projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Move discoverable changes to hdev->req_workqueue
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
0381101f 39
2da9c55c 40#define MGMT_VERSION 1
dc4270c0 41#define MGMT_REVISION 11
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 50 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
4375f103 82 MGMT_OP_SET_ADVERTISING,
0663ca2a 83 MGMT_OP_SET_BREDR,
d13eafce 84 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 85 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 86 MGMT_OP_SET_SECURE_CONN,
4e39ac81 87 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 88 MGMT_OP_SET_PRIVACY,
41edf160 89 MGMT_OP_LOAD_IRKS,
dd983808 90 MGMT_OP_GET_CONN_INFO,
95868426 91 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 94 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 95 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 96 MGMT_OP_READ_CONFIG_INFO,
dbece37a 97 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 98 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 99 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 101 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 102 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 103 MGMT_OP_ADD_ADVERTISING,
da929335 104 MGMT_OP_REMOVE_ADVERTISING,
40b25fe5 105 MGMT_OP_GET_ADV_SIZE_INFO,
e70bb2e8
JH		 106};
107
108static const u16 mgmt_events[] = {
109 MGMT_EV_CONTROLLER_ERROR,
110 MGMT_EV_INDEX_ADDED,
111 MGMT_EV_INDEX_REMOVED,
112 MGMT_EV_NEW_SETTINGS,
113 MGMT_EV_CLASS_OF_DEV_CHANGED,
114 MGMT_EV_LOCAL_NAME_CHANGED,
115 MGMT_EV_NEW_LINK_KEY,
116 MGMT_EV_NEW_LONG_TERM_KEY,
117 MGMT_EV_DEVICE_CONNECTED,
118 MGMT_EV_DEVICE_DISCONNECTED,
119 MGMT_EV_CONNECT_FAILED,
120 MGMT_EV_PIN_CODE_REQUEST,
121 MGMT_EV_USER_CONFIRM_REQUEST,
122 MGMT_EV_USER_PASSKEY_REQUEST,
123 MGMT_EV_AUTH_FAILED,
124 MGMT_EV_DEVICE_FOUND,
125 MGMT_EV_DISCOVERING,
126 MGMT_EV_DEVICE_BLOCKED,
127 MGMT_EV_DEVICE_UNBLOCKED,
128 MGMT_EV_DEVICE_UNPAIRED,
92a25256 129 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 130 MGMT_EV_NEW_IRK,
7ee4ea36 131 MGMT_EV_NEW_CSRK,
8afef092
MH		 132 MGMT_EV_DEVICE_ADDED,
133 MGMT_EV_DEVICE_REMOVED,
ffb5a827 134 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 135 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 136 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 137 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 138 MGMT_EV_EXT_INDEX_ADDED,
139 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 140 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 141 MGMT_EV_ADVERTISING_ADDED,
142 MGMT_EV_ADVERTISING_REMOVED,
e70bb2e8
JH		 143};
144
99c679ac
MH		 145static const u16 mgmt_untrusted_commands[] = {
146 MGMT_OP_READ_INDEX_LIST,
147 MGMT_OP_READ_INFO,
148 MGMT_OP_READ_UNCONF_INDEX_LIST,
149 MGMT_OP_READ_CONFIG_INFO,
150 MGMT_OP_READ_EXT_INDEX_LIST,
151};
152
153static const u16 mgmt_untrusted_events[] = {
154 MGMT_EV_INDEX_ADDED,
155 MGMT_EV_INDEX_REMOVED,
156 MGMT_EV_NEW_SETTINGS,
157 MGMT_EV_CLASS_OF_DEV_CHANGED,
158 MGMT_EV_LOCAL_NAME_CHANGED,
159 MGMT_EV_UNCONF_INDEX_ADDED,
160 MGMT_EV_UNCONF_INDEX_REMOVED,
161 MGMT_EV_NEW_CONFIG_OPTIONS,
162 MGMT_EV_EXT_INDEX_ADDED,
163 MGMT_EV_EXT_INDEX_REMOVED,
164};
165
17b02e62 166#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 167
d25b78e2
JH		 168#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
169 "\x00\x00\x00\x00\x00\x00\x00\x00"
170
ca69b795
JH		 171/* HCI to MGMT error code conversion table */
172static u8 mgmt_status_table[] = {
173 MGMT_STATUS_SUCCESS,
174 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
175 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
176 MGMT_STATUS_FAILED, /* Hardware Failure */
177 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
178 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 179 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 180 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
181 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
182 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
183 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
184 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
185 MGMT_STATUS_BUSY, /* Command Disallowed */
186 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
187 MGMT_STATUS_REJECTED, /* Rejected Security */
188 MGMT_STATUS_REJECTED, /* Rejected Personal */
189 MGMT_STATUS_TIMEOUT, /* Host Timeout */
190 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
191 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
192 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
193 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
194 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
195 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
196 MGMT_STATUS_BUSY, /* Repeated Attempts */
197 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
198 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
199 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
200 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
201 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
202 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
203 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
204 MGMT_STATUS_FAILED, /* Unspecified Error */
205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
206 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
207 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
208 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
209 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
210 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
211 MGMT_STATUS_FAILED, /* Unit Link Key Used */
212 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
213 MGMT_STATUS_TIMEOUT, /* Instant Passed */
214 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
215 MGMT_STATUS_FAILED, /* Transaction Collision */
216 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
217 MGMT_STATUS_REJECTED, /* QoS Rejected */
218 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
219 MGMT_STATUS_REJECTED, /* Insufficient Security */
220 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
221 MGMT_STATUS_BUSY, /* Role Switch Pending */
222 MGMT_STATUS_FAILED, /* Slot Violation */
223 MGMT_STATUS_FAILED, /* Role Switch Failed */
224 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
225 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
226 MGMT_STATUS_BUSY, /* Host Busy Pairing */
227 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
228 MGMT_STATUS_BUSY, /* Controller Busy */
229 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
230 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
231 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
232 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
233 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
234};
235
236static u8 mgmt_status(u8 hci_status)
237{
238 if (hci_status < ARRAY_SIZE(mgmt_status_table))
239 return mgmt_status_table[hci_status];
240
241 return MGMT_STATUS_FAILED;
242}
243
c08b1a1d
MH		 244static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
245 u16 len, int flag)
f9207338 246{
c08b1a1d
MH		 247 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
248 flag, NULL);
f9207338
MH		 249}
250
72000df2
MH		 251static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
252 u16 len, int flag, struct sock *skip_sk)
253{
254 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
255 flag, skip_sk);
256}
257
f6b7712e
MH		 258static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
259 u16 len, struct sock *skip_sk)
260{
261 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
262 HCI_MGMT_GENERIC_EVENTS, skip_sk);
263}
264
7a00ff44
JH		 265static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
266 struct sock *skip_sk)
267{
268 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 269 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 270}
271
85813a7e
JH		 272static u8 le_addr_type(u8 mgmt_addr_type)
273{
274 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
275 return ADDR_LE_DEV_PUBLIC;
276 else
277 return ADDR_LE_DEV_RANDOM;
278}
279
04124681
GP		 280static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
281 u16 data_len)
a38528f1
JH		 282{
283 struct mgmt_rp_read_version rp;
284
285 BT_DBG("sock %p", sk);
286
287 rp.version = MGMT_VERSION;
dcf4adbf 288 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 289
2a1afb5a
JH		 290 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
291 &rp, sizeof(rp));
a38528f1
JH		 292}
293
04124681
GP		 294static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
295 u16 data_len)
e70bb2e8
JH		 296{
297 struct mgmt_rp_read_commands *rp;
99c679ac 298 u16 num_commands, num_events;
e70bb2e8
JH		 299 size_t rp_size;
300 int i, err;
301
302 BT_DBG("sock %p", sk);
303
99c679ac
MH		 304 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
305 num_commands = ARRAY_SIZE(mgmt_commands);
306 num_events = ARRAY_SIZE(mgmt_events);
307 } else {
308 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
309 num_events = ARRAY_SIZE(mgmt_untrusted_events);
310 }
311
e70bb2e8
JH		 312 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
313
314 rp = kmalloc(rp_size, GFP_KERNEL);
315 if (!rp)
316 return -ENOMEM;
317
dcf4adbf
JP		 318 rp->num_commands = cpu_to_le16(num_commands);
319 rp->num_events = cpu_to_le16(num_events);
e70bb2e8 320
99c679ac
MH		 321 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
322 __le16 *opcode = rp->opcodes;
323
324 for (i = 0; i < num_commands; i++, opcode++)
325 put_unaligned_le16(mgmt_commands[i], opcode);
e70bb2e8 326
99c679ac
MH		 327 for (i = 0; i < num_events; i++, opcode++)
328 put_unaligned_le16(mgmt_events[i], opcode);
329 } else {
330 __le16 *opcode = rp->opcodes;
331
332 for (i = 0; i < num_commands; i++, opcode++)
333 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
334
335 for (i = 0; i < num_events; i++, opcode++)
336 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
337 }
e70bb2e8 338
2a1afb5a
JH		 339 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
340 rp, rp_size);
e70bb2e8
JH		 341 kfree(rp);
342
343 return err;
344}
345
04124681
GP		 346static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
347 u16 data_len)
faba42eb 348{
faba42eb 349 struct mgmt_rp_read_index_list *rp;
8035ded4 350 struct hci_dev *d;
a38528f1 351 size_t rp_len;
faba42eb 352 u16 count;
476e44cb 353 int err;
faba42eb
JH		 354
355 BT_DBG("sock %p", sk);
356
357 read_lock(&hci_dev_list_lock);
358
359 count = 0;
bb4b2a9a 360 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 361 if (d->dev_type == HCI_BREDR &&
d7a5a11d 362 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 363 count++;
faba42eb
JH		 364 }
365
a38528f1
JH		 366 rp_len = sizeof(*rp) + (2 * count);
367 rp = kmalloc(rp_len, GFP_ATOMIC);
368 if (!rp) {
b2c60d42 369 read_unlock(&hci_dev_list_lock);
faba42eb 370 return -ENOMEM;
b2c60d42 371 }
faba42eb 372
476e44cb 373 count = 0;
8035ded4 374 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 375 if (hci_dev_test_flag(d, HCI_SETUP) ||
376 hci_dev_test_flag(d, HCI_CONFIG) ||
377 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 378 continue;
379
73d1df2a
MH		 380 /* Devices marked as raw-only are neither configured
381 * nor unconfigured controllers.
382 */
383 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 384 continue;
385
73d1df2a 386 if (d->dev_type == HCI_BREDR &&
d7a5a11d 387 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 388 rp->index[count++] = cpu_to_le16(d->id);
389 BT_DBG("Added hci%u", d->id);
390 }
faba42eb
JH		 391 }
392
476e44cb
JH		 393 rp->num_controllers = cpu_to_le16(count);
394 rp_len = sizeof(*rp) + (2 * count);
395
faba42eb
JH		 396 read_unlock(&hci_dev_list_lock);
397
2a1afb5a
JH		 398 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
399 0, rp, rp_len);
faba42eb 400
a38528f1
JH		 401 kfree(rp);
402
403 return err;
faba42eb
JH		 404}
405
73d1df2a
MH		 406static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
407 void *data, u16 data_len)
408{
409 struct mgmt_rp_read_unconf_index_list *rp;
410 struct hci_dev *d;
411 size_t rp_len;
412 u16 count;
413 int err;
414
415 BT_DBG("sock %p", sk);
416
417 read_lock(&hci_dev_list_lock);
418
419 count = 0;
420 list_for_each_entry(d, &hci_dev_list, list) {
421 if (d->dev_type == HCI_BREDR &&
d7a5a11d 422 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 423 count++;
424 }
425
426 rp_len = sizeof(*rp) + (2 * count);
427 rp = kmalloc(rp_len, GFP_ATOMIC);
428 if (!rp) {
429 read_unlock(&hci_dev_list_lock);
430 return -ENOMEM;
431 }
432
433 count = 0;
434 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 435 if (hci_dev_test_flag(d, HCI_SETUP) ||
436 hci_dev_test_flag(d, HCI_CONFIG) ||
437 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 438 continue;
439
440 /* Devices marked as raw-only are neither configured
441 * nor unconfigured controllers.
442 */
443 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
444 continue;
445
446 if (d->dev_type == HCI_BREDR &&
d7a5a11d 447 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 448 rp->index[count++] = cpu_to_le16(d->id);
449 BT_DBG("Added hci%u", d->id);
450 }
451 }
452
453 rp->num_controllers = cpu_to_le16(count);
454 rp_len = sizeof(*rp) + (2 * count);
455
456 read_unlock(&hci_dev_list_lock);
457
2a1afb5a
JH		 458 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
459 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 460
461 kfree(rp);
462
463 return err;
464}
465
96f1474a
MH		 466static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
467 void *data, u16 data_len)
468{
469 struct mgmt_rp_read_ext_index_list *rp;
470 struct hci_dev *d;
471 size_t rp_len;
472 u16 count;
473 int err;
474
475 BT_DBG("sock %p", sk);
476
477 read_lock(&hci_dev_list_lock);
478
479 count = 0;
480 list_for_each_entry(d, &hci_dev_list, list) {
481 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
482 count++;
483 }
484
485 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
486 rp = kmalloc(rp_len, GFP_ATOMIC);
487 if (!rp) {
488 read_unlock(&hci_dev_list_lock);
489 return -ENOMEM;
490 }
491
492 count = 0;
493 list_for_each_entry(d, &hci_dev_list, list) {
494 if (hci_dev_test_flag(d, HCI_SETUP) ||
495 hci_dev_test_flag(d, HCI_CONFIG) ||
496 hci_dev_test_flag(d, HCI_USER_CHANNEL))
497 continue;
498
499 /* Devices marked as raw-only are neither configured
500 * nor unconfigured controllers.
501 */
502 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
503 continue;
504
505 if (d->dev_type == HCI_BREDR) {
506 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
507 rp->entry[count].type = 0x01;
508 else
509 rp->entry[count].type = 0x00;
510 } else if (d->dev_type == HCI_AMP) {
511 rp->entry[count].type = 0x02;
512 } else {
513 continue;
514 }
515
516 rp->entry[count].bus = d->bus;
517 rp->entry[count++].index = cpu_to_le16(d->id);
518 BT_DBG("Added hci%u", d->id);
519 }
520
521 rp->num_controllers = cpu_to_le16(count);
522 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
523
524 read_unlock(&hci_dev_list_lock);
525
526 /* If this command is called at least once, then all the
527 * default index and unconfigured index events are disabled
528 * and from now on only extended index events are used.
529 */
530 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
531 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
532 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
533
534 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
535 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
536
537 kfree(rp);
538
539 return err;
540}
541
dbece37a
MH		 542static bool is_configured(struct hci_dev *hdev)
543{
544 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 545 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 546 return false;
547
548 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
549 !bacmp(&hdev->public_addr, BDADDR_ANY))
550 return false;
551
552 return true;
553}
554
89bc22d2
MH		 555static __le32 get_missing_options(struct hci_dev *hdev)
556{
557 u32 options = 0;
558
dbece37a 559 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 560 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 561 options |= MGMT_OPTION_EXTERNAL_CONFIG;
562
89bc22d2
MH		 563 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
564 !bacmp(&hdev->public_addr, BDADDR_ANY))
565 options |= MGMT_OPTION_PUBLIC_ADDRESS;
566
567 return cpu_to_le32(options);
568}
569
f4537c04
MH		 570static int new_options(struct hci_dev *hdev, struct sock *skip)
571{
572 __le32 options = get_missing_options(hdev);
573
f6b7712e
MH		 574 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
575 sizeof(options), skip);
f4537c04
MH		 576}
577
dbece37a
MH		 578static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
579{
580 __le32 options = get_missing_options(hdev);
581
2a1afb5a
JH		 582 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
583 sizeof(options));
dbece37a
MH		 584}
585
9fc3bfb6
MH		 586static int read_config_info(struct sock *sk, struct hci_dev *hdev,
587 void *data, u16 data_len)
588{
589 struct mgmt_rp_read_config_info rp;
89bc22d2 590 u32 options = 0;
9fc3bfb6
MH		 591
592 BT_DBG("sock %p %s", sk, hdev->name);
593
594 hci_dev_lock(hdev);
595
596 memset(&rp, 0, sizeof(rp));
597 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 598
eb1904f4
MH		 599 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
600 options |= MGMT_OPTION_EXTERNAL_CONFIG;
601
9fc3bfb6 602 if (hdev->set_bdaddr)
89bc22d2
MH		 603 options |= MGMT_OPTION_PUBLIC_ADDRESS;
604
605 rp.supported_options = cpu_to_le32(options);
606 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 607
608 hci_dev_unlock(hdev);
609
2a1afb5a
JH		 610 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
611 &rp, sizeof(rp));
9fc3bfb6
MH		 612}
613
69ab39ea
JH		 614static u32 get_supported_settings(struct hci_dev *hdev)
615{
616 u32 settings = 0;
617
618 settings |= MGMT_SETTING_POWERED;
b2939475 619 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 620 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 621 settings |= MGMT_SETTING_CONNECTABLE;
622 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 623
ed3fa31f 624 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 625 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
626 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 627 settings |= MGMT_SETTING_BREDR;
628 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 629
630 if (lmp_ssp_capable(hdev)) {
631 settings |= MGMT_SETTING_SSP;
632 settings |= MGMT_SETTING_HS;
633 }
e98d2ce2 634
05b3c3e7 635 if (lmp_sc_capable(hdev))
e98d2ce2 636 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 637 }
d7b7e796 638
eeca6f89 639 if (lmp_le_capable(hdev)) {
9d42820f 640 settings |= MGMT_SETTING_LE;
eeca6f89 641 settings |= MGMT_SETTING_ADVERTISING;
a3209694 642 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 643 settings |= MGMT_SETTING_PRIVACY;
93690c22 644 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 645 }
69ab39ea 646
eb1904f4
MH		 647 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
648 hdev->set_bdaddr)
9fc3bfb6
MH		 649 settings |= MGMT_SETTING_CONFIGURATION;
650
69ab39ea
JH		 651 return settings;
652}
653
654static u32 get_current_settings(struct hci_dev *hdev)
655{
656 u32 settings = 0;
657
f1f0eb02 658 if (hdev_is_powered(hdev))
f0d4b78a
MH		 659 settings |= MGMT_SETTING_POWERED;
660
d7a5a11d 661 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 662 settings |= MGMT_SETTING_CONNECTABLE;
663
d7a5a11d 664 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 665 settings |= MGMT_SETTING_FAST_CONNECTABLE;
666
d7a5a11d 667 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 668 settings |= MGMT_SETTING_DISCOVERABLE;
669
d7a5a11d 670 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 671 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 672
d7a5a11d 673 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 674 settings |= MGMT_SETTING_BREDR;
675
d7a5a11d 676 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 677 settings |= MGMT_SETTING_LE;
678
d7a5a11d 679 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 680 settings |= MGMT_SETTING_LINK_SECURITY;
681
d7a5a11d 682 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 683 settings |= MGMT_SETTING_SSP;
684
d7a5a11d 685 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 686 settings |= MGMT_SETTING_HS;
687
d7a5a11d 688 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 689 settings |= MGMT_SETTING_ADVERTISING;
690
d7a5a11d 691 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 692 settings |= MGMT_SETTING_SECURE_CONN;
693
d7a5a11d 694 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 695 settings |= MGMT_SETTING_DEBUG_KEYS;
696
d7a5a11d 697 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 698 settings |= MGMT_SETTING_PRIVACY;
699
93690c22
MH		 700 /* The current setting for static address has two purposes. The
701 * first is to indicate if the static address will be used and
702 * the second is to indicate if it is actually set.
703 *
704 * This means if the static address is not configured, this flag
08dc0e98 705 * will never be set. If the address is configured, then if the
93690c22
MH		 706 * address is actually used decides if the flag is set or not.
707 *
708 * For single mode LE only controllers and dual-mode controllers
709 * with BR/EDR disabled, the existence of the static address will
710 * be evaluated.
711 */
b7cb93e5 712 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 713 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 714 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
715 if (bacmp(&hdev->static_addr, BDADDR_ANY))
716 settings |= MGMT_SETTING_STATIC_ADDRESS;
717 }
718
69ab39ea
JH		 719 return settings;
720}
721
ef580372
JH		 722#define PNP_INFO_SVCLASS_ID 0x1200
723
213202ed
JH		 724static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
725{
726 u8 *ptr = data, *uuids_start = NULL;
727 struct bt_uuid *uuid;
728
729 if (len < 4)
730 return ptr;
731
732 list_for_each_entry(uuid, &hdev->uuids, list) {
733 u16 uuid16;
734
735 if (uuid->size != 16)
736 continue;
737
738 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
739 if (uuid16 < 0x1100)
740 continue;
741
742 if (uuid16 == PNP_INFO_SVCLASS_ID)
743 continue;
744
745 if (!uuids_start) {
746 uuids_start = ptr;
747 uuids_start[0] = 1;
748 uuids_start[1] = EIR_UUID16_ALL;
749 ptr += 2;
750 }
751
752 /* Stop if not enough space to put next UUID */
753 if ((ptr - data) + sizeof(u16) > len) {
754 uuids_start[1] = EIR_UUID16_SOME;
755 break;
756 }
757
758 *ptr++ = (uuid16 & 0x00ff);
759 *ptr++ = (uuid16 & 0xff00) >> 8;
760 uuids_start[0] += sizeof(uuid16);
761 }
762
763 return ptr;
764}
765
cdf1963f
JH		 766static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
767{
768 u8 *ptr = data, *uuids_start = NULL;
769 struct bt_uuid *uuid;
770
771 if (len < 6)
772 return ptr;
773
774 list_for_each_entry(uuid, &hdev->uuids, list) {
775 if (uuid->size != 32)
776 continue;
777
778 if (!uuids_start) {
779 uuids_start = ptr;
780 uuids_start[0] = 1;
781 uuids_start[1] = EIR_UUID32_ALL;
782 ptr += 2;
783 }
784
785 /* Stop if not enough space to put next UUID */
786 if ((ptr - data) + sizeof(u32) > len) {
787 uuids_start[1] = EIR_UUID32_SOME;
788 break;
789 }
790
791 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
792 ptr += sizeof(u32);
793 uuids_start[0] += sizeof(u32);
794 }
795
796 return ptr;
797}
798
c00d575b
JH		 799static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
800{
801 u8 *ptr = data, *uuids_start = NULL;
802 struct bt_uuid *uuid;
803
804 if (len < 18)
805 return ptr;
806
807 list_for_each_entry(uuid, &hdev->uuids, list) {
808 if (uuid->size != 128)
809 continue;
810
811 if (!uuids_start) {
812 uuids_start = ptr;
813 uuids_start[0] = 1;
814 uuids_start[1] = EIR_UUID128_ALL;
815 ptr += 2;
816 }
817
818 /* Stop if not enough space to put next UUID */
819 if ((ptr - data) + 16 > len) {
820 uuids_start[1] = EIR_UUID128_SOME;
821 break;
822 }
823
824 memcpy(ptr, uuid->uuid, 16);
825 ptr += 16;
826 uuids_start[0] += 16;
827 }
828
829 return ptr;
830}
831
333ae95d
JH		 832static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
833{
834 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
835}
836
333ae95d
JH		 837static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
838 struct hci_dev *hdev,
839 const void *data)
840{
841 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
842}
843
f2252570 844u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
9a43e25f 845{
3b0602cd 846 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 847
848 /* If there's a pending mgmt command the flags will not yet have
849 * their final values, so check for this first.
850 */
333ae95d 851 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 852 if (cmd) {
853 struct mgmt_mode *cp = cmd->param;
854 if (cp->val == 0x01)
855 return LE_AD_GENERAL;
856 else if (cp->val == 0x02)
857 return LE_AD_LIMITED;
858 } else {
d7a5a11d 859 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 860 return LE_AD_LIMITED;
d7a5a11d 861 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 862 return LE_AD_GENERAL;
863 }
864
865 return 0;
866}
867
f2252570 868bool mgmt_get_connectable(struct hci_dev *hdev)
fdf51784
AU		 869{
870 struct mgmt_pending_cmd *cmd;
441ad2d0 871
fdf51784
AU		 872 /* If there's a pending mgmt command the flag will not yet have
873 * it's final value, so check for this first.
