projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add support for adv instance timeout
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
0381101f 39
2da9c55c 40#define MGMT_VERSION 1
beb1c21b 41#define MGMT_REVISION 9
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 50 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
4375f103 82 MGMT_OP_SET_ADVERTISING,
0663ca2a 83 MGMT_OP_SET_BREDR,
d13eafce 84 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 85 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 86 MGMT_OP_SET_SECURE_CONN,
4e39ac81 87 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 88 MGMT_OP_SET_PRIVACY,
41edf160 89 MGMT_OP_LOAD_IRKS,
dd983808 90 MGMT_OP_GET_CONN_INFO,
95868426 91 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 94 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 95 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 96 MGMT_OP_READ_CONFIG_INFO,
dbece37a 97 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 98 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 99 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 101 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 102 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 103 MGMT_OP_ADD_ADVERTISING,
da929335 104 MGMT_OP_REMOVE_ADVERTISING,
e70bb2e8
JH		 105};
106
107static const u16 mgmt_events[] = {
108 MGMT_EV_CONTROLLER_ERROR,
109 MGMT_EV_INDEX_ADDED,
110 MGMT_EV_INDEX_REMOVED,
111 MGMT_EV_NEW_SETTINGS,
112 MGMT_EV_CLASS_OF_DEV_CHANGED,
113 MGMT_EV_LOCAL_NAME_CHANGED,
114 MGMT_EV_NEW_LINK_KEY,
115 MGMT_EV_NEW_LONG_TERM_KEY,
116 MGMT_EV_DEVICE_CONNECTED,
117 MGMT_EV_DEVICE_DISCONNECTED,
118 MGMT_EV_CONNECT_FAILED,
119 MGMT_EV_PIN_CODE_REQUEST,
120 MGMT_EV_USER_CONFIRM_REQUEST,
121 MGMT_EV_USER_PASSKEY_REQUEST,
122 MGMT_EV_AUTH_FAILED,
123 MGMT_EV_DEVICE_FOUND,
124 MGMT_EV_DISCOVERING,
125 MGMT_EV_DEVICE_BLOCKED,
126 MGMT_EV_DEVICE_UNBLOCKED,
127 MGMT_EV_DEVICE_UNPAIRED,
92a25256 128 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 129 MGMT_EV_NEW_IRK,
7ee4ea36 130 MGMT_EV_NEW_CSRK,
8afef092
MH		 131 MGMT_EV_DEVICE_ADDED,
132 MGMT_EV_DEVICE_REMOVED,
ffb5a827 133 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 134 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 135 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 136 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 137 MGMT_EV_EXT_INDEX_ADDED,
138 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 139 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 140 MGMT_EV_ADVERTISING_ADDED,
141 MGMT_EV_ADVERTISING_REMOVED,
e70bb2e8
JH		 142};
143
17b02e62 144#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 145
d25b78e2
JH		 146#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
147 "\x00\x00\x00\x00\x00\x00\x00\x00"
148
ca69b795
JH		 149/* HCI to MGMT error code conversion table */
150static u8 mgmt_status_table[] = {
151 MGMT_STATUS_SUCCESS,
152 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
153 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
154 MGMT_STATUS_FAILED, /* Hardware Failure */
155 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
156 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 157 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 158 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
159 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
160 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
161 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
162 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
163 MGMT_STATUS_BUSY, /* Command Disallowed */
164 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
165 MGMT_STATUS_REJECTED, /* Rejected Security */
166 MGMT_STATUS_REJECTED, /* Rejected Personal */
167 MGMT_STATUS_TIMEOUT, /* Host Timeout */
168 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
169 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
170 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
171 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
172 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
173 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
174 MGMT_STATUS_BUSY, /* Repeated Attempts */
175 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
176 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
177 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
178 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
179 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
180 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
181 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
182 MGMT_STATUS_FAILED, /* Unspecified Error */
183 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
184 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
185 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
186 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
187 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
188 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
189 MGMT_STATUS_FAILED, /* Unit Link Key Used */
190 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
191 MGMT_STATUS_TIMEOUT, /* Instant Passed */
192 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
193 MGMT_STATUS_FAILED, /* Transaction Collision */
194 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
195 MGMT_STATUS_REJECTED, /* QoS Rejected */
196 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
197 MGMT_STATUS_REJECTED, /* Insufficient Security */
198 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
199 MGMT_STATUS_BUSY, /* Role Switch Pending */
200 MGMT_STATUS_FAILED, /* Slot Violation */
201 MGMT_STATUS_FAILED, /* Role Switch Failed */
202 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
203 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
204 MGMT_STATUS_BUSY, /* Host Busy Pairing */
205 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
206 MGMT_STATUS_BUSY, /* Controller Busy */
207 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
208 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
209 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
210 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
211 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
212};
213
214static u8 mgmt_status(u8 hci_status)
215{
216 if (hci_status < ARRAY_SIZE(mgmt_status_table))
217 return mgmt_status_table[hci_status];
218
219 return MGMT_STATUS_FAILED;
220}
221
c08b1a1d
MH		 222static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
223 u16 len, int flag)
f9207338 224{
c08b1a1d
MH		 225 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
226 flag, NULL);
f9207338
MH		 227}
228
72000df2
MH		 229static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
230 u16 len, int flag, struct sock *skip_sk)
231{
232 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
233 flag, skip_sk);
234}
235
f6b7712e
MH		 236static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
237 u16 len, struct sock *skip_sk)
238{
239 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
240 HCI_MGMT_GENERIC_EVENTS, skip_sk);
241}
242
7a00ff44
JH		 243static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
244 struct sock *skip_sk)
245{
246 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 247 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 248}
249
04124681
GP		 250static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
251 u16 data_len)
a38528f1
JH		 252{
253 struct mgmt_rp_read_version rp;
254
255 BT_DBG("sock %p", sk);
256
257 rp.version = MGMT_VERSION;
dcf4adbf 258 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 259
2a1afb5a
JH		 260 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
261 &rp, sizeof(rp));
a38528f1
JH		 262}
263
04124681
GP		 264static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
265 u16 data_len)
e70bb2e8
JH		 266{
267 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 268 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
269 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 270 __le16 *opcode;
e70bb2e8
JH		 271 size_t rp_size;
272 int i, err;
273
274 BT_DBG("sock %p", sk);
275
276 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
277
278 rp = kmalloc(rp_size, GFP_KERNEL);
279 if (!rp)
280 return -ENOMEM;
281
dcf4adbf
JP		 282 rp->num_commands = cpu_to_le16(num_commands);
283 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 284
285 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
286 put_unaligned_le16(mgmt_commands[i], opcode);
287
288 for (i = 0; i < num_events; i++, opcode++)
289 put_unaligned_le16(mgmt_events[i], opcode);
290
2a1afb5a
JH		 291 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
292 rp, rp_size);
e70bb2e8
JH		 293 kfree(rp);
294
295 return err;
296}
297
04124681
GP		 298static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
299 u16 data_len)
faba42eb 300{
faba42eb 301 struct mgmt_rp_read_index_list *rp;
8035ded4 302 struct hci_dev *d;
a38528f1 303 size_t rp_len;
faba42eb 304 u16 count;
476e44cb 305 int err;
faba42eb
JH		 306
307 BT_DBG("sock %p", sk);
308
309 read_lock(&hci_dev_list_lock);
310
311 count = 0;
bb4b2a9a 312 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 313 if (d->dev_type == HCI_BREDR &&
d7a5a11d 314 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 315 count++;
faba42eb
JH		 316 }
317
a38528f1
JH		 318 rp_len = sizeof(*rp) + (2 * count);
319 rp = kmalloc(rp_len, GFP_ATOMIC);
320 if (!rp) {
b2c60d42 321 read_unlock(&hci_dev_list_lock);
faba42eb 322 return -ENOMEM;
b2c60d42 323 }
faba42eb 324
476e44cb 325 count = 0;
8035ded4 326 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 327 if (hci_dev_test_flag(d, HCI_SETUP) ||
328 hci_dev_test_flag(d, HCI_CONFIG) ||
329 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 330 continue;
331
73d1df2a
MH		 332 /* Devices marked as raw-only are neither configured
333 * nor unconfigured controllers.
334 */
335 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 336 continue;
337
73d1df2a 338 if (d->dev_type == HCI_BREDR &&
d7a5a11d 339 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 340 rp->index[count++] = cpu_to_le16(d->id);
341 BT_DBG("Added hci%u", d->id);
342 }
faba42eb
JH		 343 }
344
476e44cb
JH		 345 rp->num_controllers = cpu_to_le16(count);
346 rp_len = sizeof(*rp) + (2 * count);
347
faba42eb
JH		 348 read_unlock(&hci_dev_list_lock);
349
2a1afb5a
JH		 350 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
351 0, rp, rp_len);
faba42eb 352
a38528f1
JH		 353 kfree(rp);
354
355 return err;
faba42eb
JH		 356}
357
73d1df2a
MH		 358static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
359 void *data, u16 data_len)
360{
361 struct mgmt_rp_read_unconf_index_list *rp;
362 struct hci_dev *d;
363 size_t rp_len;
364 u16 count;
365 int err;
366
367 BT_DBG("sock %p", sk);
368
369 read_lock(&hci_dev_list_lock);
370
371 count = 0;
372 list_for_each_entry(d, &hci_dev_list, list) {
373 if (d->dev_type == HCI_BREDR &&
d7a5a11d 374 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 375 count++;
376 }
377
378 rp_len = sizeof(*rp) + (2 * count);
379 rp = kmalloc(rp_len, GFP_ATOMIC);
380 if (!rp) {
381 read_unlock(&hci_dev_list_lock);
382 return -ENOMEM;
383 }
384
385 count = 0;
386 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 387 if (hci_dev_test_flag(d, HCI_SETUP) ||
388 hci_dev_test_flag(d, HCI_CONFIG) ||
389 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 390 continue;
391
392 /* Devices marked as raw-only are neither configured
393 * nor unconfigured controllers.
394 */
395 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
396 continue;
397
398 if (d->dev_type == HCI_BREDR &&
d7a5a11d 399 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 400 rp->index[count++] = cpu_to_le16(d->id);
401 BT_DBG("Added hci%u", d->id);
402 }
403 }
404
405 rp->num_controllers = cpu_to_le16(count);
406 rp_len = sizeof(*rp) + (2 * count);
407
408 read_unlock(&hci_dev_list_lock);
409
2a1afb5a
JH		 410 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
411 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 412
413 kfree(rp);
414
415 return err;
416}
417
96f1474a
MH		 418static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
419 void *data, u16 data_len)
420{
421 struct mgmt_rp_read_ext_index_list *rp;
422 struct hci_dev *d;
423 size_t rp_len;
424 u16 count;
425 int err;
426
427 BT_DBG("sock %p", sk);
428
429 read_lock(&hci_dev_list_lock);
430
431 count = 0;
432 list_for_each_entry(d, &hci_dev_list, list) {
433 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
434 count++;
435 }
436
437 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
438 rp = kmalloc(rp_len, GFP_ATOMIC);
439 if (!rp) {
440 read_unlock(&hci_dev_list_lock);
441 return -ENOMEM;
442 }
443
444 count = 0;
445 list_for_each_entry(d, &hci_dev_list, list) {
446 if (hci_dev_test_flag(d, HCI_SETUP) ||
447 hci_dev_test_flag(d, HCI_CONFIG) ||
448 hci_dev_test_flag(d, HCI_USER_CHANNEL))
449 continue;
450
451 /* Devices marked as raw-only are neither configured
452 * nor unconfigured controllers.
453 */
454 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
455 continue;
456
457 if (d->dev_type == HCI_BREDR) {
458 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
459 rp->entry[count].type = 0x01;
460 else
461 rp->entry[count].type = 0x00;
462 } else if (d->dev_type == HCI_AMP) {
463 rp->entry[count].type = 0x02;
464 } else {
465 continue;
466 }
467
468 rp->entry[count].bus = d->bus;
469 rp->entry[count++].index = cpu_to_le16(d->id);
470 BT_DBG("Added hci%u", d->id);
471 }
472
473 rp->num_controllers = cpu_to_le16(count);
474 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
475
476 read_unlock(&hci_dev_list_lock);
477
478 /* If this command is called at least once, then all the
479 * default index and unconfigured index events are disabled
480 * and from now on only extended index events are used.
481 */
482 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
483 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
484 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
485
486 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
487 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
488
489 kfree(rp);
490
491 return err;
492}
493
dbece37a
MH		 494static bool is_configured(struct hci_dev *hdev)
495{
496 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 497 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 498 return false;
499
500 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
501 !bacmp(&hdev->public_addr, BDADDR_ANY))
502 return false;
503
504 return true;
505}
506
89bc22d2
MH		 507static __le32 get_missing_options(struct hci_dev *hdev)
508{
509 u32 options = 0;
510
dbece37a 511 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 512 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 513 options |= MGMT_OPTION_EXTERNAL_CONFIG;
514
89bc22d2
MH		 515 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
516 !bacmp(&hdev->public_addr, BDADDR_ANY))
517 options |= MGMT_OPTION_PUBLIC_ADDRESS;
518
519 return cpu_to_le32(options);
520}
521
f4537c04
MH		 522static int new_options(struct hci_dev *hdev, struct sock *skip)
523{
524 __le32 options = get_missing_options(hdev);
525
f6b7712e
MH		 526 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
527 sizeof(options), skip);
f4537c04
MH		 528}
529
dbece37a
MH		 530static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
531{
532 __le32 options = get_missing_options(hdev);
533
2a1afb5a
JH		 534 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
535 sizeof(options));
dbece37a
MH		 536}
537
9fc3bfb6
MH		 538static int read_config_info(struct sock *sk, struct hci_dev *hdev,
539 void *data, u16 data_len)
540{
541 struct mgmt_rp_read_config_info rp;
89bc22d2 542 u32 options = 0;
9fc3bfb6
MH		 543
544 BT_DBG("sock %p %s", sk, hdev->name);
545
546 hci_dev_lock(hdev);
547
548 memset(&rp, 0, sizeof(rp));
549 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 550
eb1904f4
MH		 551 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
552 options |= MGMT_OPTION_EXTERNAL_CONFIG;
553
9fc3bfb6 554 if (hdev->set_bdaddr)
89bc22d2
MH		 555 options |= MGMT_OPTION_PUBLIC_ADDRESS;
556
557 rp.supported_options = cpu_to_le32(options);
558 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 559
560 hci_dev_unlock(hdev);
561
2a1afb5a
JH		 562 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
563 &rp, sizeof(rp));
9fc3bfb6
MH		 564}
565
69ab39ea
JH		 566static u32 get_supported_settings(struct hci_dev *hdev)
567{
568 u32 settings = 0;
569
570 settings |= MGMT_SETTING_POWERED;
b2939475 571 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 572 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 573 settings |= MGMT_SETTING_CONNECTABLE;
574 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 575
ed3fa31f 576 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 577 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
578 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 579 settings |= MGMT_SETTING_BREDR;
580 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 581
582 if (lmp_ssp_capable(hdev)) {
583 settings |= MGMT_SETTING_SSP;
584 settings |= MGMT_SETTING_HS;
585 }
e98d2ce2 586
05b3c3e7 587 if (lmp_sc_capable(hdev))
e98d2ce2 588 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 589 }
d7b7e796 590
eeca6f89 591 if (lmp_le_capable(hdev)) {
9d42820f 592 settings |= MGMT_SETTING_LE;
eeca6f89 593 settings |= MGMT_SETTING_ADVERTISING;
a3209694 594 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 595 settings |= MGMT_SETTING_PRIVACY;
93690c22 596 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 597 }
69ab39ea 598
eb1904f4
MH		 599 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
600 hdev->set_bdaddr)
9fc3bfb6
MH		 601 settings |= MGMT_SETTING_CONFIGURATION;
602
69ab39ea
JH		 603 return settings;
604}
605
606static u32 get_current_settings(struct hci_dev *hdev)
607{
608 u32 settings = 0;
609
f1f0eb02 610 if (hdev_is_powered(hdev))
f0d4b78a
MH		 611 settings |= MGMT_SETTING_POWERED;
612
d7a5a11d 613 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 614 settings |= MGMT_SETTING_CONNECTABLE;
615
d7a5a11d 616 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 617 settings |= MGMT_SETTING_FAST_CONNECTABLE;
618
d7a5a11d 619 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 620 settings |= MGMT_SETTING_DISCOVERABLE;
621
d7a5a11d 622 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 623 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 624
d7a5a11d 625 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 626 settings |= MGMT_SETTING_BREDR;
627
d7a5a11d 628 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 629 settings |= MGMT_SETTING_LE;
630
d7a5a11d 631 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 632 settings |= MGMT_SETTING_LINK_SECURITY;
633
d7a5a11d 634 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 635 settings |= MGMT_SETTING_SSP;
636
d7a5a11d 637 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 638 settings |= MGMT_SETTING_HS;
639
d7a5a11d 640 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 641 settings |= MGMT_SETTING_ADVERTISING;
642
d7a5a11d 643 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 644 settings |= MGMT_SETTING_SECURE_CONN;
645
d7a5a11d 646 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 647 settings |= MGMT_SETTING_DEBUG_KEYS;
648
d7a5a11d 649 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 650 settings |= MGMT_SETTING_PRIVACY;
651
93690c22
MH		 652 /* The current setting for static address has two purposes. The
653 * first is to indicate if the static address will be used and
654 * the second is to indicate if it is actually set.
655 *
656 * This means if the static address is not configured, this flag
657 * will never bet set. If the address is configured, then if the
658 * address is actually used decides if the flag is set or not.
659 *
660 * For single mode LE only controllers and dual-mode controllers
661 * with BR/EDR disabled, the existence of the static address will
662 * be evaluated.
663 */
b7cb93e5 664 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 665 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 666 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
667 if (bacmp(&hdev->static_addr, BDADDR_ANY))
668 settings |= MGMT_SETTING_STATIC_ADDRESS;
669 }
670
69ab39ea
JH		 671 return settings;
672}
673
ef580372
JH		 674#define PNP_INFO_SVCLASS_ID 0x1200
675
213202ed
JH		 676static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
677{
678 u8 *ptr = data, *uuids_start = NULL;
679 struct bt_uuid *uuid;
680
681 if (len < 4)
682 return ptr;
683
684 list_for_each_entry(uuid, &hdev->uuids, list) {
685 u16 uuid16;
686
687 if (uuid->size != 16)
688 continue;
689
690 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
691 if (uuid16 < 0x1100)
692 continue;
693
694 if (uuid16 == PNP_INFO_SVCLASS_ID)
695 continue;
696
697 if (!uuids_start) {
698 uuids_start = ptr;
699 uuids_start[0] = 1;
700 uuids_start[1] = EIR_UUID16_ALL;
701 ptr += 2;
702 }
703
704 /* Stop if not enough space to put next UUID */
705 if ((ptr - data) + sizeof(u16) > len) {
706 uuids_start[1] = EIR_UUID16_SOME;
707 break;
708 }
709
710 *ptr++ = (uuid16 & 0x00ff);
711 *ptr++ = (uuid16 & 0xff00) >> 8;
712 uuids_start[0] += sizeof(uuid16);
713 }
714
715 return ptr;
716}
717
cdf1963f
JH		 718static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
719{
720 u8 *ptr = data, *uuids_start = NULL;
721 struct bt_uuid *uuid;
722
723 if (len < 6)
724 return ptr;
725
726 list_for_each_entry(uuid, &hdev->uuids, list) {
727 if (uuid->size != 32)
728 continue;
729
730 if (!uuids_start) {
731 uuids_start = ptr;
732 uuids_start[0] = 1;
733 uuids_start[1] = EIR_UUID32_ALL;
734 ptr += 2;
735 }
736
737 /* Stop if not enough space to put next UUID */
738 if ((ptr - data) + sizeof(u32) > len) {
739 uuids_start[1] = EIR_UUID32_SOME;
740 break;
741 }
742
743 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
744 ptr += sizeof(u32);
745 uuids_start[0] += sizeof(u32);
746 }
747
748 return ptr;
749}
750
c00d575b
JH		 751static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
752{
753 u8 *ptr = data, *uuids_start = NULL;
754 struct bt_uuid *uuid;
755
756 if (len < 18)
757 return ptr;
758
759 list_for_each_entry(uuid, &hdev->uuids, list) {
760 if (uuid->size != 128)
761 continue;
762
763 if (!uuids_start) {
764 uuids_start = ptr;
765 uuids_start[0] = 1;
766 uuids_start[1] = EIR_UUID128_ALL;
767 ptr += 2;
768 }
769
770 /* Stop if not enough space to put next UUID */
771 if ((ptr - data) + 16 > len) {
772 uuids_start[1] = EIR_UUID128_SOME;
773 break;
774 }
775
776 memcpy(ptr, uuid->uuid, 16);
777 ptr += 16;
778 uuids_start[0] += 16;
779 }
780
781 return ptr;
782}
783
333ae95d
JH		 784static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
785{
786 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
787}
788
333ae95d
JH		 789static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
790 struct hci_dev *hdev,
791 const void *data)
792{
793 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
794}
795
4117ed70 796static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
f14d8f64 797{
7a5f4990
MH		 798 u8 ad_len = 0;
799 size_t name_len;
800
801 name_len = strlen(hdev->dev_name);
802 if (name_len > 0) {
803 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
804
805 if (name_len > max_len) {
806 name_len = max_len;
807 ptr[1] = EIR_NAME_SHORT;
808 } else
809 ptr[1] = EIR_NAME_COMPLETE;
810
811 ptr[0] = name_len + 1;
812
813 memcpy(ptr + 2, hdev->dev_name, name_len);
814
815 ad_len += (name_len + 2);
816 ptr += (name_len + 2);
817 }
818
819 return ad_len;
f14d8f64
MH		 820}
821
4117ed70
AU		 822static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
823{
824 /* TODO: Set the appropriate entries based on advertising instance flags
825 * here once flags other than 0 are supported.
826 */
827 memcpy(ptr, hdev->adv_instance.scan_rsp_data,
828 hdev->adv_instance.scan_rsp_len);
829
830 return hdev->adv_instance.scan_rsp_len;
831}
832
833static void update_scan_rsp_data_for_instance(struct hci_request *req,
834 u8 instance)
f14d8f64
MH		 835{
836 struct hci_dev *hdev = req->hdev;
837 struct hci_cp_le_set_scan_rsp_data cp;
838 u8 len;
839
d7a5a11d 840 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
f14d8f64
MH		 841 return;
842
843 memset(&cp, 0, sizeof(cp));
844
4117ed70
AU		 845 if (instance)
846 len = create_instance_scan_rsp_data(hdev, cp.data);
847 else
848 len = create_default_scan_rsp_data(hdev, cp.data);
f14d8f64 849
eb438b5f 850 if (hdev->scan_rsp_data_len == len &&
4117ed70 851 !memcmp(cp.data, hdev->scan_rsp_data, len))
f14d8f64
MH		 852 return;
853
eb438b5f
JH		 854 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
855 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 856
857 cp.length = len;
858
859 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
860}
861
4117ed70
AU		 862static void update_scan_rsp_data(struct hci_request *req)
863{
864 struct hci_dev *hdev = req->hdev;
865 u8 instance;
866
867 /* The "Set Advertising" setting supersedes the "Add Advertising"
868 * setting. Here we set the scan response data based on which
869 * setting was set. When neither apply, default to the global settings,
870 * represented by instance "0".
871 */
872 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
873 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
874 instance = 0x01;
875 else
876 instance = 0x00;
877
878 update_scan_rsp_data_for_instance(req, instance);
879}
880
9a43e25f
JH		 881static u8 get_adv_discov_flags(struct hci_dev *hdev)
882{
3b0602cd 883 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 884
885 /* If there's a pending mgmt command the flags will not yet have
886 * their final values, so check for this first.
887 */
333ae95d 888 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 889 if (cmd) {
890 struct mgmt_mode *cp = cmd->param;
891 if (cp->val == 0x01)
892 return LE_AD_GENERAL;
893 else if (cp->val == 0x02)
894 return LE_AD_LIMITED;
895 } else {
d7a5a11d 896 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 897 return LE_AD_LIMITED;
d7a5a11d 898 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 899 return LE_AD_GENERAL;
900 }
901
902 return 0;
903}
904
24b4f38f 905static u8 create_default_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 906{
907 u8 ad_len = 0, flags = 0;
441ad2d0 908
9a43e25f 909 flags |= get_adv_discov_flags(hdev);
441ad2d0 910
d7a5a11d 911 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
441ad2d0 912 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 913
914 if (flags) {
915 BT_DBG("adv flags 0x%02x", flags);
916
917 ptr[0] = 2;
918 ptr[1] = EIR_FLAGS;
919 ptr[2] = flags;
920
921 ad_len += 3;
922 ptr += 3;
923 }
924
925 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
926 ptr[0] = 2;
927 ptr[1] = EIR_TX_POWER;
928 ptr[2] = (u8) hdev->adv_tx_power;
929
930 ad_len += 3;
931 ptr += 3;
932 }
933
441ad2d0
MH		 934 return ad_len;
935}
936
24b4f38f
AU		 937static u8 create_instance_adv_data(struct hci_dev *hdev, u8 *ptr)
938{
939 /* TODO: Set the appropriate entries based on advertising instance flags
940 * here once flags other than 0 are supported.
941 */
942 memcpy(ptr, hdev->adv_instance.adv_data,
943 hdev->adv_instance.adv_data_len);
944
945 return hdev->adv_instance.adv_data_len;
946}
947
948static void update_adv_data_for_instance(struct hci_request *req, u8 instance)
441ad2d0
MH		 949{
950 struct hci_dev *hdev = req->hdev;
951 struct hci_cp_le_set_adv_data cp;
952 u8 len;
953
d7a5a11d 954 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
441ad2d0
MH		 955 return;
956
957 memset(&cp, 0, sizeof(cp));
958
24b4f38f
AU		 959 if (instance)
960 len = create_instance_adv_data(hdev, cp.data);
961 else
962 len = create_default_adv_data(hdev, cp.data);
441ad2d0 963
24b4f38f 964 /* There's nothing to do if the data hasn't changed */
441ad2d0
MH		 965 if (hdev->adv_data_len == len &&
966 memcmp(cp.data, hdev->adv_data, len) == 0)
967 return;
968
969 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
970 hdev->adv_data_len = len;
971
972 cp.length = len;
973
974 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
975}
976
24b4f38f
AU		 977static void update_adv_data(struct hci_request *req)
978{
979 struct hci_dev *hdev = req->hdev;
980 u8 instance;
981
982 /* The "Set Advertising" setting supersedes the "Add Advertising"
983 * setting. Here we set the advertising data based on which
984 * setting was set. When neither apply, default to the global settings,
985 * represented by instance "0".
986 */
987 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
988 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
989 instance = 0x01;
990 else
991 instance = 0x00;
992
993 update_adv_data_for_instance(req, instance);
994}
995
bc6d2d04
JH		 996int mgmt_update_adv_data(struct hci_dev *hdev)
997{
998 struct hci_request req;
999
1000 hci_req_init(&req, hdev);
1001 update_adv_data(&req);
1002
1003 return hci_req_run(&req, NULL);
1004}
1005
ef580372
JH		 1006static void create_eir(struct hci_dev *hdev, u8 *data)
1007{
1008 u8 *ptr = data;
ef580372
JH		 1009 size_t name_len;
1010
1011 name_len = strlen(hdev->dev_name);
1012
1013 if (name_len > 0) {
1014 /* EIR Data type */
1015 if (name_len > 48) {
1016 name_len = 48;
1017 ptr[1] = EIR_NAME_SHORT;
1018 } else
1019 ptr[1] = EIR_NAME_COMPLETE;
1020
1021 /* EIR Data length */
1022 ptr[0] = name_len + 1;
1023
1024 memcpy(ptr + 2, hdev->dev_name, name_len);
1025
ef580372
JH		 1026 ptr += (name_len + 2);
1027 }
1028
bbaf444a 1029 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 1030 ptr[0] = 2;
1031 ptr[1] = EIR_TX_POWER;
1032 ptr[2] = (u8) hdev->inq_tx_power;
1033
91c4e9b1
MH		 1034 ptr += 3;
1035 }
1036
2b9be137
MH		 1037 if (hdev->devid_source > 0) {
1038 ptr[0] = 9;
1039 ptr[1] = EIR_DEVICE_ID;
1040
1041 put_unaligned_le16(hdev->devid_source, ptr + 2);
1042 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1043 put_unaligned_le16(hdev->devid_product, ptr + 6);
1044 put_unaligned_le16(hdev->devid_version, ptr + 8);
1045
2b9be137
MH		 1046 ptr += 10;
1047 }
1048
213202ed 1049 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 1050 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 1051 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 1052}
1053
890ea898 1054static void update_eir(struct hci_request *req)
ef580372 1055{
890ea898 1056 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1057 struct hci_cp_write_eir cp;
1058
504c8dcd 1059 if (!hdev_is_powered(hdev))
890ea898 1060 return;
7770c4aa 1061
976eb20e 1062 if (!lmp_ext_inq_capable(hdev))
890ea898 1063 return;
ef580372 1064
d7a5a11d 1065 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
890ea898 1066 return;
ef580372 1067
d7a5a11d 1068 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1069 return;
ef580372
JH		 1070
1071 memset(&cp, 0, sizeof(cp));
1072
1073 create_eir(hdev, cp.data);
1074
1075 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 1076 return;
ef580372
JH		 1077
1078 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1079
890ea898 1080 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 1081}
1082
1083static u8 get_service_classes(struct hci_dev *hdev)
1084{
1085 struct bt_uuid *uuid;
1086 u8 val = 0;
1087
1088 list_for_each_entry(uuid, &hdev->uuids, list)
1089 val |= uuid->svc_hint;
1090
1091 return val;
1092}
1093
890ea898 1094static void update_class(struct hci_request *req)
ef580372 1095{
890ea898 1096 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1097 u8 cod[3];
1098
1099 BT_DBG("%s", hdev->name);
1100
504c8dcd 1101 if (!hdev_is_powered(hdev))
890ea898 1102 return;
7770c4aa 1103
d7a5a11d 1104 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
f87ea1da
JH		 1105 return;
1106
d7a5a11d 1107 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1108 return;
ef580372
JH		 1109
1110 cod[0] = hdev->minor_class;
1111 cod[1] = hdev->major_class;
1112 cod[2] = get_service_classes(hdev);
1113
d7a5a11d 1114 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
6acd7db4
MH		 1115 cod[1] |= 0x20;
1116
ef580372 1117 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1118 return;
ef580372 1119
890ea898 1120 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1121}
1122
a4858cb9 1123static bool get_connectable(struct hci_dev *hdev)
199a2fb1 1124{
3b0602cd 1125 struct mgmt_pending_cmd *cmd;
199a2fb1
JH		 1126
1127 /* If there's a pending mgmt command the flag will not yet have
1128 * it's final value, so check for this first.
