projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
cgroup: fix sock_cgroup_data initialization on earlier compilers
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
0381101f 39
2da9c55c 40#define MGMT_VERSION 1
dc4270c0 41#define MGMT_REVISION 11
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 50 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
4375f103 82 MGMT_OP_SET_ADVERTISING,
0663ca2a 83 MGMT_OP_SET_BREDR,
d13eafce 84 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 85 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 86 MGMT_OP_SET_SECURE_CONN,
4e39ac81 87 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 88 MGMT_OP_SET_PRIVACY,
41edf160 89 MGMT_OP_LOAD_IRKS,
dd983808 90 MGMT_OP_GET_CONN_INFO,
95868426 91 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 94 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 95 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 96 MGMT_OP_READ_CONFIG_INFO,
dbece37a 97 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 98 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 99 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 101 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 102 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 103 MGMT_OP_ADD_ADVERTISING,
da929335 104 MGMT_OP_REMOVE_ADVERTISING,
40b25fe5 105 MGMT_OP_GET_ADV_SIZE_INFO,
e70bb2e8
JH		 106};
107
108static const u16 mgmt_events[] = {
109 MGMT_EV_CONTROLLER_ERROR,
110 MGMT_EV_INDEX_ADDED,
111 MGMT_EV_INDEX_REMOVED,
112 MGMT_EV_NEW_SETTINGS,
113 MGMT_EV_CLASS_OF_DEV_CHANGED,
114 MGMT_EV_LOCAL_NAME_CHANGED,
115 MGMT_EV_NEW_LINK_KEY,
116 MGMT_EV_NEW_LONG_TERM_KEY,
117 MGMT_EV_DEVICE_CONNECTED,
118 MGMT_EV_DEVICE_DISCONNECTED,
119 MGMT_EV_CONNECT_FAILED,
120 MGMT_EV_PIN_CODE_REQUEST,
121 MGMT_EV_USER_CONFIRM_REQUEST,
122 MGMT_EV_USER_PASSKEY_REQUEST,
123 MGMT_EV_AUTH_FAILED,
124 MGMT_EV_DEVICE_FOUND,
125 MGMT_EV_DISCOVERING,
126 MGMT_EV_DEVICE_BLOCKED,
127 MGMT_EV_DEVICE_UNBLOCKED,
128 MGMT_EV_DEVICE_UNPAIRED,
92a25256 129 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 130 MGMT_EV_NEW_IRK,
7ee4ea36 131 MGMT_EV_NEW_CSRK,
8afef092
MH		 132 MGMT_EV_DEVICE_ADDED,
133 MGMT_EV_DEVICE_REMOVED,
ffb5a827 134 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 135 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 136 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 137 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 138 MGMT_EV_EXT_INDEX_ADDED,
139 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 140 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 141 MGMT_EV_ADVERTISING_ADDED,
142 MGMT_EV_ADVERTISING_REMOVED,
e70bb2e8
JH		 143};
144
99c679ac
MH		 145static const u16 mgmt_untrusted_commands[] = {
146 MGMT_OP_READ_INDEX_LIST,
147 MGMT_OP_READ_INFO,
148 MGMT_OP_READ_UNCONF_INDEX_LIST,
149 MGMT_OP_READ_CONFIG_INFO,
150 MGMT_OP_READ_EXT_INDEX_LIST,
151};
152
153static const u16 mgmt_untrusted_events[] = {
154 MGMT_EV_INDEX_ADDED,
155 MGMT_EV_INDEX_REMOVED,
156 MGMT_EV_NEW_SETTINGS,
157 MGMT_EV_CLASS_OF_DEV_CHANGED,
158 MGMT_EV_LOCAL_NAME_CHANGED,
159 MGMT_EV_UNCONF_INDEX_ADDED,
160 MGMT_EV_UNCONF_INDEX_REMOVED,
161 MGMT_EV_NEW_CONFIG_OPTIONS,
162 MGMT_EV_EXT_INDEX_ADDED,
163 MGMT_EV_EXT_INDEX_REMOVED,
164};
165
17b02e62 166#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 167
d25b78e2
JH		 168#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
169 "\x00\x00\x00\x00\x00\x00\x00\x00"
170
ca69b795
JH		 171/* HCI to MGMT error code conversion table */
172static u8 mgmt_status_table[] = {
173 MGMT_STATUS_SUCCESS,
174 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
175 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
176 MGMT_STATUS_FAILED, /* Hardware Failure */
177 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
178 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 179 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 180 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
181 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
182 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
183 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
184 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
185 MGMT_STATUS_BUSY, /* Command Disallowed */
186 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
187 MGMT_STATUS_REJECTED, /* Rejected Security */
188 MGMT_STATUS_REJECTED, /* Rejected Personal */
189 MGMT_STATUS_TIMEOUT, /* Host Timeout */
190 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
191 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
192 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
193 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
194 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
195 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
196 MGMT_STATUS_BUSY, /* Repeated Attempts */
197 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
198 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
199 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
200 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
201 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
202 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
203 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
204 MGMT_STATUS_FAILED, /* Unspecified Error */
205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
206 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
207 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
208 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
209 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
210 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
211 MGMT_STATUS_FAILED, /* Unit Link Key Used */
212 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
213 MGMT_STATUS_TIMEOUT, /* Instant Passed */
214 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
215 MGMT_STATUS_FAILED, /* Transaction Collision */
216 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
217 MGMT_STATUS_REJECTED, /* QoS Rejected */
218 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
219 MGMT_STATUS_REJECTED, /* Insufficient Security */
220 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
221 MGMT_STATUS_BUSY, /* Role Switch Pending */
222 MGMT_STATUS_FAILED, /* Slot Violation */
223 MGMT_STATUS_FAILED, /* Role Switch Failed */
224 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
225 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
226 MGMT_STATUS_BUSY, /* Host Busy Pairing */
227 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
228 MGMT_STATUS_BUSY, /* Controller Busy */
229 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
230 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
231 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
232 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
233 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
234};
235
236static u8 mgmt_status(u8 hci_status)
237{
238 if (hci_status < ARRAY_SIZE(mgmt_status_table))
239 return mgmt_status_table[hci_status];
240
241 return MGMT_STATUS_FAILED;
242}
243
c08b1a1d
MH		 244static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
245 u16 len, int flag)
f9207338 246{
c08b1a1d
MH		 247 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
248 flag, NULL);
f9207338
MH		 249}
250
72000df2
MH		 251static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
252 u16 len, int flag, struct sock *skip_sk)
253{
254 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
255 flag, skip_sk);
256}
257
f6b7712e
MH		 258static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
259 u16 len, struct sock *skip_sk)
260{
261 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
262 HCI_MGMT_GENERIC_EVENTS, skip_sk);
263}
264
7a00ff44
JH		 265static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
266 struct sock *skip_sk)
267{
268 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 269 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 270}
271
85813a7e
JH		 272static u8 le_addr_type(u8 mgmt_addr_type)
273{
274 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
275 return ADDR_LE_DEV_PUBLIC;
276 else
277 return ADDR_LE_DEV_RANDOM;
278}
279
04124681
GP		 280static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
281 u16 data_len)
a38528f1
JH		 282{
283 struct mgmt_rp_read_version rp;
284
285 BT_DBG("sock %p", sk);
286
287 rp.version = MGMT_VERSION;
dcf4adbf 288 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 289
2a1afb5a
JH		 290 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
291 &rp, sizeof(rp));
a38528f1
JH		 292}
293
04124681
GP		 294static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
295 u16 data_len)
e70bb2e8
JH		 296{
297 struct mgmt_rp_read_commands *rp;
99c679ac 298 u16 num_commands, num_events;
e70bb2e8
JH		 299 size_t rp_size;
300 int i, err;
301
302 BT_DBG("sock %p", sk);
303
99c679ac
MH		 304 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
305 num_commands = ARRAY_SIZE(mgmt_commands);
306 num_events = ARRAY_SIZE(mgmt_events);
307 } else {
308 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
309 num_events = ARRAY_SIZE(mgmt_untrusted_events);
310 }
311
e70bb2e8
JH		 312 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
313
314 rp = kmalloc(rp_size, GFP_KERNEL);
315 if (!rp)
316 return -ENOMEM;
317
dcf4adbf
JP		 318 rp->num_commands = cpu_to_le16(num_commands);
319 rp->num_events = cpu_to_le16(num_events);
e70bb2e8 320
99c679ac
MH		 321 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
322 __le16 *opcode = rp->opcodes;
323
324 for (i = 0; i < num_commands; i++, opcode++)
325 put_unaligned_le16(mgmt_commands[i], opcode);
e70bb2e8 326
99c679ac
MH		 327 for (i = 0; i < num_events; i++, opcode++)
328 put_unaligned_le16(mgmt_events[i], opcode);
329 } else {
330 __le16 *opcode = rp->opcodes;
331
332 for (i = 0; i < num_commands; i++, opcode++)
333 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
334
335 for (i = 0; i < num_events; i++, opcode++)
336 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
337 }
e70bb2e8 338
2a1afb5a
JH		 339 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
340 rp, rp_size);
e70bb2e8
JH		 341 kfree(rp);
342
343 return err;
344}
345
04124681
GP		 346static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
347 u16 data_len)
faba42eb 348{
faba42eb 349 struct mgmt_rp_read_index_list *rp;
8035ded4 350 struct hci_dev *d;
a38528f1 351 size_t rp_len;
faba42eb 352 u16 count;
476e44cb 353 int err;
faba42eb
JH		 354
355 BT_DBG("sock %p", sk);
356
357 read_lock(&hci_dev_list_lock);
358
359 count = 0;
bb4b2a9a 360 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 361 if (d->dev_type == HCI_BREDR &&
d7a5a11d 362 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 363 count++;
faba42eb
JH		 364 }
365
a38528f1
JH		 366 rp_len = sizeof(*rp) + (2 * count);
367 rp = kmalloc(rp_len, GFP_ATOMIC);
368 if (!rp) {
b2c60d42 369 read_unlock(&hci_dev_list_lock);
faba42eb 370 return -ENOMEM;
b2c60d42 371 }
faba42eb 372
476e44cb 373 count = 0;
8035ded4 374 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 375 if (hci_dev_test_flag(d, HCI_SETUP) ||
376 hci_dev_test_flag(d, HCI_CONFIG) ||
377 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 378 continue;
379
73d1df2a
MH		 380 /* Devices marked as raw-only are neither configured
381 * nor unconfigured controllers.
382 */
383 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 384 continue;
385
73d1df2a 386 if (d->dev_type == HCI_BREDR &&
d7a5a11d 387 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 388 rp->index[count++] = cpu_to_le16(d->id);
389 BT_DBG("Added hci%u", d->id);
390 }
faba42eb
JH		 391 }
392
476e44cb
JH		 393 rp->num_controllers = cpu_to_le16(count);
394 rp_len = sizeof(*rp) + (2 * count);
395
faba42eb
JH		 396 read_unlock(&hci_dev_list_lock);
397
2a1afb5a
JH		 398 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
399 0, rp, rp_len);
faba42eb 400
a38528f1
JH		 401 kfree(rp);
402
403 return err;
faba42eb
JH		 404}
405
73d1df2a
MH		 406static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
407 void *data, u16 data_len)
408{
409 struct mgmt_rp_read_unconf_index_list *rp;
410 struct hci_dev *d;
411 size_t rp_len;
412 u16 count;
413 int err;
414
415 BT_DBG("sock %p", sk);
416
417 read_lock(&hci_dev_list_lock);
418
419 count = 0;
420 list_for_each_entry(d, &hci_dev_list, list) {
421 if (d->dev_type == HCI_BREDR &&
d7a5a11d 422 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 423 count++;
424 }
425
426 rp_len = sizeof(*rp) + (2 * count);
427 rp = kmalloc(rp_len, GFP_ATOMIC);
428 if (!rp) {
429 read_unlock(&hci_dev_list_lock);
430 return -ENOMEM;
431 }
432
433 count = 0;
434 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 435 if (hci_dev_test_flag(d, HCI_SETUP) ||
436 hci_dev_test_flag(d, HCI_CONFIG) ||
437 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 438 continue;
439
440 /* Devices marked as raw-only are neither configured
441 * nor unconfigured controllers.
442 */
443 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
444 continue;
445
446 if (d->dev_type == HCI_BREDR &&
d7a5a11d 447 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 448 rp->index[count++] = cpu_to_le16(d->id);
449 BT_DBG("Added hci%u", d->id);
450 }
451 }
452
453 rp->num_controllers = cpu_to_le16(count);
454 rp_len = sizeof(*rp) + (2 * count);
455
456 read_unlock(&hci_dev_list_lock);
457
2a1afb5a
JH		 458 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
459 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 460
461 kfree(rp);
462
463 return err;
464}
465
96f1474a
MH		 466static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
467 void *data, u16 data_len)
468{
469 struct mgmt_rp_read_ext_index_list *rp;
470 struct hci_dev *d;
471 size_t rp_len;
472 u16 count;
473 int err;
474
475 BT_DBG("sock %p", sk);
476
477 read_lock(&hci_dev_list_lock);
478
479 count = 0;
480 list_for_each_entry(d, &hci_dev_list, list) {
481 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
482 count++;
483 }
484
485 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
486 rp = kmalloc(rp_len, GFP_ATOMIC);
487 if (!rp) {
488 read_unlock(&hci_dev_list_lock);
489 return -ENOMEM;
490 }
491
492 count = 0;
493 list_for_each_entry(d, &hci_dev_list, list) {
494 if (hci_dev_test_flag(d, HCI_SETUP) ||
495 hci_dev_test_flag(d, HCI_CONFIG) ||
496 hci_dev_test_flag(d, HCI_USER_CHANNEL))
497 continue;
498
499 /* Devices marked as raw-only are neither configured
500 * nor unconfigured controllers.
501 */
502 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
503 continue;
504
505 if (d->dev_type == HCI_BREDR) {
506 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
507 rp->entry[count].type = 0x01;
508 else
509 rp->entry[count].type = 0x00;
510 } else if (d->dev_type == HCI_AMP) {
511 rp->entry[count].type = 0x02;
512 } else {
513 continue;
514 }
515
516 rp->entry[count].bus = d->bus;
517 rp->entry[count++].index = cpu_to_le16(d->id);
518 BT_DBG("Added hci%u", d->id);
519 }
520
521 rp->num_controllers = cpu_to_le16(count);
522 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
523
524 read_unlock(&hci_dev_list_lock);
525
526 /* If this command is called at least once, then all the
527 * default index and unconfigured index events are disabled
528 * and from now on only extended index events are used.
529 */
530 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
531 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
532 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
533
534 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
535 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
536
537 kfree(rp);
538
539 return err;
540}
541
dbece37a
MH		 542static bool is_configured(struct hci_dev *hdev)
543{
544 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 545 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 546 return false;
547
548 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
549 !bacmp(&hdev->public_addr, BDADDR_ANY))
550 return false;
551
552 return true;
553}
554
89bc22d2
MH		 555static __le32 get_missing_options(struct hci_dev *hdev)
556{
557 u32 options = 0;
558
dbece37a 559 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 560 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 561 options |= MGMT_OPTION_EXTERNAL_CONFIG;
562
89bc22d2
MH		 563 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
564 !bacmp(&hdev->public_addr, BDADDR_ANY))
565 options |= MGMT_OPTION_PUBLIC_ADDRESS;
566
567 return cpu_to_le32(options);
568}
569
f4537c04
MH		 570static int new_options(struct hci_dev *hdev, struct sock *skip)
571{
572 __le32 options = get_missing_options(hdev);
573
f6b7712e
MH		 574 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
575 sizeof(options), skip);
f4537c04
MH		 576}
577
dbece37a
MH		 578static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
579{
580 __le32 options = get_missing_options(hdev);
581
2a1afb5a
JH		 582 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
583 sizeof(options));
dbece37a
MH		 584}
585
9fc3bfb6
MH		 586static int read_config_info(struct sock *sk, struct hci_dev *hdev,
587 void *data, u16 data_len)
588{
589 struct mgmt_rp_read_config_info rp;
89bc22d2 590 u32 options = 0;
9fc3bfb6
MH		 591
592 BT_DBG("sock %p %s", sk, hdev->name);
593
594 hci_dev_lock(hdev);
595
596 memset(&rp, 0, sizeof(rp));
597 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 598
eb1904f4
MH		 599 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
600 options |= MGMT_OPTION_EXTERNAL_CONFIG;
601
9fc3bfb6 602 if (hdev->set_bdaddr)
89bc22d2
MH		 603 options |= MGMT_OPTION_PUBLIC_ADDRESS;
604
605 rp.supported_options = cpu_to_le32(options);
606 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 607
608 hci_dev_unlock(hdev);
609
2a1afb5a
JH		 610 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
611 &rp, sizeof(rp));
9fc3bfb6
MH		 612}
613
69ab39ea
JH		 614static u32 get_supported_settings(struct hci_dev *hdev)
615{
616 u32 settings = 0;
617
618 settings |= MGMT_SETTING_POWERED;
b2939475 619 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 620 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 621 settings |= MGMT_SETTING_CONNECTABLE;
622 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 623
ed3fa31f 624 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 625 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
626 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 627 settings |= MGMT_SETTING_BREDR;
628 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 629
630 if (lmp_ssp_capable(hdev)) {
631 settings |= MGMT_SETTING_SSP;
632 settings |= MGMT_SETTING_HS;
633 }
e98d2ce2 634
05b3c3e7 635 if (lmp_sc_capable(hdev))
e98d2ce2 636 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 637 }
d7b7e796 638
eeca6f89 639 if (lmp_le_capable(hdev)) {
9d42820f 640 settings |= MGMT_SETTING_LE;
eeca6f89 641 settings |= MGMT_SETTING_ADVERTISING;
a3209694 642 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 643 settings |= MGMT_SETTING_PRIVACY;
93690c22 644 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 645 }
69ab39ea 646
eb1904f4
MH		 647 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
648 hdev->set_bdaddr)
9fc3bfb6
MH		 649 settings |= MGMT_SETTING_CONFIGURATION;
650
69ab39ea
JH		 651 return settings;
652}
653
654static u32 get_current_settings(struct hci_dev *hdev)
655{
656 u32 settings = 0;
657
f1f0eb02 658 if (hdev_is_powered(hdev))
f0d4b78a
MH		 659 settings |= MGMT_SETTING_POWERED;
660
d7a5a11d 661 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 662 settings |= MGMT_SETTING_CONNECTABLE;
663
d7a5a11d 664 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 665 settings |= MGMT_SETTING_FAST_CONNECTABLE;
666
d7a5a11d 667 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 668 settings |= MGMT_SETTING_DISCOVERABLE;
669
d7a5a11d 670 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 671 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 672
d7a5a11d 673 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 674 settings |= MGMT_SETTING_BREDR;
675
d7a5a11d 676 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 677 settings |= MGMT_SETTING_LE;
678
d7a5a11d 679 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 680 settings |= MGMT_SETTING_LINK_SECURITY;
681
d7a5a11d 682 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 683 settings |= MGMT_SETTING_SSP;
684
d7a5a11d 685 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 686 settings |= MGMT_SETTING_HS;
687
d7a5a11d 688 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 689 settings |= MGMT_SETTING_ADVERTISING;
690
d7a5a11d 691 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 692 settings |= MGMT_SETTING_SECURE_CONN;
693
d7a5a11d 694 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 695 settings |= MGMT_SETTING_DEBUG_KEYS;
696
d7a5a11d 697 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 698 settings |= MGMT_SETTING_PRIVACY;
699
93690c22
MH		 700 /* The current setting for static address has two purposes. The
701 * first is to indicate if the static address will be used and
702 * the second is to indicate if it is actually set.
703 *
704 * This means if the static address is not configured, this flag
08dc0e98 705 * will never be set. If the address is configured, then if the
93690c22
MH		 706 * address is actually used decides if the flag is set or not.
707 *
708 * For single mode LE only controllers and dual-mode controllers
709 * with BR/EDR disabled, the existence of the static address will
710 * be evaluated.
711 */
b7cb93e5 712 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 713 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 714 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
715 if (bacmp(&hdev->static_addr, BDADDR_ANY))
716 settings |= MGMT_SETTING_STATIC_ADDRESS;
717 }
718
69ab39ea
JH		 719 return settings;
720}
721
ef580372
JH		 722#define PNP_INFO_SVCLASS_ID 0x1200
723
213202ed
JH		 724static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
725{
726 u8 *ptr = data, *uuids_start = NULL;
727 struct bt_uuid *uuid;
728
729 if (len < 4)
730 return ptr;
731
732 list_for_each_entry(uuid, &hdev->uuids, list) {
733 u16 uuid16;
734
735 if (uuid->size != 16)
736 continue;
737
738 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
739 if (uuid16 < 0x1100)
740 continue;
741
742 if (uuid16 == PNP_INFO_SVCLASS_ID)
743 continue;
744
745 if (!uuids_start) {
746 uuids_start = ptr;
747 uuids_start[0] = 1;
748 uuids_start[1] = EIR_UUID16_ALL;
749 ptr += 2;
750 }
751
752 /* Stop if not enough space to put next UUID */
753 if ((ptr - data) + sizeof(u16) > len) {
754 uuids_start[1] = EIR_UUID16_SOME;
755 break;
756 }
757
758 *ptr++ = (uuid16 & 0x00ff);
759 *ptr++ = (uuid16 & 0xff00) >> 8;
760 uuids_start[0] += sizeof(uuid16);
761 }
762
763 return ptr;
764}
765
cdf1963f
JH		 766static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
767{
768 u8 *ptr = data, *uuids_start = NULL;
769 struct bt_uuid *uuid;
770
771 if (len < 6)
772 return ptr;
773
774 list_for_each_entry(uuid, &hdev->uuids, list) {
775 if (uuid->size != 32)
776 continue;
777
778 if (!uuids_start) {
779 uuids_start = ptr;
780 uuids_start[0] = 1;
781 uuids_start[1] = EIR_UUID32_ALL;
782 ptr += 2;
783 }
784
785 /* Stop if not enough space to put next UUID */
786 if ((ptr - data) + sizeof(u32) > len) {
787 uuids_start[1] = EIR_UUID32_SOME;
788 break;
789 }
790
791 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
792 ptr += sizeof(u32);
793 uuids_start[0] += sizeof(u32);
794 }
795
796 return ptr;
797}
798
c00d575b
JH		 799static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
800{
801 u8 *ptr = data, *uuids_start = NULL;
802 struct bt_uuid *uuid;
803
804 if (len < 18)
805 return ptr;
806
807 list_for_each_entry(uuid, &hdev->uuids, list) {
808 if (uuid->size != 128)
809 continue;
810
811 if (!uuids_start) {
812 uuids_start = ptr;
813 uuids_start[0] = 1;
814 uuids_start[1] = EIR_UUID128_ALL;
815 ptr += 2;
816 }
817
818 /* Stop if not enough space to put next UUID */
819 if ((ptr - data) + 16 > len) {
820 uuids_start[1] = EIR_UUID128_SOME;
821 break;
822 }
823
824 memcpy(ptr, uuid->uuid, 16);
825 ptr += 16;
826 uuids_start[0] += 16;
827 }
828
829 return ptr;
830}
831
333ae95d
JH		 832static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
833{
834 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
835}
836
333ae95d
JH		 837static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
838 struct hci_dev *hdev,
839 const void *data)
840{
841 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
842}
843
91aa9bb2
FG		 844static u8 get_current_adv_instance(struct hci_dev *hdev)
845{
846 /* The "Set Advertising" setting supersedes the "Add Advertising"
847 * setting. Here we set the advertising data based on which
848 * setting was set. When neither apply, default to the global settings,
849 * represented by instance "0".
850 */
851 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
852 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
3ff37e6b 853 return hdev->cur_adv_instance;
91aa9bb2
FG		 854
855 return 0x00;
856}
857
4117ed70 858static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
f14d8f64 859{
7a5f4990
MH		 860 u8 ad_len = 0;
861 size_t name_len;
862
863 name_len = strlen(hdev->dev_name);
864 if (name_len > 0) {
865 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
866
867 if (name_len > max_len) {
868 name_len = max_len;
869 ptr[1] = EIR_NAME_SHORT;
870 } else
871 ptr[1] = EIR_NAME_COMPLETE;
872
873 ptr[0] = name_len + 1;
874
875 memcpy(ptr + 2, hdev->dev_name, name_len);
876
877 ad_len += (name_len + 2);
878 ptr += (name_len + 2);
879 }
880
881 return ad_len;
f14d8f64
MH		 882}
883
ca21fbe9
FG		 884static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 instance,
885 u8 *ptr)
4117ed70 886{
ca21fbe9
FG		 887 struct adv_info *adv_instance;
888
889 adv_instance = hci_find_adv_instance(hdev, instance);
890 if (!adv_instance)
891 return 0;
892
4117ed70
AU		 893 /* TODO: Set the appropriate entries based on advertising instance flags
894 * here once flags other than 0 are supported.
895 */
ca21fbe9
FG		 896 memcpy(ptr, adv_instance->scan_rsp_data,
897 adv_instance->scan_rsp_len);
4117ed70 898
ca21fbe9 899 return adv_instance->scan_rsp_len;
4117ed70
AU		 900}
901
efae002c 902static void update_inst_scan_rsp_data(struct hci_request *req, u8 instance)
f14d8f64
MH		 903{
904 struct hci_dev *hdev = req->hdev;
905 struct hci_cp_le_set_scan_rsp_data cp;
906 u8 len;
907
d7a5a11d 908 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
f14d8f64
MH		 909 return;
910
911 memset(&cp, 0, sizeof(cp));
912
4117ed70 913 if (instance)
ca21fbe9 914 len = create_instance_scan_rsp_data(hdev, instance, cp.data);
4117ed70
AU		 915 else
916 len = create_default_scan_rsp_data(hdev, cp.data);
f14d8f64 917
eb438b5f 918 if (hdev->scan_rsp_data_len == len &&
4117ed70 919 !memcmp(cp.data, hdev->scan_rsp_data, len))
f14d8f64
MH		 920 return;
921
eb438b5f
JH		 922 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
923 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 924
925 cp.length = len;
926
927 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
928}
929
4117ed70
AU		 930static void update_scan_rsp_data(struct hci_request *req)
931{
efae002c 932 update_inst_scan_rsp_data(req, get_current_adv_instance(req->hdev));
4117ed70
AU		 933}
934
9a43e25f
JH		 935static u8 get_adv_discov_flags(struct hci_dev *hdev)
936{
3b0602cd 937 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 938
939 /* If there's a pending mgmt command the flags will not yet have
940 * their final values, so check for this first.
941 */
333ae95d 942 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 943 if (cmd) {
944 struct mgmt_mode *cp = cmd->param;
945 if (cp->val == 0x01)
946 return LE_AD_GENERAL;
947 else if (cp->val == 0x02)
948 return LE_AD_LIMITED;
949 } else {
d7a5a11d 950 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 951 return LE_AD_LIMITED;
d7a5a11d 952 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 953 return LE_AD_GENERAL;
954 }
955
956 return 0;
957}
958
fdf51784
AU		 959static bool get_connectable(struct hci_dev *hdev)
960{
961 struct mgmt_pending_cmd *cmd;
441ad2d0 962
fdf51784
AU		 963 /* If there's a pending mgmt command the flag will not yet have
964 * it's final value, so check for this first.
965 */
966 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
967 if (cmd) {
968 struct mgmt_mode *cp = cmd->param;
441ad2d0 969
fdf51784 970 return cp->val;
441ad2d0
MH		 971 }
972
fdf51784
AU		 973 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
974}
441ad2d0 975
fdf51784
AU		 976static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
977{
978 u32 flags;
411b4121 979 struct adv_info *adv_instance;
441ad2d0 980
bea28e65
FG		 981 if (instance == 0x00) {
982 /* Instance 0 always manages the "Tx Power" and "Flags"
983 * fields
984 */
985 flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS;
411b4121 986
bea28e65
FG		 987 /* For instance 0, the HCI_ADVERTISING_CONNECTABLE setting
988 * corresponds to the "connectable" instance flag.
989 */
990 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
991 flags |= MGMT_ADV_FLAG_CONNECTABLE;
fdf51784 992
bea28e65 993 return flags;
411b4121 994 }
fdf51784 995
bea28e65 996 adv_instance = hci_find_adv_instance(hdev, instance);
fdf51784 997
bea28e65
FG		 998 /* Return 0 when we got an invalid instance identifier. */
999 if (!adv_instance)
1000 return 0;
fdf51784 1001
bea28e65 1002 return adv_instance->flags;
441ad2d0
MH		 1003}
1004
7b683b74 1005static u8 get_cur_adv_instance_scan_rsp_len(struct hci_dev *hdev)
c7d4883b 1006{
7b683b74
FG		 1007 u8 instance = get_current_adv_instance(hdev);
1008 struct adv_info *adv_instance;
1009
1010 /* Ignore instance 0 */
1011 if (instance == 0x00)
1012 return 0;
1013
1014 adv_instance = hci_find_adv_instance(hdev, instance);
1015 if (!adv_instance)
c7d4883b
AU		 1016 return 0;
1017
1018 /* TODO: Take into account the "appearance" and "local-name" flags here.
1019 * These are currently being ignored as they are not supported.
1020 */
7b683b74 1021 return adv_instance->scan_rsp_len;
c7d4883b
AU		 1022}
1023
fdf51784 1024static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
24b4f38f 1025{
f63ba24b 1026 struct adv_info *adv_instance = NULL;
b44133ff 1027 u8 ad_len = 0, flags = 0;
f63ba24b
FG		 1028 u32 instance_flags;
1029
1030 /* Return 0 when the current instance identifier is invalid. */
1031 if (instance) {
1032 adv_instance = hci_find_adv_instance(hdev, instance);
1033 if (!adv_instance)
1034 return 0;
1035 }
1036
1037 instance_flags = get_adv_instance_flags(hdev, instance);
b44133ff 1038
807ec772
AU		 1039 /* The Add Advertising command allows userspace to set both the general
1040 * and limited discoverable flags.
1041 */
fdf51784 1042 if (instance_flags & MGMT_ADV_FLAG_DISCOV)
b44133ff
AU		 1043 flags |= LE_AD_GENERAL;
1044
fdf51784 1045 if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV)
807ec772
AU		 1046 flags |= LE_AD_LIMITED;
1047
fdf51784 1048 if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) {
67e0c0cd
AU		 1049 /* If a discovery flag wasn't provided, simply use the global
1050 * settings.
1051 */
1052 if (!flags)
1053 flags |= get_adv_discov_flags(hdev);
1054
b44133ff
AU		 1055 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1056 flags |= LE_AD_NO_BREDR;
1057
fdf51784
AU		 1058 /* If flags would still be empty, then there is no need to
1059 * include the "Flags" AD field".