874 */
875 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
876 if (cmd) {
877 struct mgmt_mode *cp = cmd->param;
441ad2d0 878
fdf51784 879 return cp->val;
441ad2d0
MH		 880 }
881
fdf51784
AU		 882 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
883}
441ad2d0 884
ef580372
JH		 885static void create_eir(struct hci_dev *hdev, u8 *data)
886{
887 u8 *ptr = data;
ef580372
JH		 888 size_t name_len;
889
890 name_len = strlen(hdev->dev_name);
891
892 if (name_len > 0) {
893 /* EIR Data type */
894 if (name_len > 48) {
895 name_len = 48;
896 ptr[1] = EIR_NAME_SHORT;
897 } else
898 ptr[1] = EIR_NAME_COMPLETE;
899
900 /* EIR Data length */
901 ptr[0] = name_len + 1;
902
903 memcpy(ptr + 2, hdev->dev_name, name_len);
904
ef580372
JH		 905 ptr += (name_len + 2);
906 }
907
bbaf444a 908 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 909 ptr[0] = 2;
910 ptr[1] = EIR_TX_POWER;
911 ptr[2] = (u8) hdev->inq_tx_power;
912
91c4e9b1
MH		 913 ptr += 3;
914 }
915
2b9be137
MH		 916 if (hdev->devid_source > 0) {
917 ptr[0] = 9;
918 ptr[1] = EIR_DEVICE_ID;
919
920 put_unaligned_le16(hdev->devid_source, ptr + 2);
921 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
922 put_unaligned_le16(hdev->devid_product, ptr + 6);
923 put_unaligned_le16(hdev->devid_version, ptr + 8);
924
2b9be137
MH		 925 ptr += 10;
926 }
927
213202ed 928 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 929 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 930 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 931}
932
890ea898 933static void update_eir(struct hci_request *req)
ef580372 934{
890ea898 935 struct hci_dev *hdev = req->hdev;
ef580372
JH		 936 struct hci_cp_write_eir cp;
937
504c8dcd 938 if (!hdev_is_powered(hdev))
890ea898 939 return;
7770c4aa 940
976eb20e 941 if (!lmp_ext_inq_capable(hdev))
890ea898 942 return;
ef580372 943
d7a5a11d 944 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
890ea898 945 return;
ef580372 946
d7a5a11d 947 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 948 return;
ef580372
JH		 949
950 memset(&cp, 0, sizeof(cp));
951
952 create_eir(hdev, cp.data);
953
954 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 955 return;
ef580372
JH		 956
957 memcpy(hdev->eir, cp.data, sizeof(cp.data));
958
890ea898 959 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 960}
961
7d78525d
JH		 962static void service_cache_off(struct work_struct *work)
963{
964 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 965 service_cache.work);
890ea898 966 struct hci_request req;
7d78525d 967
a69d8927 968 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 969 return;
970
890ea898
JH		 971 hci_req_init(&req, hdev);
972
7d78525d
JH		 973 hci_dev_lock(hdev);
974
890ea898 975 update_eir(&req);
14bf5eac 976 __hci_req_update_class(&req);
7d78525d
JH		 977
978 hci_dev_unlock(hdev);
890ea898
JH		 979
980 hci_req_run(&req, NULL);
7d78525d
JH		 981}
982
d6bfd59c
JH		 983static void rpa_expired(struct work_struct *work)
984{
985 struct hci_dev *hdev = container_of(work, struct hci_dev,
986 rpa_expired.work);
987 struct hci_request req;
988
989 BT_DBG("");
990
a1536da2 991 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 992
d7a5a11d 993 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 994 return;
995
996 /* The generation of a new RPA and programming it into the
f2252570
JH		 997 * controller happens in the hci_req_enable_advertising()
998 * function.
d6bfd59c 999 */
d6bfd59c 1000 hci_req_init(&req, hdev);
f2252570 1001 __hci_req_enable_advertising(&req);
d6bfd59c
JH		 1002 hci_req_run(&req, NULL);
1003}
1004
6a919082 1005static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1006{
238be788 1007 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 1008 return;
1009
4f87da80 1010 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1011 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1012
4f87da80
JH		 1013 /* Non-mgmt controlled devices get this bit set
1014 * implicitly so that pairing works for them, however
1015 * for mgmt we require user-space to explicitly enable
1016 * it
1017 */
a358dc11 1018 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 1019}
1020
0f4e68cf 1021static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1022 void *data, u16 data_len)
0381101f 1023{
a38528f1 1024 struct mgmt_rp_read_info rp;
f7b64e69 1025
bdb6d971 1026 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1027
09fd0de5 1028 hci_dev_lock(hdev);
f7b64e69 1029
dc4fe30b
JH		 1030 memset(&rp, 0, sizeof(rp));
1031
69ab39ea 1032 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1033
69ab39ea 1034 rp.version = hdev->hci_ver;
eb55ef07 1035 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1036
1037 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1038 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1039
a38528f1 1040 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1041
dc4fe30b 1042 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1043 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1044
09fd0de5 1045 hci_dev_unlock(hdev);
0381101f 1046
2a1afb5a
JH		 1047 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1048 sizeof(rp));
0381101f
JH		 1049}
1050
69ab39ea 1051static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1052{
69ab39ea 1053 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1054
2a1afb5a
JH		 1055 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1056 sizeof(settings));
8680570b
JH		 1057}
1058
1904a853 1059static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1060{
1061 BT_DBG("%s status 0x%02x", hdev->name, status);
1062
a3172b7e
JH		 1063 if (hci_conn_count(hdev) == 0) {
1064 cancel_delayed_work(&hdev->power_off);
8b064a3a 1065 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1066 }
8b064a3a
JH		 1067}
1068
f2252570 1069void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
912098a6
AU		 1070{
1071 struct mgmt_ev_advertising_added ev;
1072
1073 ev.instance = instance;
1074
1075 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1076}
1077
f2252570
JH		 1078void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1079 u8 instance)
912098a6
AU		 1080{
1081 struct mgmt_ev_advertising_removed ev;
1082
1083 ev.instance = instance;
1084
1085 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1086}
1087
7816b820
FG		 1088static void cancel_adv_timeout(struct hci_dev *hdev)
1089{
1090 if (hdev->adv_instance_timeout) {
1091 hdev->adv_instance_timeout = 0;
1092 cancel_delayed_work(&hdev->adv_instance_expire);
1093 }
1094}
1095
8b064a3a
JH		 1096static int clean_up_hci_state(struct hci_dev *hdev)
1097{
1098 struct hci_request req;
1099 struct hci_conn *conn;
23a48093
JH		 1100 bool discov_stopped;
1101 int err;
8b064a3a
JH		 1102
1103 hci_req_init(&req, hdev);
1104
1105 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1106 test_bit(HCI_PSCAN, &hdev->flags)) {
1107 u8 scan = 0x00;
1108 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1109 }
1110
f2252570 1111 hci_req_clear_adv_instance(hdev, NULL, 0x00, false);
912098a6 1112
d7a5a11d 1113 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 1114 __hci_req_disable_advertising(&req);
8b064a3a 1115
2154d3f4 1116 discov_stopped = hci_req_stop_discovery(&req);
8b064a3a
JH		 1117
1118 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
89e0ccc8
JH		 1119 /* 0x15 == Terminated due to Power Off */
1120 __hci_abort_conn(&req, conn, 0x15);
8b064a3a
JH		 1121 }
1122
23a48093
JH		 1123 err = hci_req_run(&req, clean_up_hci_complete);
1124 if (!err && discov_stopped)
1125 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1126
1127 return err;
8b064a3a
JH		 1128}
1129
bdb6d971 1130static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1131 u16 len)
eec8d2bc 1132{
650f726d 1133 struct mgmt_mode *cp = data;
3b0602cd 1134 struct mgmt_pending_cmd *cmd;
4b34ee78 1135 int err;
eec8d2bc 1136
bdb6d971 1137 BT_DBG("request for %s", hdev->name);
eec8d2bc 1138
a7e80f25 1139 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1140 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1141 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1142
09fd0de5 1143 hci_dev_lock(hdev);
eec8d2bc 1144
333ae95d 1145 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1146 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1147 MGMT_STATUS_BUSY);
87b95ba6
JH		 1148 goto failed;
1149 }
1150
a69d8927 1151 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
f0d4b78a
MH		 1152 cancel_delayed_work(&hdev->power_off);
1153
1154 if (cp->val) {
a1d70450
JH		 1155 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1156 data, len);
1157 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1158 goto failed;
1159 }
1160 }
1161
4b34ee78 1162 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1163 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1164 goto failed;
1165 }
1166
2e58ef3e 1167 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1168 if (!cmd) {
1169 err = -ENOMEM;
eec8d2bc 1170 goto failed;
366a0336 1171 }
eec8d2bc 1172
8b064a3a 1173 if (cp->val) {
19202573 1174 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1175 err = 0;
1176 } else {
1177 /* Disconnect connections, stop scans, etc */
1178 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1179 if (!err)
1180 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1181 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1182
8b064a3a
JH		 1183 /* ENODATA means there were no HCI commands queued */
1184 if (err == -ENODATA) {
a3172b7e 1185 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1186 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1187 err = 0;
1188 }
1189 }
eec8d2bc
JH		 1190
1191failed:
09fd0de5 1192 hci_dev_unlock(hdev);
366a0336 1193 return err;
eec8d2bc
JH		 1194}
1195
beadb2bd
JH		 1196static int new_settings(struct hci_dev *hdev, struct sock *skip)
1197{
f6b7712e 1198 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1199
f6b7712e
MH		 1200 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1201 sizeof(ev), skip);
beadb2bd
JH		 1202}
1203
91a668b0
JH		 1204int mgmt_new_settings(struct hci_dev *hdev)
1205{
1206 return new_settings(hdev, NULL);
1207}
1208
bd99abdd
JH		 1209struct cmd_lookup {
1210 struct sock *sk;
1211 struct hci_dev *hdev;
1212 u8 mgmt_status;
1213};
1214
3b0602cd 1215static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1216{
1217 struct cmd_lookup *match = data;
1218
1219 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1220
1221 list_del(&cmd->list);
1222
1223 if (match->sk == NULL) {
1224 match->sk = cmd->sk;
1225 sock_hold(match->sk);
1226 }
1227
1228 mgmt_pending_free(cmd);
1229}
1230
3b0602cd 1231static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1232{
1233 u8 *status = data;
1234
a69e8375 1235 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1236 mgmt_pending_remove(cmd);
1237}
1238
3b0602cd 1239static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1240{
1241 if (cmd->cmd_complete) {
1242 u8 *status = data;
1243
1244 cmd->cmd_complete(cmd, *status);
1245 mgmt_pending_remove(cmd);
1246
1247 return;
1248 }
1249
1250 cmd_status_rsp(cmd, data);
1251}
1252
3b0602cd 1253static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1254{
2a1afb5a
JH		 1255 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1256 cmd->param, cmd->param_len);
f5818c22
JH		 1257}
1258
3b0602cd 1259static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1260{
2a1afb5a
JH		 1261 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1262 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1263}
1264
e6fe7986
JH		 1265static u8 mgmt_bredr_support(struct hci_dev *hdev)
1266{
1267 if (!lmp_bredr_capable(hdev))
1268 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1269 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1270 return MGMT_STATUS_REJECTED;
1271 else
1272 return MGMT_STATUS_SUCCESS;
1273}
1274
1275static u8 mgmt_le_support(struct hci_dev *hdev)
1276{
1277 if (!lmp_le_capable(hdev))
1278 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1279 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1280 return MGMT_STATUS_REJECTED;
1281 else
1282 return MGMT_STATUS_SUCCESS;
1283}
1284
aed1a885 1285void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
bfaf8c9f 1286{
3b0602cd 1287 struct mgmt_pending_cmd *cmd;
bfaf8c9f
JH		 1288
1289 BT_DBG("status 0x%02x", status);
1290
1291 hci_dev_lock(hdev);
1292
333ae95d 1293 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1294 if (!cmd)
1295 goto unlock;
1296
1297 if (status) {
1298 u8 mgmt_err = mgmt_status(status);
a69e8375 1299 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1300 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1301 goto remove_cmd;
1302 }
1303
aed1a885
JH		 1304 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1305 hdev->discov_timeout > 0) {
1306 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1307 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
d4462a07 1308 }
bfaf8c9f
JH		 1309
1310 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
aed1a885 1311 new_settings(hdev, cmd->sk);
970ba524 1312
bfaf8c9f
JH		 1313remove_cmd:
1314 mgmt_pending_remove(cmd);
1315
1316unlock:
1317 hci_dev_unlock(hdev);
1318}
1319
bdb6d971 1320static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1321 u16 len)
73f22f62 1322{
650f726d 1323 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1324 struct mgmt_pending_cmd *cmd;
5e5282bb 1325 u16 timeout;
73f22f62
JH		 1326 int err;
1327
bdb6d971 1328 BT_DBG("request for %s", hdev->name);
73f22f62 1329
d7a5a11d
MH		 1330 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1331 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1332 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1333 MGMT_STATUS_REJECTED);
33c525c0 1334
310a3d48 1335 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1336 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1337 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1338
1f350c87 1339 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1340
1341 /* Disabling discoverable requires that no timeout is set,
1342 * and enabling limited discoverable requires a timeout.
1343 */
1344 if ((cp->val == 0x00 && timeout > 0) ||
1345 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1346 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1347 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1348
09fd0de5 1349 hci_dev_lock(hdev);
73f22f62 1350
5e5282bb 1351 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1352 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1353 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1354 goto failed;
1355 }
1356
333ae95d
JH		 1357 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1358 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1359 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1360 MGMT_STATUS_BUSY);
73f22f62
JH		 1361 goto failed;
1362 }
1363
d7a5a11d 1364 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1365 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1366 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1367 goto failed;
1368 }
1369
1370 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1371 bool changed = false;
1372
310a3d48
MH		 1373 /* Setting limited discoverable when powered off is
1374 * not a valid operation since it requires a timeout
1375 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1376 */
d7a5a11d 1377 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1378 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1379 changed = true;
1380 }
1381
5e5282bb 1382 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1383 if (err < 0)
1384 goto failed;
1385
1386 if (changed)
1387 err = new_settings(hdev, sk);
1388
5e5282bb
JH		 1389 goto failed;
1390 }
1391
310a3d48
MH		 1392 /* If the current mode is the same, then just update the timeout
1393 * value with the new value. And if only the timeout gets updated,
1394 * then no need for any HCI transactions.
1395 */
d7a5a11d
MH		 1396 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1397 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1398 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1399 cancel_delayed_work(&hdev->discov_off);
1400 hdev->discov_timeout = timeout;
955638ec 1401
36261547
MH		 1402 if (cp->val && hdev->discov_timeout > 0) {
1403 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1404 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1405 to);
955638ec
MH		 1406 }
1407
69ab39ea 1408 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1409 goto failed;
1410 }
1411
2e58ef3e 1412 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1413 if (!cmd) {
1414 err = -ENOMEM;
73f22f62 1415 goto failed;
366a0336 1416 }
73f22f62 1417
310a3d48
MH		 1418 /* Cancel any potential discoverable timeout that might be
1419 * still active and store new timeout value. The arming of
1420 * the timeout happens in the complete handler.
1421 */
1422 cancel_delayed_work(&hdev->discov_off);
1423 hdev->discov_timeout = timeout;
1424
aed1a885
JH		 1425 if (cp->val)
1426 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1427 else
1428 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1429
b456f87c
JH		 1430 /* Limited discoverable mode */
1431 if (cp->val == 0x02)
a1536da2 1432 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1433 else
a358dc11 1434 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1435
aed1a885
JH		 1436 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1437 err = 0;
73f22f62
JH		 1438
1439failed:
09fd0de5 1440 hci_dev_unlock(hdev);
73f22f62
JH		 1441 return err;
1442}
1443
406d7804
JH		 1444static void write_fast_connectable(struct hci_request *req, bool enable)
1445{
bd98b996 1446 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1447 struct hci_cp_write_page_scan_activity acp;
1448 u8 type;
1449
d7a5a11d 1450 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
547003b1
JH		 1451 return;
1452
4c01f8b8
JH		 1453 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1454 return;
1455
406d7804
JH		 1456 if (enable) {
1457 type = PAGE_SCAN_TYPE_INTERLACED;
1458
1459 /* 160 msec page scan interval */
dcf4adbf 1460 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1461 } else {
1462 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1463
1464 /* default 1.28 sec page scan */
dcf4adbf 1465 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1466 }
1467
dcf4adbf 1468 acp.window = cpu_to_le16(0x0012);
406d7804 1469
bd98b996
JH		 1470 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1471 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1472 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1473 sizeof(acp), &acp);
1474
1475 if (hdev->page_scan_type != type)
1476 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1477}
1478
53c0ba74 1479void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
2b76f453 1480{
3b0602cd 1481 struct mgmt_pending_cmd *cmd;
2b76f453
JH		 1482
1483 BT_DBG("status 0x%02x", status);
1484
1485 hci_dev_lock(hdev);
1486
333ae95d 1487 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 1488 if (!cmd)
1489 goto unlock;
1490
37438c1f
JH		 1491 if (status) {
1492 u8 mgmt_err = mgmt_status(status);
a69e8375 1493 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1494 goto remove_cmd;
1495 }
1496
2b76f453 1497 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
53c0ba74 1498 new_settings(hdev, cmd->sk);
d7b856f9 1499
37438c1f 1500remove_cmd:
2b76f453
JH		 1501 mgmt_pending_remove(cmd);
1502
1503unlock:
1504 hci_dev_unlock(hdev);
1505}
1506
e8ba3a1f
JH		 1507static int set_connectable_update_settings(struct hci_dev *hdev,
1508 struct sock *sk, u8 val)
1509{
1510 bool changed = false;
1511 int err;
1512
d7a5a11d 1513 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1514 changed = true;
1515
1516 if (val) {
a1536da2 1517 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1518 } else {
a358dc11
MH		 1519 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1520 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1521 }
1522
1523 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1524 if (err < 0)
1525 return err;
1526
562064e6 1527 if (changed) {
01b1cb87 1528 hci_req_update_scan(hdev);
562064e6 1529 hci_update_background_scan(hdev);
e8ba3a1f 1530 return new_settings(hdev, sk);
562064e6 1531 }
e8ba3a1f
JH		 1532
1533 return 0;
1534}
1535
bdb6d971 1536static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1537 u16 len)
9fbcbb45 1538{
650f726d 1539 struct mgmt_mode *cp = data;
3b0602cd 1540 struct mgmt_pending_cmd *cmd;
9fbcbb45
JH		 1541 int err;
1542
bdb6d971 1543 BT_DBG("request for %s", hdev->name);
9fbcbb45 1544
d7a5a11d
MH		 1545 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1546 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1547 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1548 MGMT_STATUS_REJECTED);
33c525c0 1549
a7e80f25 1550 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1551 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1552 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1553
09fd0de5 1554 hci_dev_lock(hdev);
9fbcbb45 1555
4b34ee78 1556 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1557 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1558 goto failed;
1559 }
1560
333ae95d
JH		 1561 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1562 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1563 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1564 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1565 goto failed;
1566 }
1567
2e58ef3e 1568 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1569 if (!cmd) {
1570 err = -ENOMEM;
9fbcbb45 1571 goto failed;
366a0336 1572 }
9fbcbb45 1573
53c0ba74
JH		 1574 if (cp->val) {
1575 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1576 } else {
1577 if (hdev->discov_timeout > 0)
1578 cancel_delayed_work(&hdev->discov_off);
2b76f453 1579
53c0ba74
JH		 1580 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1581 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1582 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
9b74246f 1583 }
2b76f453 1584
53c0ba74
JH		 1585 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1586 err = 0;
9fbcbb45
JH		 1587
1588failed:
09fd0de5 1589 hci_dev_unlock(hdev);
9fbcbb45
JH		 1590 return err;
1591}
1592
b2939475 1593static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1594 u16 len)
c542a06c 1595{
650f726d 1596 struct mgmt_mode *cp = data;
55594356 1597 bool changed;
c542a06c
JH		 1598 int err;
1599
bdb6d971 1600 BT_DBG("request for %s", hdev->name);
c542a06c 1601
a7e80f25 1602 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1603 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1604 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1605
09fd0de5 1606 hci_dev_lock(hdev);
c542a06c
JH		 1607
1608 if (cp->val)
238be788 1609 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 1610 else
a69d8927 1611 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 1612
b2939475 1613 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1614 if (err < 0)
55594356 1615 goto unlock;
c542a06c 1616
55594356
MH		 1617 if (changed)
1618 err = new_settings(hdev, sk);
c542a06c 1619
55594356 1620unlock:
09fd0de5 1621 hci_dev_unlock(hdev);
c542a06c
JH		 1622 return err;
1623}
1624
04124681
GP		 1625static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1626 u16 len)
33ef95ed
JH		 1627{
1628 struct mgmt_mode *cp = data;
3b0602cd 1629 struct mgmt_pending_cmd *cmd;
e6fe7986 1630 u8 val, status;
33ef95ed
JH		 1631 int err;
1632
bdb6d971 1633 BT_DBG("request for %s", hdev->name);
33ef95ed 1634
e6fe7986
JH		 1635 status = mgmt_bredr_support(hdev);
1636 if (status)
a69e8375
JH		 1637 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1638 status);
33c525c0 1639
a7e80f25 1640 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1641 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1642 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1643
33ef95ed
JH		 1644 hci_dev_lock(hdev);
1645
4b34ee78 1646 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1647 bool changed = false;
1648
d7a5a11d 1649 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 1650 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 1651 changed = true;
1652 }
1653
1654 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1655 if (err < 0)
1656 goto failed;
1657
1658 if (changed)
1659 err = new_settings(hdev, sk);
1660
33ef95ed
JH		 1661 goto failed;
1662 }
1663
333ae95d 1664 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 1665 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1666 MGMT_STATUS_BUSY);
33ef95ed
JH		 1667 goto failed;
1668 }
1669
1670 val = !!cp->val;
1671
1672 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1673 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1674 goto failed;
1675 }
1676
1677 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1678 if (!cmd) {
1679 err = -ENOMEM;
1680 goto failed;
1681 }
1682
1683 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1684 if (err < 0) {
1685 mgmt_pending_remove(cmd);
1686 goto failed;
1687 }
1688
1689failed:
1690 hci_dev_unlock(hdev);
33ef95ed
JH		 1691 return err;
1692}
1693
bdb6d971 1694static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1695{
1696 struct mgmt_mode *cp = data;
3b0602cd 1697 struct mgmt_pending_cmd *cmd;
72ef0c1a 1698 u8 status;
ed2c4ee3
JH		 1699 int err;
1700
bdb6d971 1701 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1702
cdba5281
MH		 1703 status = mgmt_bredr_support(hdev);
1704 if (status)
a69e8375 1705 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 1706
13ecd8b6 1707 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1708 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1709 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1710
a7e80f25 1711 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1712 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1713 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1714
13ecd8b6 1715 hci_dev_lock(hdev);
6c8f12c1 1716
4b34ee78 1717 if (!hdev_is_powered(hdev)) {
9ecb3e24 1718 bool changed;
c0ecddc2 1719
9ecb3e24 1720 if (cp->val) {
238be788
MH		 1721 changed = !hci_dev_test_and_set_flag(hdev,
1722 HCI_SSP_ENABLED);
9ecb3e24 1723 } else {
a69d8927
MH		 1724 changed = hci_dev_test_and_clear_flag(hdev,
1725 HCI_SSP_ENABLED);
9ecb3e24 1726 if (!changed)
a69d8927
MH		 1727 changed = hci_dev_test_and_clear_flag(hdev,
1728 HCI_HS_ENABLED);
9ecb3e24 1729 else
a358dc11 1730 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 1731 }
1732
1733 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1734 if (err < 0)
1735 goto failed;
1736
1737 if (changed)
1738 err = new_settings(hdev, sk);
1739
ed2c4ee3
JH		 1740 goto failed;
1741 }
1742
333ae95d 1743 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1744 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1745 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1746 goto failed;
1747 }
1748
d7a5a11d 1749 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 1750 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1751 goto failed;
1752 }
1753
1754 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1755 if (!cmd) {
1756 err = -ENOMEM;
1757 goto failed;
1758 }
1759
d7a5a11d 1760 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 1761 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1762 sizeof(cp->val), &cp->val);
1763
72ef0c1a 1764 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1765 if (err < 0) {
1766 mgmt_pending_remove(cmd);
1767 goto failed;
1768 }
1769
1770failed:
1771 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1772 return err;
1773}
1774
bdb6d971 1775static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1776{
1777 struct mgmt_mode *cp = data;
ee392693 1778 bool changed;
e6fe7986 1779 u8 status;
ee392693 1780 int err;
6d80dfd0 1781
bdb6d971 1782 BT_DBG("request for %s", hdev->name);
6d80dfd0 1783
e6fe7986
JH		 1784 status = mgmt_bredr_support(hdev);
1785 if (status)
a69e8375 1786 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1787
9ecb3e24 1788 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1789 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1790 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 1791
d7a5a11d 1792 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 1793 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1794 MGMT_STATUS_REJECTED);
9ecb3e24 1795
a7e80f25 1796 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1797 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1798 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1799
ee392693
MH		 1800 hci_dev_lock(hdev);
1801
333ae95d 1802 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1803 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1804 MGMT_STATUS_BUSY);
a2cb01de
JH		 1805 goto unlock;
1806 }
1807
a0cdf960 1808 if (cp->val) {
238be788 1809 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 1810 } else {
1811 if (hdev_is_powered(hdev)) {
a69e8375
JH		 1812 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1813 MGMT_STATUS_REJECTED);
a0cdf960
MH		 1814 goto unlock;
1815 }
1816
a69d8927 1817 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 1818 }
ee392693
MH		 1819
1820 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1821 if (err < 0)
1822 goto unlock;
1823
1824 if (changed)
1825 err = new_settings(hdev, sk);
6d80dfd0 1826
ee392693
MH		 1827unlock:
1828 hci_dev_unlock(hdev);
1829 return err;
6d80dfd0
JH		 1830}
1831
1904a853 1832static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 1833{
1834 struct cmd_lookup match = { NULL, hdev };
1835
3ad67582
JK		 1836 hci_dev_lock(hdev);
1837
416a4ae5
JH		 1838 if (status) {
1839 u8 mgmt_err = mgmt_status(status);
1840
1841 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1842 &mgmt_err);
3ad67582 1843 goto unlock;
416a4ae5
JH		 1844 }
1845
1846 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1847
1848 new_settings(hdev, match.sk);
1849
1850 if (match.sk)
1851 sock_put(match.sk);
441ad2d0
MH		 1852
1853 /* Make sure the controller has a good default for
1854 * advertising data. Restrict the update to when LE
1855 * has actually been enabled. During power on, the
1856 * update in powered_update_hci will take care of it.
1857 */
d7a5a11d 1858 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 1859 struct hci_request req;
1860
441ad2d0 1861 hci_req_init(&req, hdev);
f2252570
JH		 1862 __hci_req_update_adv_data(&req, HCI_ADV_CURRENT);
1863 __hci_req_update_scan_rsp_data(&req, HCI_ADV_CURRENT);
441ad2d0 1864 hci_req_run(&req, NULL);
2e93e53b 1865 hci_update_background_scan(hdev);
441ad2d0 1866 }
3ad67582
JK		 1867
1868unlock:
1869 hci_dev_unlock(hdev);
416a4ae5
JH		 1870}
1871
bdb6d971 1872static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1873{
1874 struct mgmt_mode *cp = data;
1875 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 1876 struct mgmt_pending_cmd *cmd;
416a4ae5 1877 struct hci_request req;
06199cf8 1878 int err;
0b60eba1 1879 u8 val, enabled;
06199cf8 1880
bdb6d971 1881 BT_DBG("request for %s", hdev->name);
06199cf8 1882
13ecd8b6 1883 if (!lmp_le_capable(hdev))
a69e8375
JH		 1884 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1885 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1886
a7e80f25 1887 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1888 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1889 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1890
e7844ee5
MH		 1891 /* Bluetooth single mode LE only controllers or dual-mode
1892 * controllers configured as LE only devices, do not allow
1893 * switching LE off. These have either LE enabled explicitly
1894 * or BR/EDR has been previously switched off.
1895 *
1896 * When trying to enable an already enabled LE, then gracefully
1897 * send a positive response. Trying to disable it however will
1898 * result into rejection.
1899 */
1900 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1901 if (cp->val == 0x01)
1902 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1903
a69e8375
JH		 1904 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1905 MGMT_STATUS_REJECTED);
e7844ee5 1906 }
c73eee91 1907
13ecd8b6 1908 hci_dev_lock(hdev);
06199cf8
JH		 1909
1910 val = !!cp->val;
ffa88e02 1911 enabled = lmp_host_le_capable(hdev);
06199cf8 1912
847818d9 1913 if (!val)
f2252570 1914 hci_req_clear_adv_instance(hdev, NULL, 0x00, true);
847818d9 1915
0b60eba1 1916 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1917 bool changed = false;
1918
d7a5a11d 1919 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 1920 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 1921 changed = true;
1922 }
1923
d7a5a11d 1924 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 1925 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 1926 changed = true;
1927 }
1928
06199cf8
JH		 1929 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1930 if (err < 0)
1de028ce 1931 goto unlock;
06199cf8
JH		 1932
1933 if (changed)
1934 err = new_settings(hdev, sk);
1935
1de028ce 1936 goto unlock;
06199cf8
JH		 1937 }
1938
333ae95d
JH		 1939 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1940 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 1941 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1942 MGMT_STATUS_BUSY);
1de028ce 1943 goto unlock;
06199cf8
JH		 1944 }
1945
1946 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1947 if (!cmd) {
1948 err = -ENOMEM;
1de028ce 1949 goto unlock;
06199cf8
JH		 1950 }
1951
441ad2d0
MH		 1952 hci_req_init(&req, hdev);
1953
06199cf8
JH		 1954 memset(&hci_cp, 0, sizeof(hci_cp));
1955
1956 if (val) {
1957 hci_cp.le = val;
32226e4f 1958 hci_cp.simul = 0x00;
441ad2d0 1959 } else {
d7a5a11d 1960 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 1961 __hci_req_disable_advertising(&req);
06199cf8
JH		 1962 }
1963
416a4ae5
JH		 1964 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1965 &hci_cp);
1966
1967 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1968 if (err < 0)
06199cf8 1969 mgmt_pending_remove(cmd);
06199cf8 1970
1de028ce
JH		 1971unlock:
1972 hci_dev_unlock(hdev);
06199cf8
JH		 1973 return err;
1974}
1975
0cab9c80
JH		 1976/* This is a helper function to test for pending mgmt commands that can
1977 * cause CoD or EIR HCI commands. We can only allow one such pending
1978 * mgmt command at a time since otherwise we cannot easily track what
1979 * the current values are, will be, and based on that calculate if a new
1980 * HCI command needs to be sent and if yes with what value.
