projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Move fast connectable code to hci_request.c
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
0381101f 39
2da9c55c 40#define MGMT_VERSION 1
dc4270c0 41#define MGMT_REVISION 11
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 50 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
4375f103 82 MGMT_OP_SET_ADVERTISING,
0663ca2a 83 MGMT_OP_SET_BREDR,
d13eafce 84 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 85 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 86 MGMT_OP_SET_SECURE_CONN,
4e39ac81 87 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 88 MGMT_OP_SET_PRIVACY,
41edf160 89 MGMT_OP_LOAD_IRKS,
dd983808 90 MGMT_OP_GET_CONN_INFO,
95868426 91 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 94 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 95 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 96 MGMT_OP_READ_CONFIG_INFO,
dbece37a 97 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 98 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 99 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 101 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 102 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 103 MGMT_OP_ADD_ADVERTISING,
da929335 104 MGMT_OP_REMOVE_ADVERTISING,
40b25fe5 105 MGMT_OP_GET_ADV_SIZE_INFO,
e70bb2e8
JH		 106};
107
108static const u16 mgmt_events[] = {
109 MGMT_EV_CONTROLLER_ERROR,
110 MGMT_EV_INDEX_ADDED,
111 MGMT_EV_INDEX_REMOVED,
112 MGMT_EV_NEW_SETTINGS,
113 MGMT_EV_CLASS_OF_DEV_CHANGED,
114 MGMT_EV_LOCAL_NAME_CHANGED,
115 MGMT_EV_NEW_LINK_KEY,
116 MGMT_EV_NEW_LONG_TERM_KEY,
117 MGMT_EV_DEVICE_CONNECTED,
118 MGMT_EV_DEVICE_DISCONNECTED,
119 MGMT_EV_CONNECT_FAILED,
120 MGMT_EV_PIN_CODE_REQUEST,
121 MGMT_EV_USER_CONFIRM_REQUEST,
122 MGMT_EV_USER_PASSKEY_REQUEST,
123 MGMT_EV_AUTH_FAILED,
124 MGMT_EV_DEVICE_FOUND,
125 MGMT_EV_DISCOVERING,
126 MGMT_EV_DEVICE_BLOCKED,
127 MGMT_EV_DEVICE_UNBLOCKED,
128 MGMT_EV_DEVICE_UNPAIRED,
92a25256 129 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 130 MGMT_EV_NEW_IRK,
7ee4ea36 131 MGMT_EV_NEW_CSRK,
8afef092
MH		 132 MGMT_EV_DEVICE_ADDED,
133 MGMT_EV_DEVICE_REMOVED,
ffb5a827 134 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 135 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 136 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 137 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 138 MGMT_EV_EXT_INDEX_ADDED,
139 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 140 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 141 MGMT_EV_ADVERTISING_ADDED,
142 MGMT_EV_ADVERTISING_REMOVED,
e70bb2e8
JH		 143};
144
99c679ac
MH		 145static const u16 mgmt_untrusted_commands[] = {
146 MGMT_OP_READ_INDEX_LIST,
147 MGMT_OP_READ_INFO,
148 MGMT_OP_READ_UNCONF_INDEX_LIST,
149 MGMT_OP_READ_CONFIG_INFO,
150 MGMT_OP_READ_EXT_INDEX_LIST,
151};
152
153static const u16 mgmt_untrusted_events[] = {
154 MGMT_EV_INDEX_ADDED,
155 MGMT_EV_INDEX_REMOVED,
156 MGMT_EV_NEW_SETTINGS,
157 MGMT_EV_CLASS_OF_DEV_CHANGED,
158 MGMT_EV_LOCAL_NAME_CHANGED,
159 MGMT_EV_UNCONF_INDEX_ADDED,
160 MGMT_EV_UNCONF_INDEX_REMOVED,
161 MGMT_EV_NEW_CONFIG_OPTIONS,
162 MGMT_EV_EXT_INDEX_ADDED,
163 MGMT_EV_EXT_INDEX_REMOVED,
164};
165
17b02e62 166#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 167
d25b78e2
JH		 168#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
169 "\x00\x00\x00\x00\x00\x00\x00\x00"
170
ca69b795
JH		 171/* HCI to MGMT error code conversion table */
172static u8 mgmt_status_table[] = {
173 MGMT_STATUS_SUCCESS,
174 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
175 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
176 MGMT_STATUS_FAILED, /* Hardware Failure */
177 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
178 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 179 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 180 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
181 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
182 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
183 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
184 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
185 MGMT_STATUS_BUSY, /* Command Disallowed */
186 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
187 MGMT_STATUS_REJECTED, /* Rejected Security */