1129 */
333ae95d 1130 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
199a2fb1
JH		 1131 if (cmd) {
1132 struct mgmt_mode *cp = cmd->param;
a4858cb9 1133 return cp->val;
199a2fb1
JH		 1134 }
1135
d7a5a11d 1136 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
199a2fb1
JH		 1137}
1138
0ec5ae84
JH		 1139static void disable_advertising(struct hci_request *req)
1140{
1141 u8 enable = 0x00;
1142
1143 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1144}
1145
199a2fb1
JH		 1146static void enable_advertising(struct hci_request *req)
1147{
1148 struct hci_dev *hdev = req->hdev;
1149 struct hci_cp_le_set_adv_param cp;
8f2a0601 1150 u8 own_addr_type, enable = 0x01;
a4858cb9 1151 bool connectable;
199a2fb1 1152
0ec5ae84
JH		 1153 if (hci_conn_num(hdev, LE_LINK) > 0)
1154 return;
1155
d7a5a11d 1156 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
0ec5ae84
JH		 1157 disable_advertising(req);
1158
5ce194c4 1159 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1160 * hci_update_random_address knows that it's safe to go ahead
1161 * and write a new random address. The flag will be set back on
1162 * as soon as the SET_ADV_ENABLE HCI command completes.
1163 */
a358dc11 1164 hci_dev_clear_flag(hdev, HCI_LE_ADV);
8d97250e 1165
d7a5a11d 1166 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
cc91cb04
MH		 1167 connectable = true;
1168 else
1169 connectable = get_connectable(hdev);
8f2a0601 1170
a4858cb9
JH		 1171 /* Set require_privacy to true only when non-connectable
1172 * advertising is used. In that case it is fine to use a
1173 * non-resolvable private address.
1174 */
1175 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1176 return;
1177
41c90c18 1178 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1179 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1180 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1181 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1182 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1183 cp.channel_map = hdev->le_adv_channel_map;
1184
1185 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1186
1187 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1188}
1189
7d78525d
JH		 1190static void service_cache_off(struct work_struct *work)
1191{
1192 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1193 service_cache.work);
890ea898 1194 struct hci_request req;
7d78525d 1195
a69d8927 1196 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 1197 return;
1198
890ea898
JH		 1199 hci_req_init(&req, hdev);
1200
7d78525d
JH		 1201 hci_dev_lock(hdev);
1202
890ea898
JH		 1203 update_eir(&req);
1204 update_class(&req);
7d78525d
JH		 1205
1206 hci_dev_unlock(hdev);
890ea898
JH		 1207
1208 hci_req_run(&req, NULL);
7d78525d
JH		 1209}
1210
d6bfd59c
JH		 1211static void rpa_expired(struct work_struct *work)
1212{
1213 struct hci_dev *hdev = container_of(work, struct hci_dev,
1214 rpa_expired.work);
1215 struct hci_request req;
1216
1217 BT_DBG("");
1218
a1536da2 1219 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 1220
d7a5a11d 1221 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 1222 return;
1223
1224 /* The generation of a new RPA and programming it into the
1225 * controller happens in the enable_advertising() function.
1226 */
d6bfd59c 1227 hci_req_init(&req, hdev);
d6bfd59c 1228 enable_advertising(&req);
d6bfd59c
JH		 1229 hci_req_run(&req, NULL);
1230}
1231
6a919082 1232static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1233{
238be788 1234 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 1235 return;
1236
4f87da80 1237 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1238 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1239
4f87da80
JH		 1240 /* Non-mgmt controlled devices get this bit set
1241 * implicitly so that pairing works for them, however
1242 * for mgmt we require user-space to explicitly enable
1243 * it
1244 */
a358dc11 1245 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 1246}
1247
0f4e68cf 1248static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1249 void *data, u16 data_len)
0381101f 1250{
a38528f1 1251 struct mgmt_rp_read_info rp;
f7b64e69 1252
bdb6d971 1253 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1254
09fd0de5 1255 hci_dev_lock(hdev);
f7b64e69 1256
dc4fe30b
JH		 1257 memset(&rp, 0, sizeof(rp));
1258
69ab39ea 1259 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1260
69ab39ea 1261 rp.version = hdev->hci_ver;
eb55ef07 1262 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1263
1264 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1265 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1266
a38528f1 1267 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1268
dc4fe30b 1269 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1270 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1271
09fd0de5 1272 hci_dev_unlock(hdev);
0381101f 1273
2a1afb5a
JH		 1274 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1275 sizeof(rp));
0381101f
JH		 1276}
1277
69ab39ea 1278static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1279{
69ab39ea 1280 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1281
2a1afb5a
JH		 1282 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1283 sizeof(settings));
8680570b
JH		 1284}
1285
1904a853 1286static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1287{
1288 BT_DBG("%s status 0x%02x", hdev->name, status);
1289
a3172b7e
JH		 1290 if (hci_conn_count(hdev) == 0) {
1291 cancel_delayed_work(&hdev->power_off);
8b064a3a 1292 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1293 }
8b064a3a
JH		 1294}
1295
23a48093 1296static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1297{
1298 struct hci_dev *hdev = req->hdev;
1299 struct hci_cp_remote_name_req_cancel cp;
1300 struct inquiry_entry *e;
1301
1302 switch (hdev->discovery.state) {
1303 case DISCOVERY_FINDING:
07d2334a 1304 if (test_bit(HCI_INQUIRY, &hdev->flags))
21a60d30 1305 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
07d2334a
JP		 1306
1307 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
21a60d30
JH		 1308 cancel_delayed_work(&hdev->le_scan_disable);
1309 hci_req_add_le_scan_disable(req);
1310 }
1311
23a48093 1312 return true;
21a60d30
JH		 1313
1314 case DISCOVERY_RESOLVING:
1315 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1316 NAME_PENDING);
1317 if (!e)
23a48093 1318 break;
21a60d30
JH		 1319
1320 bacpy(&cp.bdaddr, &e->data.bdaddr);
1321 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1322 &cp);
1323
23a48093 1324 return true;
21a60d30
JH		 1325
1326 default:
1327 /* Passive scanning */
d7a5a11d 1328 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
21a60d30 1329 hci_req_add_le_scan_disable(req);
23a48093
JH		 1330 return true;
1331 }
1332
21a60d30
JH		 1333 break;
1334 }
23a48093
JH		 1335
1336 return false;
21a60d30
JH		 1337}
1338
912098a6
AU		 1339static void advertising_added(struct sock *sk, struct hci_dev *hdev,
1340 u8 instance)
1341{
1342 struct mgmt_ev_advertising_added ev;
1343
1344 ev.instance = instance;
1345
1346 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1347}
1348
1349static void advertising_removed(struct sock *sk, struct hci_dev *hdev,
1350 u8 instance)
1351{
1352 struct mgmt_ev_advertising_removed ev;
1353
1354 ev.instance = instance;
1355
1356 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1357}
1358
1359static void clear_adv_instance(struct hci_dev *hdev)
1360{
1361 struct hci_request req;
1362
1363 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
1364 return;
1365
1366 if (hdev->adv_instance.timeout)
1367 cancel_delayed_work(&hdev->adv_instance.timeout_exp);
1368
1369 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
1370 advertising_removed(NULL, hdev, 1);
1371 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
1372
1373 if (!hdev_is_powered(hdev) ||
1374 hci_dev_test_flag(hdev, HCI_ADVERTISING))
1375 return;
1376
1377 hci_req_init(&req, hdev);
1378 disable_advertising(&req);
1379 hci_req_run(&req, NULL);
1380}
1381
8b064a3a
JH		 1382static int clean_up_hci_state(struct hci_dev *hdev)
1383{
1384 struct hci_request req;
1385 struct hci_conn *conn;
23a48093
JH		 1386 bool discov_stopped;
1387 int err;
8b064a3a
JH		 1388
1389 hci_req_init(&req, hdev);
1390
1391 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1392 test_bit(HCI_PSCAN, &hdev->flags)) {
1393 u8 scan = 0x00;
1394 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1395 }
1396
912098a6
AU		 1397 if (hdev->adv_instance.timeout)
1398 clear_adv_instance(hdev);
1399
d7a5a11d 1400 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
8b064a3a
JH		 1401 disable_advertising(&req);
1402
23a48093 1403 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1404
1405 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1406 struct hci_cp_disconnect dc;
c9910d0f
JH		 1407 struct hci_cp_reject_conn_req rej;
1408
1409 switch (conn->state) {
1410 case BT_CONNECTED:
1411 case BT_CONFIG:
1412 dc.handle = cpu_to_le16(conn->handle);
1413 dc.reason = 0x15; /* Terminated due to Power Off */
1414 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1415 break;
1416 case BT_CONNECT:
1417 if (conn->type == LE_LINK)
1418 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1419 0, NULL);
1420 else if (conn->type == ACL_LINK)
1421 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1422 6, &conn->dst);
1423 break;
1424 case BT_CONNECT2:
1425 bacpy(&rej.bdaddr, &conn->dst);
1426 rej.reason = 0x15; /* Terminated due to Power Off */
1427 if (conn->type == ACL_LINK)
1428 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1429 sizeof(rej), &rej);
1430 else if (conn->type == SCO_LINK)
1431 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1432 sizeof(rej), &rej);
1433 break;
1434 }
8b064a3a
JH		 1435 }
1436
23a48093
JH		 1437 err = hci_req_run(&req, clean_up_hci_complete);
1438 if (!err && discov_stopped)
1439 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1440
1441 return err;
8b064a3a
JH		 1442}
1443
bdb6d971 1444static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1445 u16 len)
eec8d2bc 1446{
650f726d 1447 struct mgmt_mode *cp = data;
3b0602cd 1448 struct mgmt_pending_cmd *cmd;
4b34ee78 1449 int err;
eec8d2bc 1450
bdb6d971 1451 BT_DBG("request for %s", hdev->name);
eec8d2bc 1452
a7e80f25 1453 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1454 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1455 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1456
09fd0de5 1457 hci_dev_lock(hdev);
eec8d2bc 1458
333ae95d 1459 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1460 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1461 MGMT_STATUS_BUSY);
87b95ba6
JH		 1462 goto failed;
1463 }
1464
a69d8927 1465 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
f0d4b78a
MH		 1466 cancel_delayed_work(&hdev->power_off);
1467
1468 if (cp->val) {
a1d70450
JH		 1469 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1470 data, len);
1471 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1472 goto failed;
1473 }
1474 }
1475
4b34ee78 1476 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1477 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1478 goto failed;
1479 }
1480
2e58ef3e 1481 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1482 if (!cmd) {
1483 err = -ENOMEM;
eec8d2bc 1484 goto failed;
366a0336 1485 }
eec8d2bc 1486
8b064a3a 1487 if (cp->val) {
19202573 1488 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1489 err = 0;
1490 } else {
1491 /* Disconnect connections, stop scans, etc */
1492 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1493 if (!err)
1494 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1495 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1496
8b064a3a
JH		 1497 /* ENODATA means there were no HCI commands queued */
1498 if (err == -ENODATA) {
a3172b7e 1499 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1500 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1501 err = 0;
1502 }
1503 }
eec8d2bc
JH		 1504
1505failed:
09fd0de5 1506 hci_dev_unlock(hdev);
366a0336 1507 return err;
eec8d2bc
JH		 1508}
1509
beadb2bd
JH		 1510static int new_settings(struct hci_dev *hdev, struct sock *skip)
1511{
f6b7712e 1512 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1513
f6b7712e
MH		 1514 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1515 sizeof(ev), skip);
beadb2bd
JH		 1516}
1517
91a668b0
JH		 1518int mgmt_new_settings(struct hci_dev *hdev)
1519{
1520 return new_settings(hdev, NULL);
1521}
1522
bd99abdd
JH		 1523struct cmd_lookup {
1524 struct sock *sk;
1525 struct hci_dev *hdev;
1526 u8 mgmt_status;
1527};
1528
3b0602cd 1529static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1530{
1531 struct cmd_lookup *match = data;
1532
1533 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1534
1535 list_del(&cmd->list);
1536
1537 if (match->sk == NULL) {
1538 match->sk = cmd->sk;
1539 sock_hold(match->sk);
1540 }
1541
1542 mgmt_pending_free(cmd);
1543}
1544
3b0602cd 1545static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1546{
1547 u8 *status = data;
1548
a69e8375 1549 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1550 mgmt_pending_remove(cmd);
1551}
1552
3b0602cd 1553static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1554{
1555 if (cmd->cmd_complete) {
1556 u8 *status = data;
1557
1558 cmd->cmd_complete(cmd, *status);
1559 mgmt_pending_remove(cmd);
1560
1561 return;
1562 }
1563
1564 cmd_status_rsp(cmd, data);
1565}
1566
3b0602cd 1567static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1568{
2a1afb5a
JH		 1569 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1570 cmd->param, cmd->param_len);
f5818c22
JH		 1571}
1572
3b0602cd 1573static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1574{
2a1afb5a
JH		 1575 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1576 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1577}
1578
e6fe7986
JH		 1579static u8 mgmt_bredr_support(struct hci_dev *hdev)
1580{
1581 if (!lmp_bredr_capable(hdev))
1582 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1583 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1584 return MGMT_STATUS_REJECTED;
1585 else
1586 return MGMT_STATUS_SUCCESS;
1587}
1588
1589static u8 mgmt_le_support(struct hci_dev *hdev)
1590{
1591 if (!lmp_le_capable(hdev))
1592 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1593 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1594 return MGMT_STATUS_REJECTED;
1595 else
1596 return MGMT_STATUS_SUCCESS;
1597}
1598
1904a853
MH		 1599static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1600 u16 opcode)
bfaf8c9f 1601{
3b0602cd 1602 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1603 struct mgmt_mode *cp;
970ba524 1604 struct hci_request req;
bfaf8c9f
JH		 1605 bool changed;
1606
1607 BT_DBG("status 0x%02x", status);
1608
1609 hci_dev_lock(hdev);
1610
333ae95d 1611 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1612 if (!cmd)
1613 goto unlock;
1614
1615 if (status) {
1616 u8 mgmt_err = mgmt_status(status);
a69e8375 1617 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1618 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1619 goto remove_cmd;
1620 }
1621
1622 cp = cmd->param;
d4462a07 1623 if (cp->val) {
238be788 1624 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
d4462a07
MH		 1625
1626 if (hdev->discov_timeout > 0) {
1627 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1628 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1629 to);
1630 }
1631 } else {
a69d8927 1632 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
d4462a07 1633 }
bfaf8c9f
JH		 1634
1635 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1636
1637 if (changed)
1638 new_settings(hdev, cmd->sk);
1639
970ba524
MH		 1640 /* When the discoverable mode gets changed, make sure
1641 * that class of device has the limited discoverable
432df05e
JH		 1642 * bit correctly set. Also update page scan based on whitelist
1643 * entries.
970ba524
MH		 1644 */
1645 hci_req_init(&req, hdev);
1d2dc5b7 1646 __hci_update_page_scan(&req);
970ba524
MH		 1647 update_class(&req);
1648 hci_req_run(&req, NULL);
1649
bfaf8c9f
JH		 1650remove_cmd:
1651 mgmt_pending_remove(cmd);
1652
1653unlock:
1654 hci_dev_unlock(hdev);
1655}
1656
bdb6d971 1657static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1658 u16 len)
73f22f62 1659{
650f726d 1660 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1661 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1662 struct hci_request req;
5e5282bb 1663 u16 timeout;
9a43e25f 1664 u8 scan;
73f22f62
JH		 1665 int err;
1666
bdb6d971 1667 BT_DBG("request for %s", hdev->name);
73f22f62 1668
d7a5a11d
MH		 1669 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1670 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1671 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1672 MGMT_STATUS_REJECTED);
33c525c0 1673
310a3d48 1674 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1675 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1676 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1677
1f350c87 1678 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1679
1680 /* Disabling discoverable requires that no timeout is set,
1681 * and enabling limited discoverable requires a timeout.
1682 */
1683 if ((cp->val == 0x00 && timeout > 0) ||
1684 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1685 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1686 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1687
09fd0de5 1688 hci_dev_lock(hdev);
73f22f62 1689
5e5282bb 1690 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1691 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1692 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1693 goto failed;
1694 }
1695
333ae95d
JH		 1696 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1697 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1698 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1699 MGMT_STATUS_BUSY);
73f22f62
JH		 1700 goto failed;
1701 }
1702
d7a5a11d 1703 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1704 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1705 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1706 goto failed;
1707 }
1708
1709 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1710 bool changed = false;
1711
310a3d48
MH		 1712 /* Setting limited discoverable when powered off is
1713 * not a valid operation since it requires a timeout
1714 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1715 */
d7a5a11d 1716 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1717 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1718 changed = true;
1719 }
1720
5e5282bb 1721 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1722 if (err < 0)
1723 goto failed;
1724
1725 if (changed)
1726 err = new_settings(hdev, sk);
1727
5e5282bb
JH		 1728 goto failed;
1729 }
1730
310a3d48
MH		 1731 /* If the current mode is the same, then just update the timeout
1732 * value with the new value. And if only the timeout gets updated,
1733 * then no need for any HCI transactions.
1734 */
d7a5a11d
MH		 1735 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1736 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1737 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1738 cancel_delayed_work(&hdev->discov_off);
1739 hdev->discov_timeout = timeout;
955638ec 1740
36261547
MH		 1741 if (cp->val && hdev->discov_timeout > 0) {
1742 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1743 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1744 to);
955638ec
MH		 1745 }
1746
69ab39ea 1747 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1748 goto failed;
1749 }
1750
2e58ef3e 1751 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1752 if (!cmd) {
1753 err = -ENOMEM;
73f22f62 1754 goto failed;
366a0336 1755 }
73f22f62 1756
310a3d48
MH		 1757 /* Cancel any potential discoverable timeout that might be
1758 * still active and store new timeout value. The arming of
1759 * the timeout happens in the complete handler.
1760 */
1761 cancel_delayed_work(&hdev->discov_off);
1762 hdev->discov_timeout = timeout;
1763
b456f87c
JH		 1764 /* Limited discoverable mode */
1765 if (cp->val == 0x02)
a1536da2 1766 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1767 else
a358dc11 1768 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1769
bfaf8c9f
JH		 1770 hci_req_init(&req, hdev);
1771
9a43e25f
JH		 1772 /* The procedure for LE-only controllers is much simpler - just
1773 * update the advertising data.
1774 */
d7a5a11d 1775 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
9a43e25f
JH		 1776 goto update_ad;
1777
73f22f62
JH		 1778 scan = SCAN_PAGE;
1779
310a3d48
MH		 1780 if (cp->val) {
1781 struct hci_cp_write_current_iac_lap hci_cp;
1782
1783 if (cp->val == 0x02) {
1784 /* Limited discoverable mode */
33337dcb 1785 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1786 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1787 hci_cp.iac_lap[1] = 0x8b;
1788 hci_cp.iac_lap[2] = 0x9e;
1789 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1790 hci_cp.iac_lap[4] = 0x8b;
1791 hci_cp.iac_lap[5] = 0x9e;
1792 } else {
1793 /* General discoverable mode */
310a3d48
MH		 1794 hci_cp.num_iac = 1;
1795 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1796 hci_cp.iac_lap[1] = 0x8b;
1797 hci_cp.iac_lap[2] = 0x9e;
1798 }
1799
1800 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1801 (hci_cp.num_iac * 3) + 1, &hci_cp);
1802
73f22f62 1803 scan |= SCAN_INQUIRY;
310a3d48 1804 } else {
a358dc11 1805 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
310a3d48 1806 }
73f22f62 1807
310a3d48 1808 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1809
9a43e25f
JH		 1810update_ad:
1811 update_adv_data(&req);
1812
bfaf8c9f 1813 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1814 if (err < 0)
a664b5bc 1815 mgmt_pending_remove(cmd);
73f22f62
JH		 1816
1817failed:
09fd0de5 1818 hci_dev_unlock(hdev);
73f22f62
JH		 1819 return err;
1820}
1821
406d7804
JH		 1822static void write_fast_connectable(struct hci_request *req, bool enable)
1823{
bd98b996 1824 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1825 struct hci_cp_write_page_scan_activity acp;
1826 u8 type;
1827
d7a5a11d 1828 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
547003b1
JH		 1829 return;
1830
4c01f8b8
JH		 1831 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1832 return;
1833
406d7804
JH		 1834 if (enable) {
1835 type = PAGE_SCAN_TYPE_INTERLACED;
1836
1837 /* 160 msec page scan interval */
dcf4adbf 1838 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1839 } else {
1840 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1841
1842 /* default 1.28 sec page scan */
dcf4adbf 1843 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1844 }
1845
dcf4adbf 1846 acp.window = cpu_to_le16(0x0012);
406d7804 1847
bd98b996
JH		 1848 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1849 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1850 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1851 sizeof(acp), &acp);
1852
1853 if (hdev->page_scan_type != type)
1854 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1855}
1856
1904a853
MH		 1857static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1858 u16 opcode)
2b76f453 1859{
3b0602cd 1860 struct mgmt_pending_cmd *cmd;
d7b856f9 1861 struct mgmt_mode *cp;
bc6d2d04 1862 bool conn_changed, discov_changed;
2b76f453
JH		 1863
1864 BT_DBG("status 0x%02x", status);
1865
1866 hci_dev_lock(hdev);
1867
333ae95d 1868 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 1869 if (!cmd)
1870 goto unlock;
1871
37438c1f
JH		 1872 if (status) {
1873 u8 mgmt_err = mgmt_status(status);
a69e8375 1874 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1875 goto remove_cmd;
1876 }
1877
d7b856f9 1878 cp = cmd->param;
bc6d2d04 1879 if (cp->val) {
238be788
MH		 1880 conn_changed = !hci_dev_test_and_set_flag(hdev,
1881 HCI_CONNECTABLE);
bc6d2d04
JH		 1882 discov_changed = false;
1883 } else {
a69d8927
MH		 1884 conn_changed = hci_dev_test_and_clear_flag(hdev,
1885 HCI_CONNECTABLE);
1886 discov_changed = hci_dev_test_and_clear_flag(hdev,
1887 HCI_DISCOVERABLE);
bc6d2d04 1888 }
d7b856f9 1889
2b76f453
JH		 1890 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1891
bc6d2d04 1892 if (conn_changed || discov_changed) {
d7b856f9 1893 new_settings(hdev, cmd->sk);
1d2dc5b7 1894 hci_update_page_scan(hdev);
bc6d2d04
JH		 1895 if (discov_changed)
1896 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1897 hci_update_background_scan(hdev);
1898 }
d7b856f9 1899
37438c1f 1900remove_cmd:
2b76f453
JH		 1901 mgmt_pending_remove(cmd);
1902
1903unlock:
1904 hci_dev_unlock(hdev);
1905}
1906
e8ba3a1f
JH		 1907static int set_connectable_update_settings(struct hci_dev *hdev,
1908 struct sock *sk, u8 val)
1909{
1910 bool changed = false;
1911 int err;
1912
d7a5a11d 1913 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1914 changed = true;
1915
1916 if (val) {
a1536da2 1917 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1918 } else {
a358dc11
MH		 1919 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1920 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1921 }
1922
1923 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1924 if (err < 0)
1925 return err;
1926
562064e6 1927 if (changed) {
1d2dc5b7 1928 hci_update_page_scan(hdev);
562064e6 1929 hci_update_background_scan(hdev);
e8ba3a1f 1930 return new_settings(hdev, sk);
562064e6 1931 }
e8ba3a1f
JH		 1932
1933 return 0;
1934}
1935
bdb6d971 1936static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1937 u16 len)
9fbcbb45 1938{
650f726d 1939 struct mgmt_mode *cp = data;
3b0602cd 1940 struct mgmt_pending_cmd *cmd;
2b76f453 1941 struct hci_request req;
1987fdc7 1942 u8 scan;
9fbcbb45
JH		 1943 int err;
1944
bdb6d971 1945 BT_DBG("request for %s", hdev->name);
9fbcbb45 1946
d7a5a11d
MH		 1947 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1948 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1949 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1950 MGMT_STATUS_REJECTED);
33c525c0 1951
a7e80f25 1952 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1953 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1954 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1955
09fd0de5 1956 hci_dev_lock(hdev);
9fbcbb45 1957
4b34ee78 1958 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1959 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1960 goto failed;
1961 }
1962
333ae95d
JH		 1963 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1964 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1965 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1966 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1967 goto failed;
1968 }
1969
2e58ef3e 1970 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1971 if (!cmd) {
1972 err = -ENOMEM;
9fbcbb45 1973 goto failed;
366a0336 1974 }
9fbcbb45 1975
9b74246f 1976 hci_req_init(&req, hdev);
9fbcbb45 1977
9a43e25f
JH		 1978 /* If BR/EDR is not enabled and we disable advertising as a
1979 * by-product of disabling connectable, we need to update the
1980 * advertising flags.
1981 */
d7a5a11d 1982 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
9a43e25f 1983 if (!cp->val) {
a358dc11
MH		 1984 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1985 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
9a43e25f
JH		 1986 }
1987 update_adv_data(&req);
1988 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1989 if (cp->val) {
1990 scan = SCAN_PAGE;
1991 } else {
3bd27240
JH		 1992 /* If we don't have any whitelist entries just
1993 * disable all scanning. If there are entries
1994 * and we had both page and inquiry scanning
1995 * enabled then fall back to only page scanning.
1996 * Otherwise no changes are needed.
