projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Do not trigger background scanning when HCI_AUTO_OFF is set
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
730f091b 38#define MGMT_REVISION 7
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 89 MGMT_OP_ADD_DEVICE,
90 MGMT_OP_REMOVE_DEVICE,
e70bb2e8
JH		 91};
92
93static const u16 mgmt_events[] = {
94 MGMT_EV_CONTROLLER_ERROR,
95 MGMT_EV_INDEX_ADDED,
96 MGMT_EV_INDEX_REMOVED,
97 MGMT_EV_NEW_SETTINGS,
98 MGMT_EV_CLASS_OF_DEV_CHANGED,
99 MGMT_EV_LOCAL_NAME_CHANGED,
100 MGMT_EV_NEW_LINK_KEY,
101 MGMT_EV_NEW_LONG_TERM_KEY,
102 MGMT_EV_DEVICE_CONNECTED,
103 MGMT_EV_DEVICE_DISCONNECTED,
104 MGMT_EV_CONNECT_FAILED,
105 MGMT_EV_PIN_CODE_REQUEST,
106 MGMT_EV_USER_CONFIRM_REQUEST,
107 MGMT_EV_USER_PASSKEY_REQUEST,
108 MGMT_EV_AUTH_FAILED,
109 MGMT_EV_DEVICE_FOUND,
110 MGMT_EV_DISCOVERING,
111 MGMT_EV_DEVICE_BLOCKED,
112 MGMT_EV_DEVICE_UNBLOCKED,
113 MGMT_EV_DEVICE_UNPAIRED,
92a25256 114 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 115 MGMT_EV_NEW_IRK,
7ee4ea36 116 MGMT_EV_NEW_CSRK,
8afef092
MH		 117 MGMT_EV_DEVICE_ADDED,
118 MGMT_EV_DEVICE_REMOVED,
e70bb2e8
JH		 119};
120
17b02e62 121#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 122
4b34ee78
JH		 123#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
124 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
125
eec8d2bc
JH		 126struct pending_cmd {
127 struct list_head list;
fc2f4b13 128 u16 opcode;
eec8d2bc 129 int index;
c68fb7ff 130 void *param;
eec8d2bc 131 struct sock *sk;
e9a416b5 132 void *user_data;
eec8d2bc
JH		 133};
134
ca69b795
JH		 135/* HCI to MGMT error code conversion table */
136static u8 mgmt_status_table[] = {
137 MGMT_STATUS_SUCCESS,
138 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
139 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
140 MGMT_STATUS_FAILED, /* Hardware Failure */
141 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
142 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 143 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 144 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
145 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
146 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
147 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
148 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
149 MGMT_STATUS_BUSY, /* Command Disallowed */
150 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
151 MGMT_STATUS_REJECTED, /* Rejected Security */
152 MGMT_STATUS_REJECTED, /* Rejected Personal */
153 MGMT_STATUS_TIMEOUT, /* Host Timeout */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
155 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
156 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
157 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
158 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
159 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
160 MGMT_STATUS_BUSY, /* Repeated Attempts */
161 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
162 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
163 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
164 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
165 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
166 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
167 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
168 MGMT_STATUS_FAILED, /* Unspecified Error */
169 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
170 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
171 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
172 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
173 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
174 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
175 MGMT_STATUS_FAILED, /* Unit Link Key Used */
176 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
177 MGMT_STATUS_TIMEOUT, /* Instant Passed */
178 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
179 MGMT_STATUS_FAILED, /* Transaction Collision */
180 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
181 MGMT_STATUS_REJECTED, /* QoS Rejected */
182 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
183 MGMT_STATUS_REJECTED, /* Insufficient Security */
184 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
185 MGMT_STATUS_BUSY, /* Role Switch Pending */
186 MGMT_STATUS_FAILED, /* Slot Violation */
187 MGMT_STATUS_FAILED, /* Role Switch Failed */
188 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
189 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
190 MGMT_STATUS_BUSY, /* Host Busy Pairing */
191 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
192 MGMT_STATUS_BUSY, /* Controller Busy */
193 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
194 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
195 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
196 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
197 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
198};
199
200static u8 mgmt_status(u8 hci_status)
201{
202 if (hci_status < ARRAY_SIZE(mgmt_status_table))
203 return mgmt_status_table[hci_status];
204
205 return MGMT_STATUS_FAILED;
206}
207
4e51eae9 208static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 209{
210 struct sk_buff *skb;
211 struct mgmt_hdr *hdr;
212 struct mgmt_ev_cmd_status *ev;
56b7d137 213 int err;
f7b64e69 214
34eb525c 215 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 216
790eff44 217 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 218 if (!skb)
219 return -ENOMEM;
220
221 hdr = (void *) skb_put(skb, sizeof(*hdr));
222
dcf4adbf 223 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 224 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 225 hdr->len = cpu_to_le16(sizeof(*ev));
226
227 ev = (void *) skb_put(skb, sizeof(*ev));
228 ev->status = status;
eb55ef07 229 ev->opcode = cpu_to_le16(cmd);
f7b64e69 230
56b7d137
GP		 231 err = sock_queue_rcv_skb(sk, skb);
232 if (err < 0)
f7b64e69
JH		 233 kfree_skb(skb);
234
56b7d137 235 return err;
f7b64e69
JH		 236}
237
aee9b218 238static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 239 void *rp, size_t rp_len)
02d98129
JH		 240{
241 struct sk_buff *skb;
242 struct mgmt_hdr *hdr;
243 struct mgmt_ev_cmd_complete *ev;
56b7d137 244 int err;
02d98129
JH		 245
246 BT_DBG("sock %p", sk);
247
790eff44 248 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 249 if (!skb)
250 return -ENOMEM;
251
252 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 253
dcf4adbf 254 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 255 hdr->index = cpu_to_le16(index);
a38528f1 256 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 257
a38528f1 258 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 259 ev->opcode = cpu_to_le16(cmd);
aee9b218 260 ev->status = status;
8020c16a
SJ		 261
262 if (rp)
263 memcpy(ev->data, rp, rp_len);
02d98129 264
56b7d137
GP		 265 err = sock_queue_rcv_skb(sk, skb);
266 if (err < 0)
02d98129
JH		 267 kfree_skb(skb);
268
e5f0e151 269 return err;
02d98129
JH		 270}
271
04124681
GP		 272static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
273 u16 data_len)
a38528f1
JH		 274{
275 struct mgmt_rp_read_version rp;
276
277 BT_DBG("sock %p", sk);
278
279 rp.version = MGMT_VERSION;
dcf4adbf 280 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 281
aee9b218 282 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 283 sizeof(rp));
a38528f1
JH		 284}
285
04124681
GP		 286static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
287 u16 data_len)
e70bb2e8
JH		 288{
289 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 290 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
291 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 292 __le16 *opcode;
e70bb2e8
JH		 293 size_t rp_size;
294 int i, err;
295
296 BT_DBG("sock %p", sk);
297
298 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
299
300 rp = kmalloc(rp_size, GFP_KERNEL);
301 if (!rp)
302 return -ENOMEM;
303
dcf4adbf
JP		 304 rp->num_commands = cpu_to_le16(num_commands);
305 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 306
307 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
308 put_unaligned_le16(mgmt_commands[i], opcode);
309
310 for (i = 0; i < num_events; i++, opcode++)
311 put_unaligned_le16(mgmt_events[i], opcode);
312
aee9b218 313 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 314 rp_size);
e70bb2e8
JH		 315 kfree(rp);
316
317 return err;
318}
319
04124681
GP		 320static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
321 u16 data_len)
faba42eb 322{
faba42eb 323 struct mgmt_rp_read_index_list *rp;
8035ded4 324 struct hci_dev *d;
a38528f1 325 size_t rp_len;
faba42eb 326 u16 count;
476e44cb 327 int err;
faba42eb
JH		 328
329 BT_DBG("sock %p", sk);
330
331 read_lock(&hci_dev_list_lock);
332
333 count = 0;
bb4b2a9a 334 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 335 if (d->dev_type == HCI_BREDR)
336 count++;
faba42eb
JH		 337 }
338
a38528f1
JH		 339 rp_len = sizeof(*rp) + (2 * count);
340 rp = kmalloc(rp_len, GFP_ATOMIC);
341 if (!rp) {
b2c60d42 342 read_unlock(&hci_dev_list_lock);
faba42eb 343 return -ENOMEM;
b2c60d42 344 }
faba42eb 345
476e44cb 346 count = 0;
8035ded4 347 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 348 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 349 continue;
350
0736cfa8
MH		 351 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
352 continue;
353
fee746b0
MH		 354 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
355 continue;
356
1514b892
MH		 357 if (d->dev_type == HCI_BREDR) {
358 rp->index[count++] = cpu_to_le16(d->id);
359 BT_DBG("Added hci%u", d->id);
360 }
faba42eb
JH		 361 }
362
476e44cb
JH		 363 rp->num_controllers = cpu_to_le16(count);
364 rp_len = sizeof(*rp) + (2 * count);
365
faba42eb
JH		 366 read_unlock(&hci_dev_list_lock);
367
aee9b218 368 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 369 rp_len);
faba42eb 370
a38528f1
JH		 371 kfree(rp);
372
373 return err;
faba42eb
JH		 374}
375
69ab39ea
JH		 376static u32 get_supported_settings(struct hci_dev *hdev)
377{
378 u32 settings = 0;
379
380 settings |= MGMT_SETTING_POWERED;
69ab39ea 381 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 382 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 383
ed3fa31f 384 if (lmp_bredr_capable(hdev)) {
33c525c0 385 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 386 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 388 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 391
392 if (lmp_ssp_capable(hdev)) {
393 settings |= MGMT_SETTING_SSP;
394 settings |= MGMT_SETTING_HS;
395 }
e98d2ce2 396
5afeac14 397 if (lmp_sc_capable(hdev) ||
111902f7 398 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 399 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 400 }
d7b7e796 401
eeca6f89 402 if (lmp_le_capable(hdev)) {
9d42820f 403 settings |= MGMT_SETTING_LE;
eeca6f89 404 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 405 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 406 }
69ab39ea
JH		 407
408 return settings;
409}
410
411static u32 get_current_settings(struct hci_dev *hdev)
412{
413 u32 settings = 0;
414
f1f0eb02 415 if (hdev_is_powered(hdev))
f0d4b78a
MH		 416 settings |= MGMT_SETTING_POWERED;
417
5e5282bb 418 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 419 settings |= MGMT_SETTING_CONNECTABLE;
420
1a4d3c4b
JH		 421 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
422 settings |= MGMT_SETTING_FAST_CONNECTABLE;
423
5e5282bb 424 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 425 settings |= MGMT_SETTING_DISCOVERABLE;
426
a8b2d5c2 427 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 428 settings |= MGMT_SETTING_PAIRABLE;
429
56f87901 430 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 431 settings |= MGMT_SETTING_BREDR;
432
06199cf8 433 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 434 settings |= MGMT_SETTING_LE;
435
47990ea0 436 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 437 settings |= MGMT_SETTING_LINK_SECURITY;
438
84bde9d6 439 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 440 settings |= MGMT_SETTING_SSP;
441
6d80dfd0
JH		 442 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
443 settings |= MGMT_SETTING_HS;
444
f3d3444a 445 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 446 settings |= MGMT_SETTING_ADVERTISING;
447
e98d2ce2
MH		 448 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
449 settings |= MGMT_SETTING_SECURE_CONN;
450
0663b297 451 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 452 settings |= MGMT_SETTING_DEBUG_KEYS;
453
0f4bd942
JH		 454 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
455 settings |= MGMT_SETTING_PRIVACY;
456
69ab39ea
JH		 457 return settings;
458}
459
ef580372
JH		 460#define PNP_INFO_SVCLASS_ID 0x1200
461
213202ed
JH		 462static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
463{
464 u8 *ptr = data, *uuids_start = NULL;
465 struct bt_uuid *uuid;
466
467 if (len < 4)
468 return ptr;
469
470 list_for_each_entry(uuid, &hdev->uuids, list) {
471 u16 uuid16;
472
473 if (uuid->size != 16)
474 continue;
475
476 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
477 if (uuid16 < 0x1100)
478 continue;
479
480 if (uuid16 == PNP_INFO_SVCLASS_ID)
481 continue;
482
483 if (!uuids_start) {
484 uuids_start = ptr;
485 uuids_start[0] = 1;
486 uuids_start[1] = EIR_UUID16_ALL;
487 ptr += 2;
488 }
489
490 /* Stop if not enough space to put next UUID */
491 if ((ptr - data) + sizeof(u16) > len) {
492 uuids_start[1] = EIR_UUID16_SOME;
493 break;
494 }
495
496 *ptr++ = (uuid16 & 0x00ff);
497 *ptr++ = (uuid16 & 0xff00) >> 8;
498 uuids_start[0] += sizeof(uuid16);
499 }
500
501 return ptr;
502}
503
cdf1963f
JH		 504static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
505{
506 u8 *ptr = data, *uuids_start = NULL;
507 struct bt_uuid *uuid;
508
509 if (len < 6)
510 return ptr;
511
512 list_for_each_entry(uuid, &hdev->uuids, list) {
513 if (uuid->size != 32)
514 continue;
515
516 if (!uuids_start) {
517 uuids_start = ptr;
518 uuids_start[0] = 1;
519 uuids_start[1] = EIR_UUID32_ALL;
520 ptr += 2;
521 }
522
523 /* Stop if not enough space to put next UUID */
524 if ((ptr - data) + sizeof(u32) > len) {
525 uuids_start[1] = EIR_UUID32_SOME;
526 break;
527 }
528
529 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
530 ptr += sizeof(u32);
531 uuids_start[0] += sizeof(u32);
532 }
533
534 return ptr;
535}
536
c00d575b
JH		 537static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
538{
539 u8 *ptr = data, *uuids_start = NULL;
540 struct bt_uuid *uuid;
541
542 if (len < 18)
543 return ptr;
544
545 list_for_each_entry(uuid, &hdev->uuids, list) {
546 if (uuid->size != 128)
547 continue;
548
549 if (!uuids_start) {
550 uuids_start = ptr;
551 uuids_start[0] = 1;
552 uuids_start[1] = EIR_UUID128_ALL;
553 ptr += 2;
554 }
555
556 /* Stop if not enough space to put next UUID */
557 if ((ptr - data) + 16 > len) {
558 uuids_start[1] = EIR_UUID128_SOME;
559 break;
560 }
561
562 memcpy(ptr, uuid->uuid, 16);
563 ptr += 16;
564 uuids_start[0] += 16;
565 }
566
567 return ptr;
568}
569
eb2a8d20
JH		 570static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
571{
572 struct pending_cmd *cmd;
573
574 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
575 if (cmd->opcode == opcode)
576 return cmd;
577 }
578
579 return NULL;
580}
581
95868426
JH		 582static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
583 struct hci_dev *hdev,
584 const void *data)
585{
586 struct pending_cmd *cmd;
587
588 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
589 if (cmd->user_data != data)
590 continue;
591 if (cmd->opcode == opcode)
592 return cmd;
593 }
594
595 return NULL;
596}
597
f14d8f64
MH		 598static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
599{
7a5f4990
MH		 600 u8 ad_len = 0;
601 size_t name_len;
602
603 name_len = strlen(hdev->dev_name);
604 if (name_len > 0) {
605 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
606
607 if (name_len > max_len) {
608 name_len = max_len;
609 ptr[1] = EIR_NAME_SHORT;
610 } else
611 ptr[1] = EIR_NAME_COMPLETE;
612
613 ptr[0] = name_len + 1;
614
615 memcpy(ptr + 2, hdev->dev_name, name_len);
616
617 ad_len += (name_len + 2);
618 ptr += (name_len + 2);
619 }
620
621 return ad_len;
f14d8f64
MH		 622}
623
624static void update_scan_rsp_data(struct hci_request *req)
625{
626 struct hci_dev *hdev = req->hdev;
627 struct hci_cp_le_set_scan_rsp_data cp;
628 u8 len;
629
7751ef1b 630 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 631 return;
632
633 memset(&cp, 0, sizeof(cp));
634
635 len = create_scan_rsp_data(hdev, cp.data);
636
eb438b5f
JH		 637 if (hdev->scan_rsp_data_len == len &&
638 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 639 return;
640
eb438b5f
JH		 641 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
642 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 643
644 cp.length = len;
645
646 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
647}
648
9a43e25f
JH		 649static u8 get_adv_discov_flags(struct hci_dev *hdev)
650{
651 struct pending_cmd *cmd;
652
653 /* If there's a pending mgmt command the flags will not yet have
654 * their final values, so check for this first.
655 */
656 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
657 if (cmd) {
658 struct mgmt_mode *cp = cmd->param;
659 if (cp->val == 0x01)
660 return LE_AD_GENERAL;
661 else if (cp->val == 0x02)
662 return LE_AD_LIMITED;
663 } else {
664 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
665 return LE_AD_LIMITED;
666 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
667 return LE_AD_GENERAL;
668 }
669
670 return 0;
671}
672
46cad2ed 673static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 674{
675 u8 ad_len = 0, flags = 0;
441ad2d0 676
9a43e25f 677 flags |= get_adv_discov_flags(hdev);
441ad2d0 678
e834004b 679 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 680 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 681
682 if (flags) {
683 BT_DBG("adv flags 0x%02x", flags);
684
685 ptr[0] = 2;
686 ptr[1] = EIR_FLAGS;
687 ptr[2] = flags;
688
689 ad_len += 3;
690 ptr += 3;
691 }
692
693 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
694 ptr[0] = 2;
695 ptr[1] = EIR_TX_POWER;
696 ptr[2] = (u8) hdev->adv_tx_power;
697
698 ad_len += 3;
699 ptr += 3;
700 }
701
441ad2d0
MH		 702 return ad_len;
703}
704
5947f4bc 705static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 706{
707 struct hci_dev *hdev = req->hdev;
708 struct hci_cp_le_set_adv_data cp;
709 u8 len;
710
10994ce6 711 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 712 return;
713
714 memset(&cp, 0, sizeof(cp));
715
46cad2ed 716 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 717
718 if (hdev->adv_data_len == len &&
719 memcmp(cp.data, hdev->adv_data, len) == 0)
720 return;
721
722 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
723 hdev->adv_data_len = len;
724
725 cp.length = len;
726
727 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
728}
729
ef580372
JH		 730static void create_eir(struct hci_dev *hdev, u8 *data)
731{
732 u8 *ptr = data;
ef580372
JH		 733 size_t name_len;
734
735 name_len = strlen(hdev->dev_name);
736
737 if (name_len > 0) {
738 /* EIR Data type */
739 if (name_len > 48) {
740 name_len = 48;
741 ptr[1] = EIR_NAME_SHORT;
742 } else
743 ptr[1] = EIR_NAME_COMPLETE;
744
745 /* EIR Data length */
746 ptr[0] = name_len + 1;
747
748 memcpy(ptr + 2, hdev->dev_name, name_len);
749
ef580372
JH		 750 ptr += (name_len + 2);
751 }
752
bbaf444a 753 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 754 ptr[0] = 2;
755 ptr[1] = EIR_TX_POWER;
756 ptr[2] = (u8) hdev->inq_tx_power;
757
91c4e9b1
MH		 758 ptr += 3;
759 }
760
2b9be137
MH		 761 if (hdev->devid_source > 0) {
762 ptr[0] = 9;
763 ptr[1] = EIR_DEVICE_ID;
764
765 put_unaligned_le16(hdev->devid_source, ptr + 2);
766 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
767 put_unaligned_le16(hdev->devid_product, ptr + 6);
768 put_unaligned_le16(hdev->devid_version, ptr + 8);
769
2b9be137
MH		 770 ptr += 10;
771 }
772
213202ed 773 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 774 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 775 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 776}
777
890ea898 778static void update_eir(struct hci_request *req)
ef580372 779{
890ea898 780 struct hci_dev *hdev = req->hdev;
ef580372
JH		 781 struct hci_cp_write_eir cp;
782
504c8dcd 783 if (!hdev_is_powered(hdev))
890ea898 784 return;
7770c4aa 785
976eb20e 786 if (!lmp_ext_inq_capable(hdev))
890ea898 787 return;
ef580372 788
84bde9d6 789 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 790 return;
ef580372 791
a8b2d5c2 792 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 793 return;
ef580372
JH		 794
795 memset(&cp, 0, sizeof(cp));
796
797 create_eir(hdev, cp.data);
798
799 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 800 return;
ef580372
JH		 801
802 memcpy(hdev->eir, cp.data, sizeof(cp.data));
803
890ea898 804 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 805}
806
807static u8 get_service_classes(struct hci_dev *hdev)
808{
809 struct bt_uuid *uuid;
810 u8 val = 0;
811
812 list_for_each_entry(uuid, &hdev->uuids, list)
813 val |= uuid->svc_hint;
814
815 return val;
816}
817
890ea898 818static void update_class(struct hci_request *req)
ef580372 819{
890ea898 820 struct hci_dev *hdev = req->hdev;
ef580372
JH		 821 u8 cod[3];
822
823 BT_DBG("%s", hdev->name);
824
504c8dcd 825 if (!hdev_is_powered(hdev))
890ea898 826 return;
7770c4aa 827
f87ea1da
JH		 828 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
829 return;
830
a8b2d5c2 831 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 832 return;
ef580372
JH		 833
834 cod[0] = hdev->minor_class;
835 cod[1] = hdev->major_class;
836 cod[2] = get_service_classes(hdev);
837
6acd7db4
MH		 838 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
839 cod[1] |= 0x20;
840
ef580372 841 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 842 return;
ef580372 843
890ea898 844 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 845}
846
a4858cb9 847static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 848{
849 struct pending_cmd *cmd;
199a2fb1
JH		 850
851 /* If there's a pending mgmt command the flag will not yet have
852 * it's final value, so check for this first.
853 */
854 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
855 if (cmd) {
856 struct mgmt_mode *cp = cmd->param;
a4858cb9 857 return cp->val;
199a2fb1
JH		 858 }
859
a4858cb9 860 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 861}
862
863static void enable_advertising(struct hci_request *req)
864{
865 struct hci_dev *hdev = req->hdev;
866 struct hci_cp_le_set_adv_param cp;
8f2a0601 867 u8 own_addr_type, enable = 0x01;
a4858cb9 868 bool connectable;
199a2fb1 869
8d97250e
JH		 870 /* Clear the HCI_ADVERTISING bit temporarily so that the
871 * hci_update_random_address knows that it's safe to go ahead
872 * and write a new random address. The flag will be set back on
873 * as soon as the SET_ADV_ENABLE HCI command completes.
