projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Move HCI_ADVERTISING handling into mgmt.c
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
40456644 37#define MGMT_REVISION 5
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 82 MGMT_OP_SET_SECURE_CONN,
4e39ac81 83 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 84 MGMT_OP_SET_PRIVACY,
41edf160 85 MGMT_OP_LOAD_IRKS,
e70bb2e8
JH		 86};
87
88static const u16 mgmt_events[] = {
89 MGMT_EV_CONTROLLER_ERROR,
90 MGMT_EV_INDEX_ADDED,
91 MGMT_EV_INDEX_REMOVED,
92 MGMT_EV_NEW_SETTINGS,
93 MGMT_EV_CLASS_OF_DEV_CHANGED,
94 MGMT_EV_LOCAL_NAME_CHANGED,
95 MGMT_EV_NEW_LINK_KEY,
96 MGMT_EV_NEW_LONG_TERM_KEY,
97 MGMT_EV_DEVICE_CONNECTED,
98 MGMT_EV_DEVICE_DISCONNECTED,
99 MGMT_EV_CONNECT_FAILED,
100 MGMT_EV_PIN_CODE_REQUEST,
101 MGMT_EV_USER_CONFIRM_REQUEST,
102 MGMT_EV_USER_PASSKEY_REQUEST,
103 MGMT_EV_AUTH_FAILED,
104 MGMT_EV_DEVICE_FOUND,
105 MGMT_EV_DISCOVERING,
106 MGMT_EV_DEVICE_BLOCKED,
107 MGMT_EV_DEVICE_UNBLOCKED,
108 MGMT_EV_DEVICE_UNPAIRED,
92a25256 109 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 110 MGMT_EV_NEW_IRK,
e70bb2e8
JH		 111};
112
17b02e62 113#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 114
4b34ee78
JH		 115#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
116 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
117
eec8d2bc
JH		 118struct pending_cmd {
119 struct list_head list;
fc2f4b13 120 u16 opcode;
eec8d2bc 121 int index;
c68fb7ff 122 void *param;
eec8d2bc 123 struct sock *sk;
e9a416b5 124 void *user_data;
eec8d2bc
JH		 125};
126
ca69b795
JH		 127/* HCI to MGMT error code conversion table */
128static u8 mgmt_status_table[] = {
129 MGMT_STATUS_SUCCESS,
130 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
131 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
132 MGMT_STATUS_FAILED, /* Hardware Failure */
133 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
134 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 135 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 136 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
137 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
138 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
139 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
140 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
141 MGMT_STATUS_BUSY, /* Command Disallowed */
142 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
143 MGMT_STATUS_REJECTED, /* Rejected Security */
144 MGMT_STATUS_REJECTED, /* Rejected Personal */
145 MGMT_STATUS_TIMEOUT, /* Host Timeout */
146 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
147 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
148 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
149 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
150 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
151 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
152 MGMT_STATUS_BUSY, /* Repeated Attempts */
153 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
154 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
155 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
156 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
157 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
158 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
159 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
160 MGMT_STATUS_FAILED, /* Unspecified Error */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
162 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
163 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
164 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
165 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
166 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
167 MGMT_STATUS_FAILED, /* Unit Link Key Used */
168 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
169 MGMT_STATUS_TIMEOUT, /* Instant Passed */
170 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
171 MGMT_STATUS_FAILED, /* Transaction Collision */
172 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
173 MGMT_STATUS_REJECTED, /* QoS Rejected */
174 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
175 MGMT_STATUS_REJECTED, /* Insufficient Security */
176 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
177 MGMT_STATUS_BUSY, /* Role Switch Pending */
178 MGMT_STATUS_FAILED, /* Slot Violation */
179 MGMT_STATUS_FAILED, /* Role Switch Failed */
180 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
181 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
182 MGMT_STATUS_BUSY, /* Host Busy Pairing */
183 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
184 MGMT_STATUS_BUSY, /* Controller Busy */
185 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
186 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
187 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
188 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
189 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
190};
191
192static u8 mgmt_status(u8 hci_status)
193{
194 if (hci_status < ARRAY_SIZE(mgmt_status_table))
195 return mgmt_status_table[hci_status];
196
197 return MGMT_STATUS_FAILED;
198}
199
4e51eae9 200static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 201{
202 struct sk_buff *skb;
203 struct mgmt_hdr *hdr;
204 struct mgmt_ev_cmd_status *ev;
56b7d137 205 int err;
f7b64e69 206
34eb525c 207 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 208
790eff44 209 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 210 if (!skb)
211 return -ENOMEM;
212
213 hdr = (void *) skb_put(skb, sizeof(*hdr));
214
612dfce9 215 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 216 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 217 hdr->len = cpu_to_le16(sizeof(*ev));
218
219 ev = (void *) skb_put(skb, sizeof(*ev));
220 ev->status = status;
eb55ef07 221 ev->opcode = cpu_to_le16(cmd);
f7b64e69 222
56b7d137
GP		 223 err = sock_queue_rcv_skb(sk, skb);
224 if (err < 0)
f7b64e69
JH		 225 kfree_skb(skb);
226
56b7d137 227 return err;
f7b64e69
JH		 228}
229
aee9b218 230static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 231 void *rp, size_t rp_len)
02d98129
JH		 232{
233 struct sk_buff *skb;
234 struct mgmt_hdr *hdr;
235 struct mgmt_ev_cmd_complete *ev;
56b7d137 236 int err;
02d98129
JH		 237
238 BT_DBG("sock %p", sk);
239
790eff44 240 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 241 if (!skb)
242 return -ENOMEM;
243
244 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 245
612dfce9 246 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 247 hdr->index = cpu_to_le16(index);
a38528f1 248 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 249
a38528f1 250 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 251 ev->opcode = cpu_to_le16(cmd);
aee9b218 252 ev->status = status;
8020c16a
SJ		 253
254 if (rp)
255 memcpy(ev->data, rp, rp_len);
02d98129 256
56b7d137
GP		 257 err = sock_queue_rcv_skb(sk, skb);
258 if (err < 0)
02d98129
JH		 259 kfree_skb(skb);
260
e5f0e151 261 return err;
02d98129
JH		 262}
263
04124681
GP		 264static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
265 u16 data_len)
a38528f1
JH		 266{
267 struct mgmt_rp_read_version rp;
268
269 BT_DBG("sock %p", sk);
270
271 rp.version = MGMT_VERSION;
eb55ef07 272 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 273
aee9b218 274 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 275 sizeof(rp));
a38528f1
JH		 276}
277
04124681
GP		 278static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
279 u16 data_len)
e70bb2e8
JH		 280{
281 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 282 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
283 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 284 __le16 *opcode;
e70bb2e8
JH		 285 size_t rp_size;
286 int i, err;
287
288 BT_DBG("sock %p", sk);
289
290 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
291
292 rp = kmalloc(rp_size, GFP_KERNEL);
293 if (!rp)
294 return -ENOMEM;
295
eb55ef07
MH		 296 rp->num_commands = __constant_cpu_to_le16(num_commands);
297 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 298
299 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
300 put_unaligned_le16(mgmt_commands[i], opcode);
301
302 for (i = 0; i < num_events; i++, opcode++)
303 put_unaligned_le16(mgmt_events[i], opcode);
304
aee9b218 305 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 306 rp_size);
e70bb2e8
JH		 307 kfree(rp);
308
309 return err;
310}
311
04124681
GP		 312static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
313 u16 data_len)
faba42eb 314{
faba42eb 315 struct mgmt_rp_read_index_list *rp;
8035ded4 316 struct hci_dev *d;
a38528f1 317 size_t rp_len;
faba42eb 318 u16 count;
476e44cb 319 int err;
faba42eb
JH		 320
321 BT_DBG("sock %p", sk);
322
323 read_lock(&hci_dev_list_lock);
324
325 count = 0;
bb4b2a9a 326 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 327 if (d->dev_type == HCI_BREDR)
328 count++;
faba42eb
JH		 329 }
330
a38528f1
JH		 331 rp_len = sizeof(*rp) + (2 * count);
332 rp = kmalloc(rp_len, GFP_ATOMIC);
333 if (!rp) {
b2c60d42 334 read_unlock(&hci_dev_list_lock);
faba42eb 335 return -ENOMEM;
b2c60d42 336 }
faba42eb 337
476e44cb 338 count = 0;
8035ded4 339 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 340 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 341 continue;
342
0736cfa8
MH		 343 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
344 continue;
345
1514b892
MH		 346 if (d->dev_type == HCI_BREDR) {
347 rp->index[count++] = cpu_to_le16(d->id);
348 BT_DBG("Added hci%u", d->id);
349 }
faba42eb
JH		 350 }
351
476e44cb
JH		 352 rp->num_controllers = cpu_to_le16(count);
353 rp_len = sizeof(*rp) + (2 * count);
354
faba42eb
JH		 355 read_unlock(&hci_dev_list_lock);
356
aee9b218 357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 358 rp_len);
faba42eb 359
a38528f1
JH		 360 kfree(rp);
361
362 return err;
faba42eb
JH		 363}
364
69ab39ea
JH		 365static u32 get_supported_settings(struct hci_dev *hdev)
366{
367 u32 settings = 0;
368
369 settings |= MGMT_SETTING_POWERED;
69ab39ea 370 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 371 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 372
ed3fa31f 373 if (lmp_bredr_capable(hdev)) {
33c525c0 374 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 375 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
376 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 377 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 378 settings |= MGMT_SETTING_BREDR;
379 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 380
381 if (lmp_ssp_capable(hdev)) {
382 settings |= MGMT_SETTING_SSP;
383 settings |= MGMT_SETTING_HS;
384 }
e98d2ce2 385
5afeac14
MH		 386 if (lmp_sc_capable(hdev) ||
387 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
e98d2ce2 388 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 389 }
d7b7e796 390
eeca6f89 391 if (lmp_le_capable(hdev)) {
9d42820f 392 settings |= MGMT_SETTING_LE;
eeca6f89 393 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 394 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 395 }
69ab39ea
JH		 396
397 return settings;
398}
399
400static u32 get_current_settings(struct hci_dev *hdev)
401{
402 u32 settings = 0;
403
f1f0eb02 404 if (hdev_is_powered(hdev))
f0d4b78a
MH		 405 settings |= MGMT_SETTING_POWERED;
406
5e5282bb 407 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 408 settings |= MGMT_SETTING_CONNECTABLE;
409
1a4d3c4b
JH		 410 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
411 settings |= MGMT_SETTING_FAST_CONNECTABLE;
412
5e5282bb 413 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 414 settings |= MGMT_SETTING_DISCOVERABLE;
415
a8b2d5c2 416 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_PAIRABLE;
418
56f87901 419 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_BREDR;
421
06199cf8 422 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 423 settings |= MGMT_SETTING_LE;
424
47990ea0 425 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 426 settings |= MGMT_SETTING_LINK_SECURITY;
427
84bde9d6 428 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 429 settings |= MGMT_SETTING_SSP;
430
6d80dfd0
JH		 431 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
432 settings |= MGMT_SETTING_HS;
433
f3d3444a 434 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 435 settings |= MGMT_SETTING_ADVERTISING;
436
e98d2ce2
MH		 437 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
438 settings |= MGMT_SETTING_SECURE_CONN;
439
b1de97d8
MH		 440 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
441 settings |= MGMT_SETTING_DEBUG_KEYS;
442
0f4bd942
JH		 443 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
444 settings |= MGMT_SETTING_PRIVACY;
445
69ab39ea
JH		 446 return settings;
447}
448
ef580372
JH		 449#define PNP_INFO_SVCLASS_ID 0x1200
450
213202ed
JH		 451static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
452{
453 u8 *ptr = data, *uuids_start = NULL;
454 struct bt_uuid *uuid;
455
456 if (len < 4)
457 return ptr;
458
459 list_for_each_entry(uuid, &hdev->uuids, list) {
460 u16 uuid16;
461
462 if (uuid->size != 16)
463 continue;
464
465 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
466 if (uuid16 < 0x1100)
467 continue;
468
469 if (uuid16 == PNP_INFO_SVCLASS_ID)
470 continue;
471
472 if (!uuids_start) {
473 uuids_start = ptr;
474 uuids_start[0] = 1;
475 uuids_start[1] = EIR_UUID16_ALL;
476 ptr += 2;
477 }
478
479 /* Stop if not enough space to put next UUID */
480 if ((ptr - data) + sizeof(u16) > len) {
481 uuids_start[1] = EIR_UUID16_SOME;
482 break;
483 }
484
485 *ptr++ = (uuid16 & 0x00ff);
486 *ptr++ = (uuid16 & 0xff00) >> 8;
487 uuids_start[0] += sizeof(uuid16);
488 }
489
490 return ptr;
491}
492
cdf1963f
JH		 493static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
494{
495 u8 *ptr = data, *uuids_start = NULL;
496 struct bt_uuid *uuid;
497
498 if (len < 6)
499 return ptr;
500
501 list_for_each_entry(uuid, &hdev->uuids, list) {
502 if (uuid->size != 32)
503 continue;
504
505 if (!uuids_start) {
506 uuids_start = ptr;
507 uuids_start[0] = 1;
508 uuids_start[1] = EIR_UUID32_ALL;
509 ptr += 2;
510 }
511
512 /* Stop if not enough space to put next UUID */
513 if ((ptr - data) + sizeof(u32) > len) {
514 uuids_start[1] = EIR_UUID32_SOME;
515 break;
516 }
517
518 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
519 ptr += sizeof(u32);
520 uuids_start[0] += sizeof(u32);
521 }
522
523 return ptr;
524}
525
c00d575b
JH		 526static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
527{
528 u8 *ptr = data, *uuids_start = NULL;
529 struct bt_uuid *uuid;
530
531 if (len < 18)
532 return ptr;
533
534 list_for_each_entry(uuid, &hdev->uuids, list) {
535 if (uuid->size != 128)
536 continue;
537
538 if (!uuids_start) {
539 uuids_start = ptr;
540 uuids_start[0] = 1;
541 uuids_start[1] = EIR_UUID128_ALL;
542 ptr += 2;
543 }
544
545 /* Stop if not enough space to put next UUID */
546 if ((ptr - data) + 16 > len) {
547 uuids_start[1] = EIR_UUID128_SOME;
548 break;
549 }
550
551 memcpy(ptr, uuid->uuid, 16);
552 ptr += 16;
553 uuids_start[0] += 16;
554 }
555
556 return ptr;
557}
558
eb2a8d20
JH		 559static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
560{
561 struct pending_cmd *cmd;
562
563 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
564 if (cmd->opcode == opcode)
565 return cmd;
566 }
567
568 return NULL;
569}
570
f14d8f64
MH		 571static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
572{
7a5f4990
MH		 573 u8 ad_len = 0;
574 size_t name_len;
575
576 name_len = strlen(hdev->dev_name);
577 if (name_len > 0) {
578 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
579
580 if (name_len > max_len) {
581 name_len = max_len;
582 ptr[1] = EIR_NAME_SHORT;
583 } else
584 ptr[1] = EIR_NAME_COMPLETE;
585
586 ptr[0] = name_len + 1;
587
588 memcpy(ptr + 2, hdev->dev_name, name_len);
589
590 ad_len += (name_len + 2);
591 ptr += (name_len + 2);
592 }
593
594 return ad_len;
f14d8f64
MH		 595}
596
597static void update_scan_rsp_data(struct hci_request *req)
598{
599 struct hci_dev *hdev = req->hdev;
600 struct hci_cp_le_set_scan_rsp_data cp;
601 u8 len;
602
7751ef1b 603 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 604 return;
605
606 memset(&cp, 0, sizeof(cp));
607
608 len = create_scan_rsp_data(hdev, cp.data);
609
eb438b5f
JH		 610 if (hdev->scan_rsp_data_len == len &&
611 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 612 return;
613
eb438b5f
JH		 614 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
615 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 616
617 cp.length = len;
618
619 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
620}
621
9a43e25f
JH		 622static u8 get_adv_discov_flags(struct hci_dev *hdev)
623{
624 struct pending_cmd *cmd;
625
626 /* If there's a pending mgmt command the flags will not yet have
627 * their final values, so check for this first.
628 */
629 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
630 if (cmd) {
631 struct mgmt_mode *cp = cmd->param;
632 if (cp->val == 0x01)
633 return LE_AD_GENERAL;
634 else if (cp->val == 0x02)
635 return LE_AD_LIMITED;
636 } else {
637 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
638 return LE_AD_LIMITED;
639 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
640 return LE_AD_GENERAL;
641 }
642
643 return 0;
644}
645
46cad2ed 646static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 647{
648 u8 ad_len = 0, flags = 0;
441ad2d0 649
9a43e25f 650 flags |= get_adv_discov_flags(hdev);
441ad2d0 651
e834004b 652 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 653 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 654
655 if (flags) {
656 BT_DBG("adv flags 0x%02x", flags);
657
658 ptr[0] = 2;
659 ptr[1] = EIR_FLAGS;
660 ptr[2] = flags;
661
662 ad_len += 3;
663 ptr += 3;
664 }
665
666 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
667 ptr[0] = 2;
668 ptr[1] = EIR_TX_POWER;
669 ptr[2] = (u8) hdev->adv_tx_power;
670
671 ad_len += 3;
672 ptr += 3;
673 }
674
441ad2d0
MH		 675 return ad_len;
676}
677
5947f4bc 678static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 679{
680 struct hci_dev *hdev = req->hdev;
681 struct hci_cp_le_set_adv_data cp;
682 u8 len;
683
10994ce6 684 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 685 return;
686
687 memset(&cp, 0, sizeof(cp));
688
46cad2ed 689 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 690
691 if (hdev->adv_data_len == len &&
692 memcmp(cp.data, hdev->adv_data, len) == 0)
693 return;
694
695 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
696 hdev->adv_data_len = len;
697
698 cp.length = len;
699
700 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
701}
702
ef580372
JH		 703static void create_eir(struct hci_dev *hdev, u8 *data)
704{
705 u8 *ptr = data;
ef580372
JH		 706 size_t name_len;
707
708 name_len = strlen(hdev->dev_name);
709
710 if (name_len > 0) {
711 /* EIR Data type */
712 if (name_len > 48) {
713 name_len = 48;
714 ptr[1] = EIR_NAME_SHORT;
715 } else
716 ptr[1] = EIR_NAME_COMPLETE;
717
718 /* EIR Data length */
719 ptr[0] = name_len + 1;
720
721 memcpy(ptr + 2, hdev->dev_name, name_len);
722
ef580372
JH		 723 ptr += (name_len + 2);
724 }
725
bbaf444a 726 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 727 ptr[0] = 2;
728 ptr[1] = EIR_TX_POWER;
729 ptr[2] = (u8) hdev->inq_tx_power;
730
91c4e9b1
MH		 731 ptr += 3;
732 }
733
2b9be137
MH		 734 if (hdev->devid_source > 0) {
735 ptr[0] = 9;
736 ptr[1] = EIR_DEVICE_ID;
737
738 put_unaligned_le16(hdev->devid_source, ptr + 2);
739 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
740 put_unaligned_le16(hdev->devid_product, ptr + 6);
741 put_unaligned_le16(hdev->devid_version, ptr + 8);
742
2b9be137
MH		 743 ptr += 10;
744 }
745
213202ed 746 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 747 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 748 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 749}
750
890ea898 751static void update_eir(struct hci_request *req)
ef580372 752{
890ea898 753 struct hci_dev *hdev = req->hdev;
ef580372
JH		 754 struct hci_cp_write_eir cp;
755
504c8dcd 756 if (!hdev_is_powered(hdev))
890ea898 757 return;
7770c4aa 758
976eb20e 759 if (!lmp_ext_inq_capable(hdev))
890ea898 760 return;
ef580372 761
84bde9d6 762 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 763 return;
ef580372 764
a8b2d5c2 765 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 766 return;
ef580372
JH		 767
768 memset(&cp, 0, sizeof(cp));
769
770 create_eir(hdev, cp.data);
771
772 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 773 return;
ef580372
JH		 774
775 memcpy(hdev->eir, cp.data, sizeof(cp.data));
776
890ea898 777 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 778}
779
780static u8 get_service_classes(struct hci_dev *hdev)
781{
782 struct bt_uuid *uuid;
783 u8 val = 0;
784
785 list_for_each_entry(uuid, &hdev->uuids, list)
786 val |= uuid->svc_hint;
787
788 return val;
789}
790
890ea898 791static void update_class(struct hci_request *req)
ef580372 792{
890ea898 793 struct hci_dev *hdev = req->hdev;
ef580372
JH		 794 u8 cod[3];
795
796 BT_DBG("%s", hdev->name);
797
504c8dcd 798 if (!hdev_is_powered(hdev))
890ea898 799 return;
7770c4aa 800
f87ea1da
JH		 801 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
802 return;
803
a8b2d5c2 804 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 805 return;
ef580372
JH		 806
807 cod[0] = hdev->minor_class;
808 cod[1] = hdev->major_class;
809 cod[2] = get_service_classes(hdev);
810
6acd7db4
MH		 811 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
812 cod[1] |= 0x20;
813
ef580372 814 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 815 return;
ef580372 816
890ea898 817 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 818}
819
199a2fb1
JH		 820static u8 get_adv_type(struct hci_dev *hdev)
821{
822 struct pending_cmd *cmd;
823 bool connectable;
824
825 /* If there's a pending mgmt command the flag will not yet have
826 * it's final value, so check for this first.