1997 */
1998 if (list_empty(&hdev->whitelist))
1999 scan = SCAN_DISABLED;
2000 else if (test_bit(HCI_ISCAN, &hdev->flags))
2001 scan = SCAN_PAGE;
2002 else
2003 goto no_scan_update;
9b74246f
JH		 2004
2005 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 2006 hdev->discov_timeout > 0)
9b74246f
JH		 2007 cancel_delayed_work(&hdev->discov_off);
2008 }
2b76f453 2009
9b74246f
JH		 2010 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2011 }
2b76f453 2012
3bd27240 2013no_scan_update:
e8b1202c 2014 /* Update the advertising parameters if necessary */
d7a5a11d 2015 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
1987fdc7 2016 enable_advertising(&req);
1987fdc7 2017
2b76f453 2018 err = hci_req_run(&req, set_connectable_complete);
9b74246f 2019 if (err < 0) {
a664b5bc 2020 mgmt_pending_remove(cmd);
9b74246f 2021 if (err == -ENODATA)
a81070ba
JH		 2022 err = set_connectable_update_settings(hdev, sk,
2023 cp->val);
9b74246f
JH		 2024 goto failed;
2025 }
9fbcbb45
JH		 2026
2027failed:
09fd0de5 2028 hci_dev_unlock(hdev);
9fbcbb45
JH		 2029 return err;
2030}
2031
b2939475 2032static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2033 u16 len)
c542a06c 2034{
650f726d 2035 struct mgmt_mode *cp = data;
55594356 2036 bool changed;
c542a06c
JH		 2037 int err;
2038
bdb6d971 2039 BT_DBG("request for %s", hdev->name);
c542a06c 2040
a7e80f25 2041 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2042 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2043 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2044
09fd0de5 2045 hci_dev_lock(hdev);
c542a06c
JH		 2046
2047 if (cp->val)
238be788 2048 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 2049 else
a69d8927 2050 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 2051
b2939475 2052 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 2053 if (err < 0)
55594356 2054 goto unlock;
c542a06c 2055
55594356
MH		 2056 if (changed)
2057 err = new_settings(hdev, sk);
c542a06c 2058
55594356 2059unlock:
09fd0de5 2060 hci_dev_unlock(hdev);
c542a06c
JH		 2061 return err;
2062}
2063
04124681
GP		 2064static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2065 u16 len)
33ef95ed
JH		 2066{
2067 struct mgmt_mode *cp = data;
3b0602cd 2068 struct mgmt_pending_cmd *cmd;
e6fe7986 2069 u8 val, status;
33ef95ed
JH		 2070 int err;
2071
bdb6d971 2072 BT_DBG("request for %s", hdev->name);
33ef95ed 2073
e6fe7986
JH		 2074 status = mgmt_bredr_support(hdev);
2075 if (status)
a69e8375
JH		 2076 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2077 status);
33c525c0 2078
a7e80f25 2079 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2080 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2081 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2082
33ef95ed
JH		 2083 hci_dev_lock(hdev);
2084
4b34ee78 2085 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2086 bool changed = false;
2087
d7a5a11d 2088 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 2089 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 2090 changed = true;
2091 }
2092
2093 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2094 if (err < 0)
2095 goto failed;
2096
2097 if (changed)
2098 err = new_settings(hdev, sk);
2099
33ef95ed
JH		 2100 goto failed;
2101 }
2102
333ae95d 2103 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 2104 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2105 MGMT_STATUS_BUSY);
33ef95ed
JH		 2106 goto failed;
2107 }
2108
2109 val = !!cp->val;
2110
2111 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2112 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2113 goto failed;
2114 }
2115
2116 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2117 if (!cmd) {
2118 err = -ENOMEM;
2119 goto failed;
2120 }
2121
2122 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2123 if (err < 0) {
2124 mgmt_pending_remove(cmd);
2125 goto failed;
2126 }
2127
2128failed:
2129 hci_dev_unlock(hdev);
33ef95ed
JH		 2130 return err;
2131}
2132
bdb6d971 2133static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2134{
2135 struct mgmt_mode *cp = data;
3b0602cd 2136 struct mgmt_pending_cmd *cmd;
72ef0c1a 2137 u8 status;
ed2c4ee3
JH		 2138 int err;
2139
bdb6d971 2140 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2141
cdba5281
MH		 2142 status = mgmt_bredr_support(hdev);
2143 if (status)
a69e8375 2144 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 2145
13ecd8b6 2146 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2147 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2148 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2149
a7e80f25 2150 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2151 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2152 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2153
13ecd8b6 2154 hci_dev_lock(hdev);
6c8f12c1 2155
4b34ee78 2156 if (!hdev_is_powered(hdev)) {
9ecb3e24 2157 bool changed;
c0ecddc2 2158
9ecb3e24 2159 if (cp->val) {
238be788
MH		 2160 changed = !hci_dev_test_and_set_flag(hdev,
2161 HCI_SSP_ENABLED);
9ecb3e24 2162 } else {
a69d8927
MH		 2163 changed = hci_dev_test_and_clear_flag(hdev,
2164 HCI_SSP_ENABLED);
9ecb3e24 2165 if (!changed)
a69d8927
MH		 2166 changed = hci_dev_test_and_clear_flag(hdev,
2167 HCI_HS_ENABLED);
9ecb3e24 2168 else
a358dc11 2169 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 2170 }
2171
2172 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2173 if (err < 0)
2174 goto failed;
2175
2176 if (changed)
2177 err = new_settings(hdev, sk);
2178
ed2c4ee3
JH		 2179 goto failed;
2180 }
2181
333ae95d 2182 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2183 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2184 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2185 goto failed;
2186 }
2187
d7a5a11d 2188 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 2189 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2190 goto failed;
2191 }
2192
2193 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2194 if (!cmd) {
2195 err = -ENOMEM;
2196 goto failed;
2197 }
2198
d7a5a11d 2199 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 2200 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2201 sizeof(cp->val), &cp->val);
2202
72ef0c1a 2203 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2204 if (err < 0) {
2205 mgmt_pending_remove(cmd);
2206 goto failed;
2207 }
2208
2209failed:
2210 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2211 return err;
2212}
2213
bdb6d971 2214static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2215{
2216 struct mgmt_mode *cp = data;
ee392693 2217 bool changed;
e6fe7986 2218 u8 status;
ee392693 2219 int err;
6d80dfd0 2220
bdb6d971 2221 BT_DBG("request for %s", hdev->name);
6d80dfd0 2222
e6fe7986
JH		 2223 status = mgmt_bredr_support(hdev);
2224 if (status)
a69e8375 2225 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2226
9ecb3e24 2227 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2228 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2229 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 2230
d7a5a11d 2231 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 2232 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2233 MGMT_STATUS_REJECTED);
9ecb3e24 2234
a7e80f25 2235 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2236 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2237 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2238
ee392693
MH		 2239 hci_dev_lock(hdev);
2240
333ae95d 2241 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2242 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2243 MGMT_STATUS_BUSY);
a2cb01de
JH		 2244 goto unlock;
2245 }
2246
a0cdf960 2247 if (cp->val) {
238be788 2248 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 2249 } else {
2250 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2251 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2252 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2253 goto unlock;
2254 }
2255
a69d8927 2256 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 2257 }
ee392693
MH		 2258
2259 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2260 if (err < 0)
2261 goto unlock;
2262
2263 if (changed)
2264 err = new_settings(hdev, sk);
6d80dfd0 2265
ee392693
MH		 2266unlock:
2267 hci_dev_unlock(hdev);
2268 return err;
6d80dfd0
JH		 2269}
2270
1904a853 2271static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2272{
2273 struct cmd_lookup match = { NULL, hdev };
2274
3ad67582
JK		 2275 hci_dev_lock(hdev);
2276
416a4ae5
JH		 2277 if (status) {
2278 u8 mgmt_err = mgmt_status(status);
2279
2280 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2281 &mgmt_err);
3ad67582 2282 goto unlock;
416a4ae5
JH		 2283 }
2284
2285 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2286
2287 new_settings(hdev, match.sk);
2288
2289 if (match.sk)
2290 sock_put(match.sk);
441ad2d0
MH		 2291
2292 /* Make sure the controller has a good default for
2293 * advertising data. Restrict the update to when LE
2294 * has actually been enabled. During power on, the
2295 * update in powered_update_hci will take care of it.
2296 */
d7a5a11d 2297 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 2298 struct hci_request req;
2299
441ad2d0 2300 hci_req_init(&req, hdev);
5947f4bc 2301 update_adv_data(&req);
f14d8f64 2302 update_scan_rsp_data(&req);
2cf22218 2303 __hci_update_background_scan(&req);
441ad2d0 2304 hci_req_run(&req, NULL);
441ad2d0 2305 }
3ad67582
JK		 2306
2307unlock:
2308 hci_dev_unlock(hdev);
416a4ae5
JH		 2309}
2310
bdb6d971 2311static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2312{
2313 struct mgmt_mode *cp = data;
2314 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 2315 struct mgmt_pending_cmd *cmd;
416a4ae5 2316 struct hci_request req;
06199cf8 2317 int err;
0b60eba1 2318 u8 val, enabled;
06199cf8 2319
bdb6d971 2320 BT_DBG("request for %s", hdev->name);
06199cf8 2321
13ecd8b6 2322 if (!lmp_le_capable(hdev))
a69e8375
JH		 2323 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2324 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2325
a7e80f25 2326 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2327 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2328 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2329
e7844ee5
MH		 2330 /* Bluetooth single mode LE only controllers or dual-mode
2331 * controllers configured as LE only devices, do not allow
2332 * switching LE off. These have either LE enabled explicitly
2333 * or BR/EDR has been previously switched off.
2334 *
2335 * When trying to enable an already enabled LE, then gracefully
2336 * send a positive response. Trying to disable it however will
2337 * result into rejection.
2338 */
2339 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2340 if (cp->val == 0x01)
2341 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2342
a69e8375
JH		 2343 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2344 MGMT_STATUS_REJECTED);
e7844ee5 2345 }
c73eee91 2346
13ecd8b6 2347 hci_dev_lock(hdev);
06199cf8
JH		 2348
2349 val = !!cp->val;
ffa88e02 2350 enabled = lmp_host_le_capable(hdev);
06199cf8 2351
0b60eba1 2352 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2353 bool changed = false;
2354
d7a5a11d 2355 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 2356 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 2357 changed = true;
2358 }
2359
d7a5a11d 2360 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 2361 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 2362 changed = true;
2363 }
2364
06199cf8
JH		 2365 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2366 if (err < 0)
1de028ce 2367 goto unlock;
06199cf8
JH		 2368
2369 if (changed)
2370 err = new_settings(hdev, sk);
2371
1de028ce 2372 goto unlock;
06199cf8
JH		 2373 }
2374
333ae95d
JH		 2375 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2376 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2377 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2378 MGMT_STATUS_BUSY);
1de028ce 2379 goto unlock;
06199cf8
JH		 2380 }
2381
2382 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2383 if (!cmd) {
2384 err = -ENOMEM;
1de028ce 2385 goto unlock;
06199cf8
JH		 2386 }
2387
441ad2d0
MH		 2388 hci_req_init(&req, hdev);
2389
06199cf8
JH		 2390 memset(&hci_cp, 0, sizeof(hci_cp));
2391
2392 if (val) {
2393 hci_cp.le = val;
32226e4f 2394 hci_cp.simul = 0x00;
441ad2d0 2395 } else {
d7a5a11d 2396 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
441ad2d0 2397 disable_advertising(&req);
06199cf8
JH		 2398 }
2399
416a4ae5
JH		 2400 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2401 &hci_cp);
2402
2403 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2404 if (err < 0)
06199cf8 2405 mgmt_pending_remove(cmd);
06199cf8 2406
1de028ce
JH		 2407unlock:
2408 hci_dev_unlock(hdev);
06199cf8
JH		 2409 return err;
2410}
2411
0cab9c80
JH		 2412/* This is a helper function to test for pending mgmt commands that can
2413 * cause CoD or EIR HCI commands. We can only allow one such pending
2414 * mgmt command at a time since otherwise we cannot easily track what
2415 * the current values are, will be, and based on that calculate if a new
2416 * HCI command needs to be sent and if yes with what value.
2417 */
2418static bool pending_eir_or_class(struct hci_dev *hdev)
2419{
3b0602cd 2420 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2421
2422 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2423 switch (cmd->opcode) {
2424 case MGMT_OP_ADD_UUID:
2425 case MGMT_OP_REMOVE_UUID:
2426 case MGMT_OP_SET_DEV_CLASS:
2427 case MGMT_OP_SET_POWERED:
2428 return true;
2429 }
2430 }
2431
2432 return false;
2433}
2434
83be8eca
JH		 2435static const u8 bluetooth_base_uuid[] = {
2436 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2437 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2438};
2439
2440static u8 get_uuid_size(const u8 *uuid)
2441{
2442 u32 val;
2443
2444 if (memcmp(uuid, bluetooth_base_uuid, 12))
2445 return 128;
2446
2447 val = get_unaligned_le32(&uuid[12]);
2448 if (val > 0xffff)
2449 return 32;
2450
2451 return 16;
2452}
2453
92da6097
JH		 2454static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2455{
3b0602cd 2456 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2457
2458 hci_dev_lock(hdev);
2459
333ae95d 2460 cmd = pending_find(mgmt_op, hdev);
92da6097
JH		 2461 if (!cmd)
2462 goto unlock;
2463
2a1afb5a
JH		 2464 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2465 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2466
2467 mgmt_pending_remove(cmd);
2468
2469unlock:
2470 hci_dev_unlock(hdev);
2471}
2472
1904a853 2473static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2474{
2475 BT_DBG("status 0x%02x", status);
2476
2477 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2478}
2479
bdb6d971 2480static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2481{
650f726d 2482 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2483 struct mgmt_pending_cmd *cmd;
890ea898 2484 struct hci_request req;
2aeb9a1a 2485 struct bt_uuid *uuid;
2aeb9a1a
JH		 2486 int err;
2487
bdb6d971 2488 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2489
09fd0de5 2490 hci_dev_lock(hdev);
2aeb9a1a 2491
0cab9c80 2492 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2493 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2494 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2495 goto failed;
2496 }
2497
92c4c204 2498 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2499 if (!uuid) {
2500 err = -ENOMEM;
2501 goto failed;
2502 }
2503
2504 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2505 uuid->svc_hint = cp->svc_hint;
83be8eca 2506 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2507
de66aa63 2508 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2509
890ea898 2510 hci_req_init(&req, hdev);
1aff6f09 2511
890ea898
JH		 2512 update_class(&req);
2513 update_eir(&req);
2514
92da6097
JH		 2515 err = hci_req_run(&req, add_uuid_complete);
2516 if (err < 0) {
2517 if (err != -ENODATA)
2518 goto failed;
80a1e1db 2519
2a1afb5a
JH		 2520 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2521 hdev->dev_class, 3);
90e70454
JH		 2522 goto failed;
2523 }
2524
2525 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2526 if (!cmd) {
90e70454 2527 err = -ENOMEM;
890ea898
JH		 2528 goto failed;
2529 }
2530
2531 err = 0;
2aeb9a1a
JH		 2532
2533failed:
09fd0de5 2534 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2535 return err;
2536}
2537
24b78d0f
JH		 2538static bool enable_service_cache(struct hci_dev *hdev)
2539{
2540 if (!hdev_is_powered(hdev))
2541 return false;
2542
238be788 2543 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2544 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2545 CACHE_TIMEOUT);
24b78d0f
JH		 2546 return true;
2547 }
2548
2549 return false;
2550}
2551
1904a853 2552static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2553{
2554 BT_DBG("status 0x%02x", status);
2555
2556 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2557}
2558
bdb6d971 2559static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2560 u16 len)
2aeb9a1a 2561{
650f726d 2562 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2563 struct mgmt_pending_cmd *cmd;
056341c8 2564 struct bt_uuid *match, *tmp;
2aeb9a1a 2565 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2566 struct hci_request req;
2aeb9a1a
JH		 2567 int err, found;
2568
bdb6d971 2569 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2570
09fd0de5 2571 hci_dev_lock(hdev);
2aeb9a1a 2572
0cab9c80 2573 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2574 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2575 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2576 goto unlock;
2577 }
2578
2aeb9a1a 2579 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2580 hci_uuids_clear(hdev);
4004b6d9 2581
24b78d0f 2582 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2583 err = mgmt_cmd_complete(sk, hdev->id,
2584 MGMT_OP_REMOVE_UUID,
2585 0, hdev->dev_class, 3);
24b78d0f
JH		 2586 goto unlock;
2587 }
4004b6d9 2588
9246a869 2589 goto update_class;
2aeb9a1a
JH		 2590 }
2591
2592 found = 0;
2593
056341c8 2594 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2595 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2596 continue;
2597
2598 list_del(&match->list);
482049f7 2599 kfree(match);
2aeb9a1a
JH		 2600 found++;
2601 }
2602
2603 if (found == 0) {
a69e8375
JH		 2604 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2605 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2606 goto unlock;
2607 }
2608
9246a869 2609update_class:
890ea898 2610 hci_req_init(&req, hdev);
1aff6f09 2611
890ea898
JH		 2612 update_class(&req);
2613 update_eir(&req);
2614
92da6097
JH		 2615 err = hci_req_run(&req, remove_uuid_complete);
2616 if (err < 0) {
2617 if (err != -ENODATA)
2618 goto unlock;
80a1e1db 2619
2a1afb5a
JH		 2620 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2621 hdev->dev_class, 3);
90e70454
JH		 2622 goto unlock;
2623 }
2624
2625 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2626 if (!cmd) {
90e70454 2627 err = -ENOMEM;
890ea898
JH		 2628 goto unlock;
2629 }
2630
2631 err = 0;
2aeb9a1a
JH		 2632
2633unlock:
09fd0de5 2634 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2635 return err;
2636}
2637
1904a853 2638static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2639{
2640 BT_DBG("status 0x%02x", status);
2641
2642 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2643}
2644
bdb6d971 2645static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2646 u16 len)
1aff6f09 2647{
650f726d 2648 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2649 struct mgmt_pending_cmd *cmd;
890ea898 2650 struct hci_request req;
1aff6f09
JH		 2651 int err;
2652
bdb6d971 2653 BT_DBG("request for %s", hdev->name);
1aff6f09 2654
6203fc98 2655 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2656 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2657 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2658
0cab9c80 2659 hci_dev_lock(hdev);
ee98f473 2660
0cab9c80 2661 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2662 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2663 MGMT_STATUS_BUSY);
0cab9c80
JH		 2664 goto unlock;
2665 }
c95f0ba7 2666
0cab9c80 2667 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2668 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2669 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2670 goto unlock;
2671 }
575b3a02 2672
932f5ff5
JH		 2673 hdev->major_class = cp->major;
2674 hdev->minor_class = cp->minor;
2675
b5235a65 2676 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2677 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2678 hdev->dev_class, 3);
b5235a65
JH		 2679 goto unlock;
2680 }
2681
890ea898
JH		 2682 hci_req_init(&req, hdev);
2683
a69d8927 2684 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2685 hci_dev_unlock(hdev);
2686 cancel_delayed_work_sync(&hdev->service_cache);
2687 hci_dev_lock(hdev);
890ea898 2688 update_eir(&req);
7d78525d 2689 }
14c0b608 2690
890ea898
JH		 2691 update_class(&req);
2692
92da6097
JH		 2693 err = hci_req_run(&req, set_class_complete);
2694 if (err < 0) {
2695 if (err != -ENODATA)
2696 goto unlock;
1aff6f09 2697
2a1afb5a
JH		 2698 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2699 hdev->dev_class, 3);
90e70454
JH		 2700 goto unlock;
2701 }
2702
2703 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2704 if (!cmd) {
90e70454 2705 err = -ENOMEM;
890ea898
JH		 2706 goto unlock;
2707 }
2708
2709 err = 0;
1aff6f09 2710
b5235a65 2711unlock:
09fd0de5 2712 hci_dev_unlock(hdev);
1aff6f09
JH		 2713 return err;
2714}
2715
bdb6d971 2716static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2717 u16 len)
55ed8ca1 2718{
650f726d 2719 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2720 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2721 sizeof(struct mgmt_link_key_info));
4e51eae9 2722 u16 key_count, expected_len;
b1de97d8 2723 bool changed;
a492cd52 2724 int i;
55ed8ca1 2725
9060d5cf
MH		 2726 BT_DBG("request for %s", hdev->name);
2727
2728 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2729 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2730 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2731
1f350c87 2732 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2733 if (key_count > max_key_count) {
2734 BT_ERR("load_link_keys: too big key_count value %u",
2735 key_count);
a69e8375
JH		 2736 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2737 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2738 }
55ed8ca1 2739
86742e1e
JH		 2740 expected_len = sizeof(*cp) + key_count *
2741 sizeof(struct mgmt_link_key_info);
a492cd52 2742 if (expected_len != len) {
86742e1e 2743 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2744 expected_len, len);
a69e8375
JH		 2745 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2746 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2747 }
2748
4ae14301 2749 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2750 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2751 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2752
bdb6d971 2753 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2754 key_count);
55ed8ca1 2755
4ee71b20
JH		 2756 for (i = 0; i < key_count; i++) {
2757 struct mgmt_link_key_info *key = &cp->keys[i];
2758
8e991132 2759 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2760 return mgmt_cmd_status(sk, hdev->id,
2761 MGMT_OP_LOAD_LINK_KEYS,
2762 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2763 }
2764
09fd0de5 2765 hci_dev_lock(hdev);
55ed8ca1
JH		 2766
2767 hci_link_keys_clear(hdev);
2768
55ed8ca1 2769 if (cp->debug_keys)
238be788 2770 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2771 else
a69d8927
MH		 2772 changed = hci_dev_test_and_clear_flag(hdev,
2773 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2774
2775 if (changed)
2776 new_settings(hdev, NULL);
55ed8ca1 2777
a492cd52 2778 for (i = 0; i < key_count; i++) {
86742e1e 2779 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2780
58e9293c
JH		 2781 /* Always ignore debug keys and require a new pairing if
2782 * the user wants to use them.
2783 */
2784 if (key->type == HCI_LK_DEBUG_COMBINATION)
2785 continue;
2786
7652ff6a
JH		 2787 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2788 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2789 }
2790
2a1afb5a 2791 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2792
09fd0de5 2793 hci_dev_unlock(hdev);
55ed8ca1 2794
a492cd52 2795 return 0;
55ed8ca1
JH		 2796}
2797
b1078ad0 2798static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2799 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2800{
2801 struct mgmt_ev_device_unpaired ev;
2802
2803 bacpy(&ev.addr.bdaddr, bdaddr);
2804 ev.addr.type = addr_type;
2805
2806 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2807 skip_sk);
b1078ad0
JH		 2808}
2809
bdb6d971 2810static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2811 u16 len)
55ed8ca1 2812{
124f6e35
JH		 2813 struct mgmt_cp_unpair_device *cp = data;
2814 struct mgmt_rp_unpair_device rp;
a8a1d19e 2815 struct hci_cp_disconnect dc;
3b0602cd 2816 struct mgmt_pending_cmd *cmd;
55ed8ca1 2817 struct hci_conn *conn;
55ed8ca1
JH		 2818 int err;
2819
a8a1d19e 2820 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2821 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2822 rp.addr.type = cp->addr.type;
a8a1d19e 2823
4ee71b20 2824 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2825 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2826 MGMT_STATUS_INVALID_PARAMS,
2827 &rp, sizeof(rp));
4ee71b20 2828
118da70b 2829 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2830 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2831 MGMT_STATUS_INVALID_PARAMS,
2832 &rp, sizeof(rp));
118da70b 2833
4ee71b20
JH		 2834 hci_dev_lock(hdev);
2835
86a8cfc6 2836 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2837 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2838 MGMT_STATUS_NOT_POWERED, &rp,
2839 sizeof(rp));
86a8cfc6
JH		 2840 goto unlock;
2841 }
2842
e0b2b27e 2843 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2844 /* If disconnection is requested, then look up the
2845 * connection. If the remote device is connected, it
2846 * will be later used to terminate the link.
2847 *
2848 * Setting it to NULL explicitly will cause no
2849 * termination of the link.
2850 */
2851 if (cp->disconnect)
2852 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2853 &cp->addr.bdaddr);
2854 else
2855 conn = NULL;
2856
124f6e35 2857 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2858 } else {
2859 u8 addr_type;
2860
89cbb063
AA		 2861 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2862 &cp->addr.bdaddr);
2863 if (conn) {
2864 /* Defer clearing up the connection parameters
2865 * until closing to give a chance of keeping
2866 * them if a repairing happens.
2867 */
2868 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2869
2870 /* If disconnection is not requested, then
2871 * clear the connection variable so that the
2872 * link is not terminated.
2873 */
2874 if (!cp->disconnect)
2875 conn = NULL;
2876 }
2877
e0b2b27e
JH		 2878 if (cp->addr.type == BDADDR_LE_PUBLIC)
2879 addr_type = ADDR_LE_DEV_PUBLIC;
2880 else
2881 addr_type = ADDR_LE_DEV_RANDOM;
2882
a7ec7338
JH		 2883 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2884
e0b2b27e
JH		 2885 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2886 }
b0dbfb46 2887
55ed8ca1 2888 if (err < 0) {
2a1afb5a
JH		 2889 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2890 MGMT_STATUS_NOT_PAIRED, &rp,
2891 sizeof(rp));
55ed8ca1
JH		 2892 goto unlock;
2893 }
2894
89cbb063
AA		 2895 /* If the connection variable is set, then termination of the
2896 * link is requested.
2897 */
a8a1d19e 2898 if (!conn) {
2a1afb5a
JH		 2899 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2900 &rp, sizeof(rp));
b1078ad0 2901 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2902 goto unlock;
2903 }
55ed8ca1 2904
124f6e35 2905 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2906 sizeof(*cp));
a8a1d19e
JH		 2907 if (!cmd) {
2908 err = -ENOMEM;
2909 goto unlock;
55ed8ca1
JH		 2910 }
2911
d8b7b1e4
JH		 2912 cmd->cmd_complete = addr_cmd_complete;
2913
eb55ef07 2914 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2915 dc.reason = 0x13; /* Remote User Terminated Connection */
2916 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2917 if (err < 0)
2918 mgmt_pending_remove(cmd);
2919
55ed8ca1 2920unlock:
09fd0de5 2921 hci_dev_unlock(hdev);
55ed8ca1
JH		 2922 return err;
2923}
2924
bdb6d971 2925static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2926 u16 len)
8962ee74 2927{
650f726d 2928 struct mgmt_cp_disconnect *cp = data;
06a63b19 2929 struct mgmt_rp_disconnect rp;
3b0602cd 2930 struct mgmt_pending_cmd *cmd;
8962ee74 2931 struct hci_conn *conn;
8962ee74
JH		 2932 int err;
2933
2934 BT_DBG("");
2935
06a63b19
JH		 2936 memset(&rp, 0, sizeof(rp));
2937 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2938 rp.addr.type = cp->addr.type;
2939
4ee71b20 2940 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2941 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2942 MGMT_STATUS_INVALID_PARAMS,
2943 &rp, sizeof(rp));
4ee71b20 2944
09fd0de5 2945 hci_dev_lock(hdev);
8962ee74
JH		 2946
2947 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2948 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2949 MGMT_STATUS_NOT_POWERED, &rp,
2950 sizeof(rp));
8962ee74
JH		 2951 goto failed;
2952 }
2953
333ae95d 2954 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2955 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2956 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2957 goto failed;
2958 }
2959
591f47f3 2960 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2961 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2962 &cp->addr.bdaddr);
88c3df13
JH		 2963 else
2964 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2965
f960727e 2966 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2967 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2968 MGMT_STATUS_NOT_CONNECTED, &rp,
2969 sizeof(rp));
8962ee74
JH		 2970 goto failed;
2971 }
2972
2e58ef3e 2973 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2974 if (!cmd) {
2975 err = -ENOMEM;
8962ee74 2976 goto failed;
366a0336 2977 }
8962ee74 2978
f5818c22
JH		 2979 cmd->cmd_complete = generic_cmd_complete;
2980
e3f2f92a 2981 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2982 if (err < 0)
a664b5bc 2983 mgmt_pending_remove(cmd);
8962ee74
JH		 2984
2985failed:
09fd0de5 2986 hci_dev_unlock(hdev);
8962ee74
JH		 2987 return err;
2988}
2989
57c1477c 2990static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2991{
2992 switch (link_type) {
2993 case LE_LINK:
48264f06
JH		 2994 switch (addr_type) {
2995 case ADDR_LE_DEV_PUBLIC:
591f47f3 2996 return BDADDR_LE_PUBLIC;
0ed09148 2997
48264f06 2998 default:
0ed09148 2999 /* Fallback to LE Random address type */
591f47f3 3000 return BDADDR_LE_RANDOM;
48264f06 3001 }
0ed09148 3002
4c659c39 3003 default:
0ed09148 3004 /* Fallback to BR/EDR type */
591f47f3 3005 return BDADDR_BREDR;
4c659c39
JH		 3006 }
3007}
3008
04124681
GP		 3009static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3010 u16 data_len)
2784eb41 3011{
2784eb41 3012 struct mgmt_rp_get_connections *rp;
8035ded4 3013 struct hci_conn *c;
a38528f1 3014 size_t rp_len;
60fc5fb6
JH		 3015 int err;
3016 u16 i;
2784eb41
JH		 3017
3018 BT_DBG("");
3019
09fd0de5 3020 hci_dev_lock(hdev);
2784eb41 3021
5f97c1df 3022 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3023 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3024 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3025 goto unlock;
3026 }
3027
60fc5fb6 3028 i = 0;
b644ba33
JH		 3029 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3030 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 3031 i++;
2784eb41
JH		 3032 }
3033
60fc5fb6 3034 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 3035 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 3036 if (!rp) {
2784eb41
JH		 3037 err = -ENOMEM;
3038 goto unlock;
3039 }
3040
2784eb41 3041 i = 0;
4c659c39 3042 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 3043 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3044 continue;
4c659c39 3045 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 3046 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 3047 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 3048 continue;
3049 i++;
3050 }
3051
eb55ef07 3052 rp->conn_count = cpu_to_le16(i);
60fc5fb6 3053
4c659c39
JH		 3054 /* Recalculate length in case of filtered SCO connections, etc */
3055 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 3056
2a1afb5a
JH		 3057 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3058 rp_len);
2784eb41 3059
a38528f1 3060 kfree(rp);
5f97c1df
JH		 3061
3062unlock:
09fd0de5 3063 hci_dev_unlock(hdev);
2784eb41
JH		 3064 return err;
3065}
3066
bdb6d971 3067static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3068 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 3069{
3b0602cd 3070 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 3071 int err;
3072
2e58ef3e 3073 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 3074 sizeof(*cp));
96d97a67
WR		 3075 if (!cmd)
3076 return -ENOMEM;
3077
d8457698 3078 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 3079 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 3080 if (err < 0)
3081 mgmt_pending_remove(cmd);
3082
3083 return err;
3084}
3085
bdb6d971 3086static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3087 u16 len)
980e1a53 3088{
96d97a67 3089 struct hci_conn *conn;
650f726d 3090 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3091 struct hci_cp_pin_code_reply reply;
3b0602cd 3092 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3093 int err;
3094
3095 BT_DBG("");
3096
09fd0de5 3097 hci_dev_lock(hdev);
980e1a53 3098
4b34ee78 3099 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3100 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3101 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3102 goto failed;
3103 }
3104
d8457698 3105 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3106 if (!conn) {
a69e8375
JH		 3107 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3108 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3109 goto failed;
3110 }
3111
3112 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3113 struct mgmt_cp_pin_code_neg_reply ncp;
3114
3115 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3116
3117 BT_ERR("PIN code is not 16 bytes long");
3118
bdb6d971 3119 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3120 if (err >= 0)
a69e8375
JH		 3121 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3122 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3123
3124 goto failed;
3125 }
3126
00abfe44 3127 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3128 if (!cmd) {
3129 err = -ENOMEM;
980e1a53 3130 goto failed;
366a0336 3131 }
980e1a53 3132
7776d1d8
JH		 3133 cmd->cmd_complete = addr_cmd_complete;
3134
d8457698 3135 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3136 reply.pin_len = cp->pin_len;
24718ca5 3137 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3138
3139 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3140 if (err < 0)
a664b5bc 3141 mgmt_pending_remove(cmd);
980e1a53
JH		 3142
3143failed:
09fd0de5 3144 hci_dev_unlock(hdev);
980e1a53
JH		 3145 return err;
3146}
3147
04124681
GP		 3148static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3149 u16 len)
17fa4b9d 3150{
650f726d 3151 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3152
3153 BT_DBG("");
3154
4ec86d4c 3155 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3156 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3157 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 3158
09fd0de5 3159 hci_dev_lock(hdev);
17fa4b9d
JH		 3160
3161 hdev->io_capability = cp->io_capability;
3162
3163 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3164 hdev->io_capability);
17fa4b9d 3165
09fd0de5 3166 hci_dev_unlock(hdev);
17fa4b9d 3167
2a1afb5a
JH		 3168 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3169 NULL, 0);
17fa4b9d
JH		 3170}
3171
3b0602cd 3172static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3173{
3174 struct hci_dev *hdev = conn->hdev;
3b0602cd 3175 struct mgmt_pending_cmd *cmd;
e9a416b5 3176
2e58ef3e 3177 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3178 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3179 continue;
3180
e9a416b5
JH		 3181 if (cmd->user_data != conn)
3182 continue;
3183
3184 return cmd;
3185 }
3186
3187 return NULL;
3188}
3189
3b0602cd 3190static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3191{
3192 struct mgmt_rp_pair_device rp;
3193 struct hci_conn *conn = cmd->user_data;
9df74653 3194 int err;
e9a416b5 3195
61b1a7fb
JH		 3196 bacpy(&rp.addr.bdaddr, &conn->dst);
3197 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3198
2a1afb5a
JH		 3199 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3200 status, &rp, sizeof(rp));
e9a416b5
JH		 3201
3202 /* So we don't get further callbacks for this connection */
3203 conn->connect_cfm_cb = NULL;
3204 conn->security_cfm_cb = NULL;
3205 conn->disconn_cfm_cb = NULL;
3206
76a68ba0 3207 hci_conn_drop(conn);
89cbb063
AA		 3208
3209 /* The device is paired so there is no need to remove
3210 * its connection parameters anymore.
