projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add white list lookup for incoming connection requests
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
730f091b 38#define MGMT_REVISION 7
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 89 MGMT_OP_ADD_DEVICE,
90 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 91 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 92 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 93 MGMT_OP_READ_CONFIG_INFO,
dbece37a 94 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 95 MGMT_OP_SET_PUBLIC_ADDRESS,
e70bb2e8
JH		 96};
97
98static const u16 mgmt_events[] = {
99 MGMT_EV_CONTROLLER_ERROR,
100 MGMT_EV_INDEX_ADDED,
101 MGMT_EV_INDEX_REMOVED,
102 MGMT_EV_NEW_SETTINGS,
103 MGMT_EV_CLASS_OF_DEV_CHANGED,
104 MGMT_EV_LOCAL_NAME_CHANGED,
105 MGMT_EV_NEW_LINK_KEY,
106 MGMT_EV_NEW_LONG_TERM_KEY,
107 MGMT_EV_DEVICE_CONNECTED,
108 MGMT_EV_DEVICE_DISCONNECTED,
109 MGMT_EV_CONNECT_FAILED,
110 MGMT_EV_PIN_CODE_REQUEST,
111 MGMT_EV_USER_CONFIRM_REQUEST,
112 MGMT_EV_USER_PASSKEY_REQUEST,
113 MGMT_EV_AUTH_FAILED,
114 MGMT_EV_DEVICE_FOUND,
115 MGMT_EV_DISCOVERING,
116 MGMT_EV_DEVICE_BLOCKED,
117 MGMT_EV_DEVICE_UNBLOCKED,
118 MGMT_EV_DEVICE_UNPAIRED,
92a25256 119 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 120 MGMT_EV_NEW_IRK,
7ee4ea36 121 MGMT_EV_NEW_CSRK,
8afef092
MH		 122 MGMT_EV_DEVICE_ADDED,
123 MGMT_EV_DEVICE_REMOVED,
ffb5a827 124 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 125 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 126 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 127 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 128};
129
17b02e62 130#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 131
4b34ee78
JH		 132#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
133 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
134
eec8d2bc
JH		 135struct pending_cmd {
136 struct list_head list;
fc2f4b13 137 u16 opcode;
eec8d2bc 138 int index;
c68fb7ff 139 void *param;
eec8d2bc 140 struct sock *sk;
e9a416b5 141 void *user_data;
eec8d2bc
JH		 142};
143
ca69b795
JH		 144/* HCI to MGMT error code conversion table */
145static u8 mgmt_status_table[] = {
146 MGMT_STATUS_SUCCESS,
147 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
148 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
149 MGMT_STATUS_FAILED, /* Hardware Failure */
150 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
151 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 152 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 153 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
154 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
155 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
156 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
157 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
158 MGMT_STATUS_BUSY, /* Command Disallowed */
159 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
160 MGMT_STATUS_REJECTED, /* Rejected Security */
161 MGMT_STATUS_REJECTED, /* Rejected Personal */
162 MGMT_STATUS_TIMEOUT, /* Host Timeout */
163 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
165 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
166 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
167 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
168 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
169 MGMT_STATUS_BUSY, /* Repeated Attempts */
170 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
171 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
172 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
173 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
174 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
175 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
176 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
177 MGMT_STATUS_FAILED, /* Unspecified Error */
178 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
179 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
180 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
181 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
182 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
183 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
184 MGMT_STATUS_FAILED, /* Unit Link Key Used */
185 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
186 MGMT_STATUS_TIMEOUT, /* Instant Passed */
187 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
188 MGMT_STATUS_FAILED, /* Transaction Collision */
189 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
190 MGMT_STATUS_REJECTED, /* QoS Rejected */
191 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
192 MGMT_STATUS_REJECTED, /* Insufficient Security */
193 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
194 MGMT_STATUS_BUSY, /* Role Switch Pending */
195 MGMT_STATUS_FAILED, /* Slot Violation */
196 MGMT_STATUS_FAILED, /* Role Switch Failed */
197 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
198 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
199 MGMT_STATUS_BUSY, /* Host Busy Pairing */
200 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
201 MGMT_STATUS_BUSY, /* Controller Busy */
202 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
203 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
204 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
205 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
206 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
207};
208
209static u8 mgmt_status(u8 hci_status)
210{
211 if (hci_status < ARRAY_SIZE(mgmt_status_table))
212 return mgmt_status_table[hci_status];
213
214 return MGMT_STATUS_FAILED;
215}
216
04c60f05
MH		 217static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
218 struct sock *skip_sk)
219{
220 struct sk_buff *skb;
221 struct mgmt_hdr *hdr;
222
223 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
224 if (!skb)
225 return -ENOMEM;
226
227 hdr = (void *) skb_put(skb, sizeof(*hdr));
228 hdr->opcode = cpu_to_le16(event);
229 if (hdev)
230 hdr->index = cpu_to_le16(hdev->id);
231 else
232 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
233 hdr->len = cpu_to_le16(data_len);
234
235 if (data)
236 memcpy(skb_put(skb, data_len), data, data_len);
237
238 /* Time stamp */
239 __net_timestamp(skb);
240
241 hci_send_to_control(skb, skip_sk);
242 kfree_skb(skb);
243
244 return 0;
245}
246
4e51eae9 247static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 248{
249 struct sk_buff *skb;
250 struct mgmt_hdr *hdr;
251 struct mgmt_ev_cmd_status *ev;
56b7d137 252 int err;
f7b64e69 253
34eb525c 254 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 255
790eff44 256 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 257 if (!skb)
258 return -ENOMEM;
259
260 hdr = (void *) skb_put(skb, sizeof(*hdr));
261
dcf4adbf 262 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 263 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 264 hdr->len = cpu_to_le16(sizeof(*ev));
265
266 ev = (void *) skb_put(skb, sizeof(*ev));
267 ev->status = status;
eb55ef07 268 ev->opcode = cpu_to_le16(cmd);
f7b64e69 269
56b7d137
GP		 270 err = sock_queue_rcv_skb(sk, skb);
271 if (err < 0)
f7b64e69
JH		 272 kfree_skb(skb);
273
56b7d137 274 return err;
f7b64e69
JH		 275}
276
aee9b218 277static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 278 void *rp, size_t rp_len)
02d98129
JH		 279{
280 struct sk_buff *skb;
281 struct mgmt_hdr *hdr;
282 struct mgmt_ev_cmd_complete *ev;
56b7d137 283 int err;
02d98129
JH		 284
285 BT_DBG("sock %p", sk);
286
790eff44 287 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 288 if (!skb)
289 return -ENOMEM;
290
291 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 292
dcf4adbf 293 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 294 hdr->index = cpu_to_le16(index);
a38528f1 295 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 296
a38528f1 297 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 298 ev->opcode = cpu_to_le16(cmd);
aee9b218 299 ev->status = status;
8020c16a
SJ		 300
301 if (rp)
302 memcpy(ev->data, rp, rp_len);
02d98129 303
56b7d137
GP		 304 err = sock_queue_rcv_skb(sk, skb);
305 if (err < 0)
02d98129
JH		 306 kfree_skb(skb);
307
e5f0e151 308 return err;
02d98129
JH		 309}
310
04124681
GP		 311static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
312 u16 data_len)
a38528f1
JH		 313{
314 struct mgmt_rp_read_version rp;
315
316 BT_DBG("sock %p", sk);
317
318 rp.version = MGMT_VERSION;
dcf4adbf 319 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 320
aee9b218 321 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 322 sizeof(rp));
a38528f1
JH		 323}
324
04124681
GP		 325static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
326 u16 data_len)
e70bb2e8
JH		 327{
328 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 329 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
330 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 331 __le16 *opcode;
e70bb2e8
JH		 332 size_t rp_size;
333 int i, err;
334
335 BT_DBG("sock %p", sk);
336
337 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
338
339 rp = kmalloc(rp_size, GFP_KERNEL);
340 if (!rp)
341 return -ENOMEM;
342
dcf4adbf
JP		 343 rp->num_commands = cpu_to_le16(num_commands);
344 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 345
346 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
347 put_unaligned_le16(mgmt_commands[i], opcode);
348
349 for (i = 0; i < num_events; i++, opcode++)
350 put_unaligned_le16(mgmt_events[i], opcode);
351
aee9b218 352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 353 rp_size);
e70bb2e8
JH		 354 kfree(rp);
355
356 return err;
357}
358
04124681
GP		 359static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
360 u16 data_len)
faba42eb 361{
faba42eb 362 struct mgmt_rp_read_index_list *rp;
8035ded4 363 struct hci_dev *d;
a38528f1 364 size_t rp_len;
faba42eb 365 u16 count;
476e44cb 366 int err;
faba42eb
JH		 367
368 BT_DBG("sock %p", sk);
369
370 read_lock(&hci_dev_list_lock);
371
372 count = 0;
bb4b2a9a 373 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 374 if (d->dev_type == HCI_BREDR &&
375 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 376 count++;
faba42eb
JH		 377 }
378
a38528f1
JH		 379 rp_len = sizeof(*rp) + (2 * count);
380 rp = kmalloc(rp_len, GFP_ATOMIC);
381 if (!rp) {
b2c60d42 382 read_unlock(&hci_dev_list_lock);
faba42eb 383 return -ENOMEM;
b2c60d42 384 }
faba42eb 385
476e44cb 386 count = 0;
8035ded4 387 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 388 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 389 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 390 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 391 continue;
392
73d1df2a
MH		 393 /* Devices marked as raw-only are neither configured
394 * nor unconfigured controllers.
395 */
396 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 397 continue;
398
73d1df2a
MH		 399 if (d->dev_type == HCI_BREDR &&
400 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 401 rp->index[count++] = cpu_to_le16(d->id);
402 BT_DBG("Added hci%u", d->id);
403 }
faba42eb
JH		 404 }
405
476e44cb
JH		 406 rp->num_controllers = cpu_to_le16(count);
407 rp_len = sizeof(*rp) + (2 * count);
408
faba42eb
JH		 409 read_unlock(&hci_dev_list_lock);
410
aee9b218 411 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 412 rp_len);
faba42eb 413
a38528f1
JH		 414 kfree(rp);
415
416 return err;
faba42eb
JH		 417}
418
73d1df2a
MH		 419static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
420 void *data, u16 data_len)
421{
422 struct mgmt_rp_read_unconf_index_list *rp;
423 struct hci_dev *d;
424 size_t rp_len;
425 u16 count;
426 int err;
427
428 BT_DBG("sock %p", sk);
429
430 read_lock(&hci_dev_list_lock);
431
432 count = 0;
433 list_for_each_entry(d, &hci_dev_list, list) {
434 if (d->dev_type == HCI_BREDR &&
435 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
436 count++;
437 }
438
439 rp_len = sizeof(*rp) + (2 * count);
440 rp = kmalloc(rp_len, GFP_ATOMIC);
441 if (!rp) {
442 read_unlock(&hci_dev_list_lock);
443 return -ENOMEM;
444 }
445
446 count = 0;
447 list_for_each_entry(d, &hci_dev_list, list) {
448 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 449 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 450 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
451 continue;
452
453 /* Devices marked as raw-only are neither configured
454 * nor unconfigured controllers.
455 */
456 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
457 continue;
458
459 if (d->dev_type == HCI_BREDR &&
460 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
461 rp->index[count++] = cpu_to_le16(d->id);
462 BT_DBG("Added hci%u", d->id);
463 }
464 }
465
466 rp->num_controllers = cpu_to_le16(count);
467 rp_len = sizeof(*rp) + (2 * count);
468
469 read_unlock(&hci_dev_list_lock);
470
471 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
472 0, rp, rp_len);
473
474 kfree(rp);
475
476 return err;
477}
478
dbece37a
MH		 479static bool is_configured(struct hci_dev *hdev)
480{
481 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
482 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
483 return false;
484
485 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
486 !bacmp(&hdev->public_addr, BDADDR_ANY))
487 return false;
488
489 return true;
490}
491
89bc22d2
MH		 492static __le32 get_missing_options(struct hci_dev *hdev)
493{
494 u32 options = 0;
495
dbece37a
MH		 496 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
497 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 498 options |= MGMT_OPTION_EXTERNAL_CONFIG;
499
89bc22d2
MH		 500 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
501 !bacmp(&hdev->public_addr, BDADDR_ANY))
502 options |= MGMT_OPTION_PUBLIC_ADDRESS;
503
504 return cpu_to_le32(options);
505}
506
f4537c04
MH		 507static int new_options(struct hci_dev *hdev, struct sock *skip)
508{
509 __le32 options = get_missing_options(hdev);
510
511 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
512 sizeof(options), skip);
513}
514
dbece37a
MH		 515static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
516{
517 __le32 options = get_missing_options(hdev);
518
519 return cmd_complete(sk, hdev->id, opcode, 0, &options,
520 sizeof(options));
521}
522
9fc3bfb6
MH		 523static int read_config_info(struct sock *sk, struct hci_dev *hdev,
524 void *data, u16 data_len)
525{
526 struct mgmt_rp_read_config_info rp;
89bc22d2 527 u32 options = 0;
9fc3bfb6
MH		 528
529 BT_DBG("sock %p %s", sk, hdev->name);
530
531 hci_dev_lock(hdev);
532
533 memset(&rp, 0, sizeof(rp));
534 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 535
eb1904f4
MH		 536 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
537 options |= MGMT_OPTION_EXTERNAL_CONFIG;
538
9fc3bfb6 539 if (hdev->set_bdaddr)
89bc22d2
MH		 540 options |= MGMT_OPTION_PUBLIC_ADDRESS;
541
542 rp.supported_options = cpu_to_le32(options);
543 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 544
545 hci_dev_unlock(hdev);
546
547 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
548 sizeof(rp));
549}
550
69ab39ea
JH		 551static u32 get_supported_settings(struct hci_dev *hdev)
552{
553 u32 settings = 0;
554
555 settings |= MGMT_SETTING_POWERED;
69ab39ea 556 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 557 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 558 settings |= MGMT_SETTING_CONNECTABLE;
559 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 560
ed3fa31f 561 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 562 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
563 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 564 settings |= MGMT_SETTING_BREDR;
565 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 566
567 if (lmp_ssp_capable(hdev)) {
568 settings |= MGMT_SETTING_SSP;
569 settings |= MGMT_SETTING_HS;
570 }
e98d2ce2 571
5afeac14 572 if (lmp_sc_capable(hdev) ||
111902f7 573 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 574 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 575 }
d7b7e796 576
eeca6f89 577 if (lmp_le_capable(hdev)) {
9d42820f 578 settings |= MGMT_SETTING_LE;
eeca6f89 579 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 580 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 581 }
69ab39ea 582
eb1904f4
MH		 583 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
584 hdev->set_bdaddr)
9fc3bfb6
MH		 585 settings |= MGMT_SETTING_CONFIGURATION;
586
69ab39ea
JH		 587 return settings;
588}
589
590static u32 get_current_settings(struct hci_dev *hdev)
591{
592 u32 settings = 0;
593
f1f0eb02 594 if (hdev_is_powered(hdev))
f0d4b78a
MH		 595 settings |= MGMT_SETTING_POWERED;
596
5e5282bb 597 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 598 settings |= MGMT_SETTING_CONNECTABLE;
599
1a4d3c4b
JH		 600 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
601 settings |= MGMT_SETTING_FAST_CONNECTABLE;
602
5e5282bb 603 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 604 settings |= MGMT_SETTING_DISCOVERABLE;
605
a8b2d5c2 606 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 607 settings |= MGMT_SETTING_PAIRABLE;
608
56f87901 609 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 610 settings |= MGMT_SETTING_BREDR;
611
06199cf8 612 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 613 settings |= MGMT_SETTING_LE;
614
47990ea0 615 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 616 settings |= MGMT_SETTING_LINK_SECURITY;
617
84bde9d6 618 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 619 settings |= MGMT_SETTING_SSP;
620
6d80dfd0
JH		 621 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
622 settings |= MGMT_SETTING_HS;
623
f3d3444a 624 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 625 settings |= MGMT_SETTING_ADVERTISING;
626
e98d2ce2
MH		 627 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
628 settings |= MGMT_SETTING_SECURE_CONN;
629
0663b297 630 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 631 settings |= MGMT_SETTING_DEBUG_KEYS;
632
0f4bd942
JH		 633 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
634 settings |= MGMT_SETTING_PRIVACY;
635
69ab39ea
JH		 636 return settings;
637}
638
ef580372
JH		 639#define PNP_INFO_SVCLASS_ID 0x1200
640
213202ed
JH		 641static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
642{
643 u8 *ptr = data, *uuids_start = NULL;
644 struct bt_uuid *uuid;
645
646 if (len < 4)
647 return ptr;
648
649 list_for_each_entry(uuid, &hdev->uuids, list) {
650 u16 uuid16;
651
652 if (uuid->size != 16)
653 continue;
654
655 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
656 if (uuid16 < 0x1100)
657 continue;
658
659 if (uuid16 == PNP_INFO_SVCLASS_ID)
660 continue;
661
662 if (!uuids_start) {
663 uuids_start = ptr;
664 uuids_start[0] = 1;
665 uuids_start[1] = EIR_UUID16_ALL;
666 ptr += 2;
667 }
668
669 /* Stop if not enough space to put next UUID */
670 if ((ptr - data) + sizeof(u16) > len) {
671 uuids_start[1] = EIR_UUID16_SOME;
672 break;
673 }
674
675 *ptr++ = (uuid16 & 0x00ff);
676 *ptr++ = (uuid16 & 0xff00) >> 8;
677 uuids_start[0] += sizeof(uuid16);
678 }
679
680 return ptr;
681}
682
cdf1963f
JH		 683static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
684{
685 u8 *ptr = data, *uuids_start = NULL;
686 struct bt_uuid *uuid;
687
688 if (len < 6)
689 return ptr;
690
691 list_for_each_entry(uuid, &hdev->uuids, list) {
692 if (uuid->size != 32)
693 continue;
694
695 if (!uuids_start) {
696 uuids_start = ptr;
697 uuids_start[0] = 1;
698 uuids_start[1] = EIR_UUID32_ALL;
699 ptr += 2;
700 }
701
702 /* Stop if not enough space to put next UUID */
703 if ((ptr - data) + sizeof(u32) > len) {
704 uuids_start[1] = EIR_UUID32_SOME;
705 break;
706 }
707
708 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
709 ptr += sizeof(u32);
710 uuids_start[0] += sizeof(u32);
711 }
712
713 return ptr;
714}
715
c00d575b
JH		 716static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
717{
718 u8 *ptr = data, *uuids_start = NULL;
719 struct bt_uuid *uuid;
720
721 if (len < 18)
722 return ptr;
723
724 list_for_each_entry(uuid, &hdev->uuids, list) {
725 if (uuid->size != 128)
726 continue;
727
728 if (!uuids_start) {
729 uuids_start = ptr;
730 uuids_start[0] = 1;
731 uuids_start[1] = EIR_UUID128_ALL;
732 ptr += 2;
733 }
734
735 /* Stop if not enough space to put next UUID */
736 if ((ptr - data) + 16 > len) {
737 uuids_start[1] = EIR_UUID128_SOME;
738 break;
739 }
740
741 memcpy(ptr, uuid->uuid, 16);
742 ptr += 16;
743 uuids_start[0] += 16;
744 }
745
746 return ptr;
747}
748
eb2a8d20
JH		 749static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
750{
751 struct pending_cmd *cmd;
752
753 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
754 if (cmd->opcode == opcode)
755 return cmd;
756 }
757
758 return NULL;
759}
760
95868426
JH		 761static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
762 struct hci_dev *hdev,
763 const void *data)
764{
765 struct pending_cmd *cmd;
766
767 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
768 if (cmd->user_data != data)
769 continue;
770 if (cmd->opcode == opcode)
771 return cmd;
772 }
773
774 return NULL;
775}
776
f14d8f64
MH		 777static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
778{
7a5f4990
MH		 779 u8 ad_len = 0;
780 size_t name_len;
781
782 name_len = strlen(hdev->dev_name);
783 if (name_len > 0) {
784 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
785
786 if (name_len > max_len) {
787 name_len = max_len;
788 ptr[1] = EIR_NAME_SHORT;
789 } else
790 ptr[1] = EIR_NAME_COMPLETE;
791
792 ptr[0] = name_len + 1;
793
794 memcpy(ptr + 2, hdev->dev_name, name_len);
795
796 ad_len += (name_len + 2);
797 ptr += (name_len + 2);
798 }
799
800 return ad_len;
f14d8f64
MH		 801}
802
803static void update_scan_rsp_data(struct hci_request *req)
804{
805 struct hci_dev *hdev = req->hdev;
806 struct hci_cp_le_set_scan_rsp_data cp;
807 u8 len;
808
7751ef1b 809 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 810 return;
811
812 memset(&cp, 0, sizeof(cp));
813
814 len = create_scan_rsp_data(hdev, cp.data);
815
eb438b5f
JH		 816 if (hdev->scan_rsp_data_len == len &&
817 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 818 return;
819
eb438b5f
JH		 820 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
821 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 822
823 cp.length = len;
824
825 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
826}
827
9a43e25f
JH		 828static u8 get_adv_discov_flags(struct hci_dev *hdev)
829{
830 struct pending_cmd *cmd;
831
832 /* If there's a pending mgmt command the flags will not yet have
833 * their final values, so check for this first.
834 */
835 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
836 if (cmd) {
837 struct mgmt_mode *cp = cmd->param;
838 if (cp->val == 0x01)
839 return LE_AD_GENERAL;
840 else if (cp->val == 0x02)
841 return LE_AD_LIMITED;
842 } else {
843 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
844 return LE_AD_LIMITED;
845 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
846 return LE_AD_GENERAL;
847 }
848
849 return 0;
850}
851
46cad2ed 852static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 853{
854 u8 ad_len = 0, flags = 0;
441ad2d0 855
9a43e25f 856 flags |= get_adv_discov_flags(hdev);
441ad2d0 857
e834004b 858 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 859 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 860
861 if (flags) {
862 BT_DBG("adv flags 0x%02x", flags);
863
864 ptr[0] = 2;
865 ptr[1] = EIR_FLAGS;
866 ptr[2] = flags;
867
868 ad_len += 3;
869 ptr += 3;
870 }
871
872 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
873 ptr[0] = 2;
874 ptr[1] = EIR_TX_POWER;
875 ptr[2] = (u8) hdev->adv_tx_power;
876
877 ad_len += 3;
878 ptr += 3;
879 }
880
441ad2d0
MH		 881 return ad_len;
882}
883
5947f4bc 884static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 885{
886 struct hci_dev *hdev = req->hdev;
887 struct hci_cp_le_set_adv_data cp;
888 u8 len;
889
10994ce6 890 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 891 return;
892
893 memset(&cp, 0, sizeof(cp));
894
46cad2ed 895 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 896
897 if (hdev->adv_data_len == len &&
898 memcmp(cp.data, hdev->adv_data, len) == 0)
899 return;
900
901 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
902 hdev->adv_data_len = len;
903
904 cp.length = len;
905
906 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
907}
908
ef580372
JH		 909static void create_eir(struct hci_dev *hdev, u8 *data)
910{
911 u8 *ptr = data;
ef580372
JH		 912 size_t name_len;
913
914 name_len = strlen(hdev->dev_name);
915
916 if (name_len > 0) {
917 /* EIR Data type */
918 if (name_len > 48) {
919 name_len = 48;
920 ptr[1] = EIR_NAME_SHORT;
921 } else
922 ptr[1] = EIR_NAME_COMPLETE;
923
924 /* EIR Data length */
925 ptr[0] = name_len + 1;
926
927 memcpy(ptr + 2, hdev->dev_name, name_len);
928
ef580372
JH		 929 ptr += (name_len + 2);
930 }
931
bbaf444a 932 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 933 ptr[0] = 2;
934 ptr[1] = EIR_TX_POWER;
935 ptr[2] = (u8) hdev->inq_tx_power;
936
91c4e9b1
MH		 937 ptr += 3;
938 }
939
2b9be137
MH		 940 if (hdev->devid_source > 0) {
941 ptr[0] = 9;
942 ptr[1] = EIR_DEVICE_ID;
943
944 put_unaligned_le16(hdev->devid_source, ptr + 2);
945 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
946 put_unaligned_le16(hdev->devid_product, ptr + 6);
947 put_unaligned_le16(hdev->devid_version, ptr + 8);
948
2b9be137
MH		 949 ptr += 10;
950 }
951
213202ed 952 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 953 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 954 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 955}
956
890ea898 957static void update_eir(struct hci_request *req)
ef580372 958{
890ea898 959 struct hci_dev *hdev = req->hdev;
ef580372
JH		 960 struct hci_cp_write_eir cp;
961
504c8dcd 962 if (!hdev_is_powered(hdev))
890ea898 963 return;
7770c4aa 964
976eb20e 965 if (!lmp_ext_inq_capable(hdev))
890ea898 966 return;
ef580372 967
84bde9d6 968 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 969 return;
ef580372 970
a8b2d5c2 971 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 972 return;
ef580372
JH		 973
974 memset(&cp, 0, sizeof(cp));
975
976 create_eir(hdev, cp.data);
977
978 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 979 return;
ef580372
JH		 980
981 memcpy(hdev->eir, cp.data, sizeof(cp.data));
982
890ea898 983 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 984}
985
986static u8 get_service_classes(struct hci_dev *hdev)
987{
988 struct bt_uuid *uuid;
989 u8 val = 0;
990
991 list_for_each_entry(uuid, &hdev->uuids, list)
992 val |= uuid->svc_hint;
993
994 return val;
995}
996
890ea898 997static void update_class(struct hci_request *req)
ef580372 998{
890ea898 999 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1000 u8 cod[3];
1001
1002 BT_DBG("%s", hdev->name);
1003
504c8dcd 1004 if (!hdev_is_powered(hdev))
890ea898 1005 return;
7770c4aa 1006
f87ea1da
JH		 1007 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1008 return;
1009
a8b2d5c2 1010 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1011 return;
ef580372
JH		 1012
1013 cod[0] = hdev->minor_class;
1014 cod[1] = hdev->major_class;
1015 cod[2] = get_service_classes(hdev);
1016
6acd7db4
MH		 1017 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1018 cod[1] |= 0x20;
1019
ef580372 1020 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1021 return;
ef580372 1022
890ea898 1023 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1024}
1025
a4858cb9 1026static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 1027{
1028 struct pending_cmd *cmd;
199a2fb1
JH		 1029
1030 /* If there's a pending mgmt command the flag will not yet have
1031 * it's final value, so check for this first.