874 */
875 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
876
a4858cb9 877 connectable = get_connectable(hdev);
8f2a0601 878
a4858cb9
JH		 879 /* Set require_privacy to true only when non-connectable
880 * advertising is used. In that case it is fine to use a
881 * non-resolvable private address.
882 */
883 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 884 return;
885
41c90c18 886 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 887 cp.min_interval = cpu_to_le16(0x0800);
888 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 889 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 890 cp.own_address_type = own_addr_type;
199a2fb1
JH		 891 cp.channel_map = hdev->le_adv_channel_map;
892
893 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
894
895 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
896}
897
898static void disable_advertising(struct hci_request *req)
899{
900 u8 enable = 0x00;
901
902 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
903}
904
7d78525d
JH		 905static void service_cache_off(struct work_struct *work)
906{
907 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 908 service_cache.work);
890ea898 909 struct hci_request req;
7d78525d 910
a8b2d5c2 911 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 912 return;
913
890ea898
JH		 914 hci_req_init(&req, hdev);
915
7d78525d
JH		 916 hci_dev_lock(hdev);
917
890ea898
JH		 918 update_eir(&req);
919 update_class(&req);
7d78525d
JH		 920
921 hci_dev_unlock(hdev);
890ea898
JH		 922
923 hci_req_run(&req, NULL);
7d78525d
JH		 924}
925
d6bfd59c
JH		 926static void rpa_expired(struct work_struct *work)
927{
928 struct hci_dev *hdev = container_of(work, struct hci_dev,
929 rpa_expired.work);
930 struct hci_request req;
931
932 BT_DBG("");
933
934 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
935
936 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
937 hci_conn_num(hdev, LE_LINK) > 0)
938 return;
939
940 /* The generation of a new RPA and programming it into the
941 * controller happens in the enable_advertising() function.
942 */
943
944 hci_req_init(&req, hdev);
945
946 disable_advertising(&req);
947 enable_advertising(&req);
948
949 hci_req_run(&req, NULL);
950}
951
6a919082 952static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 953{
4f87da80 954 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 955 return;
956
4f87da80 957 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 958 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 959
4f87da80
JH		 960 /* Non-mgmt controlled devices get this bit set
961 * implicitly so that pairing works for them, however
962 * for mgmt we require user-space to explicitly enable
963 * it
964 */
965 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 966}
967
0f4e68cf 968static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 969 void *data, u16 data_len)
0381101f 970{
a38528f1 971 struct mgmt_rp_read_info rp;
f7b64e69 972
bdb6d971 973 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 974
09fd0de5 975 hci_dev_lock(hdev);
f7b64e69 976
dc4fe30b
JH		 977 memset(&rp, 0, sizeof(rp));
978
69ab39ea 979 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 980
69ab39ea 981 rp.version = hdev->hci_ver;
eb55ef07 982 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 983
984 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
985 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 986
a38528f1 987 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 988
dc4fe30b 989 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 990 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 991
09fd0de5 992 hci_dev_unlock(hdev);
0381101f 993
bdb6d971 994 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 995 sizeof(rp));
0381101f
JH		 996}
997
eec8d2bc
JH		 998static void mgmt_pending_free(struct pending_cmd *cmd)
999{
1000 sock_put(cmd->sk);
c68fb7ff 1001 kfree(cmd->param);
eec8d2bc
JH		 1002 kfree(cmd);
1003}
1004
366a0336 1005static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1006 struct hci_dev *hdev, void *data,
1007 u16 len)
eec8d2bc
JH		 1008{
1009 struct pending_cmd *cmd;
1010
fca20018 1011 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1012 if (!cmd)
366a0336 1013 return NULL;
eec8d2bc
JH		 1014
1015 cmd->opcode = opcode;
2e58ef3e 1016 cmd->index = hdev->id;
eec8d2bc 1017
12b94565 1018 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 1019 if (!cmd->param) {
eec8d2bc 1020 kfree(cmd);
366a0336 1021 return NULL;
eec8d2bc
JH		 1022 }
1023
8fce6357
SJ		 1024 if (data)
1025 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1026
1027 cmd->sk = sk;
1028 sock_hold(sk);
1029
2e58ef3e 1030 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1031
366a0336 1032 return cmd;
eec8d2bc
JH		 1033}
1034
744cf19e 1035static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1036 void (*cb)(struct pending_cmd *cmd,
1037 void *data),
04124681 1038 void *data)
eec8d2bc 1039{
a3d09356 1040 struct pending_cmd *cmd, *tmp;
eec8d2bc 1041
a3d09356 1042 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1043 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1044 continue;
1045
eec8d2bc
JH		 1046 cb(cmd, data);
1047 }
1048}
1049
a664b5bc 1050static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1051{
73f22f62
JH		 1052 list_del(&cmd->list);
1053 mgmt_pending_free(cmd);
1054}
1055
69ab39ea 1056static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1057{
69ab39ea 1058 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1059
aee9b218 1060 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1061 sizeof(settings));
8680570b
JH		 1062}
1063
8b064a3a
JH		 1064static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1065{
1066 BT_DBG("%s status 0x%02x", hdev->name, status);
1067
a3172b7e
JH		 1068 if (hci_conn_count(hdev) == 0) {
1069 cancel_delayed_work(&hdev->power_off);
8b064a3a 1070 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1071 }
8b064a3a
JH		 1072}
1073
21a60d30
JH		 1074static void hci_stop_discovery(struct hci_request *req)
1075{
1076 struct hci_dev *hdev = req->hdev;
1077 struct hci_cp_remote_name_req_cancel cp;
1078 struct inquiry_entry *e;
1079
1080 switch (hdev->discovery.state) {
1081 case DISCOVERY_FINDING:
1082 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1083 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1084 } else {
1085 cancel_delayed_work(&hdev->le_scan_disable);
1086 hci_req_add_le_scan_disable(req);
1087 }
1088
1089 break;
1090
1091 case DISCOVERY_RESOLVING:
1092 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1093 NAME_PENDING);
1094 if (!e)
1095 return;
1096
1097 bacpy(&cp.bdaddr, &e->data.bdaddr);
1098 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1099 &cp);
1100
1101 break;
1102
1103 default:
1104 /* Passive scanning */
1105 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1106 hci_req_add_le_scan_disable(req);
1107 break;
1108 }
1109}
1110
8b064a3a
JH		 1111static int clean_up_hci_state(struct hci_dev *hdev)
1112{
1113 struct hci_request req;
1114 struct hci_conn *conn;
1115
1116 hci_req_init(&req, hdev);
1117
1118 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1119 test_bit(HCI_PSCAN, &hdev->flags)) {
1120 u8 scan = 0x00;
1121 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1122 }
1123
1124 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1125 disable_advertising(&req);
1126
f8680f12 1127 hci_stop_discovery(&req);
8b064a3a
JH		 1128
1129 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1130 struct hci_cp_disconnect dc;
c9910d0f
JH		 1131 struct hci_cp_reject_conn_req rej;
1132
1133 switch (conn->state) {
1134 case BT_CONNECTED:
1135 case BT_CONFIG:
1136 dc.handle = cpu_to_le16(conn->handle);
1137 dc.reason = 0x15; /* Terminated due to Power Off */
1138 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1139 break;
1140 case BT_CONNECT:
1141 if (conn->type == LE_LINK)
1142 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1143 0, NULL);
1144 else if (conn->type == ACL_LINK)
1145 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1146 6, &conn->dst);
1147 break;
1148 case BT_CONNECT2:
1149 bacpy(&rej.bdaddr, &conn->dst);
1150 rej.reason = 0x15; /* Terminated due to Power Off */
1151 if (conn->type == ACL_LINK)
1152 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1153 sizeof(rej), &rej);
1154 else if (conn->type == SCO_LINK)
1155 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1156 sizeof(rej), &rej);
1157 break;
1158 }
8b064a3a
JH		 1159 }
1160
1161 return hci_req_run(&req, clean_up_hci_complete);
1162}
1163
bdb6d971 1164static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1165 u16 len)
eec8d2bc 1166{
650f726d 1167 struct mgmt_mode *cp = data;
366a0336 1168 struct pending_cmd *cmd;
4b34ee78 1169 int err;
eec8d2bc 1170
bdb6d971 1171 BT_DBG("request for %s", hdev->name);
eec8d2bc 1172
a7e80f25
JH		 1173 if (cp->val != 0x00 && cp->val != 0x01)
1174 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1175 MGMT_STATUS_INVALID_PARAMS);
1176
09fd0de5 1177 hci_dev_lock(hdev);
eec8d2bc 1178
87b95ba6
JH		 1179 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1180 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1181 MGMT_STATUS_BUSY);
1182 goto failed;
1183 }
1184
f0d4b78a
MH		 1185 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1186 cancel_delayed_work(&hdev->power_off);
1187
1188 if (cp->val) {
a1d70450
JH		 1189 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1190 data, len);
1191 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1192 goto failed;
1193 }
1194 }
1195
4b34ee78 1196 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1197 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1198 goto failed;
1199 }
1200
2e58ef3e 1201 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1202 if (!cmd) {
1203 err = -ENOMEM;
eec8d2bc 1204 goto failed;
366a0336 1205 }
eec8d2bc 1206
8b064a3a 1207 if (cp->val) {
19202573 1208 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1209 err = 0;
1210 } else {
1211 /* Disconnect connections, stop scans, etc */
1212 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1213 if (!err)
1214 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1215 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1216
8b064a3a
JH		 1217 /* ENODATA means there were no HCI commands queued */
1218 if (err == -ENODATA) {
a3172b7e 1219 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1220 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1221 err = 0;
1222 }
1223 }
eec8d2bc
JH		 1224
1225failed:
09fd0de5 1226 hci_dev_unlock(hdev);
366a0336 1227 return err;
eec8d2bc
JH		 1228}
1229
04124681
GP		 1230static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1231 struct sock *skip_sk)
beadb2bd
JH		 1232{
1233 struct sk_buff *skb;
1234 struct mgmt_hdr *hdr;
1235
790eff44 1236 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1237 if (!skb)
1238 return -ENOMEM;
1239
1240 hdr = (void *) skb_put(skb, sizeof(*hdr));
1241 hdr->opcode = cpu_to_le16(event);
1242 if (hdev)
1243 hdr->index = cpu_to_le16(hdev->id);
1244 else
dcf4adbf 1245 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1246 hdr->len = cpu_to_le16(data_len);
1247
1248 if (data)
1249 memcpy(skb_put(skb, data_len), data, data_len);
1250
97e0bdeb
MH		 1251 /* Time stamp */
1252 __net_timestamp(skb);
1253
beadb2bd
JH		 1254 hci_send_to_control(skb, skip_sk);
1255 kfree_skb(skb);
1256
1257 return 0;
1258}
1259
1260static int new_settings(struct hci_dev *hdev, struct sock *skip)
1261{
1262 __le32 ev;
1263
1264 ev = cpu_to_le32(get_current_settings(hdev));
1265
1266 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1267}
1268
bd99abdd
JH		 1269struct cmd_lookup {
1270 struct sock *sk;
1271 struct hci_dev *hdev;
1272 u8 mgmt_status;
1273};
1274
1275static void settings_rsp(struct pending_cmd *cmd, void *data)
1276{
1277 struct cmd_lookup *match = data;
1278
1279 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1280
1281 list_del(&cmd->list);
1282
1283 if (match->sk == NULL) {
1284 match->sk = cmd->sk;
1285 sock_hold(match->sk);
1286 }
1287
1288 mgmt_pending_free(cmd);
1289}
1290
1291static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1292{
1293 u8 *status = data;
1294
1295 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1296 mgmt_pending_remove(cmd);
1297}
1298
e6fe7986
JH		 1299static u8 mgmt_bredr_support(struct hci_dev *hdev)
1300{
1301 if (!lmp_bredr_capable(hdev))
1302 return MGMT_STATUS_NOT_SUPPORTED;
1303 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1304 return MGMT_STATUS_REJECTED;
1305 else
1306 return MGMT_STATUS_SUCCESS;
1307}
1308
1309static u8 mgmt_le_support(struct hci_dev *hdev)
1310{
1311 if (!lmp_le_capable(hdev))
1312 return MGMT_STATUS_NOT_SUPPORTED;
1313 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1314 return MGMT_STATUS_REJECTED;
1315 else
1316 return MGMT_STATUS_SUCCESS;
1317}
1318
bfaf8c9f
JH		 1319static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1320{
1321 struct pending_cmd *cmd;
1322 struct mgmt_mode *cp;
970ba524 1323 struct hci_request req;
bfaf8c9f
JH		 1324 bool changed;
1325
1326 BT_DBG("status 0x%02x", status);
1327
1328 hci_dev_lock(hdev);
1329
1330 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1331 if (!cmd)
1332 goto unlock;
1333
1334 if (status) {
1335 u8 mgmt_err = mgmt_status(status);
1336 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1337 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1338 goto remove_cmd;
1339 }
1340
1341 cp = cmd->param;
d4462a07 1342 if (cp->val) {
bfaf8c9f
JH		 1343 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1344 &hdev->dev_flags);
d4462a07
MH		 1345
1346 if (hdev->discov_timeout > 0) {
1347 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1348 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1349 to);
1350 }
1351 } else {
bfaf8c9f
JH		 1352 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1353 &hdev->dev_flags);
d4462a07 1354 }
bfaf8c9f
JH		 1355
1356 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1357
1358 if (changed)
1359 new_settings(hdev, cmd->sk);
1360
970ba524
MH		 1361 /* When the discoverable mode gets changed, make sure
1362 * that class of device has the limited discoverable
1363 * bit correctly set.
1364 */
1365 hci_req_init(&req, hdev);
1366 update_class(&req);
1367 hci_req_run(&req, NULL);
1368
bfaf8c9f
JH		 1369remove_cmd:
1370 mgmt_pending_remove(cmd);
1371
1372unlock:
1373 hci_dev_unlock(hdev);
1374}
1375
bdb6d971 1376static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1377 u16 len)
73f22f62 1378{
650f726d 1379 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1380 struct pending_cmd *cmd;
bfaf8c9f 1381 struct hci_request req;
5e5282bb 1382 u16 timeout;
9a43e25f 1383 u8 scan;
73f22f62
JH		 1384 int err;
1385
bdb6d971 1386 BT_DBG("request for %s", hdev->name);
73f22f62 1387
9a43e25f
JH		 1388 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1389 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1390 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1391 MGMT_STATUS_REJECTED);
33c525c0 1392
310a3d48 1393 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1394 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1395 MGMT_STATUS_INVALID_PARAMS);
1396
1f350c87 1397 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1398
1399 /* Disabling discoverable requires that no timeout is set,
1400 * and enabling limited discoverable requires a timeout.
1401 */
1402 if ((cp->val == 0x00 && timeout > 0) ||
1403 (cp->val == 0x02 && timeout == 0))
bdb6d971 1404 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1405 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1406
09fd0de5 1407 hci_dev_lock(hdev);
73f22f62 1408
5e5282bb 1409 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1410 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1411 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1412 goto failed;
1413 }
1414
2e58ef3e 1415 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1416 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1417 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1418 MGMT_STATUS_BUSY);
73f22f62
JH		 1419 goto failed;
1420 }
1421
5e5282bb 1422 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1423 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1424 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1425 goto failed;
1426 }
1427
1428 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1429 bool changed = false;
1430
310a3d48
MH		 1431 /* Setting limited discoverable when powered off is
1432 * not a valid operation since it requires a timeout
1433 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1434 */
0224d2fa
JH		 1435 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1436 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1437 changed = true;
1438 }
1439
5e5282bb 1440 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1441 if (err < 0)
1442 goto failed;
1443
1444 if (changed)
1445 err = new_settings(hdev, sk);
1446
5e5282bb
JH		 1447 goto failed;
1448 }
1449
310a3d48
MH		 1450 /* If the current mode is the same, then just update the timeout
1451 * value with the new value. And if only the timeout gets updated,
1452 * then no need for any HCI transactions.
1453 */
1454 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1455 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1456 &hdev->dev_flags)) {
36261547
MH		 1457 cancel_delayed_work(&hdev->discov_off);
1458 hdev->discov_timeout = timeout;
955638ec 1459
36261547
MH		 1460 if (cp->val && hdev->discov_timeout > 0) {
1461 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1462 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1463 to);
955638ec
MH		 1464 }
1465
69ab39ea 1466 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1467 goto failed;
1468 }
1469
2e58ef3e 1470 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1471 if (!cmd) {
1472 err = -ENOMEM;
73f22f62 1473 goto failed;
366a0336 1474 }
73f22f62 1475
310a3d48
MH		 1476 /* Cancel any potential discoverable timeout that might be
1477 * still active and store new timeout value. The arming of
1478 * the timeout happens in the complete handler.
1479 */
1480 cancel_delayed_work(&hdev->discov_off);
1481 hdev->discov_timeout = timeout;
1482
b456f87c
JH		 1483 /* Limited discoverable mode */
1484 if (cp->val == 0x02)
1485 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1486 else
1487 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1488
bfaf8c9f
JH		 1489 hci_req_init(&req, hdev);
1490
9a43e25f
JH		 1491 /* The procedure for LE-only controllers is much simpler - just
1492 * update the advertising data.
1493 */
1494 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1495 goto update_ad;
1496
73f22f62
JH		 1497 scan = SCAN_PAGE;
1498
310a3d48
MH		 1499 if (cp->val) {
1500 struct hci_cp_write_current_iac_lap hci_cp;
1501
1502 if (cp->val == 0x02) {
1503 /* Limited discoverable mode */
33337dcb 1504 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1505 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1506 hci_cp.iac_lap[1] = 0x8b;
1507 hci_cp.iac_lap[2] = 0x9e;
1508 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1509 hci_cp.iac_lap[4] = 0x8b;
1510 hci_cp.iac_lap[5] = 0x9e;
1511 } else {
1512 /* General discoverable mode */
310a3d48
MH		 1513 hci_cp.num_iac = 1;
1514 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1515 hci_cp.iac_lap[1] = 0x8b;
1516 hci_cp.iac_lap[2] = 0x9e;
1517 }
1518
1519 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1520 (hci_cp.num_iac * 3) + 1, &hci_cp);
1521
73f22f62 1522 scan |= SCAN_INQUIRY;
310a3d48
MH		 1523 } else {
1524 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1525 }
73f22f62 1526
310a3d48 1527 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1528
9a43e25f
JH		 1529update_ad:
1530 update_adv_data(&req);
1531
bfaf8c9f 1532 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1533 if (err < 0)
a664b5bc 1534 mgmt_pending_remove(cmd);
73f22f62
JH		 1535
1536failed:
09fd0de5 1537 hci_dev_unlock(hdev);
73f22f62
JH		 1538 return err;
1539}
1540
406d7804
JH		 1541static void write_fast_connectable(struct hci_request *req, bool enable)
1542{
bd98b996 1543 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1544 struct hci_cp_write_page_scan_activity acp;
1545 u8 type;
1546
547003b1
JH		 1547 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1548 return;
1549
4c01f8b8
JH		 1550 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1551 return;
1552
406d7804
JH		 1553 if (enable) {
1554 type = PAGE_SCAN_TYPE_INTERLACED;
1555
1556 /* 160 msec page scan interval */
dcf4adbf 1557 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1558 } else {
1559 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1560
1561 /* default 1.28 sec page scan */
dcf4adbf 1562 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1563 }
1564
dcf4adbf 1565 acp.window = cpu_to_le16(0x0012);
406d7804 1566
bd98b996
JH		 1567 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1568 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1569 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1570 sizeof(acp), &acp);
1571
1572 if (hdev->page_scan_type != type)
1573 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1574}
1575
2b76f453
JH		 1576static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1577{
1578 struct pending_cmd *cmd;
d7b856f9
JH		 1579 struct mgmt_mode *cp;
1580 bool changed;
2b76f453
JH		 1581
1582 BT_DBG("status 0x%02x", status);
1583
1584 hci_dev_lock(hdev);
1585
1586 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1587 if (!cmd)
1588 goto unlock;
1589
37438c1f
JH		 1590 if (status) {
1591 u8 mgmt_err = mgmt_status(status);
1592 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1593 goto remove_cmd;
1594 }
1595
d7b856f9
JH		 1596 cp = cmd->param;
1597 if (cp->val)
1598 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1599 else
1600 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1601
2b76f453
JH		 1602 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1603
d7b856f9
JH		 1604 if (changed)
1605 new_settings(hdev, cmd->sk);
1606
37438c1f 1607remove_cmd:
2b76f453
JH		 1608 mgmt_pending_remove(cmd);
1609
1610unlock:
1611 hci_dev_unlock(hdev);
1612}
1613
e8ba3a1f
JH		 1614static int set_connectable_update_settings(struct hci_dev *hdev,
1615 struct sock *sk, u8 val)
1616{
1617 bool changed = false;
1618 int err;
1619
1620 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1621 changed = true;
1622
1623 if (val) {
1624 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1625 } else {
1626 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1627 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1628 }
1629
1630 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1631 if (err < 0)
1632 return err;
1633
1634 if (changed)
1635 return new_settings(hdev, sk);
1636
1637 return 0;
1638}
1639
bdb6d971 1640static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1641 u16 len)
9fbcbb45 1642{
650f726d 1643 struct mgmt_mode *cp = data;
366a0336 1644 struct pending_cmd *cmd;
2b76f453 1645 struct hci_request req;
1987fdc7 1646 u8 scan;
9fbcbb45
JH		 1647 int err;
1648
bdb6d971 1649 BT_DBG("request for %s", hdev->name);
9fbcbb45 1650
1987fdc7
JH		 1651 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1652 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1653 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1654 MGMT_STATUS_REJECTED);
33c525c0 1655
a7e80f25
JH		 1656 if (cp->val != 0x00 && cp->val != 0x01)
1657 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1658 MGMT_STATUS_INVALID_PARAMS);
1659
09fd0de5 1660 hci_dev_lock(hdev);
9fbcbb45 1661
4b34ee78 1662 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1663 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1664 goto failed;
1665 }
1666
2e58ef3e 1667 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1668 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1669 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1670 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1671 goto failed;
1672 }
1673
2e58ef3e 1674 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1675 if (!cmd) {
1676 err = -ENOMEM;
9fbcbb45 1677 goto failed;
366a0336 1678 }
9fbcbb45 1679
9b74246f 1680 hci_req_init(&req, hdev);
9fbcbb45 1681
9a43e25f
JH		 1682 /* If BR/EDR is not enabled and we disable advertising as a
1683 * by-product of disabling connectable, we need to update the
1684 * advertising flags.