827 */
828 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
829 if (cmd) {
830 struct mgmt_mode *cp = cmd->param;
831 connectable = !!cp->val;
832 } else {
833 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
834 }
835
836 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
837}
838
839static void enable_advertising(struct hci_request *req)
840{
841 struct hci_dev *hdev = req->hdev;
842 struct hci_cp_le_set_adv_param cp;
8f2a0601 843 u8 own_addr_type, enable = 0x01;
41c90c18 844 bool require_privacy;
199a2fb1 845
41c90c18 846 require_privacy = !test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
8f2a0601 847
41c90c18 848 if (hci_update_random_address(req, require_privacy, &own_addr_type) < 0)
8f2a0601
JH		 849 return;
850
41c90c18 851 memset(&cp, 0, sizeof(cp));
199a2fb1
JH		 852 cp.min_interval = __constant_cpu_to_le16(0x0800);
853 cp.max_interval = __constant_cpu_to_le16(0x0800);
854 cp.type = get_adv_type(hdev);
8f2a0601 855 cp.own_address_type = own_addr_type;
199a2fb1
JH		 856 cp.channel_map = hdev->le_adv_channel_map;
857
858 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
859
860 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
861}
862
863static void disable_advertising(struct hci_request *req)
864{
865 u8 enable = 0x00;
866
867 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
868}
869
7d78525d
JH		 870static void service_cache_off(struct work_struct *work)
871{
872 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 873 service_cache.work);
890ea898 874 struct hci_request req;
7d78525d 875
a8b2d5c2 876 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 877 return;
878
890ea898
JH		 879 hci_req_init(&req, hdev);
880
7d78525d
JH		 881 hci_dev_lock(hdev);
882
890ea898
JH		 883 update_eir(&req);
884 update_class(&req);
7d78525d
JH		 885
886 hci_dev_unlock(hdev);
890ea898
JH		 887
888 hci_req_run(&req, NULL);
7d78525d
JH		 889}
890
d6bfd59c
JH		 891static void rpa_expired(struct work_struct *work)
892{
893 struct hci_dev *hdev = container_of(work, struct hci_dev,
894 rpa_expired.work);
895 struct hci_request req;
896
897 BT_DBG("");
898
899 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
900
901 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
902 hci_conn_num(hdev, LE_LINK) > 0)
903 return;
904
905 /* The generation of a new RPA and programming it into the
906 * controller happens in the enable_advertising() function.
907 */
908
909 hci_req_init(&req, hdev);
910
911 disable_advertising(&req);
912 enable_advertising(&req);
913
914 hci_req_run(&req, NULL);
915}
916
6a919082 917static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 918{
4f87da80 919 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 920 return;
921
4f87da80 922 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 923 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 924
4f87da80
JH		 925 /* Non-mgmt controlled devices get this bit set
926 * implicitly so that pairing works for them, however
927 * for mgmt we require user-space to explicitly enable
928 * it
929 */
930 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 931}
932
0f4e68cf 933static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 934 void *data, u16 data_len)
0381101f 935{
a38528f1 936 struct mgmt_rp_read_info rp;
f7b64e69 937
bdb6d971 938 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 939
09fd0de5 940 hci_dev_lock(hdev);
f7b64e69 941
dc4fe30b
JH		 942 memset(&rp, 0, sizeof(rp));
943
69ab39ea 944 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 945
69ab39ea 946 rp.version = hdev->hci_ver;
eb55ef07 947 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 948
949 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
950 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 951
a38528f1 952 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 953
dc4fe30b 954 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 955 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 956
09fd0de5 957 hci_dev_unlock(hdev);
0381101f 958
bdb6d971 959 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 960 sizeof(rp));
0381101f
JH		 961}
962
eec8d2bc
JH		 963static void mgmt_pending_free(struct pending_cmd *cmd)
964{
965 sock_put(cmd->sk);
c68fb7ff 966 kfree(cmd->param);
eec8d2bc
JH		 967 kfree(cmd);
968}
969
366a0336 970static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 971 struct hci_dev *hdev, void *data,
972 u16 len)
eec8d2bc
JH		 973{
974 struct pending_cmd *cmd;
975
12b94565 976 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 977 if (!cmd)
366a0336 978 return NULL;
eec8d2bc
JH		 979
980 cmd->opcode = opcode;
2e58ef3e 981 cmd->index = hdev->id;
eec8d2bc 982
12b94565 983 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 984 if (!cmd->param) {
eec8d2bc 985 kfree(cmd);
366a0336 986 return NULL;
eec8d2bc
JH		 987 }
988
8fce6357
SJ		 989 if (data)
990 memcpy(cmd->param, data, len);
eec8d2bc
JH		 991
992 cmd->sk = sk;
993 sock_hold(sk);
994
2e58ef3e 995 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 996
366a0336 997 return cmd;
eec8d2bc
JH		 998}
999
744cf19e 1000static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1001 void (*cb)(struct pending_cmd *cmd,
1002 void *data),
04124681 1003 void *data)
eec8d2bc 1004{
a3d09356 1005 struct pending_cmd *cmd, *tmp;
eec8d2bc 1006
a3d09356 1007 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1008 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1009 continue;
1010
eec8d2bc
JH		 1011 cb(cmd, data);
1012 }
1013}
1014
a664b5bc 1015static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1016{
73f22f62
JH		 1017 list_del(&cmd->list);
1018 mgmt_pending_free(cmd);
1019}
1020
69ab39ea 1021static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1022{
69ab39ea 1023 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1024
aee9b218 1025 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1026 sizeof(settings));
8680570b
JH		 1027}
1028
bdb6d971 1029static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1030 u16 len)
eec8d2bc 1031{
650f726d 1032 struct mgmt_mode *cp = data;
366a0336 1033 struct pending_cmd *cmd;
4b34ee78 1034 int err;
eec8d2bc 1035
bdb6d971 1036 BT_DBG("request for %s", hdev->name);
eec8d2bc 1037
a7e80f25
JH		 1038 if (cp->val != 0x00 && cp->val != 0x01)
1039 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1040 MGMT_STATUS_INVALID_PARAMS);
1041
09fd0de5 1042 hci_dev_lock(hdev);
eec8d2bc 1043
87b95ba6
JH		 1044 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1045 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1046 MGMT_STATUS_BUSY);
1047 goto failed;
1048 }
1049
f0d4b78a
MH		 1050 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1051 cancel_delayed_work(&hdev->power_off);
1052
1053 if (cp->val) {
a1d70450
JH		 1054 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1055 data, len);
1056 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1057 goto failed;
1058 }
1059 }
1060
4b34ee78 1061 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1062 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1063 goto failed;
1064 }
1065
2e58ef3e 1066 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1067 if (!cmd) {
1068 err = -ENOMEM;
eec8d2bc 1069 goto failed;
366a0336 1070 }
eec8d2bc 1071
72a734ec 1072 if (cp->val)
19202573 1073 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 1074 else
19202573 1075 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 1076
366a0336 1077 err = 0;
eec8d2bc
JH		 1078
1079failed:
09fd0de5 1080 hci_dev_unlock(hdev);
366a0336 1081 return err;
eec8d2bc
JH		 1082}
1083
04124681
GP		 1084static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1085 struct sock *skip_sk)
beadb2bd
JH		 1086{
1087 struct sk_buff *skb;
1088 struct mgmt_hdr *hdr;
1089
790eff44 1090 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1091 if (!skb)
1092 return -ENOMEM;
1093
1094 hdr = (void *) skb_put(skb, sizeof(*hdr));
1095 hdr->opcode = cpu_to_le16(event);
1096 if (hdev)
1097 hdr->index = cpu_to_le16(hdev->id);
1098 else
612dfce9 1099 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1100 hdr->len = cpu_to_le16(data_len);
1101
1102 if (data)
1103 memcpy(skb_put(skb, data_len), data, data_len);
1104
97e0bdeb
MH		 1105 /* Time stamp */
1106 __net_timestamp(skb);
1107
beadb2bd
JH		 1108 hci_send_to_control(skb, skip_sk);
1109 kfree_skb(skb);
1110
1111 return 0;
1112}
1113
1114static int new_settings(struct hci_dev *hdev, struct sock *skip)
1115{
1116 __le32 ev;
1117
1118 ev = cpu_to_le32(get_current_settings(hdev));
1119
1120 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1121}
1122
bd99abdd
JH		 1123struct cmd_lookup {
1124 struct sock *sk;
1125 struct hci_dev *hdev;
1126 u8 mgmt_status;
1127};
1128
1129static void settings_rsp(struct pending_cmd *cmd, void *data)
1130{
1131 struct cmd_lookup *match = data;
1132
1133 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1134
1135 list_del(&cmd->list);
1136
1137 if (match->sk == NULL) {
1138 match->sk = cmd->sk;
1139 sock_hold(match->sk);
1140 }
1141
1142 mgmt_pending_free(cmd);
1143}
1144
1145static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1146{
1147 u8 *status = data;
1148
1149 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1150 mgmt_pending_remove(cmd);
1151}
1152
e6fe7986
JH		 1153static u8 mgmt_bredr_support(struct hci_dev *hdev)
1154{
1155 if (!lmp_bredr_capable(hdev))
1156 return MGMT_STATUS_NOT_SUPPORTED;
1157 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1158 return MGMT_STATUS_REJECTED;
1159 else
1160 return MGMT_STATUS_SUCCESS;
1161}
1162
1163static u8 mgmt_le_support(struct hci_dev *hdev)
1164{
1165 if (!lmp_le_capable(hdev))
1166 return MGMT_STATUS_NOT_SUPPORTED;
1167 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1168 return MGMT_STATUS_REJECTED;
1169 else
1170 return MGMT_STATUS_SUCCESS;
1171}
1172
bfaf8c9f
JH		 1173static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1174{
1175 struct pending_cmd *cmd;
1176 struct mgmt_mode *cp;
970ba524 1177 struct hci_request req;
bfaf8c9f
JH		 1178 bool changed;
1179
1180 BT_DBG("status 0x%02x", status);
1181
1182 hci_dev_lock(hdev);
1183
1184 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1185 if (!cmd)
1186 goto unlock;
1187
1188 if (status) {
1189 u8 mgmt_err = mgmt_status(status);
1190 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1191 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1192 goto remove_cmd;
1193 }
1194
1195 cp = cmd->param;
d4462a07 1196 if (cp->val) {
bfaf8c9f
JH		 1197 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1198 &hdev->dev_flags);
d4462a07
MH		 1199
1200 if (hdev->discov_timeout > 0) {
1201 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1202 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1203 to);
1204 }
1205 } else {
bfaf8c9f
JH		 1206 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1207 &hdev->dev_flags);
d4462a07 1208 }
bfaf8c9f
JH		 1209
1210 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1211
1212 if (changed)
1213 new_settings(hdev, cmd->sk);
1214
970ba524
MH		 1215 /* When the discoverable mode gets changed, make sure
1216 * that class of device has the limited discoverable
1217 * bit correctly set.
1218 */
1219 hci_req_init(&req, hdev);
1220 update_class(&req);
1221 hci_req_run(&req, NULL);
1222
bfaf8c9f
JH		 1223remove_cmd:
1224 mgmt_pending_remove(cmd);
1225
1226unlock:
1227 hci_dev_unlock(hdev);
1228}
1229
bdb6d971 1230static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1231 u16 len)
73f22f62 1232{
650f726d 1233 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1234 struct pending_cmd *cmd;
bfaf8c9f 1235 struct hci_request req;
5e5282bb 1236 u16 timeout;
9a43e25f 1237 u8 scan;
73f22f62
JH		 1238 int err;
1239
bdb6d971 1240 BT_DBG("request for %s", hdev->name);
73f22f62 1241
9a43e25f
JH		 1242 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1243 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1244 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1245 MGMT_STATUS_REJECTED);
33c525c0 1246
310a3d48 1247 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1248 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1249 MGMT_STATUS_INVALID_PARAMS);
1250
1f350c87 1251 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1252
1253 /* Disabling discoverable requires that no timeout is set,
1254 * and enabling limited discoverable requires a timeout.
1255 */
1256 if ((cp->val == 0x00 && timeout > 0) ||
1257 (cp->val == 0x02 && timeout == 0))
bdb6d971 1258 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1259 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1260
09fd0de5 1261 hci_dev_lock(hdev);
73f22f62 1262
5e5282bb 1263 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1264 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1265 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1266 goto failed;
1267 }
1268
2e58ef3e 1269 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1270 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1271 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1272 MGMT_STATUS_BUSY);
73f22f62
JH		 1273 goto failed;
1274 }
1275
5e5282bb 1276 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1277 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1278 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1279 goto failed;
1280 }
1281
1282 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1283 bool changed = false;
1284
310a3d48
MH		 1285 /* Setting limited discoverable when powered off is
1286 * not a valid operation since it requires a timeout
1287 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1288 */
0224d2fa
JH		 1289 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1290 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1291 changed = true;
1292 }
1293
5e5282bb 1294 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1295 if (err < 0)
1296 goto failed;
1297
1298 if (changed)
1299 err = new_settings(hdev, sk);
1300
5e5282bb
JH		 1301 goto failed;
1302 }
1303
310a3d48
MH		 1304 /* If the current mode is the same, then just update the timeout
1305 * value with the new value. And if only the timeout gets updated,
1306 * then no need for any HCI transactions.
1307 */
1308 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1309 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1310 &hdev->dev_flags)) {
36261547
MH		 1311 cancel_delayed_work(&hdev->discov_off);
1312 hdev->discov_timeout = timeout;
955638ec 1313
36261547
MH		 1314 if (cp->val && hdev->discov_timeout > 0) {
1315 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1316 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1317 to);
955638ec
MH		 1318 }
1319
69ab39ea 1320 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1321 goto failed;
1322 }
1323
2e58ef3e 1324 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1325 if (!cmd) {
1326 err = -ENOMEM;
73f22f62 1327 goto failed;
366a0336 1328 }
73f22f62 1329
310a3d48
MH		 1330 /* Cancel any potential discoverable timeout that might be
1331 * still active and store new timeout value. The arming of
1332 * the timeout happens in the complete handler.
1333 */
1334 cancel_delayed_work(&hdev->discov_off);
1335 hdev->discov_timeout = timeout;
1336
b456f87c
JH		 1337 /* Limited discoverable mode */
1338 if (cp->val == 0x02)
1339 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1340 else
1341 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1342
bfaf8c9f
JH		 1343 hci_req_init(&req, hdev);
1344
9a43e25f
JH		 1345 /* The procedure for LE-only controllers is much simpler - just
1346 * update the advertising data.
1347 */
1348 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1349 goto update_ad;
1350
73f22f62
JH		 1351 scan = SCAN_PAGE;
1352
310a3d48
MH		 1353 if (cp->val) {
1354 struct hci_cp_write_current_iac_lap hci_cp;
1355
1356 if (cp->val == 0x02) {
1357 /* Limited discoverable mode */
33337dcb 1358 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1359 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1360 hci_cp.iac_lap[1] = 0x8b;
1361 hci_cp.iac_lap[2] = 0x9e;
1362 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1363 hci_cp.iac_lap[4] = 0x8b;
1364 hci_cp.iac_lap[5] = 0x9e;
1365 } else {
1366 /* General discoverable mode */
310a3d48
MH		 1367 hci_cp.num_iac = 1;
1368 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1369 hci_cp.iac_lap[1] = 0x8b;
1370 hci_cp.iac_lap[2] = 0x9e;
1371 }
1372
1373 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1374 (hci_cp.num_iac * 3) + 1, &hci_cp);
1375
73f22f62 1376 scan |= SCAN_INQUIRY;
310a3d48
MH		 1377 } else {
1378 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1379 }
73f22f62 1380
310a3d48 1381 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1382
9a43e25f
JH		 1383update_ad:
1384 update_adv_data(&req);
1385
bfaf8c9f 1386 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1387 if (err < 0)
a664b5bc 1388 mgmt_pending_remove(cmd);
73f22f62
JH		 1389
1390failed:
09fd0de5 1391 hci_dev_unlock(hdev);
73f22f62
JH		 1392 return err;
1393}
1394
406d7804
JH		 1395static void write_fast_connectable(struct hci_request *req, bool enable)
1396{
bd98b996 1397 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1398 struct hci_cp_write_page_scan_activity acp;
1399 u8 type;
1400
547003b1
JH		 1401 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1402 return;
1403
4c01f8b8
JH		 1404 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1405 return;
1406
406d7804
JH		 1407 if (enable) {
1408 type = PAGE_SCAN_TYPE_INTERLACED;
1409
1410 /* 160 msec page scan interval */
1411 acp.interval = __constant_cpu_to_le16(0x0100);
1412 } else {
1413 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1414
1415 /* default 1.28 sec page scan */
1416 acp.interval = __constant_cpu_to_le16(0x0800);
1417 }
1418
1419 acp.window = __constant_cpu_to_le16(0x0012);
1420
bd98b996
JH		 1421 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1422 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1423 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1424 sizeof(acp), &acp);
1425
1426 if (hdev->page_scan_type != type)
1427 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1428}
1429
2b76f453
JH		 1430static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1431{
1432 struct pending_cmd *cmd;
d7b856f9
JH		 1433 struct mgmt_mode *cp;
1434 bool changed;
2b76f453
JH		 1435
1436 BT_DBG("status 0x%02x", status);
1437
1438 hci_dev_lock(hdev);
1439
1440 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1441 if (!cmd)
1442 goto unlock;
1443
37438c1f
JH		 1444 if (status) {
1445 u8 mgmt_err = mgmt_status(status);
1446 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1447 goto remove_cmd;
1448 }
1449
d7b856f9
JH		 1450 cp = cmd->param;
1451 if (cp->val)
1452 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1453 else
1454 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1455
2b76f453
JH		 1456 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1457
d7b856f9
JH		 1458 if (changed)
1459 new_settings(hdev, cmd->sk);
1460
37438c1f 1461remove_cmd:
2b76f453
JH		 1462 mgmt_pending_remove(cmd);
1463
1464unlock:
1465 hci_dev_unlock(hdev);
1466}
1467
e8ba3a1f
JH		 1468static int set_connectable_update_settings(struct hci_dev *hdev,
1469 struct sock *sk, u8 val)
1470{
1471 bool changed = false;
1472 int err;
1473
1474 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1475 changed = true;
1476
1477 if (val) {
1478 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1479 } else {
1480 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1481 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1482 }
1483
1484 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1485 if (err < 0)
1486 return err;
1487
1488 if (changed)
1489 return new_settings(hdev, sk);
1490
1491 return 0;
1492}
1493
bdb6d971 1494static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1495 u16 len)
9fbcbb45 1496{
650f726d 1497 struct mgmt_mode *cp = data;
366a0336 1498 struct pending_cmd *cmd;
2b76f453 1499 struct hci_request req;
1987fdc7 1500 u8 scan;
9fbcbb45
JH		 1501 int err;
1502
bdb6d971 1503 BT_DBG("request for %s", hdev->name);
9fbcbb45 1504
1987fdc7
JH		 1505 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1506 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1507 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1508 MGMT_STATUS_REJECTED);
33c525c0 1509
a7e80f25
JH		 1510 if (cp->val != 0x00 && cp->val != 0x01)
1511 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1512 MGMT_STATUS_INVALID_PARAMS);
1513
09fd0de5 1514 hci_dev_lock(hdev);
9fbcbb45 1515
4b34ee78 1516 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1517 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1518 goto failed;
1519 }
1520
2e58ef3e 1521 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1522 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1523 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1524 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1525 goto failed;
1526 }
1527
2e58ef3e 1528 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1529 if (!cmd) {
1530 err = -ENOMEM;
9fbcbb45 1531 goto failed;
366a0336 1532 }
9fbcbb45 1533
9b74246f 1534 hci_req_init(&req, hdev);
9fbcbb45 1535
9a43e25f
JH		 1536 /* If BR/EDR is not enabled and we disable advertising as a
1537 * by-product of disabling connectable, we need to update the
1538 * advertising flags.