1032 */
1033 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1034 if (cmd) {
1035 struct mgmt_mode *cp = cmd->param;
a4858cb9 1036 return cp->val;
199a2fb1
JH		 1037 }
1038
a4858cb9 1039 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1040}
1041
0ec5ae84
JH		 1042static void disable_advertising(struct hci_request *req)
1043{
1044 u8 enable = 0x00;
1045
1046 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1047}
1048
199a2fb1
JH		 1049static void enable_advertising(struct hci_request *req)
1050{
1051 struct hci_dev *hdev = req->hdev;
1052 struct hci_cp_le_set_adv_param cp;
8f2a0601 1053 u8 own_addr_type, enable = 0x01;
a4858cb9 1054 bool connectable;
199a2fb1 1055
0ec5ae84
JH		 1056 if (hci_conn_num(hdev, LE_LINK) > 0)
1057 return;
1058
1059 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1060 disable_advertising(req);
1061
5ce194c4 1062 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1063 * hci_update_random_address knows that it's safe to go ahead
1064 * and write a new random address. The flag will be set back on
1065 * as soon as the SET_ADV_ENABLE HCI command completes.
1066 */
5ce194c4 1067 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
8d97250e 1068
a4858cb9 1069 connectable = get_connectable(hdev);
8f2a0601 1070
a4858cb9
JH		 1071 /* Set require_privacy to true only when non-connectable
1072 * advertising is used. In that case it is fine to use a
1073 * non-resolvable private address.
1074 */
1075 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1076 return;
1077
41c90c18 1078 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 1079 cp.min_interval = cpu_to_le16(0x0800);
1080 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 1081 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1082 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1083 cp.channel_map = hdev->le_adv_channel_map;
1084
1085 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1086
1087 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1088}
1089
7d78525d
JH		 1090static void service_cache_off(struct work_struct *work)
1091{
1092 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1093 service_cache.work);
890ea898 1094 struct hci_request req;
7d78525d 1095
a8b2d5c2 1096 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1097 return;
1098
890ea898
JH		 1099 hci_req_init(&req, hdev);
1100
7d78525d
JH		 1101 hci_dev_lock(hdev);
1102
890ea898
JH		 1103 update_eir(&req);
1104 update_class(&req);
7d78525d
JH		 1105
1106 hci_dev_unlock(hdev);
890ea898
JH		 1107
1108 hci_req_run(&req, NULL);
7d78525d
JH		 1109}
1110
d6bfd59c
JH		 1111static void rpa_expired(struct work_struct *work)
1112{
1113 struct hci_dev *hdev = container_of(work, struct hci_dev,
1114 rpa_expired.work);
1115 struct hci_request req;
1116
1117 BT_DBG("");
1118
1119 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1120
0ec5ae84 1121 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
d6bfd59c
JH		 1122 return;
1123
1124 /* The generation of a new RPA and programming it into the
1125 * controller happens in the enable_advertising() function.
1126 */
d6bfd59c 1127 hci_req_init(&req, hdev);
d6bfd59c 1128 enable_advertising(&req);
d6bfd59c
JH		 1129 hci_req_run(&req, NULL);
1130}
1131
6a919082 1132static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1133{
4f87da80 1134 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1135 return;
1136
4f87da80 1137 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1138 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1139
4f87da80
JH		 1140 /* Non-mgmt controlled devices get this bit set
1141 * implicitly so that pairing works for them, however
1142 * for mgmt we require user-space to explicitly enable
1143 * it
1144 */
1145 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 1146}
1147
0f4e68cf 1148static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1149 void *data, u16 data_len)
0381101f 1150{
a38528f1 1151 struct mgmt_rp_read_info rp;
f7b64e69 1152
bdb6d971 1153 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1154
09fd0de5 1155 hci_dev_lock(hdev);
f7b64e69 1156
dc4fe30b
JH		 1157 memset(&rp, 0, sizeof(rp));
1158
69ab39ea 1159 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1160
69ab39ea 1161 rp.version = hdev->hci_ver;
eb55ef07 1162 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1163
1164 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1165 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1166
a38528f1 1167 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1168
dc4fe30b 1169 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1170 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1171
09fd0de5 1172 hci_dev_unlock(hdev);
0381101f 1173
bdb6d971 1174 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 1175 sizeof(rp));
0381101f
JH		 1176}
1177
eec8d2bc
JH		 1178static void mgmt_pending_free(struct pending_cmd *cmd)
1179{
1180 sock_put(cmd->sk);
c68fb7ff 1181 kfree(cmd->param);
eec8d2bc
JH		 1182 kfree(cmd);
1183}
1184
366a0336 1185static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1186 struct hci_dev *hdev, void *data,
1187 u16 len)
eec8d2bc
JH		 1188{
1189 struct pending_cmd *cmd;
1190
fca20018 1191 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1192 if (!cmd)
366a0336 1193 return NULL;
eec8d2bc
JH		 1194
1195 cmd->opcode = opcode;
2e58ef3e 1196 cmd->index = hdev->id;
eec8d2bc 1197
12b94565 1198 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 1199 if (!cmd->param) {
eec8d2bc 1200 kfree(cmd);
366a0336 1201 return NULL;
eec8d2bc
JH		 1202 }
1203
8fce6357
SJ		 1204 if (data)
1205 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1206
1207 cmd->sk = sk;
1208 sock_hold(sk);
1209
2e58ef3e 1210 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1211
366a0336 1212 return cmd;
eec8d2bc
JH		 1213}
1214
744cf19e 1215static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1216 void (*cb)(struct pending_cmd *cmd,
1217 void *data),
04124681 1218 void *data)
eec8d2bc 1219{
a3d09356 1220 struct pending_cmd *cmd, *tmp;
eec8d2bc 1221
a3d09356 1222 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1223 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1224 continue;
1225
eec8d2bc
JH		 1226 cb(cmd, data);
1227 }
1228}
1229
a664b5bc 1230static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1231{
73f22f62
JH		 1232 list_del(&cmd->list);
1233 mgmt_pending_free(cmd);
1234}
1235
69ab39ea 1236static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1237{
69ab39ea 1238 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1239
aee9b218 1240 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1241 sizeof(settings));
8680570b
JH		 1242}
1243
8b064a3a
JH		 1244static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1245{
1246 BT_DBG("%s status 0x%02x", hdev->name, status);
1247
a3172b7e
JH		 1248 if (hci_conn_count(hdev) == 0) {
1249 cancel_delayed_work(&hdev->power_off);
8b064a3a 1250 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1251 }
8b064a3a
JH		 1252}
1253
23a48093 1254static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1255{
1256 struct hci_dev *hdev = req->hdev;
1257 struct hci_cp_remote_name_req_cancel cp;
1258 struct inquiry_entry *e;
1259
1260 switch (hdev->discovery.state) {
1261 case DISCOVERY_FINDING:
1262 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1263 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1264 } else {
1265 cancel_delayed_work(&hdev->le_scan_disable);
1266 hci_req_add_le_scan_disable(req);
1267 }
1268
23a48093 1269 return true;
21a60d30
JH		 1270
1271 case DISCOVERY_RESOLVING:
1272 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1273 NAME_PENDING);
1274 if (!e)
23a48093 1275 break;
21a60d30
JH		 1276
1277 bacpy(&cp.bdaddr, &e->data.bdaddr);
1278 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1279 &cp);
1280
23a48093 1281 return true;
21a60d30
JH		 1282
1283 default:
1284 /* Passive scanning */
23a48093 1285 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
21a60d30 1286 hci_req_add_le_scan_disable(req);
23a48093
JH		 1287 return true;
1288 }
1289
21a60d30
JH		 1290 break;
1291 }
23a48093
JH		 1292
1293 return false;
21a60d30
JH		 1294}
1295
8b064a3a
JH		 1296static int clean_up_hci_state(struct hci_dev *hdev)
1297{
1298 struct hci_request req;
1299 struct hci_conn *conn;
23a48093
JH		 1300 bool discov_stopped;
1301 int err;
8b064a3a
JH		 1302
1303 hci_req_init(&req, hdev);
1304
1305 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1306 test_bit(HCI_PSCAN, &hdev->flags)) {
1307 u8 scan = 0x00;
1308 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1309 }
1310
73e082f8 1311 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
8b064a3a
JH		 1312 disable_advertising(&req);
1313
23a48093 1314 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1315
1316 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1317 struct hci_cp_disconnect dc;
c9910d0f
JH		 1318 struct hci_cp_reject_conn_req rej;
1319
1320 switch (conn->state) {
1321 case BT_CONNECTED:
1322 case BT_CONFIG:
1323 dc.handle = cpu_to_le16(conn->handle);
1324 dc.reason = 0x15; /* Terminated due to Power Off */
1325 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1326 break;
1327 case BT_CONNECT:
1328 if (conn->type == LE_LINK)
1329 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1330 0, NULL);
1331 else if (conn->type == ACL_LINK)
1332 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1333 6, &conn->dst);
1334 break;
1335 case BT_CONNECT2:
1336 bacpy(&rej.bdaddr, &conn->dst);
1337 rej.reason = 0x15; /* Terminated due to Power Off */
1338 if (conn->type == ACL_LINK)
1339 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1340 sizeof(rej), &rej);
1341 else if (conn->type == SCO_LINK)
1342 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1343 sizeof(rej), &rej);
1344 break;
1345 }
8b064a3a
JH		 1346 }
1347
23a48093
JH		 1348 err = hci_req_run(&req, clean_up_hci_complete);
1349 if (!err && discov_stopped)
1350 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1351
1352 return err;
8b064a3a
JH		 1353}
1354
bdb6d971 1355static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1356 u16 len)
eec8d2bc 1357{
650f726d 1358 struct mgmt_mode *cp = data;
366a0336 1359 struct pending_cmd *cmd;
4b34ee78 1360 int err;
eec8d2bc 1361
bdb6d971 1362 BT_DBG("request for %s", hdev->name);
eec8d2bc 1363
a7e80f25
JH		 1364 if (cp->val != 0x00 && cp->val != 0x01)
1365 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1366 MGMT_STATUS_INVALID_PARAMS);
1367
09fd0de5 1368 hci_dev_lock(hdev);
eec8d2bc 1369
87b95ba6
JH		 1370 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1371 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1372 MGMT_STATUS_BUSY);
1373 goto failed;
1374 }
1375
f0d4b78a
MH		 1376 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1377 cancel_delayed_work(&hdev->power_off);
1378
1379 if (cp->val) {
a1d70450
JH		 1380 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1381 data, len);
1382 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1383 goto failed;
1384 }
1385 }
1386
4b34ee78 1387 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1388 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1389 goto failed;
1390 }
1391
2e58ef3e 1392 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1393 if (!cmd) {
1394 err = -ENOMEM;
eec8d2bc 1395 goto failed;
366a0336 1396 }
eec8d2bc 1397
8b064a3a 1398 if (cp->val) {
19202573 1399 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1400 err = 0;
1401 } else {
1402 /* Disconnect connections, stop scans, etc */
1403 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1404 if (!err)
1405 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1406 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1407
8b064a3a
JH		 1408 /* ENODATA means there were no HCI commands queued */
1409 if (err == -ENODATA) {
a3172b7e 1410 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1411 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1412 err = 0;
1413 }
1414 }
eec8d2bc
JH		 1415
1416failed:
09fd0de5 1417 hci_dev_unlock(hdev);
366a0336 1418 return err;
eec8d2bc
JH		 1419}
1420
beadb2bd
JH		 1421static int new_settings(struct hci_dev *hdev, struct sock *skip)
1422{
1423 __le32 ev;
1424
1425 ev = cpu_to_le32(get_current_settings(hdev));
1426
1427 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1428}
1429
bd99abdd
JH		 1430struct cmd_lookup {
1431 struct sock *sk;
1432 struct hci_dev *hdev;
1433 u8 mgmt_status;
1434};
1435
1436static void settings_rsp(struct pending_cmd *cmd, void *data)
1437{
1438 struct cmd_lookup *match = data;
1439
1440 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1441
1442 list_del(&cmd->list);
1443
1444 if (match->sk == NULL) {
1445 match->sk = cmd->sk;
1446 sock_hold(match->sk);
1447 }
1448
1449 mgmt_pending_free(cmd);
1450}
1451
1452static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1453{
1454 u8 *status = data;
1455
1456 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1457 mgmt_pending_remove(cmd);
1458}
1459
e6fe7986
JH		 1460static u8 mgmt_bredr_support(struct hci_dev *hdev)
1461{
1462 if (!lmp_bredr_capable(hdev))
1463 return MGMT_STATUS_NOT_SUPPORTED;
1464 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1465 return MGMT_STATUS_REJECTED;
1466 else
1467 return MGMT_STATUS_SUCCESS;
1468}
1469
1470static u8 mgmt_le_support(struct hci_dev *hdev)
1471{
1472 if (!lmp_le_capable(hdev))
1473 return MGMT_STATUS_NOT_SUPPORTED;
1474 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1475 return MGMT_STATUS_REJECTED;
1476 else
1477 return MGMT_STATUS_SUCCESS;
1478}
1479
bfaf8c9f
JH		 1480static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1481{
1482 struct pending_cmd *cmd;
1483 struct mgmt_mode *cp;
970ba524 1484 struct hci_request req;
bfaf8c9f
JH		 1485 bool changed;
1486
1487 BT_DBG("status 0x%02x", status);
1488
1489 hci_dev_lock(hdev);
1490
1491 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1492 if (!cmd)
1493 goto unlock;
1494
1495 if (status) {
1496 u8 mgmt_err = mgmt_status(status);
1497 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1498 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1499 goto remove_cmd;
1500 }
1501
1502 cp = cmd->param;
d4462a07 1503 if (cp->val) {
bfaf8c9f
JH		 1504 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1505 &hdev->dev_flags);
d4462a07
MH		 1506
1507 if (hdev->discov_timeout > 0) {
1508 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1509 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1510 to);
1511 }
1512 } else {
bfaf8c9f
JH		 1513 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1514 &hdev->dev_flags);
d4462a07 1515 }
bfaf8c9f
JH		 1516
1517 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1518
1519 if (changed)
1520 new_settings(hdev, cmd->sk);
1521
970ba524
MH		 1522 /* When the discoverable mode gets changed, make sure
1523 * that class of device has the limited discoverable
1524 * bit correctly set.
1525 */
1526 hci_req_init(&req, hdev);
1527 update_class(&req);
1528 hci_req_run(&req, NULL);
1529
bfaf8c9f
JH		 1530remove_cmd:
1531 mgmt_pending_remove(cmd);
1532
1533unlock:
1534 hci_dev_unlock(hdev);
1535}
1536
bdb6d971 1537static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1538 u16 len)
73f22f62 1539{
650f726d 1540 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1541 struct pending_cmd *cmd;
bfaf8c9f 1542 struct hci_request req;
5e5282bb 1543 u16 timeout;
9a43e25f 1544 u8 scan;
73f22f62
JH		 1545 int err;
1546
bdb6d971 1547 BT_DBG("request for %s", hdev->name);
73f22f62 1548
9a43e25f
JH		 1549 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1550 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1551 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1552 MGMT_STATUS_REJECTED);
33c525c0 1553
310a3d48 1554 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1555 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1556 MGMT_STATUS_INVALID_PARAMS);
1557
1f350c87 1558 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1559
1560 /* Disabling discoverable requires that no timeout is set,
1561 * and enabling limited discoverable requires a timeout.
1562 */
1563 if ((cp->val == 0x00 && timeout > 0) ||
1564 (cp->val == 0x02 && timeout == 0))
bdb6d971 1565 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1566 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1567
09fd0de5 1568 hci_dev_lock(hdev);
73f22f62 1569
5e5282bb 1570 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1571 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1572 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1573 goto failed;
1574 }
1575
2e58ef3e 1576 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1577 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1578 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1579 MGMT_STATUS_BUSY);
73f22f62
JH		 1580 goto failed;
1581 }
1582
5e5282bb 1583 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1584 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1585 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1586 goto failed;
1587 }
1588
1589 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1590 bool changed = false;
1591
310a3d48
MH		 1592 /* Setting limited discoverable when powered off is
1593 * not a valid operation since it requires a timeout
1594 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1595 */
0224d2fa
JH		 1596 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1597 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1598 changed = true;
1599 }
1600
5e5282bb 1601 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1602 if (err < 0)
1603 goto failed;
1604
1605 if (changed)
1606 err = new_settings(hdev, sk);
1607
5e5282bb
JH		 1608 goto failed;
1609 }
1610
310a3d48
MH		 1611 /* If the current mode is the same, then just update the timeout
1612 * value with the new value. And if only the timeout gets updated,
1613 * then no need for any HCI transactions.
1614 */
1615 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1616 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1617 &hdev->dev_flags)) {
36261547
MH		 1618 cancel_delayed_work(&hdev->discov_off);
1619 hdev->discov_timeout = timeout;
955638ec 1620
36261547
MH		 1621 if (cp->val && hdev->discov_timeout > 0) {
1622 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1623 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1624 to);
955638ec
MH		 1625 }
1626
69ab39ea 1627 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1628 goto failed;
1629 }
1630
2e58ef3e 1631 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1632 if (!cmd) {
1633 err = -ENOMEM;
73f22f62 1634 goto failed;
366a0336 1635 }
73f22f62 1636
310a3d48
MH		 1637 /* Cancel any potential discoverable timeout that might be
1638 * still active and store new timeout value. The arming of
1639 * the timeout happens in the complete handler.
1640 */
1641 cancel_delayed_work(&hdev->discov_off);
1642 hdev->discov_timeout = timeout;
1643
b456f87c
JH		 1644 /* Limited discoverable mode */
1645 if (cp->val == 0x02)
1646 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1647 else
1648 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1649
bfaf8c9f
JH		 1650 hci_req_init(&req, hdev);
1651
9a43e25f
JH		 1652 /* The procedure for LE-only controllers is much simpler - just
1653 * update the advertising data.
1654 */
1655 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1656 goto update_ad;
1657
73f22f62
JH		 1658 scan = SCAN_PAGE;
1659
310a3d48
MH		 1660 if (cp->val) {
1661 struct hci_cp_write_current_iac_lap hci_cp;
1662
1663 if (cp->val == 0x02) {
1664 /* Limited discoverable mode */
33337dcb 1665 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1666 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1667 hci_cp.iac_lap[1] = 0x8b;
1668 hci_cp.iac_lap[2] = 0x9e;
1669 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1670 hci_cp.iac_lap[4] = 0x8b;
1671 hci_cp.iac_lap[5] = 0x9e;
1672 } else {
1673 /* General discoverable mode */
310a3d48
MH		 1674 hci_cp.num_iac = 1;
1675 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1676 hci_cp.iac_lap[1] = 0x8b;
1677 hci_cp.iac_lap[2] = 0x9e;
1678 }
1679
1680 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1681 (hci_cp.num_iac * 3) + 1, &hci_cp);
1682
73f22f62 1683 scan |= SCAN_INQUIRY;
310a3d48
MH		 1684 } else {
1685 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1686 }
73f22f62 1687
310a3d48 1688 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1689
9a43e25f
JH		 1690update_ad:
1691 update_adv_data(&req);
1692
bfaf8c9f 1693 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1694 if (err < 0)
a664b5bc 1695 mgmt_pending_remove(cmd);
73f22f62
JH		 1696
1697failed:
09fd0de5 1698 hci_dev_unlock(hdev);
73f22f62
JH		 1699 return err;
1700}
1701
406d7804
JH		 1702static void write_fast_connectable(struct hci_request *req, bool enable)
1703{
bd98b996 1704 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1705 struct hci_cp_write_page_scan_activity acp;
1706 u8 type;
1707
547003b1
JH		 1708 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1709 return;
1710
4c01f8b8
JH		 1711 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1712 return;
1713
406d7804
JH		 1714 if (enable) {
1715 type = PAGE_SCAN_TYPE_INTERLACED;
1716
1717 /* 160 msec page scan interval */
dcf4adbf 1718 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1719 } else {
1720 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1721
1722 /* default 1.28 sec page scan */
dcf4adbf 1723 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1724 }
1725
dcf4adbf 1726 acp.window = cpu_to_le16(0x0012);
406d7804 1727
bd98b996
JH		 1728 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1729 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1730 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1731 sizeof(acp), &acp);
1732
1733 if (hdev->page_scan_type != type)
1734 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1735}
1736
2b76f453
JH		 1737static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1738{
1739 struct pending_cmd *cmd;
d7b856f9
JH		 1740 struct mgmt_mode *cp;
1741 bool changed;
2b76f453
JH		 1742
1743 BT_DBG("status 0x%02x", status);
1744
1745 hci_dev_lock(hdev);
1746
1747 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1748 if (!cmd)
1749 goto unlock;
1750
37438c1f
JH		 1751 if (status) {
1752 u8 mgmt_err = mgmt_status(status);
1753 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1754 goto remove_cmd;
1755 }
1756
d7b856f9
JH		 1757 cp = cmd->param;
1758 if (cp->val)
1759 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1760 else
1761 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1762
2b76f453
JH		 1763 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1764
2b7be33e 1765 if (changed) {
d7b856f9 1766 new_settings(hdev, cmd->sk);
2b7be33e
JH		 1767 hci_update_background_scan(hdev);
1768 }
d7b856f9 1769
37438c1f 1770remove_cmd:
2b76f453
JH		 1771 mgmt_pending_remove(cmd);
1772
1773unlock:
1774 hci_dev_unlock(hdev);
1775}
1776
e8ba3a1f
JH		 1777static int set_connectable_update_settings(struct hci_dev *hdev,
1778 struct sock *sk, u8 val)
1779{
1780 bool changed = false;
1781 int err;
1782
1783 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1784 changed = true;
1785
1786 if (val) {
1787 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1788 } else {
1789 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1790 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1791 }
1792
1793 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1794 if (err < 0)
1795 return err;
1796
562064e6
JH		 1797 if (changed) {
1798 hci_update_background_scan(hdev);
e8ba3a1f 1799 return new_settings(hdev, sk);
562064e6 1800 }
e8ba3a1f
JH		 1801
1802 return 0;
1803}
1804
bdb6d971 1805static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1806 u16 len)
9fbcbb45 1807{
650f726d 1808 struct mgmt_mode *cp = data;
366a0336 1809 struct pending_cmd *cmd;
2b76f453 1810 struct hci_request req;
1987fdc7 1811 u8 scan;
9fbcbb45
JH		 1812 int err;
1813
bdb6d971 1814 BT_DBG("request for %s", hdev->name);
9fbcbb45 1815
1987fdc7
JH		 1816 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1817 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1818 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1819 MGMT_STATUS_REJECTED);
33c525c0 1820
a7e80f25
JH		 1821 if (cp->val != 0x00 && cp->val != 0x01)
1822 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1823 MGMT_STATUS_INVALID_PARAMS);
1824
09fd0de5 1825 hci_dev_lock(hdev);
9fbcbb45 1826
4b34ee78 1827 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1828 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1829 goto failed;
1830 }
1831
2e58ef3e 1832 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1833 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1834 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1835 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1836 goto failed;
1837 }
1838
2e58ef3e 1839 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1840 if (!cmd) {
1841 err = -ENOMEM;
9fbcbb45 1842 goto failed;
366a0336 1843 }
9fbcbb45 1844
9b74246f 1845 hci_req_init(&req, hdev);
9fbcbb45 1846
9a43e25f
JH		 1847 /* If BR/EDR is not enabled and we disable advertising as a
1848 * by-product of disabling connectable, we need to update the
1849 * advertising flags.