1060 */
1061 if (flags) {
1062 ptr[0] = 0x02;
1063 ptr[1] = EIR_FLAGS;
1064 ptr[2] = flags;
b44133ff 1065
fdf51784
AU		 1066 ad_len += 3;
1067 ptr += 3;
1068 }
b44133ff
AU		 1069 }
1070
f63ba24b
FG		 1071 if (adv_instance) {
1072 memcpy(ptr, adv_instance->adv_data,
1073 adv_instance->adv_data_len);
1074 ad_len += adv_instance->adv_data_len;
1075 ptr += adv_instance->adv_data_len;
38c8af60
MH		 1076 }
1077
fdf51784 1078 /* Provide Tx Power only if we can provide a valid value for it */
5507e358 1079 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID &&
fdf51784 1080 (instance_flags & MGMT_ADV_FLAG_TX_POWER)) {
5507e358
AU		 1081 ptr[0] = 0x02;
1082 ptr[1] = EIR_TX_POWER;
1083 ptr[2] = (u8)hdev->adv_tx_power;
1084
1085 ad_len += 3;
1086 ptr += 3;
1087 }
1088
b44133ff 1089 return ad_len;
24b4f38f
AU		 1090}
1091
efae002c 1092static void update_inst_adv_data(struct hci_request *req, u8 instance)
441ad2d0
MH		 1093{
1094 struct hci_dev *hdev = req->hdev;
1095 struct hci_cp_le_set_adv_data cp;
1096 u8 len;
1097
d7a5a11d 1098 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
441ad2d0
MH		 1099 return;
1100
1101 memset(&cp, 0, sizeof(cp));
1102
fdf51784 1103 len = create_instance_adv_data(hdev, instance, cp.data);
441ad2d0 1104
24b4f38f 1105 /* There's nothing to do if the data hasn't changed */
441ad2d0
MH		 1106 if (hdev->adv_data_len == len &&
1107 memcmp(cp.data, hdev->adv_data, len) == 0)
1108 return;
1109
1110 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1111 hdev->adv_data_len = len;
1112
1113 cp.length = len;
1114
1115 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1116}
1117
e7a685d3
AU		 1118static void update_adv_data(struct hci_request *req)
1119{
efae002c 1120 update_inst_adv_data(req, get_current_adv_instance(req->hdev));
24b4f38f
AU		 1121}
1122
bc6d2d04
JH		 1123int mgmt_update_adv_data(struct hci_dev *hdev)
1124{
1125 struct hci_request req;
1126
1127 hci_req_init(&req, hdev);
1128 update_adv_data(&req);
1129
1130 return hci_req_run(&req, NULL);
1131}
1132
ef580372
JH		 1133static void create_eir(struct hci_dev *hdev, u8 *data)
1134{
1135 u8 *ptr = data;
ef580372
JH		 1136 size_t name_len;
1137
1138 name_len = strlen(hdev->dev_name);
1139
1140 if (name_len > 0) {
1141 /* EIR Data type */
1142 if (name_len > 48) {
1143 name_len = 48;
1144 ptr[1] = EIR_NAME_SHORT;
1145 } else
1146 ptr[1] = EIR_NAME_COMPLETE;
1147
1148 /* EIR Data length */
1149 ptr[0] = name_len + 1;
1150
1151 memcpy(ptr + 2, hdev->dev_name, name_len);
1152
ef580372
JH		 1153 ptr += (name_len + 2);
1154 }
1155
bbaf444a 1156 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 1157 ptr[0] = 2;
1158 ptr[1] = EIR_TX_POWER;
1159 ptr[2] = (u8) hdev->inq_tx_power;
1160
91c4e9b1
MH		 1161 ptr += 3;
1162 }
1163
2b9be137
MH		 1164 if (hdev->devid_source > 0) {
1165 ptr[0] = 9;
1166 ptr[1] = EIR_DEVICE_ID;
1167
1168 put_unaligned_le16(hdev->devid_source, ptr + 2);
1169 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1170 put_unaligned_le16(hdev->devid_product, ptr + 6);
1171 put_unaligned_le16(hdev->devid_version, ptr + 8);
1172
2b9be137
MH		 1173 ptr += 10;
1174 }
1175
213202ed 1176 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 1177 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 1178 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 1179}
1180
890ea898 1181static void update_eir(struct hci_request *req)
ef580372 1182{
890ea898 1183 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1184 struct hci_cp_write_eir cp;
1185
504c8dcd 1186 if (!hdev_is_powered(hdev))
890ea898 1187 return;
7770c4aa 1188
976eb20e 1189 if (!lmp_ext_inq_capable(hdev))
890ea898 1190 return;
ef580372 1191
d7a5a11d 1192 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
890ea898 1193 return;
ef580372 1194
d7a5a11d 1195 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1196 return;
ef580372
JH		 1197
1198 memset(&cp, 0, sizeof(cp));
1199
1200 create_eir(hdev, cp.data);
1201
1202 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 1203 return;
ef580372
JH		 1204
1205 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1206
890ea898 1207 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 1208}
1209
1210static u8 get_service_classes(struct hci_dev *hdev)
1211{
1212 struct bt_uuid *uuid;
1213 u8 val = 0;
1214
1215 list_for_each_entry(uuid, &hdev->uuids, list)
1216 val |= uuid->svc_hint;
1217
1218 return val;
1219}
1220
890ea898 1221static void update_class(struct hci_request *req)
ef580372 1222{
890ea898 1223 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1224 u8 cod[3];
1225
1226 BT_DBG("%s", hdev->name);
1227
504c8dcd 1228 if (!hdev_is_powered(hdev))
890ea898 1229 return;
7770c4aa 1230
d7a5a11d 1231 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
f87ea1da
JH		 1232 return;
1233
d7a5a11d 1234 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1235 return;
ef580372
JH		 1236
1237 cod[0] = hdev->minor_class;
1238 cod[1] = hdev->major_class;
1239 cod[2] = get_service_classes(hdev);
1240
d7a5a11d 1241 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
6acd7db4
MH		 1242 cod[1] |= 0x20;
1243
ef580372 1244 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1245 return;
ef580372 1246
890ea898 1247 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1248}
1249
0ec5ae84
JH		 1250static void disable_advertising(struct hci_request *req)
1251{
1252 u8 enable = 0x00;
1253
1254 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1255}
1256
199a2fb1
JH		 1257static void enable_advertising(struct hci_request *req)
1258{
1259 struct hci_dev *hdev = req->hdev;
1260 struct hci_cp_le_set_adv_param cp;
8f2a0601 1261 u8 own_addr_type, enable = 0x01;
a4858cb9 1262 bool connectable;
e7a685d3
AU		 1263 u8 instance;
1264 u32 flags;
199a2fb1 1265
0ec5ae84
JH		 1266 if (hci_conn_num(hdev, LE_LINK) > 0)
1267 return;
1268
d7a5a11d 1269 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
0ec5ae84
JH		 1270 disable_advertising(req);
1271
5ce194c4 1272 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1273 * hci_update_random_address knows that it's safe to go ahead
1274 * and write a new random address. The flag will be set back on
1275 * as soon as the SET_ADV_ENABLE HCI command completes.
1276 */
a358dc11 1277 hci_dev_clear_flag(hdev, HCI_LE_ADV);
8d97250e 1278
e7a685d3
AU		 1279 instance = get_current_adv_instance(hdev);
1280 flags = get_adv_instance_flags(hdev, instance);
faccb950
AU		 1281
1282 /* If the "connectable" instance flag was not set, then choose between
1283 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
1284 */
1285 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
1286 get_connectable(hdev);
8f2a0601 1287
a4858cb9
JH		 1288 /* Set require_privacy to true only when non-connectable
1289 * advertising is used. In that case it is fine to use a
1290 * non-resolvable private address.
1291 */
1292 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1293 return;
1294
41c90c18 1295 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1296 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1297 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
c7d4883b
AU		 1298
1299 if (connectable)
1300 cp.type = LE_ADV_IND;
7b683b74 1301 else if (get_cur_adv_instance_scan_rsp_len(hdev))
c7d4883b
AU		 1302 cp.type = LE_ADV_SCAN_IND;
1303 else
1304 cp.type = LE_ADV_NONCONN_IND;
1305
8f2a0601 1306 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1307 cp.channel_map = hdev->le_adv_channel_map;
1308
1309 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1310
1311 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1312}
1313
7d78525d
JH		 1314static void service_cache_off(struct work_struct *work)
1315{
1316 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1317 service_cache.work);
890ea898 1318 struct hci_request req;
7d78525d 1319
a69d8927 1320 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 1321 return;
1322
890ea898
JH		 1323 hci_req_init(&req, hdev);
1324
7d78525d
JH		 1325 hci_dev_lock(hdev);
1326
890ea898
JH		 1327 update_eir(&req);
1328 update_class(&req);
7d78525d
JH		 1329
1330 hci_dev_unlock(hdev);
890ea898
JH		 1331
1332 hci_req_run(&req, NULL);
7d78525d
JH		 1333}
1334
d6bfd59c
JH		 1335static void rpa_expired(struct work_struct *work)
1336{
1337 struct hci_dev *hdev = container_of(work, struct hci_dev,
1338 rpa_expired.work);
1339 struct hci_request req;
1340
1341 BT_DBG("");
1342
a1536da2 1343 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 1344
d7a5a11d 1345 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 1346 return;
1347
1348 /* The generation of a new RPA and programming it into the
1349 * controller happens in the enable_advertising() function.
1350 */
d6bfd59c 1351 hci_req_init(&req, hdev);
d6bfd59c 1352 enable_advertising(&req);
d6bfd59c
JH		 1353 hci_req_run(&req, NULL);
1354}
1355
6a919082 1356static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1357{
238be788 1358 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 1359 return;
1360
4f87da80 1361 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1362 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1363
4f87da80
JH		 1364 /* Non-mgmt controlled devices get this bit set
1365 * implicitly so that pairing works for them, however
1366 * for mgmt we require user-space to explicitly enable
1367 * it
1368 */
a358dc11 1369 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 1370}
1371
0f4e68cf 1372static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1373 void *data, u16 data_len)
0381101f 1374{
a38528f1 1375 struct mgmt_rp_read_info rp;
f7b64e69 1376
bdb6d971 1377 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1378
09fd0de5 1379 hci_dev_lock(hdev);
f7b64e69 1380
dc4fe30b
JH		 1381 memset(&rp, 0, sizeof(rp));
1382
69ab39ea 1383 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1384
69ab39ea 1385 rp.version = hdev->hci_ver;
eb55ef07 1386 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1387
1388 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1389 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1390
a38528f1 1391 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1392
dc4fe30b 1393 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1394 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1395
09fd0de5 1396 hci_dev_unlock(hdev);
0381101f 1397
2a1afb5a
JH		 1398 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1399 sizeof(rp));
0381101f
JH		 1400}
1401
69ab39ea 1402static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1403{
69ab39ea 1404 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1405
2a1afb5a
JH		 1406 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1407 sizeof(settings));
8680570b
JH		 1408}
1409
1904a853 1410static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1411{
1412 BT_DBG("%s status 0x%02x", hdev->name, status);
1413
a3172b7e
JH		 1414 if (hci_conn_count(hdev) == 0) {
1415 cancel_delayed_work(&hdev->power_off);
8b064a3a 1416 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1417 }
8b064a3a
JH		 1418}
1419
912098a6
AU		 1420static void advertising_added(struct sock *sk, struct hci_dev *hdev,
1421 u8 instance)
1422{
1423 struct mgmt_ev_advertising_added ev;
1424
1425 ev.instance = instance;
1426
1427 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1428}
1429
1430static void advertising_removed(struct sock *sk, struct hci_dev *hdev,
1431 u8 instance)
1432{
1433 struct mgmt_ev_advertising_removed ev;
1434
1435 ev.instance = instance;
1436
1437 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1438}
1439
7816b820
FG		 1440static int schedule_adv_instance(struct hci_request *req, u8 instance,
1441 bool force) {
1442 struct hci_dev *hdev = req->hdev;
1443 struct adv_info *adv_instance = NULL;
1444 u16 timeout;
1445
1446 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
1447 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
1448 return -EPERM;
1449
1450 if (hdev->adv_instance_timeout)
1451 return -EBUSY;
1452
1453 adv_instance = hci_find_adv_instance(hdev, instance);
1454 if (!adv_instance)
1455 return -ENOENT;
1456
1457 /* A zero timeout means unlimited advertising. As long as there is
1458 * only one instance, duration should be ignored. We still set a timeout
1459 * in case further instances are being added later on.
1460 *
1461 * If the remaining lifetime of the instance is more than the duration
1462 * then the timeout corresponds to the duration, otherwise it will be
1463 * reduced to the remaining instance lifetime.
1464 */
1465 if (adv_instance->timeout == 0 ||
1466 adv_instance->duration <= adv_instance->remaining_time)
1467 timeout = adv_instance->duration;
1468 else
1469 timeout = adv_instance->remaining_time;
1470
1471 /* The remaining time is being reduced unless the instance is being
1472 * advertised without time limit.
1473 */
1474 if (adv_instance->timeout)
1475 adv_instance->remaining_time =
1476 adv_instance->remaining_time - timeout;
1477
1478 hdev->adv_instance_timeout = timeout;
1479 queue_delayed_work(hdev->workqueue,
1480 &hdev->adv_instance_expire,
1481 msecs_to_jiffies(timeout * 1000));
1482
1483 /* If we're just re-scheduling the same instance again then do not
1484 * execute any HCI commands. This happens when a single instance is
1485 * being advertised.
1486 */
1487 if (!force && hdev->cur_adv_instance == instance &&
1488 hci_dev_test_flag(hdev, HCI_LE_ADV))
1489 return 0;
1490
1491 hdev->cur_adv_instance = instance;
1492 update_adv_data(req);
1493 update_scan_rsp_data(req);
1494 enable_advertising(req);
1495
1496 return 0;
1497}
1498
1499static void cancel_adv_timeout(struct hci_dev *hdev)
1500{
1501 if (hdev->adv_instance_timeout) {
1502 hdev->adv_instance_timeout = 0;
1503 cancel_delayed_work(&hdev->adv_instance_expire);
1504 }
1505}
1506
847818d9
FG		 1507/* For a single instance:
1508 * - force == true: The instance will be removed even when its remaining
1509 * lifetime is not zero.
1510 * - force == false: the instance will be deactivated but kept stored unless
1511 * the remaining lifetime is zero.
1512 *
1513 * For instance == 0x00:
1514 * - force == true: All instances will be removed regardless of their timeout
1515 * setting.
1516 * - force == false: Only instances that have a timeout will be removed.
1517 */
1518static void clear_adv_instance(struct hci_dev *hdev, struct hci_request *req,
1519 u8 instance, bool force)
912098a6 1520{
847818d9
FG		 1521 struct adv_info *adv_instance, *n, *next_instance = NULL;
1522 int err;
1523 u8 rem_inst;
912098a6 1524
847818d9
FG		 1525 /* Cancel any timeout concerning the removed instance(s). */
1526 if (!instance || hdev->cur_adv_instance == instance)
1527 cancel_adv_timeout(hdev);
912098a6 1528
847818d9
FG		 1529 /* Get the next instance to advertise BEFORE we remove
1530 * the current one. This can be the same instance again
1531 * if there is only one instance.
1532 */
1533 if (instance && hdev->cur_adv_instance == instance)
1534 next_instance = hci_get_next_instance(hdev, instance);
912098a6 1535
847818d9
FG		 1536 if (instance == 0x00) {
1537 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances,
1538 list) {
1539 if (!(force || adv_instance->timeout))
1540 continue;
912098a6 1541
847818d9
FG		 1542 rem_inst = adv_instance->instance;
1543 err = hci_remove_adv_instance(hdev, rem_inst);
1544 if (!err)
1545 advertising_removed(NULL, hdev, rem_inst);
1546 }
1547 hdev->cur_adv_instance = 0x00;
1548 } else {
1549 adv_instance = hci_find_adv_instance(hdev, instance);
1550
1551 if (force || (adv_instance && adv_instance->timeout &&
1552 !adv_instance->remaining_time)) {
1553 /* Don't advertise a removed instance. */
1554 if (next_instance &&
1555 next_instance->instance == instance)
1556 next_instance = NULL;
1557
1558 err = hci_remove_adv_instance(hdev, instance);
1559 if (!err)
1560 advertising_removed(NULL, hdev, instance);
1561 }
1562 }
1563
1564 if (list_empty(&hdev->adv_instances)) {
1565 hdev->cur_adv_instance = 0x00;
1566 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
1567 }
1568
1569 if (!req || !hdev_is_powered(hdev) ||
912098a6
AU		 1570 hci_dev_test_flag(hdev, HCI_ADVERTISING))
1571 return;
1572
847818d9
FG		 1573 if (next_instance)
1574 schedule_adv_instance(req, next_instance->instance, false);
912098a6
AU		 1575}
1576
8b064a3a
JH		 1577static int clean_up_hci_state(struct hci_dev *hdev)
1578{
1579 struct hci_request req;
1580 struct hci_conn *conn;
23a48093
JH		 1581 bool discov_stopped;
1582 int err;
8b064a3a
JH		 1583
1584 hci_req_init(&req, hdev);
1585
1586 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1587 test_bit(HCI_PSCAN, &hdev->flags)) {
1588 u8 scan = 0x00;
1589 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1590 }
1591
847818d9 1592 clear_adv_instance(hdev, NULL, 0x00, false);
912098a6 1593
d7a5a11d 1594 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
8b064a3a
JH		 1595 disable_advertising(&req);
1596
2154d3f4 1597 discov_stopped = hci_req_stop_discovery(&req);
8b064a3a
JH		 1598
1599 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
89e0ccc8
JH		 1600 /* 0x15 == Terminated due to Power Off */
1601 __hci_abort_conn(&req, conn, 0x15);
8b064a3a
JH		 1602 }
1603
23a48093
JH		 1604 err = hci_req_run(&req, clean_up_hci_complete);
1605 if (!err && discov_stopped)
1606 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1607
1608 return err;
8b064a3a
JH		 1609}
1610
bdb6d971 1611static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1612 u16 len)
eec8d2bc 1613{
650f726d 1614 struct mgmt_mode *cp = data;
3b0602cd 1615 struct mgmt_pending_cmd *cmd;
4b34ee78 1616 int err;
eec8d2bc 1617
bdb6d971 1618 BT_DBG("request for %s", hdev->name);
eec8d2bc 1619
a7e80f25 1620 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1621 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1622 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1623
09fd0de5 1624 hci_dev_lock(hdev);
eec8d2bc 1625
333ae95d 1626 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1627 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1628 MGMT_STATUS_BUSY);
87b95ba6
JH		 1629 goto failed;
1630 }
1631
a69d8927 1632 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
f0d4b78a
MH		 1633 cancel_delayed_work(&hdev->power_off);
1634
1635 if (cp->val) {
a1d70450
JH		 1636 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1637 data, len);
1638 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1639 goto failed;
1640 }
1641 }
1642
4b34ee78 1643 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1644 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1645 goto failed;
1646 }
1647
2e58ef3e 1648 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1649 if (!cmd) {
1650 err = -ENOMEM;
eec8d2bc 1651 goto failed;
366a0336 1652 }
eec8d2bc 1653
8b064a3a 1654 if (cp->val) {
19202573 1655 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1656 err = 0;
1657 } else {
1658 /* Disconnect connections, stop scans, etc */
1659 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1660 if (!err)
1661 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1662 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1663
8b064a3a
JH		 1664 /* ENODATA means there were no HCI commands queued */
1665 if (err == -ENODATA) {
a3172b7e 1666 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1667 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1668 err = 0;
1669 }
1670 }
eec8d2bc
JH		 1671
1672failed:
09fd0de5 1673 hci_dev_unlock(hdev);
366a0336 1674 return err;
eec8d2bc
JH		 1675}
1676
beadb2bd
JH		 1677static int new_settings(struct hci_dev *hdev, struct sock *skip)
1678{
f6b7712e 1679 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1680
f6b7712e
MH		 1681 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1682 sizeof(ev), skip);
beadb2bd
JH		 1683}
1684
91a668b0
JH		 1685int mgmt_new_settings(struct hci_dev *hdev)
1686{
1687 return new_settings(hdev, NULL);
1688}
1689
bd99abdd
JH		 1690struct cmd_lookup {
1691 struct sock *sk;
1692 struct hci_dev *hdev;
1693 u8 mgmt_status;
1694};
1695
3b0602cd 1696static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1697{
1698 struct cmd_lookup *match = data;
1699
1700 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1701
1702 list_del(&cmd->list);
1703
1704 if (match->sk == NULL) {
1705 match->sk = cmd->sk;
1706 sock_hold(match->sk);
1707 }
1708
1709 mgmt_pending_free(cmd);
1710}
1711
3b0602cd 1712static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1713{
1714 u8 *status = data;
1715
a69e8375 1716 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1717 mgmt_pending_remove(cmd);
1718}
1719
3b0602cd 1720static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1721{
1722 if (cmd->cmd_complete) {
1723 u8 *status = data;
1724
1725 cmd->cmd_complete(cmd, *status);
1726 mgmt_pending_remove(cmd);
1727
1728 return;
1729 }
1730
1731 cmd_status_rsp(cmd, data);
1732}
1733
3b0602cd 1734static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1735{
2a1afb5a
JH		 1736 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1737 cmd->param, cmd->param_len);
f5818c22
JH		 1738}
1739
3b0602cd 1740static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1741{
2a1afb5a
JH		 1742 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1743 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1744}
1745
e6fe7986
JH		 1746static u8 mgmt_bredr_support(struct hci_dev *hdev)
1747{
1748 if (!lmp_bredr_capable(hdev))
1749 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1750 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1751 return MGMT_STATUS_REJECTED;
1752 else
1753 return MGMT_STATUS_SUCCESS;
1754}
1755
1756static u8 mgmt_le_support(struct hci_dev *hdev)
1757{
1758 if (!lmp_le_capable(hdev))
1759 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1760 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1761 return MGMT_STATUS_REJECTED;
1762 else
1763 return MGMT_STATUS_SUCCESS;
1764}
1765
1904a853
MH		 1766static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1767 u16 opcode)
bfaf8c9f 1768{
3b0602cd 1769 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1770 struct mgmt_mode *cp;
970ba524 1771 struct hci_request req;
bfaf8c9f
JH		 1772 bool changed;
1773
1774 BT_DBG("status 0x%02x", status);
1775
1776 hci_dev_lock(hdev);
1777
333ae95d 1778 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1779 if (!cmd)
1780 goto unlock;
1781
1782 if (status) {
1783 u8 mgmt_err = mgmt_status(status);
a69e8375 1784 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1785 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1786 goto remove_cmd;
1787 }
1788
1789 cp = cmd->param;
d4462a07 1790 if (cp->val) {
238be788 1791 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
d4462a07
MH		 1792
1793 if (hdev->discov_timeout > 0) {
1794 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1795 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1796 to);
1797 }
1798 } else {
a69d8927 1799 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
d4462a07 1800 }
bfaf8c9f
JH		 1801
1802 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1803
1804 if (changed)
1805 new_settings(hdev, cmd->sk);
1806
970ba524
MH		 1807 /* When the discoverable mode gets changed, make sure
1808 * that class of device has the limited discoverable
432df05e
JH		 1809 * bit correctly set. Also update page scan based on whitelist
1810 * entries.
970ba524
MH		 1811 */
1812 hci_req_init(&req, hdev);
1d2dc5b7 1813 __hci_update_page_scan(&req);
970ba524
MH		 1814 update_class(&req);
1815 hci_req_run(&req, NULL);
1816
bfaf8c9f
JH		 1817remove_cmd:
1818 mgmt_pending_remove(cmd);
1819
1820unlock:
1821 hci_dev_unlock(hdev);
1822}
1823
bdb6d971 1824static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1825 u16 len)
73f22f62 1826{
650f726d 1827 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1828 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1829 struct hci_request req;
5e5282bb 1830 u16 timeout;
9a43e25f 1831 u8 scan;
73f22f62
JH		 1832 int err;
1833
bdb6d971 1834 BT_DBG("request for %s", hdev->name);
73f22f62 1835
d7a5a11d
MH		 1836 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1837 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1838 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1839 MGMT_STATUS_REJECTED);
33c525c0 1840
310a3d48 1841 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1842 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1843 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1844
1f350c87 1845 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1846
1847 /* Disabling discoverable requires that no timeout is set,
1848 * and enabling limited discoverable requires a timeout.
1849 */
1850 if ((cp->val == 0x00 && timeout > 0) ||
1851 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1852 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1853 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1854
09fd0de5 1855 hci_dev_lock(hdev);
73f22f62 1856
5e5282bb 1857 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1858 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1859 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1860 goto failed;
1861 }
1862
333ae95d
JH		 1863 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1864 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1865 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1866 MGMT_STATUS_BUSY);
73f22f62
JH		 1867 goto failed;
1868 }
1869
d7a5a11d 1870 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1871 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1872 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1873 goto failed;
1874 }
1875
1876 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1877 bool changed = false;
1878
310a3d48
MH		 1879 /* Setting limited discoverable when powered off is
1880 * not a valid operation since it requires a timeout
1881 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1882 */
d7a5a11d 1883 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1884 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1885 changed = true;
1886 }
1887
5e5282bb 1888 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1889 if (err < 0)
1890 goto failed;
1891
1892 if (changed)
1893 err = new_settings(hdev, sk);
1894
5e5282bb
JH		 1895 goto failed;
1896 }
1897
310a3d48
MH		 1898 /* If the current mode is the same, then just update the timeout
1899 * value with the new value. And if only the timeout gets updated,
1900 * then no need for any HCI transactions.
1901 */
d7a5a11d
MH		 1902 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1903 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1904 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1905 cancel_delayed_work(&hdev->discov_off);
1906 hdev->discov_timeout = timeout;
955638ec 1907
36261547
MH		 1908 if (cp->val && hdev->discov_timeout > 0) {
1909 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1910 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1911 to);
955638ec
MH		 1912 }
1913
69ab39ea 1914 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1915 goto failed;
1916 }
1917
2e58ef3e 1918 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1919 if (!cmd) {
1920 err = -ENOMEM;
73f22f62 1921 goto failed;
366a0336 1922 }
73f22f62 1923
310a3d48
MH		 1924 /* Cancel any potential discoverable timeout that might be
1925 * still active and store new timeout value. The arming of
1926 * the timeout happens in the complete handler.
1927 */
1928 cancel_delayed_work(&hdev->discov_off);
1929 hdev->discov_timeout = timeout;
1930
b456f87c
JH		 1931 /* Limited discoverable mode */
1932 if (cp->val == 0x02)
a1536da2 1933 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1934 else
a358dc11 1935 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1936
bfaf8c9f
JH		 1937 hci_req_init(&req, hdev);
1938
9a43e25f
JH		 1939 /* The procedure for LE-only controllers is much simpler - just
1940 * update the advertising data.
1941 */
d7a5a11d 1942 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
9a43e25f
JH		 1943 goto update_ad;
1944
73f22f62
JH		 1945 scan = SCAN_PAGE;
1946
310a3d48
MH		 1947 if (cp->val) {
1948 struct hci_cp_write_current_iac_lap hci_cp;
1949
1950 if (cp->val == 0x02) {
1951 /* Limited discoverable mode */
33337dcb 1952 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1953 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1954 hci_cp.iac_lap[1] = 0x8b;
1955 hci_cp.iac_lap[2] = 0x9e;
1956 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1957 hci_cp.iac_lap[4] = 0x8b;
1958 hci_cp.iac_lap[5] = 0x9e;
1959 } else {
1960 /* General discoverable mode */
310a3d48
MH		 1961 hci_cp.num_iac = 1;
1962 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1963 hci_cp.iac_lap[1] = 0x8b;
1964 hci_cp.iac_lap[2] = 0x9e;
1965 }
1966
1967 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1968 (hci_cp.num_iac * 3) + 1, &hci_cp);
1969
73f22f62 1970 scan |= SCAN_INQUIRY;
310a3d48 1971 } else {
a358dc11 1972 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
310a3d48 1973 }
73f22f62 1974
310a3d48 1975 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1976
9a43e25f
JH		 1977update_ad:
1978 update_adv_data(&req);
1979
bfaf8c9f 1980 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1981 if (err < 0)
a664b5bc 1982 mgmt_pending_remove(cmd);
73f22f62
JH		 1983
1984failed:
09fd0de5 1985 hci_dev_unlock(hdev);
73f22f62
JH		 1986 return err;
1987}
1988
406d7804
JH		 1989static void write_fast_connectable(struct hci_request *req, bool enable)
1990{
bd98b996 1991 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1992 struct hci_cp_write_page_scan_activity acp;
1993 u8 type;
1994
d7a5a11d 1995 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
547003b1
JH		 1996 return;
1997
4c01f8b8
JH		 1998 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1999 return;
2000
406d7804
JH		 2001 if (enable) {
2002 type = PAGE_SCAN_TYPE_INTERLACED;
2003
2004 /* 160 msec page scan interval */
dcf4adbf 2005 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 2006 } else {
2007 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2008
2009 /* default 1.28 sec page scan */
dcf4adbf 2010 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 2011 }
2012
dcf4adbf 2013 acp.window = cpu_to_le16(0x0012);
406d7804 2014
bd98b996
JH		 2015 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
2016 __cpu_to_le16(hdev->page_scan_window) != acp.window)
2017 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2018 sizeof(acp), &acp);
2019
2020 if (hdev->page_scan_type != type)
2021 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 2022}
2023
1904a853
MH		 2024static void set_connectable_complete(struct hci_dev *hdev, u8 status,
2025 u16 opcode)
2b76f453 2026{
3b0602cd 2027 struct mgmt_pending_cmd *cmd;
d7b856f9 2028 struct mgmt_mode *cp;
bc6d2d04 2029 bool conn_changed, discov_changed;
2b76f453
JH		 2030
2031 BT_DBG("status 0x%02x", status);
2032
2033 hci_dev_lock(hdev);
2034
333ae95d 2035 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 2036 if (!cmd)
2037 goto unlock;
2038
37438c1f
JH		 2039 if (status) {
2040 u8 mgmt_err = mgmt_status(status);
a69e8375 2041 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 2042 goto remove_cmd;
2043 }
2044
d7b856f9 2045 cp = cmd->param;
bc6d2d04 2046 if (cp->val) {
238be788
MH		 2047 conn_changed = !hci_dev_test_and_set_flag(hdev,
2048 HCI_CONNECTABLE);
bc6d2d04
JH		 2049 discov_changed = false;
2050 } else {
a69d8927
MH		 2051 conn_changed = hci_dev_test_and_clear_flag(hdev,
2052 HCI_CONNECTABLE);
2053 discov_changed = hci_dev_test_and_clear_flag(hdev,
2054 HCI_DISCOVERABLE);
bc6d2d04 2055 }
d7b856f9 2056
2b76f453
JH		 2057 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
2058
bc6d2d04 2059 if (conn_changed || discov_changed) {
d7b856f9 2060 new_settings(hdev, cmd->sk);
1d2dc5b7 2061 hci_update_page_scan(hdev);
bc6d2d04
JH		 2062 if (discov_changed)
2063 mgmt_update_adv_data(hdev);
2b7be33e
JH		 2064 hci_update_background_scan(hdev);
2065 }
d7b856f9 2066
37438c1f 2067remove_cmd:
2b76f453
JH		 2068 mgmt_pending_remove(cmd);
2069
2070unlock:
2071 hci_dev_unlock(hdev);
2072}
2073
e8ba3a1f
JH		 2074static int set_connectable_update_settings(struct hci_dev *hdev,
2075 struct sock *sk, u8 val)
2076{
2077 bool changed = false;
2078 int err;
2079
d7a5a11d 2080 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 2081 changed = true;
2082
2083 if (val) {
a1536da2 2084 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 2085 } else {
a358dc11
MH		 2086 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
2087 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 2088 }
2089
2090 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
2091 if (err < 0)
2092 return err;
2093
562064e6 2094 if (changed) {
1d2dc5b7 2095 hci_update_page_scan(hdev);
562064e6 2096 hci_update_background_scan(hdev);
e8ba3a1f 2097 return new_settings(hdev, sk);
562064e6 2098 }
e8ba3a1f
JH		 2099
2100 return 0;
2101}
2102
bdb6d971 2103static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2104 u16 len)
9fbcbb45 2105{
650f726d 2106 struct mgmt_mode *cp = data;
3b0602cd 2107 struct mgmt_pending_cmd *cmd;
2b76f453 2108 struct hci_request req;
1987fdc7 2109 u8 scan;
9fbcbb45
JH		 2110 int err;
2111
bdb6d971 2112 BT_DBG("request for %s", hdev->name);
9fbcbb45 2113
d7a5a11d
MH		 2114 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2115 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 2116 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2117 MGMT_STATUS_REJECTED);
33c525c0 2118
a7e80f25 2119 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2120 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2121 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2122
09fd0de5 2123 hci_dev_lock(hdev);
9fbcbb45 2124
4b34ee78 2125 if (!hdev_is_powered(hdev)) {
e8ba3a1f 2126 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 2127 goto failed;
2128 }
2129
333ae95d
JH		 2130 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
2131 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 2132 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2133 MGMT_STATUS_BUSY);
9fbcbb45
JH		 2134 goto failed;
2135 }
2136
2e58ef3e 2137 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 2138 if (!cmd) {
2139 err = -ENOMEM;
9fbcbb45 2140 goto failed;
366a0336 2141 }
9fbcbb45 2142
9b74246f 2143 hci_req_init(&req, hdev);
9fbcbb45 2144
9a43e25f
JH		 2145 /* If BR/EDR is not enabled and we disable advertising as a
2146 * by-product of disabling connectable, we need to update the
2147 * advertising flags.