188 MGMT_STATUS_REJECTED, /* Rejected Personal */
189 MGMT_STATUS_TIMEOUT, /* Host Timeout */
190 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
191 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
192 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
193 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
194 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
195 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
196 MGMT_STATUS_BUSY, /* Repeated Attempts */
197 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
198 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
199 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
200 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
201 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
202 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
203 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
204 MGMT_STATUS_FAILED, /* Unspecified Error */
205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
206 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
207 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
208 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
209 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
210 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
211 MGMT_STATUS_FAILED, /* Unit Link Key Used */
212 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
213 MGMT_STATUS_TIMEOUT, /* Instant Passed */
214 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
215 MGMT_STATUS_FAILED, /* Transaction Collision */
216 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
217 MGMT_STATUS_REJECTED, /* QoS Rejected */
218 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
219 MGMT_STATUS_REJECTED, /* Insufficient Security */
220 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
221 MGMT_STATUS_BUSY, /* Role Switch Pending */
222 MGMT_STATUS_FAILED, /* Slot Violation */
223 MGMT_STATUS_FAILED, /* Role Switch Failed */
224 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
225 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
226 MGMT_STATUS_BUSY, /* Host Busy Pairing */
227 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
228 MGMT_STATUS_BUSY, /* Controller Busy */
229 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
230 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
231 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
232 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
233 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
234};
235
236static u8 mgmt_status(u8 hci_status)
237{
238 if (hci_status < ARRAY_SIZE(mgmt_status_table))
239 return mgmt_status_table[hci_status];
240
241 return MGMT_STATUS_FAILED;
242}
243
c08b1a1d
MH		 244static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
245 u16 len, int flag)
f9207338 246{
c08b1a1d
MH		 247 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
248 flag, NULL);
f9207338
MH		 249}
250
72000df2
MH		 251static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
252 u16 len, int flag, struct sock *skip_sk)
253{
254 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
255 flag, skip_sk);
256}
257
f6b7712e
MH		 258static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
259 u16 len, struct sock *skip_sk)
260{
261 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
262 HCI_MGMT_GENERIC_EVENTS, skip_sk);
263}
264
7a00ff44
JH		 265static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
266 struct sock *skip_sk)
267{
268 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 269 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 270}
271
85813a7e
JH		 272static u8 le_addr_type(u8 mgmt_addr_type)
273{
274 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
275 return ADDR_LE_DEV_PUBLIC;
276 else
277 return ADDR_LE_DEV_RANDOM;
278}
279
04124681
GP		 280static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
281 u16 data_len)
a38528f1
JH		 282{
283 struct mgmt_rp_read_version rp;
284
285 BT_DBG("sock %p", sk);
286
287 rp.version = MGMT_VERSION;
dcf4adbf 288 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 289
2a1afb5a
JH		 290 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
291 &rp, sizeof(rp));
a38528f1
JH		 292}
293
04124681
GP		 294static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