1685 */
1686 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1687 if (!cp->val) {
1688 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1689 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1690 }
1691 update_adv_data(&req);
1692 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1693 if (cp->val) {
1694 scan = SCAN_PAGE;
1695 } else {
1696 scan = 0;
1697
1698 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1699 hdev->discov_timeout > 0)
9b74246f
JH		 1700 cancel_delayed_work(&hdev->discov_off);
1701 }
2b76f453 1702
9b74246f
JH		 1703 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1704 }
2b76f453 1705
4c01f8b8
JH		 1706 /* If we're going from non-connectable to connectable or
1707 * vice-versa when fast connectable is enabled ensure that fast
1708 * connectable gets disabled. write_fast_connectable won't do
1709 * anything if the page scan parameters are already what they
1710 * should be.
1711 */
1712 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1713 write_fast_connectable(&req, false);
1714
1987fdc7
JH		 1715 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1716 hci_conn_num(hdev, LE_LINK) == 0) {
1717 disable_advertising(&req);
1718 enable_advertising(&req);
1719 }
1720
2b76f453 1721 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1722 if (err < 0) {
a664b5bc 1723 mgmt_pending_remove(cmd);
9b74246f 1724 if (err == -ENODATA)
a81070ba
JH		 1725 err = set_connectable_update_settings(hdev, sk,
1726 cp->val);
9b74246f
JH		 1727 goto failed;
1728 }
9fbcbb45
JH		 1729
1730failed:
09fd0de5 1731 hci_dev_unlock(hdev);
9fbcbb45
JH		 1732 return err;
1733}
1734
bdb6d971 1735static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1736 u16 len)
c542a06c 1737{
650f726d 1738 struct mgmt_mode *cp = data;
55594356 1739 bool changed;
c542a06c
JH		 1740 int err;
1741
bdb6d971 1742 BT_DBG("request for %s", hdev->name);
c542a06c 1743
a7e80f25
JH		 1744 if (cp->val != 0x00 && cp->val != 0x01)
1745 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1746 MGMT_STATUS_INVALID_PARAMS);
1747
09fd0de5 1748 hci_dev_lock(hdev);
c542a06c
JH		 1749
1750 if (cp->val)
55594356 1751 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1752 else
55594356 1753 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1754
69ab39ea 1755 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1756 if (err < 0)
55594356 1757 goto unlock;
c542a06c 1758
55594356
MH		 1759 if (changed)
1760 err = new_settings(hdev, sk);
c542a06c 1761
55594356 1762unlock:
09fd0de5 1763 hci_dev_unlock(hdev);
c542a06c
JH		 1764 return err;
1765}
1766
04124681
GP		 1767static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1768 u16 len)
33ef95ed
JH		 1769{
1770 struct mgmt_mode *cp = data;
1771 struct pending_cmd *cmd;
e6fe7986 1772 u8 val, status;
33ef95ed
JH		 1773 int err;
1774
bdb6d971 1775 BT_DBG("request for %s", hdev->name);
33ef95ed 1776
e6fe7986
JH		 1777 status = mgmt_bredr_support(hdev);
1778 if (status)
33c525c0 1779 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1780 status);
33c525c0 1781
a7e80f25
JH		 1782 if (cp->val != 0x00 && cp->val != 0x01)
1783 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1784 MGMT_STATUS_INVALID_PARAMS);
1785
33ef95ed
JH		 1786 hci_dev_lock(hdev);
1787
4b34ee78 1788 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1789 bool changed = false;
1790
1791 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1792 &hdev->dev_flags)) {
47990ea0
JH		 1793 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1794 changed = true;
1795 }
1796
1797 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1798 if (err < 0)
1799 goto failed;
1800
1801 if (changed)
1802 err = new_settings(hdev, sk);
1803
33ef95ed
JH		 1804 goto failed;
1805 }
1806
1807 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1808 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1809 MGMT_STATUS_BUSY);
33ef95ed
JH		 1810 goto failed;
1811 }
1812
1813 val = !!cp->val;
1814
1815 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1816 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1817 goto failed;
1818 }
1819
1820 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1821 if (!cmd) {
1822 err = -ENOMEM;
1823 goto failed;
1824 }
1825
1826 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1827 if (err < 0) {
1828 mgmt_pending_remove(cmd);
1829 goto failed;
1830 }
1831
1832failed:
1833 hci_dev_unlock(hdev);
33ef95ed
JH		 1834 return err;
1835}
1836
bdb6d971 1837static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1838{
1839 struct mgmt_mode *cp = data;
1840 struct pending_cmd *cmd;
72ef0c1a 1841 u8 status;
ed2c4ee3
JH		 1842 int err;
1843
bdb6d971 1844 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1845
cdba5281
MH		 1846 status = mgmt_bredr_support(hdev);
1847 if (status)
1848 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1849
13ecd8b6
JH		 1850 if (!lmp_ssp_capable(hdev))
1851 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1852 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1853
a7e80f25
JH		 1854 if (cp->val != 0x00 && cp->val != 0x01)
1855 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1856 MGMT_STATUS_INVALID_PARAMS);
1857
13ecd8b6 1858 hci_dev_lock(hdev);
6c8f12c1 1859
4b34ee78 1860 if (!hdev_is_powered(hdev)) {
9ecb3e24 1861 bool changed;
c0ecddc2 1862
9ecb3e24
MH		 1863 if (cp->val) {
1864 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1865 &hdev->dev_flags);
1866 } else {
1867 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1868 &hdev->dev_flags);
1869 if (!changed)
1870 changed = test_and_clear_bit(HCI_HS_ENABLED,
1871 &hdev->dev_flags);
1872 else
1873 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1874 }
1875
1876 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1877 if (err < 0)
1878 goto failed;
1879
1880 if (changed)
1881 err = new_settings(hdev, sk);
1882
ed2c4ee3
JH		 1883 goto failed;
1884 }
1885
9ecb3e24
MH		 1886 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1887 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1888 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1889 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1890 goto failed;
1891 }
1892
72ef0c1a 1893 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1894 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1895 goto failed;
1896 }
1897
1898 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1899 if (!cmd) {
1900 err = -ENOMEM;
1901 goto failed;
1902 }
1903
3769972b
JH		 1904 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
1905 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1906 sizeof(cp->val), &cp->val);
1907
72ef0c1a 1908 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1909 if (err < 0) {
1910 mgmt_pending_remove(cmd);
1911 goto failed;
1912 }
1913
1914failed:
1915 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1916 return err;
1917}
1918
bdb6d971 1919static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1920{
1921 struct mgmt_mode *cp = data;
ee392693 1922 bool changed;
e6fe7986 1923 u8 status;
ee392693 1924 int err;
6d80dfd0 1925
bdb6d971 1926 BT_DBG("request for %s", hdev->name);
6d80dfd0 1927
e6fe7986
JH		 1928 status = mgmt_bredr_support(hdev);
1929 if (status)
1930 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1931
9ecb3e24
MH		 1932 if (!lmp_ssp_capable(hdev))
1933 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1934 MGMT_STATUS_NOT_SUPPORTED);
1935
1936 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1937 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1938 MGMT_STATUS_REJECTED);
1939
a7e80f25
JH		 1940 if (cp->val != 0x00 && cp->val != 0x01)
1941 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1942 MGMT_STATUS_INVALID_PARAMS);
1943
ee392693
MH		 1944 hci_dev_lock(hdev);
1945
a0cdf960 1946 if (cp->val) {
ee392693 1947 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1948 } else {
1949 if (hdev_is_powered(hdev)) {
1950 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1951 MGMT_STATUS_REJECTED);
1952 goto unlock;
1953 }
1954
ee392693 1955 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1956 }
ee392693
MH		 1957
1958 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1959 if (err < 0)
1960 goto unlock;
1961
1962 if (changed)
1963 err = new_settings(hdev, sk);
6d80dfd0 1964
ee392693
MH		 1965unlock:
1966 hci_dev_unlock(hdev);
1967 return err;
6d80dfd0
JH		 1968}
1969
416a4ae5
JH		 1970static void le_enable_complete(struct hci_dev *hdev, u8 status)
1971{
1972 struct cmd_lookup match = { NULL, hdev };
1973
1974 if (status) {
1975 u8 mgmt_err = mgmt_status(status);
1976
1977 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1978 &mgmt_err);
1979 return;
1980 }
1981
1982 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1983
1984 new_settings(hdev, match.sk);
1985
1986 if (match.sk)
1987 sock_put(match.sk);
441ad2d0
MH		 1988
1989 /* Make sure the controller has a good default for
1990 * advertising data. Restrict the update to when LE
1991 * has actually been enabled. During power on, the
1992 * update in powered_update_hci will take care of it.
1993 */
1994 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1995 struct hci_request req;
1996
1997 hci_dev_lock(hdev);
1998
1999 hci_req_init(&req, hdev);
5947f4bc 2000 update_adv_data(&req);
f14d8f64 2001 update_scan_rsp_data(&req);
441ad2d0
MH		 2002 hci_req_run(&req, NULL);
2003
2004 hci_dev_unlock(hdev);
2005 }
416a4ae5
JH		 2006}
2007
bdb6d971 2008static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2009{
2010 struct mgmt_mode *cp = data;
2011 struct hci_cp_write_le_host_supported hci_cp;
2012 struct pending_cmd *cmd;
416a4ae5 2013 struct hci_request req;
06199cf8 2014 int err;
0b60eba1 2015 u8 val, enabled;
06199cf8 2016
bdb6d971 2017 BT_DBG("request for %s", hdev->name);
06199cf8 2018
13ecd8b6
JH		 2019 if (!lmp_le_capable(hdev))
2020 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2021 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2022
a7e80f25
JH		 2023 if (cp->val != 0x00 && cp->val != 0x01)
2024 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2025 MGMT_STATUS_INVALID_PARAMS);
2026
c73eee91 2027 /* LE-only devices do not allow toggling LE on/off */
56f87901 2028 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2029 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2030 MGMT_STATUS_REJECTED);
2031
13ecd8b6 2032 hci_dev_lock(hdev);
06199cf8
JH		 2033
2034 val = !!cp->val;
ffa88e02 2035 enabled = lmp_host_le_capable(hdev);
06199cf8 2036
0b60eba1 2037 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2038 bool changed = false;
2039
2040 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2041 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2042 changed = true;
2043 }
2044
f3d3444a
JH		 2045 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2046 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2047 changed = true;
2048 }
2049
06199cf8
JH		 2050 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2051 if (err < 0)
1de028ce 2052 goto unlock;
06199cf8
JH		 2053
2054 if (changed)
2055 err = new_settings(hdev, sk);
2056
1de028ce 2057 goto unlock;
06199cf8
JH		 2058 }
2059
4375f103
JH		 2060 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2061 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2062 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2063 MGMT_STATUS_BUSY);
1de028ce 2064 goto unlock;
06199cf8
JH		 2065 }
2066
2067 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2068 if (!cmd) {
2069 err = -ENOMEM;
1de028ce 2070 goto unlock;
06199cf8
JH		 2071 }
2072
441ad2d0
MH		 2073 hci_req_init(&req, hdev);
2074
06199cf8
JH		 2075 memset(&hci_cp, 0, sizeof(hci_cp));
2076
2077 if (val) {
2078 hci_cp.le = val;
ffa88e02 2079 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2080 } else {
2081 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2082 disable_advertising(&req);
06199cf8
JH		 2083 }
2084
416a4ae5
JH		 2085 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2086 &hci_cp);
2087
2088 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2089 if (err < 0)
06199cf8 2090 mgmt_pending_remove(cmd);
06199cf8 2091
1de028ce
JH		 2092unlock:
2093 hci_dev_unlock(hdev);
06199cf8
JH		 2094 return err;
2095}
2096
0cab9c80
JH		 2097/* This is a helper function to test for pending mgmt commands that can
2098 * cause CoD or EIR HCI commands. We can only allow one such pending
2099 * mgmt command at a time since otherwise we cannot easily track what
2100 * the current values are, will be, and based on that calculate if a new
2101 * HCI command needs to be sent and if yes with what value.
2102 */
2103static bool pending_eir_or_class(struct hci_dev *hdev)
2104{
2105 struct pending_cmd *cmd;
2106
2107 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2108 switch (cmd->opcode) {
2109 case MGMT_OP_ADD_UUID:
2110 case MGMT_OP_REMOVE_UUID:
2111 case MGMT_OP_SET_DEV_CLASS:
2112 case MGMT_OP_SET_POWERED:
2113 return true;
2114 }
2115 }
2116
2117 return false;
2118}
2119
83be8eca
JH		 2120static const u8 bluetooth_base_uuid[] = {
2121 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2122 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2123};
2124
2125static u8 get_uuid_size(const u8 *uuid)
2126{
2127 u32 val;
2128
2129 if (memcmp(uuid, bluetooth_base_uuid, 12))
2130 return 128;
2131
2132 val = get_unaligned_le32(&uuid[12]);
2133 if (val > 0xffff)
2134 return 32;
2135
2136 return 16;
2137}
2138
92da6097
JH		 2139static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2140{
2141 struct pending_cmd *cmd;
2142
2143 hci_dev_lock(hdev);
2144
2145 cmd = mgmt_pending_find(mgmt_op, hdev);
2146 if (!cmd)
2147 goto unlock;
2148
2149 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2150 hdev->dev_class, 3);
2151
2152 mgmt_pending_remove(cmd);
2153
2154unlock:
2155 hci_dev_unlock(hdev);
2156}
2157
2158static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2159{
2160 BT_DBG("status 0x%02x", status);
2161
2162 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2163}
2164
bdb6d971 2165static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2166{
650f726d 2167 struct mgmt_cp_add_uuid *cp = data;
90e70454 2168 struct pending_cmd *cmd;
890ea898 2169 struct hci_request req;
2aeb9a1a 2170 struct bt_uuid *uuid;
2aeb9a1a
JH		 2171 int err;
2172
bdb6d971 2173 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2174
09fd0de5 2175 hci_dev_lock(hdev);
2aeb9a1a 2176
0cab9c80 2177 if (pending_eir_or_class(hdev)) {
bdb6d971 2178 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2179 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2180 goto failed;
2181 }
2182
92c4c204 2183 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2184 if (!uuid) {
2185 err = -ENOMEM;
2186 goto failed;
2187 }
2188
2189 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2190 uuid->svc_hint = cp->svc_hint;
83be8eca 2191 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2192
de66aa63 2193 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2194
890ea898 2195 hci_req_init(&req, hdev);
1aff6f09 2196
890ea898
JH		 2197 update_class(&req);
2198 update_eir(&req);
2199
92da6097
JH		 2200 err = hci_req_run(&req, add_uuid_complete);
2201 if (err < 0) {
2202 if (err != -ENODATA)
2203 goto failed;
80a1e1db 2204
bdb6d971 2205 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2206 hdev->dev_class, 3);
90e70454
JH		 2207 goto failed;
2208 }
2209
2210 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2211 if (!cmd) {
90e70454 2212 err = -ENOMEM;
890ea898
JH		 2213 goto failed;
2214 }
2215
2216 err = 0;
2aeb9a1a
JH		 2217
2218failed:
09fd0de5 2219 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2220 return err;
2221}
2222
24b78d0f
JH		 2223static bool enable_service_cache(struct hci_dev *hdev)
2224{
2225 if (!hdev_is_powered(hdev))
2226 return false;
2227
2228 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2229 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2230 CACHE_TIMEOUT);
24b78d0f
JH		 2231 return true;
2232 }
2233
2234 return false;
2235}
2236
92da6097
JH		 2237static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2238{
2239 BT_DBG("status 0x%02x", status);
2240
2241 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2242}
2243
bdb6d971 2244static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2245 u16 len)
2aeb9a1a 2246{
650f726d 2247 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2248 struct pending_cmd *cmd;
056341c8 2249 struct bt_uuid *match, *tmp;
2aeb9a1a 2250 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2251 struct hci_request req;
2aeb9a1a
JH		 2252 int err, found;
2253
bdb6d971 2254 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2255
09fd0de5 2256 hci_dev_lock(hdev);
2aeb9a1a 2257
0cab9c80 2258 if (pending_eir_or_class(hdev)) {
bdb6d971 2259 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2260 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2261 goto unlock;
2262 }
2263
2aeb9a1a 2264 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2265 hci_uuids_clear(hdev);
4004b6d9 2266
24b78d0f 2267 if (enable_service_cache(hdev)) {
bdb6d971 2268 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2269 0, hdev->dev_class, 3);
24b78d0f
JH		 2270 goto unlock;
2271 }
4004b6d9 2272
9246a869 2273 goto update_class;
2aeb9a1a
JH		 2274 }
2275
2276 found = 0;
2277
056341c8 2278 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2279 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2280 continue;
2281
2282 list_del(&match->list);
482049f7 2283 kfree(match);
2aeb9a1a
JH		 2284 found++;
2285 }
2286
2287 if (found == 0) {
bdb6d971 2288 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2289 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2290 goto unlock;
2291 }
2292
9246a869 2293update_class:
890ea898 2294 hci_req_init(&req, hdev);
1aff6f09 2295
890ea898
JH		 2296 update_class(&req);
2297 update_eir(&req);
2298
92da6097
JH		 2299 err = hci_req_run(&req, remove_uuid_complete);
2300 if (err < 0) {
2301 if (err != -ENODATA)
2302 goto unlock;
80a1e1db 2303
bdb6d971 2304 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2305 hdev->dev_class, 3);
90e70454
JH		 2306 goto unlock;
2307 }
2308
2309 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2310 if (!cmd) {
90e70454 2311 err = -ENOMEM;
890ea898
JH		 2312 goto unlock;
2313 }
2314
2315 err = 0;
2aeb9a1a
JH		 2316
2317unlock:
09fd0de5 2318 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2319 return err;
2320}
2321
92da6097
JH		 2322static void set_class_complete(struct hci_dev *hdev, u8 status)
2323{
2324 BT_DBG("status 0x%02x", status);
2325
2326 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2327}
2328
bdb6d971 2329static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2330 u16 len)
1aff6f09 2331{
650f726d 2332 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2333 struct pending_cmd *cmd;
890ea898 2334 struct hci_request req;
1aff6f09
JH		 2335 int err;
2336
bdb6d971 2337 BT_DBG("request for %s", hdev->name);
1aff6f09 2338
6203fc98 2339 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2340 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2341 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2342
0cab9c80 2343 hci_dev_lock(hdev);
ee98f473 2344
0cab9c80
JH		 2345 if (pending_eir_or_class(hdev)) {
2346 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2347 MGMT_STATUS_BUSY);
2348 goto unlock;
2349 }
c95f0ba7 2350
0cab9c80
JH		 2351 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2352 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2353 MGMT_STATUS_INVALID_PARAMS);
2354 goto unlock;
2355 }
575b3a02 2356
932f5ff5
JH		 2357 hdev->major_class = cp->major;
2358 hdev->minor_class = cp->minor;
2359
b5235a65 2360 if (!hdev_is_powered(hdev)) {
bdb6d971 2361 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2362 hdev->dev_class, 3);
b5235a65
JH		 2363 goto unlock;
2364 }
2365
890ea898
JH		 2366 hci_req_init(&req, hdev);
2367
a8b2d5c2 2368 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2369 hci_dev_unlock(hdev);
2370 cancel_delayed_work_sync(&hdev->service_cache);
2371 hci_dev_lock(hdev);
890ea898 2372 update_eir(&req);
7d78525d 2373 }
14c0b608 2374
890ea898
JH		 2375 update_class(&req);
2376
92da6097
JH		 2377 err = hci_req_run(&req, set_class_complete);
2378 if (err < 0) {
2379 if (err != -ENODATA)
2380 goto unlock;
1aff6f09 2381
bdb6d971 2382 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2383 hdev->dev_class, 3);
90e70454
JH		 2384 goto unlock;
2385 }
2386
2387 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2388 if (!cmd) {
90e70454 2389 err = -ENOMEM;
890ea898
JH		 2390 goto unlock;
2391 }
2392
2393 err = 0;
1aff6f09 2394
b5235a65 2395unlock:
09fd0de5 2396 hci_dev_unlock(hdev);
1aff6f09
JH		 2397 return err;
2398}
2399
bdb6d971 2400static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2401 u16 len)
55ed8ca1 2402{
650f726d 2403 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2404 u16 key_count, expected_len;
b1de97d8 2405 bool changed;
a492cd52 2406 int i;
55ed8ca1 2407
9060d5cf
MH		 2408 BT_DBG("request for %s", hdev->name);
2409
2410 if (!lmp_bredr_capable(hdev))
2411 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2412 MGMT_STATUS_NOT_SUPPORTED);
2413
1f350c87 2414 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2415
86742e1e
JH		 2416 expected_len = sizeof(*cp) + key_count *
2417 sizeof(struct mgmt_link_key_info);
a492cd52 2418 if (expected_len != len) {
86742e1e 2419 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2420 expected_len, len);
bdb6d971 2421 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2422 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2423 }
2424
4ae14301
JH		 2425 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2426 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2427 MGMT_STATUS_INVALID_PARAMS);
2428
bdb6d971 2429 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2430 key_count);
55ed8ca1 2431
4ee71b20
JH		 2432 for (i = 0; i < key_count; i++) {
2433 struct mgmt_link_key_info *key = &cp->keys[i];
2434
8e991132 2435 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2436 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2437 MGMT_STATUS_INVALID_PARAMS);
2438 }
2439
09fd0de5 2440 hci_dev_lock(hdev);
55ed8ca1
JH		 2441
2442 hci_link_keys_clear(hdev);
2443
55ed8ca1 2444 if (cp->debug_keys)
0663b297
JH		 2445 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2446 &hdev->dev_flags);
55ed8ca1 2447 else
0663b297
JH		 2448 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2449 &hdev->dev_flags);
b1de97d8
MH		 2450
2451 if (changed)
2452 new_settings(hdev, NULL);
55ed8ca1 2453
a492cd52 2454 for (i = 0; i < key_count; i++) {
86742e1e 2455 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2456
58e9293c
JH		 2457 /* Always ignore debug keys and require a new pairing if
2458 * the user wants to use them.