1539 */
1540 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1541 if (!cp->val) {
1542 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1543 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1544 }
1545 update_adv_data(&req);
1546 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1547 if (cp->val) {
1548 scan = SCAN_PAGE;
1549 } else {
1550 scan = 0;
1551
1552 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1553 hdev->discov_timeout > 0)
9b74246f
JH		 1554 cancel_delayed_work(&hdev->discov_off);
1555 }
2b76f453 1556
9b74246f
JH		 1557 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1558 }
2b76f453 1559
4c01f8b8
JH		 1560 /* If we're going from non-connectable to connectable or
1561 * vice-versa when fast connectable is enabled ensure that fast
1562 * connectable gets disabled. write_fast_connectable won't do
1563 * anything if the page scan parameters are already what they
1564 * should be.
1565 */
1566 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1567 write_fast_connectable(&req, false);
1568
1987fdc7
JH		 1569 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1570 hci_conn_num(hdev, LE_LINK) == 0) {
1571 disable_advertising(&req);
1572 enable_advertising(&req);
1573 }
1574
2b76f453 1575 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1576 if (err < 0) {
a664b5bc 1577 mgmt_pending_remove(cmd);
9b74246f 1578 if (err == -ENODATA)
a81070ba
JH		 1579 err = set_connectable_update_settings(hdev, sk,
1580 cp->val);
9b74246f
JH		 1581 goto failed;
1582 }
9fbcbb45
JH		 1583
1584failed:
09fd0de5 1585 hci_dev_unlock(hdev);
9fbcbb45
JH		 1586 return err;
1587}
1588
bdb6d971 1589static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1590 u16 len)
c542a06c 1591{
650f726d 1592 struct mgmt_mode *cp = data;
55594356 1593 bool changed;
c542a06c
JH		 1594 int err;
1595
bdb6d971 1596 BT_DBG("request for %s", hdev->name);
c542a06c 1597
a7e80f25
JH		 1598 if (cp->val != 0x00 && cp->val != 0x01)
1599 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1600 MGMT_STATUS_INVALID_PARAMS);
1601
09fd0de5 1602 hci_dev_lock(hdev);
c542a06c
JH		 1603
1604 if (cp->val)
55594356 1605 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1606 else
55594356 1607 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1608
69ab39ea 1609 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1610 if (err < 0)
55594356 1611 goto unlock;
c542a06c 1612
55594356
MH		 1613 if (changed)
1614 err = new_settings(hdev, sk);
c542a06c 1615
55594356 1616unlock:
09fd0de5 1617 hci_dev_unlock(hdev);
c542a06c
JH		 1618 return err;
1619}
1620
04124681
GP		 1621static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1622 u16 len)
33ef95ed
JH		 1623{
1624 struct mgmt_mode *cp = data;
1625 struct pending_cmd *cmd;
e6fe7986 1626 u8 val, status;
33ef95ed
JH		 1627 int err;
1628
bdb6d971 1629 BT_DBG("request for %s", hdev->name);
33ef95ed 1630
e6fe7986
JH		 1631 status = mgmt_bredr_support(hdev);
1632 if (status)
33c525c0 1633 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1634 status);
33c525c0 1635
a7e80f25
JH		 1636 if (cp->val != 0x00 && cp->val != 0x01)
1637 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1638 MGMT_STATUS_INVALID_PARAMS);
1639
33ef95ed
JH		 1640 hci_dev_lock(hdev);
1641
4b34ee78 1642 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1643 bool changed = false;
1644
1645 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1646 &hdev->dev_flags)) {
47990ea0
JH		 1647 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1648 changed = true;
1649 }
1650
1651 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1652 if (err < 0)
1653 goto failed;
1654
1655 if (changed)
1656 err = new_settings(hdev, sk);
1657
33ef95ed
JH		 1658 goto failed;
1659 }
1660
1661 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1662 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1663 MGMT_STATUS_BUSY);
33ef95ed
JH		 1664 goto failed;
1665 }
1666
1667 val = !!cp->val;
1668
1669 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1670 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1671 goto failed;
1672 }
1673
1674 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1675 if (!cmd) {
1676 err = -ENOMEM;
1677 goto failed;
1678 }
1679
1680 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1681 if (err < 0) {
1682 mgmt_pending_remove(cmd);
1683 goto failed;
1684 }
1685
1686failed:
1687 hci_dev_unlock(hdev);
33ef95ed
JH		 1688 return err;
1689}
1690
bdb6d971 1691static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1692{
1693 struct mgmt_mode *cp = data;
1694 struct pending_cmd *cmd;
72ef0c1a 1695 u8 status;
ed2c4ee3
JH		 1696 int err;
1697
bdb6d971 1698 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1699
cdba5281
MH		 1700 status = mgmt_bredr_support(hdev);
1701 if (status)
1702 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1703
13ecd8b6
JH		 1704 if (!lmp_ssp_capable(hdev))
1705 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1706 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1707
a7e80f25
JH		 1708 if (cp->val != 0x00 && cp->val != 0x01)
1709 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1710 MGMT_STATUS_INVALID_PARAMS);
1711
13ecd8b6 1712 hci_dev_lock(hdev);
6c8f12c1 1713
4b34ee78 1714 if (!hdev_is_powered(hdev)) {
9ecb3e24 1715 bool changed;
c0ecddc2 1716
9ecb3e24
MH		 1717 if (cp->val) {
1718 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1719 &hdev->dev_flags);
1720 } else {
1721 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1722 &hdev->dev_flags);
1723 if (!changed)
1724 changed = test_and_clear_bit(HCI_HS_ENABLED,
1725 &hdev->dev_flags);
1726 else
1727 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1728 }
1729
1730 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1731 if (err < 0)
1732 goto failed;
1733
1734 if (changed)
1735 err = new_settings(hdev, sk);
1736
ed2c4ee3
JH		 1737 goto failed;
1738 }
1739
9ecb3e24
MH		 1740 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1741 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1742 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1743 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1744 goto failed;
1745 }
1746
72ef0c1a 1747 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1748 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1749 goto failed;
1750 }
1751
1752 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1753 if (!cmd) {
1754 err = -ENOMEM;
1755 goto failed;
1756 }
1757
72ef0c1a 1758 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1759 if (err < 0) {
1760 mgmt_pending_remove(cmd);
1761 goto failed;
1762 }
1763
1764failed:
1765 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1766 return err;
1767}
1768
bdb6d971 1769static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1770{
1771 struct mgmt_mode *cp = data;
ee392693 1772 bool changed;
e6fe7986 1773 u8 status;
ee392693 1774 int err;
6d80dfd0 1775
bdb6d971 1776 BT_DBG("request for %s", hdev->name);
6d80dfd0 1777
e6fe7986
JH		 1778 status = mgmt_bredr_support(hdev);
1779 if (status)
1780 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1781
9ecb3e24
MH		 1782 if (!lmp_ssp_capable(hdev))
1783 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1784 MGMT_STATUS_NOT_SUPPORTED);
1785
1786 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1787 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1788 MGMT_STATUS_REJECTED);
1789
a7e80f25
JH		 1790 if (cp->val != 0x00 && cp->val != 0x01)
1791 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1792 MGMT_STATUS_INVALID_PARAMS);
1793
ee392693
MH		 1794 hci_dev_lock(hdev);
1795
a0cdf960 1796 if (cp->val) {
ee392693 1797 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1798 } else {
1799 if (hdev_is_powered(hdev)) {
1800 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1801 MGMT_STATUS_REJECTED);
1802 goto unlock;
1803 }
1804
ee392693 1805 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1806 }
ee392693
MH		 1807
1808 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1809 if (err < 0)
1810 goto unlock;
1811
1812 if (changed)
1813 err = new_settings(hdev, sk);
6d80dfd0 1814
ee392693
MH		 1815unlock:
1816 hci_dev_unlock(hdev);
1817 return err;
6d80dfd0
JH		 1818}
1819
416a4ae5
JH		 1820static void le_enable_complete(struct hci_dev *hdev, u8 status)
1821{
1822 struct cmd_lookup match = { NULL, hdev };
1823
1824 if (status) {
1825 u8 mgmt_err = mgmt_status(status);
1826
1827 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1828 &mgmt_err);
1829 return;
1830 }
1831
1832 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1833
1834 new_settings(hdev, match.sk);
1835
1836 if (match.sk)
1837 sock_put(match.sk);
441ad2d0
MH		 1838
1839 /* Make sure the controller has a good default for
1840 * advertising data. Restrict the update to when LE
1841 * has actually been enabled. During power on, the
1842 * update in powered_update_hci will take care of it.
1843 */
1844 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1845 struct hci_request req;
1846
1847 hci_dev_lock(hdev);
1848
1849 hci_req_init(&req, hdev);
5947f4bc 1850 update_adv_data(&req);
f14d8f64 1851 update_scan_rsp_data(&req);
441ad2d0
MH		 1852 hci_req_run(&req, NULL);
1853
1854 hci_dev_unlock(hdev);
1855 }
416a4ae5
JH		 1856}
1857
bdb6d971 1858static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1859{
1860 struct mgmt_mode *cp = data;
1861 struct hci_cp_write_le_host_supported hci_cp;
1862 struct pending_cmd *cmd;
416a4ae5 1863 struct hci_request req;
06199cf8 1864 int err;
0b60eba1 1865 u8 val, enabled;
06199cf8 1866
bdb6d971 1867 BT_DBG("request for %s", hdev->name);
06199cf8 1868
13ecd8b6
JH		 1869 if (!lmp_le_capable(hdev))
1870 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1871 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1872
a7e80f25
JH		 1873 if (cp->val != 0x00 && cp->val != 0x01)
1874 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1875 MGMT_STATUS_INVALID_PARAMS);
1876
c73eee91 1877 /* LE-only devices do not allow toggling LE on/off */
56f87901 1878 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1879 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1880 MGMT_STATUS_REJECTED);
1881
13ecd8b6 1882 hci_dev_lock(hdev);
06199cf8
JH		 1883
1884 val = !!cp->val;
ffa88e02 1885 enabled = lmp_host_le_capable(hdev);
06199cf8 1886
0b60eba1 1887 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1888 bool changed = false;
1889
1890 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1891 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1892 changed = true;
1893 }
1894
f3d3444a
JH		 1895 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1896 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1897 changed = true;
1898 }
1899
06199cf8
JH		 1900 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1901 if (err < 0)
1de028ce 1902 goto unlock;
06199cf8
JH		 1903
1904 if (changed)
1905 err = new_settings(hdev, sk);
1906
1de028ce 1907 goto unlock;
06199cf8
JH		 1908 }
1909
4375f103
JH		 1910 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1911 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1912 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1913 MGMT_STATUS_BUSY);
1de028ce 1914 goto unlock;
06199cf8
JH		 1915 }
1916
1917 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1918 if (!cmd) {
1919 err = -ENOMEM;
1de028ce 1920 goto unlock;
06199cf8
JH		 1921 }
1922
441ad2d0
MH		 1923 hci_req_init(&req, hdev);
1924
06199cf8
JH		 1925 memset(&hci_cp, 0, sizeof(hci_cp));
1926
1927 if (val) {
1928 hci_cp.le = val;
ffa88e02 1929 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 1930 } else {
1931 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1932 disable_advertising(&req);
06199cf8
JH		 1933 }
1934
416a4ae5
JH		 1935 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1936 &hci_cp);
1937
1938 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1939 if (err < 0)
06199cf8 1940 mgmt_pending_remove(cmd);
06199cf8 1941
1de028ce
JH		 1942unlock:
1943 hci_dev_unlock(hdev);
06199cf8
JH		 1944 return err;
1945}
1946
0cab9c80
JH		 1947/* This is a helper function to test for pending mgmt commands that can
1948 * cause CoD or EIR HCI commands. We can only allow one such pending
1949 * mgmt command at a time since otherwise we cannot easily track what
1950 * the current values are, will be, and based on that calculate if a new
1951 * HCI command needs to be sent and if yes with what value.