1850 */
1851 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1852 if (!cp->val) {
1853 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1854 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1855 }
1856 update_adv_data(&req);
1857 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1858 if (cp->val) {
1859 scan = SCAN_PAGE;
1860 } else {
1861 scan = 0;
1862
1863 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1864 hdev->discov_timeout > 0)
9b74246f
JH		 1865 cancel_delayed_work(&hdev->discov_off);
1866 }
2b76f453 1867
9b74246f
JH		 1868 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1869 }
2b76f453 1870
4c01f8b8
JH		 1871 /* If we're going from non-connectable to connectable or
1872 * vice-versa when fast connectable is enabled ensure that fast
1873 * connectable gets disabled. write_fast_connectable won't do
1874 * anything if the page scan parameters are already what they
1875 * should be.
1876 */
1877 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1878 write_fast_connectable(&req, false);
1879
1987fdc7 1880 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
0ec5ae84 1881 !test_bit(HCI_LE_ADV, &hdev->dev_flags))
1987fdc7 1882 enable_advertising(&req);
1987fdc7 1883
2b76f453 1884 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1885 if (err < 0) {
a664b5bc 1886 mgmt_pending_remove(cmd);
9b74246f 1887 if (err == -ENODATA)
a81070ba
JH		 1888 err = set_connectable_update_settings(hdev, sk,
1889 cp->val);
9b74246f
JH		 1890 goto failed;
1891 }
9fbcbb45
JH		 1892
1893failed:
09fd0de5 1894 hci_dev_unlock(hdev);
9fbcbb45
JH		 1895 return err;
1896}
1897
bdb6d971 1898static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1899 u16 len)
c542a06c 1900{
650f726d 1901 struct mgmt_mode *cp = data;
55594356 1902 bool changed;
c542a06c
JH		 1903 int err;
1904
bdb6d971 1905 BT_DBG("request for %s", hdev->name);
c542a06c 1906
a7e80f25
JH		 1907 if (cp->val != 0x00 && cp->val != 0x01)
1908 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1909 MGMT_STATUS_INVALID_PARAMS);
1910
09fd0de5 1911 hci_dev_lock(hdev);
c542a06c
JH		 1912
1913 if (cp->val)
55594356 1914 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1915 else
55594356 1916 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1917
69ab39ea 1918 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1919 if (err < 0)
55594356 1920 goto unlock;
c542a06c 1921
55594356
MH		 1922 if (changed)
1923 err = new_settings(hdev, sk);
c542a06c 1924
55594356 1925unlock:
09fd0de5 1926 hci_dev_unlock(hdev);
c542a06c
JH		 1927 return err;
1928}
1929
04124681
GP		 1930static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1931 u16 len)
33ef95ed
JH		 1932{
1933 struct mgmt_mode *cp = data;
1934 struct pending_cmd *cmd;
e6fe7986 1935 u8 val, status;
33ef95ed
JH		 1936 int err;
1937
bdb6d971 1938 BT_DBG("request for %s", hdev->name);
33ef95ed 1939
e6fe7986
JH		 1940 status = mgmt_bredr_support(hdev);
1941 if (status)
33c525c0 1942 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1943 status);
33c525c0 1944
a7e80f25
JH		 1945 if (cp->val != 0x00 && cp->val != 0x01)
1946 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1947 MGMT_STATUS_INVALID_PARAMS);
1948
33ef95ed
JH		 1949 hci_dev_lock(hdev);
1950
4b34ee78 1951 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1952 bool changed = false;
1953
1954 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1955 &hdev->dev_flags)) {
47990ea0
JH		 1956 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1957 changed = true;
1958 }
1959
1960 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1961 if (err < 0)
1962 goto failed;
1963
1964 if (changed)
1965 err = new_settings(hdev, sk);
1966
33ef95ed
JH		 1967 goto failed;
1968 }
1969
1970 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1971 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1972 MGMT_STATUS_BUSY);
33ef95ed
JH		 1973 goto failed;
1974 }
1975
1976 val = !!cp->val;
1977
1978 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1979 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1980 goto failed;
1981 }
1982
1983 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1984 if (!cmd) {
1985 err = -ENOMEM;
1986 goto failed;
1987 }
1988
1989 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1990 if (err < 0) {
1991 mgmt_pending_remove(cmd);
1992 goto failed;
1993 }
1994
1995failed:
1996 hci_dev_unlock(hdev);
33ef95ed
JH		 1997 return err;
1998}
1999
bdb6d971 2000static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2001{
2002 struct mgmt_mode *cp = data;
2003 struct pending_cmd *cmd;
72ef0c1a 2004 u8 status;
ed2c4ee3
JH		 2005 int err;
2006
bdb6d971 2007 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2008
cdba5281
MH		 2009 status = mgmt_bredr_support(hdev);
2010 if (status)
2011 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2012
13ecd8b6
JH		 2013 if (!lmp_ssp_capable(hdev))
2014 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2015 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2016
a7e80f25
JH		 2017 if (cp->val != 0x00 && cp->val != 0x01)
2018 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2019 MGMT_STATUS_INVALID_PARAMS);
2020
13ecd8b6 2021 hci_dev_lock(hdev);
6c8f12c1 2022
4b34ee78 2023 if (!hdev_is_powered(hdev)) {
9ecb3e24 2024 bool changed;
c0ecddc2 2025
9ecb3e24
MH		 2026 if (cp->val) {
2027 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2028 &hdev->dev_flags);
2029 } else {
2030 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2031 &hdev->dev_flags);
2032 if (!changed)
2033 changed = test_and_clear_bit(HCI_HS_ENABLED,
2034 &hdev->dev_flags);
2035 else
2036 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2037 }
2038
2039 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2040 if (err < 0)
2041 goto failed;
2042
2043 if (changed)
2044 err = new_settings(hdev, sk);
2045
ed2c4ee3
JH		 2046 goto failed;
2047 }
2048
9ecb3e24
MH		 2049 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2050 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 2051 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2052 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2053 goto failed;
2054 }
2055
72ef0c1a 2056 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2057 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2058 goto failed;
2059 }
2060
2061 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2062 if (!cmd) {
2063 err = -ENOMEM;
2064 goto failed;
2065 }
2066
3769972b
JH		 2067 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2068 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2069 sizeof(cp->val), &cp->val);
2070
72ef0c1a 2071 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2072 if (err < 0) {
2073 mgmt_pending_remove(cmd);
2074 goto failed;
2075 }
2076
2077failed:
2078 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2079 return err;
2080}
2081
bdb6d971 2082static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2083{
2084 struct mgmt_mode *cp = data;
ee392693 2085 bool changed;
e6fe7986 2086 u8 status;
ee392693 2087 int err;
6d80dfd0 2088
bdb6d971 2089 BT_DBG("request for %s", hdev->name);
6d80dfd0 2090
e6fe7986
JH		 2091 status = mgmt_bredr_support(hdev);
2092 if (status)
2093 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2094
9ecb3e24
MH		 2095 if (!lmp_ssp_capable(hdev))
2096 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2097 MGMT_STATUS_NOT_SUPPORTED);
2098
2099 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2100 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2101 MGMT_STATUS_REJECTED);
2102
a7e80f25
JH		 2103 if (cp->val != 0x00 && cp->val != 0x01)
2104 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2105 MGMT_STATUS_INVALID_PARAMS);
2106
ee392693
MH		 2107 hci_dev_lock(hdev);
2108
a0cdf960 2109 if (cp->val) {
ee392693 2110 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2111 } else {
2112 if (hdev_is_powered(hdev)) {
2113 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2114 MGMT_STATUS_REJECTED);
2115 goto unlock;
2116 }
2117
ee392693 2118 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2119 }
ee392693
MH		 2120
2121 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2122 if (err < 0)
2123 goto unlock;
2124
2125 if (changed)
2126 err = new_settings(hdev, sk);
6d80dfd0 2127
ee392693
MH		 2128unlock:
2129 hci_dev_unlock(hdev);
2130 return err;
6d80dfd0
JH		 2131}
2132
416a4ae5
JH		 2133static void le_enable_complete(struct hci_dev *hdev, u8 status)
2134{
2135 struct cmd_lookup match = { NULL, hdev };
2136
2137 if (status) {
2138 u8 mgmt_err = mgmt_status(status);
2139
2140 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2141 &mgmt_err);
2142 return;
2143 }
2144
2145 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2146
2147 new_settings(hdev, match.sk);
2148
2149 if (match.sk)
2150 sock_put(match.sk);
441ad2d0
MH		 2151
2152 /* Make sure the controller has a good default for
2153 * advertising data. Restrict the update to when LE
2154 * has actually been enabled. During power on, the
2155 * update in powered_update_hci will take care of it.
2156 */
2157 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2158 struct hci_request req;
2159
2160 hci_dev_lock(hdev);
2161
2162 hci_req_init(&req, hdev);
5947f4bc 2163 update_adv_data(&req);
f14d8f64 2164 update_scan_rsp_data(&req);
441ad2d0
MH		 2165 hci_req_run(&req, NULL);
2166
a70f4b5f
JH		 2167 hci_update_background_scan(hdev);
2168
441ad2d0
MH		 2169 hci_dev_unlock(hdev);
2170 }
416a4ae5
JH		 2171}
2172
bdb6d971 2173static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2174{
2175 struct mgmt_mode *cp = data;
2176 struct hci_cp_write_le_host_supported hci_cp;
2177 struct pending_cmd *cmd;
416a4ae5 2178 struct hci_request req;
06199cf8 2179 int err;
0b60eba1 2180 u8 val, enabled;
06199cf8 2181
bdb6d971 2182 BT_DBG("request for %s", hdev->name);
06199cf8 2183
13ecd8b6
JH		 2184 if (!lmp_le_capable(hdev))
2185 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2186 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2187
a7e80f25
JH		 2188 if (cp->val != 0x00 && cp->val != 0x01)
2189 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2190 MGMT_STATUS_INVALID_PARAMS);
2191
c73eee91 2192 /* LE-only devices do not allow toggling LE on/off */
56f87901 2193 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2194 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2195 MGMT_STATUS_REJECTED);
2196
13ecd8b6 2197 hci_dev_lock(hdev);
06199cf8
JH		 2198
2199 val = !!cp->val;
ffa88e02 2200 enabled = lmp_host_le_capable(hdev);
06199cf8 2201
0b60eba1 2202 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2203 bool changed = false;
2204
2205 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2206 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2207 changed = true;
2208 }
2209
f3d3444a
JH		 2210 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2211 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2212 changed = true;
2213 }
2214
06199cf8
JH		 2215 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2216 if (err < 0)
1de028ce 2217 goto unlock;
06199cf8
JH		 2218
2219 if (changed)
2220 err = new_settings(hdev, sk);
2221
1de028ce 2222 goto unlock;
06199cf8
JH		 2223 }
2224
4375f103
JH		 2225 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2226 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2227 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2228 MGMT_STATUS_BUSY);
1de028ce 2229 goto unlock;
06199cf8
JH		 2230 }
2231
2232 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2233 if (!cmd) {
2234 err = -ENOMEM;
1de028ce 2235 goto unlock;
06199cf8
JH		 2236 }
2237
441ad2d0
MH		 2238 hci_req_init(&req, hdev);
2239
06199cf8
JH		 2240 memset(&hci_cp, 0, sizeof(hci_cp));
2241
2242 if (val) {
2243 hci_cp.le = val;
ffa88e02 2244 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0 2245 } else {
73e082f8 2246 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
441ad2d0 2247 disable_advertising(&req);
06199cf8
JH		 2248 }
2249
416a4ae5
JH		 2250 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2251 &hci_cp);
2252
2253 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2254 if (err < 0)
06199cf8 2255 mgmt_pending_remove(cmd);
06199cf8 2256
1de028ce
JH		 2257unlock:
2258 hci_dev_unlock(hdev);
06199cf8
JH		 2259 return err;
2260}
2261
0cab9c80
JH		 2262/* This is a helper function to test for pending mgmt commands that can
2263 * cause CoD or EIR HCI commands. We can only allow one such pending
2264 * mgmt command at a time since otherwise we cannot easily track what
2265 * the current values are, will be, and based on that calculate if a new
2266 * HCI command needs to be sent and if yes with what value.
2267 */
2268static bool pending_eir_or_class(struct hci_dev *hdev)
2269{
2270 struct pending_cmd *cmd;
2271
2272 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2273 switch (cmd->opcode) {
2274 case MGMT_OP_ADD_UUID:
2275 case MGMT_OP_REMOVE_UUID:
2276 case MGMT_OP_SET_DEV_CLASS:
2277 case MGMT_OP_SET_POWERED:
2278 return true;
2279 }
2280 }
2281
2282 return false;
2283}
2284
83be8eca
JH		 2285static const u8 bluetooth_base_uuid[] = {
2286 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2287 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2288};
2289
2290static u8 get_uuid_size(const u8 *uuid)
2291{
2292 u32 val;
2293
2294 if (memcmp(uuid, bluetooth_base_uuid, 12))
2295 return 128;
2296
2297 val = get_unaligned_le32(&uuid[12]);
2298 if (val > 0xffff)
2299 return 32;
2300
2301 return 16;
2302}
2303
92da6097
JH		 2304static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2305{
2306 struct pending_cmd *cmd;
2307
2308 hci_dev_lock(hdev);
2309
2310 cmd = mgmt_pending_find(mgmt_op, hdev);
2311 if (!cmd)
2312 goto unlock;
2313
2314 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2315 hdev->dev_class, 3);
2316
2317 mgmt_pending_remove(cmd);
2318
2319unlock:
2320 hci_dev_unlock(hdev);
2321}
2322
2323static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2324{
2325 BT_DBG("status 0x%02x", status);
2326
2327 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2328}
2329
bdb6d971 2330static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2331{
650f726d 2332 struct mgmt_cp_add_uuid *cp = data;
90e70454 2333 struct pending_cmd *cmd;
890ea898 2334 struct hci_request req;
2aeb9a1a 2335 struct bt_uuid *uuid;
2aeb9a1a
JH		 2336 int err;
2337
bdb6d971 2338 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2339
09fd0de5 2340 hci_dev_lock(hdev);
2aeb9a1a 2341
0cab9c80 2342 if (pending_eir_or_class(hdev)) {
bdb6d971 2343 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2344 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2345 goto failed;
2346 }
2347
92c4c204 2348 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2349 if (!uuid) {
2350 err = -ENOMEM;
2351 goto failed;
2352 }
2353
2354 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2355 uuid->svc_hint = cp->svc_hint;
83be8eca 2356 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2357
de66aa63 2358 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2359
890ea898 2360 hci_req_init(&req, hdev);
1aff6f09 2361
890ea898
JH		 2362 update_class(&req);
2363 update_eir(&req);
2364
92da6097
JH		 2365 err = hci_req_run(&req, add_uuid_complete);
2366 if (err < 0) {
2367 if (err != -ENODATA)
2368 goto failed;
80a1e1db 2369
bdb6d971 2370 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2371 hdev->dev_class, 3);
90e70454
JH		 2372 goto failed;
2373 }
2374
2375 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2376 if (!cmd) {
90e70454 2377 err = -ENOMEM;
890ea898
JH		 2378 goto failed;
2379 }
2380
2381 err = 0;
2aeb9a1a
JH		 2382
2383failed:
09fd0de5 2384 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2385 return err;
2386}
2387
24b78d0f
JH		 2388static bool enable_service_cache(struct hci_dev *hdev)
2389{
2390 if (!hdev_is_powered(hdev))
2391 return false;
2392
2393 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2394 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2395 CACHE_TIMEOUT);
24b78d0f
JH		 2396 return true;
2397 }
2398
2399 return false;
2400}
2401
92da6097
JH		 2402static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2403{
2404 BT_DBG("status 0x%02x", status);
2405
2406 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2407}
2408
bdb6d971 2409static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2410 u16 len)
2aeb9a1a 2411{
650f726d 2412 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2413 struct pending_cmd *cmd;
056341c8 2414 struct bt_uuid *match, *tmp;
2aeb9a1a 2415 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2416 struct hci_request req;
2aeb9a1a
JH		 2417 int err, found;
2418
bdb6d971 2419 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2420
09fd0de5 2421 hci_dev_lock(hdev);
2aeb9a1a 2422
0cab9c80 2423 if (pending_eir_or_class(hdev)) {
bdb6d971 2424 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2425 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2426 goto unlock;
2427 }
2428
2aeb9a1a 2429 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2430 hci_uuids_clear(hdev);
4004b6d9 2431
24b78d0f 2432 if (enable_service_cache(hdev)) {
bdb6d971 2433 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2434 0, hdev->dev_class, 3);
24b78d0f
JH		 2435 goto unlock;
2436 }
4004b6d9 2437
9246a869 2438 goto update_class;
2aeb9a1a
JH		 2439 }
2440
2441 found = 0;
2442
056341c8 2443 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2444 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2445 continue;
2446
2447 list_del(&match->list);
482049f7 2448 kfree(match);
2aeb9a1a
JH		 2449 found++;
2450 }
2451
2452 if (found == 0) {
bdb6d971 2453 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2454 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2455 goto unlock;
2456 }
2457
9246a869 2458update_class:
890ea898 2459 hci_req_init(&req, hdev);
1aff6f09 2460
890ea898
JH		 2461 update_class(&req);
2462 update_eir(&req);
2463
92da6097
JH		 2464 err = hci_req_run(&req, remove_uuid_complete);
2465 if (err < 0) {
2466 if (err != -ENODATA)
2467 goto unlock;
80a1e1db 2468
bdb6d971 2469 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2470 hdev->dev_class, 3);
90e70454
JH		 2471 goto unlock;
2472 }
2473
2474 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2475 if (!cmd) {
90e70454 2476 err = -ENOMEM;
890ea898
JH		 2477 goto unlock;
2478 }
2479
2480 err = 0;
2aeb9a1a
JH		 2481
2482unlock:
09fd0de5 2483 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2484 return err;
2485}
2486
92da6097
JH		 2487static void set_class_complete(struct hci_dev *hdev, u8 status)
2488{
2489 BT_DBG("status 0x%02x", status);
2490
2491 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2492}
2493
bdb6d971 2494static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2495 u16 len)
1aff6f09 2496{
650f726d 2497 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2498 struct pending_cmd *cmd;
890ea898 2499 struct hci_request req;
1aff6f09
JH		 2500 int err;
2501
bdb6d971 2502 BT_DBG("request for %s", hdev->name);
1aff6f09 2503
6203fc98 2504 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2505 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2506 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2507
0cab9c80 2508 hci_dev_lock(hdev);
ee98f473 2509
0cab9c80
JH		 2510 if (pending_eir_or_class(hdev)) {
2511 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2512 MGMT_STATUS_BUSY);
2513 goto unlock;
2514 }
c95f0ba7 2515
0cab9c80
JH		 2516 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2517 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2518 MGMT_STATUS_INVALID_PARAMS);
2519 goto unlock;
2520 }
575b3a02 2521
932f5ff5
JH		 2522 hdev->major_class = cp->major;
2523 hdev->minor_class = cp->minor;
2524
b5235a65 2525 if (!hdev_is_powered(hdev)) {
bdb6d971 2526 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2527 hdev->dev_class, 3);
b5235a65
JH		 2528 goto unlock;
2529 }
2530
890ea898
JH		 2531 hci_req_init(&req, hdev);
2532
a8b2d5c2 2533 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2534 hci_dev_unlock(hdev);
2535 cancel_delayed_work_sync(&hdev->service_cache);
2536 hci_dev_lock(hdev);
890ea898 2537 update_eir(&req);
7d78525d 2538 }
14c0b608 2539
890ea898
JH		 2540 update_class(&req);
2541
92da6097
JH		 2542 err = hci_req_run(&req, set_class_complete);
2543 if (err < 0) {
2544 if (err != -ENODATA)
2545 goto unlock;
1aff6f09 2546
bdb6d971 2547 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2548 hdev->dev_class, 3);
90e70454
JH		 2549 goto unlock;
2550 }
2551
2552 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2553 if (!cmd) {
90e70454 2554 err = -ENOMEM;
890ea898
JH		 2555 goto unlock;
2556 }
2557
2558 err = 0;
1aff6f09 2559
b5235a65 2560unlock:
09fd0de5 2561 hci_dev_unlock(hdev);
1aff6f09
JH		 2562 return err;
2563}
2564
bdb6d971 2565static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2566 u16 len)
55ed8ca1 2567{
650f726d 2568 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2569 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2570 sizeof(struct mgmt_link_key_info));
4e51eae9 2571 u16 key_count, expected_len;
b1de97d8 2572 bool changed;
a492cd52 2573 int i;
55ed8ca1 2574
9060d5cf
MH		 2575 BT_DBG("request for %s", hdev->name);
2576
2577 if (!lmp_bredr_capable(hdev))
2578 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2579 MGMT_STATUS_NOT_SUPPORTED);
2580
1f350c87 2581 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2582 if (key_count > max_key_count) {
2583 BT_ERR("load_link_keys: too big key_count value %u",
2584 key_count);
2585 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2586 MGMT_STATUS_INVALID_PARAMS);
2587 }
55ed8ca1 2588
86742e1e
JH		 2589 expected_len = sizeof(*cp) + key_count *
2590 sizeof(struct mgmt_link_key_info);
a492cd52 2591 if (expected_len != len) {
86742e1e 2592 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2593 expected_len, len);
bdb6d971 2594 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2595 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2596 }
2597
4ae14301
JH		 2598 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2599 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2600 MGMT_STATUS_INVALID_PARAMS);
2601
bdb6d971 2602 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2603 key_count);
55ed8ca1 2604
4ee71b20
JH		 2605 for (i = 0; i < key_count; i++) {
2606 struct mgmt_link_key_info *key = &cp->keys[i];
2607
8e991132 2608 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2609 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2610 MGMT_STATUS_INVALID_PARAMS);
2611 }
2612
09fd0de5 2613 hci_dev_lock(hdev);
55ed8ca1
JH		 2614
2615 hci_link_keys_clear(hdev);
2616
55ed8ca1 2617 if (cp->debug_keys)
0663b297
JH		 2618 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2619 &hdev->dev_flags);
55ed8ca1 2620 else
0663b297
JH		 2621 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2622 &hdev->dev_flags);
b1de97d8
MH		 2623
2624 if (changed)
2625 new_settings(hdev, NULL);
55ed8ca1 2626
a492cd52 2627 for (i = 0; i < key_count; i++) {
86742e1e 2628 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2629
58e9293c
JH		 2630 /* Always ignore debug keys and require a new pairing if
2631 * the user wants to use them.