2459 */
2460 if (key->type == HCI_LK_DEBUG_COMBINATION)
2461 continue;
2462
7652ff6a
JH		 2463 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2464 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2465 }
2466
bdb6d971 2467 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2468
09fd0de5 2469 hci_dev_unlock(hdev);
55ed8ca1 2470
a492cd52 2471 return 0;
55ed8ca1
JH		 2472}
2473
b1078ad0 2474static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2475 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2476{
2477 struct mgmt_ev_device_unpaired ev;
2478
2479 bacpy(&ev.addr.bdaddr, bdaddr);
2480 ev.addr.type = addr_type;
2481
2482 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2483 skip_sk);
b1078ad0
JH		 2484}
2485
bdb6d971 2486static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2487 u16 len)
55ed8ca1 2488{
124f6e35
JH		 2489 struct mgmt_cp_unpair_device *cp = data;
2490 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2491 struct hci_cp_disconnect dc;
2492 struct pending_cmd *cmd;
55ed8ca1 2493 struct hci_conn *conn;
55ed8ca1
JH		 2494 int err;
2495
a8a1d19e 2496 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2497 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2498 rp.addr.type = cp->addr.type;
a8a1d19e 2499
4ee71b20
JH		 2500 if (!bdaddr_type_is_valid(cp->addr.type))
2501 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2502 MGMT_STATUS_INVALID_PARAMS,
2503 &rp, sizeof(rp));
2504
118da70b
JH		 2505 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2506 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2507 MGMT_STATUS_INVALID_PARAMS,
2508 &rp, sizeof(rp));
2509
4ee71b20
JH		 2510 hci_dev_lock(hdev);
2511
86a8cfc6 2512 if (!hdev_is_powered(hdev)) {
bdb6d971 2513 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2514 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2515 goto unlock;
2516 }
2517
e0b2b27e 2518 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2519 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2520 } else {
2521 u8 addr_type;
2522
2523 if (cp->addr.type == BDADDR_LE_PUBLIC)
2524 addr_type = ADDR_LE_DEV_PUBLIC;
2525 else
2526 addr_type = ADDR_LE_DEV_RANDOM;
2527
a7ec7338
JH		 2528 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2529
a9b0a04c
AG		 2530 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2531
e0b2b27e
JH		 2532 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2533 }
b0dbfb46 2534
55ed8ca1 2535 if (err < 0) {
bdb6d971 2536 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2537 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2538 goto unlock;
2539 }
2540
86a8cfc6 2541 if (cp->disconnect) {
591f47f3 2542 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2543 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2544 &cp->addr.bdaddr);
86a8cfc6
JH		 2545 else
2546 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2547 &cp->addr.bdaddr);
86a8cfc6
JH		 2548 } else {
2549 conn = NULL;
2550 }
124f6e35 2551
a8a1d19e 2552 if (!conn) {
bdb6d971 2553 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2554 &rp, sizeof(rp));
b1078ad0 2555 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2556 goto unlock;
2557 }
55ed8ca1 2558
124f6e35 2559 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2560 sizeof(*cp));
a8a1d19e
JH		 2561 if (!cmd) {
2562 err = -ENOMEM;
2563 goto unlock;
55ed8ca1
JH		 2564 }
2565
eb55ef07 2566 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2567 dc.reason = 0x13; /* Remote User Terminated Connection */
2568 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2569 if (err < 0)
2570 mgmt_pending_remove(cmd);
2571
55ed8ca1 2572unlock:
09fd0de5 2573 hci_dev_unlock(hdev);
55ed8ca1
JH		 2574 return err;
2575}
2576
bdb6d971 2577static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2578 u16 len)
8962ee74 2579{
650f726d 2580 struct mgmt_cp_disconnect *cp = data;
06a63b19 2581 struct mgmt_rp_disconnect rp;
8962ee74 2582 struct hci_cp_disconnect dc;
366a0336 2583 struct pending_cmd *cmd;
8962ee74 2584 struct hci_conn *conn;
8962ee74
JH		 2585 int err;
2586
2587 BT_DBG("");
2588
06a63b19
JH		 2589 memset(&rp, 0, sizeof(rp));
2590 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2591 rp.addr.type = cp->addr.type;
2592
4ee71b20 2593 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2594 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2595 MGMT_STATUS_INVALID_PARAMS,
2596 &rp, sizeof(rp));
4ee71b20 2597
09fd0de5 2598 hci_dev_lock(hdev);
8962ee74
JH		 2599
2600 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2601 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2602 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2603 goto failed;
2604 }
2605
2e58ef3e 2606 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2607 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2608 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2609 goto failed;
2610 }
2611
591f47f3 2612 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2613 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2614 &cp->addr.bdaddr);
88c3df13
JH		 2615 else
2616 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2617
f960727e 2618 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2619 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2620 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2621 goto failed;
2622 }
2623
2e58ef3e 2624 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2625 if (!cmd) {
2626 err = -ENOMEM;
8962ee74 2627 goto failed;
366a0336 2628 }
8962ee74 2629
eb55ef07 2630 dc.handle = cpu_to_le16(conn->handle);
3701f944 2631 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2632
2633 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2634 if (err < 0)
a664b5bc 2635 mgmt_pending_remove(cmd);
8962ee74
JH		 2636
2637failed:
09fd0de5 2638 hci_dev_unlock(hdev);
8962ee74
JH		 2639 return err;
2640}
2641
57c1477c 2642static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2643{
2644 switch (link_type) {
2645 case LE_LINK:
48264f06
JH		 2646 switch (addr_type) {
2647 case ADDR_LE_DEV_PUBLIC:
591f47f3 2648 return BDADDR_LE_PUBLIC;
0ed09148 2649
48264f06 2650 default:
0ed09148 2651 /* Fallback to LE Random address type */
591f47f3 2652 return BDADDR_LE_RANDOM;
48264f06 2653 }
0ed09148 2654
4c659c39 2655 default:
0ed09148 2656 /* Fallback to BR/EDR type */
591f47f3 2657 return BDADDR_BREDR;
4c659c39
JH		 2658 }
2659}
2660
04124681
GP		 2661static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2662 u16 data_len)
2784eb41 2663{
2784eb41 2664 struct mgmt_rp_get_connections *rp;
8035ded4 2665 struct hci_conn *c;
a38528f1 2666 size_t rp_len;
60fc5fb6
JH		 2667 int err;
2668 u16 i;
2784eb41
JH		 2669
2670 BT_DBG("");
2671
09fd0de5 2672 hci_dev_lock(hdev);
2784eb41 2673
5f97c1df 2674 if (!hdev_is_powered(hdev)) {
bdb6d971 2675 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2676 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2677 goto unlock;
2678 }
2679
60fc5fb6 2680 i = 0;
b644ba33
JH		 2681 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2682 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2683 i++;
2784eb41
JH		 2684 }
2685
60fc5fb6 2686 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2687 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2688 if (!rp) {
2784eb41
JH		 2689 err = -ENOMEM;
2690 goto unlock;
2691 }
2692
2784eb41 2693 i = 0;
4c659c39 2694 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2695 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2696 continue;
4c659c39 2697 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2698 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2699 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2700 continue;
2701 i++;
2702 }
2703
eb55ef07 2704 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2705
4c659c39
JH		 2706 /* Recalculate length in case of filtered SCO connections, etc */
2707 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2708
bdb6d971 2709 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2710 rp_len);
2784eb41 2711
a38528f1 2712 kfree(rp);
5f97c1df
JH		 2713
2714unlock:
09fd0de5 2715 hci_dev_unlock(hdev);
2784eb41
JH		 2716 return err;
2717}
2718
bdb6d971 2719static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2720 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2721{
2722 struct pending_cmd *cmd;
2723 int err;
2724
2e58ef3e 2725 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2726 sizeof(*cp));
96d97a67
WR		 2727 if (!cmd)
2728 return -ENOMEM;
2729
d8457698 2730 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2731 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2732 if (err < 0)
2733 mgmt_pending_remove(cmd);
2734
2735 return err;
2736}
2737
bdb6d971 2738static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2739 u16 len)
980e1a53 2740{
96d97a67 2741 struct hci_conn *conn;
650f726d 2742 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2743 struct hci_cp_pin_code_reply reply;
366a0336 2744 struct pending_cmd *cmd;
980e1a53
JH		 2745 int err;
2746
2747 BT_DBG("");
2748
09fd0de5 2749 hci_dev_lock(hdev);
980e1a53 2750
4b34ee78 2751 if (!hdev_is_powered(hdev)) {
bdb6d971 2752 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2753 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2754 goto failed;
2755 }
2756
d8457698 2757 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2758 if (!conn) {
bdb6d971 2759 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2760 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2761 goto failed;
2762 }
2763
2764 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2765 struct mgmt_cp_pin_code_neg_reply ncp;
2766
2767 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2768
2769 BT_ERR("PIN code is not 16 bytes long");
2770
bdb6d971 2771 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2772 if (err >= 0)
bdb6d971 2773 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2774 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2775
2776 goto failed;
2777 }
2778
00abfe44 2779 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2780 if (!cmd) {
2781 err = -ENOMEM;
980e1a53 2782 goto failed;
366a0336 2783 }
980e1a53 2784
d8457698 2785 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2786 reply.pin_len = cp->pin_len;
24718ca5 2787 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2788
2789 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2790 if (err < 0)
a664b5bc 2791 mgmt_pending_remove(cmd);
980e1a53
JH		 2792
2793failed:
09fd0de5 2794 hci_dev_unlock(hdev);
980e1a53
JH		 2795 return err;
2796}
2797
04124681
GP		 2798static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2799 u16 len)
17fa4b9d 2800{
650f726d 2801 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2802
2803 BT_DBG("");
2804
4ec86d4c
JH		 2805 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2806 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2807 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
2808
09fd0de5 2809 hci_dev_lock(hdev);
17fa4b9d
JH		 2810
2811 hdev->io_capability = cp->io_capability;
2812
2813 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2814 hdev->io_capability);
17fa4b9d 2815
09fd0de5 2816 hci_dev_unlock(hdev);
17fa4b9d 2817
04124681
GP		 2818 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2819 0);
17fa4b9d
JH		 2820}
2821
6039aa73 2822static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2823{
2824 struct hci_dev *hdev = conn->hdev;
8035ded4 2825 struct pending_cmd *cmd;
e9a416b5 2826
2e58ef3e 2827 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2828 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2829 continue;
2830
e9a416b5
JH		 2831 if (cmd->user_data != conn)
2832 continue;
2833
2834 return cmd;
2835 }
2836
2837 return NULL;
2838}
2839
2840static void pairing_complete(struct pending_cmd *cmd, u8 status)
2841{
2842 struct mgmt_rp_pair_device rp;
2843 struct hci_conn *conn = cmd->user_data;
2844
61b1a7fb
JH		 2845 bacpy(&rp.addr.bdaddr, &conn->dst);
2846 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2847
aee9b218 2848 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2849 &rp, sizeof(rp));
e9a416b5
JH		 2850
2851 /* So we don't get further callbacks for this connection */
2852 conn->connect_cfm_cb = NULL;
2853 conn->security_cfm_cb = NULL;
2854 conn->disconn_cfm_cb = NULL;
2855
76a68ba0 2856 hci_conn_drop(conn);
e9a416b5 2857
a664b5bc 2858 mgmt_pending_remove(cmd);
e9a416b5
JH		 2859}
2860
f4a407be
JH		 2861void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2862{
2863 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2864 struct pending_cmd *cmd;
2865
2866 cmd = find_pairing(conn);
2867 if (cmd)
2868 pairing_complete(cmd, status);
2869}
2870
e9a416b5
JH		 2871static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2872{
2873 struct pending_cmd *cmd;
2874
2875 BT_DBG("status %u", status);
2876
2877 cmd = find_pairing(conn);
56e5cb86 2878 if (!cmd)
e9a416b5 2879 BT_DBG("Unable to find a pending command");
56e5cb86 2880 else
e211326c 2881 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2882}
2883
f4a407be 2884static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2885{
2886 struct pending_cmd *cmd;
2887
2888 BT_DBG("status %u", status);
2889
2890 if (!status)
2891 return;
2892
2893 cmd = find_pairing(conn);
2894 if (!cmd)
2895 BT_DBG("Unable to find a pending command");
2896 else
2897 pairing_complete(cmd, mgmt_status(status));
2898}
2899
bdb6d971 2900static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2901 u16 len)
e9a416b5 2902{
650f726d 2903 struct mgmt_cp_pair_device *cp = data;
1425acb7 2904 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2905 struct pending_cmd *cmd;
2906 u8 sec_level, auth_type;
2907 struct hci_conn *conn;
e9a416b5
JH		 2908 int err;
2909
2910 BT_DBG("");
2911
f950a30e
SJ		 2912 memset(&rp, 0, sizeof(rp));
2913 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2914 rp.addr.type = cp->addr.type;
2915
4ee71b20
JH		 2916 if (!bdaddr_type_is_valid(cp->addr.type))
2917 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2918 MGMT_STATUS_INVALID_PARAMS,
2919 &rp, sizeof(rp));
2920
4ec86d4c
JH		 2921 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2922 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2923 MGMT_STATUS_INVALID_PARAMS,
2924 &rp, sizeof(rp));
2925
09fd0de5 2926 hci_dev_lock(hdev);
e9a416b5 2927
5f97c1df 2928 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2929 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2930 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2931 goto unlock;
2932 }
2933
c908df36 2934 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2935 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2936
6f77d8c7 2937 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2938 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2939 auth_type);
6f77d8c7
AG		 2940 } else {
2941 u8 addr_type;
2942
2943 /* Convert from L2CAP channel address type to HCI address type
2944 */
2945 if (cp->addr.type == BDADDR_LE_PUBLIC)
2946 addr_type = ADDR_LE_DEV_PUBLIC;
2947 else
2948 addr_type = ADDR_LE_DEV_RANDOM;
2949
7c264b10
MH		 2950 /* When pairing a new device, it is expected to remember
2951 * this device for future connections. Adding the connection
2952 * parameter information ahead of time allows tracking
2953 * of the slave preferred values and will speed up any
2954 * further connection establishment.
2955 *
2956 * If connection parameters already exist, then they
2957 * will be kept and this function does nothing.
2958 */
2959 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2960
6f77d8c7 2961 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 2962 sec_level, auth_type);
6f77d8c7 2963 }
7a512d01 2964
30e76272 2965 if (IS_ERR(conn)) {
489dc48e
AK		 2966 int status;
2967
2968 if (PTR_ERR(conn) == -EBUSY)
2969 status = MGMT_STATUS_BUSY;
2970 else
2971 status = MGMT_STATUS_CONNECT_FAILED;
2972
bdb6d971 2973 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2974 status, &rp,
04124681 2975 sizeof(rp));
e9a416b5
JH		 2976 goto unlock;
2977 }
2978
2979 if (conn->connect_cfm_cb) {
76a68ba0 2980 hci_conn_drop(conn);
bdb6d971 2981 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2982 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2983 goto unlock;
2984 }
2985
2e58ef3e 2986 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2987 if (!cmd) {
2988 err = -ENOMEM;
76a68ba0 2989 hci_conn_drop(conn);
e9a416b5
JH		 2990 goto unlock;
2991 }
2992
7a512d01 2993 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2994 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2995 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2996 conn->security_cfm_cb = pairing_complete_cb;
2997 conn->disconn_cfm_cb = pairing_complete_cb;
2998 } else {
2999 conn->connect_cfm_cb = le_pairing_complete_cb;
3000 conn->security_cfm_cb = le_pairing_complete_cb;
3001 conn->disconn_cfm_cb = le_pairing_complete_cb;
3002 }
7a512d01 3003
e9a416b5
JH		 3004 conn->io_capability = cp->io_cap;
3005 cmd->user_data = conn;
3006
3007 if (conn->state == BT_CONNECTED &&
8ce8e2b5 3008 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 3009 pairing_complete(cmd, 0);
3010
3011 err = 0;
3012
3013unlock:
09fd0de5 3014 hci_dev_unlock(hdev);
e9a416b5
JH		 3015 return err;
3016}
3017
04124681
GP		 3018static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3019 u16 len)
28424707 3020{
0f4e68cf 3021 struct mgmt_addr_info *addr = data;
28424707
JH		 3022 struct pending_cmd *cmd;
3023 struct hci_conn *conn;
3024 int err;
3025
3026 BT_DBG("");
3027
28424707
JH		 3028 hci_dev_lock(hdev);
3029
5f97c1df 3030 if (!hdev_is_powered(hdev)) {
bdb6d971 3031 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3032 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3033 goto unlock;
3034 }
3035
28424707
JH		 3036 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3037 if (!cmd) {
bdb6d971 3038 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3039 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3040 goto unlock;
3041 }
3042
3043 conn = cmd->user_data;
3044
3045 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3046 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3047 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3048 goto unlock;
3049 }
3050
3051 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3052
bdb6d971 3053 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3054 addr, sizeof(*addr));
28424707
JH		 3055unlock:
3056 hci_dev_unlock(hdev);
28424707
JH		 3057 return err;
3058}
3059
bdb6d971 3060static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3061 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3062 u16 hci_op, __le32 passkey)
a5c29683 3063{
a5c29683 3064 struct pending_cmd *cmd;
0df4c185 3065 struct hci_conn *conn;
a5c29683
JH		 3066 int err;
3067
09fd0de5 3068 hci_dev_lock(hdev);
08ba5382 3069
4b34ee78 3070 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3071 err = cmd_complete(sk, hdev->id, mgmt_op,
3072 MGMT_STATUS_NOT_POWERED, addr,
3073 sizeof(*addr));
0df4c185 3074 goto done;
a5c29683
JH		 3075 }
3076
1707c60e
JH		 3077 if (addr->type == BDADDR_BREDR)
3078 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3079 else
1707c60e 3080 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3081
3082 if (!conn) {
feb94d3d
JH		 3083 err = cmd_complete(sk, hdev->id, mgmt_op,
3084 MGMT_STATUS_NOT_CONNECTED, addr,
3085 sizeof(*addr));
272d90df
JH		 3086 goto done;
3087 }
47c15e2b 3088
1707c60e 3089 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3090 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3091 if (!err)
feb94d3d
JH		 3092 err = cmd_complete(sk, hdev->id, mgmt_op,
3093 MGMT_STATUS_SUCCESS, addr,
3094 sizeof(*addr));
5fe57d9e 3095 else
feb94d3d
JH		 3096 err = cmd_complete(sk, hdev->id, mgmt_op,
3097 MGMT_STATUS_FAILED, addr,
3098 sizeof(*addr));
47c15e2b 3099
47c15e2b
BG		 3100 goto done;
3101 }
3102
1707c60e 3103 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3104 if (!cmd) {
3105 err = -ENOMEM;
0df4c185 3106 goto done;
a5c29683
JH		 3107 }
3108
0df4c185 3109 /* Continue with pairing via HCI */
604086b7
BG		 3110 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3111 struct hci_cp_user_passkey_reply cp;
3112
1707c60e 3113 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3114 cp.passkey = passkey;
3115 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3116 } else
1707c60e
JH		 3117 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3118 &addr->bdaddr);
604086b7 3119
a664b5bc
JH		 3120 if (err < 0)
3121 mgmt_pending_remove(cmd);
a5c29683 3122
0df4c185 3123done:
09fd0de5 3124 hci_dev_unlock(hdev);
a5c29683
JH		 3125 return err;
3126}
3127
afeb019d
JK		 3128static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3129 void *data, u16 len)
3130{
3131 struct mgmt_cp_pin_code_neg_reply *cp = data;
3132
3133 BT_DBG("");
3134
1707c60e 3135 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3136 MGMT_OP_PIN_CODE_NEG_REPLY,
3137 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3138}
3139
04124681
GP		 3140static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3141 u16 len)
0df4c185 3142{
650f726d 3143 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3144
3145 BT_DBG("");
3146
3147 if (len != sizeof(*cp))
bdb6d971 3148 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3149 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3150
1707c60e 3151 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3152 MGMT_OP_USER_CONFIRM_REPLY,
3153 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3154}
3155
bdb6d971 3156static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3157 void *data, u16 len)
0df4c185 3158{
c9c2659f 3159 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3160
3161 BT_DBG("");
3162
1707c60e 3163 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3164 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3165 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3166}
3167
04124681
GP		 3168static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3169 u16 len)
604086b7 3170{
650f726d 3171 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3172
3173 BT_DBG("");
3174
1707c60e 3175 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3176 MGMT_OP_USER_PASSKEY_REPLY,
3177 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3178}
3179
bdb6d971 3180static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3181 void *data, u16 len)
604086b7 3182{
650f726d 3183 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3184
3185 BT_DBG("");
3186
1707c60e 3187 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3188 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3189 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3190}
3191
13928971 3192static void update_name(struct hci_request *req)
2b4bf397 3193{
13928971 3194 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3195 struct hci_cp_write_local_name cp;
3196
13928971 3197 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3198
890ea898 3199 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3200}
3201
13928971
JH		 3202static void set_name_complete(struct hci_dev *hdev, u8 status)
3203{
3204 struct mgmt_cp_set_local_name *cp;
3205 struct pending_cmd *cmd;
3206
3207 BT_DBG("status 0x%02x", status);
3208
3209 hci_dev_lock(hdev);
3210
3211 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3212 if (!cmd)
3213 goto unlock;
3214
3215 cp = cmd->param;
3216
3217 if (status)
3218 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3219 mgmt_status(status));
3220 else
3221 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3222 cp, sizeof(*cp));
3223
3224 mgmt_pending_remove(cmd);
3225
3226unlock:
3227 hci_dev_unlock(hdev);
3228}
3229
bdb6d971 3230static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3231 u16 len)
b312b161 3232{
2b4bf397 3233 struct mgmt_cp_set_local_name *cp = data;
b312b161 3234 struct pending_cmd *cmd;
890ea898 3235 struct hci_request req;
b312b161
JH		 3236 int err;
3237
3238 BT_DBG("");
3239
09fd0de5 3240 hci_dev_lock(hdev);
b312b161 3241
b3f2ca94
JH		 3242 /* If the old values are the same as the new ones just return a
3243 * direct command complete event.