1981 */
1982static bool pending_eir_or_class(struct hci_dev *hdev)
1983{
3b0602cd 1984 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 1985
1986 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1987 switch (cmd->opcode) {
1988 case MGMT_OP_ADD_UUID:
1989 case MGMT_OP_REMOVE_UUID:
1990 case MGMT_OP_SET_DEV_CLASS:
1991 case MGMT_OP_SET_POWERED:
1992 return true;
1993 }
1994 }
1995
1996 return false;
1997}
1998
83be8eca
JH		 1999static const u8 bluetooth_base_uuid[] = {
2000 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2001 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2002};
2003
2004static u8 get_uuid_size(const u8 *uuid)
2005{
2006 u32 val;
2007
2008 if (memcmp(uuid, bluetooth_base_uuid, 12))
2009 return 128;
2010
2011 val = get_unaligned_le32(&uuid[12]);
2012 if (val > 0xffff)
2013 return 32;
2014
2015 return 16;
2016}
2017
92da6097
JH		 2018static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2019{
3b0602cd 2020 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2021
2022 hci_dev_lock(hdev);
2023
333ae95d 2024 cmd = pending_find(mgmt_op, hdev);
92da6097
JH		 2025 if (!cmd)
2026 goto unlock;
2027
2a1afb5a
JH		 2028 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2029 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2030
2031 mgmt_pending_remove(cmd);
2032
2033unlock:
2034 hci_dev_unlock(hdev);
2035}
2036
1904a853 2037static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2038{
2039 BT_DBG("status 0x%02x", status);
2040
2041 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2042}
2043
bdb6d971 2044static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2045{
650f726d 2046 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2047 struct mgmt_pending_cmd *cmd;
890ea898 2048 struct hci_request req;
2aeb9a1a 2049 struct bt_uuid *uuid;
2aeb9a1a
JH		 2050 int err;
2051
bdb6d971 2052 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2053
09fd0de5 2054 hci_dev_lock(hdev);
2aeb9a1a 2055
0cab9c80 2056 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2057 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2058 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2059 goto failed;
2060 }
2061
92c4c204 2062 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2063 if (!uuid) {
2064 err = -ENOMEM;
2065 goto failed;
2066 }
2067
2068 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2069 uuid->svc_hint = cp->svc_hint;
83be8eca 2070 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2071
de66aa63 2072 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2073
890ea898 2074 hci_req_init(&req, hdev);
1aff6f09 2075
14bf5eac 2076 __hci_req_update_class(&req);
890ea898
JH		 2077 update_eir(&req);
2078
92da6097
JH		 2079 err = hci_req_run(&req, add_uuid_complete);
2080 if (err < 0) {
2081 if (err != -ENODATA)
2082 goto failed;
80a1e1db 2083
2a1afb5a
JH		 2084 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2085 hdev->dev_class, 3);
90e70454
JH		 2086 goto failed;
2087 }
2088
2089 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2090 if (!cmd) {
90e70454 2091 err = -ENOMEM;
890ea898
JH		 2092 goto failed;
2093 }
2094
2095 err = 0;
2aeb9a1a
JH		 2096
2097failed:
09fd0de5 2098 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2099 return err;
2100}
2101
24b78d0f
JH		 2102static bool enable_service_cache(struct hci_dev *hdev)
2103{
2104 if (!hdev_is_powered(hdev))
2105 return false;
2106
238be788 2107 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2108 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2109 CACHE_TIMEOUT);
24b78d0f
JH		 2110 return true;
2111 }
2112
2113 return false;
2114}
2115
1904a853 2116static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2117{
2118 BT_DBG("status 0x%02x", status);
2119
2120 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2121}
2122
bdb6d971 2123static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2124 u16 len)
2aeb9a1a 2125{
650f726d 2126 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2127 struct mgmt_pending_cmd *cmd;
056341c8 2128 struct bt_uuid *match, *tmp;
2aeb9a1a 2129 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2130 struct hci_request req;
2aeb9a1a
JH		 2131 int err, found;
2132
bdb6d971 2133 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2134
09fd0de5 2135 hci_dev_lock(hdev);
2aeb9a1a 2136
0cab9c80 2137 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2138 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2139 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2140 goto unlock;
2141 }
2142
2aeb9a1a 2143 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2144 hci_uuids_clear(hdev);
4004b6d9 2145
24b78d0f 2146 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2147 err = mgmt_cmd_complete(sk, hdev->id,
2148 MGMT_OP_REMOVE_UUID,
2149 0, hdev->dev_class, 3);
24b78d0f
JH		 2150 goto unlock;
2151 }
4004b6d9 2152
9246a869 2153 goto update_class;
2aeb9a1a
JH		 2154 }
2155
2156 found = 0;
2157
056341c8 2158 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2159 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2160 continue;
2161
2162 list_del(&match->list);
482049f7 2163 kfree(match);
2aeb9a1a
JH		 2164 found++;
2165 }
2166
2167 if (found == 0) {
a69e8375
JH		 2168 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2169 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2170 goto unlock;
2171 }
2172
9246a869 2173update_class:
890ea898 2174 hci_req_init(&req, hdev);
1aff6f09 2175
14bf5eac 2176 __hci_req_update_class(&req);
890ea898
JH		 2177 update_eir(&req);
2178
92da6097
JH		 2179 err = hci_req_run(&req, remove_uuid_complete);
2180 if (err < 0) {
2181 if (err != -ENODATA)
2182 goto unlock;
80a1e1db 2183
2a1afb5a
JH		 2184 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2185 hdev->dev_class, 3);
90e70454
JH		 2186 goto unlock;
2187 }
2188
2189 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2190 if (!cmd) {
90e70454 2191 err = -ENOMEM;
890ea898
JH		 2192 goto unlock;
2193 }
2194
2195 err = 0;
2aeb9a1a
JH		 2196
2197unlock:
09fd0de5 2198 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2199 return err;
2200}
2201
1904a853 2202static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2203{
2204 BT_DBG("status 0x%02x", status);
2205
2206 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2207}
2208
bdb6d971 2209static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2210 u16 len)
1aff6f09 2211{
650f726d 2212 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2213 struct mgmt_pending_cmd *cmd;
890ea898 2214 struct hci_request req;
1aff6f09
JH		 2215 int err;
2216
bdb6d971 2217 BT_DBG("request for %s", hdev->name);
1aff6f09 2218
6203fc98 2219 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2221 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2222
0cab9c80 2223 hci_dev_lock(hdev);
ee98f473 2224
0cab9c80 2225 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2226 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2227 MGMT_STATUS_BUSY);
0cab9c80
JH		 2228 goto unlock;
2229 }
c95f0ba7 2230
0cab9c80 2231 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2232 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2233 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2234 goto unlock;
2235 }
575b3a02 2236
932f5ff5
JH		 2237 hdev->major_class = cp->major;
2238 hdev->minor_class = cp->minor;
2239
b5235a65 2240 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2241 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2242 hdev->dev_class, 3);
b5235a65
JH		 2243 goto unlock;
2244 }
2245
890ea898
JH		 2246 hci_req_init(&req, hdev);
2247
a69d8927 2248 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2249 hci_dev_unlock(hdev);
2250 cancel_delayed_work_sync(&hdev->service_cache);
2251 hci_dev_lock(hdev);
890ea898 2252 update_eir(&req);
7d78525d 2253 }
14c0b608 2254
14bf5eac 2255 __hci_req_update_class(&req);
890ea898 2256
92da6097
JH		 2257 err = hci_req_run(&req, set_class_complete);
2258 if (err < 0) {
2259 if (err != -ENODATA)
2260 goto unlock;
1aff6f09 2261
2a1afb5a
JH		 2262 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2263 hdev->dev_class, 3);
90e70454
JH		 2264 goto unlock;
2265 }
2266
2267 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2268 if (!cmd) {
90e70454 2269 err = -ENOMEM;
890ea898
JH		 2270 goto unlock;
2271 }
2272
2273 err = 0;
1aff6f09 2274
b5235a65 2275unlock:
09fd0de5 2276 hci_dev_unlock(hdev);
1aff6f09
JH		 2277 return err;
2278}
2279
bdb6d971 2280static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2281 u16 len)
55ed8ca1 2282{
650f726d 2283 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2284 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2285 sizeof(struct mgmt_link_key_info));
4e51eae9 2286 u16 key_count, expected_len;
b1de97d8 2287 bool changed;
a492cd52 2288 int i;
55ed8ca1 2289
9060d5cf
MH		 2290 BT_DBG("request for %s", hdev->name);
2291
2292 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2293 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2294 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2295
1f350c87 2296 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2297 if (key_count > max_key_count) {
2298 BT_ERR("load_link_keys: too big key_count value %u",
2299 key_count);
a69e8375
JH		 2300 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2301 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2302 }
55ed8ca1 2303
86742e1e
JH		 2304 expected_len = sizeof(*cp) + key_count *
2305 sizeof(struct mgmt_link_key_info);
a492cd52 2306 if (expected_len != len) {
86742e1e 2307 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2308 expected_len, len);
a69e8375
JH		 2309 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2310 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2311 }
2312
4ae14301 2313 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2314 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2315 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2316
bdb6d971 2317 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2318 key_count);
55ed8ca1 2319
4ee71b20
JH		 2320 for (i = 0; i < key_count; i++) {
2321 struct mgmt_link_key_info *key = &cp->keys[i];
2322
8e991132 2323 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2324 return mgmt_cmd_status(sk, hdev->id,
2325 MGMT_OP_LOAD_LINK_KEYS,
2326 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2327 }
2328
09fd0de5 2329 hci_dev_lock(hdev);
55ed8ca1
JH		 2330
2331 hci_link_keys_clear(hdev);
2332
55ed8ca1 2333 if (cp->debug_keys)
238be788 2334 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2335 else
a69d8927
MH		 2336 changed = hci_dev_test_and_clear_flag(hdev,
2337 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2338
2339 if (changed)
2340 new_settings(hdev, NULL);
55ed8ca1 2341
a492cd52 2342 for (i = 0; i < key_count; i++) {
86742e1e 2343 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2344
58e9293c
JH		 2345 /* Always ignore debug keys and require a new pairing if
2346 * the user wants to use them.
2347 */
2348 if (key->type == HCI_LK_DEBUG_COMBINATION)
2349 continue;
2350
7652ff6a
JH		 2351 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2352 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2353 }
2354
2a1afb5a 2355 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2356
09fd0de5 2357 hci_dev_unlock(hdev);
55ed8ca1 2358
a492cd52 2359 return 0;
55ed8ca1
JH		 2360}
2361
b1078ad0 2362static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2363 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2364{
2365 struct mgmt_ev_device_unpaired ev;
2366
2367 bacpy(&ev.addr.bdaddr, bdaddr);
2368 ev.addr.type = addr_type;
2369
2370 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2371 skip_sk);
b1078ad0
JH		 2372}
2373
bdb6d971 2374static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2375 u16 len)
55ed8ca1 2376{
124f6e35
JH		 2377 struct mgmt_cp_unpair_device *cp = data;
2378 struct mgmt_rp_unpair_device rp;
fc64361a 2379 struct hci_conn_params *params;
3b0602cd 2380 struct mgmt_pending_cmd *cmd;
55ed8ca1 2381 struct hci_conn *conn;
ec182f03 2382 u8 addr_type;
55ed8ca1
JH		 2383 int err;
2384
a8a1d19e 2385 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2386 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2387 rp.addr.type = cp->addr.type;
a8a1d19e 2388
4ee71b20 2389 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2390 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2391 MGMT_STATUS_INVALID_PARAMS,
2392 &rp, sizeof(rp));
4ee71b20 2393
118da70b 2394 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2395 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2396 MGMT_STATUS_INVALID_PARAMS,
2397 &rp, sizeof(rp));
118da70b 2398
4ee71b20
JH		 2399 hci_dev_lock(hdev);
2400
86a8cfc6 2401 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2402 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2403 MGMT_STATUS_NOT_POWERED, &rp,
2404 sizeof(rp));
86a8cfc6
JH		 2405 goto unlock;
2406 }
2407
e0b2b27e 2408 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2409 /* If disconnection is requested, then look up the
2410 * connection. If the remote device is connected, it
2411 * will be later used to terminate the link.
2412 *
2413 * Setting it to NULL explicitly will cause no
2414 * termination of the link.
2415 */
2416 if (cp->disconnect)
2417 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2418 &cp->addr.bdaddr);
2419 else
2420 conn = NULL;
2421
124f6e35 2422 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
ec182f03
JH		 2423 if (err < 0) {
2424 err = mgmt_cmd_complete(sk, hdev->id,
2425 MGMT_OP_UNPAIR_DEVICE,
2426 MGMT_STATUS_NOT_PAIRED, &rp,
2427 sizeof(rp));
2428 goto unlock;
89cbb063
AA		 2429 }
2430
ec182f03 2431 goto done;
e0b2b27e 2432 }
b0dbfb46 2433
ec182f03
JH		 2434 /* LE address type */
2435 addr_type = le_addr_type(cp->addr.type);
2436
2437 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2438
2439 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
55ed8ca1 2440 if (err < 0) {
2a1afb5a
JH		 2441 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2442 MGMT_STATUS_NOT_PAIRED, &rp,
2443 sizeof(rp));
55ed8ca1
JH		 2444 goto unlock;
2445 }
2446
ec182f03
JH		 2447 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2448 if (!conn) {
2449 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2450 goto done;
2451 }
2452
c81d555a
JH		 2453 /* Abort any ongoing SMP pairing */
2454 smp_cancel_pairing(conn);
2455
ec182f03
JH		 2456 /* Defer clearing up the connection parameters until closing to
2457 * give a chance of keeping them if a repairing happens.
2458 */
2459 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2460
fc64361a
JH		 2461 /* Disable auto-connection parameters if present */
2462 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2463 if (params) {
2464 if (params->explicit_connect)
2465 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2466 else
2467 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2468 }
2469
ec182f03
JH		 2470 /* If disconnection is not requested, then clear the connection
2471 * variable so that the link is not terminated.
2472 */
2473 if (!cp->disconnect)
2474 conn = NULL;
2475
2476done:
89cbb063
AA		 2477 /* If the connection variable is set, then termination of the
2478 * link is requested.
2479 */
a8a1d19e 2480 if (!conn) {
2a1afb5a
JH		 2481 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2482 &rp, sizeof(rp));
b1078ad0 2483 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2484 goto unlock;
2485 }
55ed8ca1 2486
124f6e35 2487 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2488 sizeof(*cp));
a8a1d19e
JH		 2489 if (!cmd) {
2490 err = -ENOMEM;
2491 goto unlock;
55ed8ca1
JH		 2492 }
2493
d8b7b1e4
JH		 2494 cmd->cmd_complete = addr_cmd_complete;
2495
89e0ccc8 2496 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
a8a1d19e
JH		 2497 if (err < 0)
2498 mgmt_pending_remove(cmd);
2499
55ed8ca1 2500unlock:
09fd0de5 2501 hci_dev_unlock(hdev);
55ed8ca1
JH		 2502 return err;
2503}
2504
bdb6d971 2505static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2506 u16 len)
8962ee74 2507{
650f726d 2508 struct mgmt_cp_disconnect *cp = data;
06a63b19 2509 struct mgmt_rp_disconnect rp;
3b0602cd 2510 struct mgmt_pending_cmd *cmd;
8962ee74 2511 struct hci_conn *conn;
8962ee74
JH		 2512 int err;
2513
2514 BT_DBG("");
2515
06a63b19
JH		 2516 memset(&rp, 0, sizeof(rp));
2517 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2518 rp.addr.type = cp->addr.type;
2519
4ee71b20 2520 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2521 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2522 MGMT_STATUS_INVALID_PARAMS,
2523 &rp, sizeof(rp));
4ee71b20 2524
09fd0de5 2525 hci_dev_lock(hdev);
8962ee74
JH		 2526
2527 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2528 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2529 MGMT_STATUS_NOT_POWERED, &rp,
2530 sizeof(rp));
8962ee74
JH		 2531 goto failed;
2532 }
2533
333ae95d 2534 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2535 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2536 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2537 goto failed;
2538 }
2539
591f47f3 2540 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2541 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2542 &cp->addr.bdaddr);
88c3df13 2543 else
9d4c1cc1
JH		 2544 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2545 le_addr_type(cp->addr.type));
365227e5 2546
f960727e 2547 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2548 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2549 MGMT_STATUS_NOT_CONNECTED, &rp,
2550 sizeof(rp));
8962ee74
JH		 2551 goto failed;
2552 }
2553
2e58ef3e 2554 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2555 if (!cmd) {
2556 err = -ENOMEM;
8962ee74 2557 goto failed;
366a0336 2558 }
8962ee74 2559
f5818c22
JH		 2560 cmd->cmd_complete = generic_cmd_complete;
2561
e3f2f92a 2562 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2563 if (err < 0)
a664b5bc 2564 mgmt_pending_remove(cmd);
8962ee74
JH		 2565
2566failed:
09fd0de5 2567 hci_dev_unlock(hdev);
8962ee74
JH		 2568 return err;
2569}
2570
57c1477c 2571static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2572{
2573 switch (link_type) {
2574 case LE_LINK:
48264f06
JH		 2575 switch (addr_type) {
2576 case ADDR_LE_DEV_PUBLIC:
591f47f3 2577 return BDADDR_LE_PUBLIC;
0ed09148 2578
48264f06 2579 default:
0ed09148 2580 /* Fallback to LE Random address type */
591f47f3 2581 return BDADDR_LE_RANDOM;
48264f06 2582 }
0ed09148 2583
4c659c39 2584 default:
0ed09148 2585 /* Fallback to BR/EDR type */
591f47f3 2586 return BDADDR_BREDR;
4c659c39
JH		 2587 }
2588}
2589
04124681
GP		 2590static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2591 u16 data_len)
2784eb41 2592{
2784eb41 2593 struct mgmt_rp_get_connections *rp;
8035ded4 2594 struct hci_conn *c;
a38528f1 2595 size_t rp_len;
60fc5fb6
JH		 2596 int err;
2597 u16 i;
2784eb41
JH		 2598
2599 BT_DBG("");
2600
09fd0de5 2601 hci_dev_lock(hdev);
2784eb41 2602
5f97c1df 2603 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2604 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2605 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2606 goto unlock;
2607 }
2608
60fc5fb6 2609 i = 0;
b644ba33
JH		 2610 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2611 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2612 i++;
2784eb41
JH		 2613 }
2614
60fc5fb6 2615 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2616 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2617 if (!rp) {
2784eb41
JH		 2618 err = -ENOMEM;
2619 goto unlock;
2620 }
2621
2784eb41 2622 i = 0;
4c659c39 2623 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2624 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2625 continue;
4c659c39 2626 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2627 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2628 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2629 continue;
2630 i++;
2631 }
2632
eb55ef07 2633 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2634
4c659c39
JH		 2635 /* Recalculate length in case of filtered SCO connections, etc */
2636 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2637
2a1afb5a
JH		 2638 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2639 rp_len);
2784eb41 2640
a38528f1 2641 kfree(rp);
5f97c1df
JH		 2642
2643unlock:
09fd0de5 2644 hci_dev_unlock(hdev);
2784eb41
JH		 2645 return err;
2646}
2647
bdb6d971 2648static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2649 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 2650{
3b0602cd 2651 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 2652 int err;
2653
2e58ef3e 2654 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2655 sizeof(*cp));
96d97a67
WR		 2656 if (!cmd)
2657 return -ENOMEM;
2658
d8457698 2659 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2660 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2661 if (err < 0)
2662 mgmt_pending_remove(cmd);
2663
2664 return err;
2665}
2666
bdb6d971 2667static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2668 u16 len)
980e1a53 2669{
96d97a67 2670 struct hci_conn *conn;
650f726d 2671 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2672 struct hci_cp_pin_code_reply reply;
3b0602cd 2673 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 2674 int err;
2675
2676 BT_DBG("");
2677
09fd0de5 2678 hci_dev_lock(hdev);
980e1a53 2679
4b34ee78 2680 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2681 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2682 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2683 goto failed;
2684 }
2685
d8457698 2686 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2687 if (!conn) {
a69e8375
JH		 2688 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2689 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2690 goto failed;
2691 }
2692
2693 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2694 struct mgmt_cp_pin_code_neg_reply ncp;
2695
2696 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2697
2698 BT_ERR("PIN code is not 16 bytes long");
2699
bdb6d971 2700 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2701 if (err >= 0)
a69e8375
JH		 2702 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2703 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2704
2705 goto failed;
2706 }
2707
00abfe44 2708 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2709 if (!cmd) {
2710 err = -ENOMEM;
980e1a53 2711 goto failed;
366a0336 2712 }
980e1a53 2713
7776d1d8
JH		 2714 cmd->cmd_complete = addr_cmd_complete;
2715
d8457698 2716 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2717 reply.pin_len = cp->pin_len;
24718ca5 2718 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2719
2720 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2721 if (err < 0)
a664b5bc 2722 mgmt_pending_remove(cmd);
980e1a53
JH		 2723
2724failed:
09fd0de5 2725 hci_dev_unlock(hdev);
980e1a53
JH		 2726 return err;
2727}
2728
04124681
GP		 2729static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2730 u16 len)
17fa4b9d 2731{
650f726d 2732 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2733
2734 BT_DBG("");
2735
4ec86d4c 2736 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 2737 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2738 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 2739
09fd0de5 2740 hci_dev_lock(hdev);
17fa4b9d
JH		 2741
2742 hdev->io_capability = cp->io_capability;
2743
2744 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2745 hdev->io_capability);
17fa4b9d 2746
09fd0de5 2747 hci_dev_unlock(hdev);
17fa4b9d 2748
2a1afb5a
JH		 2749 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2750 NULL, 0);
17fa4b9d
JH		 2751}
2752
3b0602cd 2753static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2754{
2755 struct hci_dev *hdev = conn->hdev;
3b0602cd 2756 struct mgmt_pending_cmd *cmd;
e9a416b5 2757
2e58ef3e 2758 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2759 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2760 continue;
2761
e9a416b5
JH		 2762 if (cmd->user_data != conn)
2763 continue;
2764
2765 return cmd;
2766 }
2767
2768 return NULL;
2769}
2770
3b0602cd 2771static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 2772{
2773 struct mgmt_rp_pair_device rp;
2774 struct hci_conn *conn = cmd->user_data;
9df74653 2775 int err;
e9a416b5 2776
61b1a7fb
JH		 2777 bacpy(&rp.addr.bdaddr, &conn->dst);
2778 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2779
2a1afb5a
JH		 2780 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2781 status, &rp, sizeof(rp));
e9a416b5
JH		 2782
2783 /* So we don't get further callbacks for this connection */
2784 conn->connect_cfm_cb = NULL;
2785 conn->security_cfm_cb = NULL;
2786 conn->disconn_cfm_cb = NULL;
2787
76a68ba0 2788 hci_conn_drop(conn);
89cbb063
AA		 2789
2790 /* The device is paired so there is no need to remove
2791 * its connection parameters anymore.
2792 */
2793 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 2794
2795 hci_conn_put(conn);
9df74653
JH		 2796
2797 return err;
e9a416b5
JH		 2798}
2799
f4a407be
JH		 2800void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2801{
2802 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 2803 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 2804
2805 cmd = find_pairing(conn);
a511b35b 2806 if (cmd) {
04ab2749 2807 cmd->cmd_complete(cmd, status);
a511b35b
JH		 2808 mgmt_pending_remove(cmd);
2809 }
f4a407be
JH		 2810}
2811
e9a416b5
JH		 2812static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2813{
3b0602cd 2814 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2815
2816 BT_DBG("status %u", status);
2817
2818 cmd = find_pairing(conn);
a511b35b 2819 if (!cmd) {
e9a416b5 2820 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2821 return;
2822 }
2823
2824 cmd->cmd_complete(cmd, mgmt_status(status));
2825 mgmt_pending_remove(cmd);
e9a416b5
JH		 2826}
2827
f4a407be 2828static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 2829{
3b0602cd 2830 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 2831
2832 BT_DBG("status %u", status);
2833
2834 if (!status)
2835 return;
2836
2837 cmd = find_pairing(conn);
a511b35b 2838 if (!cmd) {
4c47d739 2839 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2840 return;
2841 }
2842
2843 cmd->cmd_complete(cmd, mgmt_status(status));
2844 mgmt_pending_remove(cmd);
4c47d739
VA		 2845}
2846
bdb6d971 2847static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2848 u16 len)
e9a416b5 2849{
650f726d 2850 struct mgmt_cp_pair_device *cp = data;
1425acb7 2851 struct mgmt_rp_pair_device rp;
3b0602cd 2852 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2853 u8 sec_level, auth_type;
2854 struct hci_conn *conn;
e9a416b5
JH		 2855 int err;
2856
2857 BT_DBG("");
2858
f950a30e
SJ		 2859 memset(&rp, 0, sizeof(rp));
2860 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2861 rp.addr.type = cp->addr.type;
2862
4ee71b20 2863 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2864 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2865 MGMT_STATUS_INVALID_PARAMS,
2866 &rp, sizeof(rp));
4ee71b20 2867
4ec86d4c 2868 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 2869 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2870 MGMT_STATUS_INVALID_PARAMS,
2871 &rp, sizeof(rp));
4ec86d4c 2872
09fd0de5 2873 hci_dev_lock(hdev);
e9a416b5 2874
5f97c1df 2875 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2876 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2877 MGMT_STATUS_NOT_POWERED, &rp,
2878 sizeof(rp));
5f97c1df
JH		 2879 goto unlock;
2880 }
2881
55e76b38
JH		 2882 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2883 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2884 MGMT_STATUS_ALREADY_PAIRED, &rp,
2885 sizeof(rp));
2886 goto unlock;
2887 }
2888
c908df36 2889 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2890 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2891
6f77d8c7 2892 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2893 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2894 auth_type);
6f77d8c7 2895 } else {
85813a7e 2896 u8 addr_type = le_addr_type(cp->addr.type);
5157b8a5 2897 struct hci_conn_params *p;
6f77d8c7 2898
7c264b10
MH		 2899 /* When pairing a new device, it is expected to remember
2900 * this device for future connections. Adding the connection
2901 * parameter information ahead of time allows tracking
2902 * of the slave preferred values and will speed up any
2903 * further connection establishment.
2904 *
2905 * If connection parameters already exist, then they
2906 * will be kept and this function does nothing.