1952 */
1953static bool pending_eir_or_class(struct hci_dev *hdev)
1954{
1955 struct pending_cmd *cmd;
1956
1957 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1958 switch (cmd->opcode) {
1959 case MGMT_OP_ADD_UUID:
1960 case MGMT_OP_REMOVE_UUID:
1961 case MGMT_OP_SET_DEV_CLASS:
1962 case MGMT_OP_SET_POWERED:
1963 return true;
1964 }
1965 }
1966
1967 return false;
1968}
1969
83be8eca
JH		 1970static const u8 bluetooth_base_uuid[] = {
1971 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1972 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1973};
1974
1975static u8 get_uuid_size(const u8 *uuid)
1976{
1977 u32 val;
1978
1979 if (memcmp(uuid, bluetooth_base_uuid, 12))
1980 return 128;
1981
1982 val = get_unaligned_le32(&uuid[12]);
1983 if (val > 0xffff)
1984 return 32;
1985
1986 return 16;
1987}
1988
92da6097
JH		 1989static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1990{
1991 struct pending_cmd *cmd;
1992
1993 hci_dev_lock(hdev);
1994
1995 cmd = mgmt_pending_find(mgmt_op, hdev);
1996 if (!cmd)
1997 goto unlock;
1998
1999 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2000 hdev->dev_class, 3);
2001
2002 mgmt_pending_remove(cmd);
2003
2004unlock:
2005 hci_dev_unlock(hdev);
2006}
2007
2008static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2009{
2010 BT_DBG("status 0x%02x", status);
2011
2012 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2013}
2014
bdb6d971 2015static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2016{
650f726d 2017 struct mgmt_cp_add_uuid *cp = data;
90e70454 2018 struct pending_cmd *cmd;
890ea898 2019 struct hci_request req;
2aeb9a1a 2020 struct bt_uuid *uuid;
2aeb9a1a
JH		 2021 int err;
2022
bdb6d971 2023 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2024
09fd0de5 2025 hci_dev_lock(hdev);
2aeb9a1a 2026
0cab9c80 2027 if (pending_eir_or_class(hdev)) {
bdb6d971 2028 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2029 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2030 goto failed;
2031 }
2032
92c4c204 2033 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2034 if (!uuid) {
2035 err = -ENOMEM;
2036 goto failed;
2037 }
2038
2039 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2040 uuid->svc_hint = cp->svc_hint;
83be8eca 2041 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2042
de66aa63 2043 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2044
890ea898 2045 hci_req_init(&req, hdev);
1aff6f09 2046
890ea898
JH		 2047 update_class(&req);
2048 update_eir(&req);
2049
92da6097
JH		 2050 err = hci_req_run(&req, add_uuid_complete);
2051 if (err < 0) {
2052 if (err != -ENODATA)
2053 goto failed;
80a1e1db 2054
bdb6d971 2055 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2056 hdev->dev_class, 3);
90e70454
JH		 2057 goto failed;
2058 }
2059
2060 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2061 if (!cmd) {
90e70454 2062 err = -ENOMEM;
890ea898
JH		 2063 goto failed;
2064 }
2065
2066 err = 0;
2aeb9a1a
JH		 2067
2068failed:
09fd0de5 2069 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2070 return err;
2071}
2072
24b78d0f
JH		 2073static bool enable_service_cache(struct hci_dev *hdev)
2074{
2075 if (!hdev_is_powered(hdev))
2076 return false;
2077
2078 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2079 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2080 CACHE_TIMEOUT);
24b78d0f
JH		 2081 return true;
2082 }
2083
2084 return false;
2085}
2086
92da6097
JH		 2087static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2088{
2089 BT_DBG("status 0x%02x", status);
2090
2091 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2092}
2093
bdb6d971 2094static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2095 u16 len)
2aeb9a1a 2096{
650f726d 2097 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2098 struct pending_cmd *cmd;
056341c8 2099 struct bt_uuid *match, *tmp;
2aeb9a1a 2100 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2101 struct hci_request req;
2aeb9a1a
JH		 2102 int err, found;
2103
bdb6d971 2104 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2105
09fd0de5 2106 hci_dev_lock(hdev);
2aeb9a1a 2107
0cab9c80 2108 if (pending_eir_or_class(hdev)) {
bdb6d971 2109 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2110 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2111 goto unlock;
2112 }
2113
2aeb9a1a 2114 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2115 hci_uuids_clear(hdev);
4004b6d9 2116
24b78d0f 2117 if (enable_service_cache(hdev)) {
bdb6d971 2118 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2119 0, hdev->dev_class, 3);
24b78d0f
JH		 2120 goto unlock;
2121 }
4004b6d9 2122
9246a869 2123 goto update_class;
2aeb9a1a
JH		 2124 }
2125
2126 found = 0;
2127
056341c8 2128 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2129 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2130 continue;
2131
2132 list_del(&match->list);
482049f7 2133 kfree(match);
2aeb9a1a
JH		 2134 found++;
2135 }
2136
2137 if (found == 0) {
bdb6d971 2138 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2139 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2140 goto unlock;
2141 }
2142
9246a869 2143update_class:
890ea898 2144 hci_req_init(&req, hdev);
1aff6f09 2145
890ea898
JH		 2146 update_class(&req);
2147 update_eir(&req);
2148
92da6097
JH		 2149 err = hci_req_run(&req, remove_uuid_complete);
2150 if (err < 0) {
2151 if (err != -ENODATA)
2152 goto unlock;
80a1e1db 2153
bdb6d971 2154 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2155 hdev->dev_class, 3);
90e70454
JH		 2156 goto unlock;
2157 }
2158
2159 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2160 if (!cmd) {
90e70454 2161 err = -ENOMEM;
890ea898
JH		 2162 goto unlock;
2163 }
2164
2165 err = 0;
2aeb9a1a
JH		 2166
2167unlock:
09fd0de5 2168 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2169 return err;
2170}
2171
92da6097
JH		 2172static void set_class_complete(struct hci_dev *hdev, u8 status)
2173{
2174 BT_DBG("status 0x%02x", status);
2175
2176 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2177}
2178
bdb6d971 2179static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2180 u16 len)
1aff6f09 2181{
650f726d 2182 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2183 struct pending_cmd *cmd;
890ea898 2184 struct hci_request req;
1aff6f09
JH		 2185 int err;
2186
bdb6d971 2187 BT_DBG("request for %s", hdev->name);
1aff6f09 2188
6203fc98 2189 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2190 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2191 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2192
0cab9c80 2193 hci_dev_lock(hdev);
ee98f473 2194
0cab9c80
JH		 2195 if (pending_eir_or_class(hdev)) {
2196 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2197 MGMT_STATUS_BUSY);
2198 goto unlock;
2199 }
c95f0ba7 2200
0cab9c80
JH		 2201 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2202 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2203 MGMT_STATUS_INVALID_PARAMS);
2204 goto unlock;
2205 }
575b3a02 2206
932f5ff5
JH		 2207 hdev->major_class = cp->major;
2208 hdev->minor_class = cp->minor;
2209
b5235a65 2210 if (!hdev_is_powered(hdev)) {
bdb6d971 2211 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2212 hdev->dev_class, 3);
b5235a65
JH		 2213 goto unlock;
2214 }
2215
890ea898
JH		 2216 hci_req_init(&req, hdev);
2217
a8b2d5c2 2218 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2219 hci_dev_unlock(hdev);
2220 cancel_delayed_work_sync(&hdev->service_cache);
2221 hci_dev_lock(hdev);
890ea898 2222 update_eir(&req);
7d78525d 2223 }
14c0b608 2224
890ea898
JH		 2225 update_class(&req);
2226
92da6097
JH		 2227 err = hci_req_run(&req, set_class_complete);
2228 if (err < 0) {
2229 if (err != -ENODATA)
2230 goto unlock;
1aff6f09 2231
bdb6d971 2232 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2233 hdev->dev_class, 3);
90e70454
JH		 2234 goto unlock;
2235 }
2236
2237 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2238 if (!cmd) {
90e70454 2239 err = -ENOMEM;
890ea898
JH		 2240 goto unlock;
2241 }
2242
2243 err = 0;
1aff6f09 2244
b5235a65 2245unlock:
09fd0de5 2246 hci_dev_unlock(hdev);
1aff6f09
JH		 2247 return err;
2248}
2249
bdb6d971 2250static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2251 u16 len)
55ed8ca1 2252{
650f726d 2253 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2254 u16 key_count, expected_len;
b1de97d8 2255 bool changed;
a492cd52 2256 int i;
55ed8ca1 2257
9060d5cf
MH		 2258 BT_DBG("request for %s", hdev->name);
2259
2260 if (!lmp_bredr_capable(hdev))
2261 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2262 MGMT_STATUS_NOT_SUPPORTED);
2263
1f350c87 2264 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2265
86742e1e
JH		 2266 expected_len = sizeof(*cp) + key_count *
2267 sizeof(struct mgmt_link_key_info);
a492cd52 2268 if (expected_len != len) {
86742e1e 2269 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2270 len, expected_len);
bdb6d971 2271 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2272 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2273 }
2274
4ae14301
JH		 2275 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2276 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2277 MGMT_STATUS_INVALID_PARAMS);
2278
bdb6d971 2279 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2280 key_count);
55ed8ca1 2281
4ee71b20
JH		 2282 for (i = 0; i < key_count; i++) {
2283 struct mgmt_link_key_info *key = &cp->keys[i];
2284
8e991132 2285 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2286 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2287 MGMT_STATUS_INVALID_PARAMS);
2288 }
2289
09fd0de5 2290 hci_dev_lock(hdev);
55ed8ca1
JH		 2291
2292 hci_link_keys_clear(hdev);
2293
55ed8ca1 2294 if (cp->debug_keys)
b1de97d8 2295 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2296 else
b1de97d8
MH		 2297 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2298
2299 if (changed)
2300 new_settings(hdev, NULL);
55ed8ca1 2301
a492cd52 2302 for (i = 0; i < key_count; i++) {
86742e1e 2303 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2304
d753fdc4 2305 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2306 key->type, key->pin_len);
55ed8ca1
JH		 2307 }
2308
bdb6d971 2309 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2310
09fd0de5 2311 hci_dev_unlock(hdev);
55ed8ca1 2312
a492cd52 2313 return 0;
55ed8ca1
JH		 2314}
2315
b1078ad0 2316static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2317 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2318{
2319 struct mgmt_ev_device_unpaired ev;
2320
2321 bacpy(&ev.addr.bdaddr, bdaddr);
2322 ev.addr.type = addr_type;
2323
2324 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2325 skip_sk);
b1078ad0
JH		 2326}
2327
bdb6d971 2328static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2329 u16 len)
55ed8ca1 2330{
124f6e35
JH		 2331 struct mgmt_cp_unpair_device *cp = data;
2332 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2333 struct hci_cp_disconnect dc;
2334 struct pending_cmd *cmd;
55ed8ca1 2335 struct hci_conn *conn;
55ed8ca1
JH		 2336 int err;
2337
a8a1d19e 2338 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2339 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2340 rp.addr.type = cp->addr.type;
a8a1d19e 2341
4ee71b20
JH		 2342 if (!bdaddr_type_is_valid(cp->addr.type))
2343 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2344 MGMT_STATUS_INVALID_PARAMS,
2345 &rp, sizeof(rp));
2346
118da70b
JH		 2347 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2348 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2349 MGMT_STATUS_INVALID_PARAMS,
2350 &rp, sizeof(rp));
2351
4ee71b20
JH		 2352 hci_dev_lock(hdev);
2353
86a8cfc6 2354 if (!hdev_is_powered(hdev)) {
bdb6d971 2355 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2356 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2357 goto unlock;
2358 }
2359
e0b2b27e 2360 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2361 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2362 } else {
2363 u8 addr_type;
2364
2365 if (cp->addr.type == BDADDR_LE_PUBLIC)
2366 addr_type = ADDR_LE_DEV_PUBLIC;
2367 else
2368 addr_type = ADDR_LE_DEV_RANDOM;
2369
a7ec7338
JH		 2370 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2371
e0b2b27e
JH		 2372 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2373 }
b0dbfb46 2374
55ed8ca1 2375 if (err < 0) {
bdb6d971 2376 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2377 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2378 goto unlock;
2379 }
2380
86a8cfc6 2381 if (cp->disconnect) {
591f47f3 2382 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2383 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2384 &cp->addr.bdaddr);
86a8cfc6
JH		 2385 else
2386 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2387 &cp->addr.bdaddr);
86a8cfc6
JH		 2388 } else {
2389 conn = NULL;
2390 }
124f6e35 2391
a8a1d19e 2392 if (!conn) {
bdb6d971 2393 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2394 &rp, sizeof(rp));
b1078ad0 2395 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2396 goto unlock;
2397 }
55ed8ca1 2398
124f6e35 2399 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2400 sizeof(*cp));
a8a1d19e
JH		 2401 if (!cmd) {
2402 err = -ENOMEM;
2403 goto unlock;
55ed8ca1
JH		 2404 }
2405
eb55ef07 2406 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2407 dc.reason = 0x13; /* Remote User Terminated Connection */
2408 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2409 if (err < 0)
2410 mgmt_pending_remove(cmd);
2411
55ed8ca1 2412unlock:
09fd0de5 2413 hci_dev_unlock(hdev);
55ed8ca1
JH		 2414 return err;
2415}
2416
bdb6d971 2417static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2418 u16 len)
8962ee74 2419{
650f726d 2420 struct mgmt_cp_disconnect *cp = data;
06a63b19 2421 struct mgmt_rp_disconnect rp;
8962ee74 2422 struct hci_cp_disconnect dc;
366a0336 2423 struct pending_cmd *cmd;
8962ee74 2424 struct hci_conn *conn;
8962ee74
JH		 2425 int err;
2426
2427 BT_DBG("");
2428
06a63b19
JH		 2429 memset(&rp, 0, sizeof(rp));
2430 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2431 rp.addr.type = cp->addr.type;
2432
4ee71b20 2433 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2434 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2435 MGMT_STATUS_INVALID_PARAMS,
2436 &rp, sizeof(rp));
4ee71b20 2437
09fd0de5 2438 hci_dev_lock(hdev);
8962ee74
JH		 2439
2440 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2441 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2442 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2443 goto failed;
2444 }
2445
2e58ef3e 2446 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2447 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2448 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2449 goto failed;
2450 }
2451
591f47f3 2452 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2453 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2454 &cp->addr.bdaddr);
88c3df13
JH		 2455 else
2456 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2457
f960727e 2458 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2459 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2460 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2461 goto failed;
2462 }
2463
2e58ef3e 2464 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2465 if (!cmd) {
2466 err = -ENOMEM;
8962ee74 2467 goto failed;
366a0336 2468 }
8962ee74 2469
eb55ef07 2470 dc.handle = cpu_to_le16(conn->handle);
3701f944 2471 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2472
2473 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2474 if (err < 0)
a664b5bc 2475 mgmt_pending_remove(cmd);
8962ee74
JH		 2476
2477failed:
09fd0de5 2478 hci_dev_unlock(hdev);
8962ee74
JH		 2479 return err;
2480}
2481
57c1477c 2482static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2483{
2484 switch (link_type) {
2485 case LE_LINK:
48264f06
JH		 2486 switch (addr_type) {
2487 case ADDR_LE_DEV_PUBLIC:
591f47f3 2488 return BDADDR_LE_PUBLIC;
0ed09148 2489
48264f06 2490 default:
0ed09148 2491 /* Fallback to LE Random address type */
591f47f3 2492 return BDADDR_LE_RANDOM;
48264f06 2493 }
0ed09148 2494
4c659c39 2495 default:
0ed09148 2496 /* Fallback to BR/EDR type */
591f47f3 2497 return BDADDR_BREDR;
4c659c39
JH		 2498 }
2499}
2500
04124681
GP		 2501static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2502 u16 data_len)
2784eb41 2503{
2784eb41 2504 struct mgmt_rp_get_connections *rp;
8035ded4 2505 struct hci_conn *c;
a38528f1 2506 size_t rp_len;
60fc5fb6
JH		 2507 int err;
2508 u16 i;
2784eb41
JH		 2509
2510 BT_DBG("");
2511
09fd0de5 2512 hci_dev_lock(hdev);
2784eb41 2513
5f97c1df 2514 if (!hdev_is_powered(hdev)) {
bdb6d971 2515 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2516 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2517 goto unlock;
2518 }
2519
60fc5fb6 2520 i = 0;
b644ba33
JH		 2521 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2522 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2523 i++;
2784eb41
JH		 2524 }
2525
60fc5fb6 2526 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2527 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2528 if (!rp) {
2784eb41
JH		 2529 err = -ENOMEM;
2530 goto unlock;
2531 }
2532
2784eb41 2533 i = 0;
4c659c39 2534 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2535 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2536 continue;
4c659c39 2537 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2538 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2539 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2540 continue;
2541 i++;
2542 }
2543
eb55ef07 2544 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2545
4c659c39
JH		 2546 /* Recalculate length in case of filtered SCO connections, etc */
2547 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2548
bdb6d971 2549 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2550 rp_len);
2784eb41 2551
a38528f1 2552 kfree(rp);
5f97c1df
JH		 2553
2554unlock:
09fd0de5 2555 hci_dev_unlock(hdev);
2784eb41
JH		 2556 return err;
2557}
2558
bdb6d971 2559static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2560 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2561{
2562 struct pending_cmd *cmd;
2563 int err;
2564
2e58ef3e 2565 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2566 sizeof(*cp));
96d97a67
WR		 2567 if (!cmd)
2568 return -ENOMEM;
2569
d8457698 2570 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2571 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2572 if (err < 0)
2573 mgmt_pending_remove(cmd);
2574
2575 return err;
2576}
2577
bdb6d971 2578static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2579 u16 len)
980e1a53 2580{
96d97a67 2581 struct hci_conn *conn;
650f726d 2582 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2583 struct hci_cp_pin_code_reply reply;
366a0336 2584 struct pending_cmd *cmd;
980e1a53
JH		 2585 int err;
2586
2587 BT_DBG("");
2588
09fd0de5 2589 hci_dev_lock(hdev);
980e1a53 2590
4b34ee78 2591 if (!hdev_is_powered(hdev)) {
bdb6d971 2592 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2593 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2594 goto failed;
2595 }
2596
d8457698 2597 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2598 if (!conn) {
bdb6d971 2599 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2600 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2601 goto failed;
2602 }
2603
2604 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2605 struct mgmt_cp_pin_code_neg_reply ncp;
2606
2607 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2608
2609 BT_ERR("PIN code is not 16 bytes long");
2610
bdb6d971 2611 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2612 if (err >= 0)
bdb6d971 2613 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2614 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2615
2616 goto failed;
2617 }
2618
00abfe44 2619 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2620 if (!cmd) {
2621 err = -ENOMEM;
980e1a53 2622 goto failed;
366a0336 2623 }
980e1a53 2624
d8457698 2625 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2626 reply.pin_len = cp->pin_len;
24718ca5 2627 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2628
2629 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2630 if (err < 0)
a664b5bc 2631 mgmt_pending_remove(cmd);
980e1a53
JH		 2632
2633failed:
09fd0de5 2634 hci_dev_unlock(hdev);
980e1a53
JH		 2635 return err;
2636}
2637
04124681
GP		 2638static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2639 u16 len)
17fa4b9d 2640{
650f726d 2641 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2642
2643 BT_DBG("");
2644
09fd0de5 2645 hci_dev_lock(hdev);
17fa4b9d
JH		 2646
2647 hdev->io_capability = cp->io_capability;
2648
2649 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2650 hdev->io_capability);
17fa4b9d 2651
09fd0de5 2652 hci_dev_unlock(hdev);
17fa4b9d 2653
04124681
GP		 2654 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2655 0);
17fa4b9d
JH		 2656}
2657
6039aa73 2658static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2659{
2660 struct hci_dev *hdev = conn->hdev;
8035ded4 2661 struct pending_cmd *cmd;
e9a416b5 2662
2e58ef3e 2663 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2664 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2665 continue;
2666
e9a416b5
JH		 2667 if (cmd->user_data != conn)
2668 continue;
2669
2670 return cmd;
2671 }
2672
2673 return NULL;
2674}
2675
2676static void pairing_complete(struct pending_cmd *cmd, u8 status)
2677{
2678 struct mgmt_rp_pair_device rp;
2679 struct hci_conn *conn = cmd->user_data;