2148 */
d7a5a11d 2149 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
9a43e25f 2150 if (!cp->val) {
a358dc11
MH		 2151 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2152 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
9a43e25f
JH		 2153 }
2154 update_adv_data(&req);
2155 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 2156 if (cp->val) {
2157 scan = SCAN_PAGE;
2158 } else {
3bd27240
JH		 2159 /* If we don't have any whitelist entries just
2160 * disable all scanning. If there are entries
2161 * and we had both page and inquiry scanning
2162 * enabled then fall back to only page scanning.
2163 * Otherwise no changes are needed.
2164 */
2165 if (list_empty(&hdev->whitelist))
2166 scan = SCAN_DISABLED;
2167 else if (test_bit(HCI_ISCAN, &hdev->flags))
2168 scan = SCAN_PAGE;
2169 else
2170 goto no_scan_update;
9b74246f
JH		 2171
2172 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 2173 hdev->discov_timeout > 0)
9b74246f
JH		 2174 cancel_delayed_work(&hdev->discov_off);
2175 }
2b76f453 2176
9b74246f
JH		 2177 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2178 }
2b76f453 2179
3bd27240 2180no_scan_update:
e8b1202c 2181 /* Update the advertising parameters if necessary */
880897d4
AU		 2182 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2183 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
1987fdc7 2184 enable_advertising(&req);
1987fdc7 2185
2b76f453 2186 err = hci_req_run(&req, set_connectable_complete);
9b74246f 2187 if (err < 0) {
a664b5bc 2188 mgmt_pending_remove(cmd);
9b74246f 2189 if (err == -ENODATA)
a81070ba
JH		 2190 err = set_connectable_update_settings(hdev, sk,
2191 cp->val);
9b74246f
JH		 2192 goto failed;
2193 }
9fbcbb45
JH		 2194
2195failed:
09fd0de5 2196 hci_dev_unlock(hdev);
9fbcbb45
JH		 2197 return err;
2198}
2199
b2939475 2200static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2201 u16 len)
c542a06c 2202{
650f726d 2203 struct mgmt_mode *cp = data;
55594356 2204 bool changed;
c542a06c
JH		 2205 int err;
2206
bdb6d971 2207 BT_DBG("request for %s", hdev->name);
c542a06c 2208
a7e80f25 2209 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2210 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2211 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2212
09fd0de5 2213 hci_dev_lock(hdev);
c542a06c
JH		 2214
2215 if (cp->val)
238be788 2216 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 2217 else
a69d8927 2218 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 2219
b2939475 2220 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 2221 if (err < 0)
55594356 2222 goto unlock;
c542a06c 2223
55594356
MH		 2224 if (changed)
2225 err = new_settings(hdev, sk);
c542a06c 2226
55594356 2227unlock:
09fd0de5 2228 hci_dev_unlock(hdev);
c542a06c
JH		 2229 return err;
2230}
2231
04124681
GP		 2232static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2233 u16 len)
33ef95ed
JH		 2234{
2235 struct mgmt_mode *cp = data;
3b0602cd 2236 struct mgmt_pending_cmd *cmd;
e6fe7986 2237 u8 val, status;
33ef95ed
JH		 2238 int err;
2239
bdb6d971 2240 BT_DBG("request for %s", hdev->name);
33ef95ed 2241
e6fe7986
JH		 2242 status = mgmt_bredr_support(hdev);
2243 if (status)
a69e8375
JH		 2244 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2245 status);
33c525c0 2246
a7e80f25 2247 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2248 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2249 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2250
33ef95ed
JH		 2251 hci_dev_lock(hdev);
2252
4b34ee78 2253 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2254 bool changed = false;
2255
d7a5a11d 2256 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 2257 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 2258 changed = true;
2259 }
2260
2261 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2262 if (err < 0)
2263 goto failed;
2264
2265 if (changed)
2266 err = new_settings(hdev, sk);
2267
33ef95ed
JH		 2268 goto failed;
2269 }
2270
333ae95d 2271 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 2272 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2273 MGMT_STATUS_BUSY);
33ef95ed
JH		 2274 goto failed;
2275 }
2276
2277 val = !!cp->val;
2278
2279 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2280 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2281 goto failed;
2282 }
2283
2284 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2285 if (!cmd) {
2286 err = -ENOMEM;
2287 goto failed;
2288 }
2289
2290 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2291 if (err < 0) {
2292 mgmt_pending_remove(cmd);
2293 goto failed;
2294 }
2295
2296failed:
2297 hci_dev_unlock(hdev);
33ef95ed
JH		 2298 return err;
2299}
2300
bdb6d971 2301static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2302{
2303 struct mgmt_mode *cp = data;
3b0602cd 2304 struct mgmt_pending_cmd *cmd;
72ef0c1a 2305 u8 status;
ed2c4ee3
JH		 2306 int err;
2307
bdb6d971 2308 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2309
cdba5281
MH		 2310 status = mgmt_bredr_support(hdev);
2311 if (status)
a69e8375 2312 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 2313
13ecd8b6 2314 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2315 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2316 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2317
a7e80f25 2318 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2319 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2320 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2321
13ecd8b6 2322 hci_dev_lock(hdev);
6c8f12c1 2323
4b34ee78 2324 if (!hdev_is_powered(hdev)) {
9ecb3e24 2325 bool changed;
c0ecddc2 2326
9ecb3e24 2327 if (cp->val) {
238be788
MH		 2328 changed = !hci_dev_test_and_set_flag(hdev,
2329 HCI_SSP_ENABLED);
9ecb3e24 2330 } else {
a69d8927
MH		 2331 changed = hci_dev_test_and_clear_flag(hdev,
2332 HCI_SSP_ENABLED);
9ecb3e24 2333 if (!changed)
a69d8927
MH		 2334 changed = hci_dev_test_and_clear_flag(hdev,
2335 HCI_HS_ENABLED);
9ecb3e24 2336 else
a358dc11 2337 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 2338 }
2339
2340 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2341 if (err < 0)
2342 goto failed;
2343
2344 if (changed)
2345 err = new_settings(hdev, sk);
2346
ed2c4ee3
JH		 2347 goto failed;
2348 }
2349
333ae95d 2350 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2351 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2352 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2353 goto failed;
2354 }
2355
d7a5a11d 2356 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 2357 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2358 goto failed;
2359 }
2360
2361 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2362 if (!cmd) {
2363 err = -ENOMEM;
2364 goto failed;
2365 }
2366
d7a5a11d 2367 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 2368 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2369 sizeof(cp->val), &cp->val);
2370
72ef0c1a 2371 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2372 if (err < 0) {
2373 mgmt_pending_remove(cmd);
2374 goto failed;
2375 }
2376
2377failed:
2378 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2379 return err;
2380}
2381
bdb6d971 2382static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2383{
2384 struct mgmt_mode *cp = data;
ee392693 2385 bool changed;
e6fe7986 2386 u8 status;
ee392693 2387 int err;
6d80dfd0 2388
bdb6d971 2389 BT_DBG("request for %s", hdev->name);
6d80dfd0 2390
e6fe7986
JH		 2391 status = mgmt_bredr_support(hdev);
2392 if (status)
a69e8375 2393 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2394
9ecb3e24 2395 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2396 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2397 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 2398
d7a5a11d 2399 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 2400 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2401 MGMT_STATUS_REJECTED);
9ecb3e24 2402
a7e80f25 2403 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2404 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2405 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2406
ee392693
MH		 2407 hci_dev_lock(hdev);
2408
333ae95d 2409 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2410 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2411 MGMT_STATUS_BUSY);
a2cb01de
JH		 2412 goto unlock;
2413 }
2414
a0cdf960 2415 if (cp->val) {
238be788 2416 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 2417 } else {
2418 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2419 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2420 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2421 goto unlock;
2422 }
2423
a69d8927 2424 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 2425 }
ee392693
MH		 2426
2427 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2428 if (err < 0)
2429 goto unlock;
2430
2431 if (changed)
2432 err = new_settings(hdev, sk);
6d80dfd0 2433
ee392693
MH		 2434unlock:
2435 hci_dev_unlock(hdev);
2436 return err;
6d80dfd0
JH		 2437}
2438
1904a853 2439static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2440{
2441 struct cmd_lookup match = { NULL, hdev };
2442
3ad67582
JK		 2443 hci_dev_lock(hdev);
2444
416a4ae5
JH		 2445 if (status) {
2446 u8 mgmt_err = mgmt_status(status);
2447
2448 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2449 &mgmt_err);
3ad67582 2450 goto unlock;
416a4ae5
JH		 2451 }
2452
2453 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2454
2455 new_settings(hdev, match.sk);
2456
2457 if (match.sk)
2458 sock_put(match.sk);
441ad2d0
MH		 2459
2460 /* Make sure the controller has a good default for
2461 * advertising data. Restrict the update to when LE
2462 * has actually been enabled. During power on, the
2463 * update in powered_update_hci will take care of it.
2464 */
d7a5a11d 2465 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 2466 struct hci_request req;
2467
441ad2d0 2468 hci_req_init(&req, hdev);
5947f4bc 2469 update_adv_data(&req);
f14d8f64 2470 update_scan_rsp_data(&req);
441ad2d0 2471 hci_req_run(&req, NULL);
2e93e53b 2472 hci_update_background_scan(hdev);
441ad2d0 2473 }
3ad67582
JK		 2474
2475unlock:
2476 hci_dev_unlock(hdev);
416a4ae5
JH		 2477}
2478
bdb6d971 2479static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2480{
2481 struct mgmt_mode *cp = data;
2482 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 2483 struct mgmt_pending_cmd *cmd;
416a4ae5 2484 struct hci_request req;
06199cf8 2485 int err;
0b60eba1 2486 u8 val, enabled;
06199cf8 2487
bdb6d971 2488 BT_DBG("request for %s", hdev->name);
06199cf8 2489
13ecd8b6 2490 if (!lmp_le_capable(hdev))
a69e8375
JH		 2491 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2492 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2493
a7e80f25 2494 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2495 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2496 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2497
e7844ee5
MH		 2498 /* Bluetooth single mode LE only controllers or dual-mode
2499 * controllers configured as LE only devices, do not allow
2500 * switching LE off. These have either LE enabled explicitly
2501 * or BR/EDR has been previously switched off.
2502 *
2503 * When trying to enable an already enabled LE, then gracefully
2504 * send a positive response. Trying to disable it however will
2505 * result into rejection.
2506 */
2507 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2508 if (cp->val == 0x01)
2509 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2510
a69e8375
JH		 2511 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2512 MGMT_STATUS_REJECTED);
e7844ee5 2513 }
c73eee91 2514
13ecd8b6 2515 hci_dev_lock(hdev);
06199cf8
JH		 2516
2517 val = !!cp->val;
ffa88e02 2518 enabled = lmp_host_le_capable(hdev);
06199cf8 2519
847818d9
FG		 2520 if (!val)
2521 clear_adv_instance(hdev, NULL, 0x00, true);
2522
0b60eba1 2523 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2524 bool changed = false;
2525
d7a5a11d 2526 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 2527 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 2528 changed = true;
2529 }
2530
d7a5a11d 2531 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 2532 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 2533 changed = true;
2534 }
2535
06199cf8
JH		 2536 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2537 if (err < 0)
1de028ce 2538 goto unlock;
06199cf8
JH		 2539
2540 if (changed)
2541 err = new_settings(hdev, sk);
2542
1de028ce 2543 goto unlock;
06199cf8
JH		 2544 }
2545
333ae95d
JH		 2546 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2547 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2548 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2549 MGMT_STATUS_BUSY);
1de028ce 2550 goto unlock;
06199cf8
JH		 2551 }
2552
2553 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2554 if (!cmd) {
2555 err = -ENOMEM;
1de028ce 2556 goto unlock;
06199cf8
JH		 2557 }
2558
441ad2d0
MH		 2559 hci_req_init(&req, hdev);
2560
06199cf8
JH		 2561 memset(&hci_cp, 0, sizeof(hci_cp));
2562
2563 if (val) {
2564 hci_cp.le = val;
32226e4f 2565 hci_cp.simul = 0x00;
441ad2d0 2566 } else {
d7a5a11d 2567 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
441ad2d0 2568 disable_advertising(&req);
06199cf8
JH		 2569 }
2570
416a4ae5
JH		 2571 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2572 &hci_cp);
2573
2574 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2575 if (err < 0)
06199cf8 2576 mgmt_pending_remove(cmd);
06199cf8 2577
1de028ce
JH		 2578unlock:
2579 hci_dev_unlock(hdev);
06199cf8
JH		 2580 return err;
2581}
2582
0cab9c80
JH		 2583/* This is a helper function to test for pending mgmt commands that can
2584 * cause CoD or EIR HCI commands. We can only allow one such pending
2585 * mgmt command at a time since otherwise we cannot easily track what
2586 * the current values are, will be, and based on that calculate if a new
2587 * HCI command needs to be sent and if yes with what value.
2588 */
2589static bool pending_eir_or_class(struct hci_dev *hdev)
2590{
3b0602cd 2591 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2592
2593 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2594 switch (cmd->opcode) {
2595 case MGMT_OP_ADD_UUID:
2596 case MGMT_OP_REMOVE_UUID:
2597 case MGMT_OP_SET_DEV_CLASS:
2598 case MGMT_OP_SET_POWERED:
2599 return true;
2600 }
2601 }
2602
2603 return false;
2604}
2605
83be8eca
JH		 2606static const u8 bluetooth_base_uuid[] = {
2607 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2608 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2609};
2610
2611static u8 get_uuid_size(const u8 *uuid)
2612{
2613 u32 val;
2614
2615 if (memcmp(uuid, bluetooth_base_uuid, 12))
2616 return 128;
2617
2618 val = get_unaligned_le32(&uuid[12]);
2619 if (val > 0xffff)
2620 return 32;
2621
2622 return 16;
2623}
2624
92da6097
JH		 2625static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2626{
3b0602cd 2627 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2628
2629 hci_dev_lock(hdev);
2630
333ae95d 2631 cmd = pending_find(mgmt_op, hdev);
92da6097
JH		 2632 if (!cmd)
2633 goto unlock;
2634
2a1afb5a
JH		 2635 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2636 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2637
2638 mgmt_pending_remove(cmd);
2639
2640unlock:
2641 hci_dev_unlock(hdev);
2642}
2643
1904a853 2644static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2645{
2646 BT_DBG("status 0x%02x", status);
2647
2648 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2649}
2650
bdb6d971 2651static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2652{
650f726d 2653 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2654 struct mgmt_pending_cmd *cmd;
890ea898 2655 struct hci_request req;
2aeb9a1a 2656 struct bt_uuid *uuid;
2aeb9a1a
JH		 2657 int err;
2658
bdb6d971 2659 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2660
09fd0de5 2661 hci_dev_lock(hdev);
2aeb9a1a 2662
0cab9c80 2663 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2664 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2665 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2666 goto failed;
2667 }
2668
92c4c204 2669 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2670 if (!uuid) {
2671 err = -ENOMEM;
2672 goto failed;
2673 }
2674
2675 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2676 uuid->svc_hint = cp->svc_hint;
83be8eca 2677 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2678
de66aa63 2679 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2680
890ea898 2681 hci_req_init(&req, hdev);
1aff6f09 2682
890ea898
JH		 2683 update_class(&req);
2684 update_eir(&req);
2685
92da6097
JH		 2686 err = hci_req_run(&req, add_uuid_complete);
2687 if (err < 0) {
2688 if (err != -ENODATA)
2689 goto failed;
80a1e1db 2690
2a1afb5a
JH		 2691 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2692 hdev->dev_class, 3);
90e70454
JH		 2693 goto failed;
2694 }
2695
2696 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2697 if (!cmd) {
90e70454 2698 err = -ENOMEM;
890ea898
JH		 2699 goto failed;
2700 }
2701
2702 err = 0;
2aeb9a1a
JH		 2703
2704failed:
09fd0de5 2705 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2706 return err;
2707}
2708
24b78d0f
JH		 2709static bool enable_service_cache(struct hci_dev *hdev)
2710{
2711 if (!hdev_is_powered(hdev))
2712 return false;
2713
238be788 2714 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2715 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2716 CACHE_TIMEOUT);
24b78d0f
JH		 2717 return true;
2718 }
2719
2720 return false;
2721}
2722
1904a853 2723static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2724{
2725 BT_DBG("status 0x%02x", status);
2726
2727 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2728}
2729
bdb6d971 2730static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2731 u16 len)
2aeb9a1a 2732{
650f726d 2733 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2734 struct mgmt_pending_cmd *cmd;
056341c8 2735 struct bt_uuid *match, *tmp;
2aeb9a1a 2736 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2737 struct hci_request req;
2aeb9a1a
JH		 2738 int err, found;
2739
bdb6d971 2740 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2741
09fd0de5 2742 hci_dev_lock(hdev);
2aeb9a1a 2743
0cab9c80 2744 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2745 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2746 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2747 goto unlock;
2748 }
2749
2aeb9a1a 2750 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2751 hci_uuids_clear(hdev);
4004b6d9 2752
24b78d0f 2753 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2754 err = mgmt_cmd_complete(sk, hdev->id,
2755 MGMT_OP_REMOVE_UUID,
2756 0, hdev->dev_class, 3);
24b78d0f
JH		 2757 goto unlock;
2758 }
4004b6d9 2759
9246a869 2760 goto update_class;
2aeb9a1a
JH		 2761 }
2762
2763 found = 0;
2764
056341c8 2765 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2766 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2767 continue;
2768
2769 list_del(&match->list);
482049f7 2770 kfree(match);
2aeb9a1a
JH		 2771 found++;
2772 }
2773
2774 if (found == 0) {
a69e8375
JH		 2775 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2776 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2777 goto unlock;
2778 }
2779
9246a869 2780update_class:
890ea898 2781 hci_req_init(&req, hdev);
1aff6f09 2782
890ea898
JH		 2783 update_class(&req);
2784 update_eir(&req);
2785
92da6097
JH		 2786 err = hci_req_run(&req, remove_uuid_complete);
2787 if (err < 0) {
2788 if (err != -ENODATA)
2789 goto unlock;
80a1e1db 2790
2a1afb5a
JH		 2791 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2792 hdev->dev_class, 3);
90e70454
JH		 2793 goto unlock;
2794 }
2795
2796 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2797 if (!cmd) {
90e70454 2798 err = -ENOMEM;
890ea898
JH		 2799 goto unlock;
2800 }
2801
2802 err = 0;
2aeb9a1a
JH		 2803
2804unlock:
09fd0de5 2805 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2806 return err;
2807}
2808
1904a853 2809static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2810{
2811 BT_DBG("status 0x%02x", status);
2812
2813 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2814}
2815
bdb6d971 2816static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2817 u16 len)
1aff6f09 2818{
650f726d 2819 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2820 struct mgmt_pending_cmd *cmd;
890ea898 2821 struct hci_request req;
1aff6f09
JH		 2822 int err;
2823
bdb6d971 2824 BT_DBG("request for %s", hdev->name);
1aff6f09 2825
6203fc98 2826 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2827 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2828 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2829
0cab9c80 2830 hci_dev_lock(hdev);
ee98f473 2831
0cab9c80 2832 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2833 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2834 MGMT_STATUS_BUSY);
0cab9c80
JH		 2835 goto unlock;
2836 }
c95f0ba7 2837
0cab9c80 2838 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2839 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2840 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2841 goto unlock;
2842 }
575b3a02 2843
932f5ff5
JH		 2844 hdev->major_class = cp->major;
2845 hdev->minor_class = cp->minor;
2846
b5235a65 2847 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2848 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2849 hdev->dev_class, 3);
b5235a65
JH		 2850 goto unlock;
2851 }
2852
890ea898
JH		 2853 hci_req_init(&req, hdev);
2854
a69d8927 2855 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2856 hci_dev_unlock(hdev);
2857 cancel_delayed_work_sync(&hdev->service_cache);
2858 hci_dev_lock(hdev);
890ea898 2859 update_eir(&req);
7d78525d 2860 }
14c0b608 2861
890ea898
JH		 2862 update_class(&req);
2863
92da6097
JH		 2864 err = hci_req_run(&req, set_class_complete);
2865 if (err < 0) {
2866 if (err != -ENODATA)
2867 goto unlock;
1aff6f09 2868
2a1afb5a
JH		 2869 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2870 hdev->dev_class, 3);
90e70454
JH		 2871 goto unlock;
2872 }
2873
2874 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2875 if (!cmd) {
90e70454 2876 err = -ENOMEM;
890ea898
JH		 2877 goto unlock;
2878 }
2879
2880 err = 0;
1aff6f09 2881
b5235a65 2882unlock:
09fd0de5 2883 hci_dev_unlock(hdev);
1aff6f09
JH		 2884 return err;
2885}
2886
bdb6d971 2887static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2888 u16 len)
55ed8ca1 2889{
650f726d 2890 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2891 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2892 sizeof(struct mgmt_link_key_info));
4e51eae9 2893 u16 key_count, expected_len;
b1de97d8 2894 bool changed;
a492cd52 2895 int i;
55ed8ca1 2896
9060d5cf
MH		 2897 BT_DBG("request for %s", hdev->name);
2898
2899 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2900 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2901 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2902
1f350c87 2903 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2904 if (key_count > max_key_count) {
2905 BT_ERR("load_link_keys: too big key_count value %u",
2906 key_count);
a69e8375
JH		 2907 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2908 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2909 }
55ed8ca1 2910
86742e1e
JH		 2911 expected_len = sizeof(*cp) + key_count *
2912 sizeof(struct mgmt_link_key_info);
a492cd52 2913 if (expected_len != len) {
86742e1e 2914 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2915 expected_len, len);
a69e8375
JH		 2916 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2917 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2918 }
2919
4ae14301 2920 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2921 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2922 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2923
bdb6d971 2924 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2925 key_count);
55ed8ca1 2926
4ee71b20
JH		 2927 for (i = 0; i < key_count; i++) {
2928 struct mgmt_link_key_info *key = &cp->keys[i];
2929
8e991132 2930 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2931 return mgmt_cmd_status(sk, hdev->id,
2932 MGMT_OP_LOAD_LINK_KEYS,
2933 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2934 }
2935
09fd0de5 2936 hci_dev_lock(hdev);
55ed8ca1
JH		 2937
2938 hci_link_keys_clear(hdev);
2939
55ed8ca1 2940 if (cp->debug_keys)
238be788 2941 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2942 else
a69d8927
MH		 2943 changed = hci_dev_test_and_clear_flag(hdev,
2944 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2945
2946 if (changed)
2947 new_settings(hdev, NULL);
55ed8ca1 2948
a492cd52 2949 for (i = 0; i < key_count; i++) {
86742e1e 2950 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2951
58e9293c
JH		 2952 /* Always ignore debug keys and require a new pairing if
2953 * the user wants to use them.
2954 */
2955 if (key->type == HCI_LK_DEBUG_COMBINATION)
2956 continue;
2957
7652ff6a
JH		 2958 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2959 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2960 }
2961
2a1afb5a 2962 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2963
09fd0de5 2964 hci_dev_unlock(hdev);
55ed8ca1 2965
a492cd52 2966 return 0;
55ed8ca1
JH		 2967}
2968
b1078ad0 2969static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2970 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2971{
2972 struct mgmt_ev_device_unpaired ev;
2973
2974 bacpy(&ev.addr.bdaddr, bdaddr);
2975 ev.addr.type = addr_type;
2976
2977 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2978 skip_sk);
b1078ad0
JH		 2979}
2980
bdb6d971 2981static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2982 u16 len)
55ed8ca1 2983{
124f6e35
JH		 2984 struct mgmt_cp_unpair_device *cp = data;
2985 struct mgmt_rp_unpair_device rp;
fc64361a 2986 struct hci_conn_params *params;
3b0602cd 2987 struct mgmt_pending_cmd *cmd;
55ed8ca1 2988 struct hci_conn *conn;
ec182f03 2989 u8 addr_type;
55ed8ca1
JH		 2990 int err;
2991
a8a1d19e 2992 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2993 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2994 rp.addr.type = cp->addr.type;
a8a1d19e 2995
4ee71b20 2996 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2997 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2998 MGMT_STATUS_INVALID_PARAMS,
2999 &rp, sizeof(rp));
4ee71b20 3000
118da70b 3001 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 3002 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3003 MGMT_STATUS_INVALID_PARAMS,
3004 &rp, sizeof(rp));
118da70b 3005
4ee71b20
JH		 3006 hci_dev_lock(hdev);
3007
86a8cfc6 3008 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3009 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3010 MGMT_STATUS_NOT_POWERED, &rp,
3011 sizeof(rp));
86a8cfc6
JH		 3012 goto unlock;
3013 }
3014
e0b2b27e 3015 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 3016 /* If disconnection is requested, then look up the
3017 * connection. If the remote device is connected, it
3018 * will be later used to terminate the link.
3019 *
3020 * Setting it to NULL explicitly will cause no
3021 * termination of the link.
3022 */
3023 if (cp->disconnect)
3024 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3025 &cp->addr.bdaddr);
3026 else
3027 conn = NULL;
3028
124f6e35 3029 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
ec182f03
JH		 3030 if (err < 0) {
3031 err = mgmt_cmd_complete(sk, hdev->id,
3032 MGMT_OP_UNPAIR_DEVICE,
3033 MGMT_STATUS_NOT_PAIRED, &rp,
3034 sizeof(rp));
3035 goto unlock;
89cbb063
AA		 3036 }
3037
ec182f03 3038 goto done;
e0b2b27e 3039 }
b0dbfb46 3040
ec182f03
JH		 3041 /* LE address type */
3042 addr_type = le_addr_type(cp->addr.type);
3043
3044 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
3045
3046 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
55ed8ca1 3047 if (err < 0) {
2a1afb5a
JH		 3048 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3049 MGMT_STATUS_NOT_PAIRED, &rp,
3050 sizeof(rp));
55ed8ca1
JH		 3051 goto unlock;
3052 }
3053
ec182f03
JH		 3054 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
3055 if (!conn) {
3056 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
3057 goto done;
3058 }
3059
c81d555a
JH		 3060 /* Abort any ongoing SMP pairing */
3061 smp_cancel_pairing(conn);
3062
ec182f03
JH		 3063 /* Defer clearing up the connection parameters until closing to
3064 * give a chance of keeping them if a repairing happens.
3065 */
3066 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3067
fc64361a
JH		 3068 /* Disable auto-connection parameters if present */
3069 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
3070 if (params) {
3071 if (params->explicit_connect)
3072 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
3073 else
3074 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3075 }
3076
ec182f03
JH		 3077 /* If disconnection is not requested, then clear the connection
3078 * variable so that the link is not terminated.
3079 */
3080 if (!cp->disconnect)
3081 conn = NULL;
3082
3083done:
89cbb063
AA		 3084 /* If the connection variable is set, then termination of the
3085 * link is requested.