2907 */
5157b8a5
JP		 2908 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2909
2910 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2911 p->auto_connect = HCI_AUTO_CONN_DISABLED;
7c264b10 2912
fa142220
JP		 2913 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2914 addr_type, sec_level,
0ad06aa6 2915 HCI_LE_CONN_TIMEOUT);
6f77d8c7 2916 }
7a512d01 2917
30e76272 2918 if (IS_ERR(conn)) {
489dc48e
AK		 2919 int status;
2920
2921 if (PTR_ERR(conn) == -EBUSY)
2922 status = MGMT_STATUS_BUSY;
faa81030
LR		 2923 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2924 status = MGMT_STATUS_NOT_SUPPORTED;
2925 else if (PTR_ERR(conn) == -ECONNREFUSED)
2926 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 2927 else
2928 status = MGMT_STATUS_CONNECT_FAILED;
2929
2a1afb5a
JH		 2930 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2931 status, &rp, sizeof(rp));
e9a416b5
JH		 2932 goto unlock;
2933 }
2934
2935 if (conn->connect_cfm_cb) {
76a68ba0 2936 hci_conn_drop(conn);
2a1afb5a
JH		 2937 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2938 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2939 goto unlock;
2940 }
2941
2e58ef3e 2942 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2943 if (!cmd) {
2944 err = -ENOMEM;
76a68ba0 2945 hci_conn_drop(conn);
e9a416b5
JH		 2946 goto unlock;
2947 }
2948
04ab2749
JH		 2949 cmd->cmd_complete = pairing_complete;
2950
7a512d01 2951 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2952 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2953 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2954 conn->security_cfm_cb = pairing_complete_cb;
2955 conn->disconn_cfm_cb = pairing_complete_cb;
2956 } else {
2957 conn->connect_cfm_cb = le_pairing_complete_cb;
2958 conn->security_cfm_cb = le_pairing_complete_cb;
2959 conn->disconn_cfm_cb = le_pairing_complete_cb;
2960 }
7a512d01 2961
e9a416b5 2962 conn->io_capability = cp->io_cap;
f8aaf9b6 2963 cmd->user_data = hci_conn_get(conn);
e9a416b5 2964
6f78fd4b 2965 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 2966 hci_conn_security(conn, sec_level, auth_type, true)) {
2967 cmd->cmd_complete(cmd, 0);
2968 mgmt_pending_remove(cmd);
2969 }
e9a416b5
JH		 2970
2971 err = 0;
2972
2973unlock:
09fd0de5 2974 hci_dev_unlock(hdev);
e9a416b5
JH		 2975 return err;
2976}
2977
04124681
GP		 2978static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2979 u16 len)
28424707 2980{
0f4e68cf 2981 struct mgmt_addr_info *addr = data;
3b0602cd 2982 struct mgmt_pending_cmd *cmd;
28424707
JH		 2983 struct hci_conn *conn;
2984 int err;
2985
2986 BT_DBG("");
2987
28424707
JH		 2988 hci_dev_lock(hdev);
2989
5f97c1df 2990 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2991 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2992 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2993 goto unlock;
2994 }
2995
333ae95d 2996 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 2997 if (!cmd) {
a69e8375
JH		 2998 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2999 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3000 goto unlock;
3001 }
3002
3003 conn = cmd->user_data;
3004
3005 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3006 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3007 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3008 goto unlock;
3009 }
3010
a511b35b
JH		 3011 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3012 mgmt_pending_remove(cmd);
28424707 3013
2a1afb5a
JH		 3014 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3015 addr, sizeof(*addr));
28424707
JH		 3016unlock:
3017 hci_dev_unlock(hdev);
28424707
JH		 3018 return err;
3019}
3020
bdb6d971 3021static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3022 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3023 u16 hci_op, __le32 passkey)
a5c29683 3024{
3b0602cd 3025 struct mgmt_pending_cmd *cmd;
0df4c185 3026 struct hci_conn *conn;
a5c29683
JH		 3027 int err;
3028
09fd0de5 3029 hci_dev_lock(hdev);
08ba5382 3030
4b34ee78 3031 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3032 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3033 MGMT_STATUS_NOT_POWERED, addr,
3034 sizeof(*addr));
0df4c185 3035 goto done;
a5c29683
JH		 3036 }
3037
1707c60e
JH		 3038 if (addr->type == BDADDR_BREDR)
3039 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3040 else
9d4c1cc1
JH		 3041 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3042 le_addr_type(addr->type));
272d90df
JH		 3043
3044 if (!conn) {
2a1afb5a
JH		 3045 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3046 MGMT_STATUS_NOT_CONNECTED, addr,
3047 sizeof(*addr));
272d90df
JH		 3048 goto done;
3049 }
47c15e2b 3050
1707c60e 3051 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3052 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3053 if (!err)
2a1afb5a
JH		 3054 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3055 MGMT_STATUS_SUCCESS, addr,
3056 sizeof(*addr));
5fe57d9e 3057 else
2a1afb5a
JH		 3058 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3059 MGMT_STATUS_FAILED, addr,
3060 sizeof(*addr));
47c15e2b 3061
47c15e2b
BG		 3062 goto done;
3063 }
3064
1707c60e 3065 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3066 if (!cmd) {
3067 err = -ENOMEM;
0df4c185 3068 goto done;
a5c29683
JH		 3069 }
3070
7776d1d8
JH		 3071 cmd->cmd_complete = addr_cmd_complete;
3072
0df4c185 3073 /* Continue with pairing via HCI */
604086b7
BG		 3074 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3075 struct hci_cp_user_passkey_reply cp;
3076
1707c60e 3077 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3078 cp.passkey = passkey;
3079 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3080 } else
1707c60e
JH		 3081 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3082 &addr->bdaddr);
604086b7 3083
a664b5bc
JH		 3084 if (err < 0)
3085 mgmt_pending_remove(cmd);
a5c29683 3086
0df4c185 3087done:
09fd0de5 3088 hci_dev_unlock(hdev);
a5c29683
JH		 3089 return err;
3090}
3091
afeb019d
JK		 3092static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3093 void *data, u16 len)
3094{
3095 struct mgmt_cp_pin_code_neg_reply *cp = data;
3096
3097 BT_DBG("");
3098
1707c60e 3099 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3100 MGMT_OP_PIN_CODE_NEG_REPLY,
3101 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3102}
3103
04124681
GP		 3104static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3105 u16 len)
0df4c185 3106{
650f726d 3107 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3108
3109 BT_DBG("");
3110
3111 if (len != sizeof(*cp))
a69e8375
JH		 3112 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3113 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3114
1707c60e 3115 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3116 MGMT_OP_USER_CONFIRM_REPLY,
3117 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3118}
3119
bdb6d971 3120static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3121 void *data, u16 len)
0df4c185 3122{
c9c2659f 3123 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3124
3125 BT_DBG("");
3126
1707c60e 3127 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3128 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3129 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3130}
3131
04124681
GP		 3132static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3133 u16 len)
604086b7 3134{
650f726d 3135 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3136
3137 BT_DBG("");
3138
1707c60e 3139 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3140 MGMT_OP_USER_PASSKEY_REPLY,
3141 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3142}
3143
bdb6d971 3144static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3145 void *data, u16 len)
604086b7 3146{
650f726d 3147 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3148
3149 BT_DBG("");
3150
1707c60e 3151 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3152 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3153 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3154}
3155
13928971 3156static void update_name(struct hci_request *req)
2b4bf397 3157{
13928971 3158 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3159 struct hci_cp_write_local_name cp;
3160
13928971 3161 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3162
890ea898 3163 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3164}
3165
1904a853 3166static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3167{
3168 struct mgmt_cp_set_local_name *cp;
3b0602cd 3169 struct mgmt_pending_cmd *cmd;
13928971
JH		 3170
3171 BT_DBG("status 0x%02x", status);
3172
3173 hci_dev_lock(hdev);
3174
333ae95d 3175 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 3176 if (!cmd)
3177 goto unlock;
3178
3179 cp = cmd->param;
3180
3181 if (status)
a69e8375
JH		 3182 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3183 mgmt_status(status));
13928971 3184 else
2a1afb5a
JH		 3185 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3186 cp, sizeof(*cp));
13928971
JH		 3187
3188 mgmt_pending_remove(cmd);
3189
3190unlock:
3191 hci_dev_unlock(hdev);
3192}
3193
bdb6d971 3194static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3195 u16 len)
b312b161 3196{
2b4bf397 3197 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3198 struct mgmt_pending_cmd *cmd;
890ea898 3199 struct hci_request req;
b312b161
JH		 3200 int err;
3201
3202 BT_DBG("");
3203
09fd0de5 3204 hci_dev_lock(hdev);
b312b161 3205
b3f2ca94
JH		 3206 /* If the old values are the same as the new ones just return a
3207 * direct command complete event.
3208 */
3209 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3210 !memcmp(hdev->short_name, cp->short_name,
3211 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3212 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3213 data, len);
b3f2ca94
JH		 3214 goto failed;
3215 }
3216
2b4bf397 3217 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3218
b5235a65 3219 if (!hdev_is_powered(hdev)) {
2b4bf397 3220 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3221
2a1afb5a
JH		 3222 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3223 data, len);
28cc7bde
JH		 3224 if (err < 0)
3225 goto failed;
3226
f6b7712e
MH		 3227 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3228 data, len, sk);
28cc7bde 3229
b5235a65
JH		 3230 goto failed;
3231 }
3232
28cc7bde 3233 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3234 if (!cmd) {
3235 err = -ENOMEM;
3236 goto failed;
3237 }
3238
13928971
JH		 3239 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3240
890ea898 3241 hci_req_init(&req, hdev);
3f985050
JH		 3242
3243 if (lmp_bredr_capable(hdev)) {
3244 update_name(&req);
3245 update_eir(&req);
3246 }
3247
7a5f4990
MH		 3248 /* The name is stored in the scan response data and so
3249 * no need to udpate the advertising data here.
3250 */
3f985050 3251 if (lmp_le_capable(hdev))
f2252570 3252 __hci_req_update_scan_rsp_data(&req, HCI_ADV_CURRENT);
3f985050 3253
13928971 3254 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3255 if (err < 0)
3256 mgmt_pending_remove(cmd);
3257
3258failed:
09fd0de5 3259 hci_dev_unlock(hdev);
b312b161
JH		 3260 return err;
3261}
3262
1b9441f8
JH		 3263static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3264 u16 opcode, struct sk_buff *skb)
3265{
3266 struct mgmt_rp_read_local_oob_data mgmt_rp;
3267 size_t rp_size = sizeof(mgmt_rp);
3268 struct mgmt_pending_cmd *cmd;
3269
3270 BT_DBG("%s status %u", hdev->name, status);
3271
3272 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3273 if (!cmd)
3274 return;
3275
3276 if (status || !skb) {
3277 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3278 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3279 goto remove;
3280 }
3281
3282 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3283
3284 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3285 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3286
3287 if (skb->len < sizeof(*rp)) {
3288 mgmt_cmd_status(cmd->sk, hdev->id,
3289 MGMT_OP_READ_LOCAL_OOB_DATA,
3290 MGMT_STATUS_FAILED);
3291 goto remove;
3292 }
3293
3294 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3295 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3296
3297 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3298 } else {
3299 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3300
3301 if (skb->len < sizeof(*rp)) {
3302 mgmt_cmd_status(cmd->sk, hdev->id,
3303 MGMT_OP_READ_LOCAL_OOB_DATA,
3304 MGMT_STATUS_FAILED);
3305 goto remove;
3306 }
3307
3308 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3309 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3310
3311 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3312 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3313 }
3314
3315 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3316 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3317
3318remove:
3319 mgmt_pending_remove(cmd);
3320}
3321
0f4e68cf 3322static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3323 void *data, u16 data_len)
c35938b2 3324{
3b0602cd 3325 struct mgmt_pending_cmd *cmd;
1b9441f8 3326 struct hci_request req;
c35938b2
SJ		 3327 int err;
3328
bdb6d971 3329 BT_DBG("%s", hdev->name);
c35938b2 3330
09fd0de5 3331 hci_dev_lock(hdev);
c35938b2 3332
4b34ee78 3333 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3334 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3335 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3336 goto unlock;
3337 }
3338
9a1a1996 3339 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3340 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3341 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3342 goto unlock;
3343 }
3344
333ae95d 3345 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3346 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3347 MGMT_STATUS_BUSY);
c35938b2
SJ		 3348 goto unlock;
3349 }
3350
2e58ef3e 3351 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3352 if (!cmd) {
3353 err = -ENOMEM;
3354 goto unlock;
3355 }
3356
1b9441f8
JH		 3357 hci_req_init(&req, hdev);
3358
710f11c0 3359 if (bredr_sc_enabled(hdev))
1b9441f8 3360 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4d2d2796 3361 else
1b9441f8 3362 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4d2d2796 3363
1b9441f8 3364 err = hci_req_run_skb(&req, read_local_oob_data_complete);
c35938b2
SJ		 3365 if (err < 0)
3366 mgmt_pending_remove(cmd);
3367
3368unlock:
09fd0de5 3369 hci_dev_unlock(hdev);
c35938b2
SJ		 3370 return err;
3371}
3372
bdb6d971 3373static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3374 void *data, u16 len)
2763eda6 3375{
5d57e796 3376 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3377 int err;
3378
bdb6d971 3379 BT_DBG("%s ", hdev->name);
2763eda6 3380
5d57e796 3381 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3382 return mgmt_cmd_complete(sk, hdev->id,
3383 MGMT_OP_ADD_REMOTE_OOB_DATA,
3384 MGMT_STATUS_INVALID_PARAMS,
3385 addr, sizeof(*addr));
5d57e796 3386
09fd0de5 3387 hci_dev_lock(hdev);
2763eda6 3388
ec109113
MH		 3389 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3390 struct mgmt_cp_add_remote_oob_data *cp = data;
3391 u8 status;
bf1e3541 3392
c19a495c 3393 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3394 err = mgmt_cmd_complete(sk, hdev->id,
3395 MGMT_OP_ADD_REMOTE_OOB_DATA,
3396 MGMT_STATUS_INVALID_PARAMS,
3397 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3398 goto unlock;
3399 }
3400
ec109113 3401 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3402 cp->addr.type, cp->hash,
3403 cp->rand, NULL, NULL);
ec109113
MH		 3404 if (err < 0)
3405 status = MGMT_STATUS_FAILED;
3406 else
3407 status = MGMT_STATUS_SUCCESS;
3408
2a1afb5a
JH		 3409 err = mgmt_cmd_complete(sk, hdev->id,
3410 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3411 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3412 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3413 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3414 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3415 u8 status;
3416
86df9200 3417 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3418 /* Enforce zero-valued 192-bit parameters as
3419 * long as legacy SMP OOB isn't implemented.
3420 */
3421 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3422 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3423 err = mgmt_cmd_complete(sk, hdev->id,
3424 MGMT_OP_ADD_REMOTE_OOB_DATA,
3425 MGMT_STATUS_INVALID_PARAMS,
3426 addr, sizeof(*addr));
d25b78e2
JH		 3427 goto unlock;
3428 }
3429
86df9200
JH		 3430 rand192 = NULL;
3431 hash192 = NULL;
3432 } else {
41bcfd50
MH		 3433 /* In case one of the P-192 values is set to zero,
3434 * then just disable OOB data for P-192.
3435 */
3436 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3437 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3438 rand192 = NULL;
3439 hash192 = NULL;
3440 } else {
3441 rand192 = cp->rand192;
3442 hash192 = cp->hash192;
3443 }
3444 }
3445
3446 /* In case one of the P-256 values is set to zero, then just
3447 * disable OOB data for P-256.
3448 */
3449 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3450 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3451 rand256 = NULL;
3452 hash256 = NULL;
3453 } else {
3454 rand256 = cp->rand256;
3455 hash256 = cp->hash256;
86df9200
JH		 3456 }
3457
81328d5c 3458 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3459 cp->addr.type, hash192, rand192,
41bcfd50 3460 hash256, rand256);
ec109113
MH		 3461 if (err < 0)
3462 status = MGMT_STATUS_FAILED;
3463 else
3464 status = MGMT_STATUS_SUCCESS;
3465
2a1afb5a
JH		 3466 err = mgmt_cmd_complete(sk, hdev->id,
3467 MGMT_OP_ADD_REMOTE_OOB_DATA,
3468 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3469 } else {
3470 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3471 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3472 MGMT_STATUS_INVALID_PARAMS);
ec109113 3473 }
2763eda6 3474
c19a495c 3475unlock:
09fd0de5 3476 hci_dev_unlock(hdev);
2763eda6
SJ		 3477 return err;
3478}
3479
bdb6d971 3480static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3481 void *data, u16 len)
2763eda6 3482{
650f726d 3483 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3484 u8 status;
2763eda6
SJ		 3485 int err;
3486
bdb6d971 3487 BT_DBG("%s", hdev->name);
2763eda6 3488
c19a495c 3489 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3490 return mgmt_cmd_complete(sk, hdev->id,
3491 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3492 MGMT_STATUS_INVALID_PARAMS,
3493 &cp->addr, sizeof(cp->addr));
c19a495c 3494
09fd0de5 3495 hci_dev_lock(hdev);
2763eda6 3496
eedbd581
JH		 3497 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3498 hci_remote_oob_data_clear(hdev);
3499 status = MGMT_STATUS_SUCCESS;
3500 goto done;
3501 }
3502
6928a924 3503 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3504 if (err < 0)
bf1e3541 3505 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3506 else
a6785be2 3507 status = MGMT_STATUS_SUCCESS;
bf1e3541 3508
eedbd581 3509done:
2a1afb5a
JH		 3510 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3511 status, &cp->addr, sizeof(cp->addr));
2763eda6 3512
09fd0de5 3513 hci_dev_unlock(hdev);
2763eda6
SJ		 3514 return err;
3515}
3516
e68f072b 3517void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
7c307720 3518{
3b0602cd 3519 struct mgmt_pending_cmd *cmd;
ae55f598 3520
7c307720
AG		 3521 BT_DBG("status %d", status);
3522
11e6e25d 3523 hci_dev_lock(hdev);
41dc2bd6 3524
333ae95d 3525 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 3526 if (!cmd)
333ae95d 3527 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 3528
11e6e25d 3529 if (cmd) {
2922a94f 3530 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3531 mgmt_pending_remove(cmd);
3532 }
7c307720 3533
11e6e25d 3534 hci_dev_unlock(hdev);
7c307720
AG		 3535}
3536
591752af
JH		 3537static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3538 uint8_t *mgmt_status)
3539{
3540 switch (type) {
3541 case DISCOV_TYPE_LE:
3542 *mgmt_status = mgmt_le_support(hdev);
3543 if (*mgmt_status)
3544 return false;
3545 break;
3546 case DISCOV_TYPE_INTERLEAVED:
3547 *mgmt_status = mgmt_le_support(hdev);
3548 if (*mgmt_status)
3549 return false;
3550 /* Intentional fall-through */
3551 case DISCOV_TYPE_BREDR:
3552 *mgmt_status = mgmt_bredr_support(hdev);
3553 if (*mgmt_status)
3554 return false;
3555 break;
3556 default:
3557 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3558 return false;
3559 }
3560
3561 return true;
3562}
3563
bdb6d971 3564static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3565 void *data, u16 len)
14a53664 3566{
650f726d 3567 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 3568 struct mgmt_pending_cmd *cmd;
8019044d 3569 u8 status;
14a53664
JH		 3570 int err;
3571
bdb6d971 3572 BT_DBG("%s", hdev->name);
14a53664 3573
09fd0de5 3574 hci_dev_lock(hdev);
14a53664 3575
4b34ee78 3576 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3577 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3578 MGMT_STATUS_NOT_POWERED,
3579 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3580 goto failed;
3581 }
3582
f5a969f2 3583 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 3584 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 3585 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3586 MGMT_STATUS_BUSY, &cp->type,
3587 sizeof(cp->type));
642be6c7
AG		 3588 goto failed;
3589 }
3590
591752af
JH		 3591 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3592 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3593 status, &cp->type, sizeof(cp->type));
3594 goto failed;
3595 }
3596
22078800
MH		 3597 /* Clear the discovery filter first to free any previously
3598 * allocated memory for the UUID list.
3599 */
3600 hci_discovery_filter_clear(hdev);
3601
4aab14e5 3602 hdev->discovery.type = cp->type;
da25cf6a 3603 hdev->discovery.report_invalid_rssi = false;
4aab14e5 3604
e68f072b
JH		 3605 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
3606 if (!cmd) {
3607 err = -ENOMEM;
04106755 3608 goto failed;
f39799f5 3609 }
04106755 3610
e68f072b 3611 cmd->cmd_complete = generic_cmd_complete;
7c307720 3612
f5a969f2 3613 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 3614 queue_work(hdev->req_workqueue, &hdev->discov_update);
3615 err = 0;
7c307720 3616
14a53664 3617failed:
09fd0de5 3618 hci_dev_unlock(hdev);
14a53664
JH		 3619 return err;
3620}
f39799f5 3621
3b0602cd
JH		 3622static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3623 u8 status)
2922a94f 3624{
2a1afb5a
JH		 3625 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3626 cmd->param, 1);
2922a94f 3627}
04106755 3628
66ea9427
JP		 3629static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3630 void *data, u16 len)
3631{
3632 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 3633 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 3634 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3635 u16 uuid_count, expected_len;
3636 u8 status;
3637 int err;
04106755 3638
66ea9427 3639 BT_DBG("%s", hdev->name);
e8bb6b97 3640
66ea9427 3641 hci_dev_lock(hdev);
7c307720 3642
66ea9427 3643 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3644 err = mgmt_cmd_complete(sk, hdev->id,
3645 MGMT_OP_START_SERVICE_DISCOVERY,
3646 MGMT_STATUS_NOT_POWERED,
3647 &cp->type, sizeof(cp->type));
66ea9427
JP		 3648 goto failed;
3649 }
7c307720 3650
66ea9427 3651 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 3652 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 3653 err = mgmt_cmd_complete(sk, hdev->id,
3654 MGMT_OP_START_SERVICE_DISCOVERY,
3655 MGMT_STATUS_BUSY, &cp->type,
3656 sizeof(cp->type));
66ea9427
JP		 3657 goto failed;
3658 }
d9483943 3659
66ea9427
JP		 3660 uuid_count = __le16_to_cpu(cp->uuid_count);
3661 if (uuid_count > max_uuid_count) {
3662 BT_ERR("service_discovery: too big uuid_count value %u",
3663 uuid_count);
2a1afb5a
JH		 3664 err = mgmt_cmd_complete(sk, hdev->id,
3665 MGMT_OP_START_SERVICE_DISCOVERY,
3666 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3667 sizeof(cp->type));
66ea9427
JP		 3668 goto failed;
3669 }
3670
3671 expected_len = sizeof(*cp) + uuid_count * 16;
3672 if (expected_len != len) {
3673 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
3674 expected_len, len);
2a1afb5a
JH		 3675 err = mgmt_cmd_complete(sk, hdev->id,
3676 MGMT_OP_START_SERVICE_DISCOVERY,
3677 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3678 sizeof(cp->type));
66ea9427
JP		 3679 goto failed;
3680 }
3681
591752af
JH		 3682 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3683 err = mgmt_cmd_complete(sk, hdev->id,
3684 MGMT_OP_START_SERVICE_DISCOVERY,
3685 status, &cp->type, sizeof(cp->type));
3686 goto failed;
3687 }
3688
66ea9427 3689 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 3690 hdev, data, len);
66ea9427
JP		 3691 if (!cmd) {
3692 err = -ENOMEM;
3693 goto failed;
3694 }
3695
2922a94f
JH		 3696 cmd->cmd_complete = service_discovery_cmd_complete;
3697
22078800
MH		 3698 /* Clear the discovery filter first to free any previously
3699 * allocated memory for the UUID list.
3700 */
3701 hci_discovery_filter_clear(hdev);
3702
82f8b651 3703 hdev->discovery.result_filtering = true;
66ea9427
JP		 3704 hdev->discovery.type = cp->type;
3705 hdev->discovery.rssi = cp->rssi;
3706 hdev->discovery.uuid_count = uuid_count;
3707
3708 if (uuid_count > 0) {
3709 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
3710 GFP_KERNEL);
3711 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 3712 err = mgmt_cmd_complete(sk, hdev->id,
3713 MGMT_OP_START_SERVICE_DISCOVERY,
3714 MGMT_STATUS_FAILED,
3715 &cp->type, sizeof(cp->type));
d9483943
JH		 3716 mgmt_pending_remove(cmd);
3717 goto failed;
3718 }
66ea9427 3719 }
d9483943 3720
66ea9427 3721 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 3722 queue_work(hdev->req_workqueue, &hdev->discov_update);
3723 err = 0;
14a53664
JH		 3724
3725failed:
09fd0de5 3726 hci_dev_unlock(hdev);
14a53664
JH		 3727 return err;
3728}
3729
2154d3f4 3730void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca 3731{
3b0602cd 3732 struct mgmt_pending_cmd *cmd;
1183fdca 3733
0e05bba6
AG		 3734 BT_DBG("status %d", status);
3735
3736 hci_dev_lock(hdev);
3737
333ae95d 3738 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 3739 if (cmd) {
2922a94f 3740 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 3741 mgmt_pending_remove(cmd);
0e05bba6
AG		 3742 }
3743
0e05bba6
AG		 3744 hci_dev_unlock(hdev);
3745}
3746
bdb6d971 3747static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3748 u16 len)
14a53664 3749{
d930650b 3750 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 3751 struct mgmt_pending_cmd *cmd;
14a53664
JH		 3752 int err;
3753
bdb6d971 3754 BT_DBG("%s", hdev->name);
14a53664 3755
09fd0de5 3756 hci_dev_lock(hdev);
14a53664 3757
30dc78e1 3758 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 3759 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3760 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3761 sizeof(mgmt_cp->type));
d930650b
JH		 3762 goto unlock;
3763 }
3764
3765 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 3766 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3767 MGMT_STATUS_INVALID_PARAMS,
3768 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 3769 goto unlock;
ff9ef578
JH		 3770 }
3771
2922a94f 3772 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 3773 if (!cmd) {
3774 err = -ENOMEM;
30dc78e1
JH		 3775 goto unlock;
3776 }
3777
2922a94f
JH		 3778 cmd->cmd_complete = generic_cmd_complete;
3779
2154d3f4
JH		 3780 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3781 queue_work(hdev->req_workqueue, &hdev->discov_update);
3782 err = 0;
14a53664 3783
30dc78e1 3784unlock:
09fd0de5 3785 hci_dev_unlock(hdev);
14a53664
JH		 3786 return err;
3787}
3788
bdb6d971 3789static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3790 u16 len)
561aafbc 3791{
650f726d 3792 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3793 struct inquiry_entry *e;
561aafbc
JH		 3794 int err;
3795
bdb6d971 3796 BT_DBG("%s", hdev->name);
561aafbc 3797
561aafbc
JH		 3798 hci_dev_lock(hdev);
3799
30dc78e1 3800 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 3801 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3802 MGMT_STATUS_FAILED, &cp->addr,
3803 sizeof(cp->addr));
30dc78e1
JH		 3804 goto failed;
3805 }
3806
a198e7b1 3807 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3808 if (!e) {
2a1afb5a
JH		 3809 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3810 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3811 sizeof(cp->addr));
561aafbc
JH		 3812 goto failed;
3813 }
3814
3815 if (cp->name_known) {
3816 e->name_state = NAME_KNOWN;
3817 list_del(&e->list);
3818 } else {
3819 e->name_state = NAME_NEEDED;
a3d4e20a 3820 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3821 }
3822
2a1afb5a
JH		 3823 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
3824 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 3825
3826failed:
3827 hci_dev_unlock(hdev);
561aafbc
JH		 3828 return err;
3829}
3830
bdb6d971 3831static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3832 u16 len)
7fbec224 3833{
650f726d 3834 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3835 u8 status;
7fbec224
AJ		 3836 int err;
3837
bdb6d971 3838 BT_DBG("%s", hdev->name);
7fbec224 3839
4ee71b20 3840 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3841 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3842 MGMT_STATUS_INVALID_PARAMS,
3843 &cp->addr, sizeof(cp->addr));
4ee71b20 3844
09fd0de5 3845 hci_dev_lock(hdev);
5e762444 3846
dcc36c16
JH		 3847 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3848 cp->addr.type);
2a8357f2 3849 if (err < 0) {
f0eeea8b 3850 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3851 goto done;
3852 }
3853
3854 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3855 sk);
3856 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3857
2a8357f2 3858done:
2a1afb5a
JH		 3859 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3860 &cp->addr, sizeof(cp->addr));
5e762444 3861
09fd0de5 3862 hci_dev_unlock(hdev);
7fbec224
AJ		 3863
3864 return err;
3865}
3866
bdb6d971 3867static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3868 u16 len)
7fbec224 3869{
650f726d 3870 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3871 u8 status;
7fbec224
AJ		 3872 int err;
3873
bdb6d971 3874 BT_DBG("%s", hdev->name);
7fbec224 3875
4ee71b20 3876 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3877 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3878 MGMT_STATUS_INVALID_PARAMS,
3879 &cp->addr, sizeof(cp->addr));
4ee71b20 3880
09fd0de5 3881 hci_dev_lock(hdev);
5e762444 3882
dcc36c16
JH		 3883 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
3884 cp->addr.type);
2a8357f2 3885 if (err < 0) {
f0eeea8b 3886 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 3887 goto done;
3888 }
3889
3890 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3891 sk);
3892 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3893
2a8357f2 3894done:
2a1afb5a
JH		 3895 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3896 &cp->addr, sizeof(cp->addr));
5e762444 3897
09fd0de5 3898 hci_dev_unlock(hdev);
7fbec224
AJ		 3899
3900 return err;
3901}
3902
cdbaccca
MH		 3903static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3904 u16 len)
3905{
3906 struct mgmt_cp_set_device_id *cp = data;
890ea898 3907 struct hci_request req;
cdbaccca 3908 int err;
c72d4b8a 3909 __u16 source;
cdbaccca
MH		 3910
3911 BT_DBG("%s", hdev->name);
3912
c72d4b8a
SJ		 3913 source = __le16_to_cpu(cp->source);
3914
3915 if (source > 0x0002)
a69e8375
JH		 3916 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3917 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 3918
cdbaccca
MH		 3919 hci_dev_lock(hdev);
3920
c72d4b8a 3921 hdev->devid_source = source;
cdbaccca
MH		 3922 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3923 hdev->devid_product = __le16_to_cpu(cp->product);
3924 hdev->devid_version = __le16_to_cpu(cp->version);
3925
2a1afb5a
JH		 3926 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
3927 NULL, 0);
cdbaccca 3928
890ea898
JH		 3929 hci_req_init(&req, hdev);
3930 update_eir(&req);
3931 hci_req_run(&req, NULL);
cdbaccca
MH		 3932
3933 hci_dev_unlock(hdev);
3934
3935 return err;
3936}
3937
24b4f38f
AU		 3938static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
3939 u16 opcode)
3940{
3941 BT_DBG("status %d", status);
3942}
3943
1904a853
MH		 3944static void set_advertising_complete(struct hci_dev *hdev, u8 status,
3945 u16 opcode)
4375f103
JH		 3946{
3947 struct cmd_lookup match = { NULL, hdev };
24b4f38f 3948 struct hci_request req;
7816b820
FG		 3949 u8 instance;
3950 struct adv_info *adv_instance;
3951 int err;
4375f103 3952
3ad67582
JK		 3953 hci_dev_lock(hdev);
3954
4375f103
JH		 3955 if (status) {
3956 u8 mgmt_err = mgmt_status(status);
3957
3958 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3959 cmd_status_rsp, &mgmt_err);
3ad67582 3960 goto unlock;
4375f103
JH		 3961 }
3962
d7a5a11d 3963 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 3964 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 3965 else
a358dc11 3966 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 3967
4375f103
JH		 3968 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3969 &match);
3970
3971 new_settings(hdev, match.sk);
3972
3973 if (match.sk)
3974 sock_put(match.sk);
3ad67582 3975
24b4f38f 3976 /* If "Set Advertising" was just disabled and instance advertising was
7816b820 3977 * set up earlier, then re-enable multi-instance advertising.