295 u16 data_len)
e70bb2e8
JH		 296{
297 struct mgmt_rp_read_commands *rp;
99c679ac 298 u16 num_commands, num_events;
e70bb2e8
JH		 299 size_t rp_size;
300 int i, err;
301
302 BT_DBG("sock %p", sk);
303
99c679ac
MH		 304 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
305 num_commands = ARRAY_SIZE(mgmt_commands);
306 num_events = ARRAY_SIZE(mgmt_events);
307 } else {
308 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
309 num_events = ARRAY_SIZE(mgmt_untrusted_events);
310 }
311
e70bb2e8
JH		 312 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
313
314 rp = kmalloc(rp_size, GFP_KERNEL);
315 if (!rp)
316 return -ENOMEM;
317
dcf4adbf
JP		 318 rp->num_commands = cpu_to_le16(num_commands);
319 rp->num_events = cpu_to_le16(num_events);
e70bb2e8 320
99c679ac
MH		 321 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
322 __le16 *opcode = rp->opcodes;
323
324 for (i = 0; i < num_commands; i++, opcode++)
325 put_unaligned_le16(mgmt_commands[i], opcode);
e70bb2e8 326
99c679ac
MH		 327 for (i = 0; i < num_events; i++, opcode++)
328 put_unaligned_le16(mgmt_events[i], opcode);
329 } else {
330 __le16 *opcode = rp->opcodes;
331
332 for (i = 0; i < num_commands; i++, opcode++)
333 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
334
335 for (i = 0; i < num_events; i++, opcode++)
336 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
337 }
e70bb2e8 338
2a1afb5a
JH		 339 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
340 rp, rp_size);
e70bb2e8
JH		 341 kfree(rp);
342
343 return err;
344}
345
04124681
GP		 346static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
347 u16 data_len)
faba42eb 348{
faba42eb 349 struct mgmt_rp_read_index_list *rp;
8035ded4 350 struct hci_dev *d;
a38528f1 351 size_t rp_len;
faba42eb 352 u16 count;
476e44cb 353 int err;
faba42eb
JH		 354
355 BT_DBG("sock %p", sk);
356
357 read_lock(&hci_dev_list_lock);
358
359 count = 0;
bb4b2a9a 360 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 361 if (d->dev_type == HCI_BREDR &&
d7a5a11d 362 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 363 count++;
faba42eb
JH		 364 }
365
a38528f1
JH		 366 rp_len = sizeof(*rp) + (2 * count);
367 rp = kmalloc(rp_len, GFP_ATOMIC);
368 if (!rp) {
b2c60d42 369 read_unlock(&hci_dev_list_lock);
faba42eb 370 return -ENOMEM;
b2c60d42 371 }
faba42eb 372
476e44cb 373 count = 0;
8035ded4 374 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 375 if (hci_dev_test_flag(d, HCI_SETUP) ||
376 hci_dev_test_flag(d, HCI_CONFIG) ||
377 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 378 continue;
379
73d1df2a
MH		 380 /* Devices marked as raw-only are neither configured
381 * nor unconfigured controllers.
382 */
383 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 384 continue;
385
73d1df2a 386 if (d->dev_type == HCI_BREDR &&
d7a5a11d 387 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 388 rp->index[count++] = cpu_to_le16(d->id);
389 BT_DBG("Added hci%u", d->id);
390 }
faba42eb
JH		 391 }
392
476e44cb
JH		 393 rp->num_controllers = cpu_to_le16(count);
394 rp_len = sizeof(*rp) + (2 * count);
395
faba42eb
JH		 396 read_unlock(&hci_dev_list_lock);
397
2a1afb5a
JH		 398 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
399 0, rp, rp_len);
faba42eb 400
a38528f1
JH		 401 kfree(rp);
402
403 return err;
faba42eb
JH		 404}
405
73d1df2a
MH		 406static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
407 void *data, u16 data_len)
408{
409 struct mgmt_rp_read_unconf_index_list *rp;
410 struct hci_dev *d;
411 size_t rp_len;
412 u16 count;
413 int err;
414
415 BT_DBG("sock %p", sk);
416
417 read_lock(&hci_dev_list_lock);
418
419 count = 0;
420 list_for_each_entry(d, &hci_dev_list, list) {
421 if (d->dev_type == HCI_BREDR &&
d7a5a11d 422 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 423 count++;
424 }
425
426 rp_len = sizeof(*rp) + (2 * count);
427 rp = kmalloc(rp_len, GFP_ATOMIC);
428 if (!rp) {
429 read_unlock(&hci_dev_list_lock);
430 return -ENOMEM;
431 }
432
433 count = 0;
434 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 435 if (hci_dev_test_flag(d, HCI_SETUP) ||
436 hci_dev_test_flag(d, HCI_CONFIG) ||
437 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 438 continue;
439
440 /* Devices marked as raw-only are neither configured
441 * nor unconfigured controllers.