3086 */
a8a1d19e 3087 if (!conn) {
2a1afb5a
JH		 3088 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
3089 &rp, sizeof(rp));
b1078ad0 3090 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 3091 goto unlock;
3092 }
55ed8ca1 3093
124f6e35 3094 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 3095 sizeof(*cp));
a8a1d19e
JH		 3096 if (!cmd) {
3097 err = -ENOMEM;
3098 goto unlock;
55ed8ca1
JH		 3099 }
3100
d8b7b1e4
JH		 3101 cmd->cmd_complete = addr_cmd_complete;
3102
89e0ccc8 3103 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
a8a1d19e
JH		 3104 if (err < 0)
3105 mgmt_pending_remove(cmd);
3106
55ed8ca1 3107unlock:
09fd0de5 3108 hci_dev_unlock(hdev);
55ed8ca1
JH		 3109 return err;
3110}
3111
bdb6d971 3112static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3113 u16 len)
8962ee74 3114{
650f726d 3115 struct mgmt_cp_disconnect *cp = data;
06a63b19 3116 struct mgmt_rp_disconnect rp;
3b0602cd 3117 struct mgmt_pending_cmd *cmd;
8962ee74 3118 struct hci_conn *conn;
8962ee74
JH		 3119 int err;
3120
3121 BT_DBG("");
3122
06a63b19
JH		 3123 memset(&rp, 0, sizeof(rp));
3124 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3125 rp.addr.type = cp->addr.type;
3126
4ee71b20 3127 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3128 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3129 MGMT_STATUS_INVALID_PARAMS,
3130 &rp, sizeof(rp));
4ee71b20 3131
09fd0de5 3132 hci_dev_lock(hdev);
8962ee74
JH		 3133
3134 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 3135 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3136 MGMT_STATUS_NOT_POWERED, &rp,
3137 sizeof(rp));
8962ee74
JH		 3138 goto failed;
3139 }
3140
333ae95d 3141 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 3142 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3143 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 3144 goto failed;
3145 }
3146
591f47f3 3147 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 3148 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3149 &cp->addr.bdaddr);
88c3df13 3150 else
9d4c1cc1
JH		 3151 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
3152 le_addr_type(cp->addr.type));
365227e5 3153
f960727e 3154 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 3155 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3156 MGMT_STATUS_NOT_CONNECTED, &rp,
3157 sizeof(rp));
8962ee74
JH		 3158 goto failed;
3159 }
3160
2e58ef3e 3161 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 3162 if (!cmd) {
3163 err = -ENOMEM;
8962ee74 3164 goto failed;
366a0336 3165 }
8962ee74 3166
f5818c22
JH		 3167 cmd->cmd_complete = generic_cmd_complete;
3168
e3f2f92a 3169 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 3170 if (err < 0)
a664b5bc 3171 mgmt_pending_remove(cmd);
8962ee74
JH		 3172
3173failed:
09fd0de5 3174 hci_dev_unlock(hdev);
8962ee74
JH		 3175 return err;
3176}
3177
57c1477c 3178static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 3179{
3180 switch (link_type) {
3181 case LE_LINK:
48264f06
JH		 3182 switch (addr_type) {
3183 case ADDR_LE_DEV_PUBLIC:
591f47f3 3184 return BDADDR_LE_PUBLIC;
0ed09148 3185
48264f06 3186 default:
0ed09148 3187 /* Fallback to LE Random address type */
591f47f3 3188 return BDADDR_LE_RANDOM;
48264f06 3189 }
0ed09148 3190
4c659c39 3191 default:
0ed09148 3192 /* Fallback to BR/EDR type */
591f47f3 3193 return BDADDR_BREDR;
4c659c39
JH		 3194 }
3195}
3196
04124681
GP		 3197static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3198 u16 data_len)
2784eb41 3199{
2784eb41 3200 struct mgmt_rp_get_connections *rp;
8035ded4 3201 struct hci_conn *c;
a38528f1 3202 size_t rp_len;
60fc5fb6
JH		 3203 int err;
3204 u16 i;
2784eb41
JH		 3205
3206 BT_DBG("");
3207
09fd0de5 3208 hci_dev_lock(hdev);
2784eb41 3209
5f97c1df 3210 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3211 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3212 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3213 goto unlock;
3214 }
3215
60fc5fb6 3216 i = 0;
b644ba33
JH		 3217 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3218 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 3219 i++;
2784eb41
JH		 3220 }
3221
60fc5fb6 3222 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 3223 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 3224 if (!rp) {
2784eb41
JH		 3225 err = -ENOMEM;
3226 goto unlock;
3227 }
3228
2784eb41 3229 i = 0;
4c659c39 3230 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 3231 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3232 continue;
4c659c39 3233 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 3234 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 3235 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 3236 continue;
3237 i++;
3238 }
3239
eb55ef07 3240 rp->conn_count = cpu_to_le16(i);
60fc5fb6 3241
4c659c39
JH		 3242 /* Recalculate length in case of filtered SCO connections, etc */
3243 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 3244
2a1afb5a
JH		 3245 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3246 rp_len);
2784eb41 3247
a38528f1 3248 kfree(rp);
5f97c1df
JH		 3249
3250unlock:
09fd0de5 3251 hci_dev_unlock(hdev);
2784eb41
JH		 3252 return err;
3253}
3254
bdb6d971 3255static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3256 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 3257{
3b0602cd 3258 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 3259 int err;
3260
2e58ef3e 3261 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 3262 sizeof(*cp));
96d97a67
WR		 3263 if (!cmd)
3264 return -ENOMEM;
3265
d8457698 3266 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 3267 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 3268 if (err < 0)
3269 mgmt_pending_remove(cmd);
3270
3271 return err;
3272}
3273
bdb6d971 3274static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3275 u16 len)
980e1a53 3276{
96d97a67 3277 struct hci_conn *conn;
650f726d 3278 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3279 struct hci_cp_pin_code_reply reply;
3b0602cd 3280 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3281 int err;
3282
3283 BT_DBG("");
3284
09fd0de5 3285 hci_dev_lock(hdev);
980e1a53 3286
4b34ee78 3287 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3288 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3289 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3290 goto failed;
3291 }
3292
d8457698 3293 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3294 if (!conn) {
a69e8375
JH		 3295 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3296 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3297 goto failed;
3298 }
3299
3300 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3301 struct mgmt_cp_pin_code_neg_reply ncp;
3302
3303 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3304
3305 BT_ERR("PIN code is not 16 bytes long");
3306
bdb6d971 3307 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3308 if (err >= 0)
a69e8375
JH		 3309 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3310 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3311
3312 goto failed;
3313 }
3314
00abfe44 3315 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3316 if (!cmd) {
3317 err = -ENOMEM;
980e1a53 3318 goto failed;
366a0336 3319 }
980e1a53 3320
7776d1d8
JH		 3321 cmd->cmd_complete = addr_cmd_complete;
3322
d8457698 3323 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3324 reply.pin_len = cp->pin_len;
24718ca5 3325 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3326
3327 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3328 if (err < 0)
a664b5bc 3329 mgmt_pending_remove(cmd);
980e1a53
JH		 3330
3331failed:
09fd0de5 3332 hci_dev_unlock(hdev);
980e1a53
JH		 3333 return err;
3334}
3335
04124681
GP		 3336static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3337 u16 len)
17fa4b9d 3338{
650f726d 3339 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3340
3341 BT_DBG("");
3342
4ec86d4c 3343 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3344 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3345 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 3346
09fd0de5 3347 hci_dev_lock(hdev);
17fa4b9d
JH		 3348
3349 hdev->io_capability = cp->io_capability;
3350
3351 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3352 hdev->io_capability);
17fa4b9d 3353
09fd0de5 3354 hci_dev_unlock(hdev);
17fa4b9d 3355
2a1afb5a
JH		 3356 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3357 NULL, 0);
17fa4b9d
JH		 3358}
3359
3b0602cd 3360static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3361{
3362 struct hci_dev *hdev = conn->hdev;
3b0602cd 3363 struct mgmt_pending_cmd *cmd;
e9a416b5 3364
2e58ef3e 3365 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3366 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3367 continue;
3368
e9a416b5
JH		 3369 if (cmd->user_data != conn)
3370 continue;
3371
3372 return cmd;
3373 }
3374
3375 return NULL;
3376}
3377
3b0602cd 3378static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3379{
3380 struct mgmt_rp_pair_device rp;
3381 struct hci_conn *conn = cmd->user_data;
9df74653 3382 int err;
e9a416b5 3383
61b1a7fb
JH		 3384 bacpy(&rp.addr.bdaddr, &conn->dst);
3385 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3386
2a1afb5a
JH		 3387 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3388 status, &rp, sizeof(rp));
e9a416b5
JH		 3389
3390 /* So we don't get further callbacks for this connection */
3391 conn->connect_cfm_cb = NULL;
3392 conn->security_cfm_cb = NULL;
3393 conn->disconn_cfm_cb = NULL;
3394
76a68ba0 3395 hci_conn_drop(conn);
89cbb063
AA		 3396
3397 /* The device is paired so there is no need to remove
3398 * its connection parameters anymore.
3399 */
3400 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3401
3402 hci_conn_put(conn);
9df74653
JH		 3403
3404 return err;
e9a416b5
JH		 3405}
3406
f4a407be
JH		 3407void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3408{
3409 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3410 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3411
3412 cmd = find_pairing(conn);
a511b35b 3413 if (cmd) {
04ab2749 3414 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3415 mgmt_pending_remove(cmd);
3416 }
f4a407be
JH		 3417}
3418
e9a416b5
JH		 3419static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3420{
3b0602cd 3421 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3422
3423 BT_DBG("status %u", status);
3424
3425 cmd = find_pairing(conn);
a511b35b 3426 if (!cmd) {
e9a416b5 3427 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3428 return;
3429 }
3430
3431 cmd->cmd_complete(cmd, mgmt_status(status));
3432 mgmt_pending_remove(cmd);
e9a416b5
JH		 3433}
3434
f4a407be 3435static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3436{
3b0602cd 3437 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3438
3439 BT_DBG("status %u", status);
3440
3441 if (!status)
3442 return;
3443
3444 cmd = find_pairing(conn);
a511b35b 3445 if (!cmd) {
4c47d739 3446 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3447 return;
3448 }
3449
3450 cmd->cmd_complete(cmd, mgmt_status(status));
3451 mgmt_pending_remove(cmd);
4c47d739
VA		 3452}
3453
bdb6d971 3454static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3455 u16 len)
e9a416b5 3456{
650f726d 3457 struct mgmt_cp_pair_device *cp = data;
1425acb7 3458 struct mgmt_rp_pair_device rp;
3b0602cd 3459 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3460 u8 sec_level, auth_type;
3461 struct hci_conn *conn;
e9a416b5
JH		 3462 int err;
3463
3464 BT_DBG("");
3465
f950a30e
SJ		 3466 memset(&rp, 0, sizeof(rp));
3467 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3468 rp.addr.type = cp->addr.type;
3469
4ee71b20 3470 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3471 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3472 MGMT_STATUS_INVALID_PARAMS,
3473 &rp, sizeof(rp));
4ee71b20 3474
4ec86d4c 3475 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3476 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3477 MGMT_STATUS_INVALID_PARAMS,
3478 &rp, sizeof(rp));
4ec86d4c 3479
09fd0de5 3480 hci_dev_lock(hdev);
e9a416b5 3481
5f97c1df 3482 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3483 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3484 MGMT_STATUS_NOT_POWERED, &rp,
3485 sizeof(rp));
5f97c1df
JH		 3486 goto unlock;
3487 }
3488
55e76b38
JH		 3489 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3490 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3491 MGMT_STATUS_ALREADY_PAIRED, &rp,
3492 sizeof(rp));
3493 goto unlock;
3494 }
3495
c908df36 3496 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3497 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3498
6f77d8c7 3499 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3500 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3501 auth_type);
6f77d8c7 3502 } else {
85813a7e 3503 u8 addr_type = le_addr_type(cp->addr.type);
5157b8a5 3504 struct hci_conn_params *p;
6f77d8c7 3505
7c264b10
MH		 3506 /* When pairing a new device, it is expected to remember
3507 * this device for future connections. Adding the connection
3508 * parameter information ahead of time allows tracking
3509 * of the slave preferred values and will speed up any
3510 * further connection establishment.
3511 *
3512 * If connection parameters already exist, then they
3513 * will be kept and this function does nothing.
3514 */
5157b8a5
JP		 3515 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3516
3517 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
3518 p->auto_connect = HCI_AUTO_CONN_DISABLED;
7c264b10 3519
fa142220
JP		 3520 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
3521 addr_type, sec_level,
0ad06aa6 3522 HCI_LE_CONN_TIMEOUT);
6f77d8c7 3523 }
7a512d01 3524
30e76272 3525 if (IS_ERR(conn)) {
489dc48e
AK		 3526 int status;
3527
3528 if (PTR_ERR(conn) == -EBUSY)
3529 status = MGMT_STATUS_BUSY;
faa81030
LR		 3530 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3531 status = MGMT_STATUS_NOT_SUPPORTED;
3532 else if (PTR_ERR(conn) == -ECONNREFUSED)
3533 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3534 else
3535 status = MGMT_STATUS_CONNECT_FAILED;
3536
2a1afb5a
JH		 3537 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3538 status, &rp, sizeof(rp));
e9a416b5
JH		 3539 goto unlock;
3540 }
3541
3542 if (conn->connect_cfm_cb) {
76a68ba0 3543 hci_conn_drop(conn);
2a1afb5a
JH		 3544 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3545 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3546 goto unlock;
3547 }
3548
2e58ef3e 3549 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3550 if (!cmd) {
3551 err = -ENOMEM;
76a68ba0 3552 hci_conn_drop(conn);
e9a416b5
JH		 3553 goto unlock;
3554 }
3555
04ab2749
JH		 3556 cmd->cmd_complete = pairing_complete;
3557
7a512d01 3558 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3559 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3560 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3561 conn->security_cfm_cb = pairing_complete_cb;
3562 conn->disconn_cfm_cb = pairing_complete_cb;
3563 } else {
3564 conn->connect_cfm_cb = le_pairing_complete_cb;
3565 conn->security_cfm_cb = le_pairing_complete_cb;
3566 conn->disconn_cfm_cb = le_pairing_complete_cb;
3567 }
7a512d01 3568
e9a416b5 3569 conn->io_capability = cp->io_cap;
f8aaf9b6 3570 cmd->user_data = hci_conn_get(conn);
e9a416b5 3571
6f78fd4b 3572 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3573 hci_conn_security(conn, sec_level, auth_type, true)) {
3574 cmd->cmd_complete(cmd, 0);
3575 mgmt_pending_remove(cmd);
3576 }
e9a416b5
JH		 3577
3578 err = 0;
3579
3580unlock:
09fd0de5 3581 hci_dev_unlock(hdev);
e9a416b5
JH		 3582 return err;
3583}
3584
04124681
GP		 3585static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3586 u16 len)
28424707 3587{
0f4e68cf 3588 struct mgmt_addr_info *addr = data;
3b0602cd 3589 struct mgmt_pending_cmd *cmd;
28424707
JH		 3590 struct hci_conn *conn;
3591 int err;
3592
3593 BT_DBG("");
3594
28424707
JH		 3595 hci_dev_lock(hdev);
3596
5f97c1df 3597 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3598 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3599 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3600 goto unlock;
3601 }
3602
333ae95d 3603 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 3604 if (!cmd) {
a69e8375
JH		 3605 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3606 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3607 goto unlock;
3608 }
3609
3610 conn = cmd->user_data;
3611
3612 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3613 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3614 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3615 goto unlock;
3616 }
3617
a511b35b
JH		 3618 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3619 mgmt_pending_remove(cmd);
28424707 3620
2a1afb5a
JH		 3621 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3622 addr, sizeof(*addr));
28424707
JH		 3623unlock:
3624 hci_dev_unlock(hdev);
28424707
JH		 3625 return err;
3626}
3627
bdb6d971 3628static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3629 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3630 u16 hci_op, __le32 passkey)
a5c29683 3631{
3b0602cd 3632 struct mgmt_pending_cmd *cmd;
0df4c185 3633 struct hci_conn *conn;
a5c29683
JH		 3634 int err;
3635
09fd0de5 3636 hci_dev_lock(hdev);
08ba5382 3637
4b34ee78 3638 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3639 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3640 MGMT_STATUS_NOT_POWERED, addr,
3641 sizeof(*addr));
0df4c185 3642 goto done;
a5c29683
JH		 3643 }
3644
1707c60e
JH		 3645 if (addr->type == BDADDR_BREDR)
3646 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3647 else
9d4c1cc1
JH		 3648 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3649 le_addr_type(addr->type));
272d90df
JH		 3650
3651 if (!conn) {
2a1afb5a
JH		 3652 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3653 MGMT_STATUS_NOT_CONNECTED, addr,
3654 sizeof(*addr));
272d90df
JH		 3655 goto done;
3656 }
47c15e2b 3657
1707c60e 3658 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3659 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3660 if (!err)
2a1afb5a
JH		 3661 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3662 MGMT_STATUS_SUCCESS, addr,
3663 sizeof(*addr));
5fe57d9e 3664 else
2a1afb5a
JH		 3665 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3666 MGMT_STATUS_FAILED, addr,
3667 sizeof(*addr));
47c15e2b 3668
47c15e2b
BG		 3669 goto done;
3670 }
3671
1707c60e 3672 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3673 if (!cmd) {
3674 err = -ENOMEM;
0df4c185 3675 goto done;
a5c29683
JH		 3676 }
3677
7776d1d8
JH		 3678 cmd->cmd_complete = addr_cmd_complete;
3679
0df4c185 3680 /* Continue with pairing via HCI */
604086b7
BG		 3681 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3682 struct hci_cp_user_passkey_reply cp;
3683
1707c60e 3684 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3685 cp.passkey = passkey;
3686 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3687 } else
1707c60e
JH		 3688 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3689 &addr->bdaddr);
604086b7 3690
a664b5bc
JH		 3691 if (err < 0)
3692 mgmt_pending_remove(cmd);
a5c29683 3693
0df4c185 3694done:
09fd0de5 3695 hci_dev_unlock(hdev);
a5c29683
JH		 3696 return err;
3697}
3698
afeb019d
JK		 3699static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3700 void *data, u16 len)
3701{
3702 struct mgmt_cp_pin_code_neg_reply *cp = data;
3703
3704 BT_DBG("");
3705
1707c60e 3706 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3707 MGMT_OP_PIN_CODE_NEG_REPLY,
3708 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3709}
3710
04124681
GP		 3711static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3712 u16 len)
0df4c185 3713{
650f726d 3714 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3715
3716 BT_DBG("");
3717
3718 if (len != sizeof(*cp))
a69e8375
JH		 3719 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3720 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3721
1707c60e 3722 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3723 MGMT_OP_USER_CONFIRM_REPLY,
3724 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3725}
3726
bdb6d971 3727static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3728 void *data, u16 len)
0df4c185 3729{
c9c2659f 3730 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3731
3732 BT_DBG("");
3733
1707c60e 3734 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3735 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3736 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3737}
3738
04124681
GP		 3739static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3740 u16 len)
604086b7 3741{
650f726d 3742 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3743
3744 BT_DBG("");
3745
1707c60e 3746 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3747 MGMT_OP_USER_PASSKEY_REPLY,
3748 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3749}
3750
bdb6d971 3751static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3752 void *data, u16 len)
604086b7 3753{
650f726d 3754 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3755
3756 BT_DBG("");
3757
1707c60e 3758 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3759 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3760 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3761}
3762
13928971 3763static void update_name(struct hci_request *req)
2b4bf397 3764{
13928971 3765 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3766 struct hci_cp_write_local_name cp;
3767
13928971 3768 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3769
890ea898 3770 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3771}
3772
1904a853 3773static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3774{
3775 struct mgmt_cp_set_local_name *cp;
3b0602cd 3776 struct mgmt_pending_cmd *cmd;
13928971
JH		 3777
3778 BT_DBG("status 0x%02x", status);
3779
3780 hci_dev_lock(hdev);
3781
333ae95d 3782 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 3783 if (!cmd)
3784 goto unlock;
3785
3786 cp = cmd->param;
3787
3788 if (status)
a69e8375
JH		 3789 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3790 mgmt_status(status));
13928971 3791 else
2a1afb5a
JH		 3792 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3793 cp, sizeof(*cp));
13928971
JH		 3794
3795 mgmt_pending_remove(cmd);
3796
3797unlock:
3798 hci_dev_unlock(hdev);
3799}
3800
bdb6d971 3801static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3802 u16 len)
b312b161 3803{
2b4bf397 3804 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3805 struct mgmt_pending_cmd *cmd;
890ea898 3806 struct hci_request req;
b312b161
JH		 3807 int err;
3808
3809 BT_DBG("");
3810
09fd0de5 3811 hci_dev_lock(hdev);
b312b161 3812
b3f2ca94
JH		 3813 /* If the old values are the same as the new ones just return a
3814 * direct command complete event.
3815 */
3816 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3817 !memcmp(hdev->short_name, cp->short_name,
3818 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3819 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3820 data, len);
b3f2ca94
JH		 3821 goto failed;
3822 }
3823
2b4bf397 3824 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3825
b5235a65 3826 if (!hdev_is_powered(hdev)) {
2b4bf397 3827 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3828
2a1afb5a
JH		 3829 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3830 data, len);
28cc7bde
JH		 3831 if (err < 0)
3832 goto failed;
3833
f6b7712e
MH		 3834 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3835 data, len, sk);
28cc7bde 3836
b5235a65
JH		 3837 goto failed;
3838 }
3839
28cc7bde 3840 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3841 if (!cmd) {
3842 err = -ENOMEM;
3843 goto failed;
3844 }
3845
13928971
JH		 3846 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3847
890ea898 3848 hci_req_init(&req, hdev);
3f985050
JH		 3849
3850 if (lmp_bredr_capable(hdev)) {
3851 update_name(&req);
3852 update_eir(&req);
3853 }
3854
7a5f4990
MH		 3855 /* The name is stored in the scan response data and so
3856 * no need to udpate the advertising data here.
3857 */
3f985050 3858 if (lmp_le_capable(hdev))
7a5f4990 3859 update_scan_rsp_data(&req);
3f985050 3860
13928971 3861 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3862 if (err < 0)
3863 mgmt_pending_remove(cmd);
3864
3865failed:
09fd0de5 3866 hci_dev_unlock(hdev);
b312b161
JH		 3867 return err;
3868}
3869
1b9441f8
JH		 3870static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3871 u16 opcode, struct sk_buff *skb)
3872{
3873 struct mgmt_rp_read_local_oob_data mgmt_rp;
3874 size_t rp_size = sizeof(mgmt_rp);
3875 struct mgmt_pending_cmd *cmd;
3876
3877 BT_DBG("%s status %u", hdev->name, status);
3878
3879 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3880 if (!cmd)
3881 return;
3882
3883 if (status || !skb) {
3884 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3885 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3886 goto remove;
3887 }
3888
3889 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3890
3891 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3892 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3893
3894 if (skb->len < sizeof(*rp)) {
3895 mgmt_cmd_status(cmd->sk, hdev->id,
3896 MGMT_OP_READ_LOCAL_OOB_DATA,
3897 MGMT_STATUS_FAILED);
3898 goto remove;
3899 }
3900
3901 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3902 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3903
3904 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3905 } else {
3906 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3907
3908 if (skb->len < sizeof(*rp)) {
3909 mgmt_cmd_status(cmd->sk, hdev->id,
3910 MGMT_OP_READ_LOCAL_OOB_DATA,
3911 MGMT_STATUS_FAILED);
3912 goto remove;
3913 }
3914
3915 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3916 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3917
3918 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3919 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3920 }
3921
3922 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3923 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3924
3925remove:
3926 mgmt_pending_remove(cmd);
3927}
3928
0f4e68cf 3929static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3930 void *data, u16 data_len)
c35938b2 3931{
3b0602cd 3932 struct mgmt_pending_cmd *cmd;
1b9441f8 3933 struct hci_request req;
c35938b2
SJ		 3934 int err;
3935
bdb6d971 3936 BT_DBG("%s", hdev->name);
c35938b2 3937
09fd0de5 3938 hci_dev_lock(hdev);
c35938b2 3939
4b34ee78 3940 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3941 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3942 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3943 goto unlock;
3944 }
3945
9a1a1996 3946 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3947 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3948 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3949 goto unlock;
3950 }
3951
333ae95d 3952 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3953 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3954 MGMT_STATUS_BUSY);
c35938b2
SJ		 3955 goto unlock;
3956 }
3957
2e58ef3e 3958 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3959 if (!cmd) {
3960 err = -ENOMEM;
3961 goto unlock;
3962 }
3963
1b9441f8
JH		 3964 hci_req_init(&req, hdev);
3965
710f11c0 3966 if (bredr_sc_enabled(hdev))
1b9441f8 3967 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4d2d2796 3968 else
1b9441f8 3969 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4d2d2796 3970
1b9441f8 3971 err = hci_req_run_skb(&req, read_local_oob_data_complete);
c35938b2
SJ		 3972 if (err < 0)
3973 mgmt_pending_remove(cmd);
3974
3975unlock:
09fd0de5 3976 hci_dev_unlock(hdev);
c35938b2
SJ		 3977 return err;
3978}
3979
bdb6d971 3980static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3981 void *data, u16 len)
2763eda6 3982{
5d57e796 3983 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3984 int err;
3985
bdb6d971 3986 BT_DBG("%s ", hdev->name);
2763eda6 3987
5d57e796 3988 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3989 return mgmt_cmd_complete(sk, hdev->id,
3990 MGMT_OP_ADD_REMOTE_OOB_DATA,
3991 MGMT_STATUS_INVALID_PARAMS,
3992 addr, sizeof(*addr));
5d57e796 3993
09fd0de5 3994 hci_dev_lock(hdev);
2763eda6 3995
ec109113
MH		 3996 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3997 struct mgmt_cp_add_remote_oob_data *cp = data;
3998 u8 status;
bf1e3541 3999
c19a495c 4000 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 4001 err = mgmt_cmd_complete(sk, hdev->id,
4002 MGMT_OP_ADD_REMOTE_OOB_DATA,
4003 MGMT_STATUS_INVALID_PARAMS,
4004 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 4005 goto unlock;
4006 }
4007
ec109113 4008 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 4009 cp->addr.type, cp->hash,
4010 cp->rand, NULL, NULL);
ec109113
MH		 4011 if (err < 0)
4012 status = MGMT_STATUS_FAILED;
4013 else
4014 status = MGMT_STATUS_SUCCESS;
4015
2a1afb5a
JH		 4016 err = mgmt_cmd_complete(sk, hdev->id,
4017 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
4018 &cp->addr, sizeof(cp->addr));
ec109113
MH		 4019 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
4020 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 4021 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 4022 u8 status;
4023
86df9200 4024 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 4025 /* Enforce zero-valued 192-bit parameters as
4026 * long as legacy SMP OOB isn't implemented.
4027 */
4028 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
4029 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 4030 err = mgmt_cmd_complete(sk, hdev->id,
4031 MGMT_OP_ADD_REMOTE_OOB_DATA,
4032 MGMT_STATUS_INVALID_PARAMS,
4033 addr, sizeof(*addr));
d25b78e2
JH		 4034 goto unlock;
4035 }
4036
86df9200
JH		 4037 rand192 = NULL;
4038 hash192 = NULL;
4039 } else {
41bcfd50
MH		 4040 /* In case one of the P-192 values is set to zero,
4041 * then just disable OOB data for P-192.
4042 */
4043 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
4044 !memcmp(cp->hash192, ZERO_KEY, 16)) {
4045 rand192 = NULL;
4046 hash192 = NULL;
4047 } else {
4048 rand192 = cp->rand192;
4049 hash192 = cp->hash192;
4050 }
4051 }
4052
4053 /* In case one of the P-256 values is set to zero, then just
4054 * disable OOB data for P-256.
4055 */
4056 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
4057 !memcmp(cp->hash256, ZERO_KEY, 16)) {
4058 rand256 = NULL;
4059 hash256 = NULL;
4060 } else {
4061 rand256 = cp->rand256;
4062 hash256 = cp->hash256;
86df9200
JH		 4063 }
4064
81328d5c 4065 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 4066 cp->addr.type, hash192, rand192,
41bcfd50 4067 hash256, rand256);
ec109113
MH		 4068 if (err < 0)
4069 status = MGMT_STATUS_FAILED;
4070 else
4071 status = MGMT_STATUS_SUCCESS;
4072
2a1afb5a
JH		 4073 err = mgmt_cmd_complete(sk, hdev->id,
4074 MGMT_OP_ADD_REMOTE_OOB_DATA,
4075 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 4076 } else {
4077 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 4078 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
4079 MGMT_STATUS_INVALID_PARAMS);
ec109113 4080 }
2763eda6 4081
c19a495c 4082unlock:
09fd0de5 4083 hci_dev_unlock(hdev);
2763eda6
SJ		 4084 return err;
4085}
4086
bdb6d971 4087static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 4088 void *data, u16 len)
2763eda6 4089{
650f726d 4090 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 4091 u8 status;
2763eda6
SJ		 4092 int err;
4093
bdb6d971 4094 BT_DBG("%s", hdev->name);
2763eda6 4095
c19a495c 4096 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 4097 return mgmt_cmd_complete(sk, hdev->id,
4098 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4099 MGMT_STATUS_INVALID_PARAMS,
4100 &cp->addr, sizeof(cp->addr));
c19a495c 4101
09fd0de5 4102 hci_dev_lock(hdev);
2763eda6 4103
eedbd581
JH		 4104 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4105 hci_remote_oob_data_clear(hdev);
4106 status = MGMT_STATUS_SUCCESS;
4107 goto done;
4108 }
4109
6928a924 4110 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 4111 if (err < 0)
bf1e3541 4112 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 4113 else
a6785be2 4114 status = MGMT_STATUS_SUCCESS;
bf1e3541 4115
eedbd581 4116done:
2a1afb5a
JH		 4117 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4118 status, &cp->addr, sizeof(cp->addr));
2763eda6 4119
09fd0de5 4120 hci_dev_unlock(hdev);
2763eda6
SJ		 4121 return err;
4122}
4123
e68f072b 4124void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
7c307720 4125{
3b0602cd 4126 struct mgmt_pending_cmd *cmd;
ae55f598 4127
7c307720
AG		 4128 BT_DBG("status %d", status);
4129
11e6e25d 4130 hci_dev_lock(hdev);
41dc2bd6 4131
333ae95d 4132 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 4133 if (!cmd)
333ae95d 4134 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 4135
11e6e25d 4136 if (cmd) {
2922a94f 4137 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 4138 mgmt_pending_remove(cmd);
4139 }
7c307720 4140
11e6e25d 4141 hci_dev_unlock(hdev);
7c307720
AG		 4142}
4143
591752af
JH		 4144static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
4145 uint8_t *mgmt_status)
4146{
4147 switch (type) {
4148 case DISCOV_TYPE_LE:
4149 *mgmt_status = mgmt_le_support(hdev);
4150 if (*mgmt_status)
4151 return false;
4152 break;
4153 case DISCOV_TYPE_INTERLEAVED:
4154 *mgmt_status = mgmt_le_support(hdev);
4155 if (*mgmt_status)
4156 return false;
4157 /* Intentional fall-through */
4158 case DISCOV_TYPE_BREDR:
4159 *mgmt_status = mgmt_bredr_support(hdev);
4160 if (*mgmt_status)
4161 return false;
4162 break;
4163 default:
4164 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
4165 return false;
4166 }
4167
4168 return true;
4169}
4170
bdb6d971 4171static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 4172 void *data, u16 len)
14a53664 4173{
650f726d 4174 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 4175 struct mgmt_pending_cmd *cmd;
8019044d 4176 u8 status;
14a53664
JH		 4177 int err;
4178
bdb6d971 4179 BT_DBG("%s", hdev->name);
14a53664 4180
09fd0de5 4181 hci_dev_lock(hdev);
14a53664 4182
4b34ee78 4183 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4184 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4185 MGMT_STATUS_NOT_POWERED,
4186 &cp->type, sizeof(cp->type));
bd2d1334
JH		 4187 goto failed;
4188 }
4189
f5a969f2 4190 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4191 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4192 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4193 MGMT_STATUS_BUSY, &cp->type,
4194 sizeof(cp->type));
642be6c7
AG		 4195 goto failed;
4196 }
4197
591752af
JH		 4198 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
4199 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4200 status, &cp->type, sizeof(cp->type));
4201 goto failed;
4202 }
4203
22078800
MH		 4204 /* Clear the discovery filter first to free any previously
4205 * allocated memory for the UUID list.