2632 */
2633 if (key->type == HCI_LK_DEBUG_COMBINATION)
2634 continue;
2635
7652ff6a
JH		 2636 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2637 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2638 }
2639
bdb6d971 2640 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2641
09fd0de5 2642 hci_dev_unlock(hdev);
55ed8ca1 2643
a492cd52 2644 return 0;
55ed8ca1
JH		 2645}
2646
b1078ad0 2647static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2648 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2649{
2650 struct mgmt_ev_device_unpaired ev;
2651
2652 bacpy(&ev.addr.bdaddr, bdaddr);
2653 ev.addr.type = addr_type;
2654
2655 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2656 skip_sk);
b1078ad0
JH		 2657}
2658
bdb6d971 2659static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2660 u16 len)
55ed8ca1 2661{
124f6e35
JH		 2662 struct mgmt_cp_unpair_device *cp = data;
2663 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2664 struct hci_cp_disconnect dc;
2665 struct pending_cmd *cmd;
55ed8ca1 2666 struct hci_conn *conn;
55ed8ca1
JH		 2667 int err;
2668
a8a1d19e 2669 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2670 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2671 rp.addr.type = cp->addr.type;
a8a1d19e 2672
4ee71b20
JH		 2673 if (!bdaddr_type_is_valid(cp->addr.type))
2674 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2675 MGMT_STATUS_INVALID_PARAMS,
2676 &rp, sizeof(rp));
2677
118da70b
JH		 2678 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2679 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2680 MGMT_STATUS_INVALID_PARAMS,
2681 &rp, sizeof(rp));
2682
4ee71b20
JH		 2683 hci_dev_lock(hdev);
2684
86a8cfc6 2685 if (!hdev_is_powered(hdev)) {
bdb6d971 2686 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2687 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2688 goto unlock;
2689 }
2690
e0b2b27e 2691 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2692 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2693 } else {
2694 u8 addr_type;
2695
2696 if (cp->addr.type == BDADDR_LE_PUBLIC)
2697 addr_type = ADDR_LE_DEV_PUBLIC;
2698 else
2699 addr_type = ADDR_LE_DEV_RANDOM;
2700
a7ec7338
JH		 2701 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2702
a9b0a04c
AG		 2703 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2704
e0b2b27e
JH		 2705 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2706 }
b0dbfb46 2707
55ed8ca1 2708 if (err < 0) {
bdb6d971 2709 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2710 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2711 goto unlock;
2712 }
2713
86a8cfc6 2714 if (cp->disconnect) {
591f47f3 2715 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2716 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2717 &cp->addr.bdaddr);
86a8cfc6
JH		 2718 else
2719 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2720 &cp->addr.bdaddr);
86a8cfc6
JH		 2721 } else {
2722 conn = NULL;
2723 }
124f6e35 2724
a8a1d19e 2725 if (!conn) {
bdb6d971 2726 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2727 &rp, sizeof(rp));
b1078ad0 2728 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2729 goto unlock;
2730 }
55ed8ca1 2731
124f6e35 2732 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2733 sizeof(*cp));
a8a1d19e
JH		 2734 if (!cmd) {
2735 err = -ENOMEM;
2736 goto unlock;
55ed8ca1
JH		 2737 }
2738
eb55ef07 2739 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2740 dc.reason = 0x13; /* Remote User Terminated Connection */
2741 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2742 if (err < 0)
2743 mgmt_pending_remove(cmd);
2744
55ed8ca1 2745unlock:
09fd0de5 2746 hci_dev_unlock(hdev);
55ed8ca1
JH		 2747 return err;
2748}
2749
bdb6d971 2750static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2751 u16 len)
8962ee74 2752{
650f726d 2753 struct mgmt_cp_disconnect *cp = data;
06a63b19 2754 struct mgmt_rp_disconnect rp;
8962ee74 2755 struct hci_cp_disconnect dc;
366a0336 2756 struct pending_cmd *cmd;
8962ee74 2757 struct hci_conn *conn;
8962ee74
JH		 2758 int err;
2759
2760 BT_DBG("");
2761
06a63b19
JH		 2762 memset(&rp, 0, sizeof(rp));
2763 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2764 rp.addr.type = cp->addr.type;
2765
4ee71b20 2766 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2767 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2768 MGMT_STATUS_INVALID_PARAMS,
2769 &rp, sizeof(rp));
4ee71b20 2770
09fd0de5 2771 hci_dev_lock(hdev);
8962ee74
JH		 2772
2773 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2774 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2775 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2776 goto failed;
2777 }
2778
2e58ef3e 2779 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2780 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2781 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2782 goto failed;
2783 }
2784
591f47f3 2785 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2786 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2787 &cp->addr.bdaddr);
88c3df13
JH		 2788 else
2789 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2790
f960727e 2791 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2792 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2793 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2794 goto failed;
2795 }
2796
2e58ef3e 2797 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2798 if (!cmd) {
2799 err = -ENOMEM;
8962ee74 2800 goto failed;
366a0336 2801 }
8962ee74 2802
eb55ef07 2803 dc.handle = cpu_to_le16(conn->handle);
3701f944 2804 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2805
2806 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2807 if (err < 0)
a664b5bc 2808 mgmt_pending_remove(cmd);
8962ee74
JH		 2809
2810failed:
09fd0de5 2811 hci_dev_unlock(hdev);
8962ee74
JH		 2812 return err;
2813}
2814
57c1477c 2815static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2816{
2817 switch (link_type) {
2818 case LE_LINK:
48264f06
JH		 2819 switch (addr_type) {
2820 case ADDR_LE_DEV_PUBLIC:
591f47f3 2821 return BDADDR_LE_PUBLIC;
0ed09148 2822
48264f06 2823 default:
0ed09148 2824 /* Fallback to LE Random address type */
591f47f3 2825 return BDADDR_LE_RANDOM;
48264f06 2826 }
0ed09148 2827
4c659c39 2828 default:
0ed09148 2829 /* Fallback to BR/EDR type */
591f47f3 2830 return BDADDR_BREDR;
4c659c39
JH		 2831 }
2832}
2833
04124681
GP		 2834static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2835 u16 data_len)
2784eb41 2836{
2784eb41 2837 struct mgmt_rp_get_connections *rp;
8035ded4 2838 struct hci_conn *c;
a38528f1 2839 size_t rp_len;
60fc5fb6
JH		 2840 int err;
2841 u16 i;
2784eb41
JH		 2842
2843 BT_DBG("");
2844
09fd0de5 2845 hci_dev_lock(hdev);
2784eb41 2846
5f97c1df 2847 if (!hdev_is_powered(hdev)) {
bdb6d971 2848 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2849 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2850 goto unlock;
2851 }
2852
60fc5fb6 2853 i = 0;
b644ba33
JH		 2854 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2855 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2856 i++;
2784eb41
JH		 2857 }
2858
60fc5fb6 2859 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2860 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2861 if (!rp) {
2784eb41
JH		 2862 err = -ENOMEM;
2863 goto unlock;
2864 }
2865
2784eb41 2866 i = 0;
4c659c39 2867 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2868 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2869 continue;
4c659c39 2870 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2871 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2872 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2873 continue;
2874 i++;
2875 }
2876
eb55ef07 2877 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2878
4c659c39
JH		 2879 /* Recalculate length in case of filtered SCO connections, etc */
2880 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2881
bdb6d971 2882 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2883 rp_len);
2784eb41 2884
a38528f1 2885 kfree(rp);
5f97c1df
JH		 2886
2887unlock:
09fd0de5 2888 hci_dev_unlock(hdev);
2784eb41
JH		 2889 return err;
2890}
2891
bdb6d971 2892static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2893 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2894{
2895 struct pending_cmd *cmd;
2896 int err;
2897
2e58ef3e 2898 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2899 sizeof(*cp));
96d97a67
WR		 2900 if (!cmd)
2901 return -ENOMEM;
2902
d8457698 2903 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2904 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2905 if (err < 0)
2906 mgmt_pending_remove(cmd);
2907
2908 return err;
2909}
2910
bdb6d971 2911static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2912 u16 len)
980e1a53 2913{
96d97a67 2914 struct hci_conn *conn;
650f726d 2915 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2916 struct hci_cp_pin_code_reply reply;
366a0336 2917 struct pending_cmd *cmd;
980e1a53
JH		 2918 int err;
2919
2920 BT_DBG("");
2921
09fd0de5 2922 hci_dev_lock(hdev);
980e1a53 2923
4b34ee78 2924 if (!hdev_is_powered(hdev)) {
bdb6d971 2925 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2926 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2927 goto failed;
2928 }
2929
d8457698 2930 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2931 if (!conn) {
bdb6d971 2932 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2933 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2934 goto failed;
2935 }
2936
2937 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2938 struct mgmt_cp_pin_code_neg_reply ncp;
2939
2940 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2941
2942 BT_ERR("PIN code is not 16 bytes long");
2943
bdb6d971 2944 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2945 if (err >= 0)
bdb6d971 2946 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2947 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2948
2949 goto failed;
2950 }
2951
00abfe44 2952 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2953 if (!cmd) {
2954 err = -ENOMEM;
980e1a53 2955 goto failed;
366a0336 2956 }
980e1a53 2957
d8457698 2958 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2959 reply.pin_len = cp->pin_len;
24718ca5 2960 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2961
2962 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2963 if (err < 0)
a664b5bc 2964 mgmt_pending_remove(cmd);
980e1a53
JH		 2965
2966failed:
09fd0de5 2967 hci_dev_unlock(hdev);
980e1a53
JH		 2968 return err;
2969}
2970
04124681
GP		 2971static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2972 u16 len)
17fa4b9d 2973{
650f726d 2974 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2975
2976 BT_DBG("");
2977
4ec86d4c
JH		 2978 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2979 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2980 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
2981
09fd0de5 2982 hci_dev_lock(hdev);
17fa4b9d
JH		 2983
2984 hdev->io_capability = cp->io_capability;
2985
2986 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2987 hdev->io_capability);
17fa4b9d 2988
09fd0de5 2989 hci_dev_unlock(hdev);
17fa4b9d 2990
04124681
GP		 2991 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2992 0);
17fa4b9d
JH		 2993}
2994
6039aa73 2995static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2996{
2997 struct hci_dev *hdev = conn->hdev;
8035ded4 2998 struct pending_cmd *cmd;
e9a416b5 2999
2e58ef3e 3000 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3001 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3002 continue;
3003
e9a416b5
JH		 3004 if (cmd->user_data != conn)
3005 continue;
3006
3007 return cmd;
3008 }
3009
3010 return NULL;
3011}
3012
3013static void pairing_complete(struct pending_cmd *cmd, u8 status)
3014{
3015 struct mgmt_rp_pair_device rp;
3016 struct hci_conn *conn = cmd->user_data;
3017
61b1a7fb
JH		 3018 bacpy(&rp.addr.bdaddr, &conn->dst);
3019 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3020
aee9b218 3021 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 3022 &rp, sizeof(rp));
e9a416b5
JH		 3023
3024 /* So we don't get further callbacks for this connection */
3025 conn->connect_cfm_cb = NULL;
3026 conn->security_cfm_cb = NULL;
3027 conn->disconn_cfm_cb = NULL;
3028
76a68ba0 3029 hci_conn_drop(conn);
e9a416b5 3030
a664b5bc 3031 mgmt_pending_remove(cmd);
e9a416b5
JH		 3032}
3033
f4a407be
JH		 3034void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3035{
3036 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3037 struct pending_cmd *cmd;
3038
3039 cmd = find_pairing(conn);
3040 if (cmd)
3041 pairing_complete(cmd, status);
3042}
3043
e9a416b5
JH		 3044static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3045{
3046 struct pending_cmd *cmd;
3047
3048 BT_DBG("status %u", status);
3049
3050 cmd = find_pairing(conn);
56e5cb86 3051 if (!cmd)
e9a416b5 3052 BT_DBG("Unable to find a pending command");
56e5cb86 3053 else
e211326c 3054 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 3055}
3056
f4a407be 3057static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 3058{
3059 struct pending_cmd *cmd;
3060
3061 BT_DBG("status %u", status);
3062
3063 if (!status)
3064 return;
3065
3066 cmd = find_pairing(conn);
3067 if (!cmd)
3068 BT_DBG("Unable to find a pending command");
3069 else
3070 pairing_complete(cmd, mgmt_status(status));
3071}
3072
bdb6d971 3073static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3074 u16 len)
e9a416b5 3075{
650f726d 3076 struct mgmt_cp_pair_device *cp = data;
1425acb7 3077 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 3078 struct pending_cmd *cmd;
3079 u8 sec_level, auth_type;
3080 struct hci_conn *conn;
e9a416b5
JH		 3081 int err;
3082
3083 BT_DBG("");
3084
f950a30e
SJ		 3085 memset(&rp, 0, sizeof(rp));
3086 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3087 rp.addr.type = cp->addr.type;
3088
4ee71b20
JH		 3089 if (!bdaddr_type_is_valid(cp->addr.type))
3090 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3091 MGMT_STATUS_INVALID_PARAMS,
3092 &rp, sizeof(rp));
3093
4ec86d4c
JH		 3094 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3095 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3096 MGMT_STATUS_INVALID_PARAMS,
3097 &rp, sizeof(rp));
3098
09fd0de5 3099 hci_dev_lock(hdev);
e9a416b5 3100
5f97c1df 3101 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 3102 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3103 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 3104 goto unlock;
3105 }
3106
c908df36 3107 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3108 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3109
6f77d8c7 3110 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3111 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3112 auth_type);
6f77d8c7
AG		 3113 } else {
3114 u8 addr_type;
3115
3116 /* Convert from L2CAP channel address type to HCI address type
3117 */
3118 if (cp->addr.type == BDADDR_LE_PUBLIC)
3119 addr_type = ADDR_LE_DEV_PUBLIC;
3120 else
3121 addr_type = ADDR_LE_DEV_RANDOM;
3122
7c264b10
MH		 3123 /* When pairing a new device, it is expected to remember
3124 * this device for future connections. Adding the connection
3125 * parameter information ahead of time allows tracking
3126 * of the slave preferred values and will speed up any
3127 * further connection establishment.
3128 *
3129 * If connection parameters already exist, then they
3130 * will be kept and this function does nothing.
3131 */
3132 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3133
cdd6275e 3134 /* Request a connection with master = true role */
6f77d8c7 3135 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
cdd6275e 3136 sec_level, HCI_LE_CONN_TIMEOUT, true);
6f77d8c7 3137 }
7a512d01 3138
30e76272 3139 if (IS_ERR(conn)) {
489dc48e
AK		 3140 int status;
3141
3142 if (PTR_ERR(conn) == -EBUSY)
3143 status = MGMT_STATUS_BUSY;
3144 else
3145 status = MGMT_STATUS_CONNECT_FAILED;
3146
bdb6d971 3147 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 3148 status, &rp,
04124681 3149 sizeof(rp));
e9a416b5
JH		 3150 goto unlock;
3151 }
3152
3153 if (conn->connect_cfm_cb) {
76a68ba0 3154 hci_conn_drop(conn);
bdb6d971 3155 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 3156 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3157 goto unlock;
3158 }
3159
2e58ef3e 3160 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3161 if (!cmd) {
3162 err = -ENOMEM;
76a68ba0 3163 hci_conn_drop(conn);
e9a416b5
JH		 3164 goto unlock;
3165 }
3166
7a512d01 3167 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3168 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3169 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3170 conn->security_cfm_cb = pairing_complete_cb;
3171 conn->disconn_cfm_cb = pairing_complete_cb;
3172 } else {
3173 conn->connect_cfm_cb = le_pairing_complete_cb;
3174 conn->security_cfm_cb = le_pairing_complete_cb;
3175 conn->disconn_cfm_cb = le_pairing_complete_cb;
3176 }
7a512d01 3177
e9a416b5
JH		 3178 conn->io_capability = cp->io_cap;
3179 cmd->user_data = conn;
3180
3181 if (conn->state == BT_CONNECTED &&
8ce8e2b5 3182 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 3183 pairing_complete(cmd, 0);
3184
3185 err = 0;
3186
3187unlock:
09fd0de5 3188 hci_dev_unlock(hdev);
e9a416b5
JH		 3189 return err;
3190}
3191
04124681
GP		 3192static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3193 u16 len)
28424707 3194{
0f4e68cf 3195 struct mgmt_addr_info *addr = data;
28424707
JH		 3196 struct pending_cmd *cmd;
3197 struct hci_conn *conn;
3198 int err;
3199
3200 BT_DBG("");
3201
28424707
JH		 3202 hci_dev_lock(hdev);
3203
5f97c1df 3204 if (!hdev_is_powered(hdev)) {
bdb6d971 3205 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3206 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3207 goto unlock;
3208 }
3209
28424707
JH		 3210 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3211 if (!cmd) {
bdb6d971 3212 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3213 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3214 goto unlock;
3215 }
3216
3217 conn = cmd->user_data;
3218
3219 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3220 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3221 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3222 goto unlock;
3223 }
3224
3225 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3226
bdb6d971 3227 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3228 addr, sizeof(*addr));
28424707
JH		 3229unlock:
3230 hci_dev_unlock(hdev);
28424707
JH		 3231 return err;
3232}
3233
bdb6d971 3234static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3235 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3236 u16 hci_op, __le32 passkey)
a5c29683 3237{
a5c29683 3238 struct pending_cmd *cmd;
0df4c185 3239 struct hci_conn *conn;
a5c29683
JH		 3240 int err;
3241
09fd0de5 3242 hci_dev_lock(hdev);
08ba5382 3243
4b34ee78 3244 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3245 err = cmd_complete(sk, hdev->id, mgmt_op,
3246 MGMT_STATUS_NOT_POWERED, addr,
3247 sizeof(*addr));
0df4c185 3248 goto done;
a5c29683
JH		 3249 }
3250
1707c60e
JH		 3251 if (addr->type == BDADDR_BREDR)
3252 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3253 else
1707c60e 3254 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3255
3256 if (!conn) {
feb94d3d
JH		 3257 err = cmd_complete(sk, hdev->id, mgmt_op,
3258 MGMT_STATUS_NOT_CONNECTED, addr,
3259 sizeof(*addr));
272d90df
JH		 3260 goto done;
3261 }
47c15e2b 3262
1707c60e 3263 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3264 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3265 if (!err)
feb94d3d
JH		 3266 err = cmd_complete(sk, hdev->id, mgmt_op,
3267 MGMT_STATUS_SUCCESS, addr,
3268 sizeof(*addr));
5fe57d9e 3269 else
feb94d3d
JH		 3270 err = cmd_complete(sk, hdev->id, mgmt_op,
3271 MGMT_STATUS_FAILED, addr,
3272 sizeof(*addr));
47c15e2b 3273
47c15e2b
BG		 3274 goto done;
3275 }
3276
1707c60e 3277 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3278 if (!cmd) {
3279 err = -ENOMEM;
0df4c185 3280 goto done;
a5c29683
JH		 3281 }
3282
0df4c185 3283 /* Continue with pairing via HCI */
604086b7
BG		 3284 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3285 struct hci_cp_user_passkey_reply cp;
3286
1707c60e 3287 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3288 cp.passkey = passkey;
3289 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3290 } else
1707c60e
JH		 3291 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3292 &addr->bdaddr);
604086b7 3293
a664b5bc
JH		 3294 if (err < 0)
3295 mgmt_pending_remove(cmd);
a5c29683 3296
0df4c185 3297done:
09fd0de5 3298 hci_dev_unlock(hdev);
a5c29683
JH		 3299 return err;
3300}
3301
afeb019d
JK		 3302static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3303 void *data, u16 len)
3304{
3305 struct mgmt_cp_pin_code_neg_reply *cp = data;
3306
3307 BT_DBG("");
3308
1707c60e 3309 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3310 MGMT_OP_PIN_CODE_NEG_REPLY,
3311 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3312}
3313
04124681
GP		 3314static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3315 u16 len)
0df4c185 3316{
650f726d 3317 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3318
3319 BT_DBG("");
3320
3321 if (len != sizeof(*cp))
bdb6d971 3322 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3323 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3324
1707c60e 3325 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3326 MGMT_OP_USER_CONFIRM_REPLY,
3327 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3328}
3329
bdb6d971 3330static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3331 void *data, u16 len)
0df4c185 3332{
c9c2659f 3333 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3334
3335 BT_DBG("");
3336
1707c60e 3337 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3338 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3339 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3340}
3341
04124681
GP		 3342static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3343 u16 len)
604086b7 3344{
650f726d 3345 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3346
3347 BT_DBG("");
3348
1707c60e 3349 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3350 MGMT_OP_USER_PASSKEY_REPLY,
3351 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3352}
3353
bdb6d971 3354static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3355 void *data, u16 len)
604086b7 3356{
650f726d 3357 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3358
3359 BT_DBG("");
3360
1707c60e 3361 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3362 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3363 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3364}
3365
13928971 3366static void update_name(struct hci_request *req)
2b4bf397 3367{
13928971 3368 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3369 struct hci_cp_write_local_name cp;
3370
13928971 3371 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3372
890ea898 3373 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3374}
3375
13928971
JH		 3376static void set_name_complete(struct hci_dev *hdev, u8 status)
3377{
3378 struct mgmt_cp_set_local_name *cp;
3379 struct pending_cmd *cmd;
3380
3381 BT_DBG("status 0x%02x", status);
3382
3383 hci_dev_lock(hdev);
3384
3385 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3386 if (!cmd)
3387 goto unlock;
3388
3389 cp = cmd->param;
3390
3391 if (status)
3392 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3393 mgmt_status(status));
3394 else
3395 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3396 cp, sizeof(*cp));
3397
3398 mgmt_pending_remove(cmd);
3399
3400unlock:
3401 hci_dev_unlock(hdev);
3402}
3403
bdb6d971 3404static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3405 u16 len)
b312b161 3406{
2b4bf397 3407 struct mgmt_cp_set_local_name *cp = data;
b312b161 3408 struct pending_cmd *cmd;
890ea898 3409 struct hci_request req;
b312b161
JH		 3410 int err;
3411
3412 BT_DBG("");
3413
09fd0de5 3414 hci_dev_lock(hdev);
b312b161 3415
b3f2ca94
JH		 3416 /* If the old values are the same as the new ones just return a
3417 * direct command complete event.
3418 */
3419 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3420 !memcmp(hdev->short_name, cp->short_name,
3421 sizeof(hdev->short_name))) {
3422 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3423 data, len);
3424 goto failed;
3425 }
3426
2b4bf397 3427 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3428
b5235a65 3429 if (!hdev_is_powered(hdev)) {
2b4bf397 3430 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3431
3432 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3433 data, len);
28cc7bde
JH		 3434 if (err < 0)
3435 goto failed;
3436
3437 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3438 sk);
28cc7bde 3439
b5235a65
JH		 3440 goto failed;
3441 }
3442
28cc7bde 3443 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3444 if (!cmd) {
3445 err = -ENOMEM;
3446 goto failed;
3447 }
3448
13928971
JH		 3449 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3450
890ea898 3451 hci_req_init(&req, hdev);
3f985050
JH		 3452
3453 if (lmp_bredr_capable(hdev)) {
3454 update_name(&req);
3455 update_eir(&req);
3456 }
3457
7a5f4990
MH		 3458 /* The name is stored in the scan response data and so
3459 * no need to udpate the advertising data here.