3211 */
3212 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3213
3214 hci_conn_put(conn);
9df74653
JH		 3215
3216 return err;
e9a416b5
JH		 3217}
3218
f4a407be
JH		 3219void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3220{
3221 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3222 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3223
3224 cmd = find_pairing(conn);
a511b35b 3225 if (cmd) {
04ab2749 3226 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3227 mgmt_pending_remove(cmd);
3228 }
f4a407be
JH		 3229}
3230
e9a416b5
JH		 3231static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3232{
3b0602cd 3233 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3234
3235 BT_DBG("status %u", status);
3236
3237 cmd = find_pairing(conn);
a511b35b 3238 if (!cmd) {
e9a416b5 3239 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3240 return;
3241 }
3242
3243 cmd->cmd_complete(cmd, mgmt_status(status));
3244 mgmt_pending_remove(cmd);
e9a416b5
JH		 3245}
3246
f4a407be 3247static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3248{
3b0602cd 3249 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3250
3251 BT_DBG("status %u", status);
3252
3253 if (!status)
3254 return;
3255
3256 cmd = find_pairing(conn);
a511b35b 3257 if (!cmd) {
4c47d739 3258 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3259 return;
3260 }
3261
3262 cmd->cmd_complete(cmd, mgmt_status(status));
3263 mgmt_pending_remove(cmd);
4c47d739
VA		 3264}
3265
bdb6d971 3266static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3267 u16 len)
e9a416b5 3268{
650f726d 3269 struct mgmt_cp_pair_device *cp = data;
1425acb7 3270 struct mgmt_rp_pair_device rp;
3b0602cd 3271 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3272 u8 sec_level, auth_type;
3273 struct hci_conn *conn;
e9a416b5
JH		 3274 int err;
3275
3276 BT_DBG("");
3277
f950a30e
SJ		 3278 memset(&rp, 0, sizeof(rp));
3279 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3280 rp.addr.type = cp->addr.type;
3281
4ee71b20 3282 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3283 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3284 MGMT_STATUS_INVALID_PARAMS,
3285 &rp, sizeof(rp));
4ee71b20 3286
4ec86d4c 3287 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3288 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3289 MGMT_STATUS_INVALID_PARAMS,
3290 &rp, sizeof(rp));
4ec86d4c 3291
09fd0de5 3292 hci_dev_lock(hdev);
e9a416b5 3293
5f97c1df 3294 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3295 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3296 MGMT_STATUS_NOT_POWERED, &rp,
3297 sizeof(rp));
5f97c1df
JH		 3298 goto unlock;
3299 }
3300
55e76b38
JH		 3301 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3302 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3303 MGMT_STATUS_ALREADY_PAIRED, &rp,
3304 sizeof(rp));
3305 goto unlock;
3306 }
3307
c908df36 3308 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3309 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3310
6f77d8c7 3311 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3312 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3313 auth_type);
6f77d8c7
AG		 3314 } else {
3315 u8 addr_type;
3316
3317 /* Convert from L2CAP channel address type to HCI address type
3318 */
3319 if (cp->addr.type == BDADDR_LE_PUBLIC)
3320 addr_type = ADDR_LE_DEV_PUBLIC;
3321 else
3322 addr_type = ADDR_LE_DEV_RANDOM;
3323
7c264b10
MH		 3324 /* When pairing a new device, it is expected to remember
3325 * this device for future connections. Adding the connection
3326 * parameter information ahead of time allows tracking
3327 * of the slave preferred values and will speed up any
3328 * further connection establishment.
3329 *
3330 * If connection parameters already exist, then they
3331 * will be kept and this function does nothing.
3332 */
3333 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3334
6f77d8c7 3335 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3336 sec_level, HCI_LE_CONN_TIMEOUT,
3337 HCI_ROLE_MASTER);
6f77d8c7 3338 }
7a512d01 3339
30e76272 3340 if (IS_ERR(conn)) {
489dc48e
AK		 3341 int status;
3342
3343 if (PTR_ERR(conn) == -EBUSY)
3344 status = MGMT_STATUS_BUSY;
faa81030
LR		 3345 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3346 status = MGMT_STATUS_NOT_SUPPORTED;
3347 else if (PTR_ERR(conn) == -ECONNREFUSED)
3348 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3349 else
3350 status = MGMT_STATUS_CONNECT_FAILED;
3351
2a1afb5a
JH		 3352 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3353 status, &rp, sizeof(rp));
e9a416b5
JH		 3354 goto unlock;
3355 }
3356
3357 if (conn->connect_cfm_cb) {
76a68ba0 3358 hci_conn_drop(conn);
2a1afb5a
JH		 3359 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3360 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3361 goto unlock;
3362 }
3363
2e58ef3e 3364 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3365 if (!cmd) {
3366 err = -ENOMEM;
76a68ba0 3367 hci_conn_drop(conn);
e9a416b5
JH		 3368 goto unlock;
3369 }
3370
04ab2749
JH		 3371 cmd->cmd_complete = pairing_complete;
3372
7a512d01 3373 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3374 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3375 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3376 conn->security_cfm_cb = pairing_complete_cb;
3377 conn->disconn_cfm_cb = pairing_complete_cb;
3378 } else {
3379 conn->connect_cfm_cb = le_pairing_complete_cb;
3380 conn->security_cfm_cb = le_pairing_complete_cb;
3381 conn->disconn_cfm_cb = le_pairing_complete_cb;
3382 }
7a512d01 3383
e9a416b5 3384 conn->io_capability = cp->io_cap;
f8aaf9b6 3385 cmd->user_data = hci_conn_get(conn);
e9a416b5 3386
6f78fd4b 3387 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3388 hci_conn_security(conn, sec_level, auth_type, true)) {
3389 cmd->cmd_complete(cmd, 0);
3390 mgmt_pending_remove(cmd);
3391 }
e9a416b5
JH		 3392
3393 err = 0;
3394
3395unlock:
09fd0de5 3396 hci_dev_unlock(hdev);
e9a416b5
JH		 3397 return err;
3398}
3399
04124681
GP		 3400static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3401 u16 len)
28424707 3402{
0f4e68cf 3403 struct mgmt_addr_info *addr = data;
3b0602cd 3404 struct mgmt_pending_cmd *cmd;
28424707
JH		 3405 struct hci_conn *conn;
3406 int err;
3407
3408 BT_DBG("");
3409
28424707
JH		 3410 hci_dev_lock(hdev);
3411
5f97c1df 3412 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3413 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3414 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3415 goto unlock;
3416 }
3417
333ae95d 3418 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 3419 if (!cmd) {
a69e8375
JH		 3420 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3421 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3422 goto unlock;
3423 }
3424
3425 conn = cmd->user_data;
3426
3427 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3428 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3429 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3430 goto unlock;
3431 }
3432
a511b35b
JH		 3433 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3434 mgmt_pending_remove(cmd);
28424707 3435
2a1afb5a
JH		 3436 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3437 addr, sizeof(*addr));
28424707
JH		 3438unlock:
3439 hci_dev_unlock(hdev);
28424707
JH		 3440 return err;
3441}
3442
bdb6d971 3443static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3444 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3445 u16 hci_op, __le32 passkey)
a5c29683 3446{
3b0602cd 3447 struct mgmt_pending_cmd *cmd;
0df4c185 3448 struct hci_conn *conn;
a5c29683
JH		 3449 int err;
3450
09fd0de5 3451 hci_dev_lock(hdev);
08ba5382 3452
4b34ee78 3453 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3454 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3455 MGMT_STATUS_NOT_POWERED, addr,
3456 sizeof(*addr));
0df4c185 3457 goto done;
a5c29683
JH		 3458 }
3459
1707c60e
JH		 3460 if (addr->type == BDADDR_BREDR)
3461 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3462 else
1707c60e 3463 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3464
3465 if (!conn) {
2a1afb5a
JH		 3466 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3467 MGMT_STATUS_NOT_CONNECTED, addr,
3468 sizeof(*addr));
272d90df
JH		 3469 goto done;
3470 }
47c15e2b 3471
1707c60e 3472 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3473 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3474 if (!err)
2a1afb5a
JH		 3475 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3476 MGMT_STATUS_SUCCESS, addr,
3477 sizeof(*addr));
5fe57d9e 3478 else
2a1afb5a
JH		 3479 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3480 MGMT_STATUS_FAILED, addr,
3481 sizeof(*addr));
47c15e2b 3482
47c15e2b
BG		 3483 goto done;
3484 }
3485
1707c60e 3486 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3487 if (!cmd) {
3488 err = -ENOMEM;
0df4c185 3489 goto done;
a5c29683
JH		 3490 }
3491
7776d1d8
JH		 3492 cmd->cmd_complete = addr_cmd_complete;
3493
0df4c185 3494 /* Continue with pairing via HCI */
604086b7
BG		 3495 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3496 struct hci_cp_user_passkey_reply cp;
3497
1707c60e 3498 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3499 cp.passkey = passkey;
3500 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3501 } else
1707c60e
JH		 3502 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3503 &addr->bdaddr);
604086b7 3504
a664b5bc
JH		 3505 if (err < 0)
3506 mgmt_pending_remove(cmd);
a5c29683 3507
0df4c185 3508done:
09fd0de5 3509 hci_dev_unlock(hdev);
a5c29683
JH		 3510 return err;
3511}
3512
afeb019d
JK		 3513static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3514 void *data, u16 len)
3515{
3516 struct mgmt_cp_pin_code_neg_reply *cp = data;
3517
3518 BT_DBG("");
3519
1707c60e 3520 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3521 MGMT_OP_PIN_CODE_NEG_REPLY,
3522 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3523}
3524
04124681
GP		 3525static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3526 u16 len)
0df4c185 3527{
650f726d 3528 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3529
3530 BT_DBG("");
3531
3532 if (len != sizeof(*cp))
a69e8375
JH		 3533 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3534 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3535
1707c60e 3536 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3537 MGMT_OP_USER_CONFIRM_REPLY,
3538 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3539}
3540
bdb6d971 3541static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3542 void *data, u16 len)
0df4c185 3543{
c9c2659f 3544 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3545
3546 BT_DBG("");
3547
1707c60e 3548 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3549 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3550 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3551}
3552
04124681
GP		 3553static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3554 u16 len)
604086b7 3555{
650f726d 3556 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3557
3558 BT_DBG("");
3559
1707c60e 3560 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3561 MGMT_OP_USER_PASSKEY_REPLY,
3562 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3563}
3564
bdb6d971 3565static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3566 void *data, u16 len)
604086b7 3567{
650f726d 3568 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3569
3570 BT_DBG("");
3571
1707c60e 3572 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3573 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3574 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3575}
3576
13928971 3577static void update_name(struct hci_request *req)
2b4bf397 3578{
13928971 3579 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3580 struct hci_cp_write_local_name cp;
3581
13928971 3582 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3583
890ea898 3584 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3585}
3586
1904a853 3587static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3588{
3589 struct mgmt_cp_set_local_name *cp;
3b0602cd 3590 struct mgmt_pending_cmd *cmd;
13928971
JH		 3591
3592 BT_DBG("status 0x%02x", status);
3593
3594 hci_dev_lock(hdev);
3595
333ae95d 3596 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 3597 if (!cmd)
3598 goto unlock;
3599
3600 cp = cmd->param;
3601
3602 if (status)
a69e8375
JH		 3603 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3604 mgmt_status(status));
13928971 3605 else
2a1afb5a
JH		 3606 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3607 cp, sizeof(*cp));
13928971
JH		 3608
3609 mgmt_pending_remove(cmd);
3610
3611unlock:
3612 hci_dev_unlock(hdev);
3613}
3614
bdb6d971 3615static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3616 u16 len)
b312b161 3617{
2b4bf397 3618 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3619 struct mgmt_pending_cmd *cmd;
890ea898 3620 struct hci_request req;
b312b161
JH		 3621 int err;
3622
3623 BT_DBG("");
3624
09fd0de5 3625 hci_dev_lock(hdev);
b312b161 3626
b3f2ca94
JH		 3627 /* If the old values are the same as the new ones just return a
3628 * direct command complete event.
3629 */
3630 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3631 !memcmp(hdev->short_name, cp->short_name,
3632 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3633 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3634 data, len);
b3f2ca94
JH		 3635 goto failed;
3636 }
3637
2b4bf397 3638 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3639
b5235a65 3640 if (!hdev_is_powered(hdev)) {
2b4bf397 3641 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3642
2a1afb5a
JH		 3643 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3644 data, len);
28cc7bde
JH		 3645 if (err < 0)
3646 goto failed;
3647
f6b7712e
MH		 3648 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3649 data, len, sk);
28cc7bde 3650
b5235a65
JH		 3651 goto failed;
3652 }
3653
28cc7bde 3654 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3655 if (!cmd) {
3656 err = -ENOMEM;
3657 goto failed;
3658 }
3659
13928971
JH		 3660 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3661
890ea898 3662 hci_req_init(&req, hdev);
3f985050
JH		 3663
3664 if (lmp_bredr_capable(hdev)) {
3665 update_name(&req);
3666 update_eir(&req);
3667 }
3668
7a5f4990
MH		 3669 /* The name is stored in the scan response data and so
3670 * no need to udpate the advertising data here.
3671 */
3f985050 3672 if (lmp_le_capable(hdev))
7a5f4990 3673 update_scan_rsp_data(&req);
3f985050 3674
13928971 3675 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3676 if (err < 0)
3677 mgmt_pending_remove(cmd);
3678
3679failed:
09fd0de5 3680 hci_dev_unlock(hdev);
b312b161
JH		 3681 return err;
3682}
3683
0f4e68cf 3684static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3685 void *data, u16 data_len)
c35938b2 3686{
3b0602cd 3687 struct mgmt_pending_cmd *cmd;
c35938b2
SJ		 3688 int err;
3689
bdb6d971 3690 BT_DBG("%s", hdev->name);
c35938b2 3691
09fd0de5 3692 hci_dev_lock(hdev);
c35938b2 3693
4b34ee78 3694 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3695 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3696 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3697 goto unlock;
3698 }
3699
9a1a1996 3700 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3701 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3702 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3703 goto unlock;
3704 }
3705
333ae95d 3706 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3707 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3708 MGMT_STATUS_BUSY);
c35938b2
SJ		 3709 goto unlock;
3710 }
3711
2e58ef3e 3712 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3713 if (!cmd) {
3714 err = -ENOMEM;
3715 goto unlock;
3716 }
3717
710f11c0 3718 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3719 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3720 0, NULL);
3721 else
3722 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3723
c35938b2
SJ		 3724 if (err < 0)
3725 mgmt_pending_remove(cmd);
3726
3727unlock:
09fd0de5 3728 hci_dev_unlock(hdev);
c35938b2
SJ		 3729 return err;
3730}
3731
bdb6d971 3732static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3733 void *data, u16 len)
2763eda6 3734{
5d57e796 3735 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3736 int err;
3737
bdb6d971 3738 BT_DBG("%s ", hdev->name);
2763eda6 3739
5d57e796 3740 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3741 return mgmt_cmd_complete(sk, hdev->id,
3742 MGMT_OP_ADD_REMOTE_OOB_DATA,
3743 MGMT_STATUS_INVALID_PARAMS,
3744 addr, sizeof(*addr));
5d57e796 3745
09fd0de5 3746 hci_dev_lock(hdev);
2763eda6 3747
ec109113
MH		 3748 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3749 struct mgmt_cp_add_remote_oob_data *cp = data;
3750 u8 status;
bf1e3541 3751
c19a495c 3752 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3753 err = mgmt_cmd_complete(sk, hdev->id,
3754 MGMT_OP_ADD_REMOTE_OOB_DATA,
3755 MGMT_STATUS_INVALID_PARAMS,
3756 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3757 goto unlock;
3758 }
3759
ec109113 3760 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3761 cp->addr.type, cp->hash,
3762 cp->rand, NULL, NULL);
ec109113
MH		 3763 if (err < 0)
3764 status = MGMT_STATUS_FAILED;
3765 else
3766 status = MGMT_STATUS_SUCCESS;
3767
2a1afb5a
JH		 3768 err = mgmt_cmd_complete(sk, hdev->id,
3769 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3770 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3771 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3772 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3773 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3774 u8 status;
3775
86df9200 3776 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3777 /* Enforce zero-valued 192-bit parameters as
3778 * long as legacy SMP OOB isn't implemented.
3779 */
3780 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3781 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3782 err = mgmt_cmd_complete(sk, hdev->id,
3783 MGMT_OP_ADD_REMOTE_OOB_DATA,
3784 MGMT_STATUS_INVALID_PARAMS,
3785 addr, sizeof(*addr));
d25b78e2
JH		 3786 goto unlock;
3787 }
3788
86df9200
JH		 3789 rand192 = NULL;
3790 hash192 = NULL;
3791 } else {
41bcfd50
MH		 3792 /* In case one of the P-192 values is set to zero,
3793 * then just disable OOB data for P-192.
3794 */
3795 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3796 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3797 rand192 = NULL;
3798 hash192 = NULL;
3799 } else {
3800 rand192 = cp->rand192;
3801 hash192 = cp->hash192;
3802 }
3803 }
3804
3805 /* In case one of the P-256 values is set to zero, then just
3806 * disable OOB data for P-256.
3807 */
3808 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3809 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3810 rand256 = NULL;
3811 hash256 = NULL;
3812 } else {
3813 rand256 = cp->rand256;
3814 hash256 = cp->hash256;
86df9200
JH		 3815 }
3816
81328d5c 3817 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3818 cp->addr.type, hash192, rand192,
41bcfd50 3819 hash256, rand256);
ec109113
MH		 3820 if (err < 0)
3821 status = MGMT_STATUS_FAILED;
3822 else
3823 status = MGMT_STATUS_SUCCESS;
3824
2a1afb5a
JH		 3825 err = mgmt_cmd_complete(sk, hdev->id,
3826 MGMT_OP_ADD_REMOTE_OOB_DATA,
3827 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3828 } else {
3829 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3830 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3831 MGMT_STATUS_INVALID_PARAMS);
ec109113 3832 }
2763eda6 3833
c19a495c 3834unlock:
09fd0de5 3835 hci_dev_unlock(hdev);
2763eda6
SJ		 3836 return err;
3837}
3838
bdb6d971 3839static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3840 void *data, u16 len)
2763eda6 3841{
650f726d 3842 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3843 u8 status;
2763eda6
SJ		 3844 int err;
3845
bdb6d971 3846 BT_DBG("%s", hdev->name);
2763eda6 3847
c19a495c 3848 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3849 return mgmt_cmd_complete(sk, hdev->id,
3850 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3851 MGMT_STATUS_INVALID_PARAMS,
3852 &cp->addr, sizeof(cp->addr));
c19a495c 3853
09fd0de5 3854 hci_dev_lock(hdev);
2763eda6 3855
eedbd581
JH		 3856 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3857 hci_remote_oob_data_clear(hdev);
3858 status = MGMT_STATUS_SUCCESS;
3859 goto done;
3860 }
3861
6928a924 3862 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3863 if (err < 0)
bf1e3541 3864 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3865 else
a6785be2 3866 status = MGMT_STATUS_SUCCESS;
bf1e3541 3867
eedbd581 3868done:
2a1afb5a
JH		 3869 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3870 status, &cp->addr, sizeof(cp->addr));
2763eda6 3871
09fd0de5 3872 hci_dev_unlock(hdev);
2763eda6
SJ		 3873 return err;
3874}
3875
812abb13 3876static bool trigger_bredr_inquiry(struct hci_request *req, u8 *status)
41dc2bd6 3877{
8019044d 3878 struct hci_dev *hdev = req->hdev;
812abb13 3879 struct hci_cp_inquiry cp;
8019044d
MH		 3880 /* General inquiry access code (GIAC) */
3881 u8 lap[3] = { 0x33, 0x8b, 0x9e };
812abb13
JP		 3882
3883 *status = mgmt_bredr_support(hdev);
3884 if (*status)
3885 return false;
3886
3887 if (hci_dev_test_flag(hdev, HCI_INQUIRY)) {
3888 *status = MGMT_STATUS_BUSY;
3889 return false;
3890 }
3891
3892 hci_inquiry_cache_flush(hdev);
3893
3894 memset(&cp, 0, sizeof(cp));
3895 memcpy(&cp.lap, lap, sizeof(cp.lap));
3896 cp.length = DISCOV_BREDR_INQUIRY_LEN;
3897
3898 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
3899
3900 return true;
3901}
3902
3903static bool trigger_le_scan(struct hci_request *req, u16 interval, u8 *status)
3904{
3905 struct hci_dev *hdev = req->hdev;
3906 struct hci_cp_le_set_scan_param param_cp;
3907 struct hci_cp_le_set_scan_enable enable_cp;
8019044d 3908 u8 own_addr_type;
41dc2bd6
AG		 3909 int err;
3910
812abb13
JP		 3911 *status = mgmt_le_support(hdev);
3912 if (*status)
3913 return false;
41dc2bd6 3914
812abb13
JP		 3915 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
3916 /* Don't let discovery abort an outgoing connection attempt
3917 * that's using directed advertising.
3918 */
3919 if (hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) {
3920 *status = MGMT_STATUS_REJECTED;
8019044d
MH		 3921 return false;
3922 }
41dc2bd6 3923
812abb13
JP		 3924 disable_advertising(req);
3925 }
41dc2bd6 3926
812abb13
JP		 3927 /* If controller is scanning, it means the background scanning is
3928 * running. Thus, we should temporarily stop it in order to set the
3929 * discovery scanning parameters.
3930 */
3931 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
3932 hci_req_add_le_scan_disable(req);
41dc2bd6 3933
812abb13
JP		 3934 /* All active scans will be done with either a resolvable private
3935 * address (when privacy feature has been enabled) or non-resolvable
3936 * private address.
3937 */
3938 err = hci_update_random_address(req, true, &own_addr_type);
3939 if (err < 0) {
3940 *status = MGMT_STATUS_FAILED;
3941 return false;
3942 }
8019044d 3943
812abb13
JP		 3944 memset(&param_cp, 0, sizeof(param_cp));
3945 param_cp.type = LE_SCAN_ACTIVE;
3946 param_cp.interval = cpu_to_le16(interval);
3947 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3948 param_cp.own_address_type = own_addr_type;
8019044d 3949
812abb13
JP		 3950 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3951 &param_cp);
8019044d 3952
812abb13
JP		 3953 memset(&enable_cp, 0, sizeof(enable_cp));
3954 enable_cp.enable = LE_SCAN_ENABLE;
3955 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
8019044d 3956
812abb13
JP		 3957 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3958 &enable_cp);
3959
3960 return true;
3961}
8019044d 3962
812abb13
JP		 3963static bool trigger_discovery(struct hci_request *req, u8 *status)
3964{
3965 struct hci_dev *hdev = req->hdev;
8019044d 3966
812abb13
JP		 3967 switch (hdev->discovery.type) {
3968 case DISCOV_TYPE_BREDR:
3969 if (!trigger_bredr_inquiry(req, status))
3970 return false;
3971 break;
3972
3973 case DISCOV_TYPE_INTERLEAVED:
07d2334a
JP		 3974 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
3975 &hdev->quirks)) {
3976 /* During simultaneous discovery, we double LE scan
3977 * interval. We must leave some time for the controller
3978 * to do BR/EDR inquiry.
3979 */
3980 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT * 2,
3981 status))
3982 return false;
3983
3984 if (!trigger_bredr_inquiry(req, status))
3985 return false;
3986
3987 return true;
3988 }
3989
812abb13
JP		 3990 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
3991 *status = MGMT_STATUS_NOT_SUPPORTED;
8019044d
MH		 3992 return false;
3993 }
812abb13 3994 /* fall through */
8019044d 3995
812abb13
JP		 3996 case DISCOV_TYPE_LE:
3997 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT, status))
3998 return false;
8019044d
MH		 3999 break;
4000
4001 default:
4002 *status = MGMT_STATUS_INVALID_PARAMS;
4003 return false;
4004 }
4005
4006 return true;
41dc2bd6
AG		 4007}
4008
1904a853
MH		 4009static void start_discovery_complete(struct hci_dev *hdev, u8 status,
4010 u16 opcode)
7c307720 4011{
3b0602cd 4012 struct mgmt_pending_cmd *cmd;
11e6e25d 4013 unsigned long timeout;
ae55f598 4014
7c307720
AG		 4015 BT_DBG("status %d", status);
4016
11e6e25d 4017 hci_dev_lock(hdev);
41dc2bd6 4018
333ae95d 4019 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 4020 if (!cmd)
333ae95d 4021 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 4022
11e6e25d 4023 if (cmd) {
2922a94f 4024 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 4025 mgmt_pending_remove(cmd);
4026 }
7c307720
AG		 4027
4028 if (status) {
11e6e25d
MH		 4029 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4030 goto unlock;
7c307720
AG		 4031 }
4032
7c307720 4033 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720 4034
2d28cfe7
JP		 4035 /* If the scan involves LE scan, pick proper timeout to schedule
4036 * hdev->le_scan_disable that will stop it.
4037 */
7c307720
AG		 4038 switch (hdev->discovery.type) {
4039 case DISCOV_TYPE_LE:
3d5a76f0 4040 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 4041 break;
7c307720 4042 case DISCOV_TYPE_INTERLEAVED:
07d2334a
JP		 4043 /* When running simultaneous discovery, the LE scanning time
4044 * should occupy the whole discovery time sine BR/EDR inquiry
4045 * and LE scanning are scheduled by the controller.
4046 *
4047 * For interleaving discovery in comparison, BR/EDR inquiry
4048 * and LE scanning are done sequentially with separate
4049 * timeouts.
4050 */
4051 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
4052 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4053 else
4054 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 4055 break;
7c307720 4056 case DISCOV_TYPE_BREDR:
11e6e25d 4057 timeout = 0;
7c307720 4058 break;
7c307720
AG		 4059 default:
4060 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 4061 timeout = 0;
4062 break;
7c307720 4063 }
ae55f598 4064
2d28cfe7
JP		 4065 if (timeout) {
4066 /* When service discovery is used and the controller has
4067 * a strict duplicate filter, it is important to remember
4068 * the start and duration of the scan. This is required
4069 * for restarting scanning during the discovery phase.
4070 */
4071 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
4072 &hdev->quirks) &&
82f8b651 4073 hdev->discovery.result_filtering) {
2d28cfe7
JP		 4074 hdev->discovery.scan_start = jiffies;
4075 hdev->discovery.scan_duration = timeout;
4076 }
4077
11e6e25d
MH		 4078 queue_delayed_work(hdev->workqueue,
4079 &hdev->le_scan_disable, timeout);
2d28cfe7 4080 }
ae55f598 4081
11e6e25d
MH		 4082unlock:
4083 hci_dev_unlock(hdev);
7c307720
AG		 4084}
4085
bdb6d971 4086static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 4087 void *data, u16 len)
14a53664 4088{
650f726d 4089 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 4090 struct mgmt_pending_cmd *cmd;
7c307720 4091 struct hci_request req;
8019044d 4092 u8 status;
14a53664
JH		 4093 int err;
4094
bdb6d971 4095 BT_DBG("%s", hdev->name);
14a53664 4096
09fd0de5 4097 hci_dev_lock(hdev);
14a53664 4098
4b34ee78 4099 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4100 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4101 MGMT_STATUS_NOT_POWERED,
4102 &cp->type, sizeof(cp->type));
bd2d1334
JH		 4103 goto failed;
4104 }
4105
f5a969f2 4106 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4107 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4108 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4109 MGMT_STATUS_BUSY, &cp->type,
4110 sizeof(cp->type));
642be6c7
AG		 4111 goto failed;
4112 }
4113
2922a94f 4114 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 4115 if (!cmd) {
4116 err = -ENOMEM;
4117 goto failed;
4118 }
4119
2922a94f
JH		 4120 cmd->cmd_complete = generic_cmd_complete;
4121
22078800
MH		 4122 /* Clear the discovery filter first to free any previously
4123 * allocated memory for the UUID list.