24b4f38f
AU		 3978 */
3979 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7816b820
FG		 3980 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) ||
3981 list_empty(&hdev->adv_instances))
24b4f38f
AU		 3982 goto unlock;
3983
7816b820
FG		 3984 instance = hdev->cur_adv_instance;
3985 if (!instance) {
3986 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
3987 struct adv_info, list);
3988 if (!adv_instance)
3989 goto unlock;
3990
3991 instance = adv_instance->instance;
3992 }
3993
24b4f38f
AU		 3994 hci_req_init(&req, hdev);
3995
f2252570 3996 err = __hci_req_schedule_adv_instance(&req, instance, true);
7816b820
FG		 3997
3998 if (!err)
3999 err = hci_req_run(&req, enable_advertising_instance);
24b4f38f 4000
7816b820 4001 if (err)
24b4f38f
AU		 4002 BT_ERR("Failed to re-configure advertising");
4003
3ad67582
JK		 4004unlock:
4005 hci_dev_unlock(hdev);
4375f103
JH		 4006}
4007
21b5187f
MH		 4008static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4009 u16 len)
4375f103
JH		 4010{
4011 struct mgmt_mode *cp = data;
3b0602cd 4012 struct mgmt_pending_cmd *cmd;
4375f103 4013 struct hci_request req;
cc91cb04 4014 u8 val, status;
4375f103
JH		 4015 int err;
4016
4017 BT_DBG("request for %s", hdev->name);
4018
e6fe7986
JH		 4019 status = mgmt_le_support(hdev);
4020 if (status)
a69e8375
JH		 4021 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4022 status);
4375f103 4023
cc91cb04 4024 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4025 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4026 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4027
4028 hci_dev_lock(hdev);
4029
4030 val = !!cp->val;
4375f103 4031
f74ca9b8
JH		 4032 /* The following conditions are ones which mean that we should
4033 * not do any HCI communication but directly send a mgmt
4034 * response to user space (after toggling the flag if
4035 * necessary).
4036 */
cc91cb04 4037 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 4038 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4039 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 4040 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 4041 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 4042 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 4043 bool changed;
4375f103 4044
cc91cb04 4045 if (cp->val) {
238be788 4046 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 4047 if (cp->val == 0x02)
a1536da2 4048 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4049 else
a358dc11 4050 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4051 } else {
a69d8927 4052 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 4053 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 4054 }
4055
4056 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4057 if (err < 0)
4058 goto unlock;
4059
4060 if (changed)
4061 err = new_settings(hdev, sk);
4062
4063 goto unlock;
4064 }
4065
333ae95d
JH		 4066 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4067 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4068 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4069 MGMT_STATUS_BUSY);
4375f103
JH		 4070 goto unlock;
4071 }
4072
4073 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4074 if (!cmd) {
4075 err = -ENOMEM;
4076 goto unlock;
4077 }
4078
4079 hci_req_init(&req, hdev);
4080
cc91cb04 4081 if (cp->val == 0x02)
a1536da2 4082 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4083 else
a358dc11 4084 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4085
7816b820
FG		 4086 cancel_adv_timeout(hdev);
4087
24b4f38f 4088 if (val) {
7816b820
FG		 4089 /* Switch to instance "0" for the Set Advertising setting.
4090 * We cannot use update_[adv|scan_rsp]_data() here as the
4091 * HCI_ADVERTISING flag is not yet set.
4092 */
f2252570
JH		 4093 __hci_req_update_adv_data(&req, 0x00);
4094 __hci_req_update_scan_rsp_data(&req, 0x00);
4095 __hci_req_enable_advertising(&req);
24b4f38f 4096 } else {
f2252570 4097 __hci_req_disable_advertising(&req);
24b4f38f 4098 }
4375f103
JH		 4099
4100 err = hci_req_run(&req, set_advertising_complete);
4101 if (err < 0)
4102 mgmt_pending_remove(cmd);
4103
4104unlock:
4105 hci_dev_unlock(hdev);
4106 return err;
4107}
4108
d13eafce
MH		 4109static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4110 void *data, u16 len)
4111{
4112 struct mgmt_cp_set_static_address *cp = data;
4113 int err;
4114
4115 BT_DBG("%s", hdev->name);
4116
62af4443 4117 if (!lmp_le_capable(hdev))
a69e8375
JH		 4118 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4119 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4120
4121 if (hdev_is_powered(hdev))
a69e8375
JH		 4122 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4123 MGMT_STATUS_REJECTED);
d13eafce
MH		 4124
4125 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4126 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4127 return mgmt_cmd_status(sk, hdev->id,
4128 MGMT_OP_SET_STATIC_ADDRESS,
4129 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4130
4131 /* Two most significant bits shall be set */
4132 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4133 return mgmt_cmd_status(sk, hdev->id,
4134 MGMT_OP_SET_STATIC_ADDRESS,
4135 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4136 }
4137
4138 hci_dev_lock(hdev);
4139
4140 bacpy(&hdev->static_addr, &cp->bdaddr);
4141
93690c22
MH		 4142 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4143 if (err < 0)
4144 goto unlock;
4145
4146 err = new_settings(hdev, sk);
d13eafce 4147
93690c22 4148unlock:
d13eafce 4149 hci_dev_unlock(hdev);
d13eafce
MH		 4150 return err;
4151}
4152
14b49b9a
MH		 4153static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4154 void *data, u16 len)
4155{
4156 struct mgmt_cp_set_scan_params *cp = data;
4157 __u16 interval, window;
4158 int err;
4159
4160 BT_DBG("%s", hdev->name);
4161
4162 if (!lmp_le_capable(hdev))
a69e8375
JH		 4163 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4164 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4165
4166 interval = __le16_to_cpu(cp->interval);
4167
4168 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4169 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4170 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4171
4172 window = __le16_to_cpu(cp->window);
4173
4174 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4175 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4176 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4177
899e1075 4178 if (window > interval)
a69e8375
JH		 4179 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4180 MGMT_STATUS_INVALID_PARAMS);
899e1075 4181
14b49b9a
MH		 4182 hci_dev_lock(hdev);
4183
4184 hdev->le_scan_interval = interval;
4185 hdev->le_scan_window = window;
4186
2a1afb5a
JH		 4187 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4188 NULL, 0);
14b49b9a 4189
dd2ef8e2
AG		 4190 /* If background scan is running, restart it so new parameters are
4191 * loaded.
4192 */
d7a5a11d 4193 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4194 hdev->discovery.state == DISCOVERY_STOPPED) {
4195 struct hci_request req;
4196
4197 hci_req_init(&req, hdev);
4198
4199 hci_req_add_le_scan_disable(&req);
4200 hci_req_add_le_passive_scan(&req);
4201
4202 hci_req_run(&req, NULL);
4203 }
4204
14b49b9a
MH		 4205 hci_dev_unlock(hdev);
4206
4207 return err;
4208}
4209
1904a853
MH		 4210static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4211 u16 opcode)
33e38b3e 4212{
3b0602cd 4213 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4214
4215 BT_DBG("status 0x%02x", status);
4216
4217 hci_dev_lock(hdev);
4218
333ae95d 4219 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
33e38b3e
JH		 4220 if (!cmd)
4221 goto unlock;
4222
4223 if (status) {
a69e8375
JH		 4224 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4225 mgmt_status(status));
33e38b3e 4226 } else {
1a4d3c4b
JH		 4227 struct mgmt_mode *cp = cmd->param;
4228
4229 if (cp->val)
a1536da2 4230 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4231 else
a358dc11 4232 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4233
33e38b3e
JH		 4234 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4235 new_settings(hdev, cmd->sk);
4236 }
4237
4238 mgmt_pending_remove(cmd);
4239
4240unlock:
4241 hci_dev_unlock(hdev);
4242}
4243
bdb6d971 4244static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4245 void *data, u16 len)
f6422ec6 4246{
650f726d 4247 struct mgmt_mode *cp = data;
3b0602cd 4248 struct mgmt_pending_cmd *cmd;
33e38b3e 4249 struct hci_request req;
f6422ec6
AJ		 4250 int err;
4251
bdb6d971 4252 BT_DBG("%s", hdev->name);
f6422ec6 4253
d7a5a11d 4254 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4255 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4256 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4257 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4258
a7e80f25 4259 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4260 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4261 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4262
f6422ec6
AJ		 4263 hci_dev_lock(hdev);
4264
333ae95d 4265 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4266 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4267 MGMT_STATUS_BUSY);
05cbf29f
JH		 4268 goto unlock;
4269 }
4270
d7a5a11d 4271 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4272 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4273 hdev);
4274 goto unlock;
4275 }
4276
406ef2a6 4277 if (!hdev_is_powered(hdev)) {
ce05d603 4278 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4279 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4280 hdev);
4281 new_settings(hdev, sk);
4282 goto unlock;
4283 }
4284
33e38b3e
JH		 4285 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4286 data, len);
4287 if (!cmd) {
4288 err = -ENOMEM;
4289 goto unlock;
f6422ec6
AJ		 4290 }
4291
33e38b3e
JH		 4292 hci_req_init(&req, hdev);
4293
406d7804 4294 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4295
4296 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4297 if (err < 0) {
a69e8375
JH		 4298 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4299 MGMT_STATUS_FAILED);
33e38b3e 4300 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4301 }
4302
33e38b3e 4303unlock:
f6422ec6 4304 hci_dev_unlock(hdev);
33e38b3e 4305
f6422ec6
AJ		 4306 return err;
4307}
4308
1904a853 4309static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4310{
3b0602cd 4311 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4312
4313 BT_DBG("status 0x%02x", status);
4314
4315 hci_dev_lock(hdev);
4316
333ae95d 4317 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
0663ca2a
JH		 4318 if (!cmd)
4319 goto unlock;
4320
4321 if (status) {
4322 u8 mgmt_err = mgmt_status(status);
4323
4324 /* We need to restore the flag if related HCI commands
4325 * failed.
4326 */
a358dc11 4327 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4328
a69e8375 4329 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4330 } else {
4331 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4332 new_settings(hdev, cmd->sk);
4333 }
4334
4335 mgmt_pending_remove(cmd);
4336
4337unlock:
4338 hci_dev_unlock(hdev);
4339}
4340
4341static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4342{
4343 struct mgmt_mode *cp = data;
3b0602cd 4344 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4345 struct hci_request req;
4346 int err;
4347
4348 BT_DBG("request for %s", hdev->name);
4349
4350 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4351 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4352 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4353
d7a5a11d 4354 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4355 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4356 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4357
4358 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4359 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4360 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4361
4362 hci_dev_lock(hdev);
4363
d7a5a11d 4364 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4365 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4366 goto unlock;
4367 }
4368
4369 if (!hdev_is_powered(hdev)) {
4370 if (!cp->val) {
a358dc11
MH		 4371 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4372 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4373 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4374 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4375 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4376 }
4377
ce05d603 4378 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4379
4380 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4381 if (err < 0)
4382 goto unlock;
4383
4384 err = new_settings(hdev, sk);
4385 goto unlock;
4386 }
4387
4388 /* Reject disabling when powered on */
4389 if (!cp->val) {
a69e8375
JH		 4390 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4391 MGMT_STATUS_REJECTED);
0663ca2a 4392 goto unlock;
111e4bcc
MH		 4393 } else {
4394 /* When configuring a dual-mode controller to operate
4395 * with LE only and using a static address, then switching
4396 * BR/EDR back on is not allowed.
4397 *
4398 * Dual-mode controllers shall operate with the public
4399 * address as its identity address for BR/EDR and LE. So
4400 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4401 *
4402 * The same restrictions applies when secure connections
4403 * has been enabled. For BR/EDR this is a controller feature
4404 * while for LE it is a host stack feature. This means that
4405 * switching BR/EDR back on when secure connections has been
4406 * enabled is not a supported transaction.
111e4bcc 4407 */
d7a5a11d 4408 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 4409 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 4410 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 4411 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4412 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4413 goto unlock;
4414 }
0663ca2a
JH		 4415 }
4416
333ae95d 4417 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4418 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4419 MGMT_STATUS_BUSY);
0663ca2a
JH		 4420 goto unlock;
4421 }
4422
4423 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4424 if (!cmd) {
4425 err = -ENOMEM;
4426 goto unlock;
4427 }
4428
f2252570
JH		 4429 /* We need to flip the bit already here so that
4430 * hci_req_update_adv_data generates the correct flags.
0663ca2a 4431 */
a1536da2 4432 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4433
4434 hci_req_init(&req, hdev);
aa8af46e 4435
432df05e 4436 write_fast_connectable(&req, false);
01b1cb87 4437 __hci_req_update_scan(&req);
aa8af46e 4438
f14d8f64
MH		 4439 /* Since only the advertising data flags will change, there
4440 * is no need to update the scan response data.
4441 */
f2252570 4442 __hci_req_update_adv_data(&req, HCI_ADV_CURRENT);
aa8af46e 4443
0663ca2a
JH		 4444 err = hci_req_run(&req, set_bredr_complete);
4445 if (err < 0)
4446 mgmt_pending_remove(cmd);
4447
4448unlock:
4449 hci_dev_unlock(hdev);
4450 return err;
4451}
4452
a1443f5a
JH		 4453static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4454{
3b0602cd 4455 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4456 struct mgmt_mode *cp;
4457
4458 BT_DBG("%s status %u", hdev->name, status);
4459
4460 hci_dev_lock(hdev);
4461
333ae95d 4462 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
a1443f5a
JH		 4463 if (!cmd)
4464 goto unlock;
4465
4466 if (status) {
a69e8375
JH		 4467 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4468 mgmt_status(status));
a1443f5a
JH		 4469 goto remove;
4470 }
4471
4472 cp = cmd->param;
4473
4474 switch (cp->val) {
4475 case 0x00:
a358dc11
MH		 4476 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4477 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4478 break;
4479 case 0x01:
a1536da2 4480 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 4481 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4482 break;
4483 case 0x02:
a1536da2
MH		 4484 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4485 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4486 break;
4487 }
4488
4489 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4490 new_settings(hdev, cmd->sk);
4491
4492remove:
4493 mgmt_pending_remove(cmd);
4494unlock:
4495 hci_dev_unlock(hdev);
4496}
4497
eac83dc6
MH		 4498static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4499 void *data, u16 len)
4500{
4501 struct mgmt_mode *cp = data;
3b0602cd 4502 struct mgmt_pending_cmd *cmd;
a1443f5a 4503 struct hci_request req;
a3209694 4504 u8 val;
eac83dc6
MH		 4505 int err;
4506
4507 BT_DBG("request for %s", hdev->name);
4508
05b3c3e7 4509 if (!lmp_sc_capable(hdev) &&
d7a5a11d 4510 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4511 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4512 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 4513
d7a5a11d 4514 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 4515 lmp_sc_capable(hdev) &&
d7a5a11d 4516 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 4517 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4518 MGMT_STATUS_REJECTED);
ed93ec69 4519
0ab04a9c 4520 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 4521 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 4522 MGMT_STATUS_INVALID_PARAMS);
4523
4524 hci_dev_lock(hdev);
4525
05b3c3e7 4526 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 4527 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 4528 bool changed;
4529
0ab04a9c 4530 if (cp->val) {
238be788
MH		 4531 changed = !hci_dev_test_and_set_flag(hdev,
4532 HCI_SC_ENABLED);
0ab04a9c 4533 if (cp->val == 0x02)
a1536da2 4534 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4535 else
a358dc11 4536 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4537 } else {
a69d8927
MH		 4538 changed = hci_dev_test_and_clear_flag(hdev,
4539 HCI_SC_ENABLED);
a358dc11 4540 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4541 }
eac83dc6
MH		 4542
4543 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4544 if (err < 0)
4545 goto failed;
4546
4547 if (changed)
4548 err = new_settings(hdev, sk);
4549
4550 goto failed;
4551 }
4552
333ae95d 4553 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 4554 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4555 MGMT_STATUS_BUSY);
eac83dc6
MH		 4556 goto failed;
4557 }
4558
0ab04a9c
MH		 4559 val = !!cp->val;
4560
d7a5a11d
MH		 4561 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4562 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 4563 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4564 goto failed;
4565 }
4566
4567 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4568 if (!cmd) {
4569 err = -ENOMEM;
4570 goto failed;
4571 }
4572
a1443f5a
JH		 4573 hci_req_init(&req, hdev);
4574 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4575 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 4576 if (err < 0) {
4577 mgmt_pending_remove(cmd);
4578 goto failed;
4579 }
4580
4581failed:
4582 hci_dev_unlock(hdev);
4583 return err;
4584}
4585
4e39ac81
MH		 4586static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4587 void *data, u16 len)
4588{
4589 struct mgmt_mode *cp = data;
b9710979 4590 bool changed, use_changed;
4e39ac81
MH		 4591 int err;
4592
4593 BT_DBG("request for %s", hdev->name);
4594
b9710979 4595 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4596 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4597 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 4598
4599 hci_dev_lock(hdev);
4600
4601 if (cp->val)
238be788 4602 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 4603 else
a69d8927
MH		 4604 changed = hci_dev_test_and_clear_flag(hdev,
4605 HCI_KEEP_DEBUG_KEYS);
4e39ac81 4606
b9710979 4607 if (cp->val == 0x02)
238be788
MH		 4608 use_changed = !hci_dev_test_and_set_flag(hdev,
4609 HCI_USE_DEBUG_KEYS);
b9710979 4610 else
a69d8927
MH		 4611 use_changed = hci_dev_test_and_clear_flag(hdev,
4612 HCI_USE_DEBUG_KEYS);
b9710979
JH		 4613
4614 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 4615 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 4616 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4617 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4618 sizeof(mode), &mode);
4619 }
4620
4e39ac81
MH		 4621 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4622 if (err < 0)
4623 goto unlock;
4624
4625 if (changed)
4626 err = new_settings(hdev, sk);
4627
4628unlock:
4629 hci_dev_unlock(hdev);
4630 return err;
4631}
4632
62b04cd1
JH		 4633static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4634 u16 len)
4635{
4636 struct mgmt_cp_set_privacy *cp = cp_data;
4637 bool changed;
4638 int err;
4639
4640 BT_DBG("request for %s", hdev->name);
4641
4642 if (!lmp_le_capable(hdev))
a69e8375
JH		 4643 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4644 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 4645
4646 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 4647 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4648 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 4649
4650 if (hdev_is_powered(hdev))
a69e8375
JH		 4651 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4652 MGMT_STATUS_REJECTED);
62b04cd1
JH		 4653
4654 hci_dev_lock(hdev);
4655
c21c0ea0
JH		 4656 /* If user space supports this command it is also expected to
4657 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4658 */
a1536da2 4659 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 4660
62b04cd1 4661 if (cp->privacy) {
238be788 4662 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 4663 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 4664 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1 4665 } else {
a69d8927 4666 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 4667 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 4668 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 4669 }
4670
4671 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4672 if (err < 0)
4673 goto unlock;
4674
4675 if (changed)
4676 err = new_settings(hdev, sk);
4677
4678unlock:
4679 hci_dev_unlock(hdev);
4680 return err;
4681}
4682
41edf160
JH		 4683static bool irk_is_valid(struct mgmt_irk_info *irk)
4684{
4685 switch (irk->addr.type) {
4686 case BDADDR_LE_PUBLIC:
4687 return true;
4688
4689 case BDADDR_LE_RANDOM:
4690 /* Two most significant bits shall be set */
4691 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4692 return false;
4693 return true;
4694 }
4695
4696 return false;
4697}
4698
4699static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4700 u16 len)
4701{
4702 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4703 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4704 sizeof(struct mgmt_irk_info));
41edf160
JH		 4705 u16 irk_count, expected_len;
4706 int i, err;
4707
4708 BT_DBG("request for %s", hdev->name);
4709
4710 if (!lmp_le_capable(hdev))
a69e8375
JH		 4711 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4712 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 4713
4714 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4715 if (irk_count > max_irk_count) {
4716 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 4717 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4718 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 4719 }
41edf160
JH		 4720
4721 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4722 if (expected_len != len) {
4723 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4724 expected_len, len);
a69e8375
JH		 4725 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4726 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 4727 }
4728
4729 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4730
4731 for (i = 0; i < irk_count; i++) {
4732 struct mgmt_irk_info *key = &cp->irks[i];
4733
4734 if (!irk_is_valid(key))
a69e8375
JH		 4735 return mgmt_cmd_status(sk, hdev->id,
4736 MGMT_OP_LOAD_IRKS,
4737 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 4738 }
4739
4740 hci_dev_lock(hdev);
4741
4742 hci_smp_irks_clear(hdev);
4743
4744 for (i = 0; i < irk_count; i++) {
4745 struct mgmt_irk_info *irk = &cp->irks[i];
41edf160 4746
85813a7e
JH		 4747 hci_add_irk(hdev, &irk->addr.bdaddr,
4748 le_addr_type(irk->addr.type), irk->val,
41edf160
JH		 4749 BDADDR_ANY);
4750 }
4751
a1536da2 4752 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 4753
2a1afb5a 4754 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 4755
4756 hci_dev_unlock(hdev);
4757
4758 return err;
4759}
4760
3f706b72
JH		 4761static bool ltk_is_valid(struct mgmt_ltk_info *key)
4762{
4763 if (key->master != 0x00 && key->master != 0x01)
4764 return false;
490cb0b3
MH		 4765
4766 switch (key->addr.type) {
4767 case BDADDR_LE_PUBLIC:
4768 return true;
4769
4770 case BDADDR_LE_RANDOM:
4771 /* Two most significant bits shall be set */
4772 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4773 return false;
4774 return true;
4775 }
4776
4777 return false;
3f706b72
JH		 4778}
4779
bdb6d971 4780static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4781 void *cp_data, u16 len)
346af67b 4782{
346af67b 4783 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4784 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4785 sizeof(struct mgmt_ltk_info));
346af67b 4786 u16 key_count, expected_len;
715a5bf2 4787 int i, err;
346af67b 4788
cf99ba13
MH		 4789 BT_DBG("request for %s", hdev->name);
4790
4791 if (!lmp_le_capable(hdev))
a69e8375
JH		 4792 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4793 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 4794
1f350c87 4795 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4796 if (key_count > max_key_count) {
4797 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 4798 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4799 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 4800 }
346af67b
VCG		 4801
4802 expected_len = sizeof(*cp) + key_count *
4803 sizeof(struct mgmt_ltk_info);
4804 if (expected_len != len) {
4805 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4806 expected_len, len);
a69e8375
JH		 4807 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4808 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4809 }
4810
bdb6d971 4811 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4812
54ad6d8a
JH		 4813 for (i = 0; i < key_count; i++) {
4814 struct mgmt_ltk_info *key = &cp->keys[i];
4815
3f706b72 4816 if (!ltk_is_valid(key))
a69e8375
JH		 4817 return mgmt_cmd_status(sk, hdev->id,
4818 MGMT_OP_LOAD_LONG_TERM_KEYS,
4819 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 4820 }
4821
346af67b
VCG		 4822 hci_dev_lock(hdev);
4823
4824 hci_smp_ltks_clear(hdev);
4825
4826 for (i = 0; i < key_count; i++) {
4827 struct mgmt_ltk_info *key = &cp->keys[i];
85813a7e 4828 u8 type, authenticated;
346af67b 4829
61b43357
JH		 4830 switch (key->type) {
4831 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4832 authenticated = 0x00;
23fb8de3 4833 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 4834 break;
4835 case MGMT_LTK_AUTHENTICATED:
d7b25450 4836 authenticated = 0x01;
23fb8de3
JH		 4837 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4838 break;
4839 case MGMT_LTK_P256_UNAUTH:
4840 authenticated = 0x00;
4841 type = SMP_LTK_P256;
61b43357 4842 break;
23fb8de3
JH		 4843 case MGMT_LTK_P256_AUTH:
4844 authenticated = 0x01;
4845 type = SMP_LTK_P256;
61b43357 4846 break;
23fb8de3
JH		 4847 case MGMT_LTK_P256_DEBUG:
4848 authenticated = 0x00;
4849 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 4850 default:
4851 continue;
4852 }
d7b25450 4853
85813a7e
JH		 4854 hci_add_ltk(hdev, &key->addr.bdaddr,
4855 le_addr_type(key->addr.type), type, authenticated,
4856 key->val, key->enc_size, key->ediv, key->rand);
346af67b
VCG		 4857 }
4858
2a1afb5a 4859 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 4860 NULL, 0);
4861
346af67b 4862 hci_dev_unlock(hdev);
346af67b 4863
715a5bf2 4864 return err;
346af67b
VCG		 4865}
4866
3b0602cd 4867static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 4868{
dd983808 4869 struct hci_conn *conn = cmd->user_data;
9981bdb0 4870 struct mgmt_rp_get_conn_info rp;
9df74653 4871 int err;
dd983808 4872
9981bdb0 4873 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 4874
9981bdb0 4875 if (status == MGMT_STATUS_SUCCESS) {
dd983808 4876 rp.rssi = conn->rssi;
9981bdb0
JH		 4877 rp.tx_power = conn->tx_power;
4878 rp.max_tx_power = conn->max_tx_power;
4879 } else {
4880 rp.rssi = HCI_RSSI_INVALID;
4881 rp.tx_power = HCI_TX_POWER_INVALID;
4882 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 4883 }
4884
2a1afb5a
JH		 4885 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4886 status, &rp, sizeof(rp));
dd983808
AK		 4887
4888 hci_conn_drop(conn);
f8aaf9b6 4889 hci_conn_put(conn);
9df74653
JH		 4890
4891 return err;
dd983808
AK		 4892}
4893
1904a853
MH		 4894static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
4895 u16 opcode)
dd983808
AK		 4896{
4897 struct hci_cp_read_rssi *cp;
3b0602cd 4898 struct mgmt_pending_cmd *cmd;
dd983808 4899 struct hci_conn *conn;
dd983808 4900 u16 handle;
9981bdb0 4901 u8 status;
dd983808 4902
9981bdb0 4903 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 4904
4905 hci_dev_lock(hdev);
4906
dd983808
AK		 4907 /* Commands sent in request are either Read RSSI or Read Transmit Power
4908 * Level so we check which one was last sent to retrieve connection
4909 * handle. Both commands have handle as first parameter so it's safe to
4910 * cast data on the same command struct.
4911 *
4912 * First command sent is always Read RSSI and we fail only if it fails.
4913 * In other case we simply override error to indicate success as we
4914 * already remembered if TX power value is actually valid.
4915 */
4916 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4917 if (!cp) {
4918 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 4919 status = MGMT_STATUS_SUCCESS;
4920 } else {
4921 status = mgmt_status(hci_status);
dd983808
AK		 4922 }
4923
4924 if (!cp) {
9981bdb0 4925 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 4926 goto unlock;
4927 }
4928
4929 handle = __le16_to_cpu(cp->handle);
4930 conn = hci_conn_hash_lookup_handle(hdev, handle);
4931 if (!conn) {
9981bdb0 4932 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 4933 goto unlock;
4934 }
4935
333ae95d 4936 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
9981bdb0
JH		 4937 if (!cmd)
4938 goto unlock;
dd983808 4939
9981bdb0
JH		 4940 cmd->cmd_complete(cmd, status);
4941 mgmt_pending_remove(cmd);
dd983808
AK		 4942
4943unlock:
4944 hci_dev_unlock(hdev);
4945}
4946
4947static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4948 u16 len)
4949{
4950 struct mgmt_cp_get_conn_info *cp = data;
4951 struct mgmt_rp_get_conn_info rp;
4952 struct hci_conn *conn;
4953 unsigned long conn_info_age;
4954 int err = 0;
4955
4956 BT_DBG("%s", hdev->name);
4957
4958 memset(&rp, 0, sizeof(rp));
4959 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4960 rp.addr.type = cp->addr.type;
4961
4962 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4963 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4964 MGMT_STATUS_INVALID_PARAMS,
4965 &rp, sizeof(rp));
dd983808
AK		 4966
4967 hci_dev_lock(hdev);
4968
4969 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4970 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4971 MGMT_STATUS_NOT_POWERED, &rp,
4972 sizeof(rp));
dd983808
AK		 4973 goto unlock;
4974 }
4975
4976 if (cp->addr.type == BDADDR_BREDR)
4977 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4978 &cp->addr.bdaddr);
4979 else
4980 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4981
4982 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 4983 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4984 MGMT_STATUS_NOT_CONNECTED, &rp,
4985 sizeof(rp));
dd983808
AK		 4986 goto unlock;
4987 }
4988
333ae95d 4989 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 4990 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4991 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 4992 goto unlock;
4993 }
4994
dd983808
AK		 4995 /* To avoid client trying to guess when to poll again for information we
4996 * calculate conn info age as random value between min/max set in hdev.