3460 */
3f985050 3461 if (lmp_le_capable(hdev))
7a5f4990 3462 update_scan_rsp_data(&req);
3f985050 3463
13928971 3464 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3465 if (err < 0)
3466 mgmt_pending_remove(cmd);
3467
3468failed:
09fd0de5 3469 hci_dev_unlock(hdev);
b312b161
JH		 3470 return err;
3471}
3472
0f4e68cf 3473static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3474 void *data, u16 data_len)
c35938b2 3475{
c35938b2
SJ		 3476 struct pending_cmd *cmd;
3477 int err;
3478
bdb6d971 3479 BT_DBG("%s", hdev->name);
c35938b2 3480
09fd0de5 3481 hci_dev_lock(hdev);
c35938b2 3482
4b34ee78 3483 if (!hdev_is_powered(hdev)) {
bdb6d971 3484 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3485 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3486 goto unlock;
3487 }
3488
9a1a1996 3489 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3490 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3491 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3492 goto unlock;
3493 }
3494
2e58ef3e 3495 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3496 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3497 MGMT_STATUS_BUSY);
c35938b2
SJ		 3498 goto unlock;
3499 }
3500
2e58ef3e 3501 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3502 if (!cmd) {
3503 err = -ENOMEM;
3504 goto unlock;
3505 }
3506
4d2d2796
MH		 3507 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3508 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3509 0, NULL);
3510 else
3511 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3512
c35938b2
SJ		 3513 if (err < 0)
3514 mgmt_pending_remove(cmd);
3515
3516unlock:
09fd0de5 3517 hci_dev_unlock(hdev);
c35938b2
SJ		 3518 return err;
3519}
3520
bdb6d971 3521static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3522 void *data, u16 len)
2763eda6 3523{
2763eda6
SJ		 3524 int err;
3525
bdb6d971 3526 BT_DBG("%s ", hdev->name);
2763eda6 3527
09fd0de5 3528 hci_dev_lock(hdev);
2763eda6 3529
ec109113
MH		 3530 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3531 struct mgmt_cp_add_remote_oob_data *cp = data;
3532 u8 status;
bf1e3541 3533
ec109113
MH		 3534 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3535 cp->hash, cp->randomizer);
3536 if (err < 0)
3537 status = MGMT_STATUS_FAILED;
3538 else
3539 status = MGMT_STATUS_SUCCESS;
3540
3541 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3542 status, &cp->addr, sizeof(cp->addr));
3543 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3544 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3545 u8 status;
3546
3547 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3548 cp->hash192,
3549 cp->randomizer192,
3550 cp->hash256,
3551 cp->randomizer256);
3552 if (err < 0)
3553 status = MGMT_STATUS_FAILED;
3554 else
3555 status = MGMT_STATUS_SUCCESS;
3556
3557 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3558 status, &cp->addr, sizeof(cp->addr));
3559 } else {
3560 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3561 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3562 MGMT_STATUS_INVALID_PARAMS);
3563 }
2763eda6 3564
09fd0de5 3565 hci_dev_unlock(hdev);
2763eda6
SJ		 3566 return err;
3567}
3568
bdb6d971 3569static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3570 void *data, u16 len)
2763eda6 3571{
650f726d 3572 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3573 u8 status;
2763eda6
SJ		 3574 int err;
3575
bdb6d971 3576 BT_DBG("%s", hdev->name);
2763eda6 3577
09fd0de5 3578 hci_dev_lock(hdev);
2763eda6 3579
664ce4cc 3580 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3581 if (err < 0)
bf1e3541 3582 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3583 else
a6785be2 3584 status = MGMT_STATUS_SUCCESS;
bf1e3541 3585
bdb6d971 3586 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3587 status, &cp->addr, sizeof(cp->addr));
2763eda6 3588
09fd0de5 3589 hci_dev_unlock(hdev);
2763eda6
SJ		 3590 return err;
3591}
3592
41dc2bd6
AG		 3593static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3594{
3595 struct pending_cmd *cmd;
3596 u8 type;
3597 int err;
3598
3599 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3600
3601 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3602 if (!cmd)
3603 return -ENOENT;
3604
3605 type = hdev->discovery.type;
3606
3607 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3608 &type, sizeof(type));
3609 mgmt_pending_remove(cmd);
3610
3611 return err;
3612}
3613
7c307720
AG		 3614static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3615{
ae55f598
LR		 3616 unsigned long timeout = 0;
3617
7c307720
AG		 3618 BT_DBG("status %d", status);
3619
3620 if (status) {
3621 hci_dev_lock(hdev);
3622 mgmt_start_discovery_failed(hdev, status);
3623 hci_dev_unlock(hdev);
3624 return;
3625 }
3626
3627 hci_dev_lock(hdev);
3628 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3629 hci_dev_unlock(hdev);
3630
3631 switch (hdev->discovery.type) {
3632 case DISCOV_TYPE_LE:
3d5a76f0 3633 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3634 break;
3635
3636 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3637 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3638 break;
3639
3640 case DISCOV_TYPE_BREDR:
3641 break;
3642
3643 default:
3644 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3645 }
ae55f598
LR		 3646
3647 if (!timeout)
3648 return;
3649
3650 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3651}
3652
bdb6d971 3653static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3654 void *data, u16 len)
14a53664 3655{
650f726d 3656 struct mgmt_cp_start_discovery *cp = data;
14a53664 3657 struct pending_cmd *cmd;
7c307720
AG		 3658 struct hci_cp_le_set_scan_param param_cp;
3659 struct hci_cp_le_set_scan_enable enable_cp;
3660 struct hci_cp_inquiry inq_cp;
3661 struct hci_request req;
3662 /* General inquiry access code (GIAC) */
3663 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3664 u8 status, own_addr_type;
14a53664
JH		 3665 int err;
3666
bdb6d971 3667 BT_DBG("%s", hdev->name);
14a53664 3668
09fd0de5 3669 hci_dev_lock(hdev);
14a53664 3670
4b34ee78 3671 if (!hdev_is_powered(hdev)) {
bdb6d971 3672 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3673 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3674 goto failed;
3675 }
3676
642be6c7
AG		 3677 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3678 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3679 MGMT_STATUS_BUSY);
3680 goto failed;
3681 }
3682
ff9ef578 3683 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3684 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3685 MGMT_STATUS_BUSY);
ff9ef578
JH		 3686 goto failed;
3687 }
3688
2e58ef3e 3689 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3690 if (!cmd) {
3691 err = -ENOMEM;
3692 goto failed;
3693 }
3694
4aab14e5
AG		 3695 hdev->discovery.type = cp->type;
3696
7c307720
AG		 3697 hci_req_init(&req, hdev);
3698
4aab14e5 3699 switch (hdev->discovery.type) {
f39799f5 3700 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3701 status = mgmt_bredr_support(hdev);
3702 if (status) {
04106755 3703 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3704 status);
04106755
JH		 3705 mgmt_pending_remove(cmd);
3706 goto failed;
3707 }
3708
7c307720
AG		 3709 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3710 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3711 MGMT_STATUS_BUSY);
3712 mgmt_pending_remove(cmd);
3713 goto failed;
3714 }
3715
3716 hci_inquiry_cache_flush(hdev);
3717
3718 memset(&inq_cp, 0, sizeof(inq_cp));
3719 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3720 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3721 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3722 break;
3723
3724 case DISCOV_TYPE_LE:
7c307720 3725 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3726 status = mgmt_le_support(hdev);
3727 if (status) {
04106755 3728 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3729 status);
04106755
JH		 3730 mgmt_pending_remove(cmd);
3731 goto failed;
3732 }
3733
7c307720 3734 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3735 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3736 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3737 MGMT_STATUS_NOT_SUPPORTED);
3738 mgmt_pending_remove(cmd);
3739 goto failed;
3740 }
3741
e8bb6b97
JH		 3742 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3743 /* Don't let discovery abort an outgoing
3744 * connection attempt that's using directed
3745 * advertising.
3746 */
3747 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3748 BT_CONNECT)) {
3749 err = cmd_status(sk, hdev->id,
3750 MGMT_OP_START_DISCOVERY,
3751 MGMT_STATUS_REJECTED);
3752 mgmt_pending_remove(cmd);
3753 goto failed;
3754 }
3755
3756 disable_advertising(&req);
7c307720
AG		 3757 }
3758
c54c3860
AG		 3759 /* If controller is scanning, it means the background scanning
3760 * is running. Thus, we should temporarily stop it in order to
3761 * set the discovery scanning parameters.
3762 */
3763 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3764 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3765
3766 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3767
94b1fc92
MH		 3768 /* All active scans will be done with either a resolvable
3769 * private address (when privacy feature has been enabled)
3770 * or unresolvable private address.
3771 */
3772 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3773 if (err < 0) {
3774 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3775 MGMT_STATUS_FAILED);
3776 mgmt_pending_remove(cmd);
3777 goto failed;
3778 }
3779
7c307720 3780 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3781 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3782 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3783 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3784 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3785 &param_cp);
3786
3787 memset(&enable_cp, 0, sizeof(enable_cp));
3788 enable_cp.enable = LE_SCAN_ENABLE;
3789 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3790 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3791 &enable_cp);
5e0452c0
AG		 3792 break;
3793
f39799f5 3794 default:
04106755
JH		 3795 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3796 MGMT_STATUS_INVALID_PARAMS);
3797 mgmt_pending_remove(cmd);
3798 goto failed;
f39799f5 3799 }
3fd24153 3800
7c307720 3801 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3802 if (err < 0)
3803 mgmt_pending_remove(cmd);
ff9ef578
JH		 3804 else
3805 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3806
3807failed:
09fd0de5 3808 hci_dev_unlock(hdev);
14a53664
JH		 3809 return err;
3810}
3811
1183fdca
AG		 3812static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3813{
3814 struct pending_cmd *cmd;
3815 int err;
3816
3817 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3818 if (!cmd)
3819 return -ENOENT;
3820
3821 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3822 &hdev->discovery.type, sizeof(hdev->discovery.type));
3823 mgmt_pending_remove(cmd);
3824
3825 return err;
3826}
3827
0e05bba6
AG		 3828static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3829{
3830 BT_DBG("status %d", status);
3831
3832 hci_dev_lock(hdev);
3833
3834 if (status) {
3835 mgmt_stop_discovery_failed(hdev, status);
3836 goto unlock;
3837 }
3838
3839 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3840
3841unlock:
3842 hci_dev_unlock(hdev);
3843}
3844
bdb6d971 3845static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3846 u16 len)
14a53664 3847{
d930650b 3848 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3849 struct pending_cmd *cmd;
0e05bba6 3850 struct hci_request req;
14a53664
JH		 3851 int err;
3852
bdb6d971 3853 BT_DBG("%s", hdev->name);
14a53664 3854
09fd0de5 3855 hci_dev_lock(hdev);
14a53664 3856
30dc78e1 3857 if (!hci_discovery_active(hdev)) {
bdb6d971 3858 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3859 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3860 sizeof(mgmt_cp->type));
d930650b
JH		 3861 goto unlock;
3862 }
3863
3864 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3865 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3866 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3867 sizeof(mgmt_cp->type));
30dc78e1 3868 goto unlock;
ff9ef578
JH		 3869 }
3870
2e58ef3e 3871 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3872 if (!cmd) {
3873 err = -ENOMEM;
30dc78e1
JH		 3874 goto unlock;
3875 }
3876
0e05bba6
AG		 3877 hci_req_init(&req, hdev);
3878
21a60d30 3879 hci_stop_discovery(&req);
e0d9727e 3880
21a60d30
JH		 3881 err = hci_req_run(&req, stop_discovery_complete);
3882 if (!err) {
3883 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3884 goto unlock;
14a53664
JH		 3885 }
3886
21a60d30
JH		 3887 mgmt_pending_remove(cmd);
3888
3889 /* If no HCI commands were sent we're done */
3890 if (err == -ENODATA) {
3891 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3892 &mgmt_cp->type, sizeof(mgmt_cp->type));
3893 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3894 }
14a53664 3895
30dc78e1 3896unlock:
09fd0de5 3897 hci_dev_unlock(hdev);
14a53664
JH		 3898 return err;
3899}
3900
bdb6d971 3901static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3902 u16 len)
561aafbc 3903{
650f726d 3904 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3905 struct inquiry_entry *e;
561aafbc
JH		 3906 int err;
3907
bdb6d971 3908 BT_DBG("%s", hdev->name);
561aafbc 3909
561aafbc
JH		 3910 hci_dev_lock(hdev);
3911
30dc78e1 3912 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3913 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3914 MGMT_STATUS_FAILED, &cp->addr,
3915 sizeof(cp->addr));
30dc78e1
JH		 3916 goto failed;
3917 }
3918
a198e7b1 3919 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3920 if (!e) {
d3a2541d
LR		 3921 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3922 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3923 sizeof(cp->addr));
561aafbc
JH		 3924 goto failed;
3925 }
3926
3927 if (cp->name_known) {
3928 e->name_state = NAME_KNOWN;
3929 list_del(&e->list);
3930 } else {
3931 e->name_state = NAME_NEEDED;
a3d4e20a 3932 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3933 }
3934
e384662b
JH		 3935 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3936 sizeof(cp->addr));
561aafbc
JH		 3937
3938failed:
3939 hci_dev_unlock(hdev);
561aafbc
JH		 3940 return err;
3941}
3942
bdb6d971 3943static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3944 u16 len)
7fbec224 3945{
650f726d 3946 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3947 u8 status;
7fbec224
AJ		 3948 int err;
3949
bdb6d971 3950 BT_DBG("%s", hdev->name);
7fbec224 3951
4ee71b20 3952 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3953 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3954 MGMT_STATUS_INVALID_PARAMS,
3955 &cp->addr, sizeof(cp->addr));
4ee71b20 3956
09fd0de5 3957 hci_dev_lock(hdev);
5e762444 3958
dcc36c16
JH		 3959 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3960 cp->addr.type);
2a8357f2 3961 if (err < 0) {
f0eeea8b 3962 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3963 goto done;
3964 }
3965
3966 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3967 sk);
3968 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3969
2a8357f2 3970done:
bdb6d971 3971 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3972 &cp->addr, sizeof(cp->addr));
5e762444 3973
09fd0de5 3974 hci_dev_unlock(hdev);
7fbec224
AJ		 3975
3976 return err;
3977}
3978
bdb6d971 3979static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3980 u16 len)
7fbec224 3981{
650f726d 3982 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3983 u8 status;
7fbec224
AJ		 3984 int err;
3985
bdb6d971 3986 BT_DBG("%s", hdev->name);
7fbec224 3987
4ee71b20 3988 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3989 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3990 MGMT_STATUS_INVALID_PARAMS,
3991 &cp->addr, sizeof(cp->addr));
4ee71b20 3992
09fd0de5 3993 hci_dev_lock(hdev);
5e762444 3994
dcc36c16
JH		 3995 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
3996 cp->addr.type);
2a8357f2 3997 if (err < 0) {
f0eeea8b 3998 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 3999 goto done;
4000 }
4001
4002 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4003 sk);
4004 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4005
2a8357f2 4006done:
bdb6d971 4007 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 4008 &cp->addr, sizeof(cp->addr));
5e762444 4009
09fd0de5 4010 hci_dev_unlock(hdev);
7fbec224
AJ		 4011
4012 return err;
4013}
4014
cdbaccca
MH		 4015static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4016 u16 len)
4017{
4018 struct mgmt_cp_set_device_id *cp = data;
890ea898 4019 struct hci_request req;
cdbaccca 4020 int err;
c72d4b8a 4021 __u16 source;
cdbaccca
MH		 4022
4023 BT_DBG("%s", hdev->name);
4024
c72d4b8a
SJ		 4025 source = __le16_to_cpu(cp->source);
4026
4027 if (source > 0x0002)
4028 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4029 MGMT_STATUS_INVALID_PARAMS);
4030
cdbaccca
MH		 4031 hci_dev_lock(hdev);
4032
c72d4b8a 4033 hdev->devid_source = source;
cdbaccca
MH		 4034 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4035 hdev->devid_product = __le16_to_cpu(cp->product);
4036 hdev->devid_version = __le16_to_cpu(cp->version);
4037
4038 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4039
890ea898
JH		 4040 hci_req_init(&req, hdev);
4041 update_eir(&req);
4042 hci_req_run(&req, NULL);
cdbaccca
MH		 4043
4044 hci_dev_unlock(hdev);
4045
4046 return err;
4047}
4048
4375f103
JH		 4049static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4050{
4051 struct cmd_lookup match = { NULL, hdev };
4052
4053 if (status) {
4054 u8 mgmt_err = mgmt_status(status);
4055
4056 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4057 cmd_status_rsp, &mgmt_err);
4058 return;
4059 }
4060
c93bd150
JH		 4061 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4062 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4063 else
4064 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4065
4375f103
JH		 4066 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4067 &match);
4068
4069 new_settings(hdev, match.sk);
4070
4071 if (match.sk)
4072 sock_put(match.sk);
4073}
4074
21b5187f
MH		 4075static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4076 u16 len)
4375f103
JH		 4077{
4078 struct mgmt_mode *cp = data;
4079 struct pending_cmd *cmd;
4080 struct hci_request req;
e6fe7986 4081 u8 val, enabled, status;
4375f103
JH		 4082 int err;
4083
4084 BT_DBG("request for %s", hdev->name);
4085
e6fe7986
JH		 4086 status = mgmt_le_support(hdev);
4087 if (status)
4375f103 4088 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 4089 status);
4375f103
JH		 4090
4091 if (cp->val != 0x00 && cp->val != 0x01)
4092 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4093 MGMT_STATUS_INVALID_PARAMS);
4094
4095 hci_dev_lock(hdev);
4096
4097 val = !!cp->val;
f3d3444a 4098 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4099
f74ca9b8
JH		 4100 /* The following conditions are ones which mean that we should
4101 * not do any HCI communication but directly send a mgmt
4102 * response to user space (after toggling the flag if
4103 * necessary).
4104 */
4105 if (!hdev_is_powered(hdev) || val == enabled ||
e8bb6b97
JH		 4106 hci_conn_num(hdev, LE_LINK) > 0 ||
4107 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4108 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4375f103
JH		 4109 bool changed = false;
4110
f3d3444a
JH		 4111 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4112 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4113 changed = true;
4114 }
4115
4116 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4117 if (err < 0)
4118 goto unlock;
4119
4120 if (changed)
4121 err = new_settings(hdev, sk);
4122
4123 goto unlock;
4124 }
4125
4126 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4127 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4128 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4129 MGMT_STATUS_BUSY);
4130 goto unlock;
4131 }
4132
4133 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4134 if (!cmd) {
4135 err = -ENOMEM;
4136 goto unlock;
4137 }
4138
4139 hci_req_init(&req, hdev);
4140
bba3aa55
MH		 4141 if (val)
4142 enable_advertising(&req);
4143 else
4144 disable_advertising(&req);
4375f103
JH		 4145
4146 err = hci_req_run(&req, set_advertising_complete);
4147 if (err < 0)
4148 mgmt_pending_remove(cmd);
4149
4150unlock:
4151 hci_dev_unlock(hdev);
4152 return err;
4153}
4154
d13eafce
MH		 4155static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4156 void *data, u16 len)
4157{
4158 struct mgmt_cp_set_static_address *cp = data;
4159 int err;
4160
4161 BT_DBG("%s", hdev->name);
4162
62af4443 4163 if (!lmp_le_capable(hdev))
d13eafce 4164 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 4165 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4166
4167 if (hdev_is_powered(hdev))
4168 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4169 MGMT_STATUS_REJECTED);
4170
4171 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4172 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4173 return cmd_status(sk, hdev->id,
4174 MGMT_OP_SET_STATIC_ADDRESS,
4175 MGMT_STATUS_INVALID_PARAMS);
4176
4177 /* Two most significant bits shall be set */
4178 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4179 return cmd_status(sk, hdev->id,
4180 MGMT_OP_SET_STATIC_ADDRESS,
4181 MGMT_STATUS_INVALID_PARAMS);
4182 }
4183
4184 hci_dev_lock(hdev);
4185
4186 bacpy(&hdev->static_addr, &cp->bdaddr);
4187
4188 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4189
4190 hci_dev_unlock(hdev);
4191
4192 return err;
4193}
4194
14b49b9a
MH		 4195static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4196 void *data, u16 len)
4197{
4198 struct mgmt_cp_set_scan_params *cp = data;
4199 __u16 interval, window;
4200 int err;
4201
4202 BT_DBG("%s", hdev->name);
4203
4204 if (!lmp_le_capable(hdev))
4205 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4206 MGMT_STATUS_NOT_SUPPORTED);
4207
4208 interval = __le16_to_cpu(cp->interval);
4209
4210 if (interval < 0x0004 || interval > 0x4000)
4211 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4212 MGMT_STATUS_INVALID_PARAMS);
4213
4214 window = __le16_to_cpu(cp->window);
4215
4216 if (window < 0x0004 || window > 0x4000)
4217 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4218 MGMT_STATUS_INVALID_PARAMS);
4219
899e1075
MH		 4220 if (window > interval)
4221 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4222 MGMT_STATUS_INVALID_PARAMS);
4223
14b49b9a
MH		 4224 hci_dev_lock(hdev);
4225
4226 hdev->le_scan_interval = interval;
4227 hdev->le_scan_window = window;
4228
4229 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4230
dd2ef8e2
AG		 4231 /* If background scan is running, restart it so new parameters are
4232 * loaded.
4233 */
4234 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4235 hdev->discovery.state == DISCOVERY_STOPPED) {
4236 struct hci_request req;
4237
4238 hci_req_init(&req, hdev);
4239
4240 hci_req_add_le_scan_disable(&req);
4241 hci_req_add_le_passive_scan(&req);
4242
4243 hci_req_run(&req, NULL);
4244 }
4245
14b49b9a
MH		 4246 hci_dev_unlock(hdev);
4247
4248 return err;
4249}
4250
33e38b3e
JH		 4251static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4252{
4253 struct pending_cmd *cmd;
4254
4255 BT_DBG("status 0x%02x", status);
4256
4257 hci_dev_lock(hdev);
4258
4259 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4260 if (!cmd)
4261 goto unlock;
4262
4263 if (status) {
4264 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4265 mgmt_status(status));
4266 } else {
1a4d3c4b
JH		 4267 struct mgmt_mode *cp = cmd->param;
4268
4269 if (cp->val)
4270 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4271 else
4272 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4273
33e38b3e
JH		 4274 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4275 new_settings(hdev, cmd->sk);
4276 }
4277
4278 mgmt_pending_remove(cmd);
4279
4280unlock:
4281 hci_dev_unlock(hdev);
4282}
4283
bdb6d971 4284static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4285 void *data, u16 len)
f6422ec6 4286{
650f726d 4287 struct mgmt_mode *cp = data;
33e38b3e
JH		 4288 struct pending_cmd *cmd;
4289 struct hci_request req;
f6422ec6
AJ		 4290 int err;
4291
bdb6d971 4292 BT_DBG("%s", hdev->name);
f6422ec6 4293
56f87901
JH		 4294 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4295 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4296 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4297 MGMT_STATUS_NOT_SUPPORTED);
4298
a7e80f25
JH		 4299 if (cp->val != 0x00 && cp->val != 0x01)
4300 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4301 MGMT_STATUS_INVALID_PARAMS);
4302
5400c044 4303 if (!hdev_is_powered(hdev))
bdb6d971 4304 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4305 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4306
4307 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4308 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4309 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4310
4311 hci_dev_lock(hdev);
4312
05cbf29f
JH		 4313 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4314 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4315 MGMT_STATUS_BUSY);
4316 goto unlock;
4317 }
4318
1a4d3c4b
JH		 4319 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4320 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4321 hdev);
4322 goto unlock;
4323 }
4324
33e38b3e
JH		 4325 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4326 data, len);
4327 if (!cmd) {
4328 err = -ENOMEM;
4329 goto unlock;
f6422ec6
AJ		 4330 }
4331
33e38b3e
JH		 4332 hci_req_init(&req, hdev);
4333
406d7804 4334 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4335
4336 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4337 if (err < 0) {
bdb6d971 4338 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4339 MGMT_STATUS_FAILED);
33e38b3e 4340 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4341 }
4342
33e38b3e 4343unlock:
f6422ec6 4344 hci_dev_unlock(hdev);
33e38b3e 4345
f6422ec6
AJ		 4346 return err;
4347}
4348
67e5a7a3
JH		 4349static void set_bredr_scan(struct hci_request *req)
4350{
4351 struct hci_dev *hdev = req->hdev;
4352 u8 scan = 0;
4353
4354 /* Ensure that fast connectable is disabled. This function will
4355 * not do anything if the page scan parameters are already what
4356 * they should be.
4357 */
4358 write_fast_connectable(req, false);
4359
6cebb9e7
JH		 4360 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags) ||
4361 !list_empty(&hdev->whitelist))
67e5a7a3
JH		 4362 scan |= SCAN_PAGE;
4363 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4364 scan |= SCAN_INQUIRY;
4365
4366 if (scan)
4367 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4368}
4369
0663ca2a
JH		 4370static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4371{
4372 struct pending_cmd *cmd;
4373
4374 BT_DBG("status 0x%02x", status);
4375
4376 hci_dev_lock(hdev);
4377
4378 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4379 if (!cmd)
4380 goto unlock;
4381
4382 if (status) {
4383 u8 mgmt_err = mgmt_status(status);
4384
4385 /* We need to restore the flag if related HCI commands
4386 * failed.