4124 */
4125 hci_discovery_filter_clear(hdev);
4126
4aab14e5 4127 hdev->discovery.type = cp->type;
da25cf6a 4128 hdev->discovery.report_invalid_rssi = false;
4aab14e5 4129
7c307720
AG		 4130 hci_req_init(&req, hdev);
4131
8019044d 4132 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4133 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4134 status, &cp->type, sizeof(cp->type));
04106755
JH		 4135 mgmt_pending_remove(cmd);
4136 goto failed;
f39799f5 4137 }
04106755 4138
7c307720 4139 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 4140 if (err < 0) {
14a53664 4141 mgmt_pending_remove(cmd);
f5a969f2
MH		 4142 goto failed;
4143 }
7c307720 4144
f5a969f2 4145 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 4146
14a53664 4147failed:
09fd0de5 4148 hci_dev_unlock(hdev);
14a53664
JH		 4149 return err;
4150}
f39799f5 4151
3b0602cd
JH		 4152static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4153 u8 status)
2922a94f 4154{
2a1afb5a
JH		 4155 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4156 cmd->param, 1);
2922a94f 4157}
04106755 4158
66ea9427
JP		 4159static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4160 void *data, u16 len)
4161{
4162 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 4163 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 4164 struct hci_request req;
4165 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4166 u16 uuid_count, expected_len;
4167 u8 status;
4168 int err;
04106755 4169
66ea9427 4170 BT_DBG("%s", hdev->name);
e8bb6b97 4171
66ea9427 4172 hci_dev_lock(hdev);
7c307720 4173
66ea9427 4174 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4175 err = mgmt_cmd_complete(sk, hdev->id,
4176 MGMT_OP_START_SERVICE_DISCOVERY,
4177 MGMT_STATUS_NOT_POWERED,
4178 &cp->type, sizeof(cp->type));
66ea9427
JP		 4179 goto failed;
4180 }
7c307720 4181
66ea9427 4182 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4183 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4184 err = mgmt_cmd_complete(sk, hdev->id,
4185 MGMT_OP_START_SERVICE_DISCOVERY,
4186 MGMT_STATUS_BUSY, &cp->type,
4187 sizeof(cp->type));
66ea9427
JP		 4188 goto failed;
4189 }
d9483943 4190
66ea9427
JP		 4191 uuid_count = __le16_to_cpu(cp->uuid_count);
4192 if (uuid_count > max_uuid_count) {
4193 BT_ERR("service_discovery: too big uuid_count value %u",
4194 uuid_count);
2a1afb5a
JH		 4195 err = mgmt_cmd_complete(sk, hdev->id,
4196 MGMT_OP_START_SERVICE_DISCOVERY,
4197 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4198 sizeof(cp->type));
66ea9427
JP		 4199 goto failed;
4200 }
4201
4202 expected_len = sizeof(*cp) + uuid_count * 16;
4203 if (expected_len != len) {
4204 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4205 expected_len, len);
2a1afb5a
JH		 4206 err = mgmt_cmd_complete(sk, hdev->id,
4207 MGMT_OP_START_SERVICE_DISCOVERY,
4208 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4209 sizeof(cp->type));
66ea9427
JP		 4210 goto failed;
4211 }
4212
4213 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4214 hdev, data, len);
66ea9427
JP		 4215 if (!cmd) {
4216 err = -ENOMEM;
4217 goto failed;
4218 }
4219
2922a94f
JH		 4220 cmd->cmd_complete = service_discovery_cmd_complete;
4221
22078800
MH		 4222 /* Clear the discovery filter first to free any previously
4223 * allocated memory for the UUID list.
4224 */
4225 hci_discovery_filter_clear(hdev);
4226
82f8b651 4227 hdev->discovery.result_filtering = true;
66ea9427
JP		 4228 hdev->discovery.type = cp->type;
4229 hdev->discovery.rssi = cp->rssi;
4230 hdev->discovery.uuid_count = uuid_count;
4231
4232 if (uuid_count > 0) {
4233 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4234 GFP_KERNEL);
4235 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4236 err = mgmt_cmd_complete(sk, hdev->id,
4237 MGMT_OP_START_SERVICE_DISCOVERY,
4238 MGMT_STATUS_FAILED,
4239 &cp->type, sizeof(cp->type));
d9483943
JH		 4240 mgmt_pending_remove(cmd);
4241 goto failed;
4242 }
66ea9427 4243 }
d9483943 4244
66ea9427 4245 hci_req_init(&req, hdev);
5e0452c0 4246
66ea9427 4247 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4248 err = mgmt_cmd_complete(sk, hdev->id,
4249 MGMT_OP_START_SERVICE_DISCOVERY,
4250 status, &cp->type, sizeof(cp->type));
04106755
JH		 4251 mgmt_pending_remove(cmd);
4252 goto failed;
f39799f5 4253 }
3fd24153 4254
7c307720 4255 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4256 if (err < 0) {
14a53664 4257 mgmt_pending_remove(cmd);
66ea9427
JP		 4258 goto failed;
4259 }
4260
4261 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4262
4263failed:
09fd0de5 4264 hci_dev_unlock(hdev);
14a53664
JH		 4265 return err;
4266}
4267
1904a853 4268static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1183fdca 4269{
3b0602cd 4270 struct mgmt_pending_cmd *cmd;
1183fdca 4271
0e05bba6
AG		 4272 BT_DBG("status %d", status);
4273
4274 hci_dev_lock(hdev);
4275
333ae95d 4276 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 4277 if (cmd) {
2922a94f 4278 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4279 mgmt_pending_remove(cmd);
0e05bba6
AG		 4280 }
4281
11e6e25d
MH		 4282 if (!status)
4283 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4284
0e05bba6
AG		 4285 hci_dev_unlock(hdev);
4286}
4287
bdb6d971 4288static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4289 u16 len)
14a53664 4290{
d930650b 4291 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4292 struct mgmt_pending_cmd *cmd;
0e05bba6 4293 struct hci_request req;
14a53664
JH		 4294 int err;
4295
bdb6d971 4296 BT_DBG("%s", hdev->name);
14a53664 4297
09fd0de5 4298 hci_dev_lock(hdev);
14a53664 4299
30dc78e1 4300 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4301 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4302 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4303 sizeof(mgmt_cp->type));
d930650b
JH		 4304 goto unlock;
4305 }
4306
4307 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4308 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4309 MGMT_STATUS_INVALID_PARAMS,
4310 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4311 goto unlock;
ff9ef578
JH		 4312 }
4313
2922a94f 4314 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4315 if (!cmd) {
4316 err = -ENOMEM;
30dc78e1
JH		 4317 goto unlock;
4318 }
4319
2922a94f
JH		 4320 cmd->cmd_complete = generic_cmd_complete;
4321
0e05bba6
AG		 4322 hci_req_init(&req, hdev);
4323
21a60d30 4324 hci_stop_discovery(&req);
e0d9727e 4325
21a60d30
JH		 4326 err = hci_req_run(&req, stop_discovery_complete);
4327 if (!err) {
4328 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4329 goto unlock;
14a53664
JH		 4330 }
4331
21a60d30
JH		 4332 mgmt_pending_remove(cmd);
4333
4334 /* If no HCI commands were sent we're done */
4335 if (err == -ENODATA) {
2a1afb5a
JH		 4336 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4337 &mgmt_cp->type, sizeof(mgmt_cp->type));
21a60d30
JH		 4338 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4339 }
14a53664 4340
30dc78e1 4341unlock:
09fd0de5 4342 hci_dev_unlock(hdev);
14a53664
JH		 4343 return err;
4344}
4345
bdb6d971 4346static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4347 u16 len)
561aafbc 4348{
650f726d 4349 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4350 struct inquiry_entry *e;
561aafbc
JH		 4351 int err;
4352
bdb6d971 4353 BT_DBG("%s", hdev->name);
561aafbc 4354
561aafbc
JH		 4355 hci_dev_lock(hdev);
4356
30dc78e1 4357 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4358 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4359 MGMT_STATUS_FAILED, &cp->addr,
4360 sizeof(cp->addr));
30dc78e1
JH		 4361 goto failed;
4362 }
4363
a198e7b1 4364 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4365 if (!e) {
2a1afb5a
JH		 4366 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4367 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4368 sizeof(cp->addr));
561aafbc
JH		 4369 goto failed;
4370 }
4371
4372 if (cp->name_known) {
4373 e->name_state = NAME_KNOWN;
4374 list_del(&e->list);
4375 } else {
4376 e->name_state = NAME_NEEDED;
a3d4e20a 4377 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4378 }
4379
2a1afb5a
JH		 4380 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4381 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4382
4383failed:
4384 hci_dev_unlock(hdev);
561aafbc
JH		 4385 return err;
4386}
4387
bdb6d971 4388static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4389 u16 len)
7fbec224 4390{
650f726d 4391 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4392 u8 status;
7fbec224
AJ		 4393 int err;
4394
bdb6d971 4395 BT_DBG("%s", hdev->name);
7fbec224 4396
4ee71b20 4397 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4398 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4399 MGMT_STATUS_INVALID_PARAMS,
4400 &cp->addr, sizeof(cp->addr));
4ee71b20 4401
09fd0de5 4402 hci_dev_lock(hdev);
5e762444 4403
dcc36c16
JH		 4404 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4405 cp->addr.type);
2a8357f2 4406 if (err < 0) {
f0eeea8b 4407 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4408 goto done;
4409 }
4410
4411 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4412 sk);
4413 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4414
2a8357f2 4415done:
2a1afb5a
JH		 4416 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4417 &cp->addr, sizeof(cp->addr));
5e762444 4418
09fd0de5 4419 hci_dev_unlock(hdev);
7fbec224
AJ		 4420
4421 return err;
4422}
4423
bdb6d971 4424static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4425 u16 len)
7fbec224 4426{
650f726d 4427 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4428 u8 status;
7fbec224
AJ		 4429 int err;
4430
bdb6d971 4431 BT_DBG("%s", hdev->name);
7fbec224 4432
4ee71b20 4433 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4434 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4435 MGMT_STATUS_INVALID_PARAMS,
4436 &cp->addr, sizeof(cp->addr));
4ee71b20 4437
09fd0de5 4438 hci_dev_lock(hdev);
5e762444 4439
dcc36c16
JH		 4440 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4441 cp->addr.type);
2a8357f2 4442 if (err < 0) {
f0eeea8b 4443 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4444 goto done;
4445 }
4446
4447 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4448 sk);
4449 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4450
2a8357f2 4451done:
2a1afb5a
JH		 4452 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4453 &cp->addr, sizeof(cp->addr));
5e762444 4454
09fd0de5 4455 hci_dev_unlock(hdev);
7fbec224
AJ		 4456
4457 return err;
4458}
4459
cdbaccca
MH		 4460static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4461 u16 len)
4462{
4463 struct mgmt_cp_set_device_id *cp = data;
890ea898 4464 struct hci_request req;
cdbaccca 4465 int err;
c72d4b8a 4466 __u16 source;
cdbaccca
MH		 4467
4468 BT_DBG("%s", hdev->name);
4469
c72d4b8a
SJ		 4470 source = __le16_to_cpu(cp->source);
4471
4472 if (source > 0x0002)
a69e8375
JH		 4473 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4474 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4475
cdbaccca
MH		 4476 hci_dev_lock(hdev);
4477
c72d4b8a 4478 hdev->devid_source = source;
cdbaccca
MH		 4479 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4480 hdev->devid_product = __le16_to_cpu(cp->product);
4481 hdev->devid_version = __le16_to_cpu(cp->version);
4482
2a1afb5a
JH		 4483 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4484 NULL, 0);
cdbaccca 4485
890ea898
JH		 4486 hci_req_init(&req, hdev);
4487 update_eir(&req);
4488 hci_req_run(&req, NULL);
cdbaccca
MH		 4489
4490 hci_dev_unlock(hdev);
4491
4492 return err;
4493}
4494
24b4f38f
AU		 4495static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4496 u16 opcode)
4497{
4498 BT_DBG("status %d", status);
4499}
4500
1904a853
MH		 4501static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4502 u16 opcode)
4375f103
JH		 4503{
4504 struct cmd_lookup match = { NULL, hdev };
24b4f38f 4505 struct hci_request req;
4375f103 4506
3ad67582
JK		 4507 hci_dev_lock(hdev);
4508
4375f103
JH		 4509 if (status) {
4510 u8 mgmt_err = mgmt_status(status);
4511
4512 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4513 cmd_status_rsp, &mgmt_err);
3ad67582 4514 goto unlock;
4375f103
JH		 4515 }
4516
d7a5a11d 4517 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 4518 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 4519 else
a358dc11 4520 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 4521
4375f103
JH		 4522 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4523 &match);
4524
4525 new_settings(hdev, match.sk);
4526
4527 if (match.sk)
4528 sock_put(match.sk);
3ad67582 4529
24b4f38f
AU		 4530 /* If "Set Advertising" was just disabled and instance advertising was
4531 * set up earlier, then enable the advertising instance.
4532 */
4533 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4534 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
4535 goto unlock;
4536
4537 hci_req_init(&req, hdev);
4538
4539 update_adv_data(&req);
4540 enable_advertising(&req);
4541
4542 if (hci_req_run(&req, enable_advertising_instance) < 0)
4543 BT_ERR("Failed to re-configure advertising");
4544
3ad67582
JK		 4545unlock:
4546 hci_dev_unlock(hdev);
4375f103
JH		 4547}
4548
21b5187f
MH		 4549static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4550 u16 len)
4375f103
JH		 4551{
4552 struct mgmt_mode *cp = data;
3b0602cd 4553 struct mgmt_pending_cmd *cmd;
4375f103 4554 struct hci_request req;
cc91cb04 4555 u8 val, status;
4375f103
JH		 4556 int err;
4557
4558 BT_DBG("request for %s", hdev->name);
4559
e6fe7986
JH		 4560 status = mgmt_le_support(hdev);
4561 if (status)
a69e8375
JH		 4562 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4563 status);
4375f103 4564
cc91cb04 4565 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4566 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4567 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4568
4569 hci_dev_lock(hdev);
4570
4571 val = !!cp->val;
4375f103 4572
f74ca9b8
JH		 4573 /* The following conditions are ones which mean that we should
4574 * not do any HCI communication but directly send a mgmt
4575 * response to user space (after toggling the flag if
4576 * necessary).
4577 */
cc91cb04 4578 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 4579 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4580 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 4581 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 4582 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 4583 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 4584 bool changed;
4375f103 4585
cc91cb04 4586 if (cp->val) {
238be788 4587 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 4588 if (cp->val == 0x02)
a1536da2 4589 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4590 else
a358dc11 4591 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4592 } else {
a69d8927 4593 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 4594 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 4595 }
4596
4597 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4598 if (err < 0)
4599 goto unlock;
4600
4601 if (changed)
4602 err = new_settings(hdev, sk);
4603
4604 goto unlock;
4605 }
4606
333ae95d
JH		 4607 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4608 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4609 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4610 MGMT_STATUS_BUSY);
4375f103
JH		 4611 goto unlock;
4612 }
4613
4614 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4615 if (!cmd) {
4616 err = -ENOMEM;
4617 goto unlock;
4618 }
4619
4620 hci_req_init(&req, hdev);
4621
cc91cb04 4622 if (cp->val == 0x02)
a1536da2 4623 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4624 else
a358dc11 4625 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4626
24b4f38f
AU		 4627 if (val) {
4628 /* Switch to instance "0" for the Set Advertising setting. */
4629 update_adv_data_for_instance(&req, 0);
4117ed70 4630 update_scan_rsp_data_for_instance(&req, 0);
bba3aa55 4631 enable_advertising(&req);
24b4f38f 4632 } else {
bba3aa55 4633 disable_advertising(&req);
24b4f38f 4634 }
4375f103
JH		 4635
4636 err = hci_req_run(&req, set_advertising_complete);
4637 if (err < 0)
4638 mgmt_pending_remove(cmd);
4639
4640unlock:
4641 hci_dev_unlock(hdev);
4642 return err;
4643}
4644
d13eafce
MH		 4645static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4646 void *data, u16 len)
4647{
4648 struct mgmt_cp_set_static_address *cp = data;
4649 int err;
4650
4651 BT_DBG("%s", hdev->name);
4652
62af4443 4653 if (!lmp_le_capable(hdev))
a69e8375
JH		 4654 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4655 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4656
4657 if (hdev_is_powered(hdev))
a69e8375
JH		 4658 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4659 MGMT_STATUS_REJECTED);
d13eafce
MH		 4660
4661 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4662 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4663 return mgmt_cmd_status(sk, hdev->id,
4664 MGMT_OP_SET_STATIC_ADDRESS,
4665 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4666
4667 /* Two most significant bits shall be set */
4668 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4669 return mgmt_cmd_status(sk, hdev->id,
4670 MGMT_OP_SET_STATIC_ADDRESS,
4671 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4672 }
4673
4674 hci_dev_lock(hdev);
4675
4676 bacpy(&hdev->static_addr, &cp->bdaddr);
4677
93690c22
MH		 4678 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4679 if (err < 0)
4680 goto unlock;
4681
4682 err = new_settings(hdev, sk);
d13eafce 4683
93690c22 4684unlock:
d13eafce 4685 hci_dev_unlock(hdev);
d13eafce
MH		 4686 return err;
4687}
4688
14b49b9a
MH		 4689static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4690 void *data, u16 len)
4691{
4692 struct mgmt_cp_set_scan_params *cp = data;
4693 __u16 interval, window;
4694 int err;
4695
4696 BT_DBG("%s", hdev->name);
4697
4698 if (!lmp_le_capable(hdev))
a69e8375
JH		 4699 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4700 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4701
4702 interval = __le16_to_cpu(cp->interval);
4703
4704 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4705 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4706 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4707
4708 window = __le16_to_cpu(cp->window);
4709
4710 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4711 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4712 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4713
899e1075 4714 if (window > interval)
a69e8375
JH		 4715 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4716 MGMT_STATUS_INVALID_PARAMS);
899e1075 4717
14b49b9a
MH		 4718 hci_dev_lock(hdev);
4719
4720 hdev->le_scan_interval = interval;
4721 hdev->le_scan_window = window;
4722
2a1afb5a
JH		 4723 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4724 NULL, 0);
14b49b9a 4725
dd2ef8e2
AG		 4726 /* If background scan is running, restart it so new parameters are
4727 * loaded.
4728 */
d7a5a11d 4729 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4730 hdev->discovery.state == DISCOVERY_STOPPED) {
4731 struct hci_request req;
4732
4733 hci_req_init(&req, hdev);
4734
4735 hci_req_add_le_scan_disable(&req);
4736 hci_req_add_le_passive_scan(&req);
4737
4738 hci_req_run(&req, NULL);
4739 }
4740
14b49b9a
MH		 4741 hci_dev_unlock(hdev);
4742
4743 return err;
4744}
4745
1904a853
MH		 4746static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4747 u16 opcode)
33e38b3e 4748{
3b0602cd 4749 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4750
4751 BT_DBG("status 0x%02x", status);
4752
4753 hci_dev_lock(hdev);
4754
333ae95d 4755 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
33e38b3e
JH		 4756 if (!cmd)
4757 goto unlock;
4758
4759 if (status) {
a69e8375
JH		 4760 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4761 mgmt_status(status));
33e38b3e 4762 } else {
1a4d3c4b
JH		 4763 struct mgmt_mode *cp = cmd->param;
4764
4765 if (cp->val)
a1536da2 4766 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4767 else
a358dc11 4768 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4769
33e38b3e
JH		 4770 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4771 new_settings(hdev, cmd->sk);
4772 }
4773
4774 mgmt_pending_remove(cmd);
4775
4776unlock:
4777 hci_dev_unlock(hdev);
4778}
4779
bdb6d971 4780static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4781 void *data, u16 len)
f6422ec6 4782{
650f726d 4783 struct mgmt_mode *cp = data;
3b0602cd 4784 struct mgmt_pending_cmd *cmd;
33e38b3e 4785 struct hci_request req;
f6422ec6
AJ		 4786 int err;
4787
bdb6d971 4788 BT_DBG("%s", hdev->name);
f6422ec6 4789
d7a5a11d 4790 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4791 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4792 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4793 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4794
a7e80f25 4795 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4796 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4797 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4798
f6422ec6
AJ		 4799 hci_dev_lock(hdev);
4800
333ae95d 4801 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4802 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4803 MGMT_STATUS_BUSY);
05cbf29f
JH		 4804 goto unlock;
4805 }
4806
d7a5a11d 4807 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4808 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4809 hdev);
4810 goto unlock;
4811 }
4812
406ef2a6 4813 if (!hdev_is_powered(hdev)) {
ce05d603 4814 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4815 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4816 hdev);
4817 new_settings(hdev, sk);
4818 goto unlock;
4819 }
4820
33e38b3e
JH		 4821 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4822 data, len);
4823 if (!cmd) {
4824 err = -ENOMEM;
4825 goto unlock;
f6422ec6
AJ		 4826 }
4827
33e38b3e
JH		 4828 hci_req_init(&req, hdev);
4829
406d7804 4830 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4831
4832 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4833 if (err < 0) {
a69e8375
JH		 4834 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4835 MGMT_STATUS_FAILED);
33e38b3e 4836 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4837 }
4838
33e38b3e 4839unlock:
f6422ec6 4840 hci_dev_unlock(hdev);
33e38b3e 4841
f6422ec6
AJ		 4842 return err;
4843}
4844
1904a853 4845static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4846{
3b0602cd 4847 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4848
4849 BT_DBG("status 0x%02x", status);
4850
4851 hci_dev_lock(hdev);
4852
333ae95d 4853 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
0663ca2a
JH		 4854 if (!cmd)
4855 goto unlock;
4856
4857 if (status) {
4858 u8 mgmt_err = mgmt_status(status);
4859
4860 /* We need to restore the flag if related HCI commands
4861 * failed.
4862 */
a358dc11 4863 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4864
a69e8375 4865 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4866 } else {
4867 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4868 new_settings(hdev, cmd->sk);
4869 }
4870
4871 mgmt_pending_remove(cmd);
4872
4873unlock:
4874 hci_dev_unlock(hdev);
4875}
4876
4877static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4878{
4879 struct mgmt_mode *cp = data;
3b0602cd 4880 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4881 struct hci_request req;
4882 int err;
4883
4884 BT_DBG("request for %s", hdev->name);
4885
4886 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4887 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4888 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4889
d7a5a11d 4890 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4891 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4892 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4893
4894 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4895 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4896 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4897
4898 hci_dev_lock(hdev);
4899
d7a5a11d 4900 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4901 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4902 goto unlock;
4903 }
4904
4905 if (!hdev_is_powered(hdev)) {
4906 if (!cp->val) {
a358dc11
MH		 4907 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4908 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4909 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4910 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4911 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4912 }
4913
ce05d603 4914 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4915
4916 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4917 if (err < 0)
4918 goto unlock;
4919
4920 err = new_settings(hdev, sk);
4921 goto unlock;
4922 }
4923
4924 /* Reject disabling when powered on */
4925 if (!cp->val) {
a69e8375
JH		 4926 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4927 MGMT_STATUS_REJECTED);
0663ca2a 4928 goto unlock;
111e4bcc
MH		 4929 } else {
4930 /* When configuring a dual-mode controller to operate
4931 * with LE only and using a static address, then switching
4932 * BR/EDR back on is not allowed.
4933 *
4934 * Dual-mode controllers shall operate with the public
4935 * address as its identity address for BR/EDR and LE. So
4936 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4937 *
4938 * The same restrictions applies when secure connections
4939 * has been enabled. For BR/EDR this is a controller feature
4940 * while for LE it is a host stack feature. This means that
4941 * switching BR/EDR back on when secure connections has been
4942 * enabled is not a supported transaction.
111e4bcc 4943 */
d7a5a11d 4944 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 4945 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 4946 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 4947 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4948 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4949 goto unlock;
4950 }
0663ca2a
JH		 4951 }
4952
333ae95d 4953 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4954 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4955 MGMT_STATUS_BUSY);
0663ca2a
JH		 4956 goto unlock;
4957 }
4958
4959 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4960 if (!cmd) {
4961 err = -ENOMEM;
4962 goto unlock;
4963 }
4964
5947f4bc 4965 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4966 * generates the correct flags.
4967 */
a1536da2 4968 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4969
4970 hci_req_init(&req, hdev);
aa8af46e 4971
432df05e 4972 write_fast_connectable(&req, false);
1d2dc5b7 4973 __hci_update_page_scan(&req);
aa8af46e 4974
f14d8f64
MH		 4975 /* Since only the advertising data flags will change, there
4976 * is no need to update the scan response data.
