7484}
7485
7667da34 7486void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7487{
b312b161 7488 struct mgmt_cp_set_local_name ev;
3b0602cd 7489 struct mgmt_pending_cmd *cmd;
28cc7bde 7490
13928971 7491 if (status)
7667da34 7492 return;
b312b161
JH		 7493
7494 memset(&ev, 0, sizeof(ev));
7495 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7496 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7497
2e58ef3e 7498 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7499 if (!cmd) {
7500 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7501
13928971
JH		 7502 /* If this is a HCI command related to powering on the
7503 * HCI dev don't send any mgmt signals.
7504 */
7505 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7506 return;
890ea898 7507 }
b312b161 7508
f6b7712e
MH		 7509 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7510 cmd ? cmd->sk : NULL);
b312b161 7511}
c35938b2 7512
4d2d2796 7513void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 7514 u8 *rand192, u8 *hash256, u8 *rand256,
7515 u8 status)
c35938b2 7516{
3b0602cd 7517 struct mgmt_pending_cmd *cmd;
c35938b2 7518
744cf19e 7519 BT_DBG("%s status %u", hdev->name, status);
c35938b2 7520
2e58ef3e 7521 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 7522 if (!cmd)
3edaf092 7523 return;
c35938b2
SJ		 7524
7525 if (status) {
a69e8375
JH		 7526 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7527 mgmt_status(status));
c35938b2 7528 } else {
66f096f7
JH		 7529 struct mgmt_rp_read_local_oob_data rp;
7530 size_t rp_size = sizeof(rp);
4d2d2796 7531
66f096f7
JH		 7532 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7533 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 7534
66f096f7 7535 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796 7536 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 7537 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
4d2d2796 7538 } else {
66f096f7 7539 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
4d2d2796 7540 }
66f096f7 7541
2a1afb5a
JH		 7542 mgmt_cmd_complete(cmd->sk, hdev->id,
7543 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7544 &rp, rp_size);
c35938b2
SJ		 7545 }
7546
7547 mgmt_pending_remove(cmd);
c35938b2 7548}
e17acd40 7549
799ce93d
JP		 7550static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7551{
7552 int i;
7553
7554 for (i = 0; i < uuid_count; i++) {
7555 if (!memcmp(uuid, uuids[i], 16))
7556 return true;
7557 }
7558
7559 return false;
7560}
7561
b487b9ce
MH		 7562static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7563{
799ce93d
JP		 7564 u16 parsed = 0;
7565
7566 while (parsed < eir_len) {
7567 u8 field_len = eir[0];
7568 u8 uuid[16];
7569 int i;
7570
7571 if (field_len == 0)
7572 break;
7573
7574 if (eir_len - parsed < field_len + 1)
7575 break;
7576
7577 switch (eir[1]) {
7578 case EIR_UUID16_ALL:
7579 case EIR_UUID16_SOME:
7580 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7581 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7582 uuid[13] = eir[i + 3];
7583 uuid[12] = eir[i + 2];
7584 if (has_uuid(uuid, uuid_count, uuids))
7585 return true;
7586 }
7587 break;
7588 case EIR_UUID32_ALL:
7589 case EIR_UUID32_SOME:
7590 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7591 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7592 uuid[15] = eir[i + 5];
7593 uuid[14] = eir[i + 4];
7594 uuid[13] = eir[i + 3];
7595 uuid[12] = eir[i + 2];
7596 if (has_uuid(uuid, uuid_count, uuids))
7597 return true;
7598 }
7599 break;
7600 case EIR_UUID128_ALL:
7601 case EIR_UUID128_SOME:
7602 for (i = 0; i + 17 <= field_len; i += 16) {
7603 memcpy(uuid, eir + i + 2, 16);
7604 if (has_uuid(uuid, uuid_count, uuids))
7605 return true;
7606 }
7607 break;
7608 }
7609
7610 parsed += field_len + 1;
7611 eir += field_len + 1;
7612 }
7613
b487b9ce
MH		 7614 return false;
7615}
7616
4b0e0ced
JP		 7617static void restart_le_scan(struct hci_dev *hdev)
7618{
7619 /* If controller is not scanning we are done. */
d7a5a11d 7620 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 7621 return;
7622
7623 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7624 hdev->discovery.scan_start +
7625 hdev->discovery.scan_duration))
7626 return;
7627
7628 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
7629 DISCOV_LE_RESTART_DELAY);
7630}
7631
48f86b7f
JP		 7632static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7633 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7634{
48f86b7f
JP		 7635 /* If a RSSI threshold has been specified, and
7636 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7637 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7638 * is set, let it through for further processing, as we might need to
7639 * restart the scan.
efb2513f
MH		 7640 *
7641 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7642 * the results are also dropped.