4206 */
4207 hci_discovery_filter_clear(hdev);
4208
4aab14e5 4209 hdev->discovery.type = cp->type;
da25cf6a 4210 hdev->discovery.report_invalid_rssi = false;
4aab14e5 4211
e68f072b
JH		 4212 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
4213 if (!cmd) {
4214 err = -ENOMEM;
04106755 4215 goto failed;
f39799f5 4216 }
04106755 4217
e68f072b 4218 cmd->cmd_complete = generic_cmd_complete;
7c307720 4219
f5a969f2 4220 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 4221 queue_work(hdev->req_workqueue, &hdev->discov_update);
4222 err = 0;
7c307720 4223
14a53664 4224failed:
09fd0de5 4225 hci_dev_unlock(hdev);
14a53664
JH		 4226 return err;
4227}
f39799f5 4228
3b0602cd
JH		 4229static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4230 u8 status)
2922a94f 4231{
2a1afb5a
JH		 4232 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4233 cmd->param, 1);
2922a94f 4234}
04106755 4235
66ea9427
JP		 4236static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4237 void *data, u16 len)
4238{
4239 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 4240 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 4241 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4242 u16 uuid_count, expected_len;
4243 u8 status;
4244 int err;
04106755 4245
66ea9427 4246 BT_DBG("%s", hdev->name);
e8bb6b97 4247
66ea9427 4248 hci_dev_lock(hdev);
7c307720 4249
66ea9427 4250 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4251 err = mgmt_cmd_complete(sk, hdev->id,
4252 MGMT_OP_START_SERVICE_DISCOVERY,
4253 MGMT_STATUS_NOT_POWERED,
4254 &cp->type, sizeof(cp->type));
66ea9427
JP		 4255 goto failed;
4256 }
7c307720 4257
66ea9427 4258 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4259 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4260 err = mgmt_cmd_complete(sk, hdev->id,
4261 MGMT_OP_START_SERVICE_DISCOVERY,
4262 MGMT_STATUS_BUSY, &cp->type,
4263 sizeof(cp->type));
66ea9427
JP		 4264 goto failed;
4265 }
d9483943 4266
66ea9427
JP		 4267 uuid_count = __le16_to_cpu(cp->uuid_count);
4268 if (uuid_count > max_uuid_count) {
4269 BT_ERR("service_discovery: too big uuid_count value %u",
4270 uuid_count);
2a1afb5a
JH		 4271 err = mgmt_cmd_complete(sk, hdev->id,
4272 MGMT_OP_START_SERVICE_DISCOVERY,
4273 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4274 sizeof(cp->type));
66ea9427
JP		 4275 goto failed;
4276 }
4277
4278 expected_len = sizeof(*cp) + uuid_count * 16;
4279 if (expected_len != len) {
4280 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4281 expected_len, len);
2a1afb5a
JH		 4282 err = mgmt_cmd_complete(sk, hdev->id,
4283 MGMT_OP_START_SERVICE_DISCOVERY,
4284 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4285 sizeof(cp->type));
66ea9427
JP		 4286 goto failed;
4287 }
4288
591752af
JH		 4289 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
4290 err = mgmt_cmd_complete(sk, hdev->id,
4291 MGMT_OP_START_SERVICE_DISCOVERY,
4292 status, &cp->type, sizeof(cp->type));
4293 goto failed;
4294 }
4295
66ea9427 4296 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4297 hdev, data, len);
66ea9427
JP		 4298 if (!cmd) {
4299 err = -ENOMEM;
4300 goto failed;
4301 }
4302
2922a94f
JH		 4303 cmd->cmd_complete = service_discovery_cmd_complete;
4304
22078800
MH		 4305 /* Clear the discovery filter first to free any previously
4306 * allocated memory for the UUID list.
4307 */
4308 hci_discovery_filter_clear(hdev);
4309
82f8b651 4310 hdev->discovery.result_filtering = true;
66ea9427
JP		 4311 hdev->discovery.type = cp->type;
4312 hdev->discovery.rssi = cp->rssi;
4313 hdev->discovery.uuid_count = uuid_count;
4314
4315 if (uuid_count > 0) {
4316 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4317 GFP_KERNEL);
4318 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4319 err = mgmt_cmd_complete(sk, hdev->id,
4320 MGMT_OP_START_SERVICE_DISCOVERY,
4321 MGMT_STATUS_FAILED,
4322 &cp->type, sizeof(cp->type));
d9483943
JH		 4323 mgmt_pending_remove(cmd);
4324 goto failed;
4325 }
66ea9427 4326 }
d9483943 4327
66ea9427 4328 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 4329 queue_work(hdev->req_workqueue, &hdev->discov_update);
4330 err = 0;
14a53664
JH		 4331
4332failed:
09fd0de5 4333 hci_dev_unlock(hdev);
14a53664
JH		 4334 return err;
4335}
4336
2154d3f4 4337void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca 4338{
3b0602cd 4339 struct mgmt_pending_cmd *cmd;
1183fdca 4340
0e05bba6
AG		 4341 BT_DBG("status %d", status);
4342
4343 hci_dev_lock(hdev);
4344
333ae95d 4345 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 4346 if (cmd) {
2922a94f 4347 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4348 mgmt_pending_remove(cmd);
0e05bba6
AG		 4349 }
4350
0e05bba6
AG		 4351 hci_dev_unlock(hdev);
4352}
4353
bdb6d971 4354static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4355 u16 len)
14a53664 4356{
d930650b 4357 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4358 struct mgmt_pending_cmd *cmd;
14a53664
JH		 4359 int err;
4360
bdb6d971 4361 BT_DBG("%s", hdev->name);
14a53664 4362
09fd0de5 4363 hci_dev_lock(hdev);
14a53664 4364
30dc78e1 4365 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4366 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4367 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4368 sizeof(mgmt_cp->type));
d930650b
JH		 4369 goto unlock;
4370 }
4371
4372 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4373 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4374 MGMT_STATUS_INVALID_PARAMS,
4375 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4376 goto unlock;
ff9ef578
JH		 4377 }
4378
2922a94f 4379 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4380 if (!cmd) {
4381 err = -ENOMEM;
30dc78e1
JH		 4382 goto unlock;
4383 }
4384
2922a94f
JH		 4385 cmd->cmd_complete = generic_cmd_complete;
4386
2154d3f4
JH		 4387 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4388 queue_work(hdev->req_workqueue, &hdev->discov_update);
4389 err = 0;
14a53664 4390
30dc78e1 4391unlock:
09fd0de5 4392 hci_dev_unlock(hdev);
14a53664
JH		 4393 return err;
4394}
4395
bdb6d971 4396static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4397 u16 len)
561aafbc 4398{
650f726d 4399 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4400 struct inquiry_entry *e;
561aafbc
JH		 4401 int err;
4402
bdb6d971 4403 BT_DBG("%s", hdev->name);
561aafbc 4404
561aafbc
JH		 4405 hci_dev_lock(hdev);
4406
30dc78e1 4407 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4408 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4409 MGMT_STATUS_FAILED, &cp->addr,
4410 sizeof(cp->addr));
30dc78e1
JH		 4411 goto failed;
4412 }
4413
a198e7b1 4414 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4415 if (!e) {
2a1afb5a
JH		 4416 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4417 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4418 sizeof(cp->addr));
561aafbc
JH		 4419 goto failed;
4420 }
4421
4422 if (cp->name_known) {
4423 e->name_state = NAME_KNOWN;
4424 list_del(&e->list);
4425 } else {
4426 e->name_state = NAME_NEEDED;
a3d4e20a 4427 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4428 }
4429
2a1afb5a
JH		 4430 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4431 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4432
4433failed:
4434 hci_dev_unlock(hdev);
561aafbc
JH		 4435 return err;
4436}
4437
bdb6d971 4438static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4439 u16 len)
7fbec224 4440{
650f726d 4441 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4442 u8 status;
7fbec224
AJ		 4443 int err;
4444
bdb6d971 4445 BT_DBG("%s", hdev->name);
7fbec224 4446
4ee71b20 4447 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4448 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4449 MGMT_STATUS_INVALID_PARAMS,
4450 &cp->addr, sizeof(cp->addr));
4ee71b20 4451
09fd0de5 4452 hci_dev_lock(hdev);
5e762444 4453
dcc36c16
JH		 4454 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4455 cp->addr.type);
2a8357f2 4456 if (err < 0) {
f0eeea8b 4457 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4458 goto done;
4459 }
4460
4461 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4462 sk);
4463 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4464
2a8357f2 4465done:
2a1afb5a
JH		 4466 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4467 &cp->addr, sizeof(cp->addr));
5e762444 4468
09fd0de5 4469 hci_dev_unlock(hdev);
7fbec224
AJ		 4470
4471 return err;
4472}
4473
bdb6d971 4474static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4475 u16 len)
7fbec224 4476{
650f726d 4477 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4478 u8 status;
7fbec224
AJ		 4479 int err;
4480
bdb6d971 4481 BT_DBG("%s", hdev->name);
7fbec224 4482
4ee71b20 4483 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4484 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4485 MGMT_STATUS_INVALID_PARAMS,
4486 &cp->addr, sizeof(cp->addr));
4ee71b20 4487
09fd0de5 4488 hci_dev_lock(hdev);
5e762444 4489
dcc36c16
JH		 4490 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4491 cp->addr.type);
2a8357f2 4492 if (err < 0) {
f0eeea8b 4493 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4494 goto done;
4495 }
4496
4497 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4498 sk);
4499 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4500
2a8357f2 4501done:
2a1afb5a
JH		 4502 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4503 &cp->addr, sizeof(cp->addr));
5e762444 4504
09fd0de5 4505 hci_dev_unlock(hdev);
7fbec224
AJ		 4506
4507 return err;
4508}
4509
cdbaccca
MH		 4510static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4511 u16 len)
4512{
4513 struct mgmt_cp_set_device_id *cp = data;
890ea898 4514 struct hci_request req;
cdbaccca 4515 int err;
c72d4b8a 4516 __u16 source;
cdbaccca
MH		 4517
4518 BT_DBG("%s", hdev->name);
4519
c72d4b8a
SJ		 4520 source = __le16_to_cpu(cp->source);
4521
4522 if (source > 0x0002)
a69e8375
JH		 4523 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4524 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4525
cdbaccca
MH		 4526 hci_dev_lock(hdev);
4527
c72d4b8a 4528 hdev->devid_source = source;
cdbaccca
MH		 4529 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4530 hdev->devid_product = __le16_to_cpu(cp->product);
4531 hdev->devid_version = __le16_to_cpu(cp->version);
4532
2a1afb5a
JH		 4533 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4534 NULL, 0);
cdbaccca 4535
890ea898
JH		 4536 hci_req_init(&req, hdev);
4537 update_eir(&req);
4538 hci_req_run(&req, NULL);
cdbaccca
MH		 4539
4540 hci_dev_unlock(hdev);
4541
4542 return err;
4543}
4544
24b4f38f
AU		 4545static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4546 u16 opcode)
4547{
4548 BT_DBG("status %d", status);
4549}
4550
1904a853
MH		 4551static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4552 u16 opcode)
4375f103
JH		 4553{
4554 struct cmd_lookup match = { NULL, hdev };
24b4f38f 4555 struct hci_request req;
7816b820
FG		 4556 u8 instance;
4557 struct adv_info *adv_instance;
4558 int err;
4375f103 4559
3ad67582
JK		 4560 hci_dev_lock(hdev);
4561
4375f103
JH		 4562 if (status) {
4563 u8 mgmt_err = mgmt_status(status);
4564
4565 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4566 cmd_status_rsp, &mgmt_err);
3ad67582 4567 goto unlock;
4375f103
JH		 4568 }
4569
d7a5a11d 4570 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 4571 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 4572 else
a358dc11 4573 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 4574
4375f103
JH		 4575 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4576 &match);
4577
4578 new_settings(hdev, match.sk);
4579
4580 if (match.sk)
4581 sock_put(match.sk);
3ad67582 4582
24b4f38f 4583 /* If "Set Advertising" was just disabled and instance advertising was
7816b820 4584 * set up earlier, then re-enable multi-instance advertising.
24b4f38f
AU		 4585 */
4586 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7816b820
FG		 4587 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) ||
4588 list_empty(&hdev->adv_instances))
24b4f38f
AU		 4589 goto unlock;
4590
7816b820
FG		 4591 instance = hdev->cur_adv_instance;
4592 if (!instance) {
4593 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
4594 struct adv_info, list);
4595 if (!adv_instance)
4596 goto unlock;
4597
4598 instance = adv_instance->instance;
4599 }
4600
24b4f38f
AU		 4601 hci_req_init(&req, hdev);
4602
7816b820
FG		 4603 err = schedule_adv_instance(&req, instance, true);
4604
4605 if (!err)
4606 err = hci_req_run(&req, enable_advertising_instance);
24b4f38f 4607
7816b820 4608 if (err)
24b4f38f
AU		 4609 BT_ERR("Failed to re-configure advertising");
4610
3ad67582
JK		 4611unlock:
4612 hci_dev_unlock(hdev);
4375f103
JH		 4613}
4614
21b5187f
MH		 4615static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4616 u16 len)
4375f103
JH		 4617{
4618 struct mgmt_mode *cp = data;
3b0602cd 4619 struct mgmt_pending_cmd *cmd;
4375f103 4620 struct hci_request req;
cc91cb04 4621 u8 val, status;
4375f103
JH		 4622 int err;
4623
4624 BT_DBG("request for %s", hdev->name);
4625
e6fe7986
JH		 4626 status = mgmt_le_support(hdev);
4627 if (status)
a69e8375
JH		 4628 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4629 status);
4375f103 4630
cc91cb04 4631 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4632 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4633 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4634
4635 hci_dev_lock(hdev);
4636
4637 val = !!cp->val;
4375f103 4638
f74ca9b8
JH		 4639 /* The following conditions are ones which mean that we should
4640 * not do any HCI communication but directly send a mgmt
4641 * response to user space (after toggling the flag if
4642 * necessary).
4643 */
cc91cb04 4644 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 4645 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4646 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 4647 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 4648 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 4649 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 4650 bool changed;
4375f103 4651
cc91cb04 4652 if (cp->val) {
238be788 4653 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 4654 if (cp->val == 0x02)
a1536da2 4655 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4656 else
a358dc11 4657 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4658 } else {
a69d8927 4659 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 4660 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 4661 }
4662
4663 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4664 if (err < 0)
4665 goto unlock;
4666
4667 if (changed)
4668 err = new_settings(hdev, sk);
4669
4670 goto unlock;
4671 }
4672
333ae95d
JH		 4673 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4674 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4675 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4676 MGMT_STATUS_BUSY);
4375f103
JH		 4677 goto unlock;
4678 }
4679
4680 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4681 if (!cmd) {
4682 err = -ENOMEM;
4683 goto unlock;
4684 }
4685
4686 hci_req_init(&req, hdev);
4687
cc91cb04 4688 if (cp->val == 0x02)
a1536da2 4689 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4690 else
a358dc11 4691 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4692
7816b820
FG		 4693 cancel_adv_timeout(hdev);
4694
24b4f38f 4695 if (val) {
7816b820
FG		 4696 /* Switch to instance "0" for the Set Advertising setting.
4697 * We cannot use update_[adv|scan_rsp]_data() here as the
4698 * HCI_ADVERTISING flag is not yet set.
4699 */
efae002c
FG		 4700 update_inst_adv_data(&req, 0x00);
4701 update_inst_scan_rsp_data(&req, 0x00);
bba3aa55 4702 enable_advertising(&req);
24b4f38f 4703 } else {
bba3aa55 4704 disable_advertising(&req);
24b4f38f 4705 }
4375f103
JH		 4706
4707 err = hci_req_run(&req, set_advertising_complete);
4708 if (err < 0)
4709 mgmt_pending_remove(cmd);
4710
4711unlock:
4712 hci_dev_unlock(hdev);
4713 return err;
4714}
4715
d13eafce
MH		 4716static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4717 void *data, u16 len)
4718{
4719 struct mgmt_cp_set_static_address *cp = data;
4720 int err;
4721
4722 BT_DBG("%s", hdev->name);
4723
62af4443 4724 if (!lmp_le_capable(hdev))
a69e8375
JH		 4725 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4726 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4727
4728 if (hdev_is_powered(hdev))
a69e8375
JH		 4729 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4730 MGMT_STATUS_REJECTED);
d13eafce
MH		 4731
4732 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4733 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4734 return mgmt_cmd_status(sk, hdev->id,
4735 MGMT_OP_SET_STATIC_ADDRESS,
4736 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4737
4738 /* Two most significant bits shall be set */
4739 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4740 return mgmt_cmd_status(sk, hdev->id,
4741 MGMT_OP_SET_STATIC_ADDRESS,
4742 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4743 }
4744
4745 hci_dev_lock(hdev);
4746
4747 bacpy(&hdev->static_addr, &cp->bdaddr);
4748
93690c22
MH		 4749 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4750 if (err < 0)
4751 goto unlock;
4752
4753 err = new_settings(hdev, sk);
d13eafce 4754
93690c22 4755unlock:
d13eafce 4756 hci_dev_unlock(hdev);
d13eafce
MH		 4757 return err;
4758}
4759
14b49b9a
MH		 4760static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4761 void *data, u16 len)
4762{
4763 struct mgmt_cp_set_scan_params *cp = data;
4764 __u16 interval, window;
4765 int err;
4766
4767 BT_DBG("%s", hdev->name);
4768
4769 if (!lmp_le_capable(hdev))
a69e8375
JH		 4770 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4771 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4772
4773 interval = __le16_to_cpu(cp->interval);
4774
4775 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4776 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4777 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4778
4779 window = __le16_to_cpu(cp->window);
4780
4781 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4782 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4783 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4784
899e1075 4785 if (window > interval)
a69e8375
JH		 4786 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4787 MGMT_STATUS_INVALID_PARAMS);
899e1075 4788
14b49b9a
MH		 4789 hci_dev_lock(hdev);
4790
4791 hdev->le_scan_interval = interval;
4792 hdev->le_scan_window = window;
4793
2a1afb5a
JH		 4794 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4795 NULL, 0);
14b49b9a 4796
dd2ef8e2
AG		 4797 /* If background scan is running, restart it so new parameters are
4798 * loaded.
4799 */
d7a5a11d 4800 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4801 hdev->discovery.state == DISCOVERY_STOPPED) {
4802 struct hci_request req;
4803
4804 hci_req_init(&req, hdev);
4805
4806 hci_req_add_le_scan_disable(&req);
4807 hci_req_add_le_passive_scan(&req);
4808
4809 hci_req_run(&req, NULL);
4810 }
4811
14b49b9a
MH		 4812 hci_dev_unlock(hdev);
4813
4814 return err;
4815}
4816
1904a853
MH		 4817static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4818 u16 opcode)
33e38b3e 4819{
3b0602cd 4820 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4821
4822 BT_DBG("status 0x%02x", status);
4823
4824 hci_dev_lock(hdev);
4825
333ae95d 4826 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
33e38b3e
JH		 4827 if (!cmd)
4828 goto unlock;
4829
4830 if (status) {
a69e8375
JH		 4831 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4832 mgmt_status(status));
33e38b3e 4833 } else {
1a4d3c4b
JH		 4834 struct mgmt_mode *cp = cmd->param;
4835
4836 if (cp->val)
a1536da2 4837 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4838 else
a358dc11 4839 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4840
33e38b3e
JH		 4841 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4842 new_settings(hdev, cmd->sk);
4843 }
4844
4845 mgmt_pending_remove(cmd);
4846
4847unlock:
4848 hci_dev_unlock(hdev);
4849}
4850
bdb6d971 4851static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4852 void *data, u16 len)
f6422ec6 4853{
650f726d 4854 struct mgmt_mode *cp = data;
3b0602cd 4855 struct mgmt_pending_cmd *cmd;
33e38b3e 4856 struct hci_request req;
f6422ec6
AJ		 4857 int err;
4858
bdb6d971 4859 BT_DBG("%s", hdev->name);
f6422ec6 4860
d7a5a11d 4861 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4862 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4863 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4864 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4865
a7e80f25 4866 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4867 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4868 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4869
f6422ec6
AJ		 4870 hci_dev_lock(hdev);
4871
333ae95d 4872 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4873 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4874 MGMT_STATUS_BUSY);
05cbf29f
JH		 4875 goto unlock;
4876 }
4877
d7a5a11d 4878 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4879 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4880 hdev);
4881 goto unlock;
4882 }
4883
406ef2a6 4884 if (!hdev_is_powered(hdev)) {
ce05d603 4885 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4886 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4887 hdev);
4888 new_settings(hdev, sk);
4889 goto unlock;
4890 }
4891
33e38b3e
JH		 4892 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4893 data, len);
4894 if (!cmd) {
4895 err = -ENOMEM;
4896 goto unlock;
f6422ec6
AJ		 4897 }
4898
33e38b3e
JH		 4899 hci_req_init(&req, hdev);
4900
406d7804 4901 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4902
4903 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4904 if (err < 0) {
a69e8375
JH		 4905 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4906 MGMT_STATUS_FAILED);
33e38b3e 4907 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4908 }
4909
33e38b3e 4910unlock:
f6422ec6 4911 hci_dev_unlock(hdev);
33e38b3e 4912
f6422ec6
AJ		 4913 return err;
4914}
4915
1904a853 4916static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4917{
3b0602cd 4918 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4919
4920 BT_DBG("status 0x%02x", status);
4921
4922 hci_dev_lock(hdev);
4923
333ae95d 4924 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
0663ca2a
JH		 4925 if (!cmd)
4926 goto unlock;
4927
4928 if (status) {
4929 u8 mgmt_err = mgmt_status(status);
4930
4931 /* We need to restore the flag if related HCI commands
4932 * failed.
4933 */
a358dc11 4934 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4935
a69e8375 4936 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4937 } else {
4938 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4939 new_settings(hdev, cmd->sk);
4940 }
4941
4942 mgmt_pending_remove(cmd);
4943
4944unlock:
4945 hci_dev_unlock(hdev);
4946}
4947
4948static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4949{
4950 struct mgmt_mode *cp = data;
3b0602cd 4951 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4952 struct hci_request req;
4953 int err;
4954
4955 BT_DBG("request for %s", hdev->name);
4956
4957 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4958 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4959 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4960
d7a5a11d 4961 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4962 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4963 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4964
4965 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4966 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4967 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4968
4969 hci_dev_lock(hdev);
4970
d7a5a11d 4971 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4972 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4973 goto unlock;
4974 }
4975
4976 if (!hdev_is_powered(hdev)) {
4977 if (!cp->val) {
a358dc11
MH		 4978 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4979 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4980 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4981 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4982 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4983 }
4984
ce05d603 4985 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4986
4987 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4988 if (err < 0)
4989 goto unlock;
4990
4991 err = new_settings(hdev, sk);
4992 goto unlock;
4993 }
4994
4995 /* Reject disabling when powered on */
4996 if (!cp->val) {
a69e8375
JH		 4997 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4998 MGMT_STATUS_REJECTED);
0663ca2a 4999 goto unlock;
111e4bcc
MH		 5000 } else {
5001 /* When configuring a dual-mode controller to operate
5002 * with LE only and using a static address, then switching
5003 * BR/EDR back on is not allowed.
5004 *
5005 * Dual-mode controllers shall operate with the public
5006 * address as its identity address for BR/EDR and LE. So
5007 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 5008 *
5009 * The same restrictions applies when secure connections
5010 * has been enabled. For BR/EDR this is a controller feature
5011 * while for LE it is a host stack feature. This means that
5012 * switching BR/EDR back on when secure connections has been
5013 * enabled is not a supported transaction.
111e4bcc 5014 */
d7a5a11d 5015 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 5016 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 5017 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 5018 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5019 MGMT_STATUS_REJECTED);
111e4bcc
MH		 5020 goto unlock;
5021 }
0663ca2a
JH		 5022 }
5023
333ae95d 5024 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 5025 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5026 MGMT_STATUS_BUSY);
0663ca2a
JH		 5027 goto unlock;
5028 }
5029
5030 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5031 if (!cmd) {
5032 err = -ENOMEM;
5033 goto unlock;
5034 }
5035
5947f4bc 5036 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 5037 * generates the correct flags.
5038 */
a1536da2 5039 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 5040
5041 hci_req_init(&req, hdev);
aa8af46e 5042
432df05e 5043 write_fast_connectable(&req, false);
1d2dc5b7 5044 __hci_update_page_scan(&req);
aa8af46e 5045
f14d8f64
MH		 5046 /* Since only the advertising data flags will change, there
5047 * is no need to update the scan response data.
5048 */
5947f4bc 5049 update_adv_data(&req);
aa8af46e 5050
0663ca2a
JH		 5051 err = hci_req_run(&req, set_bredr_complete);
5052 if (err < 0)
5053 mgmt_pending_remove(cmd);
5054
5055unlock:
5056 hci_dev_unlock(hdev);
5057 return err;
5058}
5059
a1443f5a
JH		 5060static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5061{
3b0602cd 5062 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 5063 struct mgmt_mode *cp;
5064
5065 BT_DBG("%s status %u", hdev->name, status);
5066
5067 hci_dev_lock(hdev);
5068
333ae95d 5069 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
a1443f5a
JH		 5070 if (!cmd)
5071 goto unlock;
5072
5073 if (status) {
a69e8375
JH		 5074 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5075 mgmt_status(status));
a1443f5a
JH		 5076 goto remove;
5077 }
5078
5079 cp = cmd->param;
5080
5081 switch (cp->val) {
5082 case 0x00:
a358dc11
MH		 5083 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5084 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5085 break;
5086 case 0x01:
a1536da2 5087 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 5088 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5089 break;
5090 case 0x02:
a1536da2
MH		 5091 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5092 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5093 break;
5094 }
5095
5096 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5097 new_settings(hdev, cmd->sk);
5098
5099remove:
5100 mgmt_pending_remove(cmd);
5101unlock:
5102 hci_dev_unlock(hdev);
5103}
5104
eac83dc6
MH		 5105static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5106 void *data, u16 len)
5107{
5108 struct mgmt_mode *cp = data;
3b0602cd 5109 struct mgmt_pending_cmd *cmd;
a1443f5a 5110 struct hci_request req;
a3209694 5111 u8 val;
eac83dc6
MH		 5112 int err;
5113
5114 BT_DBG("request for %s", hdev->name);
5115
05b3c3e7 5116 if (!lmp_sc_capable(hdev) &&
d7a5a11d 5117 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 5118 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5119 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 5120
d7a5a11d 5121 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 5122 lmp_sc_capable(hdev) &&
d7a5a11d 5123 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 5124 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5125 MGMT_STATUS_REJECTED);
ed93ec69 5126
0ab04a9c 5127 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 5128 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 5129 MGMT_STATUS_INVALID_PARAMS);
5130
5131 hci_dev_lock(hdev);
5132
05b3c3e7 5133 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 5134 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 5135 bool changed;
5136
0ab04a9c 5137 if (cp->val) {
238be788
MH		 5138 changed = !hci_dev_test_and_set_flag(hdev,
5139 HCI_SC_ENABLED);
0ab04a9c 5140 if (cp->val == 0x02)
a1536da2 5141 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5142 else
a358dc11 5143 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5144 } else {
a69d8927
MH		 5145 changed = hci_dev_test_and_clear_flag(hdev,
5146 HCI_SC_ENABLED);
a358dc11 5147 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5148 }
eac83dc6
MH		 5149
5150 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5151 if (err < 0)
5152 goto failed;
5153
5154 if (changed)
5155 err = new_settings(hdev, sk);
5156
5157 goto failed;
5158 }
5159
333ae95d 5160 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 5161 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5162 MGMT_STATUS_BUSY);
eac83dc6
MH		 5163 goto failed;
5164 }
5165
0ab04a9c
MH		 5166 val = !!cp->val;
5167
d7a5a11d
MH		 5168 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5169 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 5170 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5171 goto failed;
5172 }
5173
5174 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5175 if (!cmd) {
5176 err = -ENOMEM;
5177 goto failed;
5178 }
5179
a1443f5a
JH		 5180 hci_req_init(&req, hdev);
5181 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5182 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 5183 if (err < 0) {
5184 mgmt_pending_remove(cmd);
5185 goto failed;
5186 }
5187
5188failed:
5189 hci_dev_unlock(hdev);
5190 return err;
5191}
5192
4e39ac81
MH		 5193static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5194 void *data, u16 len)
5195{
5196 struct mgmt_mode *cp = data;
b9710979 5197 bool changed, use_changed;
4e39ac81
MH		 5198 int err;
5199
5200 BT_DBG("request for %s", hdev->name);
5201
b9710979 5202 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 5203 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5204 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 5205
5206 hci_dev_lock(hdev);
5207
5208 if (cp->val)
238be788 5209 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 5210 else
a69d8927
MH		 5211 changed = hci_dev_test_and_clear_flag(hdev,
5212 HCI_KEEP_DEBUG_KEYS);
4e39ac81 5213
b9710979 5214 if (cp->val == 0x02)
238be788
MH		 5215 use_changed = !hci_dev_test_and_set_flag(hdev,
5216 HCI_USE_DEBUG_KEYS);
b9710979 5217 else
a69d8927
MH		 5218 use_changed = hci_dev_test_and_clear_flag(hdev,
5219 HCI_USE_DEBUG_KEYS);
b9710979
JH		 5220
5221 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 5222 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 5223 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5224 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5225 sizeof(mode), &mode);
5226 }
5227
4e39ac81
MH		 5228 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5229 if (err < 0)
5230 goto unlock;
5231
5232 if (changed)
5233 err = new_settings(hdev, sk);
5234
5235unlock:
5236 hci_dev_unlock(hdev);
5237 return err;
5238}
5239
62b04cd1
JH		 5240static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5241 u16 len)
5242{
5243 struct mgmt_cp_set_privacy *cp = cp_data;
5244 bool changed;
5245 int err;
5246
5247 BT_DBG("request for %s", hdev->name);
5248
5249 if (!lmp_le_capable(hdev))
a69e8375
JH		 5250 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5251 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 5252
5253 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 5254 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5255 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 5256
5257 if (hdev_is_powered(hdev))
a69e8375
JH		 5258 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5259 MGMT_STATUS_REJECTED);
62b04cd1
JH		 5260
5261 hci_dev_lock(hdev);
5262
c21c0ea0
JH		 5263 /* If user space supports this command it is also expected to
5264 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5265 */
a1536da2 5266 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 5267
62b04cd1 5268 if (cp->privacy) {
238be788 5269 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 5270 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 5271 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1 5272 } else {
a69d8927 5273 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 5274 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 5275 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 5276 }
5277
5278 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5279 if (err < 0)
5280 goto unlock;
5281
5282 if (changed)
5283 err = new_settings(hdev, sk);
5284
5285unlock:
5286 hci_dev_unlock(hdev);
5287 return err;
5288}
5289
41edf160
JH		 5290static bool irk_is_valid(struct mgmt_irk_info *irk)
5291{
5292 switch (irk->addr.type) {
5293 case BDADDR_LE_PUBLIC:
5294 return true;
5295
5296 case BDADDR_LE_RANDOM:
5297 /* Two most significant bits shall be set */
5298 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5299 return false;
5300 return true;
5301 }
5302
5303 return false;
5304}
5305
5306static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5307 u16 len)
5308{
5309 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5310 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5311 sizeof(struct mgmt_irk_info));
41edf160
JH		 5312 u16 irk_count, expected_len;
5313 int i, err;
5314
5315 BT_DBG("request for %s", hdev->name);
5316
5317 if (!lmp_le_capable(hdev))
a69e8375
JH		 5318 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5319 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5320
5321 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 5322 if (irk_count > max_irk_count) {
5323 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 5324 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5325 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5326 }
41edf160
JH		 5327
5328 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5329 if (expected_len != len) {
5330 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 5331 expected_len, len);
a69e8375
JH		 5332 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5333 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5334 }
5335
5336 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5337
5338 for (i = 0; i < irk_count; i++) {
5339 struct mgmt_irk_info *key = &cp->irks[i];
5340
5341 if (!irk_is_valid(key))
a69e8375
JH		 5342 return mgmt_cmd_status(sk, hdev->id,
5343 MGMT_OP_LOAD_IRKS,
5344 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5345 }
5346
5347 hci_dev_lock(hdev);
5348
5349 hci_smp_irks_clear(hdev);
5350
5351 for (i = 0; i < irk_count; i++) {
5352 struct mgmt_irk_info *irk = &cp->irks[i];
41edf160 5353
85813a7e
JH		 5354 hci_add_irk(hdev, &irk->addr.bdaddr,
5355 le_addr_type(irk->addr.type), irk->val,
41edf160
JH		 5356 BDADDR_ANY);
5357 }
5358
a1536da2 5359 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 5360
2a1afb5a 5361 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5362
5363 hci_dev_unlock(hdev);
5364
5365 return err;
5366}
5367
3f706b72
JH		 5368static bool ltk_is_valid(struct mgmt_ltk_info *key)
5369{
5370 if (key->master != 0x00 && key->master != 0x01)
5371 return false;
490cb0b3
MH		 5372
5373 switch (key->addr.type) {
5374 case BDADDR_LE_PUBLIC:
5375 return true;
5376
5377 case BDADDR_LE_RANDOM:
5378 /* Two most significant bits shall be set */
5379 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5380 return false;
5381 return true;
5382 }
5383
5384 return false;
3f706b72
JH		 5385}
5386
bdb6d971 5387static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5388 void *cp_data, u16 len)
346af67b 5389{
346af67b 5390 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5391 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5392 sizeof(struct mgmt_ltk_info));
346af67b 5393 u16 key_count, expected_len;
715a5bf2 5394 int i, err;
346af67b 5395
cf99ba13
MH		 5396 BT_DBG("request for %s", hdev->name);
5397
5398 if (!lmp_le_capable(hdev))
a69e8375
JH		 5399 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5400 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5401
1f350c87 5402 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5403 if (key_count > max_key_count) {
5404 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 5405 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5406 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5407 }
346af67b
VCG		 5408
5409 expected_len = sizeof(*cp) + key_count *
5410 sizeof(struct mgmt_ltk_info);
5411 if (expected_len != len) {
5412 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5413 expected_len, len);
a69e8375
JH		 5414 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5415 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5416 }
5417
bdb6d971 5418 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5419
54ad6d8a
JH		 5420 for (i = 0; i < key_count; i++) {
5421 struct mgmt_ltk_info *key = &cp->keys[i];
5422
3f706b72 5423 if (!ltk_is_valid(key))
a69e8375
JH		 5424 return mgmt_cmd_status(sk, hdev->id,
5425 MGMT_OP_LOAD_LONG_TERM_KEYS,
5426 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5427 }
5428
346af67b
VCG		 5429 hci_dev_lock(hdev);
5430
5431 hci_smp_ltks_clear(hdev);
5432
5433 for (i = 0; i < key_count; i++) {
5434 struct mgmt_ltk_info *key = &cp->keys[i];
85813a7e 5435 u8 type, authenticated;
346af67b 5436
61b43357
JH		 5437 switch (key->type) {
5438 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5439 authenticated = 0x00;
23fb8de3 5440 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5441 break;
5442 case MGMT_LTK_AUTHENTICATED:
d7b25450 5443 authenticated = 0x01;
23fb8de3
JH		 5444 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5445 break;
5446 case MGMT_LTK_P256_UNAUTH:
5447 authenticated = 0x00;
5448 type = SMP_LTK_P256;
61b43357 5449 break;
23fb8de3
JH		 5450 case MGMT_LTK_P256_AUTH:
5451 authenticated = 0x01;
5452 type = SMP_LTK_P256;
61b43357 5453 break;
23fb8de3
JH		 5454 case MGMT_LTK_P256_DEBUG:
5455 authenticated = 0x00;
5456 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5457 default:
5458 continue;
5459 }
d7b25450 5460
85813a7e
JH		 5461 hci_add_ltk(hdev, &key->addr.bdaddr,
5462 le_addr_type(key->addr.type), type, authenticated,
5463 key->val, key->enc_size, key->ediv, key->rand);
346af67b
VCG		 5464 }
5465
2a1afb5a 5466 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5467 NULL, 0);
5468
346af67b 5469 hci_dev_unlock(hdev);
346af67b 5470
715a5bf2 5471 return err;
346af67b
VCG		 5472}
5473
3b0602cd 5474static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5475{
dd983808 5476 struct hci_conn *conn = cmd->user_data;
9981bdb0 5477 struct mgmt_rp_get_conn_info rp;
9df74653 5478 int err;
dd983808 5479
9981bdb0 5480 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5481
9981bdb0 5482 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5483 rp.rssi = conn->rssi;
9981bdb0
JH		 5484 rp.tx_power = conn->tx_power;
5485 rp.max_tx_power = conn->max_tx_power;
5486 } else {
5487 rp.rssi = HCI_RSSI_INVALID;
5488 rp.tx_power = HCI_TX_POWER_INVALID;
5489 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5490 }
5491
2a1afb5a
JH		 5492 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5493 status, &rp, sizeof(rp));
dd983808
AK		 5494
5495 hci_conn_drop(conn);
f8aaf9b6 5496 hci_conn_put(conn);
9df74653
JH		 5497
5498 return err;
dd983808
AK		 5499}
5500
1904a853
MH		 5501static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5502 u16 opcode)
dd983808
AK		 5503{
5504 struct hci_cp_read_rssi *cp;
3b0602cd 5505 struct mgmt_pending_cmd *cmd;
dd983808 5506 struct hci_conn *conn;
dd983808 5507 u16 handle;
9981bdb0 5508 u8 status;
dd983808 5509
9981bdb0 5510 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5511
5512 hci_dev_lock(hdev);
5513
dd983808
AK		 5514 /* Commands sent in request are either Read RSSI or Read Transmit Power
5515 * Level so we check which one was last sent to retrieve connection
5516 * handle. Both commands have handle as first parameter so it's safe to
5517 * cast data on the same command struct.