442 */
443 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
444 continue;
445
446 if (d->dev_type == HCI_BREDR &&
d7a5a11d 447 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 448 rp->index[count++] = cpu_to_le16(d->id);
449 BT_DBG("Added hci%u", d->id);
450 }
451 }
452
453 rp->num_controllers = cpu_to_le16(count);
454 rp_len = sizeof(*rp) + (2 * count);
455
456 read_unlock(&hci_dev_list_lock);
457
2a1afb5a
JH		 458 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
459 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 460
461 kfree(rp);
462
463 return err;
464}
465
96f1474a
MH		 466static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
467 void *data, u16 data_len)
468{
469 struct mgmt_rp_read_ext_index_list *rp;
470 struct hci_dev *d;
471 size_t rp_len;
472 u16 count;
473 int err;
474
475 BT_DBG("sock %p", sk);
476
477 read_lock(&hci_dev_list_lock);
478
479 count = 0;
480 list_for_each_entry(d, &hci_dev_list, list) {
481 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
482 count++;
483 }
484
485 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
486 rp = kmalloc(rp_len, GFP_ATOMIC);
487 if (!rp) {
488 read_unlock(&hci_dev_list_lock);
489 return -ENOMEM;
490 }
491
492 count = 0;
493 list_for_each_entry(d, &hci_dev_list, list) {
494 if (hci_dev_test_flag(d, HCI_SETUP) ||
495 hci_dev_test_flag(d, HCI_CONFIG) ||
496 hci_dev_test_flag(d, HCI_USER_CHANNEL))
497 continue;
498
499 /* Devices marked as raw-only are neither configured
500 * nor unconfigured controllers.
501 */
502 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
503 continue;
504
505 if (d->dev_type == HCI_BREDR) {
506 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
507 rp->entry[count].type = 0x01;
508 else
509 rp->entry[count].type = 0x00;
510 } else if (d->dev_type == HCI_AMP) {
511 rp->entry[count].type = 0x02;
512 } else {
513 continue;
514 }
515
516 rp->entry[count].bus = d->bus;
517 rp->entry[count++].index = cpu_to_le16(d->id);
518 BT_DBG("Added hci%u", d->id);
519 }
520
521 rp->num_controllers = cpu_to_le16(count);
522 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
523
524 read_unlock(&hci_dev_list_lock);
525
526 /* If this command is called at least once, then all the
527 * default index and unconfigured index events are disabled
528 * and from now on only extended index events are used.
529 */
530 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
531 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
532 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
533
534 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
535 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
536
537 kfree(rp);
538
539 return err;
540}
541
dbece37a
MH		 542static bool is_configured(struct hci_dev *hdev)
543{
544 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 545 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 546 return false;
547
548 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
549 !bacmp(&hdev->public_addr, BDADDR_ANY))
550 return false;
551
552 return true;
553}
554
89bc22d2
MH		 555static __le32 get_missing_options(struct hci_dev *hdev)
556{
557 u32 options = 0;
558
dbece37a 559 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 560 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 561 options |= MGMT_OPTION_EXTERNAL_CONFIG;
562
89bc22d2
MH		 563 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
564 !bacmp(&hdev->public_addr, BDADDR_ANY))
565 options |= MGMT_OPTION_PUBLIC_ADDRESS;
566
567 return cpu_to_le32(options);
568}
569
f4537c04
MH		 570static int new_options(struct hci_dev *hdev, struct sock *skip)
571{
572 __le32 options = get_missing_options(hdev);
573
f6b7712e
MH		 574 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
575 sizeof(options), skip);
f4537c04
MH		 576}
577
dbece37a
MH		 578static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
579{
580 __le32 options = get_missing_options(hdev);
581
2a1afb5a
JH		 582 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
583 sizeof(options));
dbece37a
MH		 584}
585
9fc3bfb6
MH		 586static int read_config_info(struct sock *sk, struct hci_dev *hdev,
587 void *data, u16 data_len)
588{
589 struct mgmt_rp_read_config_info rp;
89bc22d2 590 u32 options = 0;
9fc3bfb6
MH		 591
592 BT_DBG("sock %p %s", sk, hdev->name);