3244 */
3245 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3246 !memcmp(hdev->short_name, cp->short_name,
3247 sizeof(hdev->short_name))) {
3248 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3249 data, len);
3250 goto failed;
3251 }
3252
2b4bf397 3253 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3254
b5235a65 3255 if (!hdev_is_powered(hdev)) {
2b4bf397 3256 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3257
3258 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3259 data, len);
28cc7bde
JH		 3260 if (err < 0)
3261 goto failed;
3262
3263 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3264 sk);
28cc7bde 3265
b5235a65
JH		 3266 goto failed;
3267 }
3268
28cc7bde 3269 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3270 if (!cmd) {
3271 err = -ENOMEM;
3272 goto failed;
3273 }
3274
13928971
JH		 3275 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3276
890ea898 3277 hci_req_init(&req, hdev);
3f985050
JH		 3278
3279 if (lmp_bredr_capable(hdev)) {
3280 update_name(&req);
3281 update_eir(&req);
3282 }
3283
7a5f4990
MH		 3284 /* The name is stored in the scan response data and so
3285 * no need to udpate the advertising data here.
3286 */
3f985050 3287 if (lmp_le_capable(hdev))
7a5f4990 3288 update_scan_rsp_data(&req);
3f985050 3289
13928971 3290 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3291 if (err < 0)
3292 mgmt_pending_remove(cmd);
3293
3294failed:
09fd0de5 3295 hci_dev_unlock(hdev);
b312b161
JH		 3296 return err;
3297}
3298
0f4e68cf 3299static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3300 void *data, u16 data_len)
c35938b2 3301{
c35938b2
SJ		 3302 struct pending_cmd *cmd;
3303 int err;
3304
bdb6d971 3305 BT_DBG("%s", hdev->name);
c35938b2 3306
09fd0de5 3307 hci_dev_lock(hdev);
c35938b2 3308
4b34ee78 3309 if (!hdev_is_powered(hdev)) {
bdb6d971 3310 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3311 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3312 goto unlock;
3313 }
3314
9a1a1996 3315 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3316 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3317 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3318 goto unlock;
3319 }
3320
2e58ef3e 3321 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3322 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3323 MGMT_STATUS_BUSY);
c35938b2
SJ		 3324 goto unlock;
3325 }
3326
2e58ef3e 3327 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3328 if (!cmd) {
3329 err = -ENOMEM;
3330 goto unlock;
3331 }
3332
4d2d2796
MH		 3333 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3334 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3335 0, NULL);
3336 else
3337 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3338
c35938b2
SJ		 3339 if (err < 0)
3340 mgmt_pending_remove(cmd);
3341
3342unlock:
09fd0de5 3343 hci_dev_unlock(hdev);
c35938b2
SJ		 3344 return err;
3345}
3346
bdb6d971 3347static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3348 void *data, u16 len)
2763eda6 3349{
2763eda6
SJ		 3350 int err;
3351
bdb6d971 3352 BT_DBG("%s ", hdev->name);
2763eda6 3353
09fd0de5 3354 hci_dev_lock(hdev);
2763eda6 3355
ec109113
MH		 3356 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3357 struct mgmt_cp_add_remote_oob_data *cp = data;
3358 u8 status;
bf1e3541 3359
ec109113
MH		 3360 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3361 cp->hash, cp->randomizer);
3362 if (err < 0)
3363 status = MGMT_STATUS_FAILED;
3364 else
3365 status = MGMT_STATUS_SUCCESS;
3366
3367 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3368 status, &cp->addr, sizeof(cp->addr));
3369 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3370 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3371 u8 status;
3372
3373 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3374 cp->hash192,
3375 cp->randomizer192,
3376 cp->hash256,
3377 cp->randomizer256);
3378 if (err < 0)
3379 status = MGMT_STATUS_FAILED;
3380 else
3381 status = MGMT_STATUS_SUCCESS;
3382
3383 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3384 status, &cp->addr, sizeof(cp->addr));
3385 } else {
3386 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3387 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3388 MGMT_STATUS_INVALID_PARAMS);
3389 }
2763eda6 3390
09fd0de5 3391 hci_dev_unlock(hdev);
2763eda6
SJ		 3392 return err;
3393}
3394
bdb6d971 3395static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3396 void *data, u16 len)
2763eda6 3397{
650f726d 3398 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3399 u8 status;
2763eda6
SJ		 3400 int err;
3401
bdb6d971 3402 BT_DBG("%s", hdev->name);
2763eda6 3403
09fd0de5 3404 hci_dev_lock(hdev);
2763eda6 3405
664ce4cc 3406 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3407 if (err < 0)
bf1e3541 3408 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3409 else
a6785be2 3410 status = MGMT_STATUS_SUCCESS;
bf1e3541 3411
bdb6d971 3412 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3413 status, &cp->addr, sizeof(cp->addr));
2763eda6 3414
09fd0de5 3415 hci_dev_unlock(hdev);
2763eda6
SJ		 3416 return err;
3417}
3418
41dc2bd6
AG		 3419static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3420{
3421 struct pending_cmd *cmd;
3422 u8 type;
3423 int err;
3424
3425 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3426
3427 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3428 if (!cmd)
3429 return -ENOENT;
3430
3431 type = hdev->discovery.type;
3432
3433 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3434 &type, sizeof(type));
3435 mgmt_pending_remove(cmd);
3436
3437 return err;
3438}
3439
7c307720
AG		 3440static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3441{
ae55f598
LR		 3442 unsigned long timeout = 0;
3443
7c307720
AG		 3444 BT_DBG("status %d", status);
3445
3446 if (status) {
3447 hci_dev_lock(hdev);
3448 mgmt_start_discovery_failed(hdev, status);
3449 hci_dev_unlock(hdev);
3450 return;
3451 }
3452
3453 hci_dev_lock(hdev);
3454 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3455 hci_dev_unlock(hdev);
3456
3457 switch (hdev->discovery.type) {
3458 case DISCOV_TYPE_LE:
3d5a76f0 3459 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3460 break;
3461
3462 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3463 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3464 break;
3465
3466 case DISCOV_TYPE_BREDR:
3467 break;
3468
3469 default:
3470 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3471 }
ae55f598
LR		 3472
3473 if (!timeout)
3474 return;
3475
3476 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3477}
3478
bdb6d971 3479static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3480 void *data, u16 len)
14a53664 3481{
650f726d 3482 struct mgmt_cp_start_discovery *cp = data;
14a53664 3483 struct pending_cmd *cmd;
7c307720
AG		 3484 struct hci_cp_le_set_scan_param param_cp;
3485 struct hci_cp_le_set_scan_enable enable_cp;
3486 struct hci_cp_inquiry inq_cp;
3487 struct hci_request req;
3488 /* General inquiry access code (GIAC) */
3489 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3490 u8 status, own_addr_type;
14a53664
JH		 3491 int err;
3492
bdb6d971 3493 BT_DBG("%s", hdev->name);
14a53664 3494
09fd0de5 3495 hci_dev_lock(hdev);
14a53664 3496
4b34ee78 3497 if (!hdev_is_powered(hdev)) {
bdb6d971 3498 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3499 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3500 goto failed;
3501 }
3502
642be6c7
AG		 3503 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3504 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3505 MGMT_STATUS_BUSY);
3506 goto failed;
3507 }
3508
ff9ef578 3509 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3510 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3511 MGMT_STATUS_BUSY);
ff9ef578
JH		 3512 goto failed;
3513 }
3514
2e58ef3e 3515 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3516 if (!cmd) {
3517 err = -ENOMEM;
3518 goto failed;
3519 }
3520
4aab14e5
AG		 3521 hdev->discovery.type = cp->type;
3522
7c307720
AG		 3523 hci_req_init(&req, hdev);
3524
4aab14e5 3525 switch (hdev->discovery.type) {
f39799f5 3526 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3527 status = mgmt_bredr_support(hdev);
3528 if (status) {
04106755 3529 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3530 status);
04106755
JH		 3531 mgmt_pending_remove(cmd);
3532 goto failed;
3533 }
3534
7c307720
AG		 3535 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3536 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3537 MGMT_STATUS_BUSY);
3538 mgmt_pending_remove(cmd);
3539 goto failed;
3540 }
3541
3542 hci_inquiry_cache_flush(hdev);
3543
3544 memset(&inq_cp, 0, sizeof(inq_cp));
3545 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3546 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3547 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3548 break;
3549
3550 case DISCOV_TYPE_LE:
7c307720 3551 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3552 status = mgmt_le_support(hdev);
3553 if (status) {
04106755 3554 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3555 status);
04106755
JH		 3556 mgmt_pending_remove(cmd);
3557 goto failed;
3558 }
3559
7c307720 3560 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3561 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3562 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3563 MGMT_STATUS_NOT_SUPPORTED);
3564 mgmt_pending_remove(cmd);
3565 goto failed;
3566 }
3567
f3d3444a 3568 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3569 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3570 MGMT_STATUS_REJECTED);
3571 mgmt_pending_remove(cmd);
3572 goto failed;
3573 }
3574
c54c3860
AG		 3575 /* If controller is scanning, it means the background scanning
3576 * is running. Thus, we should temporarily stop it in order to
3577 * set the discovery scanning parameters.
3578 */
3579 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3580 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3581
3582 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3583
94b1fc92
MH		 3584 /* All active scans will be done with either a resolvable
3585 * private address (when privacy feature has been enabled)
3586 * or unresolvable private address.
3587 */
3588 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3589 if (err < 0) {
3590 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3591 MGMT_STATUS_FAILED);
3592 mgmt_pending_remove(cmd);
3593 goto failed;
3594 }
3595
7c307720 3596 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3597 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3598 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3599 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3600 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3601 &param_cp);
3602
3603 memset(&enable_cp, 0, sizeof(enable_cp));
3604 enable_cp.enable = LE_SCAN_ENABLE;
3605 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3606 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3607 &enable_cp);
5e0452c0
AG		 3608 break;
3609
f39799f5 3610 default:
04106755
JH		 3611 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3612 MGMT_STATUS_INVALID_PARAMS);
3613 mgmt_pending_remove(cmd);
3614 goto failed;
f39799f5 3615 }
3fd24153 3616
7c307720 3617 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3618 if (err < 0)
3619 mgmt_pending_remove(cmd);
ff9ef578
JH		 3620 else
3621 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3622
3623failed:
09fd0de5 3624 hci_dev_unlock(hdev);
14a53664
JH		 3625 return err;
3626}
3627
1183fdca
AG		 3628static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3629{
3630 struct pending_cmd *cmd;
3631 int err;
3632
3633 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3634 if (!cmd)
3635 return -ENOENT;
3636
3637 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3638 &hdev->discovery.type, sizeof(hdev->discovery.type));
3639 mgmt_pending_remove(cmd);
3640
3641 return err;
3642}
3643
0e05bba6
AG		 3644static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3645{
3646 BT_DBG("status %d", status);
3647
3648 hci_dev_lock(hdev);
3649
3650 if (status) {
3651 mgmt_stop_discovery_failed(hdev, status);
3652 goto unlock;
3653 }
3654
3655 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3656
3657unlock:
3658 hci_dev_unlock(hdev);
3659}
3660
bdb6d971 3661static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3662 u16 len)
14a53664 3663{
d930650b 3664 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3665 struct pending_cmd *cmd;
0e05bba6 3666 struct hci_request req;
14a53664
JH		 3667 int err;
3668
bdb6d971 3669 BT_DBG("%s", hdev->name);
14a53664 3670
09fd0de5 3671 hci_dev_lock(hdev);
14a53664 3672
30dc78e1 3673 if (!hci_discovery_active(hdev)) {
bdb6d971 3674 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3675 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3676 sizeof(mgmt_cp->type));
d930650b
JH		 3677 goto unlock;
3678 }
3679
3680 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3681 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3682 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3683 sizeof(mgmt_cp->type));
30dc78e1 3684 goto unlock;
ff9ef578
JH		 3685 }
3686
2e58ef3e 3687 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3688 if (!cmd) {
3689 err = -ENOMEM;
30dc78e1
JH		 3690 goto unlock;
3691 }
3692
0e05bba6
AG		 3693 hci_req_init(&req, hdev);
3694
21a60d30 3695 hci_stop_discovery(&req);
e0d9727e 3696
21a60d30
JH		 3697 err = hci_req_run(&req, stop_discovery_complete);
3698 if (!err) {
3699 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3700 goto unlock;
14a53664
JH		 3701 }
3702
21a60d30
JH		 3703 mgmt_pending_remove(cmd);
3704
3705 /* If no HCI commands were sent we're done */
3706 if (err == -ENODATA) {
3707 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3708 &mgmt_cp->type, sizeof(mgmt_cp->type));
3709 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3710 }
14a53664 3711
30dc78e1 3712unlock:
09fd0de5 3713 hci_dev_unlock(hdev);
14a53664
JH		 3714 return err;
3715}
3716
bdb6d971 3717static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3718 u16 len)
561aafbc 3719{
650f726d 3720 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3721 struct inquiry_entry *e;
561aafbc
JH		 3722 int err;
3723
bdb6d971 3724 BT_DBG("%s", hdev->name);
561aafbc 3725
561aafbc
JH		 3726 hci_dev_lock(hdev);
3727
30dc78e1 3728 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3729 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3730 MGMT_STATUS_FAILED, &cp->addr,
3731 sizeof(cp->addr));
30dc78e1
JH		 3732 goto failed;
3733 }
3734
a198e7b1 3735 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3736 if (!e) {
d3a2541d
LR		 3737 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3738 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3739 sizeof(cp->addr));
561aafbc
JH		 3740 goto failed;
3741 }
3742
3743 if (cp->name_known) {
3744 e->name_state = NAME_KNOWN;
3745 list_del(&e->list);
3746 } else {
3747 e->name_state = NAME_NEEDED;
a3d4e20a 3748 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3749 }
3750
e384662b
JH		 3751 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3752 sizeof(cp->addr));
561aafbc
JH		 3753
3754failed:
3755 hci_dev_unlock(hdev);
561aafbc
JH		 3756 return err;
3757}
3758
bdb6d971 3759static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3760 u16 len)
7fbec224 3761{
650f726d 3762 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3763 u8 status;
7fbec224
AJ		 3764 int err;
3765
bdb6d971 3766 BT_DBG("%s", hdev->name);
7fbec224 3767
4ee71b20 3768 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3769 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3770 MGMT_STATUS_INVALID_PARAMS,
3771 &cp->addr, sizeof(cp->addr));
4ee71b20 3772
09fd0de5 3773 hci_dev_lock(hdev);
5e762444 3774
88c1fe4b 3775 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3776 if (err < 0)
f0eeea8b 3777 status = MGMT_STATUS_FAILED;
7fbec224 3778 else
a6785be2 3779 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3780
bdb6d971 3781 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3782 &cp->addr, sizeof(cp->addr));
5e762444 3783
09fd0de5 3784 hci_dev_unlock(hdev);
7fbec224
AJ		 3785
3786 return err;
3787}
3788
bdb6d971 3789static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3790 u16 len)
7fbec224 3791{
650f726d 3792 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3793 u8 status;
7fbec224
AJ		 3794 int err;
3795
bdb6d971 3796 BT_DBG("%s", hdev->name);
7fbec224 3797
4ee71b20 3798 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3799 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3800 MGMT_STATUS_INVALID_PARAMS,
3801 &cp->addr, sizeof(cp->addr));
4ee71b20 3802
09fd0de5 3803 hci_dev_lock(hdev);
5e762444 3804
88c1fe4b 3805 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3806 if (err < 0)
f0eeea8b 3807 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3808 else
a6785be2 3809 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3810
bdb6d971 3811 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3812 &cp->addr, sizeof(cp->addr));
5e762444 3813
09fd0de5 3814 hci_dev_unlock(hdev);
7fbec224
AJ		 3815
3816 return err;
3817}
3818
cdbaccca
MH		 3819static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3820 u16 len)
3821{
3822 struct mgmt_cp_set_device_id *cp = data;
890ea898 3823 struct hci_request req;
cdbaccca 3824 int err;
c72d4b8a 3825 __u16 source;
cdbaccca
MH		 3826
3827 BT_DBG("%s", hdev->name);
3828
c72d4b8a
SJ		 3829 source = __le16_to_cpu(cp->source);
3830
3831 if (source > 0x0002)
3832 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3833 MGMT_STATUS_INVALID_PARAMS);
3834
cdbaccca
MH		 3835 hci_dev_lock(hdev);
3836
c72d4b8a 3837 hdev->devid_source = source;
cdbaccca
MH		 3838 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3839 hdev->devid_product = __le16_to_cpu(cp->product);
3840 hdev->devid_version = __le16_to_cpu(cp->version);
3841
3842 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3843
890ea898
JH		 3844 hci_req_init(&req, hdev);
3845 update_eir(&req);
3846 hci_req_run(&req, NULL);
cdbaccca
MH		 3847
3848 hci_dev_unlock(hdev);
3849
3850 return err;
3851}
3852
4375f103
JH		 3853static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3854{
3855 struct cmd_lookup match = { NULL, hdev };
3856
3857 if (status) {
3858 u8 mgmt_err = mgmt_status(status);
3859
3860 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3861 cmd_status_rsp, &mgmt_err);
3862 return;
3863 }
3864
3865 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3866 &match);
3867
3868 new_settings(hdev, match.sk);
3869
3870 if (match.sk)
3871 sock_put(match.sk);
3872}
3873
21b5187f
MH		 3874static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3875 u16 len)
4375f103
JH		 3876{
3877 struct mgmt_mode *cp = data;
3878 struct pending_cmd *cmd;
3879 struct hci_request req;
e6fe7986 3880 u8 val, enabled, status;
4375f103
JH		 3881 int err;
3882
3883 BT_DBG("request for %s", hdev->name);
3884
e6fe7986
JH		 3885 status = mgmt_le_support(hdev);
3886 if (status)
4375f103 3887 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3888 status);
4375f103
JH		 3889
3890 if (cp->val != 0x00 && cp->val != 0x01)
3891 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3892 MGMT_STATUS_INVALID_PARAMS);
3893
3894 hci_dev_lock(hdev);
3895
3896 val = !!cp->val;
f3d3444a 3897 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3898
f74ca9b8
JH		 3899 /* The following conditions are ones which mean that we should
3900 * not do any HCI communication but directly send a mgmt
3901 * response to user space (after toggling the flag if
3902 * necessary).
3903 */
3904 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3905 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3906 bool changed = false;
3907
f3d3444a
JH		 3908 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3909 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3910 changed = true;
3911 }
3912
3913 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3914 if (err < 0)
3915 goto unlock;
3916
3917 if (changed)
3918 err = new_settings(hdev, sk);
3919
3920 goto unlock;
3921 }
3922
3923 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3924 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3925 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3926 MGMT_STATUS_BUSY);
3927 goto unlock;
3928 }
3929
3930 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3931 if (!cmd) {
3932 err = -ENOMEM;
3933 goto unlock;
3934 }
3935
3936 hci_req_init(&req, hdev);
3937
bba3aa55
MH		 3938 if (val)
3939 enable_advertising(&req);
3940 else
3941 disable_advertising(&req);
4375f103
JH		 3942
3943 err = hci_req_run(&req, set_advertising_complete);
3944 if (err < 0)
3945 mgmt_pending_remove(cmd);
3946
3947unlock:
3948 hci_dev_unlock(hdev);
3949 return err;
3950}
3951
d13eafce
MH		 3952static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3953 void *data, u16 len)
3954{
3955 struct mgmt_cp_set_static_address *cp = data;
3956 int err;
3957
3958 BT_DBG("%s", hdev->name);
3959
62af4443 3960 if (!lmp_le_capable(hdev))
d13eafce 3961 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3962 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3963
3964 if (hdev_is_powered(hdev))
3965 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3966 MGMT_STATUS_REJECTED);
3967
3968 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3969 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3970 return cmd_status(sk, hdev->id,
3971 MGMT_OP_SET_STATIC_ADDRESS,
3972 MGMT_STATUS_INVALID_PARAMS);
3973
3974 /* Two most significant bits shall be set */
3975 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3976 return cmd_status(sk, hdev->id,
3977 MGMT_OP_SET_STATIC_ADDRESS,
3978 MGMT_STATUS_INVALID_PARAMS);
3979 }
3980
3981 hci_dev_lock(hdev);
3982
3983 bacpy(&hdev->static_addr, &cp->bdaddr);
3984
3985 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3986
3987 hci_dev_unlock(hdev);
3988
3989 return err;
3990}
3991
14b49b9a
MH		 3992static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3993 void *data, u16 len)
3994{
3995 struct mgmt_cp_set_scan_params *cp = data;
3996 __u16 interval, window;
3997 int err;
3998
3999 BT_DBG("%s", hdev->name);
4000
4001 if (!lmp_le_capable(hdev))
4002 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4003 MGMT_STATUS_NOT_SUPPORTED);
4004
4005 interval = __le16_to_cpu(cp->interval);
4006
4007 if (interval < 0x0004 || interval > 0x4000)
4008 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4009 MGMT_STATUS_INVALID_PARAMS);
4010
4011 window = __le16_to_cpu(cp->window);
4012
4013 if (window < 0x0004 || window > 0x4000)
4014 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4015 MGMT_STATUS_INVALID_PARAMS);
4016
899e1075
MH		 4017 if (window > interval)
4018 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4019 MGMT_STATUS_INVALID_PARAMS);
4020
14b49b9a
MH		 4021 hci_dev_lock(hdev);
4022
4023 hdev->le_scan_interval = interval;
4024 hdev->le_scan_window = window;
4025
4026 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4027
dd2ef8e2
AG		 4028 /* If background scan is running, restart it so new parameters are
4029 * loaded.