4997 */
4998 conn_info_age = hdev->conn_info_min_age +
4999 prandom_u32_max(hdev->conn_info_max_age -
5000 hdev->conn_info_min_age);
5001
5002 /* Query controller to refresh cached values if they are too old or were
5003 * never read.
5004 */
f4e2dd53
AK		 5005 if (time_after(jiffies, conn->conn_info_timestamp +
5006 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5007 !conn->conn_info_timestamp) {
5008 struct hci_request req;
5009 struct hci_cp_read_tx_power req_txp_cp;
5010 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5011 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5012
5013 hci_req_init(&req, hdev);
5014 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5015 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5016 &req_rssi_cp);
5017
f7faab0c
AK		 5018 /* For LE links TX power does not change thus we don't need to
5019 * query for it once value is known.
5020 */
5021 if (!bdaddr_type_is_le(cp->addr.type) ||
5022 conn->tx_power == HCI_TX_POWER_INVALID) {
5023 req_txp_cp.handle = cpu_to_le16(conn->handle);
5024 req_txp_cp.type = 0x00;
5025 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5026 sizeof(req_txp_cp), &req_txp_cp);
5027 }
dd983808 5028
eed5daf3
AK		 5029 /* Max TX power needs to be read only once per connection */
5030 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5031 req_txp_cp.handle = cpu_to_le16(conn->handle);
5032 req_txp_cp.type = 0x01;
5033 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5034 sizeof(req_txp_cp), &req_txp_cp);
5035 }
5036
dd983808
AK		 5037 err = hci_req_run(&req, conn_info_refresh_complete);
5038 if (err < 0)
5039 goto unlock;
5040
5041 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5042 data, len);
5043 if (!cmd) {
5044 err = -ENOMEM;
5045 goto unlock;
5046 }
5047
5048 hci_conn_hold(conn);
f8aaf9b6 5049 cmd->user_data = hci_conn_get(conn);
9981bdb0 5050 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5051
5052 conn->conn_info_timestamp = jiffies;
5053 } else {
5054 /* Cache is valid, just reply with values cached in hci_conn */
5055 rp.rssi = conn->rssi;
5056 rp.tx_power = conn->tx_power;
eed5daf3 5057 rp.max_tx_power = conn->max_tx_power;
dd983808 5058
2a1afb5a
JH		 5059 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5060 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5061 }
5062
5063unlock:
5064 hci_dev_unlock(hdev);
5065 return err;
5066}
5067
3b0602cd 5068static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5069{
69487371 5070 struct hci_conn *conn = cmd->user_data;
95868426 5071 struct mgmt_rp_get_clock_info rp;
69487371 5072 struct hci_dev *hdev;
9df74653 5073 int err;
69487371
JH		 5074
5075 memset(&rp, 0, sizeof(rp));
5076 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5077
5078 if (status)
5079 goto complete;
5080
5081 hdev = hci_dev_get(cmd->index);
5082 if (hdev) {
5083 rp.local_clock = cpu_to_le32(hdev->clock);
5084 hci_dev_put(hdev);
5085 }
5086
5087 if (conn) {
5088 rp.piconet_clock = cpu_to_le32(conn->clock);
5089 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5090 }
5091
5092complete:
2a1afb5a
JH		 5093 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5094 sizeof(rp));
69487371
JH		 5095
5096 if (conn) {
5097 hci_conn_drop(conn);
5098 hci_conn_put(conn);
5099 }
9df74653
JH		 5100
5101 return err;
69487371
JH		 5102}
5103
1904a853 5104static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5105{
95868426 5106 struct hci_cp_read_clock *hci_cp;
3b0602cd 5107 struct mgmt_pending_cmd *cmd;
95868426
JH		 5108 struct hci_conn *conn;
5109
5110 BT_DBG("%s status %u", hdev->name, status);
5111
5112 hci_dev_lock(hdev);
5113
5114 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5115 if (!hci_cp)
5116 goto unlock;
5117
5118 if (hci_cp->which) {
5119 u16 handle = __le16_to_cpu(hci_cp->handle);
5120 conn = hci_conn_hash_lookup_handle(hdev, handle);
5121 } else {
5122 conn = NULL;
5123 }
5124
333ae95d 5125 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
95868426
JH		 5126 if (!cmd)
5127 goto unlock;
5128
69487371 5129 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5130 mgmt_pending_remove(cmd);
95868426
JH		 5131
5132unlock:
5133 hci_dev_unlock(hdev);
5134}
5135
5136static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5137 u16 len)
5138{
5139 struct mgmt_cp_get_clock_info *cp = data;
5140 struct mgmt_rp_get_clock_info rp;
5141 struct hci_cp_read_clock hci_cp;
3b0602cd 5142 struct mgmt_pending_cmd *cmd;
95868426
JH		 5143 struct hci_request req;
5144 struct hci_conn *conn;
5145 int err;
5146
5147 BT_DBG("%s", hdev->name);
5148
5149 memset(&rp, 0, sizeof(rp));
5150 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5151 rp.addr.type = cp->addr.type;
5152
5153 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5154 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5155 MGMT_STATUS_INVALID_PARAMS,
5156 &rp, sizeof(rp));
95868426
JH		 5157
5158 hci_dev_lock(hdev);
5159
5160 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5161 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5162 MGMT_STATUS_NOT_POWERED, &rp,
5163 sizeof(rp));
95868426
JH		 5164 goto unlock;
5165 }
5166
5167 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5168 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5169 &cp->addr.bdaddr);
5170 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5171 err = mgmt_cmd_complete(sk, hdev->id,
5172 MGMT_OP_GET_CLOCK_INFO,
5173 MGMT_STATUS_NOT_CONNECTED,
5174 &rp, sizeof(rp));
95868426
JH		 5175 goto unlock;
5176 }
5177 } else {
5178 conn = NULL;
5179 }
5180
5181 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5182 if (!cmd) {
5183 err = -ENOMEM;
5184 goto unlock;
5185 }
5186
69487371
JH		 5187 cmd->cmd_complete = clock_info_cmd_complete;
5188
95868426
JH		 5189 hci_req_init(&req, hdev);
5190
5191 memset(&hci_cp, 0, sizeof(hci_cp));
5192 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5193
5194 if (conn) {
5195 hci_conn_hold(conn);
f8aaf9b6 5196 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5197
5198 hci_cp.handle = cpu_to_le16(conn->handle);
5199 hci_cp.which = 0x01; /* Piconet clock */
5200 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5201 }
5202
5203 err = hci_req_run(&req, get_clock_info_complete);
5204 if (err < 0)
5205 mgmt_pending_remove(cmd);
5206
5207unlock:
5208 hci_dev_unlock(hdev);
5209 return err;
5210}
5211
5a154e6f
JH		 5212static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5213{
5214 struct hci_conn *conn;
5215
5216 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5217 if (!conn)
5218 return false;
5219
5220 if (conn->dst_type != type)
5221 return false;
5222
5223 if (conn->state != BT_CONNECTED)
5224 return false;
5225
5226 return true;
5227}
5228
5229/* This function requires the caller holds hdev->lock */
51d7a94d 5230static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5a154e6f
JH		 5231 u8 addr_type, u8 auto_connect)
5232{
5a154e6f
JH		 5233 struct hci_conn_params *params;
5234
5235 params = hci_conn_params_add(hdev, addr, addr_type);
5236 if (!params)
5237 return -EIO;
5238
5239 if (params->auto_connect == auto_connect)
5240 return 0;
5241
5242 list_del_init(&params->action);
5243
5244 switch (auto_connect) {
5245 case HCI_AUTO_CONN_DISABLED:
5246 case HCI_AUTO_CONN_LINK_LOSS:
28a667c9
JP		 5247 /* If auto connect is being disabled when we're trying to
5248 * connect to device, keep connecting.
5249 */
5250 if (params->explicit_connect)
5251 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5252 break;
5253 case HCI_AUTO_CONN_REPORT:
49c50922
JH		 5254 if (params->explicit_connect)
5255 list_add(&params->action, &hdev->pend_le_conns);
5256 else
5257 list_add(&params->action, &hdev->pend_le_reports);
5a154e6f
JH		 5258 break;
5259 case HCI_AUTO_CONN_DIRECT:
5260 case HCI_AUTO_CONN_ALWAYS:
51d7a94d 5261 if (!is_connected(hdev, addr, addr_type))
5a154e6f 5262 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5263 break;
5264 }
5265
5266 params->auto_connect = auto_connect;
5267
5268 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5269 auto_connect);
5270
5271 return 0;
5272}
5273
8afef092
MH		 5274static void device_added(struct sock *sk, struct hci_dev *hdev,
5275 bdaddr_t *bdaddr, u8 type, u8 action)
5276{
5277 struct mgmt_ev_device_added ev;
5278
5279 bacpy(&ev.addr.bdaddr, bdaddr);
5280 ev.addr.type = type;
5281 ev.action = action;
5282
5283 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5284}
5285
2faade53
MH		 5286static int add_device(struct sock *sk, struct hci_dev *hdev,
5287 void *data, u16 len)
5288{
5289 struct mgmt_cp_add_device *cp = data;
5290 u8 auto_conn, addr_type;
5291 int err;
5292
5293 BT_DBG("%s", hdev->name);
5294
6659358e 5295 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5296 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5297 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5298 MGMT_STATUS_INVALID_PARAMS,
5299 &cp->addr, sizeof(cp->addr));
2faade53 5300
4b9e7e75 5301 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5302 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5303 MGMT_STATUS_INVALID_PARAMS,
5304 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5305
5306 hci_dev_lock(hdev);
5307
6659358e 5308 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5309 /* Only incoming connections action is supported for now */
6659358e 5310 if (cp->action != 0x01) {
51d7a94d
JH		 5311 err = mgmt_cmd_complete(sk, hdev->id,
5312 MGMT_OP_ADD_DEVICE,
5313 MGMT_STATUS_INVALID_PARAMS,
5314 &cp->addr, sizeof(cp->addr));
6659358e
JH		 5315 goto unlock;
5316 }
5317
5318 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5319 cp->addr.type);
5320 if (err)
5321 goto unlock;
a397407f 5322
01b1cb87 5323 hci_req_update_scan(hdev);
a397407f 5324
6659358e
JH		 5325 goto added;
5326 }
5327
85813a7e 5328 addr_type = le_addr_type(cp->addr.type);
2faade53 5329
4b9e7e75 5330 if (cp->action == 0x02)
2faade53 5331 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5332 else if (cp->action == 0x01)
5333 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5334 else
a3451d27 5335 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5336
9a0a8a8e
JP		 5337 /* Kernel internally uses conn_params with resolvable private
5338 * address, but Add Device allows only identity addresses.
5339 * Make sure it is enforced before calling
5340 * hci_conn_params_lookup.
5341 */
5342 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5343 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5344 MGMT_STATUS_INVALID_PARAMS,
5345 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5346 goto unlock;
5347 }
5348
bf5b3c8b
MH		 5349 /* If the connection parameters don't exist for this device,
5350 * they will be created and configured with defaults.
5351 */
51d7a94d 5352 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
d06b50ce 5353 auto_conn) < 0) {
51d7a94d
JH		 5354 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5355 MGMT_STATUS_FAILED, &cp->addr,
5356 sizeof(cp->addr));
2faade53
MH		 5357 goto unlock;
5358 }
5359
51d7a94d
JH		 5360 hci_update_background_scan(hdev);
5361
6659358e 5362added:
8afef092
MH		 5363 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5364
51d7a94d
JH		 5365 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5366 MGMT_STATUS_SUCCESS, &cp->addr,
5367 sizeof(cp->addr));
2faade53
MH		 5368
5369unlock:
5370 hci_dev_unlock(hdev);
5371 return err;
5372}
5373
8afef092
MH		 5374static void device_removed(struct sock *sk, struct hci_dev *hdev,
5375 bdaddr_t *bdaddr, u8 type)
5376{
5377 struct mgmt_ev_device_removed ev;
5378
5379 bacpy(&ev.addr.bdaddr, bdaddr);
5380 ev.addr.type = type;
5381
5382 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5383}
5384
2faade53
MH		 5385static int remove_device(struct sock *sk, struct hci_dev *hdev,
5386 void *data, u16 len)
5387{
5388 struct mgmt_cp_remove_device *cp = data;
5389 int err;
5390
5391 BT_DBG("%s", hdev->name);
5392
5393 hci_dev_lock(hdev);
5394
5395 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5396 struct hci_conn_params *params;
2faade53
MH		 5397 u8 addr_type;
5398
6659358e 5399 if (!bdaddr_type_is_valid(cp->addr.type)) {
51d7a94d
JH		 5400 err = mgmt_cmd_complete(sk, hdev->id,
5401 MGMT_OP_REMOVE_DEVICE,
5402 MGMT_STATUS_INVALID_PARAMS,
5403 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5404 goto unlock;
5405 }
5406
6659358e
JH		 5407 if (cp->addr.type == BDADDR_BREDR) {
5408 err = hci_bdaddr_list_del(&hdev->whitelist,
5409 &cp->addr.bdaddr,
5410 cp->addr.type);
5411 if (err) {
51d7a94d
JH		 5412 err = mgmt_cmd_complete(sk, hdev->id,
5413 MGMT_OP_REMOVE_DEVICE,
5414 MGMT_STATUS_INVALID_PARAMS,
5415 &cp->addr,
5416 sizeof(cp->addr));
6659358e
JH		 5417 goto unlock;
5418 }
5419
01b1cb87 5420 hci_req_update_scan(hdev);
a397407f 5421
6659358e
JH		 5422 device_removed(sk, hdev, &cp->addr.bdaddr,
5423 cp->addr.type);
5424 goto complete;
5425 }
5426
85813a7e 5427 addr_type = le_addr_type(cp->addr.type);
2faade53 5428
9a0a8a8e
JP		 5429 /* Kernel internally uses conn_params with resolvable private
5430 * address, but Remove Device allows only identity addresses.
5431 * Make sure it is enforced before calling
5432 * hci_conn_params_lookup.
5433 */
5434 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5435 err = mgmt_cmd_complete(sk, hdev->id,
5436 MGMT_OP_REMOVE_DEVICE,
5437 MGMT_STATUS_INVALID_PARAMS,
5438 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5439 goto unlock;
5440 }
5441
c71593dd
JH		 5442 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5443 addr_type);
5444 if (!params) {
51d7a94d
JH		 5445 err = mgmt_cmd_complete(sk, hdev->id,
5446 MGMT_OP_REMOVE_DEVICE,
5447 MGMT_STATUS_INVALID_PARAMS,
5448 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 5449 goto unlock;
5450 }
5451
679d2b6f
JH		 5452 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5453 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
51d7a94d
JH		 5454 err = mgmt_cmd_complete(sk, hdev->id,
5455 MGMT_OP_REMOVE_DEVICE,
5456 MGMT_STATUS_INVALID_PARAMS,
5457 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 5458 goto unlock;
5459 }
5460
d1dbf12e 5461 list_del(&params->action);
c71593dd
JH		 5462 list_del(&params->list);
5463 kfree(params);
51d7a94d 5464 hci_update_background_scan(hdev);
8afef092
MH		 5465
5466 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5467 } else {
19de0825 5468 struct hci_conn_params *p, *tmp;
6659358e 5469 struct bdaddr_list *b, *btmp;
19de0825 5470
2faade53 5471 if (cp->addr.type) {
51d7a94d
JH		 5472 err = mgmt_cmd_complete(sk, hdev->id,
5473 MGMT_OP_REMOVE_DEVICE,
5474 MGMT_STATUS_INVALID_PARAMS,
5475 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5476 goto unlock;
5477 }
5478
6659358e
JH		 5479 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5480 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5481 list_del(&b->list);
5482 kfree(b);
5483 }
5484
01b1cb87 5485 hci_req_update_scan(hdev);
a397407f 5486
19de0825
JH		 5487 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5488 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5489 continue;
5490 device_removed(sk, hdev, &p->addr, p->addr_type);
679d2b6f
JH		 5491 if (p->explicit_connect) {
5492 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5493 continue;
5494 }
19de0825
JH		 5495 list_del(&p->action);
5496 list_del(&p->list);
5497 kfree(p);
5498 }
5499
5500 BT_DBG("All LE connection parameters were removed");
5501
51d7a94d 5502 hci_update_background_scan(hdev);
2faade53
MH		 5503 }
5504
6659358e 5505complete:
51d7a94d
JH		 5506 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5507 MGMT_STATUS_SUCCESS, &cp->addr,
5508 sizeof(cp->addr));
2faade53
MH		 5509unlock:
5510 hci_dev_unlock(hdev);
5511 return err;
5512}
5513
a26f3dcf
JH		 5514static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5515 u16 len)
5516{
5517 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5518 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5519 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5520 u16 param_count, expected_len;
5521 int i;
5522
5523 if (!lmp_le_capable(hdev))
a69e8375
JH		 5524 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5525 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 5526
5527 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5528 if (param_count > max_param_count) {
5529 BT_ERR("load_conn_param: too big param_count value %u",
5530 param_count);
a69e8375
JH		 5531 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5532 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5533 }
a26f3dcf
JH		 5534
5535 expected_len = sizeof(*cp) + param_count *
5536 sizeof(struct mgmt_conn_param);
5537 if (expected_len != len) {
5538 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5539 expected_len, len);
a69e8375
JH		 5540 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5541 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 5542 }
5543
5544 BT_DBG("%s param_count %u", hdev->name, param_count);
5545
5546 hci_dev_lock(hdev);
5547
5548 hci_conn_params_clear_disabled(hdev);
5549
5550 for (i = 0; i < param_count; i++) {
5551 struct mgmt_conn_param *param = &cp->params[i];
5552 struct hci_conn_params *hci_param;
5553 u16 min, max, latency, timeout;
5554 u8 addr_type;
5555
5556 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5557 param->addr.type);
5558
5559 if (param->addr.type == BDADDR_LE_PUBLIC) {
5560 addr_type = ADDR_LE_DEV_PUBLIC;
5561 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5562 addr_type = ADDR_LE_DEV_RANDOM;
5563 } else {
5564 BT_ERR("Ignoring invalid connection parameters");
5565 continue;
5566 }
5567
5568 min = le16_to_cpu(param->min_interval);
5569 max = le16_to_cpu(param->max_interval);
5570 latency = le16_to_cpu(param->latency);
5571 timeout = le16_to_cpu(param->timeout);
5572
5573 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5574 min, max, latency, timeout);
5575
5576 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5577 BT_ERR("Ignoring invalid connection parameters");
5578 continue;
5579 }
5580
5581 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5582 addr_type);
5583 if (!hci_param) {
5584 BT_ERR("Failed to add connection parameters");
5585 continue;
5586 }
5587
5588 hci_param->conn_min_interval = min;
5589 hci_param->conn_max_interval = max;
5590 hci_param->conn_latency = latency;
5591 hci_param->supervision_timeout = timeout;
5592 }
5593
5594 hci_dev_unlock(hdev);
5595
2a1afb5a
JH		 5596 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5597 NULL, 0);
a26f3dcf
JH		 5598}
5599
dbece37a
MH		 5600static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5601 void *data, u16 len)
5602{
5603 struct mgmt_cp_set_external_config *cp = data;
5604 bool changed;
5605 int err;
5606
5607 BT_DBG("%s", hdev->name);
5608
5609 if (hdev_is_powered(hdev))
a69e8375
JH		 5610 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5611 MGMT_STATUS_REJECTED);
dbece37a
MH		 5612
5613 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 5614 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5615 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 5616
5617 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 5618 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5619 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 5620
5621 hci_dev_lock(hdev);
5622
5623 if (cp->config)
238be788 5624 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 5625 else
a69d8927 5626 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 5627
5628 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5629 if (err < 0)
5630 goto unlock;
5631
5632 if (!changed)
5633 goto unlock;
5634
f4537c04
MH		 5635 err = new_options(hdev, sk);
5636
d7a5a11d 5637 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 5638 mgmt_index_removed(hdev);
d603b76b 5639
516018a9 5640 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 5641 hci_dev_set_flag(hdev, HCI_CONFIG);
5642 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 5643
5644 queue_work(hdev->req_workqueue, &hdev->power_on);
5645 } else {
5ea234d3 5646 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5647 mgmt_index_added(hdev);
5648 }
dbece37a
MH		 5649 }
5650
5651unlock:
5652 hci_dev_unlock(hdev);
5653 return err;
5654}
5655
9713c17b
MH		 5656static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5657 void *data, u16 len)
5658{
5659 struct mgmt_cp_set_public_address *cp = data;
5660 bool changed;
5661 int err;
5662
5663 BT_DBG("%s", hdev->name);
5664
5665 if (hdev_is_powered(hdev))
a69e8375
JH		 5666 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5667 MGMT_STATUS_REJECTED);
9713c17b
MH		 5668
5669 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 5670 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5671 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 5672
5673 if (!hdev->set_bdaddr)
a69e8375
JH		 5674 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5675 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 5676
5677 hci_dev_lock(hdev);
5678
5679 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5680 bacpy(&hdev->public_addr, &cp->bdaddr);
5681
5682 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5683 if (err < 0)
5684 goto unlock;
5685
5686 if (!changed)
5687 goto unlock;
5688
d7a5a11d 5689 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 5690 err = new_options(hdev, sk);
5691
5692 if (is_configured(hdev)) {
5693 mgmt_index_removed(hdev);
5694
a358dc11 5695 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 5696
a1536da2
MH		 5697 hci_dev_set_flag(hdev, HCI_CONFIG);
5698 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 5699
5700 queue_work(hdev->req_workqueue, &hdev->power_on);
5701 }
5702
5703unlock:
5704 hci_dev_unlock(hdev);
5705 return err;
5706}
5707
bea41609
MH		 5708static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5709 u8 data_len)
5710{
5711 eir[eir_len++] = sizeof(type) + data_len;
5712 eir[eir_len++] = type;
5713 memcpy(&eir[eir_len], data, data_len);
5714 eir_len += data_len;
5715
5716 return eir_len;
5717}
5718
40f66c05
JH		 5719static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
5720 u16 opcode, struct sk_buff *skb)
5721{
5722 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
5723 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
5724 u8 *h192, *r192, *h256, *r256;
5725 struct mgmt_pending_cmd *cmd;
5726 u16 eir_len;
5727 int err;
5728
5729 BT_DBG("%s status %u", hdev->name, status);
5730
5731 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
5732 if (!cmd)
5733 return;
5734
5735 mgmt_cp = cmd->param;
5736
5737 if (status) {
5738 status = mgmt_status(status);
5739 eir_len = 0;
5740
5741 h192 = NULL;
5742 r192 = NULL;
5743 h256 = NULL;
5744 r256 = NULL;
5745 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
5746 struct hci_rp_read_local_oob_data *rp;
5747
5748 if (skb->len != sizeof(*rp)) {
5749 status = MGMT_STATUS_FAILED;
5750 eir_len = 0;
5751 } else {
5752 status = MGMT_STATUS_SUCCESS;
5753 rp = (void *)skb->data;
5754
5755 eir_len = 5 + 18 + 18;
5756 h192 = rp->hash;
5757 r192 = rp->rand;
5758 h256 = NULL;
5759 r256 = NULL;
5760 }
5761 } else {
5762 struct hci_rp_read_local_oob_ext_data *rp;
5763
5764 if (skb->len != sizeof(*rp)) {
5765 status = MGMT_STATUS_FAILED;
5766 eir_len = 0;
5767 } else {
5768 status = MGMT_STATUS_SUCCESS;
5769 rp = (void *)skb->data;
5770
5771 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5772 eir_len = 5 + 18 + 18;
5773 h192 = NULL;
5774 r192 = NULL;
5775 } else {
5776 eir_len = 5 + 18 + 18 + 18 + 18;
5777 h192 = rp->hash192;
5778 r192 = rp->rand192;
5779 }
5780
5781 h256 = rp->hash256;
5782 r256 = rp->rand256;
5783 }
5784 }
5785
5786 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
5787 if (!mgmt_rp)
5788 goto done;
5789
5790 if (status)
5791 goto send_rsp;
5792
5793 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
5794 hdev->dev_class, 3);
5795
5796 if (h192 && r192) {
5797 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5798 EIR_SSP_HASH_C192, h192, 16);
5799 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5800 EIR_SSP_RAND_R192, r192, 16);
5801 }
5802
5803 if (h256 && r256) {
5804 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5805 EIR_SSP_HASH_C256, h256, 16);
5806 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5807 EIR_SSP_RAND_R256, r256, 16);
5808 }
5809
5810send_rsp:
5811 mgmt_rp->type = mgmt_cp->type;
5812 mgmt_rp->eir_len = cpu_to_le16(eir_len);
5813
5814 err = mgmt_cmd_complete(cmd->sk, hdev->id,
5815 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
5816 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
5817 if (err < 0 || status)
5818 goto done;
5819
5820 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
5821
5822 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5823 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
5824 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
5825done:
5826 kfree(mgmt_rp);
5827 mgmt_pending_remove(cmd);
5828}
5829
5830static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
5831 struct mgmt_cp_read_local_oob_ext_data *cp)
5832{
5833 struct mgmt_pending_cmd *cmd;
5834 struct hci_request req;
5835 int err;
5836
5837 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
5838 cp, sizeof(*cp));
5839 if (!cmd)
5840 return -ENOMEM;
5841
5842 hci_req_init(&req, hdev);
5843
5844 if (bredr_sc_enabled(hdev))
5845 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
5846 else
5847 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
5848
5849 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
5850 if (err < 0) {
5851 mgmt_pending_remove(cmd);
5852 return err;
5853 }
5854
5855 return 0;
5856}
5857
4f0f155c
MH		 5858static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
5859 void *data, u16 data_len)
5860{
5861 struct mgmt_cp_read_local_oob_ext_data *cp = data;
5862 struct mgmt_rp_read_local_oob_ext_data *rp;
5863 size_t rp_len;
5864 u16 eir_len;
0821a2c5 5865 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 5866 int err;
5867
5868 BT_DBG("%s", hdev->name);
5869
57b0d3e8
MH		 5870 if (hdev_is_powered(hdev)) {
5871 switch (cp->type) {
5872 case BIT(BDADDR_BREDR):
5873 status = mgmt_bredr_support(hdev);
5874 if (status)
5875 eir_len = 0;
5876 else
5877 eir_len = 5;
5878 break;
5879 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5880 status = mgmt_le_support(hdev);
5881 if (status)
5882 eir_len = 0;
5883 else
5884 eir_len = 9 + 3 + 18 + 18 + 3;
5885 break;
5886 default:
5887 status = MGMT_STATUS_INVALID_PARAMS;
5888 eir_len = 0;
5889 break;
5890 }
5891 } else {
5892 status = MGMT_STATUS_NOT_POWERED;
5893 eir_len = 0;
4f0f155c
MH		 5894 }
5895
4f0f155c
MH		 5896 rp_len = sizeof(*rp) + eir_len;
5897 rp = kmalloc(rp_len, GFP_ATOMIC);
efcd8c98 5898 if (!rp)
4f0f155c 5899 return -ENOMEM;
efcd8c98 5900
57b0d3e8
MH		 5901 if (status)
5902 goto complete;
5903
efcd8c98 5904 hci_dev_lock(hdev);
4f0f155c
MH		 5905
5906 eir_len = 0;
5907 switch (cp->type) {
5908 case BIT(BDADDR_BREDR):
40f66c05
JH		 5909 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5910 err = read_local_ssp_oob_req(hdev, sk, cp);
5911 hci_dev_unlock(hdev);
5912 if (!err)
5913 goto done;
5914
5915 status = MGMT_STATUS_FAILED;
5916 goto complete;
5917 } else {
5918 eir_len = eir_append_data(rp->eir, eir_len,
5919 EIR_CLASS_OF_DEV,
5920 hdev->dev_class, 3);
5921 }
4f0f155c
MH		 5922 break;
5923 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 5924 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5925 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5 5926 hci_dev_unlock(hdev);
57b0d3e8
MH		 5927 status = MGMT_STATUS_FAILED;
5928 goto complete;
0821a2c5
MH		 5929 }
5930
e213568a
MH		 5931 /* This should return the active RPA, but since the RPA
5932 * is only programmed on demand, it is really hard to fill
5933 * this in at the moment. For now disallow retrieving
5934 * local out-of-band data when privacy is in use.