593
594 hci_dev_lock(hdev);
595
596 memset(&rp, 0, sizeof(rp));
597 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 598
eb1904f4
MH		 599 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
600 options |= MGMT_OPTION_EXTERNAL_CONFIG;
601
9fc3bfb6 602 if (hdev->set_bdaddr)
89bc22d2
MH		 603 options |= MGMT_OPTION_PUBLIC_ADDRESS;
604
605 rp.supported_options = cpu_to_le32(options);
606 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 607
608 hci_dev_unlock(hdev);
609
2a1afb5a
JH		 610 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
611 &rp, sizeof(rp));
9fc3bfb6
MH		 612}
613
69ab39ea
JH		 614static u32 get_supported_settings(struct hci_dev *hdev)
615{
616 u32 settings = 0;
617
618 settings |= MGMT_SETTING_POWERED;
b2939475 619 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 620 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 621 settings |= MGMT_SETTING_CONNECTABLE;
622 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 623
ed3fa31f 624 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 625 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
626 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 627 settings |= MGMT_SETTING_BREDR;
628 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 629
630 if (lmp_ssp_capable(hdev)) {
631 settings |= MGMT_SETTING_SSP;
632 settings |= MGMT_SETTING_HS;
633 }
e98d2ce2 634
05b3c3e7 635 if (lmp_sc_capable(hdev))
e98d2ce2 636 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 637 }
d7b7e796 638
eeca6f89 639 if (lmp_le_capable(hdev)) {
9d42820f 640 settings |= MGMT_SETTING_LE;
eeca6f89 641 settings |= MGMT_SETTING_ADVERTISING;
a3209694 642 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 643 settings |= MGMT_SETTING_PRIVACY;
93690c22 644 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 645 }
69ab39ea 646
eb1904f4
MH		 647 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
648 hdev->set_bdaddr)
9fc3bfb6
MH		 649 settings |= MGMT_SETTING_CONFIGURATION;
650
69ab39ea
JH		 651 return settings;
652}
653
654static u32 get_current_settings(struct hci_dev *hdev)
655{
656 u32 settings = 0;
657
f1f0eb02 658 if (hdev_is_powered(hdev))
f0d4b78a
MH		 659 settings |= MGMT_SETTING_POWERED;
660
d7a5a11d 661 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 662 settings |= MGMT_SETTING_CONNECTABLE;
663
d7a5a11d 664 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 665 settings |= MGMT_SETTING_FAST_CONNECTABLE;
666
d7a5a11d 667 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 668 settings |= MGMT_SETTING_DISCOVERABLE;
669
d7a5a11d 670 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 671 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 672
d7a5a11d 673 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 674 settings |= MGMT_SETTING_BREDR;
675
d7a5a11d 676 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 677 settings |= MGMT_SETTING_LE;
678
d7a5a11d 679 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 680 settings |= MGMT_SETTING_LINK_SECURITY;
681
d7a5a11d 682 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 683 settings |= MGMT_SETTING_SSP;
684
d7a5a11d 685 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 686 settings |= MGMT_SETTING_HS;
687
d7a5a11d 688 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 689 settings |= MGMT_SETTING_ADVERTISING;
690
d7a5a11d 691 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 692 settings |= MGMT_SETTING_SECURE_CONN;
693
d7a5a11d 694 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 695 settings |= MGMT_SETTING_DEBUG_KEYS;
696
d7a5a11d 697 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 698 settings |= MGMT_SETTING_PRIVACY;
699
93690c22
MH		 700 /* The current setting for static address has two purposes. The
701 * first is to indicate if the static address will be used and
702 * the second is to indicate if it is actually set.
703 *
704 * This means if the static address is not configured, this flag
08dc0e98 705 * will never be set. If the address is configured, then if the
93690c22
MH		 706 * address is actually used decides if the flag is set or not.
707 *
708 * For single mode LE only controllers and dual-mode controllers
709 * with BR/EDR disabled, the existence of the static address will
710 * be evaluated.