4030 */
4031 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4032 hdev->discovery.state == DISCOVERY_STOPPED) {
4033 struct hci_request req;
4034
4035 hci_req_init(&req, hdev);
4036
4037 hci_req_add_le_scan_disable(&req);
4038 hci_req_add_le_passive_scan(&req);
4039
4040 hci_req_run(&req, NULL);
4041 }
4042
14b49b9a
MH		 4043 hci_dev_unlock(hdev);
4044
4045 return err;
4046}
4047
33e38b3e
JH		 4048static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4049{
4050 struct pending_cmd *cmd;
4051
4052 BT_DBG("status 0x%02x", status);
4053
4054 hci_dev_lock(hdev);
4055
4056 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4057 if (!cmd)
4058 goto unlock;
4059
4060 if (status) {
4061 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4062 mgmt_status(status));
4063 } else {
1a4d3c4b
JH		 4064 struct mgmt_mode *cp = cmd->param;
4065
4066 if (cp->val)
4067 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4068 else
4069 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4070
33e38b3e
JH		 4071 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4072 new_settings(hdev, cmd->sk);
4073 }
4074
4075 mgmt_pending_remove(cmd);
4076
4077unlock:
4078 hci_dev_unlock(hdev);
4079}
4080
bdb6d971 4081static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4082 void *data, u16 len)
f6422ec6 4083{
650f726d 4084 struct mgmt_mode *cp = data;
33e38b3e
JH		 4085 struct pending_cmd *cmd;
4086 struct hci_request req;
f6422ec6
AJ		 4087 int err;
4088
bdb6d971 4089 BT_DBG("%s", hdev->name);
f6422ec6 4090
56f87901
JH		 4091 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4092 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4093 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4094 MGMT_STATUS_NOT_SUPPORTED);
4095
a7e80f25
JH		 4096 if (cp->val != 0x00 && cp->val != 0x01)
4097 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4098 MGMT_STATUS_INVALID_PARAMS);
4099
5400c044 4100 if (!hdev_is_powered(hdev))
bdb6d971 4101 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4102 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4103
4104 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4105 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4106 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4107
4108 hci_dev_lock(hdev);
4109
05cbf29f
JH		 4110 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4111 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4112 MGMT_STATUS_BUSY);
4113 goto unlock;
4114 }
4115
1a4d3c4b
JH		 4116 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4117 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4118 hdev);
4119 goto unlock;
4120 }
4121
33e38b3e
JH		 4122 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4123 data, len);
4124 if (!cmd) {
4125 err = -ENOMEM;
4126 goto unlock;
f6422ec6
AJ		 4127 }
4128
33e38b3e
JH		 4129 hci_req_init(&req, hdev);
4130
406d7804 4131 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4132
4133 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4134 if (err < 0) {
bdb6d971 4135 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4136 MGMT_STATUS_FAILED);
33e38b3e 4137 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4138 }
4139
33e38b3e 4140unlock:
f6422ec6 4141 hci_dev_unlock(hdev);
33e38b3e 4142
f6422ec6
AJ		 4143 return err;
4144}
4145
67e5a7a3
JH		 4146static void set_bredr_scan(struct hci_request *req)
4147{
4148 struct hci_dev *hdev = req->hdev;
4149 u8 scan = 0;
4150
4151 /* Ensure that fast connectable is disabled. This function will
4152 * not do anything if the page scan parameters are already what
4153 * they should be.
4154 */
4155 write_fast_connectable(req, false);
4156
4157 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4158 scan |= SCAN_PAGE;
4159 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4160 scan |= SCAN_INQUIRY;
4161
4162 if (scan)
4163 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4164}
4165
0663ca2a
JH		 4166static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4167{
4168 struct pending_cmd *cmd;
4169
4170 BT_DBG("status 0x%02x", status);
4171
4172 hci_dev_lock(hdev);
4173
4174 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4175 if (!cmd)
4176 goto unlock;
4177
4178 if (status) {
4179 u8 mgmt_err = mgmt_status(status);
4180
4181 /* We need to restore the flag if related HCI commands
4182 * failed.
4183 */
4184 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4185
4186 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4187 } else {
4188 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4189 new_settings(hdev, cmd->sk);
4190 }
4191
4192 mgmt_pending_remove(cmd);
4193
4194unlock:
4195 hci_dev_unlock(hdev);
4196}
4197
4198static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4199{
4200 struct mgmt_mode *cp = data;
4201 struct pending_cmd *cmd;
4202 struct hci_request req;
4203 int err;
4204
4205 BT_DBG("request for %s", hdev->name);
4206
4207 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4208 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4209 MGMT_STATUS_NOT_SUPPORTED);
4210
4211 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4212 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4213 MGMT_STATUS_REJECTED);
4214
4215 if (cp->val != 0x00 && cp->val != 0x01)
4216 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4217 MGMT_STATUS_INVALID_PARAMS);
4218
4219 hci_dev_lock(hdev);
4220
4221 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4222 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4223 goto unlock;
4224 }
4225
4226 if (!hdev_is_powered(hdev)) {
4227 if (!cp->val) {
0663ca2a
JH		 4228 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4229 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4230 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4231 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4232 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4233 }
4234
4235 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4236
4237 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4238 if (err < 0)
4239 goto unlock;
4240
4241 err = new_settings(hdev, sk);
4242 goto unlock;
4243 }
4244
4245 /* Reject disabling when powered on */
4246 if (!cp->val) {
4247 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4248 MGMT_STATUS_REJECTED);
4249 goto unlock;
4250 }
4251
4252 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4253 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4254 MGMT_STATUS_BUSY);
4255 goto unlock;
4256 }
4257
4258 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4259 if (!cmd) {
4260 err = -ENOMEM;
4261 goto unlock;
4262 }
4263
5947f4bc 4264 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4265 * generates the correct flags.
4266 */
4267 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4268
4269 hci_req_init(&req, hdev);
aa8af46e
JH		 4270
4271 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4272 set_bredr_scan(&req);
4273
f14d8f64
MH		 4274 /* Since only the advertising data flags will change, there
4275 * is no need to update the scan response data.
4276 */
5947f4bc 4277 update_adv_data(&req);
aa8af46e 4278
0663ca2a
JH		 4279 err = hci_req_run(&req, set_bredr_complete);
4280 if (err < 0)
4281 mgmt_pending_remove(cmd);
4282
4283unlock:
4284 hci_dev_unlock(hdev);
4285 return err;
4286}
4287
eac83dc6
MH		 4288static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4289 void *data, u16 len)
4290{
4291 struct mgmt_mode *cp = data;
4292 struct pending_cmd *cmd;
0ab04a9c 4293 u8 val, status;
eac83dc6
MH		 4294 int err;
4295
4296 BT_DBG("request for %s", hdev->name);
4297
4298 status = mgmt_bredr_support(hdev);
4299 if (status)
4300 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4301 status);
4302
5afeac14 4303 if (!lmp_sc_capable(hdev) &&
111902f7 4304 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4305 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4306 MGMT_STATUS_NOT_SUPPORTED);
4307
0ab04a9c 4308 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4309 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4310 MGMT_STATUS_INVALID_PARAMS);
4311
4312 hci_dev_lock(hdev);
4313
4314 if (!hdev_is_powered(hdev)) {
4315 bool changed;
4316
0ab04a9c 4317 if (cp->val) {
eac83dc6
MH		 4318 changed = !test_and_set_bit(HCI_SC_ENABLED,
4319 &hdev->dev_flags);
0ab04a9c
MH		 4320 if (cp->val == 0x02)
4321 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4322 else
4323 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4324 } else {
eac83dc6
MH		 4325 changed = test_and_clear_bit(HCI_SC_ENABLED,
4326 &hdev->dev_flags);
0ab04a9c
MH		 4327 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4328 }
eac83dc6
MH		 4329
4330 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4331 if (err < 0)
4332 goto failed;
4333
4334 if (changed)
4335 err = new_settings(hdev, sk);
4336
4337 goto failed;
4338 }
4339
4340 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4341 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4342 MGMT_STATUS_BUSY);
4343 goto failed;
4344 }
4345
0ab04a9c
MH		 4346 val = !!cp->val;
4347
4348 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4349 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4350 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4351 goto failed;
4352 }
4353
4354 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4355 if (!cmd) {
4356 err = -ENOMEM;
4357 goto failed;
4358 }
4359
0ab04a9c 4360 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4361 if (err < 0) {
4362 mgmt_pending_remove(cmd);
4363 goto failed;
4364 }
4365
0ab04a9c
MH		 4366 if (cp->val == 0x02)
4367 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4368 else
4369 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4370
eac83dc6
MH		 4371failed:
4372 hci_dev_unlock(hdev);
4373 return err;
4374}
4375
4e39ac81
MH		 4376static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4377 void *data, u16 len)
4378{
4379 struct mgmt_mode *cp = data;
b9710979 4380 bool changed, use_changed;
4e39ac81
MH		 4381 int err;
4382
4383 BT_DBG("request for %s", hdev->name);
4384
b9710979 4385 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4386 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4387 MGMT_STATUS_INVALID_PARAMS);
4388
4389 hci_dev_lock(hdev);
4390
4391 if (cp->val)
0663b297
JH		 4392 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4393 &hdev->dev_flags);
4e39ac81 4394 else
0663b297
JH		 4395 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4396 &hdev->dev_flags);
4e39ac81 4397
b9710979
JH		 4398 if (cp->val == 0x02)
4399 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4400 &hdev->dev_flags);
4401 else
4402 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4403 &hdev->dev_flags);
4404
4405 if (hdev_is_powered(hdev) && use_changed &&
4406 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4407 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4408 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4409 sizeof(mode), &mode);
4410 }
4411
4e39ac81
MH		 4412 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4413 if (err < 0)
4414 goto unlock;
4415
4416 if (changed)
4417 err = new_settings(hdev, sk);
4418
4419unlock:
4420 hci_dev_unlock(hdev);
4421 return err;
4422}
4423
62b04cd1
JH		 4424static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4425 u16 len)
4426{
4427 struct mgmt_cp_set_privacy *cp = cp_data;
4428 bool changed;
4429 int err;
4430
4431 BT_DBG("request for %s", hdev->name);
4432
4433 if (!lmp_le_capable(hdev))
4434 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4435 MGMT_STATUS_NOT_SUPPORTED);
4436
4437 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4438 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4439 MGMT_STATUS_INVALID_PARAMS);
4440
4441 if (hdev_is_powered(hdev))
4442 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4443 MGMT_STATUS_REJECTED);
4444
4445 hci_dev_lock(hdev);
4446
c21c0ea0
JH		 4447 /* If user space supports this command it is also expected to
4448 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4449 */
4450 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4451
62b04cd1
JH		 4452 if (cp->privacy) {
4453 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4454 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4455 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4456 } else {
4457 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4458 memset(hdev->irk, 0, sizeof(hdev->irk));
4459 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4460 }
4461
4462 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4463 if (err < 0)
4464 goto unlock;
4465
4466 if (changed)
4467 err = new_settings(hdev, sk);
4468
4469unlock:
4470 hci_dev_unlock(hdev);
4471 return err;
4472}
4473
41edf160
JH		 4474static bool irk_is_valid(struct mgmt_irk_info *irk)
4475{
4476 switch (irk->addr.type) {
4477 case BDADDR_LE_PUBLIC:
4478 return true;
4479
4480 case BDADDR_LE_RANDOM:
4481 /* Two most significant bits shall be set */
4482 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4483 return false;
4484 return true;
4485 }
4486
4487 return false;
4488}
4489
4490static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4491 u16 len)
4492{
4493 struct mgmt_cp_load_irks *cp = cp_data;
4494 u16 irk_count, expected_len;
4495 int i, err;
4496
4497 BT_DBG("request for %s", hdev->name);
4498
4499 if (!lmp_le_capable(hdev))
4500 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4501 MGMT_STATUS_NOT_SUPPORTED);
4502
4503 irk_count = __le16_to_cpu(cp->irk_count);
4504
4505 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4506 if (expected_len != len) {
4507 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4508 expected_len, len);
41edf160
JH		 4509 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4510 MGMT_STATUS_INVALID_PARAMS);
4511 }
4512
4513 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4514
4515 for (i = 0; i < irk_count; i++) {
4516 struct mgmt_irk_info *key = &cp->irks[i];
4517
4518 if (!irk_is_valid(key))
4519 return cmd_status(sk, hdev->id,
4520 MGMT_OP_LOAD_IRKS,
4521 MGMT_STATUS_INVALID_PARAMS);
4522 }
4523
4524 hci_dev_lock(hdev);
4525
4526 hci_smp_irks_clear(hdev);
4527
4528 for (i = 0; i < irk_count; i++) {
4529 struct mgmt_irk_info *irk = &cp->irks[i];
4530 u8 addr_type;
4531
4532 if (irk->addr.type == BDADDR_LE_PUBLIC)
4533 addr_type = ADDR_LE_DEV_PUBLIC;
4534 else
4535 addr_type = ADDR_LE_DEV_RANDOM;
4536
4537 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4538 BDADDR_ANY);
4539 }
4540
4541 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4542
4543 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4544
4545 hci_dev_unlock(hdev);
4546
4547 return err;
4548}
4549
3f706b72
JH		 4550static bool ltk_is_valid(struct mgmt_ltk_info *key)
4551{
4552 if (key->master != 0x00 && key->master != 0x01)
4553 return false;
490cb0b3
MH		 4554
4555 switch (key->addr.type) {
4556 case BDADDR_LE_PUBLIC:
4557 return true;
4558
4559 case BDADDR_LE_RANDOM:
4560 /* Two most significant bits shall be set */
4561 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4562 return false;
4563 return true;
4564 }
4565
4566 return false;
3f706b72
JH		 4567}
4568
bdb6d971 4569static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4570 void *cp_data, u16 len)
346af67b 4571{
346af67b
VCG		 4572 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4573 u16 key_count, expected_len;
715a5bf2 4574 int i, err;
346af67b 4575
cf99ba13
MH		 4576 BT_DBG("request for %s", hdev->name);
4577
4578 if (!lmp_le_capable(hdev))
4579 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4580 MGMT_STATUS_NOT_SUPPORTED);
4581
1f350c87 4582 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4583
4584 expected_len = sizeof(*cp) + key_count *
4585 sizeof(struct mgmt_ltk_info);
4586 if (expected_len != len) {
4587 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4588 expected_len, len);
bdb6d971 4589 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4590 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4591 }
4592
bdb6d971 4593 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4594
54ad6d8a
JH		 4595 for (i = 0; i < key_count; i++) {
4596 struct mgmt_ltk_info *key = &cp->keys[i];
4597
3f706b72 4598 if (!ltk_is_valid(key))
54ad6d8a
JH		 4599 return cmd_status(sk, hdev->id,
4600 MGMT_OP_LOAD_LONG_TERM_KEYS,
4601 MGMT_STATUS_INVALID_PARAMS);
4602 }
4603
346af67b
VCG		 4604 hci_dev_lock(hdev);
4605
4606 hci_smp_ltks_clear(hdev);
4607
4608 for (i = 0; i < key_count; i++) {
4609 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4610 u8 type, addr_type, authenticated;
79d95a19
MH		 4611
4612 if (key->addr.type == BDADDR_LE_PUBLIC)
4613 addr_type = ADDR_LE_DEV_PUBLIC;
4614 else
4615 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4616
4617 if (key->master)
2ceba539 4618 type = SMP_LTK;
346af67b 4619 else
2ceba539 4620 type = SMP_LTK_SLAVE;
346af67b 4621
61b43357
JH		 4622 switch (key->type) {
4623 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4624 authenticated = 0x00;
61b43357
JH		 4625 break;
4626 case MGMT_LTK_AUTHENTICATED:
d7b25450 4627 authenticated = 0x01;
61b43357
JH		 4628 break;
4629 default:
4630 continue;
4631 }
d7b25450 4632
35d70271 4633 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4634 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4635 key->rand);
346af67b
VCG		 4636 }
4637
715a5bf2
JH		 4638 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4639 NULL, 0);
4640
346af67b 4641 hci_dev_unlock(hdev);
346af67b 4642
715a5bf2 4643 return err;
346af67b
VCG		 4644}
4645
dd983808
AK		 4646struct cmd_conn_lookup {
4647 struct hci_conn *conn;
4648 bool valid_tx_power;
4649 u8 mgmt_status;
4650};
4651
4652static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4653{
4654 struct cmd_conn_lookup *match = data;
4655 struct mgmt_cp_get_conn_info *cp;
4656 struct mgmt_rp_get_conn_info rp;
4657 struct hci_conn *conn = cmd->user_data;
4658
4659 if (conn != match->conn)
4660 return;
4661
4662 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4663
4664 memset(&rp, 0, sizeof(rp));
4665 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4666 rp.addr.type = cp->addr.type;
4667
4668 if (!match->mgmt_status) {
4669 rp.rssi = conn->rssi;
4670
eed5daf3 4671 if (match->valid_tx_power) {
dd983808 4672 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4673 rp.max_tx_power = conn->max_tx_power;
4674 } else {
dd983808 4675 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4676 rp.max_tx_power = HCI_TX_POWER_INVALID;
4677 }
dd983808
AK		 4678 }
4679
4680 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4681 match->mgmt_status, &rp, sizeof(rp));
4682
4683 hci_conn_drop(conn);
4684
4685 mgmt_pending_remove(cmd);
4686}
4687
4688static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4689{
4690 struct hci_cp_read_rssi *cp;
4691 struct hci_conn *conn;
4692 struct cmd_conn_lookup match;
4693 u16 handle;
4694
4695 BT_DBG("status 0x%02x", status);
4696
4697 hci_dev_lock(hdev);
4698
4699 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4700 * otherwise we assume it's not valid. At the moment we assume that
4701 * either both or none of current and max values are valid to keep code
4702 * simple.
dd983808
AK		 4703 */
4704 match.valid_tx_power = !status;
4705
4706 /* Commands sent in request are either Read RSSI or Read Transmit Power
4707 * Level so we check which one was last sent to retrieve connection
4708 * handle. Both commands have handle as first parameter so it's safe to
4709 * cast data on the same command struct.
4710 *
4711 * First command sent is always Read RSSI and we fail only if it fails.
4712 * In other case we simply override error to indicate success as we
4713 * already remembered if TX power value is actually valid.
4714 */
4715 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4716 if (!cp) {
4717 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4718 status = 0;
4719 }
4720
4721 if (!cp) {
4722 BT_ERR("invalid sent_cmd in response");
4723 goto unlock;
4724 }
4725
4726 handle = __le16_to_cpu(cp->handle);
4727 conn = hci_conn_hash_lookup_handle(hdev, handle);
4728 if (!conn) {
4729 BT_ERR("unknown handle (%d) in response", handle);
4730 goto unlock;
4731 }
4732
4733 match.conn = conn;
4734 match.mgmt_status = mgmt_status(status);
4735
4736 /* Cache refresh is complete, now reply for mgmt request for given
4737 * connection only.
4738 */
4739 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4740 get_conn_info_complete, &match);
4741
4742unlock:
4743 hci_dev_unlock(hdev);
4744}
4745
4746static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4747 u16 len)
4748{
4749 struct mgmt_cp_get_conn_info *cp = data;
4750 struct mgmt_rp_get_conn_info rp;
4751 struct hci_conn *conn;
4752 unsigned long conn_info_age;
4753 int err = 0;
4754
4755 BT_DBG("%s", hdev->name);
4756
4757 memset(&rp, 0, sizeof(rp));
4758 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4759 rp.addr.type = cp->addr.type;
4760
4761 if (!bdaddr_type_is_valid(cp->addr.type))
4762 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4763 MGMT_STATUS_INVALID_PARAMS,
4764 &rp, sizeof(rp));
4765
4766 hci_dev_lock(hdev);
4767
4768 if (!hdev_is_powered(hdev)) {
4769 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4770 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4771 goto unlock;
4772 }
4773
4774 if (cp->addr.type == BDADDR_BREDR)
4775 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4776 &cp->addr.bdaddr);
4777 else
4778 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4779
4780 if (!conn || conn->state != BT_CONNECTED) {
4781 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4782 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4783 goto unlock;
4784 }
4785
4786 /* To avoid client trying to guess when to poll again for information we
4787 * calculate conn info age as random value between min/max set in hdev.
4788 */
4789 conn_info_age = hdev->conn_info_min_age +
4790 prandom_u32_max(hdev->conn_info_max_age -
4791 hdev->conn_info_min_age);
4792
4793 /* Query controller to refresh cached values if they are too old or were
4794 * never read.
4795 */
f4e2dd53
AK		 4796 if (time_after(jiffies, conn->conn_info_timestamp +
4797 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4798 !conn->conn_info_timestamp) {
4799 struct hci_request req;
4800 struct hci_cp_read_tx_power req_txp_cp;
4801 struct hci_cp_read_rssi req_rssi_cp;
4802 struct pending_cmd *cmd;
4803
4804 hci_req_init(&req, hdev);
4805 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4806 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4807 &req_rssi_cp);
4808
f7faab0c
AK		 4809 /* For LE links TX power does not change thus we don't need to
4810 * query for it once value is known.