2680
ba4e564f 2681 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2682 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2683
aee9b218 2684 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2685 &rp, sizeof(rp));
e9a416b5
JH		 2686
2687 /* So we don't get further callbacks for this connection */
2688 conn->connect_cfm_cb = NULL;
2689 conn->security_cfm_cb = NULL;
2690 conn->disconn_cfm_cb = NULL;
2691
76a68ba0 2692 hci_conn_drop(conn);
e9a416b5 2693
a664b5bc 2694 mgmt_pending_remove(cmd);
e9a416b5
JH		 2695}
2696
f4a407be
JH		 2697void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2698{
2699 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2700 struct pending_cmd *cmd;
2701
2702 cmd = find_pairing(conn);
2703 if (cmd)
2704 pairing_complete(cmd, status);
2705}
2706
e9a416b5
JH		 2707static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2708{
2709 struct pending_cmd *cmd;
2710
2711 BT_DBG("status %u", status);
2712
2713 cmd = find_pairing(conn);
56e5cb86 2714 if (!cmd)
e9a416b5 2715 BT_DBG("Unable to find a pending command");
56e5cb86 2716 else
e211326c 2717 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2718}
2719
f4a407be 2720static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2721{
2722 struct pending_cmd *cmd;
2723
2724 BT_DBG("status %u", status);
2725
2726 if (!status)
2727 return;
2728
2729 cmd = find_pairing(conn);
2730 if (!cmd)
2731 BT_DBG("Unable to find a pending command");
2732 else
2733 pairing_complete(cmd, mgmt_status(status));
2734}
2735
bdb6d971 2736static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2737 u16 len)
e9a416b5 2738{
650f726d 2739 struct mgmt_cp_pair_device *cp = data;
1425acb7 2740 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2741 struct pending_cmd *cmd;
2742 u8 sec_level, auth_type;
2743 struct hci_conn *conn;
e9a416b5
JH		 2744 int err;
2745
2746 BT_DBG("");
2747
f950a30e
SJ		 2748 memset(&rp, 0, sizeof(rp));
2749 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2750 rp.addr.type = cp->addr.type;
2751
4ee71b20
JH		 2752 if (!bdaddr_type_is_valid(cp->addr.type))
2753 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2754 MGMT_STATUS_INVALID_PARAMS,
2755 &rp, sizeof(rp));
2756
09fd0de5 2757 hci_dev_lock(hdev);
e9a416b5 2758
5f97c1df 2759 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2760 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2761 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2762 goto unlock;
2763 }
2764
c908df36
VCG		 2765 sec_level = BT_SECURITY_MEDIUM;
2766 if (cp->io_cap == 0x03)
e9a416b5 2767 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2768 else
e9a416b5 2769 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2770
591f47f3 2771 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2772 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2773 cp->addr.type, sec_level, auth_type);
7a512d01 2774 else
b12f62cf
AG		 2775 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2776 cp->addr.type, sec_level, auth_type);
7a512d01 2777
30e76272 2778 if (IS_ERR(conn)) {
489dc48e
AK		 2779 int status;
2780
2781 if (PTR_ERR(conn) == -EBUSY)
2782 status = MGMT_STATUS_BUSY;
2783 else
2784 status = MGMT_STATUS_CONNECT_FAILED;
2785
bdb6d971 2786 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2787 status, &rp,
04124681 2788 sizeof(rp));
e9a416b5
JH		 2789 goto unlock;
2790 }
2791
2792 if (conn->connect_cfm_cb) {
76a68ba0 2793 hci_conn_drop(conn);
bdb6d971 2794 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2795 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2796 goto unlock;
2797 }
2798
2e58ef3e 2799 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2800 if (!cmd) {
2801 err = -ENOMEM;
76a68ba0 2802 hci_conn_drop(conn);
e9a416b5
JH		 2803 goto unlock;
2804 }
2805
7a512d01 2806 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2807 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2808 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2809 conn->security_cfm_cb = pairing_complete_cb;
2810 conn->disconn_cfm_cb = pairing_complete_cb;
2811 } else {
2812 conn->connect_cfm_cb = le_pairing_complete_cb;
2813 conn->security_cfm_cb = le_pairing_complete_cb;
2814 conn->disconn_cfm_cb = le_pairing_complete_cb;
2815 }
7a512d01 2816
e9a416b5
JH		 2817 conn->io_capability = cp->io_cap;
2818 cmd->user_data = conn;
2819
2820 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2821 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2822 pairing_complete(cmd, 0);
2823
2824 err = 0;
2825
2826unlock:
09fd0de5 2827 hci_dev_unlock(hdev);
e9a416b5
JH		 2828 return err;
2829}
2830
04124681
GP		 2831static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2832 u16 len)
28424707 2833{
0f4e68cf 2834 struct mgmt_addr_info *addr = data;
28424707
JH		 2835 struct pending_cmd *cmd;
2836 struct hci_conn *conn;
2837 int err;
2838
2839 BT_DBG("");
2840
28424707
JH		 2841 hci_dev_lock(hdev);
2842
5f97c1df 2843 if (!hdev_is_powered(hdev)) {
bdb6d971 2844 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2845 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2846 goto unlock;
2847 }
2848
28424707
JH		 2849 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2850 if (!cmd) {
bdb6d971 2851 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2852 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2853 goto unlock;
2854 }
2855
2856 conn = cmd->user_data;
2857
2858 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2859 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2860 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2861 goto unlock;
2862 }
2863
2864 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2865
bdb6d971 2866 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2867 addr, sizeof(*addr));
28424707
JH		 2868unlock:
2869 hci_dev_unlock(hdev);
28424707
JH		 2870 return err;
2871}
2872
bdb6d971 2873static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2874 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2875 u16 hci_op, __le32 passkey)
a5c29683 2876{
a5c29683 2877 struct pending_cmd *cmd;
0df4c185 2878 struct hci_conn *conn;
a5c29683
JH		 2879 int err;
2880
09fd0de5 2881 hci_dev_lock(hdev);
08ba5382 2882
4b34ee78 2883 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2884 err = cmd_complete(sk, hdev->id, mgmt_op,
2885 MGMT_STATUS_NOT_POWERED, addr,
2886 sizeof(*addr));
0df4c185 2887 goto done;
a5c29683
JH		 2888 }
2889
1707c60e
JH		 2890 if (addr->type == BDADDR_BREDR)
2891 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2892 else
1707c60e 2893 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2894
2895 if (!conn) {
feb94d3d
JH		 2896 err = cmd_complete(sk, hdev->id, mgmt_op,
2897 MGMT_STATUS_NOT_CONNECTED, addr,
2898 sizeof(*addr));
272d90df
JH		 2899 goto done;
2900 }
47c15e2b 2901
1707c60e 2902 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2903 /* Continue with pairing via SMP */
5fe57d9e
BG		 2904 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2905
2906 if (!err)
feb94d3d
JH		 2907 err = cmd_complete(sk, hdev->id, mgmt_op,
2908 MGMT_STATUS_SUCCESS, addr,
2909 sizeof(*addr));
5fe57d9e 2910 else
feb94d3d
JH		 2911 err = cmd_complete(sk, hdev->id, mgmt_op,
2912 MGMT_STATUS_FAILED, addr,
2913 sizeof(*addr));
47c15e2b 2914
47c15e2b
BG		 2915 goto done;
2916 }
2917
1707c60e 2918 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2919 if (!cmd) {
2920 err = -ENOMEM;
0df4c185 2921 goto done;
a5c29683
JH		 2922 }
2923
0df4c185 2924 /* Continue with pairing via HCI */
604086b7
BG		 2925 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2926 struct hci_cp_user_passkey_reply cp;
2927
1707c60e 2928 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2929 cp.passkey = passkey;
2930 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2931 } else
1707c60e
JH		 2932 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2933 &addr->bdaddr);
604086b7 2934
a664b5bc
JH		 2935 if (err < 0)
2936 mgmt_pending_remove(cmd);
a5c29683 2937
0df4c185 2938done:
09fd0de5 2939 hci_dev_unlock(hdev);
a5c29683
JH		 2940 return err;
2941}
2942
afeb019d
JK		 2943static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2944 void *data, u16 len)
2945{
2946 struct mgmt_cp_pin_code_neg_reply *cp = data;
2947
2948 BT_DBG("");
2949
1707c60e 2950 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2951 MGMT_OP_PIN_CODE_NEG_REPLY,
2952 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2953}
2954
04124681
GP		 2955static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2956 u16 len)
0df4c185 2957{
650f726d 2958 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2959
2960 BT_DBG("");
2961
2962 if (len != sizeof(*cp))
bdb6d971 2963 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2964 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2965
1707c60e 2966 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2967 MGMT_OP_USER_CONFIRM_REPLY,
2968 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2969}
2970
bdb6d971 2971static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2972 void *data, u16 len)
0df4c185 2973{
c9c2659f 2974 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2975
2976 BT_DBG("");
2977
1707c60e 2978 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2979 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2980 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2981}
2982
04124681
GP		 2983static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2984 u16 len)
604086b7 2985{
650f726d 2986 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2987
2988 BT_DBG("");
2989
1707c60e 2990 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2991 MGMT_OP_USER_PASSKEY_REPLY,
2992 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2993}
2994
bdb6d971 2995static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2996 void *data, u16 len)
604086b7 2997{
650f726d 2998 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2999
3000 BT_DBG("");
3001
1707c60e 3002 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3003 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3004 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3005}
3006
13928971 3007static void update_name(struct hci_request *req)
2b4bf397 3008{
13928971 3009 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3010 struct hci_cp_write_local_name cp;
3011
13928971 3012 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3013
890ea898 3014 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3015}
3016
13928971
JH		 3017static void set_name_complete(struct hci_dev *hdev, u8 status)
3018{
3019 struct mgmt_cp_set_local_name *cp;
3020 struct pending_cmd *cmd;
3021
3022 BT_DBG("status 0x%02x", status);
3023
3024 hci_dev_lock(hdev);
3025
3026 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3027 if (!cmd)
3028 goto unlock;
3029
3030 cp = cmd->param;
3031
3032 if (status)
3033 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3034 mgmt_status(status));
3035 else
3036 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3037 cp, sizeof(*cp));
3038
3039 mgmt_pending_remove(cmd);
3040
3041unlock:
3042 hci_dev_unlock(hdev);
3043}
3044
bdb6d971 3045static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3046 u16 len)
b312b161 3047{
2b4bf397 3048 struct mgmt_cp_set_local_name *cp = data;
b312b161 3049 struct pending_cmd *cmd;
890ea898 3050 struct hci_request req;
b312b161
JH		 3051 int err;
3052
3053 BT_DBG("");
3054
09fd0de5 3055 hci_dev_lock(hdev);
b312b161 3056
b3f2ca94
JH		 3057 /* If the old values are the same as the new ones just return a
3058 * direct command complete event.
3059 */
3060 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3061 !memcmp(hdev->short_name, cp->short_name,
3062 sizeof(hdev->short_name))) {
3063 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3064 data, len);
3065 goto failed;
3066 }
3067
2b4bf397 3068 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3069
b5235a65 3070 if (!hdev_is_powered(hdev)) {
2b4bf397 3071 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3072
3073 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3074 data, len);
28cc7bde
JH		 3075 if (err < 0)
3076 goto failed;
3077
3078 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3079 sk);
28cc7bde 3080
b5235a65
JH		 3081 goto failed;
3082 }
3083
28cc7bde 3084 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3085 if (!cmd) {
3086 err = -ENOMEM;
3087 goto failed;
3088 }
3089
13928971
JH		 3090 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3091
890ea898 3092 hci_req_init(&req, hdev);
3f985050
JH		 3093
3094 if (lmp_bredr_capable(hdev)) {
3095 update_name(&req);
3096 update_eir(&req);
3097 }
3098
7a5f4990
MH		 3099 /* The name is stored in the scan response data and so
3100 * no need to udpate the advertising data here.
3101 */
3f985050 3102 if (lmp_le_capable(hdev))
7a5f4990 3103 update_scan_rsp_data(&req);
3f985050 3104
13928971 3105 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3106 if (err < 0)
3107 mgmt_pending_remove(cmd);
3108
3109failed:
09fd0de5 3110 hci_dev_unlock(hdev);
b312b161
JH		 3111 return err;
3112}
3113
0f4e68cf 3114static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3115 void *data, u16 data_len)
c35938b2 3116{
c35938b2
SJ		 3117 struct pending_cmd *cmd;
3118 int err;
3119
bdb6d971 3120 BT_DBG("%s", hdev->name);
c35938b2 3121
09fd0de5 3122 hci_dev_lock(hdev);
c35938b2 3123
4b34ee78 3124 if (!hdev_is_powered(hdev)) {
bdb6d971 3125 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3126 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3127 goto unlock;
3128 }
3129
9a1a1996 3130 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3131 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3132 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3133 goto unlock;
3134 }
3135
2e58ef3e 3136 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3137 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3138 MGMT_STATUS_BUSY);
c35938b2
SJ		 3139 goto unlock;
3140 }
3141
2e58ef3e 3142 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3143 if (!cmd) {
3144 err = -ENOMEM;
3145 goto unlock;
3146 }
3147
4d2d2796
MH		 3148 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3149 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3150 0, NULL);
3151 else
3152 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3153
c35938b2
SJ		 3154 if (err < 0)
3155 mgmt_pending_remove(cmd);
3156
3157unlock:
09fd0de5 3158 hci_dev_unlock(hdev);
c35938b2
SJ		 3159 return err;
3160}
3161
bdb6d971 3162static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3163 void *data, u16 len)
2763eda6 3164{
2763eda6
SJ		 3165 int err;
3166
bdb6d971 3167 BT_DBG("%s ", hdev->name);
2763eda6 3168
09fd0de5 3169 hci_dev_lock(hdev);
2763eda6 3170
ec109113
MH		 3171 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3172 struct mgmt_cp_add_remote_oob_data *cp = data;
3173 u8 status;
bf1e3541 3174
ec109113
MH		 3175 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3176 cp->hash, cp->randomizer);
3177 if (err < 0)
3178 status = MGMT_STATUS_FAILED;
3179 else
3180 status = MGMT_STATUS_SUCCESS;
3181
3182 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3183 status, &cp->addr, sizeof(cp->addr));
3184 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3185 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3186 u8 status;
3187
3188 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3189 cp->hash192,
3190 cp->randomizer192,
3191 cp->hash256,
3192 cp->randomizer256);
3193 if (err < 0)
3194 status = MGMT_STATUS_FAILED;
3195 else
3196 status = MGMT_STATUS_SUCCESS;
3197
3198 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3199 status, &cp->addr, sizeof(cp->addr));
3200 } else {
3201 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3202 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3203 MGMT_STATUS_INVALID_PARAMS);
3204 }
2763eda6 3205
09fd0de5 3206 hci_dev_unlock(hdev);
2763eda6
SJ		 3207 return err;
3208}
3209
bdb6d971 3210static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3211 void *data, u16 len)
2763eda6 3212{
650f726d 3213 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3214 u8 status;
2763eda6
SJ		 3215 int err;
3216
bdb6d971 3217 BT_DBG("%s", hdev->name);
2763eda6 3218
09fd0de5 3219 hci_dev_lock(hdev);
2763eda6 3220
664ce4cc 3221 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3222 if (err < 0)
bf1e3541 3223 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3224 else
a6785be2 3225 status = MGMT_STATUS_SUCCESS;
bf1e3541 3226
bdb6d971 3227 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3228 status, &cp->addr, sizeof(cp->addr));
2763eda6 3229
09fd0de5 3230 hci_dev_unlock(hdev);
2763eda6
SJ		 3231 return err;
3232}
3233
41dc2bd6
AG		 3234static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3235{
3236 struct pending_cmd *cmd;
3237 u8 type;
3238 int err;
3239
3240 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3241
3242 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3243 if (!cmd)
3244 return -ENOENT;
3245
3246 type = hdev->discovery.type;
3247
3248 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3249 &type, sizeof(type));
3250 mgmt_pending_remove(cmd);
3251
3252 return err;
3253}
3254
7c307720
AG		 3255static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3256{
3257 BT_DBG("status %d", status);
3258
3259 if (status) {
3260 hci_dev_lock(hdev);
3261 mgmt_start_discovery_failed(hdev, status);
3262 hci_dev_unlock(hdev);
3263 return;
3264 }
3265
3266 hci_dev_lock(hdev);
3267 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3268 hci_dev_unlock(hdev);
3269
3270 switch (hdev->discovery.type) {
3271 case DISCOV_TYPE_LE:
3272 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3273 DISCOV_LE_TIMEOUT);
7c307720
AG		 3274 break;
3275
3276 case DISCOV_TYPE_INTERLEAVED:
3277 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3278 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 3279 break;
3280
3281 case DISCOV_TYPE_BREDR:
3282 break;
3283
3284 default:
3285 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3286 }
3287}
3288
bdb6d971 3289static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3290 void *data, u16 len)
14a53664 3291{
650f726d 3292 struct mgmt_cp_start_discovery *cp = data;
14a53664 3293 struct pending_cmd *cmd;
7c307720
AG		 3294 struct hci_cp_le_set_scan_param param_cp;
3295 struct hci_cp_le_set_scan_enable enable_cp;
3296 struct hci_cp_inquiry inq_cp;
3297 struct hci_request req;
3298 /* General inquiry access code (GIAC) */
3299 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3300 u8 status, own_addr_type;
14a53664
JH		 3301 int err;
3302
bdb6d971 3303 BT_DBG("%s", hdev->name);
14a53664 3304
09fd0de5 3305 hci_dev_lock(hdev);
14a53664 3306
4b34ee78 3307 if (!hdev_is_powered(hdev)) {
bdb6d971 3308 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3309 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3310 goto failed;
3311 }
3312
642be6c7
AG		 3313 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3314 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3315 MGMT_STATUS_BUSY);
3316 goto failed;
3317 }
3318
ff9ef578 3319 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3320 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3321 MGMT_STATUS_BUSY);
ff9ef578
JH		 3322 goto failed;
3323 }
3324
2e58ef3e 3325 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3326 if (!cmd) {
3327 err = -ENOMEM;
3328 goto failed;
3329 }
3330
4aab14e5
AG		 3331 hdev->discovery.type = cp->type;
3332
7c307720
AG		 3333 hci_req_init(&req, hdev);
3334
4aab14e5 3335 switch (hdev->discovery.type) {
f39799f5 3336 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3337 status = mgmt_bredr_support(hdev);
3338 if (status) {
04106755 3339 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3340 status);
04106755
JH		 3341 mgmt_pending_remove(cmd);
3342 goto failed;
3343 }
3344
7c307720
AG		 3345 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3346 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3347 MGMT_STATUS_BUSY);
3348 mgmt_pending_remove(cmd);
3349 goto failed;
3350 }
3351
3352 hci_inquiry_cache_flush(hdev);
3353
3354 memset(&inq_cp, 0, sizeof(inq_cp));
3355 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3356 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3357 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3358 break;
3359
3360 case DISCOV_TYPE_LE:
7c307720 3361 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3362 status = mgmt_le_support(hdev);
3363 if (status) {
04106755 3364 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3365 status);
04106755
JH		 3366 mgmt_pending_remove(cmd);
3367 goto failed;
3368 }
3369
7c307720 3370 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3371 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3372 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3373 MGMT_STATUS_NOT_SUPPORTED);
3374 mgmt_pending_remove(cmd);
3375 goto failed;
3376 }
3377
f3d3444a 3378 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3379 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3380 MGMT_STATUS_REJECTED);
3381 mgmt_pending_remove(cmd);
3382 goto failed;
3383 }
3384
3385 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3386 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3387 MGMT_STATUS_BUSY);
3388 mgmt_pending_remove(cmd);
3389 goto failed;
3390 }
3391
3392 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3393
94b1fc92
MH		 3394 /* All active scans will be done with either a resolvable
3395 * private address (when privacy feature has been enabled)
3396 * or unresolvable private address.