5935 *
5936 * Returning the identity address will not help here since
5937 * pairing happens before the identity resolving key is
5938 * known and thus the connection establishment happens
5939 * based on the RPA and not the identity address.
5940 */
4f0f155c 5941 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
e213568a
MH		 5942 hci_dev_unlock(hdev);
5943 status = MGMT_STATUS_REJECTED;
5944 goto complete;
5945 }
5946
5947 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
5948 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
5949 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5950 bacmp(&hdev->static_addr, BDADDR_ANY))) {
4f0f155c
MH		 5951 memcpy(addr, &hdev->static_addr, 6);
5952 addr[6] = 0x01;
5953 } else {
5954 memcpy(addr, &hdev->bdaddr, 6);
5955 addr[6] = 0x00;
5956 }
5957
5958 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
5959 addr, sizeof(addr));
5960
5961 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
5962 role = 0x02;
5963 else
5964 role = 0x01;
5965
5966 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
5967 &role, sizeof(role));
5968
5082a599
MH		 5969 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
5970 eir_len = eir_append_data(rp->eir, eir_len,
5971 EIR_LE_SC_CONFIRM,
5972 hash, sizeof(hash));
0821a2c5 5973
5082a599
MH		 5974 eir_len = eir_append_data(rp->eir, eir_len,
5975 EIR_LE_SC_RANDOM,
5976 rand, sizeof(rand));
5977 }
0821a2c5 5978
f2252570 5979 flags = mgmt_get_adv_discov_flags(hdev);
4f0f155c
MH		 5980
5981 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
5982 flags |= LE_AD_NO_BREDR;
5983
5984 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
5985 &flags, sizeof(flags));
5986 break;
5987 }
5988
4f0f155c
MH		 5989 hci_dev_unlock(hdev);
5990
72000df2
MH		 5991 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
5992
57b0d3e8
MH		 5993 status = MGMT_STATUS_SUCCESS;
5994
5995complete:
efcd8c98
MH		 5996 rp->type = cp->type;
5997 rp->eir_len = cpu_to_le16(eir_len);
5998
4f0f155c 5999 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
57b0d3e8
MH		 6000 status, rp, sizeof(*rp) + eir_len);
6001 if (err < 0 || status)
72000df2
MH		 6002 goto done;
6003
6004 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6005 rp, sizeof(*rp) + eir_len,
6006 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 6007
0821a2c5 6008done:
4f0f155c
MH		 6009 kfree(rp);
6010
6011 return err;
6012}
6013
089fa8c0
AU		 6014static u32 get_supported_adv_flags(struct hci_dev *hdev)
6015{
6016 u32 flags = 0;
6017
6018 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6019 flags |= MGMT_ADV_FLAG_DISCOV;
6020 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6021 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6022
6023 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
6024 flags |= MGMT_ADV_FLAG_TX_POWER;
6025
6026 return flags;
6027}
6028
d3d5305b
MH		 6029static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6030 void *data, u16 data_len)
6031{
6032 struct mgmt_rp_read_adv_features *rp;
6033 size_t rp_len;
286e0c83 6034 int err, i;
24b4f38f 6035 bool instance;
286e0c83 6036 struct adv_info *adv_instance;
089fa8c0 6037 u32 supported_flags;
d3d5305b
MH		 6038
6039 BT_DBG("%s", hdev->name);
6040
089fa8c0
AU		 6041 if (!lmp_le_capable(hdev))
6042 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6043 MGMT_STATUS_REJECTED);
6044
d3d5305b
MH		 6045 hci_dev_lock(hdev);
6046
6047 rp_len = sizeof(*rp);
24b4f38f 6048
24b4f38f
AU		 6049 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
6050 if (instance)
286e0c83 6051 rp_len += hdev->adv_instance_cnt;
24b4f38f 6052
d3d5305b
MH		 6053 rp = kmalloc(rp_len, GFP_ATOMIC);
6054 if (!rp) {
6055 hci_dev_unlock(hdev);
6056 return -ENOMEM;
6057 }
6058
089fa8c0
AU		 6059 supported_flags = get_supported_adv_flags(hdev);
6060
6061 rp->supported_flags = cpu_to_le32(supported_flags);
dc5d82a9
MH		 6062 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6063 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
d2609b34 6064 rp->max_instances = HCI_MAX_ADV_INSTANCES;
24b4f38f 6065
24b4f38f 6066 if (instance) {
286e0c83
FG		 6067 i = 0;
6068 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6069 if (i >= hdev->adv_instance_cnt)
6070 break;
6071
6072 rp->instance[i] = adv_instance->instance;
6073 i++;
6074 }
6075 rp->num_instances = hdev->adv_instance_cnt;
24b4f38f
AU		 6076 } else {
6077 rp->num_instances = 0;
6078 }
d3d5305b
MH		 6079
6080 hci_dev_unlock(hdev);
6081
6082 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6083 MGMT_STATUS_SUCCESS, rp, rp_len);
6084
6085 kfree(rp);
6086
6087 return err;
6088}
6089
4117ed70 6090static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
b44133ff 6091 u8 len, bool is_adv_data)
24b4f38f 6092{
4117ed70 6093 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f 6094 int i, cur_len;
b44133ff 6095 bool flags_managed = false;
5507e358 6096 bool tx_power_managed = false;
24b4f38f 6097
31a3248d
MH		 6098 if (is_adv_data) {
6099 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6100 MGMT_ADV_FLAG_LIMITED_DISCOV |
6101 MGMT_ADV_FLAG_MANAGED_FLAGS)) {
6102 flags_managed = true;
6103 max_len -= 3;
6104 }
24b4f38f 6105
31a3248d
MH		 6106 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) {
6107 tx_power_managed = true;
6108 max_len -= 3;
6109 }
5507e358
AU		 6110 }
6111
4117ed70 6112 if (len > max_len)
24b4f38f
AU		 6113 return false;
6114
4117ed70
AU		 6115 /* Make sure that the data is correctly formatted. */
6116 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6117 cur_len = data[i];
24b4f38f 6118
b44133ff
AU		 6119 if (flags_managed && data[i + 1] == EIR_FLAGS)
6120 return false;
6121
5507e358
AU		 6122 if (tx_power_managed && data[i + 1] == EIR_TX_POWER)
6123 return false;
6124
24b4f38f
AU		 6125 /* If the current field length would exceed the total data
6126 * length, then it's invalid.
6127 */
4117ed70 6128 if (i + cur_len >= len)
24b4f38f
AU		 6129 return false;
6130 }
6131
6132 return true;
6133}
6134
24b4f38f
AU		 6135static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6136 u16 opcode)
6137{
6138 struct mgmt_pending_cmd *cmd;
fffd38bc 6139 struct mgmt_cp_add_advertising *cp;
24b4f38f 6140 struct mgmt_rp_add_advertising rp;
fffd38bc
FG		 6141 struct adv_info *adv_instance, *n;
6142 u8 instance;
24b4f38f
AU		 6143
6144 BT_DBG("status %d", status);
6145
6146 hci_dev_lock(hdev);
6147
6148 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6149
fffd38bc 6150 if (status)
24b4f38f 6151 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
fffd38bc
FG		 6152
6153 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6154 if (!adv_instance->pending)
6155 continue;
6156
6157 if (!status) {
6158 adv_instance->pending = false;
6159 continue;
6160 }
6161
6162 instance = adv_instance->instance;
6163
6164 if (hdev->cur_adv_instance == instance)
6165 cancel_adv_timeout(hdev);
6166
6167 hci_remove_adv_instance(hdev, instance);
f2252570 6168 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
24b4f38f
AU		 6169 }
6170
6171 if (!cmd)
6172 goto unlock;
6173
fffd38bc
FG		 6174 cp = cmd->param;
6175 rp.instance = cp->instance;
24b4f38f
AU		 6176
6177 if (status)
6178 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6179 mgmt_status(status));
6180 else
6181 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6182 mgmt_status(status), &rp, sizeof(rp));
6183
6184 mgmt_pending_remove(cmd);
6185
6186unlock:
6187 hci_dev_unlock(hdev);
6188}
6189
6190static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6191 void *data, u16 data_len)
6192{
6193 struct mgmt_cp_add_advertising *cp = data;
6194 struct mgmt_rp_add_advertising rp;
6195 u32 flags;
089fa8c0 6196 u32 supported_flags;
24b4f38f 6197 u8 status;
fffd38bc
FG		 6198 u16 timeout, duration;
6199 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6200 u8 schedule_instance = 0;
6201 struct adv_info *next_instance;
24b4f38f
AU		 6202 int err;
6203 struct mgmt_pending_cmd *cmd;
6204 struct hci_request req;
6205
6206 BT_DBG("%s", hdev->name);
6207
6208 status = mgmt_le_support(hdev);
6209 if (status)
6210 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6211 status);
6212
ceff86af
MH		 6213 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6214 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6215 MGMT_STATUS_INVALID_PARAMS);
6216
24b4f38f 6217 flags = __le32_to_cpu(cp->flags);
912098a6 6218 timeout = __le16_to_cpu(cp->timeout);
fffd38bc 6219 duration = __le16_to_cpu(cp->duration);
24b4f38f 6220
fffd38bc
FG		 6221 /* The current implementation only supports a subset of the specified
6222 * flags.
089fa8c0
AU		 6223 */
6224 supported_flags = get_supported_adv_flags(hdev);
fffd38bc 6225 if (flags & ~supported_flags)
24b4f38f
AU		 6226 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6227 MGMT_STATUS_INVALID_PARAMS);
6228
6229 hci_dev_lock(hdev);
6230
912098a6
AU		 6231 if (timeout && !hdev_is_powered(hdev)) {
6232 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6233 MGMT_STATUS_REJECTED);
6234 goto unlock;
6235 }
6236
24b4f38f 6237 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
da929335 6238 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
24b4f38f
AU		 6239 pending_find(MGMT_OP_SET_LE, hdev)) {
6240 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6241 MGMT_STATUS_BUSY);
6242 goto unlock;
6243 }
6244
b44133ff 6245 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
4117ed70 6246 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
b44133ff 6247 cp->scan_rsp_len, false)) {
24b4f38f
AU		 6248 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6249 MGMT_STATUS_INVALID_PARAMS);
6250 goto unlock;
6251 }
6252
fffd38bc
FG		 6253 err = hci_add_adv_instance(hdev, cp->instance, flags,
6254 cp->adv_data_len, cp->data,
6255 cp->scan_rsp_len,
6256 cp->data + cp->adv_data_len,
6257 timeout, duration);
6258 if (err < 0) {
6259 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6260 MGMT_STATUS_FAILED);
6261 goto unlock;
6262 }
24b4f38f 6263
fffd38bc
FG		 6264 /* Only trigger an advertising added event if a new instance was
6265 * actually added.
6266 */
6267 if (hdev->adv_instance_cnt > prev_instance_cnt)
f2252570 6268 mgmt_advertising_added(sk, hdev, cp->instance);
912098a6 6269
fffd38bc 6270 hci_dev_set_flag(hdev, HCI_ADVERTISING_INSTANCE);
912098a6 6271
fffd38bc
FG		 6272 if (hdev->cur_adv_instance == cp->instance) {
6273 /* If the currently advertised instance is being changed then
6274 * cancel the current advertising and schedule the next
6275 * instance. If there is only one instance then the overridden
6276 * advertising data will be visible right away.
6277 */
6278 cancel_adv_timeout(hdev);
912098a6 6279
fffd38bc
FG		 6280 next_instance = hci_get_next_instance(hdev, cp->instance);
6281 if (next_instance)
6282 schedule_instance = next_instance->instance;
6283 } else if (!hdev->adv_instance_timeout) {
6284 /* Immediately advertise the new instance if no other
6285 * instance is currently being advertised.
6286 */
6287 schedule_instance = cp->instance;
6288 }
24b4f38f 6289
fffd38bc
FG		 6290 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6291 * there is no instance to be advertised then we have no HCI
6292 * communication to make. Simply return.
24b4f38f
AU		 6293 */
6294 if (!hdev_is_powered(hdev) ||
fffd38bc
FG		 6295 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6296 !schedule_instance) {
6297 rp.instance = cp->instance;
24b4f38f
AU		 6298 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6299 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6300 goto unlock;
6301 }
6302
6303 /* We're good to go, update advertising data, parameters, and start
6304 * advertising.
6305 */
6306 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6307 data_len);
6308 if (!cmd) {
6309 err = -ENOMEM;
6310 goto unlock;
6311 }
6312
6313 hci_req_init(&req, hdev);
6314
f2252570 6315 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
fffd38bc
FG		 6316
6317 if (!err)
6318 err = hci_req_run(&req, add_advertising_complete);
24b4f38f 6319
24b4f38f
AU		 6320 if (err < 0)
6321 mgmt_pending_remove(cmd);
6322
6323unlock:
6324 hci_dev_unlock(hdev);
6325
6326 return err;
6327}
6328
da929335
AU		 6329static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6330 u16 opcode)
6331{
6332 struct mgmt_pending_cmd *cmd;
01948331 6333 struct mgmt_cp_remove_advertising *cp;
da929335
AU		 6334 struct mgmt_rp_remove_advertising rp;
6335
6336 BT_DBG("status %d", status);
6337
6338 hci_dev_lock(hdev);
6339
6340 /* A failure status here only means that we failed to disable
6341 * advertising. Otherwise, the advertising instance has been removed,
6342 * so report success.
6343 */
6344 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6345 if (!cmd)
6346 goto unlock;
6347
01948331
FG		 6348 cp = cmd->param;
6349 rp.instance = cp->instance;
da929335
AU		 6350
6351 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6352 &rp, sizeof(rp));
6353 mgmt_pending_remove(cmd);
6354
6355unlock:
6356 hci_dev_unlock(hdev);
6357}
6358
6359static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6360 void *data, u16 data_len)
6361{
6362 struct mgmt_cp_remove_advertising *cp = data;
6363 struct mgmt_rp_remove_advertising rp;
da929335
AU		 6364 struct mgmt_pending_cmd *cmd;
6365 struct hci_request req;
952497b1 6366 int err;
da929335
AU		 6367
6368 BT_DBG("%s", hdev->name);
6369
da929335
AU		 6370 hci_dev_lock(hdev);
6371
952497b1 6372 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
01948331
FG		 6373 err = mgmt_cmd_status(sk, hdev->id,
6374 MGMT_OP_REMOVE_ADVERTISING,
6375 MGMT_STATUS_INVALID_PARAMS);
6376 goto unlock;
6377 }
6378
da929335
AU		 6379 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6380 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6381 pending_find(MGMT_OP_SET_LE, hdev)) {
6382 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6383 MGMT_STATUS_BUSY);
6384 goto unlock;
6385 }
6386
6387 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
6388 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6389 MGMT_STATUS_INVALID_PARAMS);
6390 goto unlock;
6391 }
6392
01948331 6393 hci_req_init(&req, hdev);
da929335 6394
f2252570 6395 hci_req_clear_adv_instance(hdev, &req, cp->instance, true);
da929335 6396
01948331 6397 if (list_empty(&hdev->adv_instances))
f2252570 6398 __hci_req_disable_advertising(&req);
da929335 6399
01948331
FG		 6400 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6401 * flag is set or the device isn't powered then we have no HCI
6402 * communication to make. Simply return.
da929335 6403 */
01948331
FG		 6404 if (skb_queue_empty(&req.cmd_q) ||
6405 !hdev_is_powered(hdev) ||
da929335 6406 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
01948331 6407 rp.instance = cp->instance;
da929335
AU		 6408 err = mgmt_cmd_complete(sk, hdev->id,
6409 MGMT_OP_REMOVE_ADVERTISING,
6410 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6411 goto unlock;
6412 }
6413
6414 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6415 data_len);
6416 if (!cmd) {
6417 err = -ENOMEM;
6418 goto unlock;
6419 }
6420
da929335
AU		 6421 err = hci_req_run(&req, remove_advertising_complete);
6422 if (err < 0)
6423 mgmt_pending_remove(cmd);
6424
6425unlock:
6426 hci_dev_unlock(hdev);
6427
6428 return err;
6429}
6430
40b25fe5
MH		 6431static u8 tlv_data_max_len(u32 adv_flags, bool is_adv_data)
6432{
6433 u8 max_len = HCI_MAX_AD_LENGTH;
6434
6435 if (is_adv_data) {
6436 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6437 MGMT_ADV_FLAG_LIMITED_DISCOV |
6438 MGMT_ADV_FLAG_MANAGED_FLAGS))
6439 max_len -= 3;
6440
6441 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6442 max_len -= 3;
6443 }
6444
6445 return max_len;
6446}
6447
6448static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6449 void *data, u16 data_len)
6450{
6451 struct mgmt_cp_get_adv_size_info *cp = data;
6452 struct mgmt_rp_get_adv_size_info rp;
6453 u32 flags, supported_flags;
6454 int err;
6455
6456 BT_DBG("%s", hdev->name);
6457
6458 if (!lmp_le_capable(hdev))
6459 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6460 MGMT_STATUS_REJECTED);
6461
6462 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6463 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6464 MGMT_STATUS_INVALID_PARAMS);
6465
6466 flags = __le32_to_cpu(cp->flags);
6467
6468 /* The current implementation only supports a subset of the specified
6469 * flags.
6470 */
6471 supported_flags = get_supported_adv_flags(hdev);
6472 if (flags & ~supported_flags)
6473 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6474 MGMT_STATUS_INVALID_PARAMS);
6475
6476 rp.instance = cp->instance;
6477 rp.flags = cp->flags;
6478 rp.max_adv_data_len = tlv_data_max_len(flags, true);
6479 rp.max_scan_rsp_len = tlv_data_max_len(flags, false);
6480
6481 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6482 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6483
6484 return err;
6485}
6486
6d785aa3 6487static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6488 { NULL }, /* 0x0000 (no command) */
b9a245fb 6489 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 6490 HCI_MGMT_NO_HDEV |
6491 HCI_MGMT_UNTRUSTED },
b9a245fb 6492 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 6493 HCI_MGMT_NO_HDEV |
6494 HCI_MGMT_UNTRUSTED },
b9a245fb 6495 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 6496 HCI_MGMT_NO_HDEV |
6497 HCI_MGMT_UNTRUSTED },
6498 { read_controller_info, MGMT_READ_INFO_SIZE,
6499 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 6500 { set_powered, MGMT_SETTING_SIZE },
6501 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6502 { set_connectable, MGMT_SETTING_SIZE },
6503 { set_fast_connectable, MGMT_SETTING_SIZE },
6504 { set_bondable, MGMT_SETTING_SIZE },
6505 { set_link_security, MGMT_SETTING_SIZE },
6506 { set_ssp, MGMT_SETTING_SIZE },
6507 { set_hs, MGMT_SETTING_SIZE },
6508 { set_le, MGMT_SETTING_SIZE },
6509 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6510 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6511 { add_uuid, MGMT_ADD_UUID_SIZE },
6512 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 6513 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6514 HCI_MGMT_VAR_LEN },
6515 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6516 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6517 { disconnect, MGMT_DISCONNECT_SIZE },
6518 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6519 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6520 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6521 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6522 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6523 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6524 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6525 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6526 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6527 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6528 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 6529 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6530 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6531 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6532 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6533 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6534 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6535 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6536 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6537 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6538 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6539 { set_advertising, MGMT_SETTING_SIZE },
6540 { set_bredr, MGMT_SETTING_SIZE },
6541 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6542 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6543 { set_secure_conn, MGMT_SETTING_SIZE },
6544 { set_debug_keys, MGMT_SETTING_SIZE },
6545 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 6546 { load_irks, MGMT_LOAD_IRKS_SIZE,
6547 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6548 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6549 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6550 { add_device, MGMT_ADD_DEVICE_SIZE },
6551 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 6552 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6553 HCI_MGMT_VAR_LEN },
6554 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 6555 HCI_MGMT_NO_HDEV |
6556 HCI_MGMT_UNTRUSTED },
b9a245fb 6557 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 6558 HCI_MGMT_UNCONFIGURED |
6559 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 6560 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6561 HCI_MGMT_UNCONFIGURED },
6562 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6563 HCI_MGMT_UNCONFIGURED },
6564 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6565 HCI_MGMT_VAR_LEN },
4f0f155c 6566 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 6567 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 6568 HCI_MGMT_NO_HDEV |
6569 HCI_MGMT_UNTRUSTED },
d3d5305b 6570 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 6571 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6572 HCI_MGMT_VAR_LEN },
da929335 6573 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
40b25fe5 6574 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
0f4e68cf
JH		 6575};
6576
bf6b56db 6577void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6578{
ced85549 6579 struct mgmt_ev_ext_index ev;
bb4b2a9a 6580
0602a8ad
MH		 6581 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6582 return;
6583
f9207338
MH		 6584 switch (hdev->dev_type) {
6585 case HCI_BREDR:
6586 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6587 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6588 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6589 ev.type = 0x01;
f9207338
MH		 6590 } else {
6591 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6592 HCI_MGMT_INDEX_EVENTS);
ced85549 6593 ev.type = 0x00;
f9207338
MH		 6594 }
6595 break;
ced85549
MH		 6596 case HCI_AMP:
6597 ev.type = 0x02;
6598 break;
6599 default:
6600 return;
f9207338 6601 }
ced85549
MH		 6602
6603 ev.bus = hdev->bus;
6604
6605 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6606 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 6607}
6608
bf6b56db 6609void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6610{
ced85549 6611 struct mgmt_ev_ext_index ev;
5f159032 6612 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6613
0602a8ad
MH		 6614 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6615 return;
6616
f9207338
MH		 6617 switch (hdev->dev_type) {
6618 case HCI_BREDR:
6619 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6620
f9207338
MH		 6621 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6622 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6623 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6624 ev.type = 0x01;
f9207338
MH		 6625 } else {
6626 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6627 HCI_MGMT_INDEX_EVENTS);
ced85549 6628 ev.type = 0x00;
f9207338
MH		 6629 }
6630 break;
ced85549
MH		 6631 case HCI_AMP:
6632 ev.type = 0x02;
6633 break;
6634 default:
6635 return;
f9207338 6636 }
ced85549
MH		 6637
6638 ev.bus = hdev->bus;
6639
6640 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6641 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 6642}
6643
6046dc3e 6644/* This function requires the caller holds hdev->lock */
af02dd44 6645static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 6646{
6647 struct hci_conn_params *p;
6648
6649 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6650 /* Needed for AUTO_OFF case where might not "really"
6651 * have been powered off.
6652 */
6653 list_del_init(&p->action);
6654
6655 switch (p->auto_connect) {
4b9e7e75 6656 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6657 case HCI_AUTO_CONN_ALWAYS:
6658 list_add(&p->action, &hdev->pend_le_conns);
6659 break;
6660 case HCI_AUTO_CONN_REPORT:
6661 list_add(&p->action, &hdev->pend_le_reports);
6662 break;
6663 default:
6664 break;
c83ed19d 6665 }
6046dc3e
AG		 6666 }
6667}
6668
1904a853 6669static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 6670{
6671 struct cmd_lookup match = { NULL, hdev };
6672
6673 BT_DBG("status 0x%02x", status);
6674
162a3bac 6675 if (!status) {
af02dd44
JH		 6676 restart_le_actions(hdev);
6677 hci_update_background_scan(hdev);
162a3bac
MH		 6678 }
6679
229ab39c
JH		 6680 hci_dev_lock(hdev);
6681
6682 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6683
6684 new_settings(hdev, match.sk);
6685
6686 hci_dev_unlock(hdev);
6687
6688 if (match.sk)
6689 sock_put(match.sk);
6690}
6691
70da6243 6692static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6693{
890ea898 6694 struct hci_request req;
320b3bf7 6695 struct adv_info *adv_instance;
70da6243 6696 u8 link_sec;
5add6af8 6697
890ea898
JH		 6698 hci_req_init(&req, hdev);
6699
d7a5a11d 6700 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
70da6243 6701 !lmp_host_ssp_capable(hdev)) {
574ea3c7 6702 u8 mode = 0x01;
5e5282bb 6703
574ea3c7
MH		 6704 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6705
6706 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6707 u8 support = 0x01;
5add6af8 6708
574ea3c7
MH		 6709 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6710 sizeof(support), &support);
6711 }
ec6f99b8
JH		 6712 }
6713
d7a5a11d 6714 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
c73eee91 6715 lmp_bredr_capable(hdev)) {
70da6243 6716 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6717
32226e4f
MH		 6718 cp.le = 0x01;
6719 cp.simul = 0x00;
3d1cbdd6 6720
70da6243
JH		 6721 /* Check first if we already have the right
6722 * host state (host features set)
6723 */
6724 if (cp.le != lmp_host_le_capable(hdev) ||
6725 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6726 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6727 sizeof(cp), &cp);
70da6243 6728 }
3d1cbdd6 6729
d13eafce 6730 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6731 /* Make sure the controller has a good default for
6732 * advertising data. This also applies to the case
6733 * where BR/EDR was toggled during the AUTO_OFF phase.
6734 */
320b3bf7
FG		 6735 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
6736 (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6737 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))) {
f2252570
JH		 6738 __hci_req_update_adv_data(&req, HCI_ADV_CURRENT);
6739 __hci_req_update_scan_rsp_data(&req, HCI_ADV_CURRENT);
f14d8f64 6740 }
441ad2d0 6741
320b3bf7
FG		 6742 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
6743 hdev->cur_adv_instance == 0x00 &&
6744 !list_empty(&hdev->adv_instances)) {
6745 adv_instance = list_first_entry(&hdev->adv_instances,
6746 struct adv_info, list);
6747 hdev->cur_adv_instance = adv_instance->instance;
6748 }
6749
6750 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
f2252570 6751 __hci_req_enable_advertising(&req);
320b3bf7
FG		 6752 else if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
6753 hdev->cur_adv_instance)
f2252570
JH		 6754 __hci_req_schedule_adv_instance(&req,
6755 hdev->cur_adv_instance,
6756 true);
eeca6f89
JH		 6757 }
6758
d7a5a11d 6759 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
70da6243 6760 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6761 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6762 sizeof(link_sec), &link_sec);
562fcc24 6763
70da6243 6764 if (lmp_bredr_capable(hdev)) {
d7a5a11d 6765 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
406ef2a6
JH		 6766 write_fast_connectable(&req, true);
6767 else
6768 write_fast_connectable(&req, false);
01b1cb87 6769 __hci_req_update_scan(&req);
14bf5eac 6770 __hci_req_update_class(&req);
13928971 6771 update_name(&req);
890ea898 6772 update_eir(&req);
70da6243 6773 }
562fcc24 6774
229ab39c 6775 return hci_req_run(&req, powered_complete);
70da6243 6776}
562fcc24 6777
70da6243
JH		 6778int mgmt_powered(struct hci_dev *hdev, u8 powered)
6779{
6780 struct cmd_lookup match = { NULL, hdev };
9845904f 6781 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6782 int err;
f0ff92fb 6783
d7a5a11d 6784 if (!hci_dev_test_flag(hdev, HCI_MGMT))
70da6243
JH		 6785 return 0;
6786
70da6243 6787 if (powered) {
e59a5542
AK		 6788 /* Register the available SMP channels (BR/EDR and LE) only
6789 * when successfully powering on the controller. This late
6790 * registration is required so that LE SMP can clearly
6791 * decide if the public address or static address is used.
6792 */
6793 smp_register(hdev);
6794
229ab39c
JH		 6795 if (powered_update_hci(hdev) == 0)
6796 return 0;
fe038884 6797
229ab39c
JH		 6798 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6799 &match);
6800 goto new_settings;
b24752fe
JH		 6801 }
6802
229ab39c 6803 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6804
6805 /* If the power off is because of hdev unregistration let
6806 * use the appropriate INVALID_INDEX status. Otherwise use
6807 * NOT_POWERED. We cover both scenarios here since later in
6808 * mgmt_index_removed() any hci_conn callbacks will have already
6809 * been triggered, potentially causing misleading DISCONNECTED
6810 * status responses.