4387 */
4388 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4389
4390 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4391 } else {
4392 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4393 new_settings(hdev, cmd->sk);
4394 }
4395
4396 mgmt_pending_remove(cmd);
4397
4398unlock:
4399 hci_dev_unlock(hdev);
4400}
4401
4402static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4403{
4404 struct mgmt_mode *cp = data;
4405 struct pending_cmd *cmd;
4406 struct hci_request req;
4407 int err;
4408
4409 BT_DBG("request for %s", hdev->name);
4410
4411 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4412 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4413 MGMT_STATUS_NOT_SUPPORTED);
4414
4415 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4416 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4417 MGMT_STATUS_REJECTED);
4418
4419 if (cp->val != 0x00 && cp->val != 0x01)
4420 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4421 MGMT_STATUS_INVALID_PARAMS);
4422
4423 hci_dev_lock(hdev);
4424
4425 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4426 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4427 goto unlock;
4428 }
4429
4430 if (!hdev_is_powered(hdev)) {
4431 if (!cp->val) {
0663ca2a
JH		 4432 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4433 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4434 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4435 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4436 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4437 }
4438
4439 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4440
4441 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4442 if (err < 0)
4443 goto unlock;
4444
4445 err = new_settings(hdev, sk);
4446 goto unlock;
4447 }
4448
4449 /* Reject disabling when powered on */
4450 if (!cp->val) {
4451 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4452 MGMT_STATUS_REJECTED);
4453 goto unlock;
4454 }
4455
4456 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4457 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4458 MGMT_STATUS_BUSY);
4459 goto unlock;
4460 }
4461
4462 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4463 if (!cmd) {
4464 err = -ENOMEM;
4465 goto unlock;
4466 }
4467
5947f4bc 4468 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4469 * generates the correct flags.
4470 */
4471 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4472
4473 hci_req_init(&req, hdev);
aa8af46e 4474
6cebb9e7
JH		 4475 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags) ||
4476 !list_empty(&hdev->whitelist))
aa8af46e
JH		 4477 set_bredr_scan(&req);
4478
f14d8f64
MH		 4479 /* Since only the advertising data flags will change, there
4480 * is no need to update the scan response data.
4481 */
5947f4bc 4482 update_adv_data(&req);
aa8af46e 4483
0663ca2a
JH		 4484 err = hci_req_run(&req, set_bredr_complete);
4485 if (err < 0)
4486 mgmt_pending_remove(cmd);
4487
4488unlock:
4489 hci_dev_unlock(hdev);
4490 return err;
4491}
4492
eac83dc6
MH		 4493static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4494 void *data, u16 len)
4495{
4496 struct mgmt_mode *cp = data;
4497 struct pending_cmd *cmd;
0ab04a9c 4498 u8 val, status;
eac83dc6
MH		 4499 int err;
4500
4501 BT_DBG("request for %s", hdev->name);
4502
4503 status = mgmt_bredr_support(hdev);
4504 if (status)
4505 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4506 status);
4507
5afeac14 4508 if (!lmp_sc_capable(hdev) &&
111902f7 4509 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4510 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4511 MGMT_STATUS_NOT_SUPPORTED);
4512
0ab04a9c 4513 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4514 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4515 MGMT_STATUS_INVALID_PARAMS);
4516
4517 hci_dev_lock(hdev);
4518
4519 if (!hdev_is_powered(hdev)) {
4520 bool changed;
4521
0ab04a9c 4522 if (cp->val) {
eac83dc6
MH		 4523 changed = !test_and_set_bit(HCI_SC_ENABLED,
4524 &hdev->dev_flags);
0ab04a9c
MH		 4525 if (cp->val == 0x02)
4526 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4527 else
4528 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4529 } else {
eac83dc6
MH		 4530 changed = test_and_clear_bit(HCI_SC_ENABLED,
4531 &hdev->dev_flags);
0ab04a9c
MH		 4532 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4533 }
eac83dc6
MH		 4534
4535 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4536 if (err < 0)
4537 goto failed;
4538
4539 if (changed)
4540 err = new_settings(hdev, sk);
4541
4542 goto failed;
4543 }
4544
4545 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4546 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4547 MGMT_STATUS_BUSY);
4548 goto failed;
4549 }
4550
0ab04a9c
MH		 4551 val = !!cp->val;
4552
4553 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4554 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4555 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4556 goto failed;
4557 }
4558
4559 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4560 if (!cmd) {
4561 err = -ENOMEM;
4562 goto failed;
4563 }
4564
0ab04a9c 4565 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4566 if (err < 0) {
4567 mgmt_pending_remove(cmd);
4568 goto failed;
4569 }
4570
0ab04a9c
MH		 4571 if (cp->val == 0x02)
4572 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4573 else
4574 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4575
eac83dc6
MH		 4576failed:
4577 hci_dev_unlock(hdev);
4578 return err;
4579}
4580
4e39ac81
MH		 4581static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4582 void *data, u16 len)
4583{
4584 struct mgmt_mode *cp = data;
b9710979 4585 bool changed, use_changed;
4e39ac81
MH		 4586 int err;
4587
4588 BT_DBG("request for %s", hdev->name);
4589
b9710979 4590 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4591 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4592 MGMT_STATUS_INVALID_PARAMS);
4593
4594 hci_dev_lock(hdev);
4595
4596 if (cp->val)
0663b297
JH		 4597 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4598 &hdev->dev_flags);
4e39ac81 4599 else
0663b297
JH		 4600 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4601 &hdev->dev_flags);
4e39ac81 4602
b9710979
JH		 4603 if (cp->val == 0x02)
4604 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4605 &hdev->dev_flags);
4606 else
4607 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4608 &hdev->dev_flags);
4609
4610 if (hdev_is_powered(hdev) && use_changed &&
4611 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4612 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4613 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4614 sizeof(mode), &mode);
4615 }
4616
4e39ac81
MH		 4617 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4618 if (err < 0)
4619 goto unlock;
4620
4621 if (changed)
4622 err = new_settings(hdev, sk);
4623
4624unlock:
4625 hci_dev_unlock(hdev);
4626 return err;
4627}
4628
62b04cd1
JH		 4629static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4630 u16 len)
4631{
4632 struct mgmt_cp_set_privacy *cp = cp_data;
4633 bool changed;
4634 int err;
4635
4636 BT_DBG("request for %s", hdev->name);
4637
4638 if (!lmp_le_capable(hdev))
4639 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4640 MGMT_STATUS_NOT_SUPPORTED);
4641
4642 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4643 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4644 MGMT_STATUS_INVALID_PARAMS);
4645
4646 if (hdev_is_powered(hdev))
4647 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4648 MGMT_STATUS_REJECTED);
4649
4650 hci_dev_lock(hdev);
4651
c21c0ea0
JH		 4652 /* If user space supports this command it is also expected to
4653 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4654 */
4655 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4656
62b04cd1
JH		 4657 if (cp->privacy) {
4658 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4659 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4660 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4661 } else {
4662 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4663 memset(hdev->irk, 0, sizeof(hdev->irk));
4664 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4665 }
4666
4667 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4668 if (err < 0)
4669 goto unlock;
4670
4671 if (changed)
4672 err = new_settings(hdev, sk);
4673
4674unlock:
4675 hci_dev_unlock(hdev);
4676 return err;
4677}
4678
41edf160
JH		 4679static bool irk_is_valid(struct mgmt_irk_info *irk)
4680{
4681 switch (irk->addr.type) {
4682 case BDADDR_LE_PUBLIC:
4683 return true;
4684
4685 case BDADDR_LE_RANDOM:
4686 /* Two most significant bits shall be set */
4687 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4688 return false;
4689 return true;
4690 }
4691
4692 return false;
4693}
4694
4695static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4696 u16 len)
4697{
4698 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4699 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4700 sizeof(struct mgmt_irk_info));
41edf160
JH		 4701 u16 irk_count, expected_len;
4702 int i, err;
4703
4704 BT_DBG("request for %s", hdev->name);
4705
4706 if (!lmp_le_capable(hdev))
4707 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4708 MGMT_STATUS_NOT_SUPPORTED);
4709
4710 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4711 if (irk_count > max_irk_count) {
4712 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4713 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4714 MGMT_STATUS_INVALID_PARAMS);
4715 }
41edf160
JH		 4716
4717 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4718 if (expected_len != len) {
4719 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4720 expected_len, len);
41edf160
JH		 4721 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4722 MGMT_STATUS_INVALID_PARAMS);
4723 }
4724
4725 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4726
4727 for (i = 0; i < irk_count; i++) {
4728 struct mgmt_irk_info *key = &cp->irks[i];
4729
4730 if (!irk_is_valid(key))
4731 return cmd_status(sk, hdev->id,
4732 MGMT_OP_LOAD_IRKS,
4733 MGMT_STATUS_INVALID_PARAMS);
4734 }
4735
4736 hci_dev_lock(hdev);
4737
4738 hci_smp_irks_clear(hdev);
4739
4740 for (i = 0; i < irk_count; i++) {
4741 struct mgmt_irk_info *irk = &cp->irks[i];
4742 u8 addr_type;
4743
4744 if (irk->addr.type == BDADDR_LE_PUBLIC)
4745 addr_type = ADDR_LE_DEV_PUBLIC;
4746 else
4747 addr_type = ADDR_LE_DEV_RANDOM;
4748
4749 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4750 BDADDR_ANY);
4751 }
4752
4753 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4754
4755 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4756
4757 hci_dev_unlock(hdev);
4758
4759 return err;
4760}
4761
3f706b72
JH		 4762static bool ltk_is_valid(struct mgmt_ltk_info *key)
4763{
4764 if (key->master != 0x00 && key->master != 0x01)
4765 return false;
490cb0b3
MH		 4766
4767 switch (key->addr.type) {
4768 case BDADDR_LE_PUBLIC:
4769 return true;
4770
4771 case BDADDR_LE_RANDOM:
4772 /* Two most significant bits shall be set */
4773 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4774 return false;
4775 return true;
4776 }
4777
4778 return false;
3f706b72
JH		 4779}
4780
bdb6d971 4781static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4782 void *cp_data, u16 len)
346af67b 4783{
346af67b 4784 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4785 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4786 sizeof(struct mgmt_ltk_info));
346af67b 4787 u16 key_count, expected_len;
715a5bf2 4788 int i, err;
346af67b 4789
cf99ba13
MH		 4790 BT_DBG("request for %s", hdev->name);
4791
4792 if (!lmp_le_capable(hdev))
4793 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4794 MGMT_STATUS_NOT_SUPPORTED);
4795
1f350c87 4796 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4797 if (key_count > max_key_count) {
4798 BT_ERR("load_ltks: too big key_count value %u", key_count);
4799 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4800 MGMT_STATUS_INVALID_PARAMS);
4801 }
346af67b
VCG		 4802
4803 expected_len = sizeof(*cp) + key_count *
4804 sizeof(struct mgmt_ltk_info);
4805 if (expected_len != len) {
4806 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4807 expected_len, len);
bdb6d971 4808 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4809 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4810 }
4811
bdb6d971 4812 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4813
54ad6d8a
JH		 4814 for (i = 0; i < key_count; i++) {
4815 struct mgmt_ltk_info *key = &cp->keys[i];
4816
3f706b72 4817 if (!ltk_is_valid(key))
54ad6d8a
JH		 4818 return cmd_status(sk, hdev->id,
4819 MGMT_OP_LOAD_LONG_TERM_KEYS,
4820 MGMT_STATUS_INVALID_PARAMS);
4821 }
4822
346af67b
VCG		 4823 hci_dev_lock(hdev);
4824
4825 hci_smp_ltks_clear(hdev);
4826
4827 for (i = 0; i < key_count; i++) {
4828 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4829 u8 type, addr_type, authenticated;
79d95a19
MH		 4830
4831 if (key->addr.type == BDADDR_LE_PUBLIC)
4832 addr_type = ADDR_LE_DEV_PUBLIC;
4833 else
4834 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4835
4836 if (key->master)
2ceba539 4837 type = SMP_LTK;
346af67b 4838 else
2ceba539 4839 type = SMP_LTK_SLAVE;
346af67b 4840
61b43357
JH		 4841 switch (key->type) {
4842 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4843 authenticated = 0x00;
61b43357
JH		 4844 break;
4845 case MGMT_LTK_AUTHENTICATED:
d7b25450 4846 authenticated = 0x01;
61b43357
JH		 4847 break;
4848 default:
4849 continue;
4850 }
d7b25450 4851
35d70271 4852 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4853 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4854 key->rand);
346af67b
VCG		 4855 }
4856
715a5bf2
JH		 4857 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4858 NULL, 0);
4859
346af67b 4860 hci_dev_unlock(hdev);
346af67b 4861
715a5bf2 4862 return err;
346af67b
VCG		 4863}
4864
dd983808
AK		 4865struct cmd_conn_lookup {
4866 struct hci_conn *conn;
4867 bool valid_tx_power;
4868 u8 mgmt_status;
4869};
4870
4871static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4872{
4873 struct cmd_conn_lookup *match = data;
4874 struct mgmt_cp_get_conn_info *cp;
4875 struct mgmt_rp_get_conn_info rp;
4876 struct hci_conn *conn = cmd->user_data;
4877
4878 if (conn != match->conn)
4879 return;
4880
4881 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4882
4883 memset(&rp, 0, sizeof(rp));
4884 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4885 rp.addr.type = cp->addr.type;
4886
4887 if (!match->mgmt_status) {
4888 rp.rssi = conn->rssi;
4889
eed5daf3 4890 if (match->valid_tx_power) {
dd983808 4891 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4892 rp.max_tx_power = conn->max_tx_power;
4893 } else {
dd983808 4894 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4895 rp.max_tx_power = HCI_TX_POWER_INVALID;
4896 }
dd983808
AK		 4897 }
4898
4899 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4900 match->mgmt_status, &rp, sizeof(rp));
4901
4902 hci_conn_drop(conn);
4903
4904 mgmt_pending_remove(cmd);
4905}
4906
4907static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4908{
4909 struct hci_cp_read_rssi *cp;
4910 struct hci_conn *conn;
4911 struct cmd_conn_lookup match;
4912 u16 handle;
4913
4914 BT_DBG("status 0x%02x", status);
4915
4916 hci_dev_lock(hdev);
4917
4918 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4919 * otherwise we assume it's not valid. At the moment we assume that
4920 * either both or none of current and max values are valid to keep code
4921 * simple.
dd983808
AK		 4922 */
4923 match.valid_tx_power = !status;
4924
4925 /* Commands sent in request are either Read RSSI or Read Transmit Power
4926 * Level so we check which one was last sent to retrieve connection
4927 * handle. Both commands have handle as first parameter so it's safe to
4928 * cast data on the same command struct.
4929 *
4930 * First command sent is always Read RSSI and we fail only if it fails.
4931 * In other case we simply override error to indicate success as we
4932 * already remembered if TX power value is actually valid.
4933 */
4934 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4935 if (!cp) {
4936 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4937 status = 0;
4938 }
4939
4940 if (!cp) {
4941 BT_ERR("invalid sent_cmd in response");
4942 goto unlock;
4943 }
4944
4945 handle = __le16_to_cpu(cp->handle);
4946 conn = hci_conn_hash_lookup_handle(hdev, handle);
4947 if (!conn) {
4948 BT_ERR("unknown handle (%d) in response", handle);
4949 goto unlock;
4950 }
4951
4952 match.conn = conn;
4953 match.mgmt_status = mgmt_status(status);
4954
4955 /* Cache refresh is complete, now reply for mgmt request for given
4956 * connection only.
4957 */
4958 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4959 get_conn_info_complete, &match);
4960
4961unlock:
4962 hci_dev_unlock(hdev);
4963}
4964
4965static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4966 u16 len)
4967{
4968 struct mgmt_cp_get_conn_info *cp = data;
4969 struct mgmt_rp_get_conn_info rp;
4970 struct hci_conn *conn;
4971 unsigned long conn_info_age;
4972 int err = 0;
4973
4974 BT_DBG("%s", hdev->name);
4975
4976 memset(&rp, 0, sizeof(rp));
4977 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4978 rp.addr.type = cp->addr.type;
4979
4980 if (!bdaddr_type_is_valid(cp->addr.type))
4981 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4982 MGMT_STATUS_INVALID_PARAMS,
4983 &rp, sizeof(rp));
4984
4985 hci_dev_lock(hdev);
4986
4987 if (!hdev_is_powered(hdev)) {
4988 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4989 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4990 goto unlock;
4991 }
4992
4993 if (cp->addr.type == BDADDR_BREDR)
4994 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4995 &cp->addr.bdaddr);
4996 else
4997 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4998
4999 if (!conn || conn->state != BT_CONNECTED) {
5000 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5001 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
5002 goto unlock;
5003 }
5004
5005 /* To avoid client trying to guess when to poll again for information we
5006 * calculate conn info age as random value between min/max set in hdev.
5007 */
5008 conn_info_age = hdev->conn_info_min_age +
5009 prandom_u32_max(hdev->conn_info_max_age -
5010 hdev->conn_info_min_age);
5011
5012 /* Query controller to refresh cached values if they are too old or were
5013 * never read.
5014 */
f4e2dd53
AK		 5015 if (time_after(jiffies, conn->conn_info_timestamp +
5016 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5017 !conn->conn_info_timestamp) {
5018 struct hci_request req;
5019 struct hci_cp_read_tx_power req_txp_cp;
5020 struct hci_cp_read_rssi req_rssi_cp;
5021 struct pending_cmd *cmd;
5022
5023 hci_req_init(&req, hdev);
5024 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5025 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5026 &req_rssi_cp);
5027
f7faab0c
AK		 5028 /* For LE links TX power does not change thus we don't need to
5029 * query for it once value is known.
5030 */
5031 if (!bdaddr_type_is_le(cp->addr.type) ||
5032 conn->tx_power == HCI_TX_POWER_INVALID) {
5033 req_txp_cp.handle = cpu_to_le16(conn->handle);
5034 req_txp_cp.type = 0x00;
5035 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5036 sizeof(req_txp_cp), &req_txp_cp);
5037 }
dd983808 5038
eed5daf3
AK		 5039 /* Max TX power needs to be read only once per connection */
5040 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5041 req_txp_cp.handle = cpu_to_le16(conn->handle);
5042 req_txp_cp.type = 0x01;
5043 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5044 sizeof(req_txp_cp), &req_txp_cp);
5045 }
5046
dd983808
AK		 5047 err = hci_req_run(&req, conn_info_refresh_complete);
5048 if (err < 0)
5049 goto unlock;
5050
5051 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5052 data, len);
5053 if (!cmd) {
5054 err = -ENOMEM;
5055 goto unlock;
5056 }
5057
5058 hci_conn_hold(conn);
5059 cmd->user_data = conn;
5060
5061 conn->conn_info_timestamp = jiffies;
5062 } else {
5063 /* Cache is valid, just reply with values cached in hci_conn */
5064 rp.rssi = conn->rssi;
5065 rp.tx_power = conn->tx_power;
eed5daf3 5066 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 5067
5068 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5069 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5070 }
5071
5072unlock:
5073 hci_dev_unlock(hdev);
5074 return err;
5075}
5076
95868426
JH		 5077static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5078{
5079 struct mgmt_cp_get_clock_info *cp;
5080 struct mgmt_rp_get_clock_info rp;
5081 struct hci_cp_read_clock *hci_cp;
5082 struct pending_cmd *cmd;
5083 struct hci_conn *conn;
5084
5085 BT_DBG("%s status %u", hdev->name, status);
5086
5087 hci_dev_lock(hdev);
5088
5089 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5090 if (!hci_cp)
5091 goto unlock;
5092
5093 if (hci_cp->which) {
5094 u16 handle = __le16_to_cpu(hci_cp->handle);
5095 conn = hci_conn_hash_lookup_handle(hdev, handle);
5096 } else {
5097 conn = NULL;
5098 }
5099
5100 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5101 if (!cmd)
5102 goto unlock;
5103
5104 cp = cmd->param;
5105
5106 memset(&rp, 0, sizeof(rp));
5107 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
5108
5109 if (status)
5110 goto send_rsp;
5111
5112 rp.local_clock = cpu_to_le32(hdev->clock);
5113
5114 if (conn) {
5115 rp.piconet_clock = cpu_to_le32(conn->clock);
5116 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5117 }
5118
5119send_rsp:
5120 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
5121 &rp, sizeof(rp));
5122 mgmt_pending_remove(cmd);
5123 if (conn)
5124 hci_conn_drop(conn);
5125
5126unlock:
5127 hci_dev_unlock(hdev);
5128}
5129
5130static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5131 u16 len)
5132{
5133 struct mgmt_cp_get_clock_info *cp = data;
5134 struct mgmt_rp_get_clock_info rp;
5135 struct hci_cp_read_clock hci_cp;
5136 struct pending_cmd *cmd;
5137 struct hci_request req;
5138 struct hci_conn *conn;
5139 int err;
5140
5141 BT_DBG("%s", hdev->name);
5142
5143 memset(&rp, 0, sizeof(rp));
5144 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5145 rp.addr.type = cp->addr.type;
5146
5147 if (cp->addr.type != BDADDR_BREDR)
5148 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5149 MGMT_STATUS_INVALID_PARAMS,
5150 &rp, sizeof(rp));
5151
5152 hci_dev_lock(hdev);
5153
5154 if (!hdev_is_powered(hdev)) {
5155 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5156 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5157 goto unlock;
5158 }
5159
5160 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5161 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5162 &cp->addr.bdaddr);
5163 if (!conn || conn->state != BT_CONNECTED) {
5164 err = cmd_complete(sk, hdev->id,
5165 MGMT_OP_GET_CLOCK_INFO,
5166 MGMT_STATUS_NOT_CONNECTED,
5167 &rp, sizeof(rp));
5168 goto unlock;
5169 }
5170 } else {
5171 conn = NULL;
5172 }
5173
5174 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5175 if (!cmd) {
5176 err = -ENOMEM;
5177 goto unlock;
5178 }
5179
5180 hci_req_init(&req, hdev);
5181
5182 memset(&hci_cp, 0, sizeof(hci_cp));
5183 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5184
5185 if (conn) {
5186 hci_conn_hold(conn);
5187 cmd->user_data = conn;
5188
5189 hci_cp.handle = cpu_to_le16(conn->handle);
5190 hci_cp.which = 0x01; /* Piconet clock */
5191 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5192 }
5193
5194 err = hci_req_run(&req, get_clock_info_complete);
5195 if (err < 0)
5196 mgmt_pending_remove(cmd);
5197
5198unlock:
5199 hci_dev_unlock(hdev);
5200 return err;
5201}
5202
a397407f
JH		 5203/* Helper for Add/Remove Device commands */
5204static void update_page_scan(struct hci_dev *hdev, u8 scan)
5205{
5206 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5207 return;
5208
5209 if (!hdev_is_powered(hdev))
5210 return;
5211
5212 /* If HCI_CONNECTABLE is set then Add/Remove Device should not
5213 * make any changes to page scanning.
5214 */
5215 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
5216 return;
5217
5218 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
5219 scan |= SCAN_INQUIRY;
5220
5221 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
5222}
5223
8afef092
MH		 5224static void device_added(struct sock *sk, struct hci_dev *hdev,
5225 bdaddr_t *bdaddr, u8 type, u8 action)
5226{
5227 struct mgmt_ev_device_added ev;
5228
5229 bacpy(&ev.addr.bdaddr, bdaddr);
5230 ev.addr.type = type;
5231 ev.action = action;
5232
5233 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5234}
5235
2faade53
MH		 5236static int add_device(struct sock *sk, struct hci_dev *hdev,
5237 void *data, u16 len)
5238{
5239 struct mgmt_cp_add_device *cp = data;
5240 u8 auto_conn, addr_type;
5241 int err;
5242
5243 BT_DBG("%s", hdev->name);
5244
6659358e 5245 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53
MH		 5246 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5247 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5248 MGMT_STATUS_INVALID_PARAMS,
5249 &cp->addr, sizeof(cp->addr));
5250
5251 if (cp->action != 0x00 && cp->action != 0x01)
5252 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5253 MGMT_STATUS_INVALID_PARAMS,
5254 &cp->addr, sizeof(cp->addr));
5255
5256 hci_dev_lock(hdev);
5257
6659358e 5258 if (cp->addr.type == BDADDR_BREDR) {
a397407f
JH		 5259 bool update_scan;
5260
6659358e
JH		 5261 /* Only "connect" action supported for now */
5262 if (cp->action != 0x01) {
5263 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5264 MGMT_STATUS_INVALID_PARAMS,
5265 &cp->addr, sizeof(cp->addr));
5266 goto unlock;
5267 }
5268
a397407f
JH		 5269 update_scan = list_empty(&hdev->whitelist);
5270
6659358e
JH		 5271 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5272 cp->addr.type);
5273 if (err)
5274 goto unlock;
a397407f
JH		 5275
5276 if (update_scan)
5277 update_page_scan(hdev, SCAN_PAGE);
5278
6659358e
JH		 5279 goto added;
5280 }
5281
2faade53
MH		 5282 if (cp->addr.type == BDADDR_LE_PUBLIC)
5283 addr_type = ADDR_LE_DEV_PUBLIC;
5284 else
5285 addr_type = ADDR_LE_DEV_RANDOM;
5286
5287 if (cp->action)
5288 auto_conn = HCI_AUTO_CONN_ALWAYS;
5289 else
a3451d27 5290 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5291
bf5b3c8b
MH		 5292 /* If the connection parameters don't exist for this device,
5293 * they will be created and configured with defaults.