3397 */
3398 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3399 if (err < 0) {
3400 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3401 MGMT_STATUS_FAILED);
3402 mgmt_pending_remove(cmd);
3403 goto failed;
3404 }
3405
7c307720 3406 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3407 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3408 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3409 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3410 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3411 &param_cp);
3412
3413 memset(&enable_cp, 0, sizeof(enable_cp));
3414 enable_cp.enable = LE_SCAN_ENABLE;
3415 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3416 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3417 &enable_cp);
5e0452c0
AG		 3418 break;
3419
f39799f5 3420 default:
04106755
JH		 3421 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3422 MGMT_STATUS_INVALID_PARAMS);
3423 mgmt_pending_remove(cmd);
3424 goto failed;
f39799f5 3425 }
3fd24153 3426
7c307720 3427 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3428 if (err < 0)
3429 mgmt_pending_remove(cmd);
ff9ef578
JH		 3430 else
3431 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3432
3433failed:
09fd0de5 3434 hci_dev_unlock(hdev);
14a53664
JH		 3435 return err;
3436}
3437
1183fdca
AG		 3438static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3439{
3440 struct pending_cmd *cmd;
3441 int err;
3442
3443 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3444 if (!cmd)
3445 return -ENOENT;
3446
3447 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3448 &hdev->discovery.type, sizeof(hdev->discovery.type));
3449 mgmt_pending_remove(cmd);
3450
3451 return err;
3452}
3453
0e05bba6
AG		 3454static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3455{
3456 BT_DBG("status %d", status);
3457
3458 hci_dev_lock(hdev);
3459
3460 if (status) {
3461 mgmt_stop_discovery_failed(hdev, status);
3462 goto unlock;
3463 }
3464
3465 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3466
3467unlock:
3468 hci_dev_unlock(hdev);
3469}
3470
bdb6d971 3471static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3472 u16 len)
14a53664 3473{
d930650b 3474 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3475 struct pending_cmd *cmd;
30dc78e1
JH		 3476 struct hci_cp_remote_name_req_cancel cp;
3477 struct inquiry_entry *e;
0e05bba6
AG		 3478 struct hci_request req;
3479 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3480 int err;
3481
bdb6d971 3482 BT_DBG("%s", hdev->name);
14a53664 3483
09fd0de5 3484 hci_dev_lock(hdev);
14a53664 3485
30dc78e1 3486 if (!hci_discovery_active(hdev)) {
bdb6d971 3487 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3488 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3489 sizeof(mgmt_cp->type));
d930650b
JH		 3490 goto unlock;
3491 }
3492
3493 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3494 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3495 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3496 sizeof(mgmt_cp->type));
30dc78e1 3497 goto unlock;
ff9ef578
JH		 3498 }
3499
2e58ef3e 3500 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3501 if (!cmd) {
3502 err = -ENOMEM;
30dc78e1
JH		 3503 goto unlock;
3504 }
3505
0e05bba6
AG		 3506 hci_req_init(&req, hdev);
3507
e0d9727e
AG		 3508 switch (hdev->discovery.state) {
3509 case DISCOVERY_FINDING:
0e05bba6
AG		 3510 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3511 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3512 } else {
3513 cancel_delayed_work(&hdev->le_scan_disable);
3514
3515 memset(&enable_cp, 0, sizeof(enable_cp));
3516 enable_cp.enable = LE_SCAN_DISABLE;
3517 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3518 sizeof(enable_cp), &enable_cp);
3519 }
c9ecc48e 3520
e0d9727e
AG		 3521 break;
3522
3523 case DISCOVERY_RESOLVING:
3524 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3525 NAME_PENDING);
e0d9727e 3526 if (!e) {
30dc78e1 3527 mgmt_pending_remove(cmd);
e0d9727e
AG		 3528 err = cmd_complete(sk, hdev->id,
3529 MGMT_OP_STOP_DISCOVERY, 0,
3530 &mgmt_cp->type,
3531 sizeof(mgmt_cp->type));
3532 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3533 goto unlock;
3534 }
30dc78e1 3535
e0d9727e 3536 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3537 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3538 &cp);
e0d9727e
AG		 3539
3540 break;
3541
3542 default:
3543 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3544
3545 mgmt_pending_remove(cmd);
3546 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3547 MGMT_STATUS_FAILED, &mgmt_cp->type,
3548 sizeof(mgmt_cp->type));
3549 goto unlock;
14a53664
JH		 3550 }
3551
0e05bba6 3552 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3553 if (err < 0)
3554 mgmt_pending_remove(cmd);
ff9ef578
JH		 3555 else
3556 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3557
30dc78e1 3558unlock:
09fd0de5 3559 hci_dev_unlock(hdev);
14a53664
JH		 3560 return err;
3561}
3562
bdb6d971 3563static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3564 u16 len)
561aafbc 3565{
650f726d 3566 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3567 struct inquiry_entry *e;
561aafbc
JH		 3568 int err;
3569
bdb6d971 3570 BT_DBG("%s", hdev->name);
561aafbc 3571
561aafbc
JH		 3572 hci_dev_lock(hdev);
3573
30dc78e1 3574 if (!hci_discovery_active(hdev)) {
bdb6d971 3575 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3576 MGMT_STATUS_FAILED);
30dc78e1
JH		 3577 goto failed;
3578 }
3579
a198e7b1 3580 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3581 if (!e) {
bdb6d971 3582 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3583 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3584 goto failed;
3585 }
3586
3587 if (cp->name_known) {
3588 e->name_state = NAME_KNOWN;
3589 list_del(&e->list);
3590 } else {
3591 e->name_state = NAME_NEEDED;
a3d4e20a 3592 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3593 }
3594
e384662b
JH		 3595 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3596 sizeof(cp->addr));
561aafbc
JH		 3597
3598failed:
3599 hci_dev_unlock(hdev);
561aafbc
JH		 3600 return err;
3601}
3602
bdb6d971 3603static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3604 u16 len)
7fbec224 3605{
650f726d 3606 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3607 u8 status;
7fbec224
AJ		 3608 int err;
3609
bdb6d971 3610 BT_DBG("%s", hdev->name);
7fbec224 3611
4ee71b20 3612 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3613 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3614 MGMT_STATUS_INVALID_PARAMS,
3615 &cp->addr, sizeof(cp->addr));
4ee71b20 3616
09fd0de5 3617 hci_dev_lock(hdev);
5e762444 3618
88c1fe4b 3619 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3620 if (err < 0)
f0eeea8b 3621 status = MGMT_STATUS_FAILED;
7fbec224 3622 else
a6785be2 3623 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3624
bdb6d971 3625 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3626 &cp->addr, sizeof(cp->addr));
5e762444 3627
09fd0de5 3628 hci_dev_unlock(hdev);
7fbec224
AJ		 3629
3630 return err;
3631}
3632
bdb6d971 3633static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3634 u16 len)
7fbec224 3635{
650f726d 3636 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3637 u8 status;
7fbec224
AJ		 3638 int err;
3639
bdb6d971 3640 BT_DBG("%s", hdev->name);
7fbec224 3641
4ee71b20 3642 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3643 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3644 MGMT_STATUS_INVALID_PARAMS,
3645 &cp->addr, sizeof(cp->addr));
4ee71b20 3646
09fd0de5 3647 hci_dev_lock(hdev);
5e762444 3648
88c1fe4b 3649 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3650 if (err < 0)
f0eeea8b 3651 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3652 else
a6785be2 3653 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3654
bdb6d971 3655 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3656 &cp->addr, sizeof(cp->addr));
5e762444 3657
09fd0de5 3658 hci_dev_unlock(hdev);
7fbec224
AJ		 3659
3660 return err;
3661}
3662
cdbaccca
MH		 3663static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3664 u16 len)
3665{
3666 struct mgmt_cp_set_device_id *cp = data;
890ea898 3667 struct hci_request req;
cdbaccca 3668 int err;
c72d4b8a 3669 __u16 source;
cdbaccca
MH		 3670
3671 BT_DBG("%s", hdev->name);
3672
c72d4b8a
SJ		 3673 source = __le16_to_cpu(cp->source);
3674
3675 if (source > 0x0002)
3676 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3677 MGMT_STATUS_INVALID_PARAMS);
3678
cdbaccca
MH		 3679 hci_dev_lock(hdev);
3680
c72d4b8a 3681 hdev->devid_source = source;
cdbaccca
MH		 3682 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3683 hdev->devid_product = __le16_to_cpu(cp->product);
3684 hdev->devid_version = __le16_to_cpu(cp->version);
3685
3686 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3687
890ea898
JH		 3688 hci_req_init(&req, hdev);
3689 update_eir(&req);
3690 hci_req_run(&req, NULL);
cdbaccca
MH		 3691
3692 hci_dev_unlock(hdev);
3693
3694 return err;
3695}
3696
4375f103
JH		 3697static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3698{
3699 struct cmd_lookup match = { NULL, hdev };
3700
3701 if (status) {
3702 u8 mgmt_err = mgmt_status(status);
3703
3704 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3705 cmd_status_rsp, &mgmt_err);
3706 return;
3707 }
3708
3709 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3710 &match);
3711
3712 new_settings(hdev, match.sk);
3713
3714 if (match.sk)
3715 sock_put(match.sk);
3716}
3717
21b5187f
MH		 3718static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3719 u16 len)
4375f103
JH		 3720{
3721 struct mgmt_mode *cp = data;
3722 struct pending_cmd *cmd;
3723 struct hci_request req;
e6fe7986 3724 u8 val, enabled, status;
4375f103
JH		 3725 int err;
3726
3727 BT_DBG("request for %s", hdev->name);
3728
e6fe7986
JH		 3729 status = mgmt_le_support(hdev);
3730 if (status)
4375f103 3731 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3732 status);
4375f103
JH		 3733
3734 if (cp->val != 0x00 && cp->val != 0x01)
3735 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3736 MGMT_STATUS_INVALID_PARAMS);
3737
3738 hci_dev_lock(hdev);
3739
3740 val = !!cp->val;
f3d3444a 3741 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3742
f74ca9b8
JH		 3743 /* The following conditions are ones which mean that we should
3744 * not do any HCI communication but directly send a mgmt
3745 * response to user space (after toggling the flag if
3746 * necessary).
3747 */
3748 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3749 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3750 bool changed = false;
3751
f3d3444a
JH		 3752 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3753 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3754 changed = true;
3755 }
3756
3757 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3758 if (err < 0)
3759 goto unlock;
3760
3761 if (changed)
3762 err = new_settings(hdev, sk);
3763
3764 goto unlock;
3765 }
3766
3767 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3768 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3769 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3770 MGMT_STATUS_BUSY);
3771 goto unlock;
3772 }
3773
3774 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3775 if (!cmd) {
3776 err = -ENOMEM;
3777 goto unlock;
3778 }
3779
3780 hci_req_init(&req, hdev);
3781
bba3aa55
MH		 3782 if (val)
3783 enable_advertising(&req);
3784 else
3785 disable_advertising(&req);
4375f103
JH		 3786
3787 err = hci_req_run(&req, set_advertising_complete);
3788 if (err < 0)
3789 mgmt_pending_remove(cmd);
3790
3791unlock:
3792 hci_dev_unlock(hdev);
3793 return err;
3794}
3795
d13eafce
MH		 3796static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3797 void *data, u16 len)
3798{
3799 struct mgmt_cp_set_static_address *cp = data;
3800 int err;
3801
3802 BT_DBG("%s", hdev->name);
3803
62af4443 3804 if (!lmp_le_capable(hdev))
d13eafce 3805 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3806 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3807
3808 if (hdev_is_powered(hdev))
3809 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3810 MGMT_STATUS_REJECTED);
3811
3812 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3813 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3814 return cmd_status(sk, hdev->id,
3815 MGMT_OP_SET_STATIC_ADDRESS,
3816 MGMT_STATUS_INVALID_PARAMS);
3817
3818 /* Two most significant bits shall be set */
3819 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3820 return cmd_status(sk, hdev->id,
3821 MGMT_OP_SET_STATIC_ADDRESS,
3822 MGMT_STATUS_INVALID_PARAMS);
3823 }
3824
3825 hci_dev_lock(hdev);
3826
3827 bacpy(&hdev->static_addr, &cp->bdaddr);
3828
3829 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3830
3831 hci_dev_unlock(hdev);
3832
3833 return err;
3834}
3835
14b49b9a
MH		 3836static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3837 void *data, u16 len)
3838{
3839 struct mgmt_cp_set_scan_params *cp = data;
3840 __u16 interval, window;
3841 int err;
3842
3843 BT_DBG("%s", hdev->name);
3844
3845 if (!lmp_le_capable(hdev))
3846 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3847 MGMT_STATUS_NOT_SUPPORTED);
3848
3849 interval = __le16_to_cpu(cp->interval);
3850
3851 if (interval < 0x0004 || interval > 0x4000)
3852 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3853 MGMT_STATUS_INVALID_PARAMS);
3854
3855 window = __le16_to_cpu(cp->window);
3856
3857 if (window < 0x0004 || window > 0x4000)
3858 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3859 MGMT_STATUS_INVALID_PARAMS);
3860
899e1075
MH		 3861 if (window > interval)
3862 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3863 MGMT_STATUS_INVALID_PARAMS);
3864
14b49b9a
MH		 3865 hci_dev_lock(hdev);
3866
3867 hdev->le_scan_interval = interval;
3868 hdev->le_scan_window = window;
3869
3870 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3871
3872 hci_dev_unlock(hdev);
3873
3874 return err;
3875}
3876
33e38b3e
JH		 3877static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3878{
3879 struct pending_cmd *cmd;
3880
3881 BT_DBG("status 0x%02x", status);
3882
3883 hci_dev_lock(hdev);
3884
3885 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3886 if (!cmd)
3887 goto unlock;
3888
3889 if (status) {
3890 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3891 mgmt_status(status));
3892 } else {
1a4d3c4b
JH		 3893 struct mgmt_mode *cp = cmd->param;
3894
3895 if (cp->val)
3896 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3897 else
3898 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3899
33e38b3e
JH		 3900 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3901 new_settings(hdev, cmd->sk);
3902 }
3903
3904 mgmt_pending_remove(cmd);
3905
3906unlock:
3907 hci_dev_unlock(hdev);
3908}
3909
bdb6d971 3910static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3911 void *data, u16 len)
f6422ec6 3912{
650f726d 3913 struct mgmt_mode *cp = data;
33e38b3e
JH		 3914 struct pending_cmd *cmd;
3915 struct hci_request req;
f6422ec6
AJ		 3916 int err;
3917
bdb6d971 3918 BT_DBG("%s", hdev->name);
f6422ec6 3919
56f87901
JH		 3920 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3921 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3922 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3923 MGMT_STATUS_NOT_SUPPORTED);
3924
a7e80f25
JH		 3925 if (cp->val != 0x00 && cp->val != 0x01)
3926 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3927 MGMT_STATUS_INVALID_PARAMS);
3928
5400c044 3929 if (!hdev_is_powered(hdev))
bdb6d971 3930 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3931 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3932
3933 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3934 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3935 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3936
3937 hci_dev_lock(hdev);
3938
05cbf29f
JH		 3939 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3940 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3941 MGMT_STATUS_BUSY);
3942 goto unlock;
3943 }
3944
1a4d3c4b
JH		 3945 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3946 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3947 hdev);
3948 goto unlock;
3949 }
3950
33e38b3e
JH		 3951 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3952 data, len);
3953 if (!cmd) {
3954 err = -ENOMEM;
3955 goto unlock;
f6422ec6
AJ		 3956 }
3957
33e38b3e
JH		 3958 hci_req_init(&req, hdev);
3959
406d7804 3960 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3961
3962 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3963 if (err < 0) {
bdb6d971 3964 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3965 MGMT_STATUS_FAILED);
33e38b3e 3966 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3967 }
3968
33e38b3e 3969unlock:
f6422ec6 3970 hci_dev_unlock(hdev);
33e38b3e 3971
f6422ec6
AJ		 3972 return err;
3973}
3974
67e5a7a3
JH		 3975static void set_bredr_scan(struct hci_request *req)
3976{
3977 struct hci_dev *hdev = req->hdev;
3978 u8 scan = 0;
3979
3980 /* Ensure that fast connectable is disabled. This function will
3981 * not do anything if the page scan parameters are already what
3982 * they should be.
3983 */
3984 write_fast_connectable(req, false);
3985
3986 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3987 scan |= SCAN_PAGE;
3988 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3989 scan |= SCAN_INQUIRY;
3990
3991 if (scan)
3992 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3993}
3994
0663ca2a
JH		 3995static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3996{
3997 struct pending_cmd *cmd;
3998
3999 BT_DBG("status 0x%02x", status);
4000
4001 hci_dev_lock(hdev);
4002
4003 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4004 if (!cmd)
4005 goto unlock;
4006
4007 if (status) {
4008 u8 mgmt_err = mgmt_status(status);
4009
4010 /* We need to restore the flag if related HCI commands
4011 * failed.
4012 */
4013 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4014
4015 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4016 } else {
4017 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4018 new_settings(hdev, cmd->sk);
4019 }
4020
4021 mgmt_pending_remove(cmd);
4022
4023unlock:
4024 hci_dev_unlock(hdev);
4025}
4026
4027static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4028{
4029 struct mgmt_mode *cp = data;
4030 struct pending_cmd *cmd;
4031 struct hci_request req;
4032 int err;
4033
4034 BT_DBG("request for %s", hdev->name);
4035
4036 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4037 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4038 MGMT_STATUS_NOT_SUPPORTED);
4039
4040 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4041 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4042 MGMT_STATUS_REJECTED);
4043
4044 if (cp->val != 0x00 && cp->val != 0x01)
4045 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4046 MGMT_STATUS_INVALID_PARAMS);
4047
4048 hci_dev_lock(hdev);
4049
4050 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4051 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4052 goto unlock;
4053 }
4054
4055 if (!hdev_is_powered(hdev)) {
4056 if (!cp->val) {
0663ca2a
JH		 4057 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4058 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4059 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4060 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4061 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4062 }
4063
4064 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4065
4066 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4067 if (err < 0)
4068 goto unlock;
4069
4070 err = new_settings(hdev, sk);
4071 goto unlock;
4072 }
4073
4074 /* Reject disabling when powered on */
4075 if (!cp->val) {
4076 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4077 MGMT_STATUS_REJECTED);
4078 goto unlock;
4079 }
4080
4081 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4082 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4083 MGMT_STATUS_BUSY);
4084 goto unlock;
4085 }
4086
4087 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4088 if (!cmd) {
4089 err = -ENOMEM;
4090 goto unlock;
4091 }
4092
5947f4bc 4093 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4094 * generates the correct flags.
4095 */
4096 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4097
4098 hci_req_init(&req, hdev);
aa8af46e
JH		 4099
4100 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4101 set_bredr_scan(&req);
4102
f14d8f64
MH		 4103 /* Since only the advertising data flags will change, there
4104 * is no need to update the scan response data.