5518 *
5519 * First command sent is always Read RSSI and we fail only if it fails.
5520 * In other case we simply override error to indicate success as we
5521 * already remembered if TX power value is actually valid.
5522 */
5523 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5524 if (!cp) {
5525 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5526 status = MGMT_STATUS_SUCCESS;
5527 } else {
5528 status = mgmt_status(hci_status);
dd983808
AK		 5529 }
5530
5531 if (!cp) {
9981bdb0 5532 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5533 goto unlock;
5534 }
5535
5536 handle = __le16_to_cpu(cp->handle);
5537 conn = hci_conn_hash_lookup_handle(hdev, handle);
5538 if (!conn) {
9981bdb0 5539 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5540 goto unlock;
5541 }
5542
333ae95d 5543 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
9981bdb0
JH		 5544 if (!cmd)
5545 goto unlock;
dd983808 5546
9981bdb0
JH		 5547 cmd->cmd_complete(cmd, status);
5548 mgmt_pending_remove(cmd);
dd983808
AK		 5549
5550unlock:
5551 hci_dev_unlock(hdev);
5552}
5553
5554static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5555 u16 len)
5556{
5557 struct mgmt_cp_get_conn_info *cp = data;
5558 struct mgmt_rp_get_conn_info rp;
5559 struct hci_conn *conn;
5560 unsigned long conn_info_age;
5561 int err = 0;
5562
5563 BT_DBG("%s", hdev->name);
5564
5565 memset(&rp, 0, sizeof(rp));
5566 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5567 rp.addr.type = cp->addr.type;
5568
5569 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5570 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5571 MGMT_STATUS_INVALID_PARAMS,
5572 &rp, sizeof(rp));
dd983808
AK		 5573
5574 hci_dev_lock(hdev);
5575
5576 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5577 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5578 MGMT_STATUS_NOT_POWERED, &rp,
5579 sizeof(rp));
dd983808
AK		 5580 goto unlock;
5581 }
5582
5583 if (cp->addr.type == BDADDR_BREDR)
5584 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5585 &cp->addr.bdaddr);
5586 else
5587 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5588
5589 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5590 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5591 MGMT_STATUS_NOT_CONNECTED, &rp,
5592 sizeof(rp));
dd983808
AK		 5593 goto unlock;
5594 }
5595
333ae95d 5596 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5597 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5598 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5599 goto unlock;
5600 }
5601
dd983808
AK		 5602 /* To avoid client trying to guess when to poll again for information we
5603 * calculate conn info age as random value between min/max set in hdev.
5604 */
5605 conn_info_age = hdev->conn_info_min_age +
5606 prandom_u32_max(hdev->conn_info_max_age -
5607 hdev->conn_info_min_age);
5608
5609 /* Query controller to refresh cached values if they are too old or were
5610 * never read.
5611 */
f4e2dd53
AK		 5612 if (time_after(jiffies, conn->conn_info_timestamp +
5613 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5614 !conn->conn_info_timestamp) {
5615 struct hci_request req;
5616 struct hci_cp_read_tx_power req_txp_cp;
5617 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5618 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5619
5620 hci_req_init(&req, hdev);
5621 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5622 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5623 &req_rssi_cp);
5624
f7faab0c
AK		 5625 /* For LE links TX power does not change thus we don't need to
5626 * query for it once value is known.
5627 */
5628 if (!bdaddr_type_is_le(cp->addr.type) ||
5629 conn->tx_power == HCI_TX_POWER_INVALID) {
5630 req_txp_cp.handle = cpu_to_le16(conn->handle);
5631 req_txp_cp.type = 0x00;
5632 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5633 sizeof(req_txp_cp), &req_txp_cp);
5634 }
dd983808 5635
eed5daf3
AK		 5636 /* Max TX power needs to be read only once per connection */
5637 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5638 req_txp_cp.handle = cpu_to_le16(conn->handle);
5639 req_txp_cp.type = 0x01;
5640 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5641 sizeof(req_txp_cp), &req_txp_cp);
5642 }
5643
dd983808
AK		 5644 err = hci_req_run(&req, conn_info_refresh_complete);
5645 if (err < 0)
5646 goto unlock;
5647
5648 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5649 data, len);
5650 if (!cmd) {
5651 err = -ENOMEM;
5652 goto unlock;
5653 }
5654
5655 hci_conn_hold(conn);
f8aaf9b6 5656 cmd->user_data = hci_conn_get(conn);
9981bdb0 5657 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5658
5659 conn->conn_info_timestamp = jiffies;
5660 } else {
5661 /* Cache is valid, just reply with values cached in hci_conn */
5662 rp.rssi = conn->rssi;
5663 rp.tx_power = conn->tx_power;
eed5daf3 5664 rp.max_tx_power = conn->max_tx_power;
dd983808 5665
2a1afb5a
JH		 5666 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5667 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5668 }
5669
5670unlock:
5671 hci_dev_unlock(hdev);
5672 return err;
5673}
5674
3b0602cd 5675static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5676{
69487371 5677 struct hci_conn *conn = cmd->user_data;
95868426 5678 struct mgmt_rp_get_clock_info rp;
69487371 5679 struct hci_dev *hdev;
9df74653 5680 int err;
69487371
JH		 5681
5682 memset(&rp, 0, sizeof(rp));
5683 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5684
5685 if (status)
5686 goto complete;
5687
5688 hdev = hci_dev_get(cmd->index);
5689 if (hdev) {
5690 rp.local_clock = cpu_to_le32(hdev->clock);
5691 hci_dev_put(hdev);
5692 }
5693
5694 if (conn) {
5695 rp.piconet_clock = cpu_to_le32(conn->clock);
5696 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5697 }
5698
5699complete:
2a1afb5a
JH		 5700 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5701 sizeof(rp));
69487371
JH		 5702
5703 if (conn) {
5704 hci_conn_drop(conn);
5705 hci_conn_put(conn);
5706 }
9df74653
JH		 5707
5708 return err;
69487371
JH		 5709}
5710
1904a853 5711static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5712{
95868426 5713 struct hci_cp_read_clock *hci_cp;
3b0602cd 5714 struct mgmt_pending_cmd *cmd;
95868426
JH		 5715 struct hci_conn *conn;
5716
5717 BT_DBG("%s status %u", hdev->name, status);
5718
5719 hci_dev_lock(hdev);
5720
5721 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5722 if (!hci_cp)
5723 goto unlock;
5724
5725 if (hci_cp->which) {
5726 u16 handle = __le16_to_cpu(hci_cp->handle);
5727 conn = hci_conn_hash_lookup_handle(hdev, handle);
5728 } else {
5729 conn = NULL;
5730 }
5731
333ae95d 5732 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
95868426
JH		 5733 if (!cmd)
5734 goto unlock;
5735
69487371 5736 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5737 mgmt_pending_remove(cmd);
95868426
JH		 5738
5739unlock:
5740 hci_dev_unlock(hdev);
5741}
5742
5743static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5744 u16 len)
5745{
5746 struct mgmt_cp_get_clock_info *cp = data;
5747 struct mgmt_rp_get_clock_info rp;
5748 struct hci_cp_read_clock hci_cp;
3b0602cd 5749 struct mgmt_pending_cmd *cmd;
95868426
JH		 5750 struct hci_request req;
5751 struct hci_conn *conn;
5752 int err;
5753
5754 BT_DBG("%s", hdev->name);
5755
5756 memset(&rp, 0, sizeof(rp));
5757 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5758 rp.addr.type = cp->addr.type;
5759
5760 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5761 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5762 MGMT_STATUS_INVALID_PARAMS,
5763 &rp, sizeof(rp));
95868426
JH		 5764
5765 hci_dev_lock(hdev);
5766
5767 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5768 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5769 MGMT_STATUS_NOT_POWERED, &rp,
5770 sizeof(rp));
95868426
JH		 5771 goto unlock;
5772 }
5773
5774 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5775 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5776 &cp->addr.bdaddr);
5777 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5778 err = mgmt_cmd_complete(sk, hdev->id,
5779 MGMT_OP_GET_CLOCK_INFO,
5780 MGMT_STATUS_NOT_CONNECTED,
5781 &rp, sizeof(rp));
95868426
JH		 5782 goto unlock;
5783 }
5784 } else {
5785 conn = NULL;
5786 }
5787
5788 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5789 if (!cmd) {
5790 err = -ENOMEM;
5791 goto unlock;
5792 }
5793
69487371
JH		 5794 cmd->cmd_complete = clock_info_cmd_complete;
5795
95868426
JH		 5796 hci_req_init(&req, hdev);
5797
5798 memset(&hci_cp, 0, sizeof(hci_cp));
5799 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5800
5801 if (conn) {
5802 hci_conn_hold(conn);
f8aaf9b6 5803 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5804
5805 hci_cp.handle = cpu_to_le16(conn->handle);
5806 hci_cp.which = 0x01; /* Piconet clock */
5807 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5808 }
5809
5810 err = hci_req_run(&req, get_clock_info_complete);
5811 if (err < 0)
5812 mgmt_pending_remove(cmd);
5813
5814unlock:
5815 hci_dev_unlock(hdev);
5816 return err;
5817}
5818
5a154e6f
JH		 5819static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5820{
5821 struct hci_conn *conn;
5822
5823 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5824 if (!conn)
5825 return false;
5826
5827 if (conn->dst_type != type)
5828 return false;
5829
5830 if (conn->state != BT_CONNECTED)
5831 return false;
5832
5833 return true;
5834}
5835
5836/* This function requires the caller holds hdev->lock */
51d7a94d 5837static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5a154e6f
JH		 5838 u8 addr_type, u8 auto_connect)
5839{
5a154e6f
JH		 5840 struct hci_conn_params *params;
5841
5842 params = hci_conn_params_add(hdev, addr, addr_type);
5843 if (!params)
5844 return -EIO;
5845
5846 if (params->auto_connect == auto_connect)
5847 return 0;
5848
5849 list_del_init(&params->action);
5850
5851 switch (auto_connect) {
5852 case HCI_AUTO_CONN_DISABLED:
5853 case HCI_AUTO_CONN_LINK_LOSS:
28a667c9
JP		 5854 /* If auto connect is being disabled when we're trying to
5855 * connect to device, keep connecting.
5856 */
5857 if (params->explicit_connect)
5858 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5859 break;
5860 case HCI_AUTO_CONN_REPORT:
49c50922
JH		 5861 if (params->explicit_connect)
5862 list_add(&params->action, &hdev->pend_le_conns);
5863 else
5864 list_add(&params->action, &hdev->pend_le_reports);
5a154e6f
JH		 5865 break;
5866 case HCI_AUTO_CONN_DIRECT:
5867 case HCI_AUTO_CONN_ALWAYS:
51d7a94d 5868 if (!is_connected(hdev, addr, addr_type))
5a154e6f 5869 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5870 break;
5871 }
5872
5873 params->auto_connect = auto_connect;
5874
5875 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5876 auto_connect);
5877
5878 return 0;
5879}
5880
8afef092
MH		 5881static void device_added(struct sock *sk, struct hci_dev *hdev,
5882 bdaddr_t *bdaddr, u8 type, u8 action)
5883{
5884 struct mgmt_ev_device_added ev;
5885
5886 bacpy(&ev.addr.bdaddr, bdaddr);
5887 ev.addr.type = type;
5888 ev.action = action;
5889
5890 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5891}
5892
2faade53
MH		 5893static int add_device(struct sock *sk, struct hci_dev *hdev,
5894 void *data, u16 len)
5895{
5896 struct mgmt_cp_add_device *cp = data;
5897 u8 auto_conn, addr_type;
5898 int err;
5899
5900 BT_DBG("%s", hdev->name);
5901
6659358e 5902 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5903 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5904 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5905 MGMT_STATUS_INVALID_PARAMS,
5906 &cp->addr, sizeof(cp->addr));
2faade53 5907
4b9e7e75 5908 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5909 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5910 MGMT_STATUS_INVALID_PARAMS,
5911 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5912
5913 hci_dev_lock(hdev);
5914
6659358e 5915 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5916 /* Only incoming connections action is supported for now */
6659358e 5917 if (cp->action != 0x01) {
51d7a94d
JH		 5918 err = mgmt_cmd_complete(sk, hdev->id,
5919 MGMT_OP_ADD_DEVICE,
5920 MGMT_STATUS_INVALID_PARAMS,
5921 &cp->addr, sizeof(cp->addr));
6659358e
JH		 5922 goto unlock;
5923 }
5924
5925 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5926 cp->addr.type);
5927 if (err)
5928 goto unlock;
a397407f 5929
2f274981 5930 hci_update_page_scan(hdev);
a397407f 5931
6659358e
JH		 5932 goto added;
5933 }
5934
85813a7e 5935 addr_type = le_addr_type(cp->addr.type);
2faade53 5936
4b9e7e75 5937 if (cp->action == 0x02)
2faade53 5938 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5939 else if (cp->action == 0x01)
5940 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5941 else
a3451d27 5942 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5943
9a0a8a8e
JP		 5944 /* Kernel internally uses conn_params with resolvable private
5945 * address, but Add Device allows only identity addresses.
5946 * Make sure it is enforced before calling
5947 * hci_conn_params_lookup.
5948 */
5949 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5950 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5951 MGMT_STATUS_INVALID_PARAMS,
5952 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5953 goto unlock;
5954 }
5955
bf5b3c8b
MH		 5956 /* If the connection parameters don't exist for this device,
5957 * they will be created and configured with defaults.
5958 */
51d7a94d 5959 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
d06b50ce 5960 auto_conn) < 0) {
51d7a94d
JH		 5961 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5962 MGMT_STATUS_FAILED, &cp->addr,
5963 sizeof(cp->addr));
2faade53
MH		 5964 goto unlock;
5965 }
5966
51d7a94d
JH		 5967 hci_update_background_scan(hdev);
5968
6659358e 5969added:
8afef092
MH		 5970 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5971
51d7a94d
JH		 5972 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5973 MGMT_STATUS_SUCCESS, &cp->addr,
5974 sizeof(cp->addr));
2faade53
MH		 5975
5976unlock:
5977 hci_dev_unlock(hdev);
5978 return err;
5979}
5980
8afef092
MH		 5981static void device_removed(struct sock *sk, struct hci_dev *hdev,
5982 bdaddr_t *bdaddr, u8 type)
5983{
5984 struct mgmt_ev_device_removed ev;
5985
5986 bacpy(&ev.addr.bdaddr, bdaddr);
5987 ev.addr.type = type;
5988
5989 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5990}
5991
2faade53
MH		 5992static int remove_device(struct sock *sk, struct hci_dev *hdev,
5993 void *data, u16 len)
5994{
5995 struct mgmt_cp_remove_device *cp = data;
5996 int err;
5997
5998 BT_DBG("%s", hdev->name);
5999
6000 hci_dev_lock(hdev);
6001
6002 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 6003 struct hci_conn_params *params;
2faade53
MH		 6004 u8 addr_type;
6005
6659358e 6006 if (!bdaddr_type_is_valid(cp->addr.type)) {
51d7a94d
JH		 6007 err = mgmt_cmd_complete(sk, hdev->id,
6008 MGMT_OP_REMOVE_DEVICE,
6009 MGMT_STATUS_INVALID_PARAMS,
6010 &cp->addr, sizeof(cp->addr));
2faade53
MH		 6011 goto unlock;
6012 }
6013
6659358e
JH		 6014 if (cp->addr.type == BDADDR_BREDR) {
6015 err = hci_bdaddr_list_del(&hdev->whitelist,
6016 &cp->addr.bdaddr,
6017 cp->addr.type);
6018 if (err) {
51d7a94d
JH		 6019 err = mgmt_cmd_complete(sk, hdev->id,
6020 MGMT_OP_REMOVE_DEVICE,
6021 MGMT_STATUS_INVALID_PARAMS,
6022 &cp->addr,
6023 sizeof(cp->addr));
6659358e
JH		 6024 goto unlock;
6025 }
6026
51d7a94d 6027 hci_update_page_scan(hdev);
a397407f 6028
6659358e
JH		 6029 device_removed(sk, hdev, &cp->addr.bdaddr,
6030 cp->addr.type);
6031 goto complete;
6032 }
6033
85813a7e 6034 addr_type = le_addr_type(cp->addr.type);
2faade53 6035
9a0a8a8e
JP		 6036 /* Kernel internally uses conn_params with resolvable private
6037 * address, but Remove Device allows only identity addresses.
6038 * Make sure it is enforced before calling
6039 * hci_conn_params_lookup.
6040 */
6041 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 6042 err = mgmt_cmd_complete(sk, hdev->id,
6043 MGMT_OP_REMOVE_DEVICE,
6044 MGMT_STATUS_INVALID_PARAMS,
6045 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 6046 goto unlock;
6047 }
6048
c71593dd
JH		 6049 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6050 addr_type);
6051 if (!params) {
51d7a94d
JH		 6052 err = mgmt_cmd_complete(sk, hdev->id,
6053 MGMT_OP_REMOVE_DEVICE,
6054 MGMT_STATUS_INVALID_PARAMS,
6055 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 6056 goto unlock;
6057 }
6058
679d2b6f
JH		 6059 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
6060 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
51d7a94d
JH		 6061 err = mgmt_cmd_complete(sk, hdev->id,
6062 MGMT_OP_REMOVE_DEVICE,
6063 MGMT_STATUS_INVALID_PARAMS,
6064 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 6065 goto unlock;
6066 }
6067
d1dbf12e 6068 list_del(&params->action);
c71593dd
JH		 6069 list_del(&params->list);
6070 kfree(params);
51d7a94d 6071 hci_update_background_scan(hdev);
8afef092
MH		 6072
6073 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 6074 } else {
19de0825 6075 struct hci_conn_params *p, *tmp;
6659358e 6076 struct bdaddr_list *b, *btmp;
19de0825 6077
2faade53 6078 if (cp->addr.type) {
51d7a94d
JH		 6079 err = mgmt_cmd_complete(sk, hdev->id,
6080 MGMT_OP_REMOVE_DEVICE,
6081 MGMT_STATUS_INVALID_PARAMS,
6082 &cp->addr, sizeof(cp->addr));
2faade53
MH		 6083 goto unlock;
6084 }
6085
6659358e
JH		 6086 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6087 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6088 list_del(&b->list);
6089 kfree(b);
6090 }
6091
51d7a94d 6092 hci_update_page_scan(hdev);
a397407f 6093
19de0825
JH		 6094 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6095 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6096 continue;
6097 device_removed(sk, hdev, &p->addr, p->addr_type);
679d2b6f
JH		 6098 if (p->explicit_connect) {
6099 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
6100 continue;
6101 }
19de0825
JH		 6102 list_del(&p->action);
6103 list_del(&p->list);
6104 kfree(p);
6105 }
6106
6107 BT_DBG("All LE connection parameters were removed");
6108
51d7a94d 6109 hci_update_background_scan(hdev);
2faade53
MH		 6110 }
6111
6659358e 6112complete:
51d7a94d
JH		 6113 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
6114 MGMT_STATUS_SUCCESS, &cp->addr,
6115 sizeof(cp->addr));
2faade53
MH		 6116unlock:
6117 hci_dev_unlock(hdev);
6118 return err;
6119}
6120
a26f3dcf
JH		 6121static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6122 u16 len)
6123{
6124 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 6125 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6126 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 6127 u16 param_count, expected_len;
6128 int i;
6129
6130 if (!lmp_le_capable(hdev))
a69e8375
JH		 6131 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6132 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 6133
6134 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 6135 if (param_count > max_param_count) {
6136 BT_ERR("load_conn_param: too big param_count value %u",
6137 param_count);
a69e8375
JH		 6138 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6139 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 6140 }
a26f3dcf
JH		 6141
6142 expected_len = sizeof(*cp) + param_count *
6143 sizeof(struct mgmt_conn_param);
6144 if (expected_len != len) {
6145 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6146 expected_len, len);
a69e8375
JH		 6147 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6148 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 6149 }
6150
6151 BT_DBG("%s param_count %u", hdev->name, param_count);
6152
6153 hci_dev_lock(hdev);
6154
6155 hci_conn_params_clear_disabled(hdev);
6156
6157 for (i = 0; i < param_count; i++) {
6158 struct mgmt_conn_param *param = &cp->params[i];
6159 struct hci_conn_params *hci_param;
6160 u16 min, max, latency, timeout;
6161 u8 addr_type;
6162
6163 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
6164 param->addr.type);
6165
6166 if (param->addr.type == BDADDR_LE_PUBLIC) {
6167 addr_type = ADDR_LE_DEV_PUBLIC;
6168 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6169 addr_type = ADDR_LE_DEV_RANDOM;
6170 } else {
6171 BT_ERR("Ignoring invalid connection parameters");
6172 continue;
6173 }
6174
6175 min = le16_to_cpu(param->min_interval);
6176 max = le16_to_cpu(param->max_interval);
6177 latency = le16_to_cpu(param->latency);
6178 timeout = le16_to_cpu(param->timeout);
6179
6180 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6181 min, max, latency, timeout);
6182
6183 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6184 BT_ERR("Ignoring invalid connection parameters");
6185 continue;
6186 }
6187
6188 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
6189 addr_type);
6190 if (!hci_param) {
6191 BT_ERR("Failed to add connection parameters");
6192 continue;
6193 }
6194
6195 hci_param->conn_min_interval = min;
6196 hci_param->conn_max_interval = max;
6197 hci_param->conn_latency = latency;
6198 hci_param->supervision_timeout = timeout;
6199 }
6200
6201 hci_dev_unlock(hdev);
6202
2a1afb5a
JH		 6203 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6204 NULL, 0);
a26f3dcf
JH		 6205}
6206
dbece37a
MH		 6207static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6208 void *data, u16 len)
6209{
6210 struct mgmt_cp_set_external_config *cp = data;
6211 bool changed;
6212 int err;
6213
6214 BT_DBG("%s", hdev->name);
6215
6216 if (hdev_is_powered(hdev))
a69e8375
JH		 6217 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6218 MGMT_STATUS_REJECTED);
dbece37a
MH		 6219
6220 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 6221 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6222 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 6223
6224 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 6225 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6226 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 6227
6228 hci_dev_lock(hdev);
6229
6230 if (cp->config)
238be788 6231 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 6232 else
a69d8927 6233 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 6234
6235 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6236 if (err < 0)
6237 goto unlock;
6238
6239 if (!changed)
6240 goto unlock;
6241
f4537c04
MH		 6242 err = new_options(hdev, sk);
6243
d7a5a11d 6244 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 6245 mgmt_index_removed(hdev);
d603b76b 6246
516018a9 6247 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 6248 hci_dev_set_flag(hdev, HCI_CONFIG);
6249 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 6250
6251 queue_work(hdev->req_workqueue, &hdev->power_on);
6252 } else {
5ea234d3 6253 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6254 mgmt_index_added(hdev);
6255 }
dbece37a
MH		 6256 }
6257
6258unlock:
6259 hci_dev_unlock(hdev);
6260 return err;
6261}
6262
9713c17b
MH		 6263static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6264 void *data, u16 len)
6265{
6266 struct mgmt_cp_set_public_address *cp = data;
6267 bool changed;
6268 int err;
6269
6270 BT_DBG("%s", hdev->name);
6271
6272 if (hdev_is_powered(hdev))
a69e8375
JH		 6273 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6274 MGMT_STATUS_REJECTED);
9713c17b
MH		 6275
6276 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 6277 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6278 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 6279
6280 if (!hdev->set_bdaddr)
a69e8375
JH		 6281 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6282 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 6283
6284 hci_dev_lock(hdev);
6285
6286 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6287 bacpy(&hdev->public_addr, &cp->bdaddr);
6288
6289 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6290 if (err < 0)
6291 goto unlock;
6292
6293 if (!changed)
6294 goto unlock;
6295
d7a5a11d 6296 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 6297 err = new_options(hdev, sk);
6298
6299 if (is_configured(hdev)) {
6300 mgmt_index_removed(hdev);
6301
a358dc11 6302 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 6303
a1536da2
MH		 6304 hci_dev_set_flag(hdev, HCI_CONFIG);
6305 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 6306
6307 queue_work(hdev->req_workqueue, &hdev->power_on);
6308 }
6309
6310unlock:
6311 hci_dev_unlock(hdev);
6312 return err;
6313}
6314
bea41609
MH		 6315static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6316 u8 data_len)
6317{
6318 eir[eir_len++] = sizeof(type) + data_len;
6319 eir[eir_len++] = type;
6320 memcpy(&eir[eir_len], data, data_len);
6321 eir_len += data_len;
6322
6323 return eir_len;
6324}
6325
40f66c05
JH		 6326static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6327 u16 opcode, struct sk_buff *skb)
6328{
6329 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6330 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6331 u8 *h192, *r192, *h256, *r256;
6332 struct mgmt_pending_cmd *cmd;
6333 u16 eir_len;
6334 int err;
6335
6336 BT_DBG("%s status %u", hdev->name, status);
6337
6338 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6339 if (!cmd)
6340 return;
6341
6342 mgmt_cp = cmd->param;
6343
6344 if (status) {
6345 status = mgmt_status(status);
6346 eir_len = 0;
6347
6348 h192 = NULL;
6349 r192 = NULL;
6350 h256 = NULL;
6351 r256 = NULL;
6352 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6353 struct hci_rp_read_local_oob_data *rp;
6354
6355 if (skb->len != sizeof(*rp)) {
6356 status = MGMT_STATUS_FAILED;
6357 eir_len = 0;
6358 } else {
6359 status = MGMT_STATUS_SUCCESS;
6360 rp = (void *)skb->data;
6361
6362 eir_len = 5 + 18 + 18;
6363 h192 = rp->hash;
6364 r192 = rp->rand;
6365 h256 = NULL;
6366 r256 = NULL;
6367 }
6368 } else {
6369 struct hci_rp_read_local_oob_ext_data *rp;
6370
6371 if (skb->len != sizeof(*rp)) {
6372 status = MGMT_STATUS_FAILED;
6373 eir_len = 0;
6374 } else {
6375 status = MGMT_STATUS_SUCCESS;
6376 rp = (void *)skb->data;
6377
6378 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6379 eir_len = 5 + 18 + 18;
6380 h192 = NULL;
6381 r192 = NULL;
6382 } else {
6383 eir_len = 5 + 18 + 18 + 18 + 18;
6384 h192 = rp->hash192;
6385 r192 = rp->rand192;
6386 }
6387
6388 h256 = rp->hash256;
6389 r256 = rp->rand256;
6390 }
6391 }
6392
6393 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6394 if (!mgmt_rp)
6395 goto done;
6396
6397 if (status)
6398 goto send_rsp;
6399
6400 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6401 hdev->dev_class, 3);
6402
6403 if (h192 && r192) {
6404 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6405 EIR_SSP_HASH_C192, h192, 16);
6406 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6407 EIR_SSP_RAND_R192, r192, 16);
6408 }
6409
6410 if (h256 && r256) {
6411 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6412 EIR_SSP_HASH_C256, h256, 16);
6413 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6414 EIR_SSP_RAND_R256, r256, 16);
6415 }
6416
6417send_rsp:
6418 mgmt_rp->type = mgmt_cp->type;
6419 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6420
6421 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6422 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6423 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6424 if (err < 0 || status)
6425 goto done;
6426
6427 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6428
6429 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6430 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6431 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6432done:
6433 kfree(mgmt_rp);
6434 mgmt_pending_remove(cmd);
6435}
6436
6437static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6438 struct mgmt_cp_read_local_oob_ext_data *cp)
6439{
6440 struct mgmt_pending_cmd *cmd;
6441 struct hci_request req;
6442 int err;
6443
6444 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6445 cp, sizeof(*cp));
6446 if (!cmd)
6447 return -ENOMEM;
6448
6449 hci_req_init(&req, hdev);
6450
6451 if (bredr_sc_enabled(hdev))
6452 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6453 else
6454 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6455
6456 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6457 if (err < 0) {
6458 mgmt_pending_remove(cmd);
6459 return err;
6460 }
6461
6462 return 0;
6463}
6464
4f0f155c
MH		 6465static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6466 void *data, u16 data_len)
6467{
6468 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6469 struct mgmt_rp_read_local_oob_ext_data *rp;
6470 size_t rp_len;
6471 u16 eir_len;
0821a2c5 6472 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 6473 int err;
6474
6475 BT_DBG("%s", hdev->name);
6476
57b0d3e8
MH		 6477 if (hdev_is_powered(hdev)) {
6478 switch (cp->type) {
6479 case BIT(BDADDR_BREDR):
6480 status = mgmt_bredr_support(hdev);
6481 if (status)
6482 eir_len = 0;
6483 else
6484 eir_len = 5;
6485 break;
6486 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6487 status = mgmt_le_support(hdev);
6488 if (status)
6489 eir_len = 0;
6490 else
6491 eir_len = 9 + 3 + 18 + 18 + 3;
6492 break;
6493 default:
6494 status = MGMT_STATUS_INVALID_PARAMS;
6495 eir_len = 0;
6496 break;
6497 }
6498 } else {
6499 status = MGMT_STATUS_NOT_POWERED;
6500 eir_len = 0;
4f0f155c
MH		 6501 }
6502
4f0f155c
MH		 6503 rp_len = sizeof(*rp) + eir_len;
6504 rp = kmalloc(rp_len, GFP_ATOMIC);
efcd8c98 6505 if (!rp)
4f0f155c 6506 return -ENOMEM;
efcd8c98 6507
57b0d3e8
MH		 6508 if (status)
6509 goto complete;
6510
efcd8c98 6511 hci_dev_lock(hdev);
4f0f155c
MH		 6512
6513 eir_len = 0;
6514 switch (cp->type) {
6515 case BIT(BDADDR_BREDR):
40f66c05
JH		 6516 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6517 err = read_local_ssp_oob_req(hdev, sk, cp);
6518 hci_dev_unlock(hdev);
6519 if (!err)
6520 goto done;
6521
6522 status = MGMT_STATUS_FAILED;
6523 goto complete;
6524 } else {
6525 eir_len = eir_append_data(rp->eir, eir_len,
6526 EIR_CLASS_OF_DEV,
6527 hdev->dev_class, 3);
6528 }
4f0f155c
MH		 6529 break;
6530 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 6531 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6532 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5 6533 hci_dev_unlock(hdev);
57b0d3e8
MH		 6534 status = MGMT_STATUS_FAILED;
6535 goto complete;
0821a2c5
MH		 6536 }
6537
e213568a
MH		 6538 /* This should return the active RPA, but since the RPA
6539 * is only programmed on demand, it is really hard to fill
6540 * this in at the moment. For now disallow retrieving
6541 * local out-of-band data when privacy is in use.