4977 */
5947f4bc 4978 update_adv_data(&req);
aa8af46e 4979
0663ca2a
JH		 4980 err = hci_req_run(&req, set_bredr_complete);
4981 if (err < 0)
4982 mgmt_pending_remove(cmd);
4983
4984unlock:
4985 hci_dev_unlock(hdev);
4986 return err;
4987}
4988
a1443f5a
JH		 4989static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4990{
3b0602cd 4991 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4992 struct mgmt_mode *cp;
4993
4994 BT_DBG("%s status %u", hdev->name, status);
4995
4996 hci_dev_lock(hdev);
4997
333ae95d 4998 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
a1443f5a
JH		 4999 if (!cmd)
5000 goto unlock;
5001
5002 if (status) {
a69e8375
JH		 5003 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5004 mgmt_status(status));
a1443f5a
JH		 5005 goto remove;
5006 }
5007
5008 cp = cmd->param;
5009
5010 switch (cp->val) {
5011 case 0x00:
a358dc11
MH		 5012 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5013 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5014 break;
5015 case 0x01:
a1536da2 5016 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 5017 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5018 break;
5019 case 0x02:
a1536da2
MH		 5020 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5021 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5022 break;
5023 }
5024
5025 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5026 new_settings(hdev, cmd->sk);
5027
5028remove:
5029 mgmt_pending_remove(cmd);
5030unlock:
5031 hci_dev_unlock(hdev);
5032}
5033
eac83dc6
MH		 5034static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5035 void *data, u16 len)
5036{
5037 struct mgmt_mode *cp = data;
3b0602cd 5038 struct mgmt_pending_cmd *cmd;
a1443f5a 5039 struct hci_request req;
a3209694 5040 u8 val;
eac83dc6
MH		 5041 int err;
5042
5043 BT_DBG("request for %s", hdev->name);
5044
05b3c3e7 5045 if (!lmp_sc_capable(hdev) &&
d7a5a11d 5046 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 5047 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5048 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 5049
d7a5a11d 5050 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 5051 lmp_sc_capable(hdev) &&
d7a5a11d 5052 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 5053 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5054 MGMT_STATUS_REJECTED);
ed93ec69 5055
0ab04a9c 5056 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 5057 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 5058 MGMT_STATUS_INVALID_PARAMS);
5059
5060 hci_dev_lock(hdev);
5061
05b3c3e7 5062 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 5063 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 5064 bool changed;
5065
0ab04a9c 5066 if (cp->val) {
238be788
MH		 5067 changed = !hci_dev_test_and_set_flag(hdev,
5068 HCI_SC_ENABLED);
0ab04a9c 5069 if (cp->val == 0x02)
a1536da2 5070 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5071 else
a358dc11 5072 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5073 } else {
a69d8927
MH		 5074 changed = hci_dev_test_and_clear_flag(hdev,
5075 HCI_SC_ENABLED);
a358dc11 5076 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5077 }
eac83dc6
MH		 5078
5079 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5080 if (err < 0)
5081 goto failed;
5082
5083 if (changed)
5084 err = new_settings(hdev, sk);
5085
5086 goto failed;
5087 }
5088
333ae95d 5089 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 5090 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5091 MGMT_STATUS_BUSY);
eac83dc6
MH		 5092 goto failed;
5093 }
5094
0ab04a9c
MH		 5095 val = !!cp->val;
5096
d7a5a11d
MH		 5097 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5098 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 5099 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5100 goto failed;
5101 }
5102
5103 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5104 if (!cmd) {
5105 err = -ENOMEM;
5106 goto failed;
5107 }
5108
a1443f5a
JH		 5109 hci_req_init(&req, hdev);
5110 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5111 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 5112 if (err < 0) {
5113 mgmt_pending_remove(cmd);
5114 goto failed;
5115 }
5116
5117failed:
5118 hci_dev_unlock(hdev);
5119 return err;
5120}
5121
4e39ac81
MH		 5122static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5123 void *data, u16 len)
5124{
5125 struct mgmt_mode *cp = data;
b9710979 5126 bool changed, use_changed;
4e39ac81
MH		 5127 int err;
5128
5129 BT_DBG("request for %s", hdev->name);
5130
b9710979 5131 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 5132 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5133 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 5134
5135 hci_dev_lock(hdev);
5136
5137 if (cp->val)
238be788 5138 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 5139 else
a69d8927
MH		 5140 changed = hci_dev_test_and_clear_flag(hdev,
5141 HCI_KEEP_DEBUG_KEYS);
4e39ac81 5142
b9710979 5143 if (cp->val == 0x02)
238be788
MH		 5144 use_changed = !hci_dev_test_and_set_flag(hdev,
5145 HCI_USE_DEBUG_KEYS);
b9710979 5146 else
a69d8927
MH		 5147 use_changed = hci_dev_test_and_clear_flag(hdev,
5148 HCI_USE_DEBUG_KEYS);
b9710979
JH		 5149
5150 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 5151 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 5152 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5153 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5154 sizeof(mode), &mode);
5155 }
5156
4e39ac81
MH		 5157 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5158 if (err < 0)
5159 goto unlock;
5160
5161 if (changed)
5162 err = new_settings(hdev, sk);
5163
5164unlock:
5165 hci_dev_unlock(hdev);
5166 return err;
5167}
5168
62b04cd1
JH		 5169static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5170 u16 len)
5171{
5172 struct mgmt_cp_set_privacy *cp = cp_data;
5173 bool changed;
5174 int err;
5175
5176 BT_DBG("request for %s", hdev->name);
5177
5178 if (!lmp_le_capable(hdev))
a69e8375
JH		 5179 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5180 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 5181
5182 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 5183 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5184 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 5185
5186 if (hdev_is_powered(hdev))
a69e8375
JH		 5187 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5188 MGMT_STATUS_REJECTED);
62b04cd1
JH		 5189
5190 hci_dev_lock(hdev);
5191
c21c0ea0
JH		 5192 /* If user space supports this command it is also expected to
5193 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5194 */
a1536da2 5195 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 5196
62b04cd1 5197 if (cp->privacy) {
238be788 5198 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 5199 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 5200 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1 5201 } else {
a69d8927 5202 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 5203 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 5204 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 5205 }
5206
5207 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5208 if (err < 0)
5209 goto unlock;
5210
5211 if (changed)
5212 err = new_settings(hdev, sk);
5213
5214unlock:
5215 hci_dev_unlock(hdev);
5216 return err;
5217}
5218
41edf160
JH		 5219static bool irk_is_valid(struct mgmt_irk_info *irk)
5220{
5221 switch (irk->addr.type) {
5222 case BDADDR_LE_PUBLIC:
5223 return true;
5224
5225 case BDADDR_LE_RANDOM:
5226 /* Two most significant bits shall be set */
5227 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5228 return false;
5229 return true;
5230 }
5231
5232 return false;
5233}
5234
5235static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5236 u16 len)
5237{
5238 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5239 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5240 sizeof(struct mgmt_irk_info));
41edf160
JH		 5241 u16 irk_count, expected_len;
5242 int i, err;
5243
5244 BT_DBG("request for %s", hdev->name);
5245
5246 if (!lmp_le_capable(hdev))
a69e8375
JH		 5247 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5248 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5249
5250 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 5251 if (irk_count > max_irk_count) {
5252 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 5253 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5254 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5255 }
41edf160
JH		 5256
5257 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5258 if (expected_len != len) {
5259 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 5260 expected_len, len);
a69e8375
JH		 5261 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5262 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5263 }
5264
5265 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5266
5267 for (i = 0; i < irk_count; i++) {
5268 struct mgmt_irk_info *key = &cp->irks[i];
5269
5270 if (!irk_is_valid(key))
a69e8375
JH		 5271 return mgmt_cmd_status(sk, hdev->id,
5272 MGMT_OP_LOAD_IRKS,
5273 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5274 }
5275
5276 hci_dev_lock(hdev);
5277
5278 hci_smp_irks_clear(hdev);
5279
5280 for (i = 0; i < irk_count; i++) {
5281 struct mgmt_irk_info *irk = &cp->irks[i];
5282 u8 addr_type;
5283
5284 if (irk->addr.type == BDADDR_LE_PUBLIC)
5285 addr_type = ADDR_LE_DEV_PUBLIC;
5286 else
5287 addr_type = ADDR_LE_DEV_RANDOM;
5288
5289 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5290 BDADDR_ANY);
5291 }
5292
a1536da2 5293 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 5294
2a1afb5a 5295 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5296
5297 hci_dev_unlock(hdev);
5298
5299 return err;
5300}
5301
3f706b72
JH		 5302static bool ltk_is_valid(struct mgmt_ltk_info *key)
5303{
5304 if (key->master != 0x00 && key->master != 0x01)
5305 return false;
490cb0b3
MH		 5306
5307 switch (key->addr.type) {
5308 case BDADDR_LE_PUBLIC:
5309 return true;
5310
5311 case BDADDR_LE_RANDOM:
5312 /* Two most significant bits shall be set */
5313 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5314 return false;
5315 return true;
5316 }
5317
5318 return false;
3f706b72
JH		 5319}
5320
bdb6d971 5321static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5322 void *cp_data, u16 len)
346af67b 5323{
346af67b 5324 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5325 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5326 sizeof(struct mgmt_ltk_info));
346af67b 5327 u16 key_count, expected_len;
715a5bf2 5328 int i, err;
346af67b 5329
cf99ba13
MH		 5330 BT_DBG("request for %s", hdev->name);
5331
5332 if (!lmp_le_capable(hdev))
a69e8375
JH		 5333 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5334 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5335
1f350c87 5336 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5337 if (key_count > max_key_count) {
5338 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 5339 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5340 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5341 }
346af67b
VCG		 5342
5343 expected_len = sizeof(*cp) + key_count *
5344 sizeof(struct mgmt_ltk_info);
5345 if (expected_len != len) {
5346 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5347 expected_len, len);
a69e8375
JH		 5348 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5349 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5350 }
5351
bdb6d971 5352 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5353
54ad6d8a
JH		 5354 for (i = 0; i < key_count; i++) {
5355 struct mgmt_ltk_info *key = &cp->keys[i];
5356
3f706b72 5357 if (!ltk_is_valid(key))
a69e8375
JH		 5358 return mgmt_cmd_status(sk, hdev->id,
5359 MGMT_OP_LOAD_LONG_TERM_KEYS,
5360 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5361 }
5362
346af67b
VCG		 5363 hci_dev_lock(hdev);
5364
5365 hci_smp_ltks_clear(hdev);
5366
5367 for (i = 0; i < key_count; i++) {
5368 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5369 u8 type, addr_type, authenticated;
79d95a19
MH		 5370
5371 if (key->addr.type == BDADDR_LE_PUBLIC)
5372 addr_type = ADDR_LE_DEV_PUBLIC;
5373 else
5374 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5375
61b43357
JH		 5376 switch (key->type) {
5377 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5378 authenticated = 0x00;
23fb8de3 5379 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5380 break;
5381 case MGMT_LTK_AUTHENTICATED:
d7b25450 5382 authenticated = 0x01;
23fb8de3
JH		 5383 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5384 break;
5385 case MGMT_LTK_P256_UNAUTH:
5386 authenticated = 0x00;
5387 type = SMP_LTK_P256;
61b43357 5388 break;
23fb8de3
JH		 5389 case MGMT_LTK_P256_AUTH:
5390 authenticated = 0x01;
5391 type = SMP_LTK_P256;
61b43357 5392 break;
23fb8de3
JH		 5393 case MGMT_LTK_P256_DEBUG:
5394 authenticated = 0x00;
5395 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5396 default:
5397 continue;
5398 }
d7b25450 5399
35d70271 5400 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5401 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5402 key->rand);
346af67b
VCG		 5403 }
5404
2a1afb5a 5405 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5406 NULL, 0);
5407
346af67b 5408 hci_dev_unlock(hdev);
346af67b 5409
715a5bf2 5410 return err;
346af67b
VCG		 5411}
5412
3b0602cd 5413static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5414{
dd983808 5415 struct hci_conn *conn = cmd->user_data;
9981bdb0 5416 struct mgmt_rp_get_conn_info rp;
9df74653 5417 int err;
dd983808 5418
9981bdb0 5419 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5420
9981bdb0 5421 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5422 rp.rssi = conn->rssi;
9981bdb0
JH		 5423 rp.tx_power = conn->tx_power;
5424 rp.max_tx_power = conn->max_tx_power;
5425 } else {
5426 rp.rssi = HCI_RSSI_INVALID;
5427 rp.tx_power = HCI_TX_POWER_INVALID;
5428 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5429 }
5430
2a1afb5a
JH		 5431 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5432 status, &rp, sizeof(rp));
dd983808
AK		 5433
5434 hci_conn_drop(conn);
f8aaf9b6 5435 hci_conn_put(conn);
9df74653
JH		 5436
5437 return err;
dd983808
AK		 5438}
5439
1904a853
MH		 5440static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5441 u16 opcode)
dd983808
AK		 5442{
5443 struct hci_cp_read_rssi *cp;
3b0602cd 5444 struct mgmt_pending_cmd *cmd;
dd983808 5445 struct hci_conn *conn;
dd983808 5446 u16 handle;
9981bdb0 5447 u8 status;
dd983808 5448
9981bdb0 5449 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5450
5451 hci_dev_lock(hdev);
5452
dd983808
AK		 5453 /* Commands sent in request are either Read RSSI or Read Transmit Power
5454 * Level so we check which one was last sent to retrieve connection
5455 * handle. Both commands have handle as first parameter so it's safe to
5456 * cast data on the same command struct.
5457 *
5458 * First command sent is always Read RSSI and we fail only if it fails.
5459 * In other case we simply override error to indicate success as we
5460 * already remembered if TX power value is actually valid.
5461 */
5462 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5463 if (!cp) {
5464 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5465 status = MGMT_STATUS_SUCCESS;
5466 } else {
5467 status = mgmt_status(hci_status);
dd983808
AK		 5468 }
5469
5470 if (!cp) {
9981bdb0 5471 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5472 goto unlock;
5473 }
5474
5475 handle = __le16_to_cpu(cp->handle);
5476 conn = hci_conn_hash_lookup_handle(hdev, handle);
5477 if (!conn) {
9981bdb0 5478 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5479 goto unlock;
5480 }
5481
333ae95d 5482 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
9981bdb0
JH		 5483 if (!cmd)
5484 goto unlock;
dd983808 5485
9981bdb0
JH		 5486 cmd->cmd_complete(cmd, status);
5487 mgmt_pending_remove(cmd);
dd983808
AK		 5488
5489unlock:
5490 hci_dev_unlock(hdev);
5491}
5492
5493static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5494 u16 len)
5495{
5496 struct mgmt_cp_get_conn_info *cp = data;
5497 struct mgmt_rp_get_conn_info rp;
5498 struct hci_conn *conn;
5499 unsigned long conn_info_age;
5500 int err = 0;
5501
5502 BT_DBG("%s", hdev->name);
5503
5504 memset(&rp, 0, sizeof(rp));
5505 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5506 rp.addr.type = cp->addr.type;
5507
5508 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5509 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5510 MGMT_STATUS_INVALID_PARAMS,
5511 &rp, sizeof(rp));
dd983808
AK		 5512
5513 hci_dev_lock(hdev);
5514
5515 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5516 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5517 MGMT_STATUS_NOT_POWERED, &rp,
5518 sizeof(rp));
dd983808
AK		 5519 goto unlock;
5520 }
5521
5522 if (cp->addr.type == BDADDR_BREDR)
5523 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5524 &cp->addr.bdaddr);
5525 else
5526 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5527
5528 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5529 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5530 MGMT_STATUS_NOT_CONNECTED, &rp,
5531 sizeof(rp));
dd983808
AK		 5532 goto unlock;
5533 }
5534
333ae95d 5535 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5536 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5537 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5538 goto unlock;
5539 }
5540
dd983808
AK		 5541 /* To avoid client trying to guess when to poll again for information we
5542 * calculate conn info age as random value between min/max set in hdev.
5543 */
5544 conn_info_age = hdev->conn_info_min_age +
5545 prandom_u32_max(hdev->conn_info_max_age -
5546 hdev->conn_info_min_age);
5547
5548 /* Query controller to refresh cached values if they are too old or were
5549 * never read.
5550 */
f4e2dd53
AK		 5551 if (time_after(jiffies, conn->conn_info_timestamp +
5552 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5553 !conn->conn_info_timestamp) {
5554 struct hci_request req;
5555 struct hci_cp_read_tx_power req_txp_cp;
5556 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5557 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5558
5559 hci_req_init(&req, hdev);
5560 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5561 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5562 &req_rssi_cp);
5563
f7faab0c
AK		 5564 /* For LE links TX power does not change thus we don't need to
5565 * query for it once value is known.
5566 */
5567 if (!bdaddr_type_is_le(cp->addr.type) ||
5568 conn->tx_power == HCI_TX_POWER_INVALID) {
5569 req_txp_cp.handle = cpu_to_le16(conn->handle);
5570 req_txp_cp.type = 0x00;
5571 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5572 sizeof(req_txp_cp), &req_txp_cp);
5573 }
dd983808 5574
eed5daf3
AK		 5575 /* Max TX power needs to be read only once per connection */
5576 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5577 req_txp_cp.handle = cpu_to_le16(conn->handle);
5578 req_txp_cp.type = 0x01;
5579 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5580 sizeof(req_txp_cp), &req_txp_cp);
5581 }
5582
dd983808
AK		 5583 err = hci_req_run(&req, conn_info_refresh_complete);
5584 if (err < 0)
5585 goto unlock;
5586
5587 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5588 data, len);
5589 if (!cmd) {
5590 err = -ENOMEM;
5591 goto unlock;
5592 }
5593
5594 hci_conn_hold(conn);
f8aaf9b6 5595 cmd->user_data = hci_conn_get(conn);
9981bdb0 5596 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5597
5598 conn->conn_info_timestamp = jiffies;
5599 } else {
5600 /* Cache is valid, just reply with values cached in hci_conn */
5601 rp.rssi = conn->rssi;
5602 rp.tx_power = conn->tx_power;
eed5daf3 5603 rp.max_tx_power = conn->max_tx_power;
dd983808 5604
2a1afb5a
JH		 5605 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5606 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5607 }
5608
5609unlock:
5610 hci_dev_unlock(hdev);
5611 return err;
5612}
5613
3b0602cd 5614static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5615{
69487371 5616 struct hci_conn *conn = cmd->user_data;
95868426 5617 struct mgmt_rp_get_clock_info rp;
69487371 5618 struct hci_dev *hdev;
9df74653 5619 int err;
69487371
JH		 5620
5621 memset(&rp, 0, sizeof(rp));
5622 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5623
5624 if (status)
5625 goto complete;
5626
5627 hdev = hci_dev_get(cmd->index);
5628 if (hdev) {
5629 rp.local_clock = cpu_to_le32(hdev->clock);
5630 hci_dev_put(hdev);
5631 }
5632
5633 if (conn) {
5634 rp.piconet_clock = cpu_to_le32(conn->clock);
5635 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5636 }
5637
5638complete:
2a1afb5a
JH		 5639 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5640 sizeof(rp));
69487371
JH		 5641
5642 if (conn) {
5643 hci_conn_drop(conn);
5644 hci_conn_put(conn);
5645 }
9df74653
JH		 5646
5647 return err;
69487371
JH		 5648}
5649
1904a853 5650static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5651{
95868426 5652 struct hci_cp_read_clock *hci_cp;
3b0602cd 5653 struct mgmt_pending_cmd *cmd;
95868426
JH		 5654 struct hci_conn *conn;
5655
5656 BT_DBG("%s status %u", hdev->name, status);
5657
5658 hci_dev_lock(hdev);
5659
5660 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5661 if (!hci_cp)
5662 goto unlock;
5663
5664 if (hci_cp->which) {
5665 u16 handle = __le16_to_cpu(hci_cp->handle);
5666 conn = hci_conn_hash_lookup_handle(hdev, handle);
5667 } else {
5668 conn = NULL;
5669 }
5670
333ae95d 5671 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
95868426
JH		 5672 if (!cmd)
5673 goto unlock;
5674
69487371 5675 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5676 mgmt_pending_remove(cmd);
95868426
JH		 5677
5678unlock:
5679 hci_dev_unlock(hdev);
5680}
5681
5682static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5683 u16 len)
5684{
5685 struct mgmt_cp_get_clock_info *cp = data;
5686 struct mgmt_rp_get_clock_info rp;
5687 struct hci_cp_read_clock hci_cp;
3b0602cd 5688 struct mgmt_pending_cmd *cmd;
95868426
JH		 5689 struct hci_request req;
5690 struct hci_conn *conn;
5691 int err;
5692
5693 BT_DBG("%s", hdev->name);
5694
5695 memset(&rp, 0, sizeof(rp));
5696 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5697 rp.addr.type = cp->addr.type;
5698
5699 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5700 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5701 MGMT_STATUS_INVALID_PARAMS,
5702 &rp, sizeof(rp));
95868426
JH		 5703
5704 hci_dev_lock(hdev);
5705
5706 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5707 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5708 MGMT_STATUS_NOT_POWERED, &rp,
5709 sizeof(rp));
95868426
JH		 5710 goto unlock;
5711 }
5712
5713 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5714 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5715 &cp->addr.bdaddr);
5716 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5717 err = mgmt_cmd_complete(sk, hdev->id,
5718 MGMT_OP_GET_CLOCK_INFO,
5719 MGMT_STATUS_NOT_CONNECTED,
5720 &rp, sizeof(rp));
95868426
JH		 5721 goto unlock;
5722 }
5723 } else {
5724 conn = NULL;
5725 }
5726
5727 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5728 if (!cmd) {
5729 err = -ENOMEM;
5730 goto unlock;
5731 }
5732
69487371
JH		 5733 cmd->cmd_complete = clock_info_cmd_complete;
5734
95868426
JH		 5735 hci_req_init(&req, hdev);
5736
5737 memset(&hci_cp, 0, sizeof(hci_cp));
5738 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5739
5740 if (conn) {
5741 hci_conn_hold(conn);
f8aaf9b6 5742 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5743
5744 hci_cp.handle = cpu_to_le16(conn->handle);
5745 hci_cp.which = 0x01; /* Piconet clock */
5746 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5747 }
5748
5749 err = hci_req_run(&req, get_clock_info_complete);
5750 if (err < 0)
5751 mgmt_pending_remove(cmd);
5752
5753unlock:
5754 hci_dev_unlock(hdev);
5755 return err;
5756}
5757
5a154e6f
JH		 5758static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5759{
5760 struct hci_conn *conn;
5761
5762 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5763 if (!conn)
5764 return false;
5765
5766 if (conn->dst_type != type)
5767 return false;
5768
5769 if (conn->state != BT_CONNECTED)
5770 return false;
5771
5772 return true;
5773}
5774
5775/* This function requires the caller holds hdev->lock */
5776static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5777 u8 addr_type, u8 auto_connect)
5778{
5779 struct hci_dev *hdev = req->hdev;
5780 struct hci_conn_params *params;
5781
5782 params = hci_conn_params_add(hdev, addr, addr_type);
5783 if (!params)
5784 return -EIO;
5785
5786 if (params->auto_connect == auto_connect)
5787 return 0;
5788
5789 list_del_init(&params->action);
5790
5791 switch (auto_connect) {
5792 case HCI_AUTO_CONN_DISABLED:
5793 case HCI_AUTO_CONN_LINK_LOSS:
5794 __hci_update_background_scan(req);
5795 break;
5796 case HCI_AUTO_CONN_REPORT:
5797 list_add(&params->action, &hdev->pend_le_reports);
5798 __hci_update_background_scan(req);
5799 break;
5800 case HCI_AUTO_CONN_DIRECT:
5801 case HCI_AUTO_CONN_ALWAYS:
5802 if (!is_connected(hdev, addr, addr_type)) {
5803 list_add(&params->action, &hdev->pend_le_conns);
5804 __hci_update_background_scan(req);
5805 }
5806 break;
5807 }
5808
5809 params->auto_connect = auto_connect;
5810
5811 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5812 auto_connect);
5813
5814 return 0;
5815}
5816
8afef092
MH		 5817static void device_added(struct sock *sk, struct hci_dev *hdev,
5818 bdaddr_t *bdaddr, u8 type, u8 action)
5819{
5820 struct mgmt_ev_device_added ev;
5821
5822 bacpy(&ev.addr.bdaddr, bdaddr);
5823 ev.addr.type = type;
5824 ev.action = action;
5825
5826 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5827}
5828
1904a853 5829static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5a154e6f 5830{
3b0602cd 5831 struct mgmt_pending_cmd *cmd;
5a154e6f
JH		 5832
5833 BT_DBG("status 0x%02x", status);
5834
5835 hci_dev_lock(hdev);
5836
333ae95d 5837 cmd = pending_find(MGMT_OP_ADD_DEVICE, hdev);
5a154e6f
JH		 5838 if (!cmd)
5839 goto unlock;
5840
5841 cmd->cmd_complete(cmd, mgmt_status(status));
5842 mgmt_pending_remove(cmd);
5843
5844unlock:
5845 hci_dev_unlock(hdev);
5846}
5847
2faade53
MH		 5848static int add_device(struct sock *sk, struct hci_dev *hdev,
5849 void *data, u16 len)
5850{
5851 struct mgmt_cp_add_device *cp = data;
3b0602cd 5852 struct mgmt_pending_cmd *cmd;
5a154e6f 5853 struct hci_request req;
2faade53
MH		 5854 u8 auto_conn, addr_type;
5855 int err;
5856
5857 BT_DBG("%s", hdev->name);
5858
6659358e 5859 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5860 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5861 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5862 MGMT_STATUS_INVALID_PARAMS,
5863 &cp->addr, sizeof(cp->addr));
2faade53 5864
4b9e7e75 5865 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5866 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5867 MGMT_STATUS_INVALID_PARAMS,
5868 &cp->addr, sizeof(cp->addr));
2faade53 5869
5a154e6f
JH		 5870 hci_req_init(&req, hdev);
5871
2faade53
MH		 5872 hci_dev_lock(hdev);
5873
5a154e6f
JH		 5874 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5875 if (!cmd) {
5876 err = -ENOMEM;
5877 goto unlock;
5878 }
5879
5880 cmd->cmd_complete = addr_cmd_complete;
5881
6659358e 5882 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5883 /* Only incoming connections action is supported for now */
6659358e 5884 if (cp->action != 0x01) {
9df74653
JH		 5885 err = cmd->cmd_complete(cmd,
5886 MGMT_STATUS_INVALID_PARAMS);
5a154e6f 5887 mgmt_pending_remove(cmd);
6659358e
JH		 5888 goto unlock;
5889 }
5890
5891 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5892 cp->addr.type);
5893 if (err)
5894 goto unlock;
a397407f 5895
5a154e6f 5896 __hci_update_page_scan(&req);
a397407f 5897
6659358e
JH		 5898 goto added;
5899 }
5900
2faade53
MH		 5901 if (cp->addr.type == BDADDR_LE_PUBLIC)
5902 addr_type = ADDR_LE_DEV_PUBLIC;
5903 else
5904 addr_type = ADDR_LE_DEV_RANDOM;
5905
4b9e7e75 5906 if (cp->action == 0x02)
2faade53 5907 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5908 else if (cp->action == 0x01)
5909 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5910 else
a3451d27 5911 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5912
bf5b3c8b
MH		 5913 /* If the connection parameters don't exist for this device,
5914 * they will be created and configured with defaults.
5915 */
5a154e6f 5916 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
d06b50ce 5917 auto_conn) < 0) {
9df74653 5918 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5a154e6f 5919 mgmt_pending_remove(cmd);
2faade53
MH		 5920 goto unlock;
5921 }
5922
6659358e 5923added:
8afef092
MH		 5924 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5925
5a154e6f
JH		 5926 err = hci_req_run(&req, add_device_complete);
5927 if (err < 0) {
5928 /* ENODATA means no HCI commands were needed (e.g. if
5929 * the adapter is powered off).
5930 */
9df74653
JH		 5931 if (err == -ENODATA)
5932 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5a154e6f
JH		 5933 mgmt_pending_remove(cmd);
5934 }
2faade53
MH		 5935
5936unlock:
5937 hci_dev_unlock(hdev);
5938 return err;
5939}
5940
8afef092
MH		 5941static void device_removed(struct sock *sk, struct hci_dev *hdev,
5942 bdaddr_t *bdaddr, u8 type)
5943{
5944 struct mgmt_ev_device_removed ev;
5945
5946 bacpy(&ev.addr.bdaddr, bdaddr);
5947 ev.addr.type = type;
5948
5949 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5950}
5951
1904a853 5952static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
51ef3ebe 5953{
3b0602cd 5954 struct mgmt_pending_cmd *cmd;
51ef3ebe
JH		 5955
5956 BT_DBG("status 0x%02x", status);
5957
5958 hci_dev_lock(hdev);
5959
333ae95d 5960 cmd = pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
51ef3ebe
JH		 5961 if (!cmd)
5962 goto unlock;
5963
5964 cmd->cmd_complete(cmd, mgmt_status(status));
5965 mgmt_pending_remove(cmd);
5966
5967unlock:
5968 hci_dev_unlock(hdev);
5969}
5970
2faade53
MH		 5971static int remove_device(struct sock *sk, struct hci_dev *hdev,
5972 void *data, u16 len)
5973{
5974 struct mgmt_cp_remove_device *cp = data;
3b0602cd 5975 struct mgmt_pending_cmd *cmd;
51ef3ebe 5976 struct hci_request req;
2faade53
MH		 5977 int err;
5978
5979 BT_DBG("%s", hdev->name);
5980
51ef3ebe
JH		 5981 hci_req_init(&req, hdev);
5982
2faade53
MH		 5983 hci_dev_lock(hdev);
5984
51ef3ebe
JH		 5985 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5986 if (!cmd) {
5987 err = -ENOMEM;
5988 goto unlock;
5989 }
5990
5991 cmd->cmd_complete = addr_cmd_complete;
5992
2faade53 5993 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5994 struct hci_conn_params *params;
2faade53
MH		 5995 u8 addr_type;
5996
6659358e 5997 if (!bdaddr_type_is_valid(cp->addr.type)) {
9df74653
JH		 5998 err = cmd->cmd_complete(cmd,
5999 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6000 mgmt_pending_remove(cmd);
2faade53
MH		 6001 goto unlock;
6002 }
6003
6659358e
JH		 6004 if (cp->addr.type == BDADDR_BREDR) {
6005 err = hci_bdaddr_list_del(&hdev->whitelist,
6006 &cp->addr.bdaddr,
6007 cp->addr.type);
6008 if (err) {
9df74653
JH		 6009 err = cmd->cmd_complete(cmd,
6010 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6011 mgmt_pending_remove(cmd);
6659358e
JH		 6012 goto unlock;
6013 }
6014
51ef3ebe 6015 __hci_update_page_scan(&req);
a397407f 6016
6659358e
JH		 6017 device_removed(sk, hdev, &cp->addr.bdaddr,
6018 cp->addr.type);
6019 goto complete;
6020 }
6021
2faade53
MH		 6022 if (cp->addr.type == BDADDR_LE_PUBLIC)
6023 addr_type = ADDR_LE_DEV_PUBLIC;
6024 else
6025 addr_type = ADDR_LE_DEV_RANDOM;
6026
c71593dd
JH		 6027 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6028 addr_type);
6029 if (!params) {
9df74653
JH		 6030 err = cmd->cmd_complete(cmd,
6031 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6032 mgmt_pending_remove(cmd);
c71593dd
JH		 6033 goto unlock;
6034 }
6035
6036 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
9df74653
JH		 6037 err = cmd->cmd_complete(cmd,
6038 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6039 mgmt_pending_remove(cmd);
c71593dd
JH		 6040 goto unlock;
6041 }
6042
d1dbf12e 6043 list_del(&params->action);
c71593dd
JH		 6044 list_del(&params->list);
6045 kfree(params);
51ef3ebe 6046 __hci_update_background_scan(&req);
8afef092
MH		 6047
6048 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 6049 } else {
19de0825 6050 struct hci_conn_params *p, *tmp;
6659358e 6051 struct bdaddr_list *b, *btmp;
19de0825 6052
2faade53 6053 if (cp->addr.type) {
9df74653
JH		 6054 err = cmd->cmd_complete(cmd,
6055 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6056 mgmt_pending_remove(cmd);
2faade53
MH		 6057 goto unlock;
6058 }
6059
6659358e
JH		 6060 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6061 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6062 list_del(&b->list);
6063 kfree(b);
6064 }
6065
51ef3ebe 6066 __hci_update_page_scan(&req);
a397407f 6067
19de0825
JH		 6068 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6069 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6070 continue;
6071 device_removed(sk, hdev, &p->addr, p->addr_type);
6072 list_del(&p->action);
6073 list_del(&p->list);
6074 kfree(p);
6075 }
6076
6077 BT_DBG("All LE connection parameters were removed");
6078
51ef3ebe 6079 __hci_update_background_scan(&req);
2faade53
MH		 6080 }
6081
6659358e 6082complete:
51ef3ebe
JH		 6083 err = hci_req_run(&req, remove_device_complete);
6084 if (err < 0) {
6085 /* ENODATA means no HCI commands were needed (e.g. if
6086 * the adapter is powered off).