bda157a4
MH		 7643 */
7644 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7645 (rssi == HCI_RSSI_INVALID ||
7646 (rssi < hdev->discovery.rssi &&
7647 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7648 return false;
efb2513f 7649
2976cdeb
JP		 7650 if (hdev->discovery.uuid_count != 0) {
7651 /* If a list of UUIDs is provided in filter, results with no
7652 * matching UUID should be dropped.
b487b9ce 7653 */
2976cdeb
JP		 7654 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7655 hdev->discovery.uuids) &&
7656 !eir_has_uuids(scan_rsp, scan_rsp_len,
7657 hdev->discovery.uuid_count,
7658 hdev->discovery.uuids))
7659 return false;
b487b9ce 7660 }
5d2e9fad 7661
2976cdeb
JP		 7662 /* If duplicate filtering does not report RSSI changes, then restart
7663 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7664 */
2976cdeb
JP		 7665 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7666 restart_le_scan(hdev);
7667
7668 /* Validate RSSI value against the RSSI threshold once more. */
7669 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7670 rssi < hdev->discovery.rssi)
7671 return false;
7672 }
48f86b7f
JP		 7673
7674 return true;
7675}
7676
7677void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7678 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7679 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7680{
7681 char buf[512];
7682 struct mgmt_ev_device_found *ev = (void *)buf;
7683 size_t ev_size;
7684
7685 /* Don't send events for a non-kernel initiated discovery. With
7686 * LE one exception is if we have pend_le_reports > 0 in which
7687 * case we're doing passive scanning and want these events.
7688 */
7689 if (!hci_discovery_active(hdev)) {
7690 if (link_type == ACL_LINK)
7691 return;
7692 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7693 return;
7694 }
7695
82f8b651 7696 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7697 /* We are using service discovery */
7698 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7699 scan_rsp_len))
7700 return;
7701 }
7702
7703 /* Make sure that the buffer is big enough. The 5 extra bytes
7704 * are for the potential CoD field.
7705 */
7706 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7707 return;
7708
48f86b7f
JP		 7709 memset(buf, 0, sizeof(buf));
7710
7711 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7712 * RSSI value was reported as 0 when not available. This behavior
7713 * is kept when using device discovery. This is required for full
7714 * backwards compatibility with the API.
7715 *
7716 * However when using service discovery, the value 127 will be
7717 * returned when the RSSI is not available.
7718 */
7719 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7720 link_type == ACL_LINK)
7721 rssi = 0;
7722
7723 bacpy(&ev->addr.bdaddr, bdaddr);
7724 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7725 ev->rssi = rssi;
7726 ev->flags = cpu_to_le32(flags);
7727
7728 if (eir_len > 0)
7729 /* Copy EIR or advertising data into event */
7730 memcpy(ev->eir, eir, eir_len);
7731
7732 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7733 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7734 dev_class, 3);
7735
7736 if (scan_rsp_len > 0)
7737 /* Append scan response data to event */
7738 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7739
5d2e9fad
JH		 7740 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7741 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7742
901801b9 7743 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7744}
a88a9652 7745
9cf12aee
MH		 7746void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7747 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7748{
b644ba33
JH		 7749 struct mgmt_ev_device_found *ev;
7750 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7751 u16 eir_len;
a88a9652 7752
b644ba33 7753 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7754
b644ba33
JH		 7755 memset(buf, 0, sizeof(buf));
7756
7757 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7758 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7759 ev->rssi = rssi;
7760
7761 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7762 name_len);
b644ba33 7763
eb55ef07 7764 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7765
9cf12aee 7766 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7767}
314b2381 7768
2f1e063b 7769void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7770{
f963e8e9 7771 struct mgmt_ev_discovering ev;
164a6e78 7772
343fb145
AG		 7773 BT_DBG("%s discovering %u", hdev->name, discovering);
7774
f963e8e9
JH		 7775 memset(&ev, 0, sizeof(ev));
7776 ev.type = hdev->discovery.type;
7777 ev.discovering = discovering;
7778
2f1e063b 7779 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7780}
5e762444 7781
1904a853 7782static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 7783{
7784 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 7785}
7786
7787void mgmt_reenable_advertising(struct hci_dev *hdev)
7788{
7789 struct hci_request req;
7790
d7a5a11d 7791 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
5976e608
MH		 7792 return;
7793
7794 hci_req_init(&req, hdev);
7795 enable_advertising(&req);
0ec5ae84 7796 hci_req_run(&req, adv_enable_complete);
5976e608 7797}
6d785aa3
JH		 7798
7799static struct hci_mgmt_chan chan = {
7800 .channel = HCI_CHANNEL_CONTROL,
7801 .handler_count = ARRAY_SIZE(mgmt_handlers),
7802 .handlers = mgmt_handlers,
7803};
7804
7805int mgmt_init(void)
7806{
7807 return hci_mgmt_chan_register(&chan);
7808}
7809
7810void mgmt_exit(void)
7811{
7812 hci_mgmt_chan_unregister(&chan);
7813}
Linux kernel - Deliverables
This page took 0.9274 seconds and 5 git commands to generate.