6542 *
6543 * Returning the identity address will not help here since
6544 * pairing happens before the identity resolving key is
6545 * known and thus the connection establishment happens
6546 * based on the RPA and not the identity address.
6547 */
4f0f155c 6548 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
e213568a
MH		 6549 hci_dev_unlock(hdev);
6550 status = MGMT_STATUS_REJECTED;
6551 goto complete;
6552 }
6553
6554 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6555 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6556 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6557 bacmp(&hdev->static_addr, BDADDR_ANY))) {
4f0f155c
MH		 6558 memcpy(addr, &hdev->static_addr, 6);
6559 addr[6] = 0x01;
6560 } else {
6561 memcpy(addr, &hdev->bdaddr, 6);
6562 addr[6] = 0x00;
6563 }
6564
6565 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6566 addr, sizeof(addr));
6567
6568 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6569 role = 0x02;
6570 else
6571 role = 0x01;
6572
6573 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6574 &role, sizeof(role));
6575
5082a599
MH		 6576 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6577 eir_len = eir_append_data(rp->eir, eir_len,
6578 EIR_LE_SC_CONFIRM,
6579 hash, sizeof(hash));
0821a2c5 6580
5082a599
MH		 6581 eir_len = eir_append_data(rp->eir, eir_len,
6582 EIR_LE_SC_RANDOM,
6583 rand, sizeof(rand));
6584 }
0821a2c5 6585
4f0f155c
MH		 6586 flags = get_adv_discov_flags(hdev);
6587
6588 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6589 flags |= LE_AD_NO_BREDR;
6590
6591 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6592 &flags, sizeof(flags));
6593 break;
6594 }
6595
4f0f155c
MH		 6596 hci_dev_unlock(hdev);
6597
72000df2
MH		 6598 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6599
57b0d3e8
MH		 6600 status = MGMT_STATUS_SUCCESS;
6601
6602complete:
efcd8c98
MH		 6603 rp->type = cp->type;
6604 rp->eir_len = cpu_to_le16(eir_len);
6605
4f0f155c 6606 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
57b0d3e8
MH		 6607 status, rp, sizeof(*rp) + eir_len);
6608 if (err < 0 || status)
72000df2
MH		 6609 goto done;
6610
6611 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6612 rp, sizeof(*rp) + eir_len,
6613 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 6614
0821a2c5 6615done:
4f0f155c
MH		 6616 kfree(rp);
6617
6618 return err;
6619}
6620
089fa8c0
AU		 6621static u32 get_supported_adv_flags(struct hci_dev *hdev)
6622{
6623 u32 flags = 0;
6624
6625 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6626 flags |= MGMT_ADV_FLAG_DISCOV;
6627 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6628 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6629
6630 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
6631 flags |= MGMT_ADV_FLAG_TX_POWER;
6632
6633 return flags;
6634}
6635
d3d5305b
MH		 6636static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6637 void *data, u16 data_len)
6638{
6639 struct mgmt_rp_read_adv_features *rp;
6640 size_t rp_len;
286e0c83 6641 int err, i;
24b4f38f 6642 bool instance;
286e0c83 6643 struct adv_info *adv_instance;
089fa8c0 6644 u32 supported_flags;
d3d5305b
MH		 6645
6646 BT_DBG("%s", hdev->name);
6647
089fa8c0
AU		 6648 if (!lmp_le_capable(hdev))
6649 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6650 MGMT_STATUS_REJECTED);
6651
d3d5305b
MH		 6652 hci_dev_lock(hdev);
6653
6654 rp_len = sizeof(*rp);
24b4f38f 6655
24b4f38f
AU		 6656 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
6657 if (instance)
286e0c83 6658 rp_len += hdev->adv_instance_cnt;
24b4f38f 6659
d3d5305b
MH		 6660 rp = kmalloc(rp_len, GFP_ATOMIC);
6661 if (!rp) {
6662 hci_dev_unlock(hdev);
6663 return -ENOMEM;
6664 }
6665
089fa8c0
AU		 6666 supported_flags = get_supported_adv_flags(hdev);
6667
6668 rp->supported_flags = cpu_to_le32(supported_flags);
dc5d82a9
MH		 6669 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6670 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
d2609b34 6671 rp->max_instances = HCI_MAX_ADV_INSTANCES;
24b4f38f 6672
24b4f38f 6673 if (instance) {
286e0c83
FG		 6674 i = 0;
6675 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6676 if (i >= hdev->adv_instance_cnt)
6677 break;
6678
6679 rp->instance[i] = adv_instance->instance;
6680 i++;
6681 }
6682 rp->num_instances = hdev->adv_instance_cnt;
24b4f38f
AU		 6683 } else {
6684 rp->num_instances = 0;
6685 }
d3d5305b
MH		 6686
6687 hci_dev_unlock(hdev);
6688
6689 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6690 MGMT_STATUS_SUCCESS, rp, rp_len);
6691
6692 kfree(rp);
6693
6694 return err;
6695}
6696
4117ed70 6697static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
b44133ff 6698 u8 len, bool is_adv_data)
24b4f38f 6699{
4117ed70 6700 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f 6701 int i, cur_len;
b44133ff 6702 bool flags_managed = false;
5507e358 6703 bool tx_power_managed = false;
24b4f38f 6704
31a3248d
MH		 6705 if (is_adv_data) {
6706 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6707 MGMT_ADV_FLAG_LIMITED_DISCOV |
6708 MGMT_ADV_FLAG_MANAGED_FLAGS)) {
6709 flags_managed = true;
6710 max_len -= 3;
6711 }
24b4f38f 6712
31a3248d
MH		 6713 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) {
6714 tx_power_managed = true;
6715 max_len -= 3;
6716 }
5507e358
AU		 6717 }
6718
4117ed70 6719 if (len > max_len)
24b4f38f
AU		 6720 return false;
6721
4117ed70
AU		 6722 /* Make sure that the data is correctly formatted. */
6723 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6724 cur_len = data[i];
24b4f38f 6725
b44133ff
AU		 6726 if (flags_managed && data[i + 1] == EIR_FLAGS)
6727 return false;
6728
5507e358
AU		 6729 if (tx_power_managed && data[i + 1] == EIR_TX_POWER)
6730 return false;
6731
24b4f38f
AU		 6732 /* If the current field length would exceed the total data
6733 * length, then it's invalid.
6734 */
4117ed70 6735 if (i + cur_len >= len)
24b4f38f
AU		 6736 return false;
6737 }
6738
6739 return true;
6740}
6741
24b4f38f
AU		 6742static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6743 u16 opcode)
6744{
6745 struct mgmt_pending_cmd *cmd;
fffd38bc 6746 struct mgmt_cp_add_advertising *cp;
24b4f38f 6747 struct mgmt_rp_add_advertising rp;
fffd38bc
FG		 6748 struct adv_info *adv_instance, *n;
6749 u8 instance;
24b4f38f
AU		 6750
6751 BT_DBG("status %d", status);
6752
6753 hci_dev_lock(hdev);
6754
6755 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6756
fffd38bc 6757 if (status)
24b4f38f 6758 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
fffd38bc
FG		 6759
6760 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6761 if (!adv_instance->pending)
6762 continue;
6763
6764 if (!status) {
6765 adv_instance->pending = false;
6766 continue;
6767 }
6768
6769 instance = adv_instance->instance;
6770
6771 if (hdev->cur_adv_instance == instance)
6772 cancel_adv_timeout(hdev);
6773
6774 hci_remove_adv_instance(hdev, instance);
6775 advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
24b4f38f
AU		 6776 }
6777
6778 if (!cmd)
6779 goto unlock;
6780
fffd38bc
FG		 6781 cp = cmd->param;
6782 rp.instance = cp->instance;
24b4f38f
AU		 6783
6784 if (status)
6785 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6786 mgmt_status(status));
6787 else
6788 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6789 mgmt_status(status), &rp, sizeof(rp));
6790
6791 mgmt_pending_remove(cmd);
6792
6793unlock:
6794 hci_dev_unlock(hdev);
6795}
6796
5d900e46 6797void mgmt_adv_timeout_expired(struct hci_dev *hdev)
912098a6 6798{
847818d9
FG		 6799 u8 instance;
6800 struct hci_request req;
6801
5d900e46 6802 hdev->adv_instance_timeout = 0;
912098a6 6803
847818d9
FG		 6804 instance = get_current_adv_instance(hdev);
6805 if (instance == 0x00)
6806 return;
6807
912098a6 6808 hci_dev_lock(hdev);
847818d9
FG		 6809 hci_req_init(&req, hdev);
6810
6811 clear_adv_instance(hdev, &req, instance, false);
6812
6813 if (list_empty(&hdev->adv_instances))
6814 disable_advertising(&req);
6815
6816 if (!skb_queue_empty(&req.cmd_q))
6817 hci_req_run(&req, NULL);
6818
912098a6
AU		 6819 hci_dev_unlock(hdev);
6820}
6821
24b4f38f
AU		 6822static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6823 void *data, u16 data_len)
6824{
6825 struct mgmt_cp_add_advertising *cp = data;
6826 struct mgmt_rp_add_advertising rp;
6827 u32 flags;
089fa8c0 6828 u32 supported_flags;
24b4f38f 6829 u8 status;
fffd38bc
FG		 6830 u16 timeout, duration;
6831 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6832 u8 schedule_instance = 0;
6833 struct adv_info *next_instance;
24b4f38f
AU		 6834 int err;
6835 struct mgmt_pending_cmd *cmd;
6836 struct hci_request req;
6837
6838 BT_DBG("%s", hdev->name);
6839
6840 status = mgmt_le_support(hdev);
6841 if (status)
6842 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6843 status);
6844
ceff86af
MH		 6845 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6846 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6847 MGMT_STATUS_INVALID_PARAMS);
6848
24b4f38f 6849 flags = __le32_to_cpu(cp->flags);
912098a6 6850 timeout = __le16_to_cpu(cp->timeout);
fffd38bc 6851 duration = __le16_to_cpu(cp->duration);
24b4f38f 6852
fffd38bc
FG		 6853 /* The current implementation only supports a subset of the specified
6854 * flags.
089fa8c0
AU		 6855 */
6856 supported_flags = get_supported_adv_flags(hdev);
fffd38bc 6857 if (flags & ~supported_flags)
24b4f38f
AU		 6858 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6859 MGMT_STATUS_INVALID_PARAMS);
6860
6861 hci_dev_lock(hdev);
6862
912098a6
AU		 6863 if (timeout && !hdev_is_powered(hdev)) {
6864 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6865 MGMT_STATUS_REJECTED);
6866 goto unlock;
6867 }
6868
24b4f38f 6869 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
da929335 6870 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
24b4f38f
AU		 6871 pending_find(MGMT_OP_SET_LE, hdev)) {
6872 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6873 MGMT_STATUS_BUSY);
6874 goto unlock;
6875 }
6876
b44133ff 6877 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
4117ed70 6878 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
b44133ff 6879 cp->scan_rsp_len, false)) {
24b4f38f
AU		 6880 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6881 MGMT_STATUS_INVALID_PARAMS);
6882 goto unlock;
6883 }
6884
fffd38bc
FG		 6885 err = hci_add_adv_instance(hdev, cp->instance, flags,
6886 cp->adv_data_len, cp->data,
6887 cp->scan_rsp_len,
6888 cp->data + cp->adv_data_len,
6889 timeout, duration);
6890 if (err < 0) {
6891 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6892 MGMT_STATUS_FAILED);
6893 goto unlock;
6894 }
24b4f38f 6895
fffd38bc
FG		 6896 /* Only trigger an advertising added event if a new instance was
6897 * actually added.
6898 */
6899 if (hdev->adv_instance_cnt > prev_instance_cnt)
6900 advertising_added(sk, hdev, cp->instance);
912098a6 6901
fffd38bc 6902 hci_dev_set_flag(hdev, HCI_ADVERTISING_INSTANCE);
912098a6 6903
fffd38bc
FG		 6904 if (hdev->cur_adv_instance == cp->instance) {
6905 /* If the currently advertised instance is being changed then
6906 * cancel the current advertising and schedule the next
6907 * instance. If there is only one instance then the overridden
6908 * advertising data will be visible right away.
6909 */
6910 cancel_adv_timeout(hdev);
912098a6 6911
fffd38bc
FG		 6912 next_instance = hci_get_next_instance(hdev, cp->instance);
6913 if (next_instance)
6914 schedule_instance = next_instance->instance;
6915 } else if (!hdev->adv_instance_timeout) {
6916 /* Immediately advertise the new instance if no other
6917 * instance is currently being advertised.
6918 */
6919 schedule_instance = cp->instance;
6920 }
24b4f38f 6921
fffd38bc
FG		 6922 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6923 * there is no instance to be advertised then we have no HCI
6924 * communication to make. Simply return.
24b4f38f
AU		 6925 */
6926 if (!hdev_is_powered(hdev) ||
fffd38bc
FG		 6927 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6928 !schedule_instance) {
6929 rp.instance = cp->instance;
24b4f38f
AU		 6930 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6931 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6932 goto unlock;
6933 }
6934
6935 /* We're good to go, update advertising data, parameters, and start
6936 * advertising.
6937 */
6938 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6939 data_len);
6940 if (!cmd) {
6941 err = -ENOMEM;
6942 goto unlock;
6943 }
6944
6945 hci_req_init(&req, hdev);
6946
fffd38bc
FG		 6947 err = schedule_adv_instance(&req, schedule_instance, true);
6948
6949 if (!err)
6950 err = hci_req_run(&req, add_advertising_complete);
24b4f38f 6951
24b4f38f
AU		 6952 if (err < 0)
6953 mgmt_pending_remove(cmd);
6954
6955unlock:
6956 hci_dev_unlock(hdev);
6957
6958 return err;
6959}
6960
da929335
AU		 6961static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6962 u16 opcode)
6963{
6964 struct mgmt_pending_cmd *cmd;
01948331 6965 struct mgmt_cp_remove_advertising *cp;
da929335
AU		 6966 struct mgmt_rp_remove_advertising rp;
6967
6968 BT_DBG("status %d", status);
6969
6970 hci_dev_lock(hdev);
6971
6972 /* A failure status here only means that we failed to disable
6973 * advertising. Otherwise, the advertising instance has been removed,
6974 * so report success.
6975 */
6976 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6977 if (!cmd)
6978 goto unlock;
6979
01948331
FG		 6980 cp = cmd->param;
6981 rp.instance = cp->instance;
da929335
AU		 6982
6983 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6984 &rp, sizeof(rp));
6985 mgmt_pending_remove(cmd);
6986
6987unlock:
6988 hci_dev_unlock(hdev);
6989}
6990
6991static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6992 void *data, u16 data_len)
6993{
6994 struct mgmt_cp_remove_advertising *cp = data;
6995 struct mgmt_rp_remove_advertising rp;
da929335
AU		 6996 struct mgmt_pending_cmd *cmd;
6997 struct hci_request req;
952497b1 6998 int err;
da929335
AU		 6999
7000 BT_DBG("%s", hdev->name);
7001
da929335
AU		 7002 hci_dev_lock(hdev);
7003
952497b1 7004 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
01948331
FG		 7005 err = mgmt_cmd_status(sk, hdev->id,
7006 MGMT_OP_REMOVE_ADVERTISING,
7007 MGMT_STATUS_INVALID_PARAMS);
7008 goto unlock;
7009 }
7010
da929335
AU		 7011 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7012 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7013 pending_find(MGMT_OP_SET_LE, hdev)) {
7014 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7015 MGMT_STATUS_BUSY);
7016 goto unlock;
7017 }
7018
7019 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
7020 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7021 MGMT_STATUS_INVALID_PARAMS);
7022 goto unlock;
7023 }
7024
01948331 7025 hci_req_init(&req, hdev);
da929335 7026
01948331 7027 clear_adv_instance(hdev, &req, cp->instance, true);
da929335 7028
01948331
FG		 7029 if (list_empty(&hdev->adv_instances))
7030 disable_advertising(&req);
da929335 7031
01948331
FG		 7032 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
7033 * flag is set or the device isn't powered then we have no HCI
7034 * communication to make. Simply return.
da929335 7035 */
01948331
FG		 7036 if (skb_queue_empty(&req.cmd_q) ||
7037 !hdev_is_powered(hdev) ||
da929335 7038 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
01948331 7039 rp.instance = cp->instance;
da929335
AU		 7040 err = mgmt_cmd_complete(sk, hdev->id,
7041 MGMT_OP_REMOVE_ADVERTISING,
7042 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7043 goto unlock;
7044 }
7045
7046 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
7047 data_len);
7048 if (!cmd) {
7049 err = -ENOMEM;
7050 goto unlock;
7051 }
7052
da929335
AU		 7053 err = hci_req_run(&req, remove_advertising_complete);
7054 if (err < 0)
7055 mgmt_pending_remove(cmd);
7056
7057unlock:
7058 hci_dev_unlock(hdev);
7059
7060 return err;
7061}
7062
40b25fe5
MH		 7063static u8 tlv_data_max_len(u32 adv_flags, bool is_adv_data)
7064{
7065 u8 max_len = HCI_MAX_AD_LENGTH;
7066
7067 if (is_adv_data) {
7068 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
7069 MGMT_ADV_FLAG_LIMITED_DISCOV |
7070 MGMT_ADV_FLAG_MANAGED_FLAGS))
7071 max_len -= 3;
7072
7073 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
7074 max_len -= 3;
7075 }
7076
7077 return max_len;
7078}
7079
7080static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
7081 void *data, u16 data_len)
7082{
7083 struct mgmt_cp_get_adv_size_info *cp = data;
7084 struct mgmt_rp_get_adv_size_info rp;
7085 u32 flags, supported_flags;
7086 int err;
7087
7088 BT_DBG("%s", hdev->name);
7089
7090 if (!lmp_le_capable(hdev))
7091 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7092 MGMT_STATUS_REJECTED);
7093
7094 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
7095 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7096 MGMT_STATUS_INVALID_PARAMS);
7097
7098 flags = __le32_to_cpu(cp->flags);
7099
7100 /* The current implementation only supports a subset of the specified
7101 * flags.
7102 */
7103 supported_flags = get_supported_adv_flags(hdev);
7104 if (flags & ~supported_flags)
7105 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7106 MGMT_STATUS_INVALID_PARAMS);
7107
7108 rp.instance = cp->instance;
7109 rp.flags = cp->flags;
7110 rp.max_adv_data_len = tlv_data_max_len(flags, true);
7111 rp.max_scan_rsp_len = tlv_data_max_len(flags, false);
7112
7113 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7114 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7115
7116 return err;
7117}
7118
6d785aa3 7119static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 7120 { NULL }, /* 0x0000 (no command) */
b9a245fb 7121 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 7122 HCI_MGMT_NO_HDEV |
7123 HCI_MGMT_UNTRUSTED },
b9a245fb 7124 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 7125 HCI_MGMT_NO_HDEV |
7126 HCI_MGMT_UNTRUSTED },
b9a245fb 7127 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 7128 HCI_MGMT_NO_HDEV |
7129 HCI_MGMT_UNTRUSTED },
7130 { read_controller_info, MGMT_READ_INFO_SIZE,
7131 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 7132 { set_powered, MGMT_SETTING_SIZE },
7133 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
7134 { set_connectable, MGMT_SETTING_SIZE },
7135 { set_fast_connectable, MGMT_SETTING_SIZE },
7136 { set_bondable, MGMT_SETTING_SIZE },
7137 { set_link_security, MGMT_SETTING_SIZE },
7138 { set_ssp, MGMT_SETTING_SIZE },
7139 { set_hs, MGMT_SETTING_SIZE },
7140 { set_le, MGMT_SETTING_SIZE },
7141 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
7142 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
7143 { add_uuid, MGMT_ADD_UUID_SIZE },
7144 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 7145 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
7146 HCI_MGMT_VAR_LEN },
7147 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
7148 HCI_MGMT_VAR_LEN },
7aea8616
MH		 7149 { disconnect, MGMT_DISCONNECT_SIZE },
7150 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
7151 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
7152 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
7153 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
7154 { pair_device, MGMT_PAIR_DEVICE_SIZE },
7155 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
7156 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
7157 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
7158 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
7159 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
7160 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 7161 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
7162 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
7163 HCI_MGMT_VAR_LEN },
7aea8616
MH		 7164 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
7165 { start_discovery, MGMT_START_DISCOVERY_SIZE },
7166 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
7167 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
7168 { block_device, MGMT_BLOCK_DEVICE_SIZE },
7169 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
7170 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
7171 { set_advertising, MGMT_SETTING_SIZE },
7172 { set_bredr, MGMT_SETTING_SIZE },
7173 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
7174 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
7175 { set_secure_conn, MGMT_SETTING_SIZE },
7176 { set_debug_keys, MGMT_SETTING_SIZE },
7177 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 7178 { load_irks, MGMT_LOAD_IRKS_SIZE,
7179 HCI_MGMT_VAR_LEN },
7aea8616
MH		 7180 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
7181 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
7182 { add_device, MGMT_ADD_DEVICE_SIZE },
7183 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 7184 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
7185 HCI_MGMT_VAR_LEN },
7186 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 7187 HCI_MGMT_NO_HDEV |
7188 HCI_MGMT_UNTRUSTED },
b9a245fb 7189 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 7190 HCI_MGMT_UNCONFIGURED |
7191 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 7192 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
7193 HCI_MGMT_UNCONFIGURED },
7194 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
7195 HCI_MGMT_UNCONFIGURED },
7196 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
7197 HCI_MGMT_VAR_LEN },
4f0f155c 7198 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 7199 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 7200 HCI_MGMT_NO_HDEV |
7201 HCI_MGMT_UNTRUSTED },
d3d5305b 7202 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 7203 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
7204 HCI_MGMT_VAR_LEN },
da929335 7205 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
40b25fe5 7206 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
0f4e68cf
JH		 7207};
7208
bf6b56db 7209void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 7210{
ced85549 7211 struct mgmt_ev_ext_index ev;
bb4b2a9a 7212
0602a8ad
MH		 7213 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7214 return;
7215
f9207338
MH		 7216 switch (hdev->dev_type) {
7217 case HCI_BREDR:
7218 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7219 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
7220 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 7221 ev.type = 0x01;
f9207338
MH		 7222 } else {
7223 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
7224 HCI_MGMT_INDEX_EVENTS);
ced85549 7225 ev.type = 0x00;
f9207338
MH		 7226 }
7227 break;
ced85549
MH		 7228 case HCI_AMP:
7229 ev.type = 0x02;
7230 break;
7231 default:
7232 return;
f9207338 7233 }
ced85549
MH		 7234
7235 ev.bus = hdev->bus;
7236
7237 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
7238 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 7239}
7240
bf6b56db 7241void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 7242{
ced85549 7243 struct mgmt_ev_ext_index ev;
5f159032 7244 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 7245
0602a8ad
MH		 7246 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7247 return;
7248
f9207338
MH		 7249 switch (hdev->dev_type) {
7250 case HCI_BREDR:
7251 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 7252
f9207338
MH		 7253 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7254 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
7255 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 7256 ev.type = 0x01;
f9207338
MH		 7257 } else {
7258 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
7259 HCI_MGMT_INDEX_EVENTS);
ced85549 7260 ev.type = 0x00;
f9207338
MH		 7261 }
7262 break;
ced85549
MH		 7263 case HCI_AMP:
7264 ev.type = 0x02;
7265 break;
7266 default:
7267 return;
f9207338 7268 }
ced85549
MH		 7269
7270 ev.bus = hdev->bus;
7271
7272 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
7273 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 7274}
7275
6046dc3e 7276/* This function requires the caller holds hdev->lock */
af02dd44 7277static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 7278{
7279 struct hci_conn_params *p;
7280
7281 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 7282 /* Needed for AUTO_OFF case where might not "really"
7283 * have been powered off.
7284 */
7285 list_del_init(&p->action);
7286
7287 switch (p->auto_connect) {
4b9e7e75 7288 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 7289 case HCI_AUTO_CONN_ALWAYS:
7290 list_add(&p->action, &hdev->pend_le_conns);
7291 break;
7292 case HCI_AUTO_CONN_REPORT:
7293 list_add(&p->action, &hdev->pend_le_reports);
7294 break;
7295 default:
7296 break;
c83ed19d 7297 }
6046dc3e
AG		 7298 }
7299}
7300
1904a853 7301static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 7302{
7303 struct cmd_lookup match = { NULL, hdev };
7304
7305 BT_DBG("status 0x%02x", status);
7306
162a3bac 7307 if (!status) {
af02dd44
JH		 7308 restart_le_actions(hdev);
7309 hci_update_background_scan(hdev);
162a3bac
MH		 7310 }
7311
229ab39c
JH		 7312 hci_dev_lock(hdev);
7313
7314 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7315
7316 new_settings(hdev, match.sk);
7317
7318 hci_dev_unlock(hdev);
7319
7320 if (match.sk)
7321 sock_put(match.sk);
7322}
7323
70da6243 7324static int powered_update_hci(struct hci_dev *hdev)
5add6af8 7325{
890ea898 7326 struct hci_request req;
320b3bf7 7327 struct adv_info *adv_instance;
70da6243 7328 u8 link_sec;
5add6af8 7329
890ea898
JH		 7330 hci_req_init(&req, hdev);
7331
d7a5a11d 7332 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
70da6243 7333 !lmp_host_ssp_capable(hdev)) {
574ea3c7 7334 u8 mode = 0x01;
5e5282bb 7335
574ea3c7
MH		 7336 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
7337
7338 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
7339 u8 support = 0x01;
5add6af8 7340
574ea3c7
MH		 7341 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
7342 sizeof(support), &support);
7343 }
ec6f99b8
JH		 7344 }
7345
d7a5a11d 7346 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
c73eee91 7347 lmp_bredr_capable(hdev)) {
70da6243 7348 struct hci_cp_write_le_host_supported cp;
f0ff92fb 7349
32226e4f
MH		 7350 cp.le = 0x01;
7351 cp.simul = 0x00;
3d1cbdd6 7352
70da6243
JH		 7353 /* Check first if we already have the right
7354 * host state (host features set)
7355 */
7356 if (cp.le != lmp_host_le_capable(hdev) ||
7357 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 7358 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
7359 sizeof(cp), &cp);
70da6243 7360 }
3d1cbdd6 7361
d13eafce 7362 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 7363 /* Make sure the controller has a good default for
7364 * advertising data. This also applies to the case
7365 * where BR/EDR was toggled during the AUTO_OFF phase.