6087 */
9df74653
JH		 6088 if (err == -ENODATA)
6089 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
51ef3ebe
JH		 6090 mgmt_pending_remove(cmd);
6091 }
2faade53
MH		 6092
6093unlock:
6094 hci_dev_unlock(hdev);
6095 return err;
6096}
6097
a26f3dcf
JH		 6098static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6099 u16 len)
6100{
6101 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 6102 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6103 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 6104 u16 param_count, expected_len;
6105 int i;
6106
6107 if (!lmp_le_capable(hdev))
a69e8375
JH		 6108 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6109 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 6110
6111 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 6112 if (param_count > max_param_count) {
6113 BT_ERR("load_conn_param: too big param_count value %u",
6114 param_count);
a69e8375
JH		 6115 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6116 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 6117 }
a26f3dcf
JH		 6118
6119 expected_len = sizeof(*cp) + param_count *
6120 sizeof(struct mgmt_conn_param);
6121 if (expected_len != len) {
6122 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6123 expected_len, len);
a69e8375
JH		 6124 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6125 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 6126 }
6127
6128 BT_DBG("%s param_count %u", hdev->name, param_count);
6129
6130 hci_dev_lock(hdev);
6131
6132 hci_conn_params_clear_disabled(hdev);
6133
6134 for (i = 0; i < param_count; i++) {
6135 struct mgmt_conn_param *param = &cp->params[i];
6136 struct hci_conn_params *hci_param;
6137 u16 min, max, latency, timeout;
6138 u8 addr_type;
6139
6140 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
6141 param->addr.type);
6142
6143 if (param->addr.type == BDADDR_LE_PUBLIC) {
6144 addr_type = ADDR_LE_DEV_PUBLIC;
6145 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6146 addr_type = ADDR_LE_DEV_RANDOM;
6147 } else {
6148 BT_ERR("Ignoring invalid connection parameters");
6149 continue;
6150 }
6151
6152 min = le16_to_cpu(param->min_interval);
6153 max = le16_to_cpu(param->max_interval);
6154 latency = le16_to_cpu(param->latency);
6155 timeout = le16_to_cpu(param->timeout);
6156
6157 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6158 min, max, latency, timeout);
6159
6160 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6161 BT_ERR("Ignoring invalid connection parameters");
6162 continue;
6163 }
6164
6165 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
6166 addr_type);
6167 if (!hci_param) {
6168 BT_ERR("Failed to add connection parameters");
6169 continue;
6170 }
6171
6172 hci_param->conn_min_interval = min;
6173 hci_param->conn_max_interval = max;
6174 hci_param->conn_latency = latency;
6175 hci_param->supervision_timeout = timeout;
6176 }
6177
6178 hci_dev_unlock(hdev);
6179
2a1afb5a
JH		 6180 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6181 NULL, 0);
a26f3dcf
JH		 6182}
6183
dbece37a
MH		 6184static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6185 void *data, u16 len)
6186{
6187 struct mgmt_cp_set_external_config *cp = data;
6188 bool changed;
6189 int err;
6190
6191 BT_DBG("%s", hdev->name);
6192
6193 if (hdev_is_powered(hdev))
a69e8375
JH		 6194 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6195 MGMT_STATUS_REJECTED);
dbece37a
MH		 6196
6197 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 6198 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6199 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 6200
6201 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 6202 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6203 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 6204
6205 hci_dev_lock(hdev);
6206
6207 if (cp->config)
238be788 6208 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 6209 else
a69d8927 6210 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 6211
6212 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6213 if (err < 0)
6214 goto unlock;
6215
6216 if (!changed)
6217 goto unlock;
6218
f4537c04
MH		 6219 err = new_options(hdev, sk);
6220
d7a5a11d 6221 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 6222 mgmt_index_removed(hdev);
d603b76b 6223
516018a9 6224 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 6225 hci_dev_set_flag(hdev, HCI_CONFIG);
6226 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 6227
6228 queue_work(hdev->req_workqueue, &hdev->power_on);
6229 } else {
5ea234d3 6230 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6231 mgmt_index_added(hdev);
6232 }
dbece37a
MH		 6233 }
6234
6235unlock:
6236 hci_dev_unlock(hdev);
6237 return err;
6238}
6239
9713c17b
MH		 6240static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6241 void *data, u16 len)
6242{
6243 struct mgmt_cp_set_public_address *cp = data;
6244 bool changed;
6245 int err;
6246
6247 BT_DBG("%s", hdev->name);
6248
6249 if (hdev_is_powered(hdev))
a69e8375
JH		 6250 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6251 MGMT_STATUS_REJECTED);
9713c17b
MH		 6252
6253 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 6254 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6255 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 6256
6257 if (!hdev->set_bdaddr)
a69e8375
JH		 6258 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6259 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 6260
6261 hci_dev_lock(hdev);
6262
6263 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6264 bacpy(&hdev->public_addr, &cp->bdaddr);
6265
6266 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6267 if (err < 0)
6268 goto unlock;
6269
6270 if (!changed)
6271 goto unlock;
6272
d7a5a11d 6273 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 6274 err = new_options(hdev, sk);
6275
6276 if (is_configured(hdev)) {
6277 mgmt_index_removed(hdev);
6278
a358dc11 6279 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 6280
a1536da2
MH		 6281 hci_dev_set_flag(hdev, HCI_CONFIG);
6282 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 6283
6284 queue_work(hdev->req_workqueue, &hdev->power_on);
6285 }
6286
6287unlock:
6288 hci_dev_unlock(hdev);
6289 return err;
6290}
6291
bea41609
MH		 6292static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6293 u8 data_len)
6294{
6295 eir[eir_len++] = sizeof(type) + data_len;
6296 eir[eir_len++] = type;
6297 memcpy(&eir[eir_len], data, data_len);
6298 eir_len += data_len;
6299
6300 return eir_len;
6301}
6302
4f0f155c
MH		 6303static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6304 void *data, u16 data_len)
6305{
6306 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6307 struct mgmt_rp_read_local_oob_ext_data *rp;
6308 size_t rp_len;
6309 u16 eir_len;
0821a2c5 6310 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 6311 int err;
6312
6313 BT_DBG("%s", hdev->name);
6314
6315 if (!hdev_is_powered(hdev))
6316 return mgmt_cmd_complete(sk, hdev->id,
6317 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6318 MGMT_STATUS_NOT_POWERED,
6319 &cp->type, sizeof(cp->type));
6320
6321 switch (cp->type) {
6322 case BIT(BDADDR_BREDR):
6323 status = mgmt_bredr_support(hdev);
6324 if (status)
6325 return mgmt_cmd_complete(sk, hdev->id,
6326 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6327 status, &cp->type,
6328 sizeof(cp->type));
6329 eir_len = 5;
6330 break;
6331 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6332 status = mgmt_le_support(hdev);
6333 if (status)
6334 return mgmt_cmd_complete(sk, hdev->id,
6335 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6336 status, &cp->type,
6337 sizeof(cp->type));
0821a2c5 6338 eir_len = 9 + 3 + 18 + 18 + 3;
4f0f155c
MH		 6339 break;
6340 default:
6341 return mgmt_cmd_complete(sk, hdev->id,
6342 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6343 MGMT_STATUS_INVALID_PARAMS,
6344 &cp->type, sizeof(cp->type));
6345 }
6346
6347 hci_dev_lock(hdev);
6348
6349 rp_len = sizeof(*rp) + eir_len;
6350 rp = kmalloc(rp_len, GFP_ATOMIC);
6351 if (!rp) {
6352 hci_dev_unlock(hdev);
6353 return -ENOMEM;
6354 }
6355
6356 eir_len = 0;
6357 switch (cp->type) {
6358 case BIT(BDADDR_BREDR):
6359 eir_len = eir_append_data(rp->eir, eir_len, EIR_CLASS_OF_DEV,
6360 hdev->dev_class, 3);
6361 break;
6362 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 6363 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6364 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5
MH		 6365 hci_dev_unlock(hdev);
6366 err = mgmt_cmd_complete(sk, hdev->id,
5082a599
MH		 6367 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6368 MGMT_STATUS_FAILED,
6369 &cp->type, sizeof(cp->type));
0821a2c5
MH		 6370 goto done;
6371 }
6372
4f0f155c
MH		 6373 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6374 memcpy(addr, &hdev->rpa, 6);
6375 addr[6] = 0x01;
6376 } else if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6377 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6378 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6379 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6380 memcpy(addr, &hdev->static_addr, 6);
6381 addr[6] = 0x01;
6382 } else {
6383 memcpy(addr, &hdev->bdaddr, 6);
6384 addr[6] = 0x00;
6385 }
6386
6387 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6388 addr, sizeof(addr));
6389
6390 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6391 role = 0x02;
6392 else
6393 role = 0x01;
6394
6395 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6396 &role, sizeof(role));
6397
5082a599
MH		 6398 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6399 eir_len = eir_append_data(rp->eir, eir_len,
6400 EIR_LE_SC_CONFIRM,
6401 hash, sizeof(hash));
0821a2c5 6402
5082a599
MH		 6403 eir_len = eir_append_data(rp->eir, eir_len,
6404 EIR_LE_SC_RANDOM,
6405 rand, sizeof(rand));
6406 }
0821a2c5 6407
4f0f155c
MH		 6408 flags = get_adv_discov_flags(hdev);
6409
6410 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6411 flags |= LE_AD_NO_BREDR;
6412
6413 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6414 &flags, sizeof(flags));
6415 break;
6416 }
6417
6418 rp->type = cp->type;
6419 rp->eir_len = cpu_to_le16(eir_len);
6420
6421 hci_dev_unlock(hdev);
6422
72000df2
MH		 6423 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6424
4f0f155c 6425 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
5425f98e 6426 MGMT_STATUS_SUCCESS, rp, sizeof(*rp) + eir_len);
72000df2
MH		 6427 if (err < 0)
6428 goto done;
6429
6430 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6431 rp, sizeof(*rp) + eir_len,
6432 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 6433
0821a2c5 6434done:
4f0f155c
MH		 6435 kfree(rp);
6436
6437 return err;
6438}
6439
d3d5305b
MH		 6440static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6441 void *data, u16 data_len)
6442{
6443 struct mgmt_rp_read_adv_features *rp;
6444 size_t rp_len;
6445 int err;
24b4f38f 6446 bool instance;
d3d5305b
MH		 6447
6448 BT_DBG("%s", hdev->name);
6449
6450 hci_dev_lock(hdev);
6451
6452 rp_len = sizeof(*rp);
24b4f38f
AU		 6453
6454 /* Currently only one instance is supported, so just add 1 to the
6455 * response length.
6456 */
6457 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
6458 if (instance)
6459 rp_len++;
6460
d3d5305b
MH		 6461 rp = kmalloc(rp_len, GFP_ATOMIC);
6462 if (!rp) {
6463 hci_dev_unlock(hdev);
6464 return -ENOMEM;
6465 }
6466
6467 rp->supported_flags = cpu_to_le32(0);
dc5d82a9
MH		 6468 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6469 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
24b4f38f
AU		 6470 rp->max_instances = 1;
6471
6472 /* Currently only one instance is supported, so simply return the
6473 * current instance number.
6474 */
6475 if (instance) {
6476 rp->num_instances = 1;
6477 rp->instance[0] = 1;
6478 } else {
6479 rp->num_instances = 0;
6480 }
d3d5305b
MH		 6481
6482 hci_dev_unlock(hdev);
6483
6484 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6485 MGMT_STATUS_SUCCESS, rp, rp_len);
6486
6487 kfree(rp);
6488
6489 return err;
6490}
6491
4117ed70
AU		 6492static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6493 u8 len)
24b4f38f 6494{
4117ed70 6495 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f
AU		 6496 int i, cur_len;
6497
4117ed70 6498 /* TODO: Correctly reduce len based on adv_flags. */
24b4f38f 6499
4117ed70 6500 if (len > max_len)
24b4f38f
AU		 6501 return false;
6502
4117ed70
AU		 6503 /* Make sure that the data is correctly formatted. */
6504 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6505 cur_len = data[i];
24b4f38f
AU		 6506
6507 /* If the current field length would exceed the total data
6508 * length, then it's invalid.
6509 */
4117ed70 6510 if (i + cur_len >= len)
24b4f38f
AU		 6511 return false;
6512 }
6513
6514 return true;
6515}
6516
24b4f38f
AU		 6517static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6518 u16 opcode)
6519{
6520 struct mgmt_pending_cmd *cmd;
6521 struct mgmt_rp_add_advertising rp;
6522
6523 BT_DBG("status %d", status);
6524
6525 hci_dev_lock(hdev);
6526
6527 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6528
6529 if (status) {
6530 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
6531 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
6532 advertising_removed(cmd ? cmd->sk : NULL, hdev, 1);
6533 }
6534
6535 if (!cmd)
6536 goto unlock;
6537
6538 rp.instance = 0x01;
6539
6540 if (status)
6541 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6542 mgmt_status(status));
6543 else
6544 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6545 mgmt_status(status), &rp, sizeof(rp));
6546
6547 mgmt_pending_remove(cmd);
6548
6549unlock:
6550 hci_dev_unlock(hdev);
6551}
6552
912098a6
AU		 6553static void adv_timeout_expired(struct work_struct *work)
6554{
6555 struct hci_dev *hdev = container_of(work, struct hci_dev,
6556 adv_instance.timeout_exp.work);
6557
6558 hdev->adv_instance.timeout = 0;
6559
6560 hci_dev_lock(hdev);
6561 clear_adv_instance(hdev);
6562 hci_dev_unlock(hdev);
6563}
6564
24b4f38f
AU		 6565static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6566 void *data, u16 data_len)
6567{
6568 struct mgmt_cp_add_advertising *cp = data;
6569 struct mgmt_rp_add_advertising rp;
6570 u32 flags;
6571 u8 status;
912098a6 6572 u16 timeout;
24b4f38f
AU		 6573 int err;
6574 struct mgmt_pending_cmd *cmd;
6575 struct hci_request req;
6576
6577 BT_DBG("%s", hdev->name);
6578
6579 status = mgmt_le_support(hdev);
6580 if (status)
6581 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6582 status);
6583
6584 flags = __le32_to_cpu(cp->flags);
912098a6 6585 timeout = __le16_to_cpu(cp->timeout);
24b4f38f
AU		 6586
6587 /* The current implementation only supports adding one instance and
6588 * doesn't support flags.
6589 */
6590 if (cp->instance != 0x01 || flags)
6591 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6592 MGMT_STATUS_INVALID_PARAMS);
6593
6594 hci_dev_lock(hdev);
6595
912098a6
AU		 6596 if (timeout && !hdev_is_powered(hdev)) {
6597 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6598 MGMT_STATUS_REJECTED);
6599 goto unlock;
6600 }
6601
24b4f38f 6602 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
da929335 6603 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
24b4f38f
AU		 6604 pending_find(MGMT_OP_SET_LE, hdev)) {
6605 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6606 MGMT_STATUS_BUSY);
6607 goto unlock;
6608 }
6609
4117ed70
AU		 6610 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len) ||
6611 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6612 cp->scan_rsp_len)) {
24b4f38f
AU		 6613 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6614 MGMT_STATUS_INVALID_PARAMS);
6615 goto unlock;
6616 }
6617
912098a6
AU		 6618 INIT_DELAYED_WORK(&hdev->adv_instance.timeout_exp, adv_timeout_expired);
6619
24b4f38f
AU		 6620 hdev->adv_instance.flags = flags;
6621 hdev->adv_instance.adv_data_len = cp->adv_data_len;
6622 hdev->adv_instance.scan_rsp_len = cp->scan_rsp_len;
6623
6624 if (cp->adv_data_len)
6625 memcpy(hdev->adv_instance.adv_data, cp->data, cp->adv_data_len);
6626
6627 if (cp->scan_rsp_len)
6628 memcpy(hdev->adv_instance.scan_rsp_data,
6629 cp->data + cp->adv_data_len, cp->scan_rsp_len);
6630
912098a6
AU		 6631 if (hdev->adv_instance.timeout)
6632 cancel_delayed_work(&hdev->adv_instance.timeout_exp);
6633
6634 hdev->adv_instance.timeout = timeout;
6635
6636 if (timeout)
6637 queue_delayed_work(hdev->workqueue,
6638 &hdev->adv_instance.timeout_exp,
6639 msecs_to_jiffies(timeout * 1000));
6640
24b4f38f
AU		 6641 if (!hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING_INSTANCE))
6642 advertising_added(sk, hdev, 1);
6643
6644 /* If the HCI_ADVERTISING flag is set or the device isn't powered then
6645 * we have no HCI communication to make. Simply return.
6646 */
6647 if (!hdev_is_powered(hdev) ||
6648 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6649 rp.instance = 0x01;
6650 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6651 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6652 goto unlock;
6653 }
6654
6655 /* We're good to go, update advertising data, parameters, and start
6656 * advertising.
6657 */
6658 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6659 data_len);
6660 if (!cmd) {
6661 err = -ENOMEM;
6662 goto unlock;
6663 }
6664
6665 hci_req_init(&req, hdev);
6666
6667 update_adv_data(&req);
4117ed70 6668 update_scan_rsp_data(&req);
24b4f38f
AU		 6669 enable_advertising(&req);
6670
6671 err = hci_req_run(&req, add_advertising_complete);
6672 if (err < 0)
6673 mgmt_pending_remove(cmd);
6674
6675unlock:
6676 hci_dev_unlock(hdev);
6677
6678 return err;
6679}
6680
da929335
AU		 6681static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6682 u16 opcode)
6683{
6684 struct mgmt_pending_cmd *cmd;
6685 struct mgmt_rp_remove_advertising rp;
6686
6687 BT_DBG("status %d", status);
6688
6689 hci_dev_lock(hdev);
6690
6691 /* A failure status here only means that we failed to disable
6692 * advertising. Otherwise, the advertising instance has been removed,
6693 * so report success.
6694 */
6695 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6696 if (!cmd)
6697 goto unlock;
6698
6699 rp.instance = 1;
6700
6701 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6702 &rp, sizeof(rp));
6703 mgmt_pending_remove(cmd);
6704
6705unlock:
6706 hci_dev_unlock(hdev);
6707}
6708
6709static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6710 void *data, u16 data_len)
6711{
6712 struct mgmt_cp_remove_advertising *cp = data;
6713 struct mgmt_rp_remove_advertising rp;
6714 int err;
6715 struct mgmt_pending_cmd *cmd;
6716 struct hci_request req;
6717
6718 BT_DBG("%s", hdev->name);
6719
6720 /* The current implementation only allows modifying instance no 1. A
6721 * value of 0 indicates that all instances should be cleared.
6722 */
6723 if (cp->instance > 1)
6724 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6725 MGMT_STATUS_INVALID_PARAMS);
6726
6727 hci_dev_lock(hdev);
6728
6729 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6730 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6731 pending_find(MGMT_OP_SET_LE, hdev)) {
6732 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6733 MGMT_STATUS_BUSY);
6734 goto unlock;
6735 }
6736
6737 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
6738 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6739 MGMT_STATUS_INVALID_PARAMS);
6740 goto unlock;
6741 }
6742
912098a6
AU		 6743 if (hdev->adv_instance.timeout)
6744 cancel_delayed_work(&hdev->adv_instance.timeout_exp);
6745
da929335
AU		 6746 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
6747
6748 advertising_removed(sk, hdev, 1);
6749
6750 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
6751
6752 /* If the HCI_ADVERTISING flag is set or the device isn't powered then
6753 * we have no HCI communication to make. Simply return.
6754 */
6755 if (!hdev_is_powered(hdev) ||
6756 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6757 rp.instance = 1;
6758 err = mgmt_cmd_complete(sk, hdev->id,
6759 MGMT_OP_REMOVE_ADVERTISING,
6760 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6761 goto unlock;
6762 }
6763
6764 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6765 data_len);
6766 if (!cmd) {
6767 err = -ENOMEM;
6768 goto unlock;
6769 }
6770
6771 hci_req_init(&req, hdev);
6772 disable_advertising(&req);
6773
6774 err = hci_req_run(&req, remove_advertising_complete);
6775 if (err < 0)
6776 mgmt_pending_remove(cmd);
6777
6778unlock:
6779 hci_dev_unlock(hdev);
6780
6781 return err;
6782}
6783
6d785aa3 6784static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6785 { NULL }, /* 0x0000 (no command) */
b9a245fb 6786 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 6787 HCI_MGMT_NO_HDEV |
6788 HCI_MGMT_UNTRUSTED },
b9a245fb 6789 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 6790 HCI_MGMT_NO_HDEV |
6791 HCI_MGMT_UNTRUSTED },
b9a245fb 6792 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 6793 HCI_MGMT_NO_HDEV |
6794 HCI_MGMT_UNTRUSTED },
6795 { read_controller_info, MGMT_READ_INFO_SIZE,
6796 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 6797 { set_powered, MGMT_SETTING_SIZE },
6798 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6799 { set_connectable, MGMT_SETTING_SIZE },
6800 { set_fast_connectable, MGMT_SETTING_SIZE },
6801 { set_bondable, MGMT_SETTING_SIZE },
6802 { set_link_security, MGMT_SETTING_SIZE },
6803 { set_ssp, MGMT_SETTING_SIZE },
6804 { set_hs, MGMT_SETTING_SIZE },
6805 { set_le, MGMT_SETTING_SIZE },
6806 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6807 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6808 { add_uuid, MGMT_ADD_UUID_SIZE },
6809 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 6810 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6811 HCI_MGMT_VAR_LEN },
6812 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6813 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6814 { disconnect, MGMT_DISCONNECT_SIZE },
6815 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6816 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6817 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6818 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6819 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6820 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6821 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6822 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6823 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6824 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6825 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 6826 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6827 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6828 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6829 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6830 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6831 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6832 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6833 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6834 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6835 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6836 { set_advertising, MGMT_SETTING_SIZE },
6837 { set_bredr, MGMT_SETTING_SIZE },
6838 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6839 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6840 { set_secure_conn, MGMT_SETTING_SIZE },
6841 { set_debug_keys, MGMT_SETTING_SIZE },
6842 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 6843 { load_irks, MGMT_LOAD_IRKS_SIZE,
6844 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6845 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6846 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6847 { add_device, MGMT_ADD_DEVICE_SIZE },
6848 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 6849 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6850 HCI_MGMT_VAR_LEN },
6851 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 6852 HCI_MGMT_NO_HDEV |
6853 HCI_MGMT_UNTRUSTED },
b9a245fb 6854 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 6855 HCI_MGMT_UNCONFIGURED |
6856 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 6857 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6858 HCI_MGMT_UNCONFIGURED },
6859 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6860 HCI_MGMT_UNCONFIGURED },
6861 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6862 HCI_MGMT_VAR_LEN },
4f0f155c 6863 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 6864 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 6865 HCI_MGMT_NO_HDEV |
6866 HCI_MGMT_UNTRUSTED },
d3d5305b 6867 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 6868 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6869 HCI_MGMT_VAR_LEN },
da929335 6870 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
0f4e68cf
JH		 6871};
6872
bf6b56db 6873void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6874{
ced85549 6875 struct mgmt_ev_ext_index ev;
bb4b2a9a 6876
0602a8ad
MH		 6877 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6878 return;
6879
f9207338
MH		 6880 switch (hdev->dev_type) {
6881 case HCI_BREDR:
6882 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6883 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6884 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6885 ev.type = 0x01;
f9207338
MH		 6886 } else {
6887 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6888 HCI_MGMT_INDEX_EVENTS);
ced85549 6889 ev.type = 0x00;
f9207338
MH		 6890 }
6891 break;
ced85549
MH		 6892 case HCI_AMP:
6893 ev.type = 0x02;
6894 break;
6895 default:
6896 return;
f9207338 6897 }
ced85549
MH		 6898
6899 ev.bus = hdev->bus;
6900
6901 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6902 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 6903}
6904
bf6b56db 6905void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6906{
ced85549 6907 struct mgmt_ev_ext_index ev;
5f159032 6908 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6909
0602a8ad
MH		 6910 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6911 return;
6912
f9207338
MH		 6913 switch (hdev->dev_type) {
6914 case HCI_BREDR:
6915 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6916
f9207338
MH		 6917 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6918 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6919 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6920 ev.type = 0x01;
f9207338
MH		 6921 } else {
6922 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6923 HCI_MGMT_INDEX_EVENTS);
ced85549 6924 ev.type = 0x00;
f9207338
MH		 6925 }
6926 break;
ced85549
MH		 6927 case HCI_AMP:
6928 ev.type = 0x02;
6929 break;
6930 default:
6931 return;
f9207338 6932 }
ced85549
MH		 6933
6934 ev.bus = hdev->bus;
6935
6936 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6937 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 6938}
6939
6046dc3e 6940/* This function requires the caller holds hdev->lock */
2cf22218 6941static void restart_le_actions(struct hci_request *req)
6046dc3e 6942{
2cf22218 6943 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 6944 struct hci_conn_params *p;
6945
6946 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6947 /* Needed for AUTO_OFF case where might not "really"
6948 * have been powered off.
6949 */
6950 list_del_init(&p->action);
6951
6952 switch (p->auto_connect) {
4b9e7e75 6953 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6954 case HCI_AUTO_CONN_ALWAYS:
6955 list_add(&p->action, &hdev->pend_le_conns);
6956 break;
6957 case HCI_AUTO_CONN_REPORT:
6958 list_add(&p->action, &hdev->pend_le_reports);
6959 break;
6960 default:
6961 break;
c83ed19d 6962 }
6046dc3e 6963 }
c83ed19d 6964
2cf22218 6965 __hci_update_background_scan(req);
6046dc3e
AG		 6966}
6967
1904a853 6968static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 6969{
6970 struct cmd_lookup match = { NULL, hdev };
6971
6972 BT_DBG("status 0x%02x", status);
6973
162a3bac
MH		 6974 if (!status) {
6975 /* Register the available SMP channels (BR/EDR and LE) only
6976 * when successfully powering on the controller. This late
6977 * registration is required so that LE SMP can clearly
6978 * decide if the public address or static address is used.
6979 */
6980 smp_register(hdev);
6981 }
6982
229ab39c
JH		 6983 hci_dev_lock(hdev);
6984
6985 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6986
6987 new_settings(hdev, match.sk);
6988
6989 hci_dev_unlock(hdev);
6990
6991 if (match.sk)
6992 sock_put(match.sk);
6993}
6994
70da6243 6995static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6996{
890ea898 6997 struct hci_request req;
70da6243 6998 u8 link_sec;
5add6af8 6999
890ea898
JH		 7000 hci_req_init(&req, hdev);
7001
d7a5a11d 7002 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
70da6243 7003 !lmp_host_ssp_capable(hdev)) {
574ea3c7 7004 u8 mode = 0x01;
5e5282bb 7005
574ea3c7
MH		 7006 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
7007
7008 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
7009 u8 support = 0x01;
5add6af8 7010
574ea3c7
MH		 7011 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
7012 sizeof(support), &support);
7013 }
ec6f99b8
JH		 7014 }
7015
d7a5a11d 7016 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
c73eee91 7017 lmp_bredr_capable(hdev)) {
70da6243 7018 struct hci_cp_write_le_host_supported cp;
f0ff92fb 7019
32226e4f
MH		 7020 cp.le = 0x01;
7021 cp.simul = 0x00;
3d1cbdd6 7022
70da6243
JH		 7023 /* Check first if we already have the right
7024 * host state (host features set)
7025 */
7026 if (cp.le != lmp_host_le_capable(hdev) ||
7027 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 7028 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
7029 sizeof(cp), &cp);
70da6243 7030 }
3d1cbdd6 7031
d13eafce 7032 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 7033 /* Make sure the controller has a good default for
7034 * advertising data. This also applies to the case
7035 * where BR/EDR was toggled during the AUTO_OFF phase.
7036 */
d7a5a11d 7037 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
5947f4bc 7038 update_adv_data(&req);
f14d8f64
MH		 7039 update_scan_rsp_data(&req);
7040 }
441ad2d0 7041
24b4f38f
AU		 7042 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7043 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
bba3aa55 7044 enable_advertising(&req);
2cf22218
JH		 7045
7046 restart_le_actions(&req);
eeca6f89
JH		 7047 }
7048
d7a5a11d 7049 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
70da6243 7050 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 7051 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
7052 sizeof(link_sec), &link_sec);
562fcc24 7053
70da6243 7054 if (lmp_bredr_capable(hdev)) {
d7a5a11d 7055 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
406ef2a6
JH		 7056 write_fast_connectable(&req, true);
7057 else
7058 write_fast_connectable(&req, false);
1d2dc5b7 7059 __hci_update_page_scan(&req);
890ea898 7060 update_class(&req);
13928971 7061 update_name(&req);
890ea898 7062 update_eir(&req);
70da6243 7063 }
562fcc24 7064
229ab39c 7065 return hci_req_run(&req, powered_complete);
70da6243 7066}
562fcc24 7067
70da6243
JH		 7068int mgmt_powered(struct hci_dev *hdev, u8 powered)
7069{
7070 struct cmd_lookup match = { NULL, hdev };
9845904f 7071 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 7072 int err;
f0ff92fb 7073
d7a5a11d 7074 if (!hci_dev_test_flag(hdev, HCI_MGMT))
70da6243
JH		 7075 return 0;
7076
70da6243 7077 if (powered) {
229ab39c
JH		 7078 if (powered_update_hci(hdev) == 0)
7079 return 0;
fe038884 7080
229ab39c
JH		 7081 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
7082 &match);
7083 goto new_settings;
b24752fe
JH		 7084 }
7085
229ab39c 7086 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 7087
7088 /* If the power off is because of hdev unregistration let
7089 * use the appropriate INVALID_INDEX status. Otherwise use
7090 * NOT_POWERED. We cover both scenarios here since later in
7091 * mgmt_index_removed() any hci_conn callbacks will have already
7092 * been triggered, potentially causing misleading DISCONNECTED
7093 * status responses.