4105 */
5947f4bc 4106 update_adv_data(&req);
aa8af46e 4107
0663ca2a
JH		 4108 err = hci_req_run(&req, set_bredr_complete);
4109 if (err < 0)
4110 mgmt_pending_remove(cmd);
4111
4112unlock:
4113 hci_dev_unlock(hdev);
4114 return err;
4115}
4116
eac83dc6
MH		 4117static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4118 void *data, u16 len)
4119{
4120 struct mgmt_mode *cp = data;
4121 struct pending_cmd *cmd;
0ab04a9c 4122 u8 val, status;
eac83dc6
MH		 4123 int err;
4124
4125 BT_DBG("request for %s", hdev->name);
4126
4127 status = mgmt_bredr_support(hdev);
4128 if (status)
4129 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4130 status);
4131
5afeac14
MH		 4132 if (!lmp_sc_capable(hdev) &&
4133 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
eac83dc6
MH		 4134 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4135 MGMT_STATUS_NOT_SUPPORTED);
4136
0ab04a9c 4137 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4138 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4139 MGMT_STATUS_INVALID_PARAMS);
4140
4141 hci_dev_lock(hdev);
4142
4143 if (!hdev_is_powered(hdev)) {
4144 bool changed;
4145
0ab04a9c 4146 if (cp->val) {
eac83dc6
MH		 4147 changed = !test_and_set_bit(HCI_SC_ENABLED,
4148 &hdev->dev_flags);
0ab04a9c
MH		 4149 if (cp->val == 0x02)
4150 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4151 else
4152 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4153 } else {
eac83dc6
MH		 4154 changed = test_and_clear_bit(HCI_SC_ENABLED,
4155 &hdev->dev_flags);
0ab04a9c
MH		 4156 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4157 }
eac83dc6
MH		 4158
4159 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4160 if (err < 0)
4161 goto failed;
4162
4163 if (changed)
4164 err = new_settings(hdev, sk);
4165
4166 goto failed;
4167 }
4168
4169 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4170 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4171 MGMT_STATUS_BUSY);
4172 goto failed;
4173 }
4174
0ab04a9c
MH		 4175 val = !!cp->val;
4176
4177 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4178 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4179 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4180 goto failed;
4181 }
4182
4183 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4184 if (!cmd) {
4185 err = -ENOMEM;
4186 goto failed;
4187 }
4188
0ab04a9c 4189 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4190 if (err < 0) {
4191 mgmt_pending_remove(cmd);
4192 goto failed;
4193 }
4194
0ab04a9c
MH		 4195 if (cp->val == 0x02)
4196 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4197 else
4198 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4199
eac83dc6
MH		 4200failed:
4201 hci_dev_unlock(hdev);
4202 return err;
4203}
4204
4e39ac81
MH		 4205static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4206 void *data, u16 len)
4207{
4208 struct mgmt_mode *cp = data;
4209 bool changed;
4210 int err;
4211
4212 BT_DBG("request for %s", hdev->name);
4213
4214 if (cp->val != 0x00 && cp->val != 0x01)
4215 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4216 MGMT_STATUS_INVALID_PARAMS);
4217
4218 hci_dev_lock(hdev);
4219
4220 if (cp->val)
4221 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4222 else
4223 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4224
4225 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4226 if (err < 0)
4227 goto unlock;
4228
4229 if (changed)
4230 err = new_settings(hdev, sk);
4231
4232unlock:
4233 hci_dev_unlock(hdev);
4234 return err;
4235}
4236
62b04cd1
JH		 4237static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4238 u16 len)
4239{
4240 struct mgmt_cp_set_privacy *cp = cp_data;
4241 bool changed;
4242 int err;
4243
4244 BT_DBG("request for %s", hdev->name);
4245
4246 if (!lmp_le_capable(hdev))
4247 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4248 MGMT_STATUS_NOT_SUPPORTED);
4249
4250 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4251 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4252 MGMT_STATUS_INVALID_PARAMS);
4253
4254 if (hdev_is_powered(hdev))
4255 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4256 MGMT_STATUS_REJECTED);
4257
4258 hci_dev_lock(hdev);
4259
c21c0ea0
JH		 4260 /* If user space supports this command it is also expected to
4261 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4262 */
4263 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4264
62b04cd1
JH		 4265 if (cp->privacy) {
4266 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4267 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4268 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4269 } else {
4270 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4271 memset(hdev->irk, 0, sizeof(hdev->irk));
4272 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4273 }
4274
4275 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4276 if (err < 0)
4277 goto unlock;
4278
4279 if (changed)
4280 err = new_settings(hdev, sk);
4281
4282unlock:
4283 hci_dev_unlock(hdev);
4284 return err;
4285}
4286
41edf160
JH		 4287static bool irk_is_valid(struct mgmt_irk_info *irk)
4288{
4289 switch (irk->addr.type) {
4290 case BDADDR_LE_PUBLIC:
4291 return true;
4292
4293 case BDADDR_LE_RANDOM:
4294 /* Two most significant bits shall be set */
4295 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4296 return false;
4297 return true;
4298 }
4299
4300 return false;
4301}
4302
4303static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4304 u16 len)
4305{
4306 struct mgmt_cp_load_irks *cp = cp_data;
4307 u16 irk_count, expected_len;
4308 int i, err;
4309
4310 BT_DBG("request for %s", hdev->name);
4311
4312 if (!lmp_le_capable(hdev))
4313 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4314 MGMT_STATUS_NOT_SUPPORTED);
4315
4316 irk_count = __le16_to_cpu(cp->irk_count);
4317
4318 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4319 if (expected_len != len) {
4320 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4321 len, expected_len);
4322 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4323 MGMT_STATUS_INVALID_PARAMS);
4324 }
4325
4326 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4327
4328 for (i = 0; i < irk_count; i++) {
4329 struct mgmt_irk_info *key = &cp->irks[i];
4330
4331 if (!irk_is_valid(key))
4332 return cmd_status(sk, hdev->id,
4333 MGMT_OP_LOAD_IRKS,
4334 MGMT_STATUS_INVALID_PARAMS);
4335 }
4336
4337 hci_dev_lock(hdev);
4338
4339 hci_smp_irks_clear(hdev);
4340
4341 for (i = 0; i < irk_count; i++) {
4342 struct mgmt_irk_info *irk = &cp->irks[i];
4343 u8 addr_type;
4344
4345 if (irk->addr.type == BDADDR_LE_PUBLIC)
4346 addr_type = ADDR_LE_DEV_PUBLIC;
4347 else
4348 addr_type = ADDR_LE_DEV_RANDOM;
4349
4350 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4351 BDADDR_ANY);
4352 }
4353
4354 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4355
4356 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4357
4358 hci_dev_unlock(hdev);
4359
4360 return err;
4361}
4362
3f706b72
JH		 4363static bool ltk_is_valid(struct mgmt_ltk_info *key)
4364{
4365 if (key->master != 0x00 && key->master != 0x01)
4366 return false;
490cb0b3
MH		 4367
4368 switch (key->addr.type) {
4369 case BDADDR_LE_PUBLIC:
4370 return true;
4371
4372 case BDADDR_LE_RANDOM:
4373 /* Two most significant bits shall be set */
4374 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4375 return false;
4376 return true;
4377 }
4378
4379 return false;
3f706b72
JH		 4380}
4381
bdb6d971 4382static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4383 void *cp_data, u16 len)
346af67b 4384{
346af67b
VCG		 4385 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4386 u16 key_count, expected_len;
715a5bf2 4387 int i, err;
346af67b 4388
cf99ba13
MH		 4389 BT_DBG("request for %s", hdev->name);
4390
4391 if (!lmp_le_capable(hdev))
4392 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4393 MGMT_STATUS_NOT_SUPPORTED);
4394
1f350c87 4395 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4396
4397 expected_len = sizeof(*cp) + key_count *
4398 sizeof(struct mgmt_ltk_info);
4399 if (expected_len != len) {
4400 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 4401 len, expected_len);
bdb6d971 4402 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4403 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4404 }
4405
bdb6d971 4406 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4407
54ad6d8a
JH		 4408 for (i = 0; i < key_count; i++) {
4409 struct mgmt_ltk_info *key = &cp->keys[i];
4410
3f706b72 4411 if (!ltk_is_valid(key))
54ad6d8a
JH		 4412 return cmd_status(sk, hdev->id,
4413 MGMT_OP_LOAD_LONG_TERM_KEYS,
4414 MGMT_STATUS_INVALID_PARAMS);
4415 }
4416
346af67b
VCG		 4417 hci_dev_lock(hdev);
4418
4419 hci_smp_ltks_clear(hdev);
4420
4421 for (i = 0; i < key_count; i++) {
4422 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 4423 u8 type, addr_type;
4424
4425 if (key->addr.type == BDADDR_LE_PUBLIC)
4426 addr_type = ADDR_LE_DEV_PUBLIC;
4427 else
4428 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4429
4430 if (key->master)
4431 type = HCI_SMP_LTK;
4432 else
4433 type = HCI_SMP_LTK_SLAVE;
4434
35d70271
JH		 4435 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4436 key->type, key->val, key->enc_size, key->ediv,
4437 key->rand);
346af67b
VCG		 4438 }
4439
715a5bf2
JH		 4440 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4441 NULL, 0);
4442
346af67b 4443 hci_dev_unlock(hdev);
346af67b 4444
715a5bf2 4445 return err;
346af67b
VCG		 4446}
4447
2e3c35ea 4448static const struct mgmt_handler {
04124681
GP		 4449 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4450 u16 data_len);
be22b54e
JH		 4451 bool var_len;
4452 size_t data_len;
0f4e68cf
JH		 4453} mgmt_handlers[] = {
4454 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4455 { read_version, false, MGMT_READ_VERSION_SIZE },
4456 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4457 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4458 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4459 { set_powered, false, MGMT_SETTING_SIZE },
4460 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4461 { set_connectable, false, MGMT_SETTING_SIZE },
4462 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4463 { set_pairable, false, MGMT_SETTING_SIZE },
4464 { set_link_security, false, MGMT_SETTING_SIZE },
4465 { set_ssp, false, MGMT_SETTING_SIZE },
4466 { set_hs, false, MGMT_SETTING_SIZE },
4467 { set_le, false, MGMT_SETTING_SIZE },
4468 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4469 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4470 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4471 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4472 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4473 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4474 { disconnect, false, MGMT_DISCONNECT_SIZE },
4475 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4476 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4477 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4478 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4479 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4480 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4481 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4482 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4483 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4484 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4485 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4486 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 4487 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 4488 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4489 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4490 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4491 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4492 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4493 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4494 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4495 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4496 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4497 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4498 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 4499 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 4500 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 4501 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 4502 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
0f4e68cf
JH		 4503};
4504
4505
0381101f
JH		 4506int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4507{
650f726d
VCG		 4508 void *buf;
4509 u8 *cp;
0381101f 4510 struct mgmt_hdr *hdr;
4e51eae9 4511 u16 opcode, index, len;
bdb6d971 4512 struct hci_dev *hdev = NULL;
2e3c35ea 4513 const struct mgmt_handler *handler;
0381101f
JH		 4514 int err;
4515
4516 BT_DBG("got %zu bytes", msglen);
4517
4518 if (msglen < sizeof(*hdr))
4519 return -EINVAL;
4520
e63a15ec 4521 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4522 if (!buf)
4523 return -ENOMEM;
4524
4525 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4526 err = -EFAULT;
4527 goto done;
4528 }
4529
650f726d 4530 hdr = buf;
1f350c87
MH		 4531 opcode = __le16_to_cpu(hdr->opcode);
4532 index = __le16_to_cpu(hdr->index);
4533 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4534
4535 if (len != msglen - sizeof(*hdr)) {
4536 err = -EINVAL;
4537 goto done;
4538 }
4539
0f4e68cf 4540 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4541 hdev = hci_dev_get(index);
4542 if (!hdev) {
4543 err = cmd_status(sk, index, opcode,
04124681 4544 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4545 goto done;
4546 }
0736cfa8 4547
cebf4cfd
JH		 4548 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4549 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4550 err = cmd_status(sk, index, opcode,
4551 MGMT_STATUS_INVALID_INDEX);
4552 goto done;
4553 }
bdb6d971
JH		 4554 }
4555
0f4e68cf 4556 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4557 mgmt_handlers[opcode].func == NULL) {
0381101f 4558 BT_DBG("Unknown op %u", opcode);
ca69b795 4559 err = cmd_status(sk, index, opcode,
04124681 4560 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4561 goto done;
4562 }
4563
4564 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4565 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4566 err = cmd_status(sk, index, opcode,
04124681 4567 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4568 goto done;
0381101f
JH		 4569 }
4570
be22b54e
JH		 4571 handler = &mgmt_handlers[opcode];
4572
4573 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4574 (!handler->var_len && len != handler->data_len)) {
be22b54e 4575 err = cmd_status(sk, index, opcode,
04124681 4576 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4577 goto done;
4578 }
4579
0f4e68cf
JH		 4580 if (hdev)
4581 mgmt_init_hdev(sk, hdev);
4582
4583 cp = buf + sizeof(*hdr);
4584
be22b54e 4585 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4586 if (err < 0)
4587 goto done;
4588
0381101f
JH		 4589 err = msglen;
4590
4591done:
bdb6d971
JH		 4592 if (hdev)
4593 hci_dev_put(hdev);
4594
0381101f
JH		 4595 kfree(buf);
4596 return err;
4597}
c71e97bf 4598
bf6b56db 4599void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4600{
1514b892 4601 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4602 return;
bb4b2a9a 4603
bf6b56db 4604 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4605}
4606
bf6b56db 4607void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4608{
5f159032 4609 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4610
1514b892 4611 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4612 return;
bb4b2a9a 4613
744cf19e 4614 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4615
bf6b56db 4616 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4617}
4618
229ab39c
JH		 4619static void powered_complete(struct hci_dev *hdev, u8 status)
4620{
4621 struct cmd_lookup match = { NULL, hdev };
4622
4623 BT_DBG("status 0x%02x", status);
4624
4625 hci_dev_lock(hdev);
4626
4627 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4628
4629 new_settings(hdev, match.sk);
4630
4631 hci_dev_unlock(hdev);
4632
4633 if (match.sk)
4634 sock_put(match.sk);
4635}
4636
70da6243 4637static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4638{
890ea898 4639 struct hci_request req;
70da6243 4640 u8 link_sec;
5add6af8 4641
890ea898
JH		 4642 hci_req_init(&req, hdev);
4643
70da6243
JH		 4644 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4645 !lmp_host_ssp_capable(hdev)) {
4646 u8 ssp = 1;
5e5282bb 4647
890ea898 4648 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4649 }
5add6af8 4650
c73eee91
JH		 4651 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4652 lmp_bredr_capable(hdev)) {
70da6243 4653 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4654
70da6243
JH		 4655 cp.le = 1;
4656 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4657
70da6243
JH		 4658 /* Check first if we already have the right
4659 * host state (host features set)
4660 */
4661 if (cp.le != lmp_host_le_capable(hdev) ||
4662 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4663 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4664 sizeof(cp), &cp);
70da6243 4665 }
3d1cbdd6 4666
d13eafce 4667 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 4668 /* Make sure the controller has a good default for
4669 * advertising data. This also applies to the case
4670 * where BR/EDR was toggled during the AUTO_OFF phase.
4671 */
f14d8f64 4672 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 4673 update_adv_data(&req);
f14d8f64
MH		 4674 update_scan_rsp_data(&req);
4675 }
441ad2d0 4676
bba3aa55
MH		 4677 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4678 enable_advertising(&req);
eeca6f89
JH		 4679 }
4680
70da6243
JH		 4681 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4682 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4683 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4684 sizeof(link_sec), &link_sec);
562fcc24 4685
70da6243 4686 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4687 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4688 set_bredr_scan(&req);
890ea898 4689 update_class(&req);
13928971 4690 update_name(&req);
890ea898 4691 update_eir(&req);
70da6243 4692 }
562fcc24 4693
229ab39c 4694 return hci_req_run(&req, powered_complete);
70da6243 4695}
562fcc24 4696
70da6243
JH		 4697int mgmt_powered(struct hci_dev *hdev, u8 powered)
4698{
4699 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4700 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4701 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4702 int err;
f0ff92fb 4703
70da6243
JH		 4704 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4705 return 0;
4706
70da6243 4707 if (powered) {
229ab39c
JH		 4708 if (powered_update_hci(hdev) == 0)
4709 return 0;
fe038884 4710
229ab39c
JH		 4711 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4712 &match);
4713 goto new_settings;
b24752fe
JH		 4714 }
4715
229ab39c
JH		 4716 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4717 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4718
4719 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4720 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4721 zero_cod, sizeof(zero_cod), NULL);
4722
4723new_settings:
beadb2bd 4724 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4725
4726 if (match.sk)
4727 sock_put(match.sk);
4728
7bb895d6 4729 return err;
5add6af8 4730}
73f22f62 4731
3eec705e 4732void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4733{
4734 struct pending_cmd *cmd;
4735 u8 status;
4736
4737 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4738 if (!cmd)
3eec705e 4739 return;
96570ffc
JH		 4740
4741 if (err == -ERFKILL)
4742 status = MGMT_STATUS_RFKILLED;
4743 else
4744 status = MGMT_STATUS_FAILED;
4745
3eec705e 4746 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4747
4748 mgmt_pending_remove(cmd);
96570ffc
JH		 4749}
4750
d1967ff8
MH		 4751void mgmt_discoverable_timeout(struct hci_dev *hdev)
4752{
4753 struct hci_request req;
d1967ff8
MH		 4754
4755 hci_dev_lock(hdev);
4756
4757 /* When discoverable timeout triggers, then just make sure
4758 * the limited discoverable flag is cleared. Even in the case
4759 * of a timeout triggered from general discoverable, it is
4760 * safe to unconditionally clear the flag.
4761 */
4762 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 4763 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 4764
4765 hci_req_init(&req, hdev);
4b580614
JH		 4766 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4767 u8 scan = SCAN_PAGE;
4768 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4769 sizeof(scan), &scan);
4770 }
d1967ff8 4771 update_class(&req);
9a43e25f 4772 update_adv_data(&req);
d1967ff8
MH		 4773 hci_req_run(&req, NULL);
4774
4775 hdev->discov_timeout = 0;
4776
9a43e25f
JH		 4777 new_settings(hdev, NULL);
4778
d1967ff8
MH		 4779 hci_dev_unlock(hdev);
4780}
4781
86a75645 4782void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4783{
86a75645 4784 bool changed;
73f22f62 4785
bfaf8c9f
JH		 4786 /* Nothing needed here if there's a pending command since that
4787 * commands request completion callback takes care of everything
4788 * necessary.
4789 */
4790 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 4791 return;
bfaf8c9f 4792
9a43e25f 4793 if (discoverable) {
86a75645 4794 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4795 } else {
4796 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 4797 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4798 }
4799
4800 if (changed) {
4801 struct hci_request req;
4802
4803 /* In case this change in discoverable was triggered by
4804 * a disabling of connectable there could be a need to
4805 * update the advertising flags.
4806 */
4807 hci_req_init(&req, hdev);
4808 update_adv_data(&req);
4809 hci_req_run(&req, NULL);
73f22f62 4810
86a75645 4811 new_settings(hdev, NULL);
9a43e25f 4812 }
73f22f62 4813}
9fbcbb45 4814
a330916c 4815void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4816{
a330916c 4817 bool changed;
9fbcbb45 4818
d7b856f9
JH		 4819 /* Nothing needed here if there's a pending command since that
4820 * commands request completion callback takes care of everything
4821 * necessary.
4822 */
4823 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 4824 return;
d7b856f9 4825
a330916c
MH		 4826 if (connectable)
4827 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4828 else
4829 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 4830
beadb2bd 4831 if (changed)
a330916c 4832 new_settings(hdev, NULL);
9fbcbb45 4833}
55ed8ca1 4834
778b235a
JH		 4835void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
4836{
4837 if (advertising)
4838 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4839 else
4840 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4841}
4842
4796e8af 4843void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4844{
ca69b795
JH		 4845 u8 mgmt_err = mgmt_status(status);
4846
2d7cee58 4847 if (scan & SCAN_PAGE)
744cf19e 4848 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4849 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4850
4851 if (scan & SCAN_INQUIRY)
744cf19e 4852 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4853 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4854}
4855
dc4a5ee2
MH		 4856void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4857 bool persistent)
55ed8ca1 4858{
86742e1e 4859 struct mgmt_ev_new_link_key ev;
55ed8ca1 4860
a492cd52 4861 memset(&ev, 0, sizeof(ev));
55ed8ca1 4862
a492cd52 4863 ev.store_hint = persistent;
d753fdc4 4864 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4865 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4866 ev.key.type = key->type;
9b3b4460 4867 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4868 ev.key.pin_len = key->pin_len;
55ed8ca1 4869
dc4a5ee2 4870 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4871}
f7520543 4872
ba74b666 4873void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key)
346af67b
VCG		 4874{
4875 struct mgmt_ev_new_long_term_key ev;
4876
4877 memset(&ev, 0, sizeof(ev));
4878
5192d301
MH		 4879 /* Devices using resolvable or non-resolvable random addresses
4880 * without providing an indentity resolving key don't require
4881 * to store long term keys. Their addresses will change the
4882 * next time around.
4883 *
4884 * Only when a remote device provides an identity address
4885 * make sure the long term key is stored. If the remote
4886 * identity is known, the long term keys are internally
4887 * mapped to the identity address. So allow static random
4888 * and public addresses here.
4889 */
ba74b666
JH		 4890 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
4891 (key->bdaddr.b[5] & 0xc0) != 0xc0)
4892 ev.store_hint = 0x00;
4893 else
4894 ev.store_hint = 0x01;
4895
346af67b 4896 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4897 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d40f3eef 4898 ev.key.type = key->authenticated;
346af67b
VCG		 4899 ev.key.enc_size = key->enc_size;
4900 ev.key.ediv = key->ediv;
4901
4902 if (key->type == HCI_SMP_LTK)
4903 ev.key.master = 1;
4904
4905 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4906 memcpy(ev.key.val, key->val, sizeof(key->val));
4907
083368f7 4908 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 4909}
4910
95fbac8a
JH		 4911void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
4912{
4913 struct mgmt_ev_new_irk ev;
4914
4915 memset(&ev, 0, sizeof(ev));
4916
bab6d1e5
MH		 4917 /* For identity resolving keys from devices that are already
4918 * using a public address or static random address, do not
4919 * ask for storing this key. The identity resolving key really
4920 * is only mandatory for devices using resovlable random
4921 * addresses.
4922 *
4923 * Storing all identity resolving keys has the downside that
4924 * they will be also loaded on next boot of they system. More
4925 * identity resolving keys, means more time during scanning is
4926 * needed to actually resolve these addresses.