6811 */
d7a5a11d 6812 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 6813 status = MGMT_STATUS_INVALID_INDEX;
6814 else
6815 status = MGMT_STATUS_NOT_POWERED;
6816
6817 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6818
6819 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
f6b7712e
MH		 6820 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6821 zero_cod, sizeof(zero_cod), NULL);
229ab39c
JH		 6822
6823new_settings:
beadb2bd 6824 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6825
6826 if (match.sk)
6827 sock_put(match.sk);
6828
7bb895d6 6829 return err;
5add6af8 6830}
73f22f62 6831
3eec705e 6832void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 6833{
3b0602cd 6834 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 6835 u8 status;
6836
333ae95d 6837 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 6838 if (!cmd)
3eec705e 6839 return;
96570ffc
JH		 6840
6841 if (err == -ERFKILL)
6842 status = MGMT_STATUS_RFKILLED;
6843 else
6844 status = MGMT_STATUS_FAILED;
6845
a69e8375 6846 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6847
6848 mgmt_pending_remove(cmd);
96570ffc
JH		 6849}
6850
d1967ff8
MH		 6851void mgmt_discoverable_timeout(struct hci_dev *hdev)
6852{
6853 struct hci_request req;
d1967ff8
MH		 6854
6855 hci_dev_lock(hdev);
6856
6857 /* When discoverable timeout triggers, then just make sure
6858 * the limited discoverable flag is cleared. Even in the case
6859 * of a timeout triggered from general discoverable, it is
6860 * safe to unconditionally clear the flag.
6861 */
a358dc11
MH		 6862 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
6863 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
d1967ff8
MH		 6864
6865 hci_req_init(&req, hdev);
d7a5a11d 6866 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4b580614
JH		 6867 u8 scan = SCAN_PAGE;
6868 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6869 sizeof(scan), &scan);
6870 }
14bf5eac 6871 __hci_req_update_class(&req);
24b4f38f
AU		 6872
6873 /* Advertising instances don't use the global discoverable setting, so
6874 * only update AD if advertising was enabled using Set Advertising.
6875 */
6876 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
f2252570 6877 __hci_req_update_adv_data(&req, HCI_ADV_CURRENT);
24b4f38f 6878
d1967ff8
MH		 6879 hci_req_run(&req, NULL);
6880
6881 hdev->discov_timeout = 0;
6882
9a43e25f
JH		 6883 new_settings(hdev, NULL);
6884
d1967ff8
MH		 6885 hci_dev_unlock(hdev);
6886}
6887
dc4a5ee2
MH		 6888void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6889 bool persistent)
55ed8ca1 6890{
86742e1e 6891 struct mgmt_ev_new_link_key ev;
55ed8ca1 6892
a492cd52 6893 memset(&ev, 0, sizeof(ev));
55ed8ca1 6894
a492cd52 6895 ev.store_hint = persistent;
d753fdc4 6896 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6897 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6898 ev.key.type = key->type;
9b3b4460 6899 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6900 ev.key.pin_len = key->pin_len;
55ed8ca1 6901
dc4a5ee2 6902 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6903}
f7520543 6904
d7b25450
JH		 6905static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6906{
23fb8de3
JH		 6907 switch (ltk->type) {
6908 case SMP_LTK:
6909 case SMP_LTK_SLAVE:
6910 if (ltk->authenticated)
6911 return MGMT_LTK_AUTHENTICATED;
6912 return MGMT_LTK_UNAUTHENTICATED;
6913 case SMP_LTK_P256:
6914 if (ltk->authenticated)
6915 return MGMT_LTK_P256_AUTH;
6916 return MGMT_LTK_P256_UNAUTH;
6917 case SMP_LTK_P256_DEBUG:
6918 return MGMT_LTK_P256_DEBUG;
6919 }
d7b25450
JH		 6920
6921 return MGMT_LTK_UNAUTHENTICATED;
6922}
6923
53ac6ab6 6924void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6925{
6926 struct mgmt_ev_new_long_term_key ev;
6927
6928 memset(&ev, 0, sizeof(ev));
6929
5192d301 6930 /* Devices using resolvable or non-resolvable random addresses
f72186d2 6931 * without providing an identity resolving key don't require
5192d301
MH		 6932 * to store long term keys. Their addresses will change the
6933 * next time around.
6934 *
6935 * Only when a remote device provides an identity address
6936 * make sure the long term key is stored. If the remote
6937 * identity is known, the long term keys are internally
6938 * mapped to the identity address. So allow static random
6939 * and public addresses here.
6940 */
ba74b666
JH		 6941 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6942 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6943 ev.store_hint = 0x00;
6944 else
53ac6ab6 6945 ev.store_hint = persistent;
ba74b666 6946
346af67b 6947 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6948 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6949 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6950 ev.key.enc_size = key->enc_size;
6951 ev.key.ediv = key->ediv;
fe39c7b2 6952 ev.key.rand = key->rand;
346af67b 6953
2ceba539 6954 if (key->type == SMP_LTK)
346af67b
VCG		 6955 ev.key.master = 1;
6956
1fc62c52
JH		 6957 /* Make sure we copy only the significant bytes based on the
6958 * encryption key size, and set the rest of the value to zeroes.
6959 */
cb92205b 6960 memcpy(ev.key.val, key->val, key->enc_size);
1fc62c52
JH		 6961 memset(ev.key.val + key->enc_size, 0,
6962 sizeof(ev.key.val) - key->enc_size);
346af67b 6963
083368f7 6964 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6965}
6966
cad20c27 6967void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
95fbac8a
JH		 6968{
6969 struct mgmt_ev_new_irk ev;
6970
6971 memset(&ev, 0, sizeof(ev));
6972
cad20c27 6973 ev.store_hint = persistent;
bab6d1e5 6974
95fbac8a
JH		 6975 bacpy(&ev.rpa, &irk->rpa);
6976 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6977 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6978 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6979
6980 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6981}
6982
53ac6ab6
MH		 6983void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6984 bool persistent)
7ee4ea36
MH		 6985{
6986 struct mgmt_ev_new_csrk ev;
6987
6988 memset(&ev, 0, sizeof(ev));
6989
6990 /* Devices using resolvable or non-resolvable random addresses
f72186d2 6991 * without providing an identity resolving key don't require
7ee4ea36
MH		 6992 * to store signature resolving keys. Their addresses will change
6993 * the next time around.
6994 *
6995 * Only when a remote device provides an identity address
6996 * make sure the signature resolving key is stored. So allow
6997 * static random and public addresses here.
6998 */
6999 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7000 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7001 ev.store_hint = 0x00;
7002 else
53ac6ab6 7003 ev.store_hint = persistent;
7ee4ea36
MH		 7004
7005 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7006 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 7007 ev.key.type = csrk->type;
7ee4ea36
MH		 7008 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7009
7010 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7011}
7012
ffb5a827 7013void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 7014 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7015 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 7016{
7017 struct mgmt_ev_new_conn_param ev;
7018
c103aea6
JH		 7019 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7020 return;
7021
ffb5a827
AG		 7022 memset(&ev, 0, sizeof(ev));
7023 bacpy(&ev.addr.bdaddr, bdaddr);
7024 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 7025 ev.store_hint = store_hint;
ffb5a827
AG		 7026 ev.min_interval = cpu_to_le16(min_interval);
7027 ev.max_interval = cpu_to_le16(max_interval);
7028 ev.latency = cpu_to_le16(latency);
7029 ev.timeout = cpu_to_le16(timeout);
7030
7031 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7032}
7033
48ec92fa
AA		 7034void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7035 u32 flags, u8 *name, u8 name_len)
f7520543 7036{
b644ba33
JH		 7037 char buf[512];
7038 struct mgmt_ev_device_connected *ev = (void *) buf;
7039 u16 eir_len = 0;
f7520543 7040
48ec92fa
AA		 7041 bacpy(&ev->addr.bdaddr, &conn->dst);
7042 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 7043
c95f0ba7 7044 ev->flags = __cpu_to_le32(flags);
08c79b61 7045
fd45ada9
AA		 7046 /* We must ensure that the EIR Data fields are ordered and
7047 * unique. Keep it simple for now and avoid the problem by not
7048 * adding any BR/EDR data to the LE adv.
7049 */
7050 if (conn->le_adv_data_len > 0) {
7051 memcpy(&ev->eir[eir_len],
7052 conn->le_adv_data, conn->le_adv_data_len);
7053 eir_len = conn->le_adv_data_len;
7054 } else {
7055 if (name_len > 0)
7056 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7057 name, name_len);
b644ba33 7058
ddbea5cf 7059 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 7060 eir_len = eir_append_data(ev->eir, eir_len,
7061 EIR_CLASS_OF_DEV,
7062 conn->dev_class, 3);
7063 }
b644ba33 7064
eb55ef07 7065 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 7066
ecd90ae7
MH		 7067 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7068 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 7069}
7070
3b0602cd 7071static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 7072{
8962ee74 7073 struct sock **sk = data;
8962ee74 7074
f5818c22 7075 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 7076
7077 *sk = cmd->sk;
7078 sock_hold(*sk);
7079
a664b5bc 7080 mgmt_pending_remove(cmd);
8962ee74
JH		 7081}
7082
3b0602cd 7083static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 7084{
b1078ad0 7085 struct hci_dev *hdev = data;
124f6e35 7086 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 7087
b1078ad0
JH		 7088 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7089
d8b7b1e4 7090 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 7091 mgmt_pending_remove(cmd);
7092}
7093
84c61d92
JH		 7094bool mgmt_powering_down(struct hci_dev *hdev)
7095{
3b0602cd 7096 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 7097 struct mgmt_mode *cp;
7098
333ae95d 7099 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 7100 if (!cmd)
7101 return false;
7102
7103 cp = cmd->param;
7104 if (!cp->val)
7105 return true;
7106
7107 return false;
7108}
7109
9b80ec5e 7110void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 7111 u8 link_type, u8 addr_type, u8 reason,
7112 bool mgmt_connected)
f7520543 7113{
f0d6a0ea 7114 struct mgmt_ev_device_disconnected ev;
8962ee74 7115 struct sock *sk = NULL;
8962ee74 7116
84c61d92
JH		 7117 /* The connection is still in hci_conn_hash so test for 1
7118 * instead of 0 to know if this is the last one.
7119 */
7120 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7121 cancel_delayed_work(&hdev->power_off);
7122 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 7123 }
7124
12d4a3b2
JH		 7125 if (!mgmt_connected)
7126 return;
7127
57eb776f
AG		 7128 if (link_type != ACL_LINK && link_type != LE_LINK)
7129 return;
7130
744cf19e 7131 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 7132
f0d6a0ea
MA		 7133 bacpy(&ev.addr.bdaddr, bdaddr);
7134 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7135 ev.reason = reason;
f7520543 7136
9b80ec5e 7137 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 7138
7139 if (sk)
d97dcb66 7140 sock_put(sk);
8962ee74 7141
124f6e35 7142 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 7143 hdev);
8962ee74
JH		 7144}
7145
7892924c
MH		 7146void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7147 u8 link_type, u8 addr_type, u8 status)
8962ee74 7148{
3655bba8
AG		 7149 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7150 struct mgmt_cp_disconnect *cp;
3b0602cd 7151 struct mgmt_pending_cmd *cmd;
8962ee74 7152
36a75f1b
JD		 7153 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7154 hdev);
7155
333ae95d 7156 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 7157 if (!cmd)
7892924c 7158 return;
8962ee74 7159
3655bba8
AG		 7160 cp = cmd->param;
7161
7162 if (bacmp(bdaddr, &cp->addr.bdaddr))
7163 return;
7164
7165 if (cp->addr.type != bdaddr_type)
7166 return;
7167
f5818c22 7168 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7169 mgmt_pending_remove(cmd);
f7520543 7170}
17d5c04c 7171
445608d0
MH		 7172void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7173 u8 addr_type, u8 status)
17d5c04c
JH		 7174{
7175 struct mgmt_ev_connect_failed ev;
c9910d0f 7176
84c61d92
JH		 7177 /* The connection is still in hci_conn_hash so test for 1
7178 * instead of 0 to know if this is the last one.
7179 */
7180 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7181 cancel_delayed_work(&hdev->power_off);
7182 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 7183 }
17d5c04c 7184
4c659c39 7185 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7186 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 7187 ev.status = mgmt_status(status);
17d5c04c 7188
445608d0 7189 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 7190}
980e1a53 7191
ce0e4a0d 7192void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 7193{
7194 struct mgmt_ev_pin_code_request ev;
7195
d8457698 7196 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 7197 ev.addr.type = BDADDR_BREDR;
a770bb5a 7198 ev.secure = secure;
980e1a53 7199
ce0e4a0d 7200 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 7201}
7202
e669cf80
MH		 7203void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7204 u8 status)
980e1a53 7205{
3b0602cd 7206 struct mgmt_pending_cmd *cmd;
980e1a53 7207
333ae95d 7208 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 7209 if (!cmd)
e669cf80 7210 return;
980e1a53 7211
7776d1d8 7212 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7213 mgmt_pending_remove(cmd);
980e1a53
JH		 7214}
7215
3eb38528
MH		 7216void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7217 u8 status)
980e1a53 7218{
3b0602cd 7219 struct mgmt_pending_cmd *cmd;
980e1a53 7220
333ae95d 7221 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 7222 if (!cmd)
3eb38528 7223 return;
980e1a53 7224
7776d1d8 7225 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7226 mgmt_pending_remove(cmd);
980e1a53 7227}
a5c29683 7228
744cf19e 7229int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 7230 u8 link_type, u8 addr_type, u32 value,
04124681 7231 u8 confirm_hint)
a5c29683
JH		 7232{
7233 struct mgmt_ev_user_confirm_request ev;
7234
744cf19e 7235 BT_DBG("%s", hdev->name);
a5c29683 7236
272d90df 7237 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7238 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 7239 ev.confirm_hint = confirm_hint;
39adbffe 7240 ev.value = cpu_to_le32(value);
a5c29683 7241
744cf19e 7242 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 7243 NULL);
a5c29683
JH		 7244}
7245
272d90df 7246int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7247 u8 link_type, u8 addr_type)
604086b7
BG		 7248{
7249 struct mgmt_ev_user_passkey_request ev;
7250
7251 BT_DBG("%s", hdev->name);
7252
272d90df 7253 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7254 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7255
7256 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7257 NULL);
604086b7
BG		 7258}
7259
0df4c185 7260static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7261 u8 link_type, u8 addr_type, u8 status,
7262 u8 opcode)
a5c29683 7263{
3b0602cd 7264 struct mgmt_pending_cmd *cmd;
a5c29683 7265
333ae95d 7266 cmd = pending_find(opcode, hdev);
a5c29683
JH		 7267 if (!cmd)
7268 return -ENOENT;
7269
7776d1d8 7270 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7271 mgmt_pending_remove(cmd);
a5c29683 7272
7776d1d8 7273 return 0;
a5c29683
JH		 7274}
7275
744cf19e 7276int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7277 u8 link_type, u8 addr_type, u8 status)
a5c29683 7278{
272d90df 7279 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7280 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7281}
7282
272d90df 7283int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7284 u8 link_type, u8 addr_type, u8 status)
a5c29683 7285{
272d90df 7286 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7287 status,
7288 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7289}
2a611692 7290
604086b7 7291int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7292 u8 link_type, u8 addr_type, u8 status)
604086b7 7293{
272d90df 7294 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7295 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7296}
7297
272d90df 7298int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7299 u8 link_type, u8 addr_type, u8 status)
604086b7 7300{
272d90df 7301 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7302 status,
7303 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7304}
7305
92a25256
JH		 7306int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7307 u8 link_type, u8 addr_type, u32 passkey,
7308 u8 entered)
7309{
7310 struct mgmt_ev_passkey_notify ev;
7311
7312 BT_DBG("%s", hdev->name);
7313
7314 bacpy(&ev.addr.bdaddr, bdaddr);
7315 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7316 ev.passkey = __cpu_to_le32(passkey);
7317 ev.entered = entered;
7318
7319 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7320}
7321
e1e930f5 7322void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7323{
7324 struct mgmt_ev_auth_failed ev;
3b0602cd 7325 struct mgmt_pending_cmd *cmd;
e1e930f5 7326 u8 status = mgmt_status(hci_status);
2a611692 7327
e1e930f5
JH		 7328 bacpy(&ev.addr.bdaddr, &conn->dst);
7329 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7330 ev.status = status;
2a611692 7331
e1e930f5
JH		 7332 cmd = find_pairing(conn);
7333
7334 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7335 cmd ? cmd->sk : NULL);
7336
a511b35b
JH		 7337 if (cmd) {
7338 cmd->cmd_complete(cmd, status);
7339 mgmt_pending_remove(cmd);
7340 }
2a611692 7341}
b312b161 7342
464996ae 7343void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7344{
7345 struct cmd_lookup match = { NULL, hdev };
464996ae 7346 bool changed;
33ef95ed
JH		 7347
7348 if (status) {
7349 u8 mgmt_err = mgmt_status(status);
7350 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7351 cmd_status_rsp, &mgmt_err);
464996ae 7352 return;
33ef95ed
JH		 7353 }
7354
464996ae 7355 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7356 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7357 else
a69d8927 7358 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 7359
33ef95ed 7360 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7361 &match);
33ef95ed 7362
47990ea0 7363 if (changed)
464996ae 7364 new_settings(hdev, match.sk);
33ef95ed
JH		 7365
7366 if (match.sk)
7367 sock_put(match.sk);
33ef95ed
JH		 7368}
7369
890ea898 7370static void clear_eir(struct hci_request *req)
cacaf52f 7371{
890ea898 7372 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7373 struct hci_cp_write_eir cp;
7374
976eb20e 7375 if (!lmp_ext_inq_capable(hdev))
890ea898 7376 return;
cacaf52f 7377
c80da27e
JH		 7378 memset(hdev->eir, 0, sizeof(hdev->eir));
7379
cacaf52f
JH		 7380 memset(&cp, 0, sizeof(cp));
7381
890ea898 7382 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7383}
7384
3e248560 7385void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7386{
7387 struct cmd_lookup match = { NULL, hdev };
890ea898 7388 struct hci_request req;
c0ecddc2 7389 bool changed = false;
ed2c4ee3
JH		 7390
7391 if (status) {
7392 u8 mgmt_err = mgmt_status(status);
c0ecddc2 7393
a69d8927
MH		 7394 if (enable && hci_dev_test_and_clear_flag(hdev,
7395 HCI_SSP_ENABLED)) {
a358dc11 7396 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 7397 new_settings(hdev, NULL);
9ecb3e24 7398 }
c0ecddc2 7399
04124681
GP		 7400 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7401 &mgmt_err);
3e248560 7402 return;
c0ecddc2
JH		 7403 }
7404
7405 if (enable) {
238be788 7406 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7407 } else {
a69d8927 7408 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7409 if (!changed)
a69d8927
MH		 7410 changed = hci_dev_test_and_clear_flag(hdev,
7411 HCI_HS_ENABLED);
9ecb3e24 7412 else
a358dc11 7413 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7414 }
7415
7416 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7417
c0ecddc2 7418 if (changed)
3e248560 7419 new_settings(hdev, match.sk);
ed2c4ee3 7420
5fc6ebb1 7421 if (match.sk)
ed2c4ee3
JH		 7422 sock_put(match.sk);
7423
890ea898
JH		 7424 hci_req_init(&req, hdev);
7425
d7a5a11d
MH		 7426 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7427 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7428 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7429 sizeof(enable), &enable);
890ea898 7430 update_eir(&req);
3769972b 7431 } else {
890ea898 7432 clear_eir(&req);
3769972b 7433 }
890ea898
JH		 7434
7435 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7436}
7437
3b0602cd 7438static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7439{
7440 struct cmd_lookup *match = data;
7441
90e70454
JH		 7442 if (match->sk == NULL) {
7443 match->sk = cmd->sk;
7444 sock_hold(match->sk);
7445 }
90e70454
JH		 7446}
7447
4e1b0245
MH		 7448void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7449 u8 status)
7f9a903c 7450{
90e70454 7451 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7452
92da6097
JH		 7453 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7454 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7455 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7456
7457 if (!status)
f6b7712e
MH		 7458 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7459 dev_class, 3, NULL);
90e70454
JH		 7460
7461 if (match.sk)
7462 sock_put(match.sk);
7f9a903c
MH		 7463}
7464
7667da34 7465void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7466{
b312b161 7467 struct mgmt_cp_set_local_name ev;
3b0602cd 7468 struct mgmt_pending_cmd *cmd;
28cc7bde 7469
13928971 7470 if (status)
7667da34 7471 return;
b312b161
JH		 7472
7473 memset(&ev, 0, sizeof(ev));
7474 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7475 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7476
333ae95d 7477 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7478 if (!cmd) {
7479 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7480
13928971
JH		 7481 /* If this is a HCI command related to powering on the
7482 * HCI dev don't send any mgmt signals.
7483 */
333ae95d 7484 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7485 return;
890ea898 7486 }
b312b161 7487
f6b7712e
MH		 7488 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7489 cmd ? cmd->sk : NULL);
b312b161 7490}
c35938b2 7491
799ce93d
JP		 7492static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7493{
7494 int i;
7495
7496 for (i = 0; i < uuid_count; i++) {
7497 if (!memcmp(uuid, uuids[i], 16))
7498 return true;
7499 }
7500
7501 return false;
7502}
7503
b487b9ce
MH		 7504static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7505{
799ce93d
JP		 7506 u16 parsed = 0;
7507
7508 while (parsed < eir_len) {
7509 u8 field_len = eir[0];
7510 u8 uuid[16];
7511 int i;
7512
7513 if (field_len == 0)
7514 break;
7515
7516 if (eir_len - parsed < field_len + 1)
7517 break;
7518
7519 switch (eir[1]) {
7520 case EIR_UUID16_ALL:
7521 case EIR_UUID16_SOME:
7522 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7523 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7524 uuid[13] = eir[i + 3];
7525 uuid[12] = eir[i + 2];
7526 if (has_uuid(uuid, uuid_count, uuids))
7527 return true;
7528 }
7529 break;
7530 case EIR_UUID32_ALL:
7531 case EIR_UUID32_SOME:
7532 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7533 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7534 uuid[15] = eir[i + 5];
7535 uuid[14] = eir[i + 4];
7536 uuid[13] = eir[i + 3];
7537 uuid[12] = eir[i + 2];
7538 if (has_uuid(uuid, uuid_count, uuids))
7539 return true;
7540 }
7541 break;
7542 case EIR_UUID128_ALL:
7543 case EIR_UUID128_SOME:
7544 for (i = 0; i + 17 <= field_len; i += 16) {
7545 memcpy(uuid, eir + i + 2, 16);
7546 if (has_uuid(uuid, uuid_count, uuids))
7547 return true;
7548 }
7549 break;
7550 }
7551
7552 parsed += field_len + 1;
7553 eir += field_len + 1;
7554 }
7555
b487b9ce
MH		 7556 return false;
7557}
7558
4b0e0ced
JP		 7559static void restart_le_scan(struct hci_dev *hdev)
7560{
7561 /* If controller is not scanning we are done. */
d7a5a11d 7562 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 7563 return;
7564
7565 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7566 hdev->discovery.scan_start +
7567 hdev->discovery.scan_duration))
7568 return;
7569
7c1fbed2 7570 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
4b0e0ced
JP		 7571 DISCOV_LE_RESTART_DELAY);
7572}
7573
48f86b7f
JP		 7574static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7575 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7576{
48f86b7f
JP		 7577 /* If a RSSI threshold has been specified, and
7578 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7579 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7580 * is set, let it through for further processing, as we might need to
7581 * restart the scan.
efb2513f
MH		 7582 *
7583 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7584 * the results are also dropped.
bda157a4
MH		 7585 */
7586 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7587 (rssi == HCI_RSSI_INVALID ||
7588 (rssi < hdev->discovery.rssi &&
7589 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7590 return false;
efb2513f 7591
2976cdeb
JP		 7592 if (hdev->discovery.uuid_count != 0) {
7593 /* If a list of UUIDs is provided in filter, results with no
7594 * matching UUID should be dropped.
b487b9ce 7595 */
2976cdeb
JP		 7596 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7597 hdev->discovery.uuids) &&
7598 !eir_has_uuids(scan_rsp, scan_rsp_len,
7599 hdev->discovery.uuid_count,
7600 hdev->discovery.uuids))
7601 return false;
b487b9ce 7602 }
5d2e9fad 7603
2976cdeb
JP		 7604 /* If duplicate filtering does not report RSSI changes, then restart
7605 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7606 */
2976cdeb
JP		 7607 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7608 restart_le_scan(hdev);
7609
7610 /* Validate RSSI value against the RSSI threshold once more. */
7611 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7612 rssi < hdev->discovery.rssi)
7613 return false;
7614 }
48f86b7f
JP		 7615
7616 return true;
7617}
7618
7619void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7620 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7621 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7622{
7623 char buf[512];
7624 struct mgmt_ev_device_found *ev = (void *)buf;
7625 size_t ev_size;
7626
7627 /* Don't send events for a non-kernel initiated discovery. With
7628 * LE one exception is if we have pend_le_reports > 0 in which
7629 * case we're doing passive scanning and want these events.
7630 */
7631 if (!hci_discovery_active(hdev)) {
7632 if (link_type == ACL_LINK)
7633 return;
7634 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7635 return;
7636 }
7637
82f8b651 7638 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7639 /* We are using service discovery */
7640 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7641 scan_rsp_len))
7642 return;
7643 }
7644
7645 /* Make sure that the buffer is big enough. The 5 extra bytes
7646 * are for the potential CoD field.
7647 */
7648 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7649 return;
7650
48f86b7f
JP		 7651 memset(buf, 0, sizeof(buf));
7652
7653 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7654 * RSSI value was reported as 0 when not available. This behavior
7655 * is kept when using device discovery. This is required for full
7656 * backwards compatibility with the API.
7657 *
7658 * However when using service discovery, the value 127 will be
7659 * returned when the RSSI is not available.
7660 */
7661 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7662 link_type == ACL_LINK)
7663 rssi = 0;
7664
7665 bacpy(&ev->addr.bdaddr, bdaddr);
7666 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7667 ev->rssi = rssi;
7668 ev->flags = cpu_to_le32(flags);
7669
7670 if (eir_len > 0)
7671 /* Copy EIR or advertising data into event */
7672 memcpy(ev->eir, eir, eir_len);
7673
7674 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7675 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7676 dev_class, 3);
7677
7678 if (scan_rsp_len > 0)
7679 /* Append scan response data to event */
7680 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7681
5d2e9fad
JH		 7682 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7683 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7684
901801b9 7685 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7686}
a88a9652 7687
9cf12aee
MH		 7688void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7689 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7690{
b644ba33
JH		 7691 struct mgmt_ev_device_found *ev;
7692 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7693 u16 eir_len;
a88a9652 7694
b644ba33 7695 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7696
b644ba33
JH		 7697 memset(buf, 0, sizeof(buf));
7698
7699 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7700 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7701 ev->rssi = rssi;
7702
7703 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7704 name_len);
b644ba33 7705
eb55ef07 7706 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7707
9cf12aee 7708 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7709}
314b2381 7710
2f1e063b 7711void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7712{
f963e8e9 7713 struct mgmt_ev_discovering ev;
164a6e78 7714
343fb145
AG		 7715 BT_DBG("%s discovering %u", hdev->name, discovering);
7716
f963e8e9
JH		 7717 memset(&ev, 0, sizeof(ev));
7718 ev.type = hdev->discovery.type;
7719 ev.discovering = discovering;
7720
2f1e063b 7721 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7722}
5e762444 7723
6d785aa3
JH		 7724static struct hci_mgmt_chan chan = {
7725 .channel = HCI_CHANNEL_CONTROL,
7726 .handler_count = ARRAY_SIZE(mgmt_handlers),
7727 .handlers = mgmt_handlers,
88b94ce9 7728 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 7729};
7730
7731int mgmt_init(void)
7732{
7733 return hci_mgmt_chan_register(&chan);
7734}
7735
7736void mgmt_exit(void)
7737{
7738 hci_mgmt_chan_unregister(&chan);
7739}
Linux kernel - Deliverables
This page took 1.338407 seconds and 5 git commands to generate.