7094 */
d7a5a11d 7095 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 7096 status = MGMT_STATUS_INVALID_INDEX;
7097 else
7098 status = MGMT_STATUS_NOT_POWERED;
7099
7100 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 7101
7102 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
f6b7712e
MH		 7103 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7104 zero_cod, sizeof(zero_cod), NULL);
229ab39c
JH		 7105
7106new_settings:
beadb2bd 7107 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 7108
7109 if (match.sk)
7110 sock_put(match.sk);
7111
7bb895d6 7112 return err;
5add6af8 7113}
73f22f62 7114
3eec705e 7115void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 7116{
3b0602cd 7117 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 7118 u8 status;
7119
333ae95d 7120 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 7121 if (!cmd)
3eec705e 7122 return;
96570ffc
JH		 7123
7124 if (err == -ERFKILL)
7125 status = MGMT_STATUS_RFKILLED;
7126 else
7127 status = MGMT_STATUS_FAILED;
7128
a69e8375 7129 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 7130
7131 mgmt_pending_remove(cmd);
96570ffc
JH		 7132}
7133
d1967ff8
MH		 7134void mgmt_discoverable_timeout(struct hci_dev *hdev)
7135{
7136 struct hci_request req;
d1967ff8
MH		 7137
7138 hci_dev_lock(hdev);
7139
7140 /* When discoverable timeout triggers, then just make sure
7141 * the limited discoverable flag is cleared. Even in the case
7142 * of a timeout triggered from general discoverable, it is
7143 * safe to unconditionally clear the flag.
7144 */
a358dc11
MH		 7145 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
7146 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
d1967ff8
MH		 7147
7148 hci_req_init(&req, hdev);
d7a5a11d 7149 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4b580614
JH		 7150 u8 scan = SCAN_PAGE;
7151 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
7152 sizeof(scan), &scan);
7153 }
d1967ff8 7154 update_class(&req);
24b4f38f
AU		 7155
7156 /* Advertising instances don't use the global discoverable setting, so
7157 * only update AD if advertising was enabled using Set Advertising.
7158 */
7159 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7160 update_adv_data(&req);
7161
d1967ff8
MH		 7162 hci_req_run(&req, NULL);
7163
7164 hdev->discov_timeout = 0;
7165
9a43e25f
JH		 7166 new_settings(hdev, NULL);
7167
d1967ff8
MH		 7168 hci_dev_unlock(hdev);
7169}
7170
dc4a5ee2
MH		 7171void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7172 bool persistent)
55ed8ca1 7173{
86742e1e 7174 struct mgmt_ev_new_link_key ev;
55ed8ca1 7175
a492cd52 7176 memset(&ev, 0, sizeof(ev));
55ed8ca1 7177
a492cd52 7178 ev.store_hint = persistent;
d753fdc4 7179 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 7180 ev.key.addr.type = BDADDR_BREDR;
a492cd52 7181 ev.key.type = key->type;
9b3b4460 7182 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 7183 ev.key.pin_len = key->pin_len;
55ed8ca1 7184
dc4a5ee2 7185 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 7186}
f7520543 7187
d7b25450
JH		 7188static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7189{
23fb8de3
JH		 7190 switch (ltk->type) {
7191 case SMP_LTK:
7192 case SMP_LTK_SLAVE:
7193 if (ltk->authenticated)
7194 return MGMT_LTK_AUTHENTICATED;
7195 return MGMT_LTK_UNAUTHENTICATED;
7196 case SMP_LTK_P256:
7197 if (ltk->authenticated)
7198 return MGMT_LTK_P256_AUTH;
7199 return MGMT_LTK_P256_UNAUTH;
7200 case SMP_LTK_P256_DEBUG:
7201 return MGMT_LTK_P256_DEBUG;
7202 }
d7b25450
JH		 7203
7204 return MGMT_LTK_UNAUTHENTICATED;
7205}
7206
53ac6ab6 7207void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 7208{
7209 struct mgmt_ev_new_long_term_key ev;
7210
7211 memset(&ev, 0, sizeof(ev));
7212
5192d301
MH		 7213 /* Devices using resolvable or non-resolvable random addresses
7214 * without providing an indentity resolving key don't require
7215 * to store long term keys. Their addresses will change the
7216 * next time around.
7217 *
7218 * Only when a remote device provides an identity address
7219 * make sure the long term key is stored. If the remote
7220 * identity is known, the long term keys are internally
7221 * mapped to the identity address. So allow static random
7222 * and public addresses here.
7223 */
ba74b666
JH		 7224 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7225 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7226 ev.store_hint = 0x00;
7227 else
53ac6ab6 7228 ev.store_hint = persistent;
ba74b666 7229
346af67b 7230 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 7231 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 7232 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 7233 ev.key.enc_size = key->enc_size;
7234 ev.key.ediv = key->ediv;
fe39c7b2 7235 ev.key.rand = key->rand;
346af67b 7236
2ceba539 7237 if (key->type == SMP_LTK)
346af67b
VCG		 7238 ev.key.master = 1;
7239
346af67b
VCG		 7240 memcpy(ev.key.val, key->val, sizeof(key->val));
7241
083368f7 7242 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 7243}
7244
95fbac8a
JH		 7245void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
7246{
7247 struct mgmt_ev_new_irk ev;
7248
7249 memset(&ev, 0, sizeof(ev));
7250
bab6d1e5
MH		 7251 /* For identity resolving keys from devices that are already
7252 * using a public address or static random address, do not
7253 * ask for storing this key. The identity resolving key really
7254 * is only mandatory for devices using resovlable random
7255 * addresses.
7256 *
7257 * Storing all identity resolving keys has the downside that
7258 * they will be also loaded on next boot of they system. More
7259 * identity resolving keys, means more time during scanning is
7260 * needed to actually resolve these addresses.
7261 */
7262 if (bacmp(&irk->rpa, BDADDR_ANY))
7263 ev.store_hint = 0x01;
7264 else
7265 ev.store_hint = 0x00;
7266
95fbac8a
JH		 7267 bacpy(&ev.rpa, &irk->rpa);
7268 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7269 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7270 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7271
7272 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7273}
7274
53ac6ab6
MH		 7275void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7276 bool persistent)
7ee4ea36
MH		 7277{
7278 struct mgmt_ev_new_csrk ev;
7279
7280 memset(&ev, 0, sizeof(ev));
7281
7282 /* Devices using resolvable or non-resolvable random addresses
7283 * without providing an indentity resolving key don't require
7284 * to store signature resolving keys. Their addresses will change
7285 * the next time around.
7286 *
7287 * Only when a remote device provides an identity address
7288 * make sure the signature resolving key is stored. So allow
7289 * static random and public addresses here.
7290 */
7291 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7292 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7293 ev.store_hint = 0x00;
7294 else
53ac6ab6 7295 ev.store_hint = persistent;
7ee4ea36
MH		 7296
7297 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7298 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 7299 ev.key.type = csrk->type;
7ee4ea36
MH		 7300 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7301
7302 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7303}
7304
ffb5a827 7305void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 7306 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7307 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 7308{
7309 struct mgmt_ev_new_conn_param ev;
7310
c103aea6
JH		 7311 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7312 return;
7313
ffb5a827
AG		 7314 memset(&ev, 0, sizeof(ev));
7315 bacpy(&ev.addr.bdaddr, bdaddr);
7316 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 7317 ev.store_hint = store_hint;
ffb5a827
AG		 7318 ev.min_interval = cpu_to_le16(min_interval);
7319 ev.max_interval = cpu_to_le16(max_interval);
7320 ev.latency = cpu_to_le16(latency);
7321 ev.timeout = cpu_to_le16(timeout);
7322
7323 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7324}
7325
48ec92fa
AA		 7326void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7327 u32 flags, u8 *name, u8 name_len)
f7520543 7328{
b644ba33
JH		 7329 char buf[512];
7330 struct mgmt_ev_device_connected *ev = (void *) buf;
7331 u16 eir_len = 0;
f7520543 7332
48ec92fa
AA		 7333 bacpy(&ev->addr.bdaddr, &conn->dst);
7334 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 7335
c95f0ba7 7336 ev->flags = __cpu_to_le32(flags);
08c79b61 7337
fd45ada9
AA		 7338 /* We must ensure that the EIR Data fields are ordered and
7339 * unique. Keep it simple for now and avoid the problem by not
7340 * adding any BR/EDR data to the LE adv.
7341 */
7342 if (conn->le_adv_data_len > 0) {
7343 memcpy(&ev->eir[eir_len],
7344 conn->le_adv_data, conn->le_adv_data_len);
7345 eir_len = conn->le_adv_data_len;
7346 } else {
7347 if (name_len > 0)
7348 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7349 name, name_len);
b644ba33 7350
ddbea5cf 7351 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 7352 eir_len = eir_append_data(ev->eir, eir_len,
7353 EIR_CLASS_OF_DEV,
7354 conn->dev_class, 3);
7355 }
b644ba33 7356
eb55ef07 7357 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 7358
ecd90ae7
MH		 7359 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7360 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 7361}
7362
3b0602cd 7363static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 7364{
8962ee74 7365 struct sock **sk = data;
8962ee74 7366
f5818c22 7367 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 7368
7369 *sk = cmd->sk;
7370 sock_hold(*sk);
7371
a664b5bc 7372 mgmt_pending_remove(cmd);
8962ee74
JH		 7373}
7374
3b0602cd 7375static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 7376{
b1078ad0 7377 struct hci_dev *hdev = data;
124f6e35 7378 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 7379
b1078ad0
JH		 7380 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7381
d8b7b1e4 7382 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 7383 mgmt_pending_remove(cmd);
7384}
7385
84c61d92
JH		 7386bool mgmt_powering_down(struct hci_dev *hdev)
7387{
3b0602cd 7388 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 7389 struct mgmt_mode *cp;
7390
333ae95d 7391 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 7392 if (!cmd)
7393 return false;
7394
7395 cp = cmd->param;
7396 if (!cp->val)
7397 return true;
7398
7399 return false;
7400}
7401
9b80ec5e 7402void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 7403 u8 link_type, u8 addr_type, u8 reason,
7404 bool mgmt_connected)
f7520543 7405{
f0d6a0ea 7406 struct mgmt_ev_device_disconnected ev;
8962ee74 7407 struct sock *sk = NULL;
8962ee74 7408
84c61d92
JH		 7409 /* The connection is still in hci_conn_hash so test for 1
7410 * instead of 0 to know if this is the last one.
7411 */
7412 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7413 cancel_delayed_work(&hdev->power_off);
7414 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 7415 }
7416
12d4a3b2
JH		 7417 if (!mgmt_connected)
7418 return;
7419
57eb776f
AG		 7420 if (link_type != ACL_LINK && link_type != LE_LINK)
7421 return;
7422
744cf19e 7423 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 7424
f0d6a0ea
MA		 7425 bacpy(&ev.addr.bdaddr, bdaddr);
7426 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7427 ev.reason = reason;
f7520543 7428
9b80ec5e 7429 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 7430
7431 if (sk)
d97dcb66 7432 sock_put(sk);
8962ee74 7433
124f6e35 7434 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 7435 hdev);
8962ee74
JH		 7436}
7437
7892924c
MH		 7438void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7439 u8 link_type, u8 addr_type, u8 status)
8962ee74 7440{
3655bba8
AG		 7441 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7442 struct mgmt_cp_disconnect *cp;
3b0602cd 7443 struct mgmt_pending_cmd *cmd;
8962ee74 7444
36a75f1b
JD		 7445 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7446 hdev);
7447
333ae95d 7448 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 7449 if (!cmd)
7892924c 7450 return;
8962ee74 7451
3655bba8
AG		 7452 cp = cmd->param;
7453
7454 if (bacmp(bdaddr, &cp->addr.bdaddr))
7455 return;
7456
7457 if (cp->addr.type != bdaddr_type)
7458 return;
7459
f5818c22 7460 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7461 mgmt_pending_remove(cmd);
f7520543 7462}
17d5c04c 7463
445608d0
MH		 7464void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7465 u8 addr_type, u8 status)
17d5c04c
JH		 7466{
7467 struct mgmt_ev_connect_failed ev;
c9910d0f 7468
84c61d92
JH		 7469 /* The connection is still in hci_conn_hash so test for 1
7470 * instead of 0 to know if this is the last one.
7471 */
7472 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7473 cancel_delayed_work(&hdev->power_off);
7474 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 7475 }
17d5c04c 7476
4c659c39 7477 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7478 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 7479 ev.status = mgmt_status(status);
17d5c04c 7480
445608d0 7481 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 7482}
980e1a53 7483
ce0e4a0d 7484void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 7485{
7486 struct mgmt_ev_pin_code_request ev;
7487
d8457698 7488 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 7489 ev.addr.type = BDADDR_BREDR;
a770bb5a 7490 ev.secure = secure;
980e1a53 7491
ce0e4a0d 7492 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 7493}
7494
e669cf80
MH		 7495void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7496 u8 status)
980e1a53 7497{
3b0602cd 7498 struct mgmt_pending_cmd *cmd;
980e1a53 7499
333ae95d 7500 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 7501 if (!cmd)
e669cf80 7502 return;
980e1a53 7503
7776d1d8 7504 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7505 mgmt_pending_remove(cmd);
980e1a53
JH		 7506}
7507
3eb38528
MH		 7508void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7509 u8 status)
980e1a53 7510{
3b0602cd 7511 struct mgmt_pending_cmd *cmd;
980e1a53 7512
333ae95d 7513 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 7514 if (!cmd)
3eb38528 7515 return;
980e1a53 7516
7776d1d8 7517 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7518 mgmt_pending_remove(cmd);
980e1a53 7519}
a5c29683 7520
744cf19e 7521int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 7522 u8 link_type, u8 addr_type, u32 value,
04124681 7523 u8 confirm_hint)
a5c29683
JH		 7524{
7525 struct mgmt_ev_user_confirm_request ev;
7526
744cf19e 7527 BT_DBG("%s", hdev->name);
a5c29683 7528
272d90df 7529 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7530 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 7531 ev.confirm_hint = confirm_hint;
39adbffe 7532 ev.value = cpu_to_le32(value);
a5c29683 7533
744cf19e 7534 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 7535 NULL);
a5c29683
JH		 7536}
7537
272d90df 7538int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7539 u8 link_type, u8 addr_type)
604086b7
BG		 7540{
7541 struct mgmt_ev_user_passkey_request ev;
7542
7543 BT_DBG("%s", hdev->name);
7544
272d90df 7545 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7546 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7547
7548 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7549 NULL);
604086b7
BG		 7550}
7551
0df4c185 7552static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7553 u8 link_type, u8 addr_type, u8 status,
7554 u8 opcode)
a5c29683 7555{
3b0602cd 7556 struct mgmt_pending_cmd *cmd;
a5c29683 7557
333ae95d 7558 cmd = pending_find(opcode, hdev);
a5c29683
JH		 7559 if (!cmd)
7560 return -ENOENT;
7561
7776d1d8 7562 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7563 mgmt_pending_remove(cmd);
a5c29683 7564
7776d1d8 7565 return 0;
a5c29683
JH		 7566}
7567
744cf19e 7568int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7569 u8 link_type, u8 addr_type, u8 status)
a5c29683 7570{
272d90df 7571 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7572 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7573}
7574
272d90df 7575int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7576 u8 link_type, u8 addr_type, u8 status)
a5c29683 7577{
272d90df 7578 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7579 status,
7580 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7581}
2a611692 7582
604086b7 7583int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7584 u8 link_type, u8 addr_type, u8 status)
604086b7 7585{
272d90df 7586 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7587 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7588}
7589
272d90df 7590int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7591 u8 link_type, u8 addr_type, u8 status)
604086b7 7592{
272d90df 7593 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7594 status,
7595 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7596}
7597
92a25256
JH		 7598int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7599 u8 link_type, u8 addr_type, u32 passkey,
7600 u8 entered)
7601{
7602 struct mgmt_ev_passkey_notify ev;
7603
7604 BT_DBG("%s", hdev->name);
7605
7606 bacpy(&ev.addr.bdaddr, bdaddr);
7607 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7608 ev.passkey = __cpu_to_le32(passkey);
7609 ev.entered = entered;
7610
7611 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7612}
7613
e1e930f5 7614void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7615{
7616 struct mgmt_ev_auth_failed ev;
3b0602cd 7617 struct mgmt_pending_cmd *cmd;
e1e930f5 7618 u8 status = mgmt_status(hci_status);
2a611692 7619
e1e930f5
JH		 7620 bacpy(&ev.addr.bdaddr, &conn->dst);
7621 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7622 ev.status = status;
2a611692 7623
e1e930f5
JH		 7624 cmd = find_pairing(conn);
7625
7626 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7627 cmd ? cmd->sk : NULL);
7628
a511b35b
JH		 7629 if (cmd) {
7630 cmd->cmd_complete(cmd, status);
7631 mgmt_pending_remove(cmd);
7632 }
2a611692 7633}
b312b161 7634
464996ae 7635void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7636{
7637 struct cmd_lookup match = { NULL, hdev };
464996ae 7638 bool changed;
33ef95ed
JH		 7639
7640 if (status) {
7641 u8 mgmt_err = mgmt_status(status);
7642 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7643 cmd_status_rsp, &mgmt_err);
464996ae 7644 return;
33ef95ed
JH		 7645 }
7646
464996ae 7647 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7648 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7649 else
a69d8927 7650 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 7651
33ef95ed 7652 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7653 &match);
33ef95ed 7654
47990ea0 7655 if (changed)
464996ae 7656 new_settings(hdev, match.sk);
33ef95ed
JH		 7657
7658 if (match.sk)
7659 sock_put(match.sk);
33ef95ed
JH		 7660}
7661
890ea898 7662static void clear_eir(struct hci_request *req)
cacaf52f 7663{
890ea898 7664 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7665 struct hci_cp_write_eir cp;
7666
976eb20e 7667 if (!lmp_ext_inq_capable(hdev))
890ea898 7668 return;
cacaf52f 7669
c80da27e
JH		 7670 memset(hdev->eir, 0, sizeof(hdev->eir));
7671
cacaf52f
JH		 7672 memset(&cp, 0, sizeof(cp));
7673
890ea898 7674 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7675}
7676
3e248560 7677void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7678{
7679 struct cmd_lookup match = { NULL, hdev };
890ea898 7680 struct hci_request req;
c0ecddc2 7681 bool changed = false;
ed2c4ee3
JH		 7682
7683 if (status) {
7684 u8 mgmt_err = mgmt_status(status);
c0ecddc2 7685
a69d8927
MH		 7686 if (enable && hci_dev_test_and_clear_flag(hdev,
7687 HCI_SSP_ENABLED)) {
a358dc11 7688 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 7689 new_settings(hdev, NULL);
9ecb3e24 7690 }
c0ecddc2 7691
04124681
GP		 7692 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7693 &mgmt_err);
3e248560 7694 return;
c0ecddc2
JH		 7695 }
7696
7697 if (enable) {
238be788 7698 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7699 } else {
a69d8927 7700 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7701 if (!changed)
a69d8927
MH		 7702 changed = hci_dev_test_and_clear_flag(hdev,
7703 HCI_HS_ENABLED);
9ecb3e24 7704 else
a358dc11 7705 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7706 }
7707
7708 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7709
c0ecddc2 7710 if (changed)
3e248560 7711 new_settings(hdev, match.sk);
ed2c4ee3 7712
5fc6ebb1 7713 if (match.sk)
ed2c4ee3
JH		 7714 sock_put(match.sk);
7715
890ea898
JH		 7716 hci_req_init(&req, hdev);
7717
d7a5a11d
MH		 7718 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7719 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7720 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7721 sizeof(enable), &enable);
890ea898 7722 update_eir(&req);
3769972b 7723 } else {
890ea898 7724 clear_eir(&req);
3769972b 7725 }
890ea898
JH		 7726
7727 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7728}
7729
3b0602cd 7730static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7731{
7732 struct cmd_lookup *match = data;
7733
90e70454
JH		 7734 if (match->sk == NULL) {
7735 match->sk = cmd->sk;
7736 sock_hold(match->sk);
7737 }
90e70454
JH		 7738}
7739
4e1b0245
MH		 7740void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7741 u8 status)
7f9a903c 7742{
90e70454 7743 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7744
92da6097
JH		 7745 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7746 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7747 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7748
7749 if (!status)
f6b7712e
MH		 7750 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7751 dev_class, 3, NULL);
90e70454
JH		 7752
7753 if (match.sk)
7754 sock_put(match.sk);
7f9a903c
MH		 7755}
7756
7667da34 7757void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7758{
b312b161 7759 struct mgmt_cp_set_local_name ev;
3b0602cd 7760 struct mgmt_pending_cmd *cmd;
28cc7bde 7761
13928971 7762 if (status)
7667da34 7763 return;
b312b161
JH		 7764
7765 memset(&ev, 0, sizeof(ev));
7766 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7767 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7768
333ae95d 7769 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7770 if (!cmd) {
7771 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7772
13928971
JH		 7773 /* If this is a HCI command related to powering on the
7774 * HCI dev don't send any mgmt signals.
7775 */
333ae95d 7776 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7777 return;
890ea898 7778 }
b312b161 7779
f6b7712e
MH		 7780 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7781 cmd ? cmd->sk : NULL);
b312b161 7782}
c35938b2 7783
4d2d2796 7784void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 7785 u8 *rand192, u8 *hash256, u8 *rand256,
7786 u8 status)
c35938b2 7787{
3b0602cd 7788 struct mgmt_pending_cmd *cmd;
c35938b2 7789
744cf19e 7790 BT_DBG("%s status %u", hdev->name, status);
c35938b2 7791
333ae95d 7792 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 7793 if (!cmd)
3edaf092 7794 return;
c35938b2
SJ		 7795
7796 if (status) {
a69e8375
JH		 7797 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7798 mgmt_status(status));
c35938b2 7799 } else {
66f096f7
JH		 7800 struct mgmt_rp_read_local_oob_data rp;
7801 size_t rp_size = sizeof(rp);
4d2d2796 7802
66f096f7
JH		 7803 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7804 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 7805
66f096f7 7806 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796 7807 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 7808 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
4d2d2796 7809 } else {
66f096f7 7810 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
4d2d2796 7811 }
66f096f7 7812
2a1afb5a
JH		 7813 mgmt_cmd_complete(cmd->sk, hdev->id,
7814 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7815 &rp, rp_size);
c35938b2
SJ		 7816 }
7817
7818 mgmt_pending_remove(cmd);
c35938b2 7819}
e17acd40 7820
799ce93d
JP		 7821static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7822{
7823 int i;
7824
7825 for (i = 0; i < uuid_count; i++) {
7826 if (!memcmp(uuid, uuids[i], 16))
7827 return true;
7828 }
7829
7830 return false;
7831}
7832
b487b9ce
MH		 7833static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7834{
799ce93d
JP		 7835 u16 parsed = 0;
7836
7837 while (parsed < eir_len) {
7838 u8 field_len = eir[0];
7839 u8 uuid[16];
7840 int i;
7841
7842 if (field_len == 0)
7843 break;
7844
7845 if (eir_len - parsed < field_len + 1)
7846 break;
7847
7848 switch (eir[1]) {
7849 case EIR_UUID16_ALL:
7850 case EIR_UUID16_SOME:
7851 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7852 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7853 uuid[13] = eir[i + 3];
7854 uuid[12] = eir[i + 2];
7855 if (has_uuid(uuid, uuid_count, uuids))
7856 return true;
7857 }
7858 break;
7859 case EIR_UUID32_ALL:
7860 case EIR_UUID32_SOME:
7861 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7862 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7863 uuid[15] = eir[i + 5];
7864 uuid[14] = eir[i + 4];
7865 uuid[13] = eir[i + 3];
7866 uuid[12] = eir[i + 2];
7867 if (has_uuid(uuid, uuid_count, uuids))
7868 return true;
7869 }
7870 break;
7871 case EIR_UUID128_ALL:
7872 case EIR_UUID128_SOME:
7873 for (i = 0; i + 17 <= field_len; i += 16) {
7874 memcpy(uuid, eir + i + 2, 16);
7875 if (has_uuid(uuid, uuid_count, uuids))
7876 return true;
7877 }
7878 break;
7879 }
7880
7881 parsed += field_len + 1;
7882 eir += field_len + 1;
7883 }
7884
b487b9ce
MH		 7885 return false;
7886}
7887
4b0e0ced
JP		 7888static void restart_le_scan(struct hci_dev *hdev)
7889{
7890 /* If controller is not scanning we are done. */
d7a5a11d 7891 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 7892 return;
7893
7894 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7895 hdev->discovery.scan_start +
7896 hdev->discovery.scan_duration))
7897 return;
7898
7899 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
7900 DISCOV_LE_RESTART_DELAY);
7901}
7902
48f86b7f
JP		 7903static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7904 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7905{
48f86b7f
JP		 7906 /* If a RSSI threshold has been specified, and
7907 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7908 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7909 * is set, let it through for further processing, as we might need to
7910 * restart the scan.
efb2513f
MH		 7911 *
7912 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7913 * the results are also dropped.
bda157a4
MH		 7914 */
7915 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7916 (rssi == HCI_RSSI_INVALID ||
7917 (rssi < hdev->discovery.rssi &&
7918 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7919 return false;
efb2513f 7920
2976cdeb
JP		 7921 if (hdev->discovery.uuid_count != 0) {
7922 /* If a list of UUIDs is provided in filter, results with no
7923 * matching UUID should be dropped.
b487b9ce 7924 */
2976cdeb
JP		 7925 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7926 hdev->discovery.uuids) &&
7927 !eir_has_uuids(scan_rsp, scan_rsp_len,
7928 hdev->discovery.uuid_count,
7929 hdev->discovery.uuids))
7930 return false;
b487b9ce 7931 }
5d2e9fad 7932
2976cdeb
JP		 7933 /* If duplicate filtering does not report RSSI changes, then restart
7934 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7935 */
2976cdeb
JP		 7936 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7937 restart_le_scan(hdev);
7938
7939 /* Validate RSSI value against the RSSI threshold once more. */
7940 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7941 rssi < hdev->discovery.rssi)
7942 return false;
7943 }
48f86b7f
JP		 7944
7945 return true;
7946}
7947
7948void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7949 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7950 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7951{
7952 char buf[512];
7953 struct mgmt_ev_device_found *ev = (void *)buf;
7954 size_t ev_size;
7955
7956 /* Don't send events for a non-kernel initiated discovery. With
7957 * LE one exception is if we have pend_le_reports > 0 in which
7958 * case we're doing passive scanning and want these events.
7959 */
7960 if (!hci_discovery_active(hdev)) {
7961 if (link_type == ACL_LINK)
7962 return;
7963 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7964 return;
7965 }
7966
82f8b651 7967 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7968 /* We are using service discovery */
7969 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7970 scan_rsp_len))
7971 return;
7972 }
7973
7974 /* Make sure that the buffer is big enough. The 5 extra bytes
7975 * are for the potential CoD field.
7976 */
7977 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7978 return;
7979
48f86b7f
JP		 7980 memset(buf, 0, sizeof(buf));
7981
7982 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7983 * RSSI value was reported as 0 when not available. This behavior
7984 * is kept when using device discovery. This is required for full
7985 * backwards compatibility with the API.
7986 *
7987 * However when using service discovery, the value 127 will be
7988 * returned when the RSSI is not available.
7989 */
7990 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7991 link_type == ACL_LINK)
7992 rssi = 0;
7993
7994 bacpy(&ev->addr.bdaddr, bdaddr);
7995 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7996 ev->rssi = rssi;
7997 ev->flags = cpu_to_le32(flags);
7998
7999 if (eir_len > 0)
8000 /* Copy EIR or advertising data into event */
8001 memcpy(ev->eir, eir, eir_len);
8002
8003 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
8004 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8005 dev_class, 3);
8006
8007 if (scan_rsp_len > 0)
8008 /* Append scan response data to event */
8009 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
8010
5d2e9fad
JH		 8011 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
8012 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 8013
901801b9 8014 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 8015}
a88a9652 8016
9cf12aee
MH		 8017void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8018 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 8019{
b644ba33
JH		 8020 struct mgmt_ev_device_found *ev;
8021 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
8022 u16 eir_len;
a88a9652 8023
b644ba33 8024 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 8025
b644ba33
JH		 8026 memset(buf, 0, sizeof(buf));
8027
8028 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 8029 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 8030 ev->rssi = rssi;
8031
8032 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 8033 name_len);
b644ba33 8034
eb55ef07 8035 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 8036
9cf12aee 8037 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 8038}
314b2381 8039
2f1e063b 8040void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 8041{
f963e8e9 8042 struct mgmt_ev_discovering ev;
164a6e78 8043
343fb145
AG		 8044 BT_DBG("%s discovering %u", hdev->name, discovering);
8045
f963e8e9
JH		 8046 memset(&ev, 0, sizeof(ev));
8047 ev.type = hdev->discovery.type;
8048 ev.discovering = discovering;
8049
2f1e063b 8050 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 8051}
5e762444 8052
1904a853 8053static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 8054{
8055 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 8056}
8057
8058void mgmt_reenable_advertising(struct hci_dev *hdev)
8059{
8060 struct hci_request req;
8061
24b4f38f
AU		 8062 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
8063 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
5976e608
MH		 8064 return;
8065
8066 hci_req_init(&req, hdev);
8067 enable_advertising(&req);
0ec5ae84 8068 hci_req_run(&req, adv_enable_complete);
5976e608 8069}
6d785aa3
JH		 8070
8071static struct hci_mgmt_chan chan = {
8072 .channel = HCI_CHANNEL_CONTROL,
8073 .handler_count = ARRAY_SIZE(mgmt_handlers),
8074 .handlers = mgmt_handlers,
88b94ce9 8075 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 8076};
8077
8078int mgmt_init(void)
8079{
8080 return hci_mgmt_chan_register(&chan);
8081}
8082
8083void mgmt_exit(void)
8084{
8085 hci_mgmt_chan_unregister(&chan);
8086}
Linux kernel - Deliverables
This page took 0.899352 seconds and 5 git commands to generate.