5294 */
d06b50ce
MH		 5295 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5296 auto_conn) < 0) {
2faade53
MH		 5297 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5298 MGMT_STATUS_FAILED,
5299 &cp->addr, sizeof(cp->addr));
5300 goto unlock;
5301 }
5302
6659358e 5303added:
8afef092
MH		 5304 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5305
2faade53
MH		 5306 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5307 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5308
5309unlock:
5310 hci_dev_unlock(hdev);
5311 return err;
5312}
5313
8afef092
MH		 5314static void device_removed(struct sock *sk, struct hci_dev *hdev,
5315 bdaddr_t *bdaddr, u8 type)
5316{
5317 struct mgmt_ev_device_removed ev;
5318
5319 bacpy(&ev.addr.bdaddr, bdaddr);
5320 ev.addr.type = type;
5321
5322 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5323}
5324
2faade53
MH		 5325static int remove_device(struct sock *sk, struct hci_dev *hdev,
5326 void *data, u16 len)
5327{
5328 struct mgmt_cp_remove_device *cp = data;
5329 int err;
5330
5331 BT_DBG("%s", hdev->name);
5332
5333 hci_dev_lock(hdev);
5334
5335 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5336 struct hci_conn_params *params;
2faade53
MH		 5337 u8 addr_type;
5338
6659358e 5339 if (!bdaddr_type_is_valid(cp->addr.type)) {
2faade53
MH		 5340 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5341 MGMT_STATUS_INVALID_PARAMS,
5342 &cp->addr, sizeof(cp->addr));
5343 goto unlock;
5344 }
5345
6659358e
JH		 5346 if (cp->addr.type == BDADDR_BREDR) {
5347 err = hci_bdaddr_list_del(&hdev->whitelist,
5348 &cp->addr.bdaddr,
5349 cp->addr.type);
5350 if (err) {
5351 err = cmd_complete(sk, hdev->id,
5352 MGMT_OP_REMOVE_DEVICE,
5353 MGMT_STATUS_INVALID_PARAMS,
5354 &cp->addr, sizeof(cp->addr));
5355 goto unlock;
5356 }
5357
a397407f
JH		 5358 if (list_empty(&hdev->whitelist))
5359 update_page_scan(hdev, SCAN_DISABLED);
5360
6659358e
JH		 5361 device_removed(sk, hdev, &cp->addr.bdaddr,
5362 cp->addr.type);
5363 goto complete;
5364 }
5365
2faade53
MH		 5366 if (cp->addr.type == BDADDR_LE_PUBLIC)
5367 addr_type = ADDR_LE_DEV_PUBLIC;
5368 else
5369 addr_type = ADDR_LE_DEV_RANDOM;
5370
c71593dd
JH		 5371 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5372 addr_type);
5373 if (!params) {
5374 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5375 MGMT_STATUS_INVALID_PARAMS,
5376 &cp->addr, sizeof(cp->addr));
5377 goto unlock;
5378 }
5379
5380 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5381 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5382 MGMT_STATUS_INVALID_PARAMS,
5383 &cp->addr, sizeof(cp->addr));
5384 goto unlock;
5385 }
5386
d1dbf12e 5387 list_del(&params->action);
c71593dd
JH		 5388 list_del(&params->list);
5389 kfree(params);
95305baa 5390 hci_update_background_scan(hdev);
8afef092
MH		 5391
5392 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5393 } else {
19de0825 5394 struct hci_conn_params *p, *tmp;
6659358e 5395 struct bdaddr_list *b, *btmp;
19de0825 5396
2faade53
MH		 5397 if (cp->addr.type) {
5398 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5399 MGMT_STATUS_INVALID_PARAMS,
5400 &cp->addr, sizeof(cp->addr));
5401 goto unlock;
5402 }
5403
6659358e
JH		 5404 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5405 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5406 list_del(&b->list);
5407 kfree(b);
5408 }
5409
a397407f
JH		 5410 update_page_scan(hdev, SCAN_DISABLED);
5411
19de0825
JH		 5412 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5413 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5414 continue;
5415 device_removed(sk, hdev, &p->addr, p->addr_type);
5416 list_del(&p->action);
5417 list_del(&p->list);
5418 kfree(p);
5419 }
5420
5421 BT_DBG("All LE connection parameters were removed");
5422
5423 hci_update_background_scan(hdev);
2faade53
MH		 5424 }
5425
6659358e 5426complete:
2faade53
MH		 5427 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5428 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5429
5430unlock:
5431 hci_dev_unlock(hdev);
5432 return err;
5433}
5434
a26f3dcf
JH		 5435static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5436 u16 len)
5437{
5438 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5439 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5440 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5441 u16 param_count, expected_len;
5442 int i;
5443
5444 if (!lmp_le_capable(hdev))
5445 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5446 MGMT_STATUS_NOT_SUPPORTED);
5447
5448 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5449 if (param_count > max_param_count) {
5450 BT_ERR("load_conn_param: too big param_count value %u",
5451 param_count);
5452 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5453 MGMT_STATUS_INVALID_PARAMS);
5454 }
a26f3dcf
JH		 5455
5456 expected_len = sizeof(*cp) + param_count *
5457 sizeof(struct mgmt_conn_param);
5458 if (expected_len != len) {
5459 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5460 expected_len, len);
5461 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5462 MGMT_STATUS_INVALID_PARAMS);
5463 }
5464
5465 BT_DBG("%s param_count %u", hdev->name, param_count);
5466
5467 hci_dev_lock(hdev);
5468
5469 hci_conn_params_clear_disabled(hdev);
5470
5471 for (i = 0; i < param_count; i++) {
5472 struct mgmt_conn_param *param = &cp->params[i];
5473 struct hci_conn_params *hci_param;
5474 u16 min, max, latency, timeout;
5475 u8 addr_type;
5476
5477 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5478 param->addr.type);
5479
5480 if (param->addr.type == BDADDR_LE_PUBLIC) {
5481 addr_type = ADDR_LE_DEV_PUBLIC;
5482 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5483 addr_type = ADDR_LE_DEV_RANDOM;
5484 } else {
5485 BT_ERR("Ignoring invalid connection parameters");
5486 continue;
5487 }
5488
5489 min = le16_to_cpu(param->min_interval);
5490 max = le16_to_cpu(param->max_interval);
5491 latency = le16_to_cpu(param->latency);
5492 timeout = le16_to_cpu(param->timeout);
5493
5494 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5495 min, max, latency, timeout);
5496
5497 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5498 BT_ERR("Ignoring invalid connection parameters");
5499 continue;
5500 }
5501
5502 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5503 addr_type);
5504 if (!hci_param) {
5505 BT_ERR("Failed to add connection parameters");
5506 continue;
5507 }
5508
5509 hci_param->conn_min_interval = min;
5510 hci_param->conn_max_interval = max;
5511 hci_param->conn_latency = latency;
5512 hci_param->supervision_timeout = timeout;
5513 }
5514
5515 hci_dev_unlock(hdev);
5516
5517 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5518}
5519
dbece37a
MH		 5520static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5521 void *data, u16 len)
5522{
5523 struct mgmt_cp_set_external_config *cp = data;
5524 bool changed;
5525 int err;
5526
5527 BT_DBG("%s", hdev->name);
5528
5529 if (hdev_is_powered(hdev))
5530 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5531 MGMT_STATUS_REJECTED);
5532
5533 if (cp->config != 0x00 && cp->config != 0x01)
5534 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5535 MGMT_STATUS_INVALID_PARAMS);
5536
5537 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5538 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5539 MGMT_STATUS_NOT_SUPPORTED);
5540
5541 hci_dev_lock(hdev);
5542
5543 if (cp->config)
5544 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5545 &hdev->dev_flags);
5546 else
5547 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5548 &hdev->dev_flags);
5549
5550 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5551 if (err < 0)
5552 goto unlock;
5553
5554 if (!changed)
5555 goto unlock;
5556
f4537c04
MH		 5557 err = new_options(hdev, sk);
5558
dbece37a
MH		 5559 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5560 mgmt_index_removed(hdev);
d603b76b
MH		 5561
5562 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5563 set_bit(HCI_CONFIG, &hdev->dev_flags);
5564 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5565
5566 queue_work(hdev->req_workqueue, &hdev->power_on);
5567 } else {
5ea234d3 5568 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5569 mgmt_index_added(hdev);
5570 }
dbece37a
MH		 5571 }
5572
5573unlock:
5574 hci_dev_unlock(hdev);
5575 return err;
5576}
5577
9713c17b
MH		 5578static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5579 void *data, u16 len)
5580{
5581 struct mgmt_cp_set_public_address *cp = data;
5582 bool changed;
5583 int err;
5584
5585 BT_DBG("%s", hdev->name);
5586
5587 if (hdev_is_powered(hdev))
5588 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5589 MGMT_STATUS_REJECTED);
5590
5591 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5592 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5593 MGMT_STATUS_INVALID_PARAMS);
5594
5595 if (!hdev->set_bdaddr)
5596 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5597 MGMT_STATUS_NOT_SUPPORTED);
5598
5599 hci_dev_lock(hdev);
5600
5601 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5602 bacpy(&hdev->public_addr, &cp->bdaddr);
5603
5604 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5605 if (err < 0)
5606 goto unlock;
5607
5608 if (!changed)
5609 goto unlock;
5610
5611 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5612 err = new_options(hdev, sk);
5613
5614 if (is_configured(hdev)) {
5615 mgmt_index_removed(hdev);
5616
5617 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5618
5619 set_bit(HCI_CONFIG, &hdev->dev_flags);
5620 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5621
5622 queue_work(hdev->req_workqueue, &hdev->power_on);
5623 }
5624
5625unlock:
5626 hci_dev_unlock(hdev);
5627 return err;
5628}
5629
2e3c35ea 5630static const struct mgmt_handler {
04124681
GP		 5631 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5632 u16 data_len);
be22b54e
JH		 5633 bool var_len;
5634 size_t data_len;
0f4e68cf
JH		 5635} mgmt_handlers[] = {
5636 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5637 { read_version, false, MGMT_READ_VERSION_SIZE },
5638 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5639 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5640 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5641 { set_powered, false, MGMT_SETTING_SIZE },
5642 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5643 { set_connectable, false, MGMT_SETTING_SIZE },
5644 { set_fast_connectable, false, MGMT_SETTING_SIZE },
5645 { set_pairable, false, MGMT_SETTING_SIZE },
5646 { set_link_security, false, MGMT_SETTING_SIZE },
5647 { set_ssp, false, MGMT_SETTING_SIZE },
5648 { set_hs, false, MGMT_SETTING_SIZE },
5649 { set_le, false, MGMT_SETTING_SIZE },
5650 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5651 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5652 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5653 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5654 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5655 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5656 { disconnect, false, MGMT_DISCONNECT_SIZE },
5657 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5658 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5659 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5660 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5661 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5662 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5663 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5664 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5665 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5666 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5667 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5668 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5669 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5670 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5671 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5672 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5673 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5674 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5675 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5676 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5677 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5678 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5679 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5680 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5681 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5682 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5683 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5684 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5685 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5686 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5687 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5688 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
73d1df2a
MH		 5689 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
5690 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
9fc3bfb6 5691 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
dbece37a 5692 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
9713c17b 5693 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
0f4e68cf
JH		 5694};
5695
0381101f
JH		 5696int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5697{
650f726d
VCG		 5698 void *buf;
5699 u8 *cp;
0381101f 5700 struct mgmt_hdr *hdr;
4e51eae9 5701 u16 opcode, index, len;
bdb6d971 5702 struct hci_dev *hdev = NULL;
2e3c35ea 5703 const struct mgmt_handler *handler;
0381101f
JH		 5704 int err;
5705
5706 BT_DBG("got %zu bytes", msglen);
5707
5708 if (msglen < sizeof(*hdr))
5709 return -EINVAL;
5710
e63a15ec 5711 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5712 if (!buf)
5713 return -ENOMEM;
5714
5715 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5716 err = -EFAULT;
5717 goto done;
5718 }
5719
650f726d 5720 hdr = buf;
1f350c87
MH		 5721 opcode = __le16_to_cpu(hdr->opcode);
5722 index = __le16_to_cpu(hdr->index);
5723 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5724
5725 if (len != msglen - sizeof(*hdr)) {
5726 err = -EINVAL;
5727 goto done;
5728 }
5729
0f4e68cf 5730 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5731 hdev = hci_dev_get(index);
5732 if (!hdev) {
5733 err = cmd_status(sk, index, opcode,
04124681 5734 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5735 goto done;
5736 }
0736cfa8 5737
cebf4cfd 5738 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 5739 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 5740 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 5741 err = cmd_status(sk, index, opcode,
5742 MGMT_STATUS_INVALID_INDEX);
5743 goto done;
5744 }
42a9bc14
MH		 5745
5746 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
dbece37a 5747 opcode != MGMT_OP_READ_CONFIG_INFO &&
9713c17b
MH		 5748 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
5749 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
42a9bc14
MH		 5750 err = cmd_status(sk, index, opcode,
5751 MGMT_STATUS_INVALID_INDEX);
5752 goto done;
5753 }
bdb6d971
JH		 5754 }
5755
0f4e68cf 5756 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5757 mgmt_handlers[opcode].func == NULL) {
0381101f 5758 BT_DBG("Unknown op %u", opcode);
ca69b795 5759 err = cmd_status(sk, index, opcode,
04124681 5760 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5761 goto done;
5762 }
5763
73d1df2a
MH		 5764 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
5765 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5766 err = cmd_status(sk, index, opcode,
5767 MGMT_STATUS_INVALID_INDEX);
5768 goto done;
5769 }
5770
5771 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
5772 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
0f4e68cf 5773 err = cmd_status(sk, index, opcode,
04124681 5774 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5775 goto done;
0381101f
JH		 5776 }
5777
be22b54e
JH		 5778 handler = &mgmt_handlers[opcode];
5779
5780 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5781 (!handler->var_len && len != handler->data_len)) {
be22b54e 5782 err = cmd_status(sk, index, opcode,
04124681 5783 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5784 goto done;
5785 }
5786
0f4e68cf
JH		 5787 if (hdev)
5788 mgmt_init_hdev(sk, hdev);
5789
5790 cp = buf + sizeof(*hdr);
5791
be22b54e 5792 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5793 if (err < 0)
5794 goto done;
5795
0381101f
JH		 5796 err = msglen;
5797
5798done:
bdb6d971
JH		 5799 if (hdev)
5800 hci_dev_put(hdev);
5801
0381101f
JH		 5802 kfree(buf);
5803 return err;
5804}
c71e97bf 5805
bf6b56db 5806void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 5807{
1514b892 5808 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5809 return;
bb4b2a9a 5810
0602a8ad
MH		 5811 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5812 return;
5813
5814 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5815 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
5816 else
5817 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 5818}
5819
bf6b56db 5820void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 5821{
5f159032 5822 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 5823
1514b892 5824 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5825 return;
bb4b2a9a 5826
0602a8ad
MH		 5827 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5828 return;
5829
744cf19e 5830 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 5831
edd3896b
MH		 5832 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5833 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
5834 else
5835 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 5836}
5837
6046dc3e 5838/* This function requires the caller holds hdev->lock */
d7347f3c 5839static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 5840{
5841 struct hci_conn_params *p;
5842
5843 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 5844 /* Needed for AUTO_OFF case where might not "really"
5845 * have been powered off.
5846 */
5847 list_del_init(&p->action);
5848
5849 switch (p->auto_connect) {
5850 case HCI_AUTO_CONN_ALWAYS:
5851 list_add(&p->action, &hdev->pend_le_conns);
5852 break;
5853 case HCI_AUTO_CONN_REPORT:
5854 list_add(&p->action, &hdev->pend_le_reports);
5855 break;
5856 default:
5857 break;
c83ed19d 5858 }
6046dc3e 5859 }
c83ed19d 5860
c83ed19d 5861 hci_update_background_scan(hdev);
6046dc3e
AG		 5862}
5863
229ab39c
JH		 5864static void powered_complete(struct hci_dev *hdev, u8 status)
5865{
5866 struct cmd_lookup match = { NULL, hdev };
5867
5868 BT_DBG("status 0x%02x", status);
5869
5870 hci_dev_lock(hdev);
5871
d7347f3c 5872 restart_le_actions(hdev);
6046dc3e 5873
229ab39c
JH		 5874 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5875
5876 new_settings(hdev, match.sk);
5877
5878 hci_dev_unlock(hdev);
5879
5880 if (match.sk)
5881 sock_put(match.sk);
5882}
5883
70da6243 5884static int powered_update_hci(struct hci_dev *hdev)
5add6af8 5885{
890ea898 5886 struct hci_request req;
70da6243 5887 u8 link_sec;
5add6af8 5888
890ea898
JH		 5889 hci_req_init(&req, hdev);
5890
70da6243
JH		 5891 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5892 !lmp_host_ssp_capable(hdev)) {
5893 u8 ssp = 1;
5e5282bb 5894
890ea898 5895 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5896 }
5add6af8 5897
c73eee91
JH		 5898 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5899 lmp_bredr_capable(hdev)) {
70da6243 5900 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5901
70da6243
JH		 5902 cp.le = 1;
5903 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 5904
70da6243
JH		 5905 /* Check first if we already have the right
5906 * host state (host features set)
5907 */
5908 if (cp.le != lmp_host_le_capable(hdev) ||
5909 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5910 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5911 sizeof(cp), &cp);
70da6243 5912 }
3d1cbdd6 5913
d13eafce 5914 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5915 /* Make sure the controller has a good default for
5916 * advertising data. This also applies to the case
5917 * where BR/EDR was toggled during the AUTO_OFF phase.
5918 */
f14d8f64 5919 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5920 update_adv_data(&req);
f14d8f64
MH		 5921 update_scan_rsp_data(&req);
5922 }
441ad2d0 5923
bba3aa55
MH		 5924 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5925 enable_advertising(&req);
eeca6f89
JH		 5926 }
5927
70da6243
JH		 5928 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5929 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5930 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5931 sizeof(link_sec), &link_sec);
562fcc24 5932
70da6243 5933 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5934 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5935 set_bredr_scan(&req);
890ea898 5936 update_class(&req);
13928971 5937 update_name(&req);
890ea898 5938 update_eir(&req);
70da6243 5939 }
562fcc24 5940
229ab39c 5941 return hci_req_run(&req, powered_complete);
70da6243 5942}
562fcc24 5943
70da6243
JH		 5944int mgmt_powered(struct hci_dev *hdev, u8 powered)
5945{
5946 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5947 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5948 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5949 int err;
f0ff92fb 5950
70da6243
JH		 5951 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5952 return 0;
5953
70da6243 5954 if (powered) {
229ab39c
JH		 5955 if (powered_update_hci(hdev) == 0)
5956 return 0;
fe038884 5957
229ab39c
JH		 5958 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5959 &match);
5960 goto new_settings;
b24752fe
JH		 5961 }
5962
229ab39c
JH		 5963 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5964 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5965
5966 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5967 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5968 zero_cod, sizeof(zero_cod), NULL);
5969
5970new_settings:
beadb2bd 5971 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5972
5973 if (match.sk)
5974 sock_put(match.sk);
5975
7bb895d6 5976 return err;
5add6af8 5977}
73f22f62 5978
3eec705e 5979void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5980{
5981 struct pending_cmd *cmd;
5982 u8 status;
5983
5984 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5985 if (!cmd)
3eec705e 5986 return;
96570ffc
JH		 5987
5988 if (err == -ERFKILL)
5989 status = MGMT_STATUS_RFKILLED;
5990 else
5991 status = MGMT_STATUS_FAILED;
5992
3eec705e 5993 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5994
5995 mgmt_pending_remove(cmd);
96570ffc
JH		 5996}
5997
d1967ff8
MH		 5998void mgmt_discoverable_timeout(struct hci_dev *hdev)
5999{
6000 struct hci_request req;
d1967ff8
MH		 6001
6002 hci_dev_lock(hdev);
6003
6004 /* When discoverable timeout triggers, then just make sure
6005 * the limited discoverable flag is cleared. Even in the case
6006 * of a timeout triggered from general discoverable, it is
6007 * safe to unconditionally clear the flag.
6008 */
6009 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 6010 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 6011
6012 hci_req_init(&req, hdev);
4b580614
JH		 6013 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6014 u8 scan = SCAN_PAGE;
6015 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6016 sizeof(scan), &scan);
6017 }
d1967ff8 6018 update_class(&req);
9a43e25f 6019 update_adv_data(&req);
d1967ff8
MH		 6020 hci_req_run(&req, NULL);
6021
6022 hdev->discov_timeout = 0;
6023
9a43e25f
JH		 6024 new_settings(hdev, NULL);
6025
d1967ff8
MH		 6026 hci_dev_unlock(hdev);
6027}
6028
86a75645 6029void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 6030{
86a75645 6031 bool changed;
73f22f62 6032
bfaf8c9f
JH		 6033 /* Nothing needed here if there's a pending command since that
6034 * commands request completion callback takes care of everything
6035 * necessary.
6036 */
6037 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 6038 return;
bfaf8c9f 6039
bd107999
JH		 6040 /* Powering off may clear the scan mode - don't let that interfere */
6041 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
6042 return;
6043
9a43e25f 6044 if (discoverable) {
86a75645 6045 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 6046 } else {
6047 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 6048 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 6049 }
6050
6051 if (changed) {
6052 struct hci_request req;
6053
6054 /* In case this change in discoverable was triggered by
6055 * a disabling of connectable there could be a need to
6056 * update the advertising flags.
6057 */
6058 hci_req_init(&req, hdev);
6059 update_adv_data(&req);
6060 hci_req_run(&req, NULL);
73f22f62 6061
86a75645 6062 new_settings(hdev, NULL);
9a43e25f 6063 }
73f22f62 6064}
9fbcbb45 6065
a330916c 6066void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 6067{
a330916c 6068 bool changed;
9fbcbb45 6069
d7b856f9
JH		 6070 /* Nothing needed here if there's a pending command since that
6071 * commands request completion callback takes care of everything
6072 * necessary.
6073 */
6074 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 6075 return;
d7b856f9 6076
ce3f24cf
JH		 6077 /* Powering off may clear the scan mode - don't let that interfere */
6078 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
6079 return;
6080
dee58c1e
JH		 6081 /* If something else than mgmt changed the page scan state we
6082 * can't differentiate this from a change triggered by adding
6083 * the first element to the whitelist. Therefore, avoid
6084 * incorrectly setting HCI_CONNECTABLE.
6085 */
6086 if (connectable && !list_empty(&hdev->whitelist))
6087 return;
6088
a330916c
MH		 6089 if (connectable)
6090 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6091 else
6092 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 6093
beadb2bd 6094 if (changed)
a330916c 6095 new_settings(hdev, NULL);
9fbcbb45 6096}
55ed8ca1 6097
4796e8af 6098void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 6099{
ca69b795
JH		 6100 u8 mgmt_err = mgmt_status(status);
6101
2d7cee58 6102 if (scan & SCAN_PAGE)
744cf19e 6103 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 6104 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 6105
6106 if (scan & SCAN_INQUIRY)
744cf19e 6107 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 6108 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 6109}
6110
dc4a5ee2
MH		 6111void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6112 bool persistent)
55ed8ca1 6113{
86742e1e 6114 struct mgmt_ev_new_link_key ev;
55ed8ca1 6115
a492cd52 6116 memset(&ev, 0, sizeof(ev));
55ed8ca1 6117
a492cd52 6118 ev.store_hint = persistent;
d753fdc4 6119 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6120 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6121 ev.key.type = key->type;
9b3b4460 6122 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6123 ev.key.pin_len = key->pin_len;
55ed8ca1 6124
dc4a5ee2 6125 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6126}
f7520543 6127
d7b25450
JH		 6128static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6129{
6130 if (ltk->authenticated)
6131 return MGMT_LTK_AUTHENTICATED;
6132
6133 return MGMT_LTK_UNAUTHENTICATED;
6134}
6135
53ac6ab6 6136void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6137{
6138 struct mgmt_ev_new_long_term_key ev;
6139
6140 memset(&ev, 0, sizeof(ev));
6141
5192d301
MH		 6142 /* Devices using resolvable or non-resolvable random addresses
6143 * without providing an indentity resolving key don't require
6144 * to store long term keys. Their addresses will change the
6145 * next time around.