4811 */
4812 if (!bdaddr_type_is_le(cp->addr.type) ||
4813 conn->tx_power == HCI_TX_POWER_INVALID) {
4814 req_txp_cp.handle = cpu_to_le16(conn->handle);
4815 req_txp_cp.type = 0x00;
4816 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4817 sizeof(req_txp_cp), &req_txp_cp);
4818 }
dd983808 4819
eed5daf3
AK		 4820 /* Max TX power needs to be read only once per connection */
4821 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4822 req_txp_cp.handle = cpu_to_le16(conn->handle);
4823 req_txp_cp.type = 0x01;
4824 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4825 sizeof(req_txp_cp), &req_txp_cp);
4826 }
4827
dd983808
AK		 4828 err = hci_req_run(&req, conn_info_refresh_complete);
4829 if (err < 0)
4830 goto unlock;
4831
4832 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4833 data, len);
4834 if (!cmd) {
4835 err = -ENOMEM;
4836 goto unlock;
4837 }
4838
4839 hci_conn_hold(conn);
4840 cmd->user_data = conn;
4841
4842 conn->conn_info_timestamp = jiffies;
4843 } else {
4844 /* Cache is valid, just reply with values cached in hci_conn */
4845 rp.rssi = conn->rssi;
4846 rp.tx_power = conn->tx_power;
eed5daf3 4847 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 4848
4849 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4850 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
4851 }
4852
4853unlock:
4854 hci_dev_unlock(hdev);
4855 return err;
4856}
4857
95868426
JH		 4858static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
4859{
4860 struct mgmt_cp_get_clock_info *cp;
4861 struct mgmt_rp_get_clock_info rp;
4862 struct hci_cp_read_clock *hci_cp;
4863 struct pending_cmd *cmd;
4864 struct hci_conn *conn;
4865
4866 BT_DBG("%s status %u", hdev->name, status);
4867
4868 hci_dev_lock(hdev);
4869
4870 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
4871 if (!hci_cp)
4872 goto unlock;
4873
4874 if (hci_cp->which) {
4875 u16 handle = __le16_to_cpu(hci_cp->handle);
4876 conn = hci_conn_hash_lookup_handle(hdev, handle);
4877 } else {
4878 conn = NULL;
4879 }
4880
4881 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
4882 if (!cmd)
4883 goto unlock;
4884
4885 cp = cmd->param;
4886
4887 memset(&rp, 0, sizeof(rp));
4888 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
4889
4890 if (status)
4891 goto send_rsp;
4892
4893 rp.local_clock = cpu_to_le32(hdev->clock);
4894
4895 if (conn) {
4896 rp.piconet_clock = cpu_to_le32(conn->clock);
4897 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
4898 }
4899
4900send_rsp:
4901 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
4902 &rp, sizeof(rp));
4903 mgmt_pending_remove(cmd);
4904 if (conn)
4905 hci_conn_drop(conn);
4906
4907unlock:
4908 hci_dev_unlock(hdev);
4909}
4910
4911static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
4912 u16 len)
4913{
4914 struct mgmt_cp_get_clock_info *cp = data;
4915 struct mgmt_rp_get_clock_info rp;
4916 struct hci_cp_read_clock hci_cp;
4917 struct pending_cmd *cmd;
4918 struct hci_request req;
4919 struct hci_conn *conn;
4920 int err;
4921
4922 BT_DBG("%s", hdev->name);
4923
4924 memset(&rp, 0, sizeof(rp));
4925 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4926 rp.addr.type = cp->addr.type;
4927
4928 if (cp->addr.type != BDADDR_BREDR)
4929 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4930 MGMT_STATUS_INVALID_PARAMS,
4931 &rp, sizeof(rp));
4932
4933 hci_dev_lock(hdev);
4934
4935 if (!hdev_is_powered(hdev)) {
4936 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4937 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4938 goto unlock;
4939 }
4940
4941 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4942 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4943 &cp->addr.bdaddr);
4944 if (!conn || conn->state != BT_CONNECTED) {
4945 err = cmd_complete(sk, hdev->id,
4946 MGMT_OP_GET_CLOCK_INFO,
4947 MGMT_STATUS_NOT_CONNECTED,
4948 &rp, sizeof(rp));
4949 goto unlock;
4950 }
4951 } else {
4952 conn = NULL;
4953 }
4954
4955 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
4956 if (!cmd) {
4957 err = -ENOMEM;
4958 goto unlock;
4959 }
4960
4961 hci_req_init(&req, hdev);
4962
4963 memset(&hci_cp, 0, sizeof(hci_cp));
4964 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
4965
4966 if (conn) {
4967 hci_conn_hold(conn);
4968 cmd->user_data = conn;
4969
4970 hci_cp.handle = cpu_to_le16(conn->handle);
4971 hci_cp.which = 0x01; /* Piconet clock */
4972 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
4973 }
4974
4975 err = hci_req_run(&req, get_clock_info_complete);
4976 if (err < 0)
4977 mgmt_pending_remove(cmd);
4978
4979unlock:
4980 hci_dev_unlock(hdev);
4981 return err;
4982}
4983
8afef092
MH		 4984static void device_added(struct sock *sk, struct hci_dev *hdev,
4985 bdaddr_t *bdaddr, u8 type, u8 action)
4986{
4987 struct mgmt_ev_device_added ev;
4988
4989 bacpy(&ev.addr.bdaddr, bdaddr);
4990 ev.addr.type = type;
4991 ev.action = action;
4992
4993 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
4994}
4995
2faade53
MH		 4996static int add_device(struct sock *sk, struct hci_dev *hdev,
4997 void *data, u16 len)
4998{
4999 struct mgmt_cp_add_device *cp = data;
5000 u8 auto_conn, addr_type;
5001 int err;
5002
5003 BT_DBG("%s", hdev->name);
5004
5005 if (!bdaddr_type_is_le(cp->addr.type) ||
5006 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5007 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5008 MGMT_STATUS_INVALID_PARAMS,
5009 &cp->addr, sizeof(cp->addr));
5010
5011 if (cp->action != 0x00 && cp->action != 0x01)
5012 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5013 MGMT_STATUS_INVALID_PARAMS,
5014 &cp->addr, sizeof(cp->addr));
5015
5016 hci_dev_lock(hdev);
5017
5018 if (cp->addr.type == BDADDR_LE_PUBLIC)
5019 addr_type = ADDR_LE_DEV_PUBLIC;
5020 else
5021 addr_type = ADDR_LE_DEV_RANDOM;
5022
5023 if (cp->action)
5024 auto_conn = HCI_AUTO_CONN_ALWAYS;
5025 else
5026 auto_conn = HCI_AUTO_CONN_DISABLED;
5027
bf5b3c8b
MH		 5028 /* If the connection parameters don't exist for this device,
5029 * they will be created and configured with defaults.
5030 */
d06b50ce
MH		 5031 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5032 auto_conn) < 0) {
2faade53
MH		 5033 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5034 MGMT_STATUS_FAILED,
5035 &cp->addr, sizeof(cp->addr));
5036 goto unlock;
5037 }
5038
8afef092
MH		 5039 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5040
2faade53
MH		 5041 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5042 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5043
5044unlock:
5045 hci_dev_unlock(hdev);
5046 return err;
5047}
5048
8afef092
MH		 5049static void device_removed(struct sock *sk, struct hci_dev *hdev,
5050 bdaddr_t *bdaddr, u8 type)
5051{
5052 struct mgmt_ev_device_removed ev;
5053
5054 bacpy(&ev.addr.bdaddr, bdaddr);
5055 ev.addr.type = type;
5056
5057 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5058}
5059
2faade53
MH		 5060static int remove_device(struct sock *sk, struct hci_dev *hdev,
5061 void *data, u16 len)
5062{
5063 struct mgmt_cp_remove_device *cp = data;
5064 int err;
5065
5066 BT_DBG("%s", hdev->name);
5067
5068 hci_dev_lock(hdev);
5069
5070 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5071 u8 addr_type;
5072
5073 if (!bdaddr_type_is_le(cp->addr.type)) {
5074 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5075 MGMT_STATUS_INVALID_PARAMS,
5076 &cp->addr, sizeof(cp->addr));
5077 goto unlock;
5078 }
5079
5080 if (cp->addr.type == BDADDR_LE_PUBLIC)
5081 addr_type = ADDR_LE_DEV_PUBLIC;
5082 else
5083 addr_type = ADDR_LE_DEV_RANDOM;
5084
5085 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
8afef092
MH		 5086
5087 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53
MH		 5088 } else {
5089 if (cp->addr.type) {
5090 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5091 MGMT_STATUS_INVALID_PARAMS,
5092 &cp->addr, sizeof(cp->addr));
5093 goto unlock;
5094 }
5095
5096 hci_conn_params_clear(hdev);
5097 }
5098
5099 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5100 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5101
5102unlock:
5103 hci_dev_unlock(hdev);
5104 return err;
5105}
5106
2e3c35ea 5107static const struct mgmt_handler {
04124681
GP		 5108 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5109 u16 data_len);
be22b54e
JH		 5110 bool var_len;
5111 size_t data_len;
0f4e68cf
JH		 5112} mgmt_handlers[] = {
5113 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5114 { read_version, false, MGMT_READ_VERSION_SIZE },
5115 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5116 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5117 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5118 { set_powered, false, MGMT_SETTING_SIZE },
5119 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5120 { set_connectable, false, MGMT_SETTING_SIZE },
5121 { set_fast_connectable, false, MGMT_SETTING_SIZE },
5122 { set_pairable, false, MGMT_SETTING_SIZE },
5123 { set_link_security, false, MGMT_SETTING_SIZE },
5124 { set_ssp, false, MGMT_SETTING_SIZE },
5125 { set_hs, false, MGMT_SETTING_SIZE },
5126 { set_le, false, MGMT_SETTING_SIZE },
5127 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5128 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5129 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5130 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5131 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5132 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5133 { disconnect, false, MGMT_DISCONNECT_SIZE },
5134 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5135 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5136 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5137 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5138 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5139 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5140 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5141 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5142 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5143 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5144 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5145 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5146 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5147 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5148 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5149 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5150 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5151 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5152 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5153 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5154 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5155 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5156 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5157 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5158 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5159 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5160 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5161 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5162 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5163 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5164 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5165 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
0f4e68cf
JH		 5166};
5167
0381101f
JH		 5168int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5169{
650f726d
VCG		 5170 void *buf;
5171 u8 *cp;
0381101f 5172 struct mgmt_hdr *hdr;
4e51eae9 5173 u16 opcode, index, len;
bdb6d971 5174 struct hci_dev *hdev = NULL;
2e3c35ea 5175 const struct mgmt_handler *handler;
0381101f
JH		 5176 int err;
5177
5178 BT_DBG("got %zu bytes", msglen);
5179
5180 if (msglen < sizeof(*hdr))
5181 return -EINVAL;
5182
e63a15ec 5183 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5184 if (!buf)
5185 return -ENOMEM;
5186
5187 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5188 err = -EFAULT;
5189 goto done;
5190 }
5191
650f726d 5192 hdr = buf;
1f350c87
MH		 5193 opcode = __le16_to_cpu(hdr->opcode);
5194 index = __le16_to_cpu(hdr->index);
5195 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5196
5197 if (len != msglen - sizeof(*hdr)) {
5198 err = -EINVAL;
5199 goto done;
5200 }
5201
0f4e68cf 5202 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5203 hdev = hci_dev_get(index);
5204 if (!hdev) {
5205 err = cmd_status(sk, index, opcode,
04124681 5206 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5207 goto done;
5208 }
0736cfa8 5209
cebf4cfd 5210 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
fee746b0
MH		 5211 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) ||
5212 test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) {
0736cfa8
MH		 5213 err = cmd_status(sk, index, opcode,
5214 MGMT_STATUS_INVALID_INDEX);
5215 goto done;
5216 }
bdb6d971
JH		 5217 }
5218
0f4e68cf 5219 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5220 mgmt_handlers[opcode].func == NULL) {
0381101f 5221 BT_DBG("Unknown op %u", opcode);
ca69b795 5222 err = cmd_status(sk, index, opcode,
04124681 5223 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5224 goto done;
5225 }
5226
5227 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 5228 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 5229 err = cmd_status(sk, index, opcode,
04124681 5230 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5231 goto done;
0381101f
JH		 5232 }
5233
be22b54e
JH		 5234 handler = &mgmt_handlers[opcode];
5235
5236 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5237 (!handler->var_len && len != handler->data_len)) {
be22b54e 5238 err = cmd_status(sk, index, opcode,
04124681 5239 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5240 goto done;
5241 }
5242
0f4e68cf
JH		 5243 if (hdev)
5244 mgmt_init_hdev(sk, hdev);
5245
5246 cp = buf + sizeof(*hdr);
5247
be22b54e 5248 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5249 if (err < 0)
5250 goto done;
5251
0381101f
JH		 5252 err = msglen;
5253
5254done:
bdb6d971
JH		 5255 if (hdev)
5256 hci_dev_put(hdev);
5257
0381101f
JH		 5258 kfree(buf);
5259 return err;
5260}
c71e97bf 5261
bf6b56db 5262void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 5263{
1514b892 5264 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5265 return;
bb4b2a9a 5266
bf6b56db 5267 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 5268}
5269
bf6b56db 5270void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 5271{
5f159032 5272 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 5273
1514b892 5274 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5275 return;
bb4b2a9a 5276
744cf19e 5277 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 5278
bf6b56db 5279 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 5280}
5281
6046dc3e
AG		 5282/* This function requires the caller holds hdev->lock */
5283static void restart_le_auto_conns(struct hci_dev *hdev)
5284{
5285 struct hci_conn_params *p;
5286
5287 list_for_each_entry(p, &hdev->le_conn_params, list) {
5288 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS)
5289 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
5290 }
5291}
5292
229ab39c
JH		 5293static void powered_complete(struct hci_dev *hdev, u8 status)
5294{
5295 struct cmd_lookup match = { NULL, hdev };
5296
5297 BT_DBG("status 0x%02x", status);
5298
5299 hci_dev_lock(hdev);
5300
6046dc3e
AG		 5301 restart_le_auto_conns(hdev);
5302
229ab39c
JH		 5303 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5304
5305 new_settings(hdev, match.sk);
5306
5307 hci_dev_unlock(hdev);
5308
5309 if (match.sk)
5310 sock_put(match.sk);
5311}
5312
70da6243 5313static int powered_update_hci(struct hci_dev *hdev)
5add6af8 5314{
890ea898 5315 struct hci_request req;
70da6243 5316 u8 link_sec;
5add6af8 5317
890ea898
JH		 5318 hci_req_init(&req, hdev);
5319
70da6243
JH		 5320 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5321 !lmp_host_ssp_capable(hdev)) {
5322 u8 ssp = 1;
5e5282bb 5323
890ea898 5324 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5325 }
5add6af8 5326
c73eee91
JH		 5327 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5328 lmp_bredr_capable(hdev)) {
70da6243 5329 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5330
70da6243
JH		 5331 cp.le = 1;
5332 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 5333
70da6243
JH		 5334 /* Check first if we already have the right
5335 * host state (host features set)
5336 */
5337 if (cp.le != lmp_host_le_capable(hdev) ||
5338 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5339 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5340 sizeof(cp), &cp);
70da6243 5341 }
3d1cbdd6 5342
d13eafce 5343 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5344 /* Make sure the controller has a good default for
5345 * advertising data. This also applies to the case
5346 * where BR/EDR was toggled during the AUTO_OFF phase.
5347 */
f14d8f64 5348 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5349 update_adv_data(&req);
f14d8f64
MH		 5350 update_scan_rsp_data(&req);
5351 }
441ad2d0 5352
bba3aa55
MH		 5353 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5354 enable_advertising(&req);
eeca6f89
JH		 5355 }
5356
70da6243
JH		 5357 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5358 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5359 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5360 sizeof(link_sec), &link_sec);
562fcc24 5361
70da6243 5362 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5363 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5364 set_bredr_scan(&req);
890ea898 5365 update_class(&req);
13928971 5366 update_name(&req);
890ea898 5367 update_eir(&req);
70da6243 5368 }
562fcc24 5369
229ab39c 5370 return hci_req_run(&req, powered_complete);
70da6243 5371}
562fcc24 5372
70da6243
JH		 5373int mgmt_powered(struct hci_dev *hdev, u8 powered)
5374{
5375 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5376 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5377 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5378 int err;
f0ff92fb 5379
70da6243
JH		 5380 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5381 return 0;
5382
70da6243 5383 if (powered) {
229ab39c
JH		 5384 if (powered_update_hci(hdev) == 0)
5385 return 0;
fe038884 5386
229ab39c
JH		 5387 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5388 &match);
5389 goto new_settings;
b24752fe
JH		 5390 }
5391
229ab39c
JH		 5392 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5393 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5394
5395 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5396 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5397 zero_cod, sizeof(zero_cod), NULL);
5398
5399new_settings:
beadb2bd 5400 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5401
5402 if (match.sk)
5403 sock_put(match.sk);
5404
7bb895d6 5405 return err;
5add6af8 5406}
73f22f62 5407
3eec705e 5408void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5409{
5410 struct pending_cmd *cmd;
5411 u8 status;
5412
5413 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5414 if (!cmd)
3eec705e 5415 return;
96570ffc
JH		 5416
5417 if (err == -ERFKILL)
5418 status = MGMT_STATUS_RFKILLED;
5419 else
5420 status = MGMT_STATUS_FAILED;
5421
3eec705e 5422 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5423
5424 mgmt_pending_remove(cmd);
96570ffc
JH		 5425}
5426
d1967ff8
MH		 5427void mgmt_discoverable_timeout(struct hci_dev *hdev)
5428{
5429 struct hci_request req;
d1967ff8
MH		 5430
5431 hci_dev_lock(hdev);
5432
5433 /* When discoverable timeout triggers, then just make sure
5434 * the limited discoverable flag is cleared. Even in the case
5435 * of a timeout triggered from general discoverable, it is
5436 * safe to unconditionally clear the flag.
5437 */
5438 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 5439 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 5440
5441 hci_req_init(&req, hdev);
4b580614
JH		 5442 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5443 u8 scan = SCAN_PAGE;
5444 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5445 sizeof(scan), &scan);
5446 }
d1967ff8 5447 update_class(&req);
9a43e25f 5448 update_adv_data(&req);
d1967ff8
MH		 5449 hci_req_run(&req, NULL);
5450
5451 hdev->discov_timeout = 0;
5452
9a43e25f
JH		 5453 new_settings(hdev, NULL);
5454
d1967ff8
MH		 5455 hci_dev_unlock(hdev);
5456}
5457
86a75645 5458void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 5459{
86a75645 5460 bool changed;
73f22f62 5461
bfaf8c9f
JH		 5462 /* Nothing needed here if there's a pending command since that
5463 * commands request completion callback takes care of everything
5464 * necessary.
5465 */
5466 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 5467 return;
bfaf8c9f 5468
bd107999
JH		 5469 /* Powering off may clear the scan mode - don't let that interfere */
5470 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5471 return;
5472
9a43e25f 5473 if (discoverable) {
86a75645 5474 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5475 } else {
5476 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 5477 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5478 }
5479
5480 if (changed) {
5481 struct hci_request req;
5482
5483 /* In case this change in discoverable was triggered by
5484 * a disabling of connectable there could be a need to
5485 * update the advertising flags.
5486 */
5487 hci_req_init(&req, hdev);
5488 update_adv_data(&req);
5489 hci_req_run(&req, NULL);
73f22f62 5490
86a75645 5491 new_settings(hdev, NULL);
9a43e25f 5492 }
73f22f62 5493}
9fbcbb45 5494
a330916c 5495void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 5496{
a330916c 5497 bool changed;
9fbcbb45 5498
d7b856f9
JH		 5499 /* Nothing needed here if there's a pending command since that
5500 * commands request completion callback takes care of everything
5501 * necessary.
5502 */
5503 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 5504 return;
d7b856f9 5505
ce3f24cf
JH		 5506 /* Powering off may clear the scan mode - don't let that interfere */
5507 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5508 return;
5509
a330916c
MH		 5510 if (connectable)
5511 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5512 else
5513 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 5514
beadb2bd 5515 if (changed)
a330916c 5516 new_settings(hdev, NULL);
9fbcbb45 5517}
55ed8ca1 5518
778b235a
JH		 5519void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
5520{
7c4cfab8
JH		 5521 /* Powering off may stop advertising - don't let that interfere */
5522 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5523 return;
5524
778b235a
JH		 5525 if (advertising)
5526 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
5527 else
5528 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5529}
5530
4796e8af 5531void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 5532{
ca69b795
JH		 5533 u8 mgmt_err = mgmt_status(status);
5534
2d7cee58 5535 if (scan & SCAN_PAGE)
744cf19e 5536 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 5537 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5538
5539 if (scan & SCAN_INQUIRY)
744cf19e 5540 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 5541 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5542}
5543
dc4a5ee2
MH		 5544void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
5545 bool persistent)
55ed8ca1 5546{
86742e1e 5547 struct mgmt_ev_new_link_key ev;
55ed8ca1 5548
a492cd52 5549 memset(&ev, 0, sizeof(ev));
55ed8ca1 5550
a492cd52 5551 ev.store_hint = persistent;
d753fdc4 5552 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 5553 ev.key.addr.type = BDADDR_BREDR;
a492cd52 5554 ev.key.type = key->type;
9b3b4460 5555 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 5556 ev.key.pin_len = key->pin_len;
55ed8ca1 5557
dc4a5ee2 5558 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 5559}
f7520543 5560
d7b25450
JH		 5561static u8 mgmt_ltk_type(struct smp_ltk *ltk)
5562{
5563 if (ltk->authenticated)
5564 return MGMT_LTK_AUTHENTICATED;
5565
5566 return MGMT_LTK_UNAUTHENTICATED;
5567}
5568
53ac6ab6 5569void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 5570{
5571 struct mgmt_ev_new_long_term_key ev;
5572
5573 memset(&ev, 0, sizeof(ev));
5574
5192d301
MH		 5575 /* Devices using resolvable or non-resolvable random addresses
5576 * without providing an indentity resolving key don't require
5577 * to store long term keys. Their addresses will change the
5578 * next time around.
5579 *
5580 * Only when a remote device provides an identity address
5581 * make sure the long term key is stored. If the remote
5582 * identity is known, the long term keys are internally
5583 * mapped to the identity address. So allow static random
5584 * and public addresses here.
5585 */
ba74b666
JH		 5586 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5587 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5588 ev.store_hint = 0x00;
5589 else
53ac6ab6 5590 ev.store_hint = persistent;
ba74b666 5591
346af67b 5592 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 5593 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 5594 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 5595 ev.key.enc_size = key->enc_size;
5596 ev.key.ediv = key->ediv;
fe39c7b2 5597 ev.key.rand = key->rand;
346af67b 5598
2ceba539 5599 if (key->type == SMP_LTK)
346af67b
VCG		 5600 ev.key.master = 1;
5601
346af67b
VCG		 5602 memcpy(ev.key.val, key->val, sizeof(key->val));
5603
083368f7 5604 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 5605}
5606
95fbac8a
JH		 5607void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5608{
5609 struct mgmt_ev_new_irk ev;
5610
5611 memset(&ev, 0, sizeof(ev));
5612
bab6d1e5
MH		 5613 /* For identity resolving keys from devices that are already
5614 * using a public address or static random address, do not
5615 * ask for storing this key. The identity resolving key really
5616 * is only mandatory for devices using resovlable random
5617 * addresses.
5618 *
5619 * Storing all identity resolving keys has the downside that
5620 * they will be also loaded on next boot of they system. More
5621 * identity resolving keys, means more time during scanning is
5622 * needed to actually resolve these addresses.