7366 */
320b3bf7
FG		 7367 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
7368 (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7369 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))) {
5947f4bc 7370 update_adv_data(&req);
f14d8f64
MH		 7371 update_scan_rsp_data(&req);
7372 }
441ad2d0 7373
320b3bf7
FG		 7374 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
7375 hdev->cur_adv_instance == 0x00 &&
7376 !list_empty(&hdev->adv_instances)) {
7377 adv_instance = list_first_entry(&hdev->adv_instances,
7378 struct adv_info, list);
7379 hdev->cur_adv_instance = adv_instance->instance;
7380 }
7381
7382 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
bba3aa55 7383 enable_advertising(&req);
320b3bf7
FG		 7384 else if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
7385 hdev->cur_adv_instance)
7386 schedule_adv_instance(&req, hdev->cur_adv_instance,
7387 true);
eeca6f89
JH		 7388 }
7389
d7a5a11d 7390 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
70da6243 7391 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 7392 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
7393 sizeof(link_sec), &link_sec);
562fcc24 7394
70da6243 7395 if (lmp_bredr_capable(hdev)) {
d7a5a11d 7396 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
406ef2a6
JH		 7397 write_fast_connectable(&req, true);
7398 else
7399 write_fast_connectable(&req, false);
1d2dc5b7 7400 __hci_update_page_scan(&req);
890ea898 7401 update_class(&req);
13928971 7402 update_name(&req);
890ea898 7403 update_eir(&req);
70da6243 7404 }
562fcc24 7405
229ab39c 7406 return hci_req_run(&req, powered_complete);
70da6243 7407}
562fcc24 7408
70da6243
JH		 7409int mgmt_powered(struct hci_dev *hdev, u8 powered)
7410{
7411 struct cmd_lookup match = { NULL, hdev };
9845904f 7412 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 7413 int err;
f0ff92fb 7414
d7a5a11d 7415 if (!hci_dev_test_flag(hdev, HCI_MGMT))
70da6243
JH		 7416 return 0;
7417
70da6243 7418 if (powered) {
e59a5542
AK		 7419 /* Register the available SMP channels (BR/EDR and LE) only
7420 * when successfully powering on the controller. This late
7421 * registration is required so that LE SMP can clearly
7422 * decide if the public address or static address is used.
7423 */
7424 smp_register(hdev);
7425
229ab39c
JH		 7426 if (powered_update_hci(hdev) == 0)
7427 return 0;
fe038884 7428
229ab39c
JH		 7429 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
7430 &match);
7431 goto new_settings;
b24752fe
JH		 7432 }
7433
229ab39c 7434 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 7435
7436 /* If the power off is because of hdev unregistration let
7437 * use the appropriate INVALID_INDEX status. Otherwise use
7438 * NOT_POWERED. We cover both scenarios here since later in
7439 * mgmt_index_removed() any hci_conn callbacks will have already
7440 * been triggered, potentially causing misleading DISCONNECTED
7441 * status responses.
7442 */
d7a5a11d 7443 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 7444 status = MGMT_STATUS_INVALID_INDEX;
7445 else
7446 status = MGMT_STATUS_NOT_POWERED;
7447
7448 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 7449
7450 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
f6b7712e
MH		 7451 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7452 zero_cod, sizeof(zero_cod), NULL);
229ab39c
JH		 7453
7454new_settings:
beadb2bd 7455 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 7456
7457 if (match.sk)
7458 sock_put(match.sk);
7459
7bb895d6 7460 return err;
5add6af8 7461}
73f22f62 7462
3eec705e 7463void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 7464{
3b0602cd 7465 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 7466 u8 status;
7467
333ae95d 7468 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 7469 if (!cmd)
3eec705e 7470 return;
96570ffc
JH		 7471
7472 if (err == -ERFKILL)
7473 status = MGMT_STATUS_RFKILLED;
7474 else
7475 status = MGMT_STATUS_FAILED;
7476
a69e8375 7477 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 7478
7479 mgmt_pending_remove(cmd);
96570ffc
JH		 7480}
7481
d1967ff8
MH		 7482void mgmt_discoverable_timeout(struct hci_dev *hdev)
7483{
7484 struct hci_request req;
d1967ff8
MH		 7485
7486 hci_dev_lock(hdev);
7487
7488 /* When discoverable timeout triggers, then just make sure
7489 * the limited discoverable flag is cleared. Even in the case
7490 * of a timeout triggered from general discoverable, it is
7491 * safe to unconditionally clear the flag.
7492 */
a358dc11
MH		 7493 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
7494 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
d1967ff8
MH		 7495
7496 hci_req_init(&req, hdev);
d7a5a11d 7497 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4b580614
JH		 7498 u8 scan = SCAN_PAGE;
7499 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
7500 sizeof(scan), &scan);
7501 }
d1967ff8 7502 update_class(&req);
24b4f38f
AU		 7503
7504 /* Advertising instances don't use the global discoverable setting, so
7505 * only update AD if advertising was enabled using Set Advertising.
7506 */
7507 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7508 update_adv_data(&req);
7509
d1967ff8
MH		 7510 hci_req_run(&req, NULL);
7511
7512 hdev->discov_timeout = 0;
7513
9a43e25f
JH		 7514 new_settings(hdev, NULL);
7515
d1967ff8
MH		 7516 hci_dev_unlock(hdev);
7517}
7518
dc4a5ee2
MH		 7519void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7520 bool persistent)
55ed8ca1 7521{
86742e1e 7522 struct mgmt_ev_new_link_key ev;
55ed8ca1 7523
a492cd52 7524 memset(&ev, 0, sizeof(ev));
55ed8ca1 7525
a492cd52 7526 ev.store_hint = persistent;
d753fdc4 7527 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 7528 ev.key.addr.type = BDADDR_BREDR;
a492cd52 7529 ev.key.type = key->type;
9b3b4460 7530 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 7531 ev.key.pin_len = key->pin_len;
55ed8ca1 7532
dc4a5ee2 7533 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 7534}
f7520543 7535
d7b25450
JH		 7536static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7537{
23fb8de3
JH		 7538 switch (ltk->type) {
7539 case SMP_LTK:
7540 case SMP_LTK_SLAVE:
7541 if (ltk->authenticated)
7542 return MGMT_LTK_AUTHENTICATED;
7543 return MGMT_LTK_UNAUTHENTICATED;
7544 case SMP_LTK_P256:
7545 if (ltk->authenticated)
7546 return MGMT_LTK_P256_AUTH;
7547 return MGMT_LTK_P256_UNAUTH;
7548 case SMP_LTK_P256_DEBUG:
7549 return MGMT_LTK_P256_DEBUG;
7550 }
d7b25450
JH		 7551
7552 return MGMT_LTK_UNAUTHENTICATED;
7553}
7554
53ac6ab6 7555void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 7556{
7557 struct mgmt_ev_new_long_term_key ev;
7558
7559 memset(&ev, 0, sizeof(ev));
7560
5192d301 7561 /* Devices using resolvable or non-resolvable random addresses
f72186d2 7562 * without providing an identity resolving key don't require
5192d301
MH		 7563 * to store long term keys. Their addresses will change the
7564 * next time around.
7565 *
7566 * Only when a remote device provides an identity address
7567 * make sure the long term key is stored. If the remote
7568 * identity is known, the long term keys are internally
7569 * mapped to the identity address. So allow static random
7570 * and public addresses here.
7571 */
ba74b666
JH		 7572 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7573 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7574 ev.store_hint = 0x00;
7575 else
53ac6ab6 7576 ev.store_hint = persistent;
ba74b666 7577
346af67b 7578 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 7579 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 7580 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 7581 ev.key.enc_size = key->enc_size;
7582 ev.key.ediv = key->ediv;
fe39c7b2 7583 ev.key.rand = key->rand;
346af67b 7584
2ceba539 7585 if (key->type == SMP_LTK)
346af67b
VCG		 7586 ev.key.master = 1;
7587
1fc62c52
JH		 7588 /* Make sure we copy only the significant bytes based on the
7589 * encryption key size, and set the rest of the value to zeroes.
7590 */
cb92205b 7591 memcpy(ev.key.val, key->val, key->enc_size);
1fc62c52
JH		 7592 memset(ev.key.val + key->enc_size, 0,
7593 sizeof(ev.key.val) - key->enc_size);
346af67b 7594
083368f7 7595 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 7596}
7597
cad20c27 7598void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
95fbac8a
JH		 7599{
7600 struct mgmt_ev_new_irk ev;
7601
7602 memset(&ev, 0, sizeof(ev));
7603
cad20c27 7604 ev.store_hint = persistent;
bab6d1e5 7605
95fbac8a
JH		 7606 bacpy(&ev.rpa, &irk->rpa);
7607 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7608 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7609 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7610
7611 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7612}
7613
53ac6ab6
MH		 7614void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7615 bool persistent)
7ee4ea36
MH		 7616{
7617 struct mgmt_ev_new_csrk ev;
7618
7619 memset(&ev, 0, sizeof(ev));
7620
7621 /* Devices using resolvable or non-resolvable random addresses
f72186d2 7622 * without providing an identity resolving key don't require
7ee4ea36
MH		 7623 * to store signature resolving keys. Their addresses will change
7624 * the next time around.
7625 *
7626 * Only when a remote device provides an identity address
7627 * make sure the signature resolving key is stored. So allow
7628 * static random and public addresses here.
7629 */
7630 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7631 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7632 ev.store_hint = 0x00;
7633 else
53ac6ab6 7634 ev.store_hint = persistent;
7ee4ea36
MH		 7635
7636 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7637 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 7638 ev.key.type = csrk->type;
7ee4ea36
MH		 7639 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7640
7641 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7642}
7643
ffb5a827 7644void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 7645 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7646 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 7647{
7648 struct mgmt_ev_new_conn_param ev;
7649
c103aea6
JH		 7650 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7651 return;
7652
ffb5a827
AG		 7653 memset(&ev, 0, sizeof(ev));
7654 bacpy(&ev.addr.bdaddr, bdaddr);
7655 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 7656 ev.store_hint = store_hint;
ffb5a827
AG		 7657 ev.min_interval = cpu_to_le16(min_interval);
7658 ev.max_interval = cpu_to_le16(max_interval);
7659 ev.latency = cpu_to_le16(latency);
7660 ev.timeout = cpu_to_le16(timeout);
7661
7662 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7663}
7664
48ec92fa
AA		 7665void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7666 u32 flags, u8 *name, u8 name_len)
f7520543 7667{
b644ba33
JH		 7668 char buf[512];
7669 struct mgmt_ev_device_connected *ev = (void *) buf;
7670 u16 eir_len = 0;
f7520543 7671
48ec92fa
AA		 7672 bacpy(&ev->addr.bdaddr, &conn->dst);
7673 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 7674
c95f0ba7 7675 ev->flags = __cpu_to_le32(flags);
08c79b61 7676
fd45ada9
AA		 7677 /* We must ensure that the EIR Data fields are ordered and
7678 * unique. Keep it simple for now and avoid the problem by not
7679 * adding any BR/EDR data to the LE adv.
7680 */
7681 if (conn->le_adv_data_len > 0) {
7682 memcpy(&ev->eir[eir_len],
7683 conn->le_adv_data, conn->le_adv_data_len);
7684 eir_len = conn->le_adv_data_len;
7685 } else {
7686 if (name_len > 0)
7687 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7688 name, name_len);
b644ba33 7689
ddbea5cf 7690 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 7691 eir_len = eir_append_data(ev->eir, eir_len,
7692 EIR_CLASS_OF_DEV,
7693 conn->dev_class, 3);
7694 }
b644ba33 7695
eb55ef07 7696 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 7697
ecd90ae7
MH		 7698 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7699 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 7700}
7701
3b0602cd 7702static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 7703{
8962ee74 7704 struct sock **sk = data;
8962ee74 7705
f5818c22 7706 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 7707
7708 *sk = cmd->sk;
7709 sock_hold(*sk);
7710
a664b5bc 7711 mgmt_pending_remove(cmd);
8962ee74
JH		 7712}
7713
3b0602cd 7714static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 7715{
b1078ad0 7716 struct hci_dev *hdev = data;
124f6e35 7717 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 7718
b1078ad0
JH		 7719 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7720
d8b7b1e4 7721 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 7722 mgmt_pending_remove(cmd);
7723}
7724
84c61d92
JH		 7725bool mgmt_powering_down(struct hci_dev *hdev)
7726{
3b0602cd 7727 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 7728 struct mgmt_mode *cp;
7729
333ae95d 7730 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 7731 if (!cmd)
7732 return false;
7733
7734 cp = cmd->param;
7735 if (!cp->val)
7736 return true;
7737
7738 return false;
7739}
7740
9b80ec5e 7741void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 7742 u8 link_type, u8 addr_type, u8 reason,
7743 bool mgmt_connected)
f7520543 7744{
f0d6a0ea 7745 struct mgmt_ev_device_disconnected ev;
8962ee74 7746 struct sock *sk = NULL;
8962ee74 7747
84c61d92
JH		 7748 /* The connection is still in hci_conn_hash so test for 1
7749 * instead of 0 to know if this is the last one.
7750 */
7751 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7752 cancel_delayed_work(&hdev->power_off);
7753 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 7754 }
7755
12d4a3b2
JH		 7756 if (!mgmt_connected)
7757 return;
7758
57eb776f
AG		 7759 if (link_type != ACL_LINK && link_type != LE_LINK)
7760 return;
7761
744cf19e 7762 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 7763
f0d6a0ea
MA		 7764 bacpy(&ev.addr.bdaddr, bdaddr);
7765 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7766 ev.reason = reason;
f7520543 7767
9b80ec5e 7768 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 7769
7770 if (sk)
d97dcb66 7771 sock_put(sk);
8962ee74 7772
124f6e35 7773 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 7774 hdev);
8962ee74
JH		 7775}
7776
7892924c
MH		 7777void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7778 u8 link_type, u8 addr_type, u8 status)
8962ee74 7779{
3655bba8
AG		 7780 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7781 struct mgmt_cp_disconnect *cp;
3b0602cd 7782 struct mgmt_pending_cmd *cmd;
8962ee74 7783
36a75f1b
JD		 7784 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7785 hdev);
7786
333ae95d 7787 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 7788 if (!cmd)
7892924c 7789 return;
8962ee74 7790
3655bba8
AG		 7791 cp = cmd->param;
7792
7793 if (bacmp(bdaddr, &cp->addr.bdaddr))
7794 return;
7795
7796 if (cp->addr.type != bdaddr_type)
7797 return;
7798
f5818c22 7799 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7800 mgmt_pending_remove(cmd);
f7520543 7801}
17d5c04c 7802
445608d0
MH		 7803void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7804 u8 addr_type, u8 status)
17d5c04c
JH		 7805{
7806 struct mgmt_ev_connect_failed ev;
c9910d0f 7807
84c61d92
JH		 7808 /* The connection is still in hci_conn_hash so test for 1
7809 * instead of 0 to know if this is the last one.
7810 */
7811 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7812 cancel_delayed_work(&hdev->power_off);
7813 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 7814 }
17d5c04c 7815
4c659c39 7816 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7817 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 7818 ev.status = mgmt_status(status);
17d5c04c 7819
445608d0 7820 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 7821}
980e1a53 7822
ce0e4a0d 7823void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 7824{
7825 struct mgmt_ev_pin_code_request ev;
7826
d8457698 7827 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 7828 ev.addr.type = BDADDR_BREDR;
a770bb5a 7829 ev.secure = secure;
980e1a53 7830
ce0e4a0d 7831 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 7832}
7833
e669cf80
MH		 7834void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7835 u8 status)
980e1a53 7836{
3b0602cd 7837 struct mgmt_pending_cmd *cmd;
980e1a53 7838
333ae95d 7839 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 7840 if (!cmd)
e669cf80 7841 return;
980e1a53 7842
7776d1d8 7843 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7844 mgmt_pending_remove(cmd);
980e1a53
JH		 7845}
7846
3eb38528
MH		 7847void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7848 u8 status)
980e1a53 7849{
3b0602cd 7850 struct mgmt_pending_cmd *cmd;
980e1a53 7851
333ae95d 7852 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 7853 if (!cmd)
3eb38528 7854 return;
980e1a53 7855
7776d1d8 7856 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7857 mgmt_pending_remove(cmd);
980e1a53 7858}
a5c29683 7859
744cf19e 7860int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 7861 u8 link_type, u8 addr_type, u32 value,
04124681 7862 u8 confirm_hint)
a5c29683
JH		 7863{
7864 struct mgmt_ev_user_confirm_request ev;
7865
744cf19e 7866 BT_DBG("%s", hdev->name);
a5c29683 7867
272d90df 7868 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7869 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 7870 ev.confirm_hint = confirm_hint;
39adbffe 7871 ev.value = cpu_to_le32(value);
a5c29683 7872
744cf19e 7873 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 7874 NULL);
a5c29683
JH		 7875}
7876
272d90df 7877int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7878 u8 link_type, u8 addr_type)
604086b7
BG		 7879{
7880 struct mgmt_ev_user_passkey_request ev;
7881
7882 BT_DBG("%s", hdev->name);
7883
272d90df 7884 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7885 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7886
7887 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7888 NULL);
604086b7
BG		 7889}
7890
0df4c185 7891static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7892 u8 link_type, u8 addr_type, u8 status,
7893 u8 opcode)
a5c29683 7894{
3b0602cd 7895 struct mgmt_pending_cmd *cmd;
a5c29683 7896
333ae95d 7897 cmd = pending_find(opcode, hdev);
a5c29683
JH		 7898 if (!cmd)
7899 return -ENOENT;
7900
7776d1d8 7901 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7902 mgmt_pending_remove(cmd);
a5c29683 7903
7776d1d8 7904 return 0;
a5c29683
JH		 7905}
7906
744cf19e 7907int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7908 u8 link_type, u8 addr_type, u8 status)
a5c29683 7909{
272d90df 7910 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7911 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7912}
7913
272d90df 7914int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7915 u8 link_type, u8 addr_type, u8 status)
a5c29683 7916{
272d90df 7917 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7918 status,
7919 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7920}
2a611692 7921
604086b7 7922int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7923 u8 link_type, u8 addr_type, u8 status)
604086b7 7924{
272d90df 7925 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7926 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7927}
7928
272d90df 7929int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7930 u8 link_type, u8 addr_type, u8 status)
604086b7 7931{
272d90df 7932 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7933 status,
7934 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7935}
7936
92a25256
JH		 7937int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7938 u8 link_type, u8 addr_type, u32 passkey,
7939 u8 entered)
7940{
7941 struct mgmt_ev_passkey_notify ev;
7942
7943 BT_DBG("%s", hdev->name);
7944
7945 bacpy(&ev.addr.bdaddr, bdaddr);
7946 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7947 ev.passkey = __cpu_to_le32(passkey);
7948 ev.entered = entered;
7949
7950 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7951}
7952
e1e930f5 7953void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7954{
7955 struct mgmt_ev_auth_failed ev;
3b0602cd 7956 struct mgmt_pending_cmd *cmd;
e1e930f5 7957 u8 status = mgmt_status(hci_status);
2a611692 7958
e1e930f5
JH		 7959 bacpy(&ev.addr.bdaddr, &conn->dst);
7960 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7961 ev.status = status;
2a611692 7962
e1e930f5
JH		 7963 cmd = find_pairing(conn);
7964
7965 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7966 cmd ? cmd->sk : NULL);
7967
a511b35b
JH		 7968 if (cmd) {
7969 cmd->cmd_complete(cmd, status);
7970 mgmt_pending_remove(cmd);
7971 }
2a611692 7972}
b312b161 7973
464996ae 7974void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7975{
7976 struct cmd_lookup match = { NULL, hdev };
464996ae 7977 bool changed;
33ef95ed
JH		 7978
7979 if (status) {
7980 u8 mgmt_err = mgmt_status(status);
7981 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7982 cmd_status_rsp, &mgmt_err);
464996ae 7983 return;
33ef95ed
JH		 7984 }
7985
464996ae 7986 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7987 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7988 else
a69d8927 7989 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 7990
33ef95ed 7991 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7992 &match);
33ef95ed 7993
47990ea0 7994 if (changed)
464996ae 7995 new_settings(hdev, match.sk);
33ef95ed
JH		 7996
7997 if (match.sk)
7998 sock_put(match.sk);
33ef95ed
JH		 7999}
8000
890ea898 8001static void clear_eir(struct hci_request *req)
cacaf52f 8002{
890ea898 8003 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 8004 struct hci_cp_write_eir cp;
8005
976eb20e 8006 if (!lmp_ext_inq_capable(hdev))
890ea898 8007 return;
cacaf52f 8008
c80da27e
JH		 8009 memset(hdev->eir, 0, sizeof(hdev->eir));
8010
cacaf52f
JH		 8011 memset(&cp, 0, sizeof(cp));
8012
890ea898 8013 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 8014}
8015
3e248560 8016void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 8017{
8018 struct cmd_lookup match = { NULL, hdev };
890ea898 8019 struct hci_request req;
c0ecddc2 8020 bool changed = false;
ed2c4ee3
JH		 8021
8022 if (status) {
8023 u8 mgmt_err = mgmt_status(status);
c0ecddc2 8024
a69d8927
MH		 8025 if (enable && hci_dev_test_and_clear_flag(hdev,
8026 HCI_SSP_ENABLED)) {
a358dc11 8027 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 8028 new_settings(hdev, NULL);
9ecb3e24 8029 }
c0ecddc2 8030
04124681
GP		 8031 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
8032 &mgmt_err);
3e248560 8033 return;
c0ecddc2
JH		 8034 }
8035
8036 if (enable) {
238be788 8037 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 8038 } else {
a69d8927 8039 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 8040 if (!changed)
a69d8927
MH		 8041 changed = hci_dev_test_and_clear_flag(hdev,
8042 HCI_HS_ENABLED);
9ecb3e24 8043 else
a358dc11 8044 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 8045 }
8046
8047 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
8048
c0ecddc2 8049 if (changed)
3e248560 8050 new_settings(hdev, match.sk);
ed2c4ee3 8051
5fc6ebb1 8052 if (match.sk)
ed2c4ee3
JH		 8053 sock_put(match.sk);
8054
890ea898
JH		 8055 hci_req_init(&req, hdev);
8056
d7a5a11d
MH		 8057 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
8058 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 8059 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
8060 sizeof(enable), &enable);
890ea898 8061 update_eir(&req);
3769972b 8062 } else {
890ea898 8063 clear_eir(&req);
3769972b 8064 }
890ea898
JH		 8065
8066 hci_req_run(&req, NULL);
ed2c4ee3
JH		 8067}
8068
3b0602cd 8069static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 8070{
8071 struct cmd_lookup *match = data;
8072
90e70454
JH		 8073 if (match->sk == NULL) {
8074 match->sk = cmd->sk;
8075 sock_hold(match->sk);
8076 }
90e70454
JH		 8077}
8078
4e1b0245
MH		 8079void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
8080 u8 status)
7f9a903c 8081{
90e70454 8082 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 8083
92da6097
JH		 8084 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
8085 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
8086 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 8087
8088 if (!status)
f6b7712e
MH		 8089 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
8090 dev_class, 3, NULL);
90e70454
JH		 8091
8092 if (match.sk)
8093 sock_put(match.sk);
7f9a903c
MH		 8094}
8095
7667da34 8096void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 8097{
b312b161 8098 struct mgmt_cp_set_local_name ev;
3b0602cd 8099 struct mgmt_pending_cmd *cmd;
28cc7bde 8100
13928971 8101 if (status)
7667da34 8102 return;
b312b161
JH		 8103
8104 memset(&ev, 0, sizeof(ev));
8105 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 8106 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 8107
333ae95d 8108 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 8109 if (!cmd) {
8110 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 8111
13928971
JH		 8112 /* If this is a HCI command related to powering on the
8113 * HCI dev don't send any mgmt signals.
8114 */
333ae95d 8115 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 8116 return;
890ea898 8117 }
b312b161 8118
f6b7712e
MH		 8119 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
8120 cmd ? cmd->sk : NULL);
b312b161 8121}
c35938b2 8122
799ce93d
JP		 8123static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
8124{
8125 int i;
8126
8127 for (i = 0; i < uuid_count; i++) {
8128 if (!memcmp(uuid, uuids[i], 16))
8129 return true;
8130 }
8131
8132 return false;
8133}
8134
b487b9ce
MH		 8135static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
8136{
799ce93d
JP		 8137 u16 parsed = 0;
8138
8139 while (parsed < eir_len) {
8140 u8 field_len = eir[0];
8141 u8 uuid[16];
8142 int i;
8143
8144 if (field_len == 0)
8145 break;
8146
8147 if (eir_len - parsed < field_len + 1)
8148 break;
8149
8150 switch (eir[1]) {
8151 case EIR_UUID16_ALL:
8152 case EIR_UUID16_SOME:
8153 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 8154 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 8155 uuid[13] = eir[i + 3];
8156 uuid[12] = eir[i + 2];
8157 if (has_uuid(uuid, uuid_count, uuids))
8158 return true;
8159 }
8160 break;
8161 case EIR_UUID32_ALL:
8162 case EIR_UUID32_SOME:
8163 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 8164 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 8165 uuid[15] = eir[i + 5];
8166 uuid[14] = eir[i + 4];
8167 uuid[13] = eir[i + 3];
8168 uuid[12] = eir[i + 2];
8169 if (has_uuid(uuid, uuid_count, uuids))
8170 return true;
8171 }
8172 break;
8173 case EIR_UUID128_ALL:
8174 case EIR_UUID128_SOME:
8175 for (i = 0; i + 17 <= field_len; i += 16) {
8176 memcpy(uuid, eir + i + 2, 16);
8177 if (has_uuid(uuid, uuid_count, uuids))
8178 return true;
8179 }
8180 break;
8181 }
8182
8183 parsed += field_len + 1;
8184 eir += field_len + 1;
8185 }
8186
b487b9ce
MH		 8187 return false;
8188}
8189
4b0e0ced
JP		 8190static void restart_le_scan(struct hci_dev *hdev)
8191{
8192 /* If controller is not scanning we are done. */
d7a5a11d 8193 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 8194 return;
8195
8196 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
8197 hdev->discovery.scan_start +
8198 hdev->discovery.scan_duration))
8199 return;
8200
7c1fbed2 8201 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
4b0e0ced
JP		 8202 DISCOV_LE_RESTART_DELAY);
8203}
8204
48f86b7f
JP		 8205static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
8206 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 8207{
48f86b7f
JP		 8208 /* If a RSSI threshold has been specified, and
8209 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
8210 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
8211 * is set, let it through for further processing, as we might need to
8212 * restart the scan.
efb2513f
MH		 8213 *
8214 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
8215 * the results are also dropped.
bda157a4
MH		 8216 */
8217 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 8218 (rssi == HCI_RSSI_INVALID ||
8219 (rssi < hdev->discovery.rssi &&
8220 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 8221 return false;
efb2513f 8222
2976cdeb
JP		 8223 if (hdev->discovery.uuid_count != 0) {
8224 /* If a list of UUIDs is provided in filter, results with no
8225 * matching UUID should be dropped.
b487b9ce 8226 */
2976cdeb
JP		 8227 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
8228 hdev->discovery.uuids) &&
8229 !eir_has_uuids(scan_rsp, scan_rsp_len,
8230 hdev->discovery.uuid_count,
8231 hdev->discovery.uuids))
8232 return false;
b487b9ce 8233 }
5d2e9fad 8234
2976cdeb
JP		 8235 /* If duplicate filtering does not report RSSI changes, then restart
8236 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 8237 */
2976cdeb
JP		 8238 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
8239 restart_le_scan(hdev);
8240
8241 /* Validate RSSI value against the RSSI threshold once more. */
8242 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8243 rssi < hdev->discovery.rssi)
8244 return false;
8245 }
48f86b7f
JP		 8246
8247 return true;
8248}
8249
8250void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8251 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
8252 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8253{
8254 char buf[512];
8255 struct mgmt_ev_device_found *ev = (void *)buf;
8256 size_t ev_size;
8257
8258 /* Don't send events for a non-kernel initiated discovery. With
8259 * LE one exception is if we have pend_le_reports > 0 in which
8260 * case we're doing passive scanning and want these events.
8261 */
8262 if (!hci_discovery_active(hdev)) {
8263 if (link_type == ACL_LINK)
8264 return;
8265 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
8266 return;
8267 }
8268
82f8b651 8269 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 8270 /* We are using service discovery */
8271 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
8272 scan_rsp_len))
8273 return;
8274 }
8275
8276 /* Make sure that the buffer is big enough. The 5 extra bytes
8277 * are for the potential CoD field.
8278 */
8279 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 8280 return;
8281
48f86b7f
JP		 8282 memset(buf, 0, sizeof(buf));
8283
8284 /* In case of device discovery with BR/EDR devices (pre 1.2), the
8285 * RSSI value was reported as 0 when not available. This behavior
8286 * is kept when using device discovery. This is required for full
8287 * backwards compatibility with the API.
8288 *
8289 * However when using service discovery, the value 127 will be
8290 * returned when the RSSI is not available.
8291 */
8292 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
8293 link_type == ACL_LINK)
8294 rssi = 0;
8295
8296 bacpy(&ev->addr.bdaddr, bdaddr);
8297 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8298 ev->rssi = rssi;
8299 ev->flags = cpu_to_le32(flags);
8300
8301 if (eir_len > 0)
8302 /* Copy EIR or advertising data into event */
8303 memcpy(ev->eir, eir, eir_len);
8304
8305 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
8306 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8307 dev_class, 3);
8308
8309 if (scan_rsp_len > 0)
8310 /* Append scan response data to event */
8311 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
8312
5d2e9fad
JH		 8313 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
8314 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 8315
901801b9 8316 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 8317}
a88a9652 8318
9cf12aee
MH		 8319void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8320 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 8321{
b644ba33
JH		 8322 struct mgmt_ev_device_found *ev;
8323 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
8324 u16 eir_len;
a88a9652 8325
b644ba33 8326 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 8327
b644ba33
JH		 8328 memset(buf, 0, sizeof(buf));
8329
8330 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 8331 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 8332 ev->rssi = rssi;
8333
8334 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 8335 name_len);
b644ba33 8336
eb55ef07 8337 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 8338
9cf12aee 8339 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 8340}
314b2381 8341
2f1e063b 8342void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 8343{
f963e8e9 8344 struct mgmt_ev_discovering ev;
164a6e78 8345
343fb145
AG		 8346 BT_DBG("%s discovering %u", hdev->name, discovering);
8347
f963e8e9
JH		 8348 memset(&ev, 0, sizeof(ev));
8349 ev.type = hdev->discovery.type;
8350 ev.discovering = discovering;
8351
2f1e063b 8352 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 8353}
5e762444 8354
1904a853 8355static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 8356{
8357 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 8358}
8359
8360void mgmt_reenable_advertising(struct hci_dev *hdev)
8361{
8362 struct hci_request req;
eb6f95f9 8363 u8 instance;
5976e608 8364
24b4f38f
AU		 8365 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
8366 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
5976e608
MH		 8367 return;
8368
eb6f95f9
FG		 8369 instance = get_current_adv_instance(hdev);
8370
5976e608 8371 hci_req_init(&req, hdev);
eb6f95f9
FG		 8372
8373 if (instance) {
8374 schedule_adv_instance(&req, instance, true);
8375 } else {
8376 update_adv_data(&req);
8377 update_scan_rsp_data(&req);
8378 enable_advertising(&req);
8379 }
8380
0ec5ae84 8381 hci_req_run(&req, adv_enable_complete);
5976e608 8382}
6d785aa3
JH		 8383
8384static struct hci_mgmt_chan chan = {
8385 .channel = HCI_CHANNEL_CONTROL,
8386 .handler_count = ARRAY_SIZE(mgmt_handlers),
8387 .handlers = mgmt_handlers,
88b94ce9 8388 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 8389};
8390
8391int mgmt_init(void)
8392{
8393 return hci_mgmt_chan_register(&chan);
8394}
8395
8396void mgmt_exit(void)
8397{
8398 hci_mgmt_chan_unregister(&chan);
8399}
Linux kernel - Deliverables
This page took 1.113291 seconds and 5 git commands to generate.