6146 *
6147 * Only when a remote device provides an identity address
6148 * make sure the long term key is stored. If the remote
6149 * identity is known, the long term keys are internally
6150 * mapped to the identity address. So allow static random
6151 * and public addresses here.
6152 */
ba74b666
JH		 6153 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6154 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6155 ev.store_hint = 0x00;
6156 else
53ac6ab6 6157 ev.store_hint = persistent;
ba74b666 6158
346af67b 6159 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6160 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6161 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6162 ev.key.enc_size = key->enc_size;
6163 ev.key.ediv = key->ediv;
fe39c7b2 6164 ev.key.rand = key->rand;
346af67b 6165
2ceba539 6166 if (key->type == SMP_LTK)
346af67b
VCG		 6167 ev.key.master = 1;
6168
346af67b
VCG		 6169 memcpy(ev.key.val, key->val, sizeof(key->val));
6170
083368f7 6171 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6172}
6173
95fbac8a
JH		 6174void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6175{
6176 struct mgmt_ev_new_irk ev;
6177
6178 memset(&ev, 0, sizeof(ev));
6179
bab6d1e5
MH		 6180 /* For identity resolving keys from devices that are already
6181 * using a public address or static random address, do not
6182 * ask for storing this key. The identity resolving key really
6183 * is only mandatory for devices using resovlable random
6184 * addresses.
6185 *
6186 * Storing all identity resolving keys has the downside that
6187 * they will be also loaded on next boot of they system. More
6188 * identity resolving keys, means more time during scanning is
6189 * needed to actually resolve these addresses.
6190 */
6191 if (bacmp(&irk->rpa, BDADDR_ANY))
6192 ev.store_hint = 0x01;
6193 else
6194 ev.store_hint = 0x00;
6195
95fbac8a
JH		 6196 bacpy(&ev.rpa, &irk->rpa);
6197 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6198 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6199 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6200
6201 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6202}
6203
53ac6ab6
MH		 6204void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6205 bool persistent)
7ee4ea36
MH		 6206{
6207 struct mgmt_ev_new_csrk ev;
6208
6209 memset(&ev, 0, sizeof(ev));
6210
6211 /* Devices using resolvable or non-resolvable random addresses
6212 * without providing an indentity resolving key don't require
6213 * to store signature resolving keys. Their addresses will change
6214 * the next time around.
6215 *
6216 * Only when a remote device provides an identity address
6217 * make sure the signature resolving key is stored. So allow
6218 * static random and public addresses here.
6219 */
6220 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6221 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6222 ev.store_hint = 0x00;
6223 else
53ac6ab6 6224 ev.store_hint = persistent;
7ee4ea36
MH		 6225
6226 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6227 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6228 ev.key.master = csrk->master;
6229 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6230
6231 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6232}
6233
ffb5a827 6234void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6235 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6236 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6237{
6238 struct mgmt_ev_new_conn_param ev;
6239
c103aea6
JH		 6240 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6241 return;
6242
ffb5a827
AG		 6243 memset(&ev, 0, sizeof(ev));
6244 bacpy(&ev.addr.bdaddr, bdaddr);
6245 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6246 ev.store_hint = store_hint;
ffb5a827
AG		 6247 ev.min_interval = cpu_to_le16(min_interval);
6248 ev.max_interval = cpu_to_le16(max_interval);
6249 ev.latency = cpu_to_le16(latency);
6250 ev.timeout = cpu_to_le16(timeout);
6251
6252 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6253}
6254
94933991
MH		 6255static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6256 u8 data_len)
6257{
6258 eir[eir_len++] = sizeof(type) + data_len;
6259 eir[eir_len++] = type;
6260 memcpy(&eir[eir_len], data, data_len);
6261 eir_len += data_len;
6262
6263 return eir_len;
6264}
6265
ecd90ae7
MH		 6266void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6267 u8 addr_type, u32 flags, u8 *name, u8 name_len,
6268 u8 *dev_class)
f7520543 6269{
b644ba33
JH		 6270 char buf[512];
6271 struct mgmt_ev_device_connected *ev = (void *) buf;
6272 u16 eir_len = 0;
f7520543 6273
b644ba33 6274 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6275 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 6276
c95f0ba7 6277 ev->flags = __cpu_to_le32(flags);
08c79b61 6278
b644ba33
JH		 6279 if (name_len > 0)
6280 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 6281 name, name_len);
b644ba33
JH		 6282
6283 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 6284 eir_len = eir_append_data(ev->eir, eir_len,
04124681 6285 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 6286
eb55ef07 6287 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6288
ecd90ae7
MH		 6289 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6290 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6291}
6292
8962ee74
JH		 6293static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6294{
c68fb7ff 6295 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 6296 struct sock **sk = data;
a38528f1 6297 struct mgmt_rp_disconnect rp;
8962ee74 6298
88c3df13
JH		 6299 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6300 rp.addr.type = cp->addr.type;
8962ee74 6301
aee9b218 6302 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 6303 sizeof(rp));
8962ee74
JH		 6304
6305 *sk = cmd->sk;
6306 sock_hold(*sk);
6307
a664b5bc 6308 mgmt_pending_remove(cmd);
8962ee74
JH		 6309}
6310
124f6e35 6311static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 6312{
b1078ad0 6313 struct hci_dev *hdev = data;
124f6e35
JH		 6314 struct mgmt_cp_unpair_device *cp = cmd->param;
6315 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 6316
6317 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 6318 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6319 rp.addr.type = cp->addr.type;
a8a1d19e 6320
b1078ad0
JH		 6321 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6322
aee9b218 6323 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 6324
6325 mgmt_pending_remove(cmd);
6326}
6327
9b80ec5e 6328void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6329 u8 link_type, u8 addr_type, u8 reason,
6330 bool mgmt_connected)
f7520543 6331{
f0d6a0ea 6332 struct mgmt_ev_device_disconnected ev;
8b064a3a 6333 struct pending_cmd *power_off;
8962ee74 6334 struct sock *sk = NULL;
8962ee74 6335
8b064a3a
JH		 6336 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6337 if (power_off) {
6338 struct mgmt_mode *cp = power_off->param;
6339
6340 /* The connection is still in hci_conn_hash so test for 1
6341 * instead of 0 to know if this is the last one.
6342 */
a3172b7e
JH		 6343 if (!cp->val && hci_conn_count(hdev) == 1) {
6344 cancel_delayed_work(&hdev->power_off);
8b064a3a 6345 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 6346 }
8b064a3a
JH		 6347 }
6348
12d4a3b2
JH		 6349 if (!mgmt_connected)
6350 return;
6351
57eb776f
AG		 6352 if (link_type != ACL_LINK && link_type != LE_LINK)
6353 return;
6354
744cf19e 6355 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6356
f0d6a0ea
MA		 6357 bacpy(&ev.addr.bdaddr, bdaddr);
6358 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6359 ev.reason = reason;
f7520543 6360
9b80ec5e 6361 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6362
6363 if (sk)
d97dcb66 6364 sock_put(sk);
8962ee74 6365
124f6e35 6366 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6367 hdev);
8962ee74
JH		 6368}
6369
7892924c
MH		 6370void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6371 u8 link_type, u8 addr_type, u8 status)
8962ee74 6372{
3655bba8
AG		 6373 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6374 struct mgmt_cp_disconnect *cp;
88c3df13 6375 struct mgmt_rp_disconnect rp;
8962ee74 6376 struct pending_cmd *cmd;
8962ee74 6377
36a75f1b
JD		 6378 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6379 hdev);
6380
2e58ef3e 6381 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6382 if (!cmd)
7892924c 6383 return;
8962ee74 6384
3655bba8
AG		 6385 cp = cmd->param;
6386
6387 if (bacmp(bdaddr, &cp->addr.bdaddr))
6388 return;
6389
6390 if (cp->addr.type != bdaddr_type)
6391 return;
6392
88c3df13 6393 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 6394 rp.addr.type = bdaddr_type;
37d9ef76 6395
7892924c
MH		 6396 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
6397 mgmt_status(status), &rp, sizeof(rp));
8962ee74 6398
a664b5bc 6399 mgmt_pending_remove(cmd);
f7520543 6400}
17d5c04c 6401
445608d0
MH		 6402void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6403 u8 addr_type, u8 status)
17d5c04c
JH		 6404{
6405 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 6406 struct pending_cmd *power_off;
6407
6408 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6409 if (power_off) {
6410 struct mgmt_mode *cp = power_off->param;
6411
6412 /* The connection is still in hci_conn_hash so test for 1
6413 * instead of 0 to know if this is the last one.
6414 */
a3172b7e
JH		 6415 if (!cp->val && hci_conn_count(hdev) == 1) {
6416 cancel_delayed_work(&hdev->power_off);
c9910d0f 6417 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 6418 }
c9910d0f 6419 }
17d5c04c 6420
4c659c39 6421 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6422 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6423 ev.status = mgmt_status(status);
17d5c04c 6424
445608d0 6425 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6426}
980e1a53 6427
ce0e4a0d 6428void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6429{
6430 struct mgmt_ev_pin_code_request ev;
6431
d8457698 6432 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6433 ev.addr.type = BDADDR_BREDR;
a770bb5a 6434 ev.secure = secure;
980e1a53 6435
ce0e4a0d 6436 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6437}
6438
e669cf80
MH		 6439void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6440 u8 status)
980e1a53
JH		 6441{
6442 struct pending_cmd *cmd;
ac56fb13 6443 struct mgmt_rp_pin_code_reply rp;
980e1a53 6444
2e58ef3e 6445 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6446 if (!cmd)
e669cf80 6447 return;
980e1a53 6448
d8457698 6449 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6450 rp.addr.type = BDADDR_BREDR;
ac56fb13 6451
e669cf80
MH		 6452 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6453 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6454
a664b5bc 6455 mgmt_pending_remove(cmd);
980e1a53
JH		 6456}
6457
3eb38528
MH		 6458void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6459 u8 status)
980e1a53
JH		 6460{
6461 struct pending_cmd *cmd;
ac56fb13 6462 struct mgmt_rp_pin_code_reply rp;
980e1a53 6463
2e58ef3e 6464 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6465 if (!cmd)
3eb38528 6466 return;
980e1a53 6467
d8457698 6468 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6469 rp.addr.type = BDADDR_BREDR;
ac56fb13 6470
3eb38528
MH		 6471 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6472 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6473
a664b5bc 6474 mgmt_pending_remove(cmd);
980e1a53 6475}
a5c29683 6476
744cf19e 6477int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6478 u8 link_type, u8 addr_type, u32 value,
04124681 6479 u8 confirm_hint)
a5c29683
JH		 6480{
6481 struct mgmt_ev_user_confirm_request ev;
6482
744cf19e 6483 BT_DBG("%s", hdev->name);
a5c29683 6484
272d90df 6485 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6486 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6487 ev.confirm_hint = confirm_hint;
39adbffe 6488 ev.value = cpu_to_le32(value);
a5c29683 6489
744cf19e 6490 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6491 NULL);
a5c29683
JH		 6492}
6493
272d90df 6494int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6495 u8 link_type, u8 addr_type)
604086b7
BG		 6496{
6497 struct mgmt_ev_user_passkey_request ev;
6498
6499 BT_DBG("%s", hdev->name);
6500
272d90df 6501 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6502 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6503
6504 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6505 NULL);
604086b7
BG		 6506}
6507
0df4c185 6508static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6509 u8 link_type, u8 addr_type, u8 status,
6510 u8 opcode)
a5c29683
JH		 6511{
6512 struct pending_cmd *cmd;
6513 struct mgmt_rp_user_confirm_reply rp;
6514 int err;
6515
2e58ef3e 6516 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6517 if (!cmd)
6518 return -ENOENT;
6519
272d90df 6520 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 6521 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 6522 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 6523 &rp, sizeof(rp));
a5c29683 6524
a664b5bc 6525 mgmt_pending_remove(cmd);
a5c29683
JH		 6526
6527 return err;
6528}
6529
744cf19e 6530int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6531 u8 link_type, u8 addr_type, u8 status)
a5c29683 6532{
272d90df 6533 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6534 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6535}
6536
272d90df 6537int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6538 u8 link_type, u8 addr_type, u8 status)
a5c29683 6539{
272d90df 6540 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6541 status,
6542 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6543}
2a611692 6544
604086b7 6545int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6546 u8 link_type, u8 addr_type, u8 status)
604086b7 6547{
272d90df 6548 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6549 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6550}
6551
272d90df 6552int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6553 u8 link_type, u8 addr_type, u8 status)
604086b7 6554{
272d90df 6555 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6556 status,
6557 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6558}
6559
92a25256
JH		 6560int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6561 u8 link_type, u8 addr_type, u32 passkey,
6562 u8 entered)
6563{
6564 struct mgmt_ev_passkey_notify ev;
6565
6566 BT_DBG("%s", hdev->name);
6567
6568 bacpy(&ev.addr.bdaddr, bdaddr);
6569 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6570 ev.passkey = __cpu_to_le32(passkey);
6571 ev.entered = entered;
6572
6573 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6574}
6575
e546099c
MH		 6576void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6577 u8 addr_type, u8 status)
2a611692
JH		 6578{
6579 struct mgmt_ev_auth_failed ev;
6580
bab73cb6 6581 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6582 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6583 ev.status = mgmt_status(status);
2a611692 6584
e546099c 6585 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 6586}
b312b161 6587
464996ae 6588void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6589{
6590 struct cmd_lookup match = { NULL, hdev };
464996ae 6591 bool changed;
33ef95ed
JH		 6592
6593 if (status) {
6594 u8 mgmt_err = mgmt_status(status);
6595 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6596 cmd_status_rsp, &mgmt_err);
464996ae 6597 return;
33ef95ed
JH		 6598 }
6599
464996ae
MH		 6600 if (test_bit(HCI_AUTH, &hdev->flags))
6601 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6602 &hdev->dev_flags);
6603 else
6604 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6605 &hdev->dev_flags);
47990ea0 6606
33ef95ed 6607 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6608 &match);
33ef95ed 6609
47990ea0 6610 if (changed)
464996ae 6611 new_settings(hdev, match.sk);
33ef95ed
JH		 6612
6613 if (match.sk)
6614 sock_put(match.sk);
33ef95ed
JH		 6615}
6616
890ea898 6617static void clear_eir(struct hci_request *req)
cacaf52f 6618{
890ea898 6619 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6620 struct hci_cp_write_eir cp;
6621
976eb20e 6622 if (!lmp_ext_inq_capable(hdev))
890ea898 6623 return;
cacaf52f 6624
c80da27e
JH		 6625 memset(hdev->eir, 0, sizeof(hdev->eir));
6626
cacaf52f
JH		 6627 memset(&cp, 0, sizeof(cp));
6628
890ea898 6629 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6630}
6631
3e248560 6632void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6633{
6634 struct cmd_lookup match = { NULL, hdev };
890ea898 6635 struct hci_request req;
c0ecddc2 6636 bool changed = false;
ed2c4ee3
JH		 6637
6638 if (status) {
6639 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6640
6641 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6642 &hdev->dev_flags)) {
6643 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6644 new_settings(hdev, NULL);
9ecb3e24 6645 }
c0ecddc2 6646
04124681
GP		 6647 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6648 &mgmt_err);
3e248560 6649 return;
c0ecddc2
JH		 6650 }
6651
6652 if (enable) {
9ecb3e24 6653 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6654 } else {
9ecb3e24
MH		 6655 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6656 if (!changed)
6657 changed = test_and_clear_bit(HCI_HS_ENABLED,
6658 &hdev->dev_flags);
6659 else
6660 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6661 }
6662
6663 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6664
c0ecddc2 6665 if (changed)
3e248560 6666 new_settings(hdev, match.sk);
ed2c4ee3 6667
5fc6ebb1 6668 if (match.sk)
ed2c4ee3
JH		 6669 sock_put(match.sk);
6670
890ea898
JH		 6671 hci_req_init(&req, hdev);
6672
3769972b
JH		 6673 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6674 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6675 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6676 sizeof(enable), &enable);
890ea898 6677 update_eir(&req);
3769972b 6678 } else {
890ea898 6679 clear_eir(&req);
3769972b 6680 }
890ea898
JH		 6681
6682 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6683}
6684
eac83dc6
MH		 6685void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6686{
6687 struct cmd_lookup match = { NULL, hdev };
6688 bool changed = false;
6689
6690 if (status) {
6691 u8 mgmt_err = mgmt_status(status);
6692
0ab04a9c
MH		 6693 if (enable) {
6694 if (test_and_clear_bit(HCI_SC_ENABLED,
6695 &hdev->dev_flags))
6696 new_settings(hdev, NULL);
6697 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6698 }
eac83dc6
MH		 6699
6700 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6701 cmd_status_rsp, &mgmt_err);
6702 return;
6703 }
6704
0ab04a9c 6705 if (enable) {
eac83dc6 6706 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6707 } else {
eac83dc6 6708 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6709 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6710 }
eac83dc6
MH		 6711
6712 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6713 settings_rsp, &match);
6714
6715 if (changed)
6716 new_settings(hdev, match.sk);
6717
6718 if (match.sk)
6719 sock_put(match.sk);
6720}
6721
92da6097 6722static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6723{
6724 struct cmd_lookup *match = data;
6725
90e70454
JH		 6726 if (match->sk == NULL) {
6727 match->sk = cmd->sk;
6728 sock_hold(match->sk);
6729 }
90e70454
JH		 6730}
6731
4e1b0245
MH		 6732void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6733 u8 status)
7f9a903c 6734{
90e70454 6735 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6736
92da6097
JH		 6737 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6738 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6739 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6740
6741 if (!status)
4e1b0245
MH		 6742 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6743 NULL);
90e70454
JH		 6744
6745 if (match.sk)
6746 sock_put(match.sk);
7f9a903c
MH		 6747}
6748
7667da34 6749void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6750{
b312b161 6751 struct mgmt_cp_set_local_name ev;
13928971 6752 struct pending_cmd *cmd;
28cc7bde 6753
13928971 6754 if (status)
7667da34 6755 return;
b312b161
JH		 6756
6757 memset(&ev, 0, sizeof(ev));
6758 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6759 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6760
2e58ef3e 6761 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6762 if (!cmd) {
6763 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6764
13928971
JH		 6765 /* If this is a HCI command related to powering on the
6766 * HCI dev don't send any mgmt signals.
6767 */
6768 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6769 return;
890ea898 6770 }
b312b161 6771
7667da34
MH		 6772 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6773 cmd ? cmd->sk : NULL);
b312b161 6774}
c35938b2 6775
4d2d2796
MH		 6776void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6777 u8 *randomizer192, u8 *hash256,
6778 u8 *randomizer256, u8 status)
c35938b2
SJ		 6779{
6780 struct pending_cmd *cmd;
c35938b2 6781
744cf19e 6782 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6783
2e58ef3e 6784 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6785 if (!cmd)
3edaf092 6786 return;
c35938b2
SJ		 6787
6788 if (status) {
3edaf092
MH		 6789 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6790 mgmt_status(status));
c35938b2 6791 } else {
4d2d2796
MH		 6792 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6793 hash256 && randomizer256) {
6794 struct mgmt_rp_read_local_oob_ext_data rp;
6795
6796 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6797 memcpy(rp.randomizer192, randomizer192,
6798 sizeof(rp.randomizer192));
c35938b2 6799
4d2d2796
MH		 6800 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6801 memcpy(rp.randomizer256, randomizer256,
6802 sizeof(rp.randomizer256));
c35938b2 6803
4d2d2796
MH		 6804 cmd_complete(cmd->sk, hdev->id,
6805 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6806 &rp, sizeof(rp));
6807 } else {
6808 struct mgmt_rp_read_local_oob_data rp;
6809
6810 memcpy(rp.hash, hash192, sizeof(rp.hash));
6811 memcpy(rp.randomizer, randomizer192,
6812 sizeof(rp.randomizer));
6813
6814 cmd_complete(cmd->sk, hdev->id,
6815 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6816 &rp, sizeof(rp));
6817 }
c35938b2
SJ		 6818 }
6819
6820 mgmt_pending_remove(cmd);
c35938b2 6821}
e17acd40 6822
901801b9 6823void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 6824 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6825 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 6826{
e319d2e7
JH		 6827 char buf[512];
6828 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 6829 size_t ev_size;
e17acd40 6830
75ce208c
JH		 6831 /* Don't send events for a non-kernel initiated discovery. With
6832 * LE one exception is if we have pend_le_reports > 0 in which
6833 * case we're doing passive scanning and want these events.
6834 */
6835 if (!hci_discovery_active(hdev)) {
6836 if (link_type == ACL_LINK)
6837 return;
66f8455a 6838 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
75ce208c
JH		 6839 return;
6840 }
12602d0c 6841
5d2e9fad
JH		 6842 /* Make sure that the buffer is big enough. The 5 extra bytes
6843 * are for the potential CoD field.
6844 */
6845 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 6846 return;
7d262f86 6847
1dc06093
JH		 6848 memset(buf, 0, sizeof(buf));
6849
841c5644
JH		 6850 bacpy(&ev->addr.bdaddr, bdaddr);
6851 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 6852 ev->rssi = rssi;
af58925c 6853 ev->flags = cpu_to_le32(flags);
e17acd40 6854
1dc06093 6855 if (eir_len > 0)
e319d2e7 6856 memcpy(ev->eir, eir, eir_len);
e17acd40 6857
1dc06093
JH		 6858 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6859 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 6860 dev_class, 3);
1dc06093 6861
5d2e9fad
JH		 6862 if (scan_rsp_len > 0)
6863 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6864
6865 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6866 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 6867
901801b9 6868 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 6869}
a88a9652 6870
9cf12aee
MH		 6871void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6872 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 6873{
b644ba33
JH		 6874 struct mgmt_ev_device_found *ev;
6875 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6876 u16 eir_len;
a88a9652 6877
b644ba33 6878 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 6879
b644ba33
JH		 6880 memset(buf, 0, sizeof(buf));
6881
6882 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6883 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 6884 ev->rssi = rssi;
6885
6886 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 6887 name_len);
b644ba33 6888
eb55ef07 6889 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 6890
9cf12aee 6891 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 6892}
314b2381 6893
2f1e063b 6894void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 6895{
f963e8e9 6896 struct mgmt_ev_discovering ev;
164a6e78
JH		 6897 struct pending_cmd *cmd;
6898
343fb145
AG		 6899 BT_DBG("%s discovering %u", hdev->name, discovering);
6900
164a6e78 6901 if (discovering)
2e58ef3e 6902 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 6903 else
2e58ef3e 6904 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6905
6906 if (cmd != NULL) {
f808e166
JH		 6907 u8 type = hdev->discovery.type;
6908
04124681
GP		 6909 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6910 sizeof(type));
164a6e78
JH		 6911 mgmt_pending_remove(cmd);
6912 }
6913
f963e8e9
JH		 6914 memset(&ev, 0, sizeof(ev));
6915 ev.type = hdev->discovery.type;
6916 ev.discovering = discovering;
6917
2f1e063b 6918 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6919}
5e762444 6920
5976e608
MH		 6921static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6922{
6923 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 6924}
6925
6926void mgmt_reenable_advertising(struct hci_dev *hdev)
6927{
6928 struct hci_request req;
6929
5976e608
MH		 6930 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6931 return;
6932
6933 hci_req_init(&req, hdev);
6934 enable_advertising(&req);
0ec5ae84 6935 hci_req_run(&req, adv_enable_complete);
5976e608 6936}
Linux kernel - Deliverables
This page took 0.976247 seconds and 5 git commands to generate.