5623 */
5624 if (bacmp(&irk->rpa, BDADDR_ANY))
5625 ev.store_hint = 0x01;
5626 else
5627 ev.store_hint = 0x00;
5628
95fbac8a
JH		 5629 bacpy(&ev.rpa, &irk->rpa);
5630 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5631 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5632 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5633
5634 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5635}
5636
53ac6ab6
MH		 5637void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
5638 bool persistent)
7ee4ea36
MH		 5639{
5640 struct mgmt_ev_new_csrk ev;
5641
5642 memset(&ev, 0, sizeof(ev));
5643
5644 /* Devices using resolvable or non-resolvable random addresses
5645 * without providing an indentity resolving key don't require
5646 * to store signature resolving keys. Their addresses will change
5647 * the next time around.
5648 *
5649 * Only when a remote device provides an identity address
5650 * make sure the signature resolving key is stored. So allow
5651 * static random and public addresses here.
5652 */
5653 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5654 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
5655 ev.store_hint = 0x00;
5656 else
53ac6ab6 5657 ev.store_hint = persistent;
7ee4ea36
MH		 5658
5659 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
5660 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
5661 ev.key.master = csrk->master;
5662 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
5663
5664 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
5665}
5666
94933991
MH		 5667static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5668 u8 data_len)
5669{
5670 eir[eir_len++] = sizeof(type) + data_len;
5671 eir[eir_len++] = type;
5672 memcpy(&eir[eir_len], data, data_len);
5673 eir_len += data_len;
5674
5675 return eir_len;
5676}
5677
ecd90ae7
MH		 5678void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5679 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5680 u8 *dev_class)
f7520543 5681{
b644ba33
JH		 5682 char buf[512];
5683 struct mgmt_ev_device_connected *ev = (void *) buf;
5684 u16 eir_len = 0;
f7520543 5685
b644ba33 5686 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5687 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 5688
c95f0ba7 5689 ev->flags = __cpu_to_le32(flags);
08c79b61 5690
b644ba33
JH		 5691 if (name_len > 0)
5692 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 5693 name, name_len);
b644ba33
JH		 5694
5695 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 5696 eir_len = eir_append_data(ev->eir, eir_len,
04124681 5697 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 5698
eb55ef07 5699 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 5700
ecd90ae7
MH		 5701 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5702 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 5703}
5704
8962ee74
JH		 5705static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5706{
c68fb7ff 5707 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 5708 struct sock **sk = data;
a38528f1 5709 struct mgmt_rp_disconnect rp;
8962ee74 5710
88c3df13
JH		 5711 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5712 rp.addr.type = cp->addr.type;
8962ee74 5713
aee9b218 5714 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 5715 sizeof(rp));
8962ee74
JH		 5716
5717 *sk = cmd->sk;
5718 sock_hold(*sk);
5719
a664b5bc 5720 mgmt_pending_remove(cmd);
8962ee74
JH		 5721}
5722
124f6e35 5723static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 5724{
b1078ad0 5725 struct hci_dev *hdev = data;
124f6e35
JH		 5726 struct mgmt_cp_unpair_device *cp = cmd->param;
5727 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 5728
5729 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 5730 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5731 rp.addr.type = cp->addr.type;
a8a1d19e 5732
b1078ad0
JH		 5733 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5734
aee9b218 5735 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 5736
5737 mgmt_pending_remove(cmd);
5738}
5739
9b80ec5e 5740void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 5741 u8 link_type, u8 addr_type, u8 reason,
5742 bool mgmt_connected)
f7520543 5743{
f0d6a0ea 5744 struct mgmt_ev_device_disconnected ev;
8b064a3a 5745 struct pending_cmd *power_off;
8962ee74 5746 struct sock *sk = NULL;
8962ee74 5747
8b064a3a
JH		 5748 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5749 if (power_off) {
5750 struct mgmt_mode *cp = power_off->param;
5751
5752 /* The connection is still in hci_conn_hash so test for 1
5753 * instead of 0 to know if this is the last one.
5754 */
a3172b7e
JH		 5755 if (!cp->val && hci_conn_count(hdev) == 1) {
5756 cancel_delayed_work(&hdev->power_off);
8b064a3a 5757 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5758 }
8b064a3a
JH		 5759 }
5760
12d4a3b2
JH		 5761 if (!mgmt_connected)
5762 return;
5763
57eb776f
AG		 5764 if (link_type != ACL_LINK && link_type != LE_LINK)
5765 return;
5766
744cf19e 5767 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5768
f0d6a0ea
MA		 5769 bacpy(&ev.addr.bdaddr, bdaddr);
5770 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5771 ev.reason = reason;
f7520543 5772
9b80ec5e 5773 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5774
5775 if (sk)
d97dcb66 5776 sock_put(sk);
8962ee74 5777
124f6e35 5778 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5779 hdev);
8962ee74
JH		 5780}
5781
7892924c
MH		 5782void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5783 u8 link_type, u8 addr_type, u8 status)
8962ee74 5784{
3655bba8
AG		 5785 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5786 struct mgmt_cp_disconnect *cp;
88c3df13 5787 struct mgmt_rp_disconnect rp;
8962ee74 5788 struct pending_cmd *cmd;
8962ee74 5789
36a75f1b
JD		 5790 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5791 hdev);
5792
2e58ef3e 5793 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5794 if (!cmd)
7892924c 5795 return;
8962ee74 5796
3655bba8
AG		 5797 cp = cmd->param;
5798
5799 if (bacmp(bdaddr, &cp->addr.bdaddr))
5800 return;
5801
5802 if (cp->addr.type != bdaddr_type)
5803 return;
5804
88c3df13 5805 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5806 rp.addr.type = bdaddr_type;
37d9ef76 5807
7892924c
MH		 5808 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5809 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5810
a664b5bc 5811 mgmt_pending_remove(cmd);
f7520543 5812}
17d5c04c 5813
445608d0
MH		 5814void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5815 u8 addr_type, u8 status)
17d5c04c
JH		 5816{
5817 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 5818 struct pending_cmd *power_off;
5819
5820 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5821 if (power_off) {
5822 struct mgmt_mode *cp = power_off->param;
5823
5824 /* The connection is still in hci_conn_hash so test for 1
5825 * instead of 0 to know if this is the last one.
5826 */
a3172b7e
JH		 5827 if (!cp->val && hci_conn_count(hdev) == 1) {
5828 cancel_delayed_work(&hdev->power_off);
c9910d0f 5829 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5830 }
c9910d0f 5831 }
17d5c04c 5832
4c659c39 5833 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5834 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5835 ev.status = mgmt_status(status);
17d5c04c 5836
445608d0 5837 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5838}
980e1a53 5839
ce0e4a0d 5840void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 5841{
5842 struct mgmt_ev_pin_code_request ev;
5843
d8457698 5844 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 5845 ev.addr.type = BDADDR_BREDR;
a770bb5a 5846 ev.secure = secure;
980e1a53 5847
ce0e4a0d 5848 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 5849}
5850
e669cf80
MH		 5851void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5852 u8 status)
980e1a53
JH		 5853{
5854 struct pending_cmd *cmd;
ac56fb13 5855 struct mgmt_rp_pin_code_reply rp;
980e1a53 5856
2e58ef3e 5857 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 5858 if (!cmd)
e669cf80 5859 return;
980e1a53 5860
d8457698 5861 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5862 rp.addr.type = BDADDR_BREDR;
ac56fb13 5863
e669cf80
MH		 5864 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5865 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5866
a664b5bc 5867 mgmt_pending_remove(cmd);
980e1a53
JH		 5868}
5869
3eb38528
MH		 5870void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5871 u8 status)
980e1a53
JH		 5872{
5873 struct pending_cmd *cmd;
ac56fb13 5874 struct mgmt_rp_pin_code_reply rp;
980e1a53 5875
2e58ef3e 5876 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 5877 if (!cmd)
3eb38528 5878 return;
980e1a53 5879
d8457698 5880 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5881 rp.addr.type = BDADDR_BREDR;
ac56fb13 5882
3eb38528
MH		 5883 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5884 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5885
a664b5bc 5886 mgmt_pending_remove(cmd);
980e1a53 5887}
a5c29683 5888
744cf19e 5889int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 5890 u8 link_type, u8 addr_type, u32 value,
04124681 5891 u8 confirm_hint)
a5c29683
JH		 5892{
5893 struct mgmt_ev_user_confirm_request ev;
5894
744cf19e 5895 BT_DBG("%s", hdev->name);
a5c29683 5896
272d90df 5897 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5898 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 5899 ev.confirm_hint = confirm_hint;
39adbffe 5900 ev.value = cpu_to_le32(value);
a5c29683 5901
744cf19e 5902 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 5903 NULL);
a5c29683
JH		 5904}
5905
272d90df 5906int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 5907 u8 link_type, u8 addr_type)
604086b7
BG		 5908{
5909 struct mgmt_ev_user_passkey_request ev;
5910
5911 BT_DBG("%s", hdev->name);
5912
272d90df 5913 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5914 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 5915
5916 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 5917 NULL);
604086b7
BG		 5918}
5919
0df4c185 5920static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 5921 u8 link_type, u8 addr_type, u8 status,
5922 u8 opcode)
a5c29683
JH		 5923{
5924 struct pending_cmd *cmd;
5925 struct mgmt_rp_user_confirm_reply rp;
5926 int err;
5927
2e58ef3e 5928 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 5929 if (!cmd)
5930 return -ENOENT;
5931
272d90df 5932 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 5933 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 5934 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 5935 &rp, sizeof(rp));
a5c29683 5936
a664b5bc 5937 mgmt_pending_remove(cmd);
a5c29683
JH		 5938
5939 return err;
5940}
5941
744cf19e 5942int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5943 u8 link_type, u8 addr_type, u8 status)
a5c29683 5944{
272d90df 5945 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5946 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 5947}
5948
272d90df 5949int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5950 u8 link_type, u8 addr_type, u8 status)
a5c29683 5951{
272d90df 5952 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5953 status,
5954 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 5955}
2a611692 5956
604086b7 5957int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5958 u8 link_type, u8 addr_type, u8 status)
604086b7 5959{
272d90df 5960 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5961 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 5962}
5963
272d90df 5964int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5965 u8 link_type, u8 addr_type, u8 status)
604086b7 5966{
272d90df 5967 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5968 status,
5969 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 5970}
5971
92a25256
JH		 5972int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5973 u8 link_type, u8 addr_type, u32 passkey,
5974 u8 entered)
5975{
5976 struct mgmt_ev_passkey_notify ev;
5977
5978 BT_DBG("%s", hdev->name);
5979
5980 bacpy(&ev.addr.bdaddr, bdaddr);
5981 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5982 ev.passkey = __cpu_to_le32(passkey);
5983 ev.entered = entered;
5984
5985 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5986}
5987
e546099c
MH		 5988void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5989 u8 addr_type, u8 status)
2a611692
JH		 5990{
5991 struct mgmt_ev_auth_failed ev;
5992
bab73cb6 5993 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5994 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5995 ev.status = mgmt_status(status);
2a611692 5996
e546099c 5997 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 5998}
b312b161 5999
464996ae 6000void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6001{
6002 struct cmd_lookup match = { NULL, hdev };
464996ae 6003 bool changed;
33ef95ed
JH		 6004
6005 if (status) {
6006 u8 mgmt_err = mgmt_status(status);
6007 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6008 cmd_status_rsp, &mgmt_err);
464996ae 6009 return;
33ef95ed
JH		 6010 }
6011
464996ae
MH		 6012 if (test_bit(HCI_AUTH, &hdev->flags))
6013 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6014 &hdev->dev_flags);
6015 else
6016 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6017 &hdev->dev_flags);
47990ea0 6018
33ef95ed 6019 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6020 &match);
33ef95ed 6021
47990ea0 6022 if (changed)
464996ae 6023 new_settings(hdev, match.sk);
33ef95ed
JH		 6024
6025 if (match.sk)
6026 sock_put(match.sk);
33ef95ed
JH		 6027}
6028
890ea898 6029static void clear_eir(struct hci_request *req)
cacaf52f 6030{
890ea898 6031 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6032 struct hci_cp_write_eir cp;
6033
976eb20e 6034 if (!lmp_ext_inq_capable(hdev))
890ea898 6035 return;
cacaf52f 6036
c80da27e
JH		 6037 memset(hdev->eir, 0, sizeof(hdev->eir));
6038
cacaf52f
JH		 6039 memset(&cp, 0, sizeof(cp));
6040
890ea898 6041 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6042}
6043
3e248560 6044void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6045{
6046 struct cmd_lookup match = { NULL, hdev };
890ea898 6047 struct hci_request req;
c0ecddc2 6048 bool changed = false;
ed2c4ee3
JH		 6049
6050 if (status) {
6051 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6052
6053 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6054 &hdev->dev_flags)) {
6055 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6056 new_settings(hdev, NULL);
9ecb3e24 6057 }
c0ecddc2 6058
04124681
GP		 6059 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6060 &mgmt_err);
3e248560 6061 return;
c0ecddc2
JH		 6062 }
6063
6064 if (enable) {
9ecb3e24 6065 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6066 } else {
9ecb3e24
MH		 6067 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6068 if (!changed)
6069 changed = test_and_clear_bit(HCI_HS_ENABLED,
6070 &hdev->dev_flags);
6071 else
6072 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6073 }
6074
6075 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6076
c0ecddc2 6077 if (changed)
3e248560 6078 new_settings(hdev, match.sk);
ed2c4ee3 6079
5fc6ebb1 6080 if (match.sk)
ed2c4ee3
JH		 6081 sock_put(match.sk);
6082
890ea898
JH		 6083 hci_req_init(&req, hdev);
6084
3769972b
JH		 6085 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6086 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6087 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6088 sizeof(enable), &enable);
890ea898 6089 update_eir(&req);
3769972b 6090 } else {
890ea898 6091 clear_eir(&req);
3769972b 6092 }
890ea898
JH		 6093
6094 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6095}
6096
eac83dc6
MH		 6097void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6098{
6099 struct cmd_lookup match = { NULL, hdev };
6100 bool changed = false;
6101
6102 if (status) {
6103 u8 mgmt_err = mgmt_status(status);
6104
0ab04a9c
MH		 6105 if (enable) {
6106 if (test_and_clear_bit(HCI_SC_ENABLED,
6107 &hdev->dev_flags))
6108 new_settings(hdev, NULL);
6109 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6110 }
eac83dc6
MH		 6111
6112 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6113 cmd_status_rsp, &mgmt_err);
6114 return;
6115 }
6116
0ab04a9c 6117 if (enable) {
eac83dc6 6118 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6119 } else {
eac83dc6 6120 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6121 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6122 }
eac83dc6
MH		 6123
6124 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6125 settings_rsp, &match);
6126
6127 if (changed)
6128 new_settings(hdev, match.sk);
6129
6130 if (match.sk)
6131 sock_put(match.sk);
6132}
6133
92da6097 6134static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6135{
6136 struct cmd_lookup *match = data;
6137
90e70454
JH		 6138 if (match->sk == NULL) {
6139 match->sk = cmd->sk;
6140 sock_hold(match->sk);
6141 }
90e70454
JH		 6142}
6143
4e1b0245
MH		 6144void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6145 u8 status)
7f9a903c 6146{
90e70454 6147 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6148
92da6097
JH		 6149 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6150 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6151 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6152
6153 if (!status)
4e1b0245
MH		 6154 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6155 NULL);
90e70454
JH		 6156
6157 if (match.sk)
6158 sock_put(match.sk);
7f9a903c
MH		 6159}
6160
7667da34 6161void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6162{
b312b161 6163 struct mgmt_cp_set_local_name ev;
13928971 6164 struct pending_cmd *cmd;
28cc7bde 6165
13928971 6166 if (status)
7667da34 6167 return;
b312b161
JH		 6168
6169 memset(&ev, 0, sizeof(ev));
6170 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6171 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6172
2e58ef3e 6173 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6174 if (!cmd) {
6175 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6176
13928971
JH		 6177 /* If this is a HCI command related to powering on the
6178 * HCI dev don't send any mgmt signals.
6179 */
6180 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6181 return;
890ea898 6182 }
b312b161 6183
7667da34
MH		 6184 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6185 cmd ? cmd->sk : NULL);
b312b161 6186}
c35938b2 6187
4d2d2796
MH		 6188void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6189 u8 *randomizer192, u8 *hash256,
6190 u8 *randomizer256, u8 status)
c35938b2
SJ		 6191{
6192 struct pending_cmd *cmd;
c35938b2 6193
744cf19e 6194 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6195
2e58ef3e 6196 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6197 if (!cmd)
3edaf092 6198 return;
c35938b2
SJ		 6199
6200 if (status) {
3edaf092
MH		 6201 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6202 mgmt_status(status));
c35938b2 6203 } else {
4d2d2796
MH		 6204 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6205 hash256 && randomizer256) {
6206 struct mgmt_rp_read_local_oob_ext_data rp;
6207
6208 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6209 memcpy(rp.randomizer192, randomizer192,
6210 sizeof(rp.randomizer192));
c35938b2 6211
4d2d2796
MH		 6212 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6213 memcpy(rp.randomizer256, randomizer256,
6214 sizeof(rp.randomizer256));
c35938b2 6215
4d2d2796
MH		 6216 cmd_complete(cmd->sk, hdev->id,
6217 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6218 &rp, sizeof(rp));
6219 } else {
6220 struct mgmt_rp_read_local_oob_data rp;
6221
6222 memcpy(rp.hash, hash192, sizeof(rp.hash));
6223 memcpy(rp.randomizer, randomizer192,
6224 sizeof(rp.randomizer));
6225
6226 cmd_complete(cmd->sk, hdev->id,
6227 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6228 &rp, sizeof(rp));
6229 }
c35938b2
SJ		 6230 }
6231
6232 mgmt_pending_remove(cmd);
c35938b2 6233}
e17acd40 6234
901801b9 6235void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 6236 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6237 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 6238{
e319d2e7
JH		 6239 char buf[512];
6240 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 6241 struct smp_irk *irk;
1dc06093 6242 size_t ev_size;
e17acd40 6243
12602d0c 6244 if (!hci_discovery_active(hdev))
901801b9 6245 return;
12602d0c 6246
5d2e9fad
JH		 6247 /* Make sure that the buffer is big enough. The 5 extra bytes
6248 * are for the potential CoD field.
6249 */
6250 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 6251 return;
7d262f86 6252
1dc06093
JH		 6253 memset(buf, 0, sizeof(buf));
6254
5cedbb8d
JH		 6255 irk = hci_get_irk(hdev, bdaddr, addr_type);
6256 if (irk) {
6257 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
6258 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
6259 } else {
6260 bacpy(&ev->addr.bdaddr, bdaddr);
6261 ev->addr.type = link_to_bdaddr(link_type, addr_type);
6262 }
6263
e319d2e7 6264 ev->rssi = rssi;
af58925c 6265 ev->flags = cpu_to_le32(flags);
e17acd40 6266
1dc06093 6267 if (eir_len > 0)
e319d2e7 6268 memcpy(ev->eir, eir, eir_len);
e17acd40 6269
1dc06093
JH		 6270 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6271 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 6272 dev_class, 3);
1dc06093 6273
5d2e9fad
JH		 6274 if (scan_rsp_len > 0)
6275 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6276
6277 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6278 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 6279
901801b9 6280 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 6281}
a88a9652 6282
9cf12aee
MH		 6283void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6284 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 6285{
b644ba33
JH		 6286 struct mgmt_ev_device_found *ev;
6287 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6288 u16 eir_len;
a88a9652 6289
b644ba33 6290 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 6291
b644ba33
JH		 6292 memset(buf, 0, sizeof(buf));
6293
6294 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6295 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 6296 ev->rssi = rssi;
6297
6298 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 6299 name_len);
b644ba33 6300
eb55ef07 6301 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 6302
9cf12aee 6303 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 6304}
314b2381 6305
2f1e063b 6306void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 6307{
f963e8e9 6308 struct mgmt_ev_discovering ev;
164a6e78
JH		 6309 struct pending_cmd *cmd;
6310
343fb145
AG		 6311 BT_DBG("%s discovering %u", hdev->name, discovering);
6312
164a6e78 6313 if (discovering)
2e58ef3e 6314 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 6315 else
2e58ef3e 6316 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6317
6318 if (cmd != NULL) {
f808e166
JH		 6319 u8 type = hdev->discovery.type;
6320
04124681
GP		 6321 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6322 sizeof(type));
164a6e78
JH		 6323 mgmt_pending_remove(cmd);
6324 }
6325
f963e8e9
JH		 6326 memset(&ev, 0, sizeof(ev));
6327 ev.type = hdev->discovery.type;
6328 ev.discovering = discovering;
6329
2f1e063b 6330 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6331}
5e762444 6332
88c1fe4b 6333int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 6334{
6335 struct pending_cmd *cmd;
6336 struct mgmt_ev_device_blocked ev;
6337
2e58ef3e 6338 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 6339
88c1fe4b
JH		 6340 bacpy(&ev.addr.bdaddr, bdaddr);
6341 ev.addr.type = type;
5e762444 6342
744cf19e 6343 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 6344 cmd ? cmd->sk : NULL);
5e762444
AJ		 6345}
6346
88c1fe4b 6347int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 6348{
6349 struct pending_cmd *cmd;
6350 struct mgmt_ev_device_unblocked ev;
6351
2e58ef3e 6352 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 6353
88c1fe4b
JH		 6354 bacpy(&ev.addr.bdaddr, bdaddr);
6355 ev.addr.type = type;
5e762444 6356
744cf19e 6357 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 6358 cmd ? cmd->sk : NULL);
5e762444 6359}
5976e608
MH		 6360
6361static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6362{
6363 BT_DBG("%s status %u", hdev->name, status);
6364
6365 /* Clear the advertising mgmt setting if we failed to re-enable it */
6366 if (status) {
6367 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6368 new_settings(hdev, NULL);
5976e608
MH		 6369 }
6370}
6371
6372void mgmt_reenable_advertising(struct hci_dev *hdev)
6373{
6374 struct hci_request req;
6375
b145edcd 6376 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 6377 return;
6378
6379 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6380 return;
6381
6382 hci_req_init(&req, hdev);
6383 enable_advertising(&req);
6384
6385 /* If this fails we have no option but to let user space know
6386 * that we've disabled advertising.
6387 */
6388 if (hci_req_run(&req, adv_enable_complete) < 0) {
6389 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6390 new_settings(hdev, NULL);
5976e608
MH		 6391 }
6392}
Linux kernel - Deliverables
This page took 0.655938 seconds and 5 git commands to generate.