4927 */
4928 if (bacmp(&irk->rpa, BDADDR_ANY))
4929 ev.store_hint = 0x01;
4930 else
4931 ev.store_hint = 0x00;
4932
95fbac8a
JH		 4933 bacpy(&ev.rpa, &irk->rpa);
4934 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
4935 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
4936 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
4937
4938 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
4939}
4940
94933991
MH		 4941static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
4942 u8 data_len)
4943{
4944 eir[eir_len++] = sizeof(type) + data_len;
4945 eir[eir_len++] = type;
4946 memcpy(&eir[eir_len], data, data_len);
4947 eir_len += data_len;
4948
4949 return eir_len;
4950}
4951
ecd90ae7
MH		 4952void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4953 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4954 u8 *dev_class)
f7520543 4955{
b644ba33
JH		 4956 char buf[512];
4957 struct mgmt_ev_device_connected *ev = (void *) buf;
4958 u16 eir_len = 0;
f7520543 4959
b644ba33 4960 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4961 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4962
c95f0ba7 4963 ev->flags = __cpu_to_le32(flags);
08c79b61 4964
b644ba33
JH		 4965 if (name_len > 0)
4966 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4967 name, name_len);
b644ba33
JH		 4968
4969 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4970 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4971 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4972
eb55ef07 4973 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 4974
ecd90ae7
MH		 4975 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4976 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4977}
4978
8962ee74
JH		 4979static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4980{
c68fb7ff 4981 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4982 struct sock **sk = data;
a38528f1 4983 struct mgmt_rp_disconnect rp;
8962ee74 4984
88c3df13
JH		 4985 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4986 rp.addr.type = cp->addr.type;
8962ee74 4987
aee9b218 4988 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4989 sizeof(rp));
8962ee74
JH		 4990
4991 *sk = cmd->sk;
4992 sock_hold(*sk);
4993
a664b5bc 4994 mgmt_pending_remove(cmd);
8962ee74
JH		 4995}
4996
124f6e35 4997static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4998{
b1078ad0 4999 struct hci_dev *hdev = data;
124f6e35
JH		 5000 struct mgmt_cp_unpair_device *cp = cmd->param;
5001 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 5002
5003 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 5004 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5005 rp.addr.type = cp->addr.type;
a8a1d19e 5006
b1078ad0
JH		 5007 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5008
aee9b218 5009 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 5010
5011 mgmt_pending_remove(cmd);
5012}
5013
9b80ec5e
MH		 5014void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
5015 u8 link_type, u8 addr_type, u8 reason)
f7520543 5016{
f0d6a0ea 5017 struct mgmt_ev_device_disconnected ev;
8962ee74 5018 struct sock *sk = NULL;
8962ee74 5019
57eb776f
AG		 5020 if (link_type != ACL_LINK && link_type != LE_LINK)
5021 return;
5022
744cf19e 5023 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5024
f0d6a0ea
MA		 5025 bacpy(&ev.addr.bdaddr, bdaddr);
5026 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5027 ev.reason = reason;
f7520543 5028
9b80ec5e 5029 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5030
5031 if (sk)
d97dcb66 5032 sock_put(sk);
8962ee74 5033
124f6e35 5034 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5035 hdev);
8962ee74
JH		 5036}
5037
7892924c
MH		 5038void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5039 u8 link_type, u8 addr_type, u8 status)
8962ee74 5040{
3655bba8
AG		 5041 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5042 struct mgmt_cp_disconnect *cp;
88c3df13 5043 struct mgmt_rp_disconnect rp;
8962ee74 5044 struct pending_cmd *cmd;
8962ee74 5045
36a75f1b
JD		 5046 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5047 hdev);
5048
2e58ef3e 5049 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5050 if (!cmd)
7892924c 5051 return;
8962ee74 5052
3655bba8
AG		 5053 cp = cmd->param;
5054
5055 if (bacmp(bdaddr, &cp->addr.bdaddr))
5056 return;
5057
5058 if (cp->addr.type != bdaddr_type)
5059 return;
5060
88c3df13 5061 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5062 rp.addr.type = bdaddr_type;
37d9ef76 5063
7892924c
MH		 5064 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5065 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5066
a664b5bc 5067 mgmt_pending_remove(cmd);
f7520543 5068}
17d5c04c 5069
445608d0
MH		 5070void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5071 u8 addr_type, u8 status)
17d5c04c
JH		 5072{
5073 struct mgmt_ev_connect_failed ev;
5074
4c659c39 5075 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5076 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5077 ev.status = mgmt_status(status);
17d5c04c 5078
445608d0 5079 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5080}
980e1a53 5081
ce0e4a0d 5082void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 5083{
5084 struct mgmt_ev_pin_code_request ev;
5085
d8457698 5086 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 5087 ev.addr.type = BDADDR_BREDR;
a770bb5a 5088 ev.secure = secure;
980e1a53 5089
ce0e4a0d 5090 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 5091}
5092
e669cf80
MH		 5093void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5094 u8 status)
980e1a53
JH		 5095{
5096 struct pending_cmd *cmd;
ac56fb13 5097 struct mgmt_rp_pin_code_reply rp;
980e1a53 5098
2e58ef3e 5099 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 5100 if (!cmd)
e669cf80 5101 return;
980e1a53 5102
d8457698 5103 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5104 rp.addr.type = BDADDR_BREDR;
ac56fb13 5105
e669cf80
MH		 5106 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5107 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5108
a664b5bc 5109 mgmt_pending_remove(cmd);
980e1a53
JH		 5110}
5111
3eb38528
MH		 5112void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5113 u8 status)
980e1a53
JH		 5114{
5115 struct pending_cmd *cmd;
ac56fb13 5116 struct mgmt_rp_pin_code_reply rp;
980e1a53 5117
2e58ef3e 5118 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 5119 if (!cmd)
3eb38528 5120 return;
980e1a53 5121
d8457698 5122 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5123 rp.addr.type = BDADDR_BREDR;
ac56fb13 5124
3eb38528
MH		 5125 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5126 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5127
a664b5bc 5128 mgmt_pending_remove(cmd);
980e1a53 5129}
a5c29683 5130
744cf19e 5131int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 5132 u8 link_type, u8 addr_type, __le32 value,
5133 u8 confirm_hint)
a5c29683
JH		 5134{
5135 struct mgmt_ev_user_confirm_request ev;
5136
744cf19e 5137 BT_DBG("%s", hdev->name);
a5c29683 5138
272d90df 5139 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5140 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 5141 ev.confirm_hint = confirm_hint;
78e8098e 5142 ev.value = value;
a5c29683 5143
744cf19e 5144 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 5145 NULL);
a5c29683
JH		 5146}
5147
272d90df 5148int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 5149 u8 link_type, u8 addr_type)
604086b7
BG		 5150{
5151 struct mgmt_ev_user_passkey_request ev;
5152
5153 BT_DBG("%s", hdev->name);
5154
272d90df 5155 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5156 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 5157
5158 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 5159 NULL);
604086b7
BG		 5160}
5161
0df4c185 5162static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 5163 u8 link_type, u8 addr_type, u8 status,
5164 u8 opcode)
a5c29683
JH		 5165{
5166 struct pending_cmd *cmd;
5167 struct mgmt_rp_user_confirm_reply rp;
5168 int err;
5169
2e58ef3e 5170 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 5171 if (!cmd)
5172 return -ENOENT;
5173
272d90df 5174 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 5175 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 5176 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 5177 &rp, sizeof(rp));
a5c29683 5178
a664b5bc 5179 mgmt_pending_remove(cmd);
a5c29683
JH		 5180
5181 return err;
5182}
5183
744cf19e 5184int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5185 u8 link_type, u8 addr_type, u8 status)
a5c29683 5186{
272d90df 5187 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5188 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 5189}
5190
272d90df 5191int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5192 u8 link_type, u8 addr_type, u8 status)
a5c29683 5193{
272d90df 5194 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5195 status,
5196 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 5197}
2a611692 5198
604086b7 5199int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5200 u8 link_type, u8 addr_type, u8 status)
604086b7 5201{
272d90df 5202 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5203 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 5204}
5205
272d90df 5206int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5207 u8 link_type, u8 addr_type, u8 status)
604086b7 5208{
272d90df 5209 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5210 status,
5211 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 5212}
5213
92a25256
JH		 5214int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5215 u8 link_type, u8 addr_type, u32 passkey,
5216 u8 entered)
5217{
5218 struct mgmt_ev_passkey_notify ev;
5219
5220 BT_DBG("%s", hdev->name);
5221
5222 bacpy(&ev.addr.bdaddr, bdaddr);
5223 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5224 ev.passkey = __cpu_to_le32(passkey);
5225 ev.entered = entered;
5226
5227 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5228}
5229
e546099c
MH		 5230void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5231 u8 addr_type, u8 status)
2a611692
JH		 5232{
5233 struct mgmt_ev_auth_failed ev;
5234
bab73cb6 5235 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5236 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5237 ev.status = mgmt_status(status);
2a611692 5238
e546099c 5239 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 5240}
b312b161 5241
464996ae 5242void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 5243{
5244 struct cmd_lookup match = { NULL, hdev };
464996ae 5245 bool changed;
33ef95ed
JH		 5246
5247 if (status) {
5248 u8 mgmt_err = mgmt_status(status);
5249 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 5250 cmd_status_rsp, &mgmt_err);
464996ae 5251 return;
33ef95ed
JH		 5252 }
5253
464996ae
MH		 5254 if (test_bit(HCI_AUTH, &hdev->flags))
5255 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5256 &hdev->dev_flags);
5257 else
5258 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5259 &hdev->dev_flags);
47990ea0 5260
33ef95ed 5261 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 5262 &match);
33ef95ed 5263
47990ea0 5264 if (changed)
464996ae 5265 new_settings(hdev, match.sk);
33ef95ed
JH		 5266
5267 if (match.sk)
5268 sock_put(match.sk);
33ef95ed
JH		 5269}
5270
890ea898 5271static void clear_eir(struct hci_request *req)
cacaf52f 5272{
890ea898 5273 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 5274 struct hci_cp_write_eir cp;
5275
976eb20e 5276 if (!lmp_ext_inq_capable(hdev))
890ea898 5277 return;
cacaf52f 5278
c80da27e
JH		 5279 memset(hdev->eir, 0, sizeof(hdev->eir));
5280
cacaf52f
JH		 5281 memset(&cp, 0, sizeof(cp));
5282
890ea898 5283 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 5284}
5285
3e248560 5286void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 5287{
5288 struct cmd_lookup match = { NULL, hdev };
890ea898 5289 struct hci_request req;
c0ecddc2 5290 bool changed = false;
ed2c4ee3
JH		 5291
5292 if (status) {
5293 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 5294
5295 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 5296 &hdev->dev_flags)) {
5297 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 5298 new_settings(hdev, NULL);
9ecb3e24 5299 }
c0ecddc2 5300
04124681
GP		 5301 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5302 &mgmt_err);
3e248560 5303 return;
c0ecddc2
JH		 5304 }
5305
5306 if (enable) {
9ecb3e24 5307 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 5308 } else {
9ecb3e24
MH		 5309 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5310 if (!changed)
5311 changed = test_and_clear_bit(HCI_HS_ENABLED,
5312 &hdev->dev_flags);
5313 else
5314 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 5315 }
5316
5317 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5318
c0ecddc2 5319 if (changed)
3e248560 5320 new_settings(hdev, match.sk);
ed2c4ee3 5321
5fc6ebb1 5322 if (match.sk)
ed2c4ee3
JH		 5323 sock_put(match.sk);
5324
890ea898
JH		 5325 hci_req_init(&req, hdev);
5326
5fc6ebb1 5327 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 5328 update_eir(&req);
5fc6ebb1 5329 else
890ea898
JH		 5330 clear_eir(&req);
5331
5332 hci_req_run(&req, NULL);
ed2c4ee3
JH		 5333}
5334
eac83dc6
MH		 5335void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5336{
5337 struct cmd_lookup match = { NULL, hdev };
5338 bool changed = false;
5339
5340 if (status) {
5341 u8 mgmt_err = mgmt_status(status);
5342
0ab04a9c
MH		 5343 if (enable) {
5344 if (test_and_clear_bit(HCI_SC_ENABLED,
5345 &hdev->dev_flags))
5346 new_settings(hdev, NULL);
5347 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5348 }
eac83dc6
MH		 5349
5350 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5351 cmd_status_rsp, &mgmt_err);
5352 return;
5353 }
5354
0ab04a9c 5355 if (enable) {
eac83dc6 5356 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 5357 } else {
eac83dc6 5358 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 5359 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5360 }
eac83dc6
MH		 5361
5362 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5363 settings_rsp, &match);
5364
5365 if (changed)
5366 new_settings(hdev, match.sk);
5367
5368 if (match.sk)
5369 sock_put(match.sk);
5370}
5371
92da6097 5372static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 5373{
5374 struct cmd_lookup *match = data;
5375
90e70454
JH		 5376 if (match->sk == NULL) {
5377 match->sk = cmd->sk;
5378 sock_hold(match->sk);
5379 }
90e70454
JH		 5380}
5381
4e1b0245
MH		 5382void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5383 u8 status)
7f9a903c 5384{
90e70454 5385 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 5386
92da6097
JH		 5387 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5388 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5389 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 5390
5391 if (!status)
4e1b0245
MH		 5392 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5393 NULL);
90e70454
JH		 5394
5395 if (match.sk)
5396 sock_put(match.sk);
7f9a903c
MH		 5397}
5398
7667da34 5399void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 5400{
b312b161 5401 struct mgmt_cp_set_local_name ev;
13928971 5402 struct pending_cmd *cmd;
28cc7bde 5403
13928971 5404 if (status)
7667da34 5405 return;
b312b161
JH		 5406
5407 memset(&ev, 0, sizeof(ev));
5408 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 5409 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 5410
2e58ef3e 5411 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 5412 if (!cmd) {
5413 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 5414
13928971
JH		 5415 /* If this is a HCI command related to powering on the
5416 * HCI dev don't send any mgmt signals.
5417 */
5418 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 5419 return;
890ea898 5420 }
b312b161 5421
7667da34
MH		 5422 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5423 cmd ? cmd->sk : NULL);
b312b161 5424}
c35938b2 5425
4d2d2796
MH		 5426void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5427 u8 *randomizer192, u8 *hash256,
5428 u8 *randomizer256, u8 status)
c35938b2
SJ		 5429{
5430 struct pending_cmd *cmd;
c35938b2 5431
744cf19e 5432 BT_DBG("%s status %u", hdev->name, status);
c35938b2 5433
2e58ef3e 5434 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 5435 if (!cmd)
3edaf092 5436 return;
c35938b2
SJ		 5437
5438 if (status) {
3edaf092
MH		 5439 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5440 mgmt_status(status));
c35938b2 5441 } else {
4d2d2796
MH		 5442 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5443 hash256 && randomizer256) {
5444 struct mgmt_rp_read_local_oob_ext_data rp;
5445
5446 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5447 memcpy(rp.randomizer192, randomizer192,
5448 sizeof(rp.randomizer192));
c35938b2 5449
4d2d2796
MH		 5450 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5451 memcpy(rp.randomizer256, randomizer256,
5452 sizeof(rp.randomizer256));
c35938b2 5453
4d2d2796
MH		 5454 cmd_complete(cmd->sk, hdev->id,
5455 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5456 &rp, sizeof(rp));
5457 } else {
5458 struct mgmt_rp_read_local_oob_data rp;
5459
5460 memcpy(rp.hash, hash192, sizeof(rp.hash));
5461 memcpy(rp.randomizer, randomizer192,
5462 sizeof(rp.randomizer));
5463
5464 cmd_complete(cmd->sk, hdev->id,
5465 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5466 &rp, sizeof(rp));
5467 }
c35938b2
SJ		 5468 }
5469
5470 mgmt_pending_remove(cmd);
c35938b2 5471}
e17acd40 5472
901801b9
MH		 5473void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5474 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
5475 ssp, u8 *eir, u16 eir_len)
e17acd40 5476{
e319d2e7
JH		 5477 char buf[512];
5478 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 5479 struct smp_irk *irk;
1dc06093 5480 size_t ev_size;
e17acd40 5481
12602d0c 5482 if (!hci_discovery_active(hdev))
901801b9 5483 return;
12602d0c 5484
1dc06093
JH		 5485 /* Leave 5 bytes for a potential CoD field */
5486 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 5487 return;
7d262f86 5488
1dc06093
JH		 5489 memset(buf, 0, sizeof(buf));
5490
5cedbb8d
JH		 5491 irk = hci_get_irk(hdev, bdaddr, addr_type);
5492 if (irk) {
5493 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5494 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5495 } else {
5496 bacpy(&ev->addr.bdaddr, bdaddr);
5497 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5498 }
5499
e319d2e7 5500 ev->rssi = rssi;
9a395a80 5501 if (cfm_name)
612dfce9 5502 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 5503 if (!ssp)
612dfce9 5504 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 5505
1dc06093 5506 if (eir_len > 0)
e319d2e7 5507 memcpy(ev->eir, eir, eir_len);
e17acd40 5508
1dc06093
JH		 5509 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5510 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 5511 dev_class, 3);
1dc06093 5512
eb55ef07 5513 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 5514 ev_size = sizeof(*ev) + eir_len;
f8523598 5515
901801b9 5516 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 5517}
a88a9652 5518
9cf12aee
MH		 5519void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5520 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 5521{
b644ba33
JH		 5522 struct mgmt_ev_device_found *ev;
5523 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5524 u16 eir_len;
a88a9652 5525
b644ba33 5526 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 5527
b644ba33
JH		 5528 memset(buf, 0, sizeof(buf));
5529
5530 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5531 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 5532 ev->rssi = rssi;
5533
5534 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 5535 name_len);
b644ba33 5536
eb55ef07 5537 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 5538
9cf12aee 5539 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 5540}
314b2381 5541
2f1e063b 5542void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 5543{
f963e8e9 5544 struct mgmt_ev_discovering ev;
164a6e78
JH		 5545 struct pending_cmd *cmd;
5546
343fb145
AG		 5547 BT_DBG("%s discovering %u", hdev->name, discovering);
5548
164a6e78 5549 if (discovering)
2e58ef3e 5550 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 5551 else
2e58ef3e 5552 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 5553
5554 if (cmd != NULL) {
f808e166
JH		 5555 u8 type = hdev->discovery.type;
5556
04124681
GP		 5557 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5558 sizeof(type));
164a6e78
JH		 5559 mgmt_pending_remove(cmd);
5560 }
5561
f963e8e9
JH		 5562 memset(&ev, 0, sizeof(ev));
5563 ev.type = hdev->discovery.type;
5564 ev.discovering = discovering;
5565
2f1e063b 5566 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 5567}
5e762444 5568
88c1fe4b 5569int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5570{
5571 struct pending_cmd *cmd;
5572 struct mgmt_ev_device_blocked ev;
5573
2e58ef3e 5574 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 5575
88c1fe4b
JH		 5576 bacpy(&ev.addr.bdaddr, bdaddr);
5577 ev.addr.type = type;
5e762444 5578
744cf19e 5579 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 5580 cmd ? cmd->sk : NULL);
5e762444
AJ		 5581}
5582
88c1fe4b 5583int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5584{
5585 struct pending_cmd *cmd;
5586 struct mgmt_ev_device_unblocked ev;
5587
2e58ef3e 5588 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 5589
88c1fe4b
JH		 5590 bacpy(&ev.addr.bdaddr, bdaddr);
5591 ev.addr.type = type;
5e762444 5592
744cf19e 5593 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 5594 cmd ? cmd->sk : NULL);
5e762444 5595}
5976e608
MH		 5596
5597static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5598{
5599 BT_DBG("%s status %u", hdev->name, status);
5600
5601 /* Clear the advertising mgmt setting if we failed to re-enable it */
5602 if (status) {
5603 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5604 new_settings(hdev, NULL);
5976e608
MH		 5605 }
5606}
5607
5608void mgmt_reenable_advertising(struct hci_dev *hdev)
5609{
5610 struct hci_request req;
5611
b145edcd 5612 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 5613 return;
5614
5615 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5616 return;
5617
5618 hci_req_init(&req, hdev);
5619 enable_advertising(&req);
5620
5621 /* If this fails we have no option but to let user space know
5622 * that we've disabled advertising.
5623 */
5624 if (hci_req_run(&req, adv_enable_complete) < 0) {
5625 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5626 new_settings(hdev, NULL);
5976e608
MH		 5627 }
5628}
Linux kernel - Deliverables
This page took 0.606393 seconds and 5 git commands to generate.