711 */
b7cb93e5 712 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 713 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 714 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
715 if (bacmp(&hdev->static_addr, BDADDR_ANY))
716 settings |= MGMT_SETTING_STATIC_ADDRESS;
717 }
718
69ab39ea
JH		 719 return settings;
720}
721
333ae95d
JH		 722static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
723{
724 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
725}
726
333ae95d
JH		 727static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
728 struct hci_dev *hdev,
729 const void *data)
730{
731 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
732}
733
f2252570 734u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
9a43e25f 735{
3b0602cd 736 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 737
738 /* If there's a pending mgmt command the flags will not yet have
739 * their final values, so check for this first.
740 */
333ae95d 741 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 742 if (cmd) {
743 struct mgmt_mode *cp = cmd->param;
744 if (cp->val == 0x01)
745 return LE_AD_GENERAL;
746 else if (cp->val == 0x02)
747 return LE_AD_LIMITED;
748 } else {
d7a5a11d 749 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 750 return LE_AD_LIMITED;
d7a5a11d 751 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 752 return LE_AD_GENERAL;
753 }
754
755 return 0;
756}
757
f2252570 758bool mgmt_get_connectable(struct hci_dev *hdev)
fdf51784
AU		 759{
760 struct mgmt_pending_cmd *cmd;
441ad2d0 761
fdf51784
AU		 762 /* If there's a pending mgmt command the flag will not yet have
763 * it's final value, so check for this first.
764 */
765 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
766 if (cmd) {
767 struct mgmt_mode *cp = cmd->param;
441ad2d0 768
fdf51784 769 return cp->val;
441ad2d0
MH		 770 }
771
fdf51784
AU		 772 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
773}
441ad2d0 774
7d78525d
JH		 775static void service_cache_off(struct work_struct *work)
776{
777 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 778 service_cache.work);
890ea898 779 struct hci_request req;
7d78525d 780
a69d8927 781 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 782 return;
783
890ea898
JH		 784 hci_req_init(&req, hdev);
785
7d78525d
JH		 786 hci_dev_lock(hdev);
787
b1a8917c 788 __hci_req_update_eir(&req);
14bf5eac 789 __hci_req_update_class(&req);
7d78525d
JH		 790
791 hci_dev_unlock(hdev);
890ea898
JH		 792
793 hci_req_run(&req, NULL);
7d78525d
JH		 794}
795
d6bfd59c
JH		 796static void rpa_expired(struct work_struct *work)
797{
798 struct hci_dev *hdev = container_of(work, struct hci_dev,
799 rpa_expired.work);
800 struct hci_request req;
801
802 BT_DBG("");
803
a1536da2 804 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 805
d7a5a11d 806 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 807 return;
808
809 /* The generation of a new RPA and programming it into the
f2252570
JH		 810 * controller happens in the hci_req_enable_advertising()
811 * function.
d6bfd59c 812 */
d6bfd59c 813 hci_req_init(&req, hdev);
f2252570 814 __hci_req_enable_advertising(&req);
d6bfd59c
JH		 815 hci_req_run(&req, NULL);
816}
817
6a919082 818static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 819{
238be788 820 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 821 return;
822
4f87da80 823 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 824 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 825
4f87da80
JH		 826 /* Non-mgmt controlled devices get this bit set
827 * implicitly so that pairing works for them, however
828 * for mgmt we require user-space to explicitly enable
829 * it
830 */
a358dc11 831 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 832}
833
0f4e68cf 834static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 835 void *data, u16 data_len)
0381101f 836{
a38528f1 837 struct mgmt_rp_read_info rp;
f7b64e69 838
bdb6d971 839 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 840
09fd0de5 841 hci_dev_lock(hdev);
f7b64e69 842
dc4fe30b
JH		 843 memset(&rp, 0, sizeof(rp));
844
69ab39ea 845 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 846
69ab39ea 847 rp.version = hdev->hci_ver;
eb55ef07 848 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 849
850 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
851 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 852
a38528f1 853 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 854
dc4fe30b 855 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 856 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 857
09fd0de5 858 hci_dev_unlock(hdev);
0381101f 859
2a1afb5a
JH		 860 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
861 sizeof(rp));
0381101f
JH		 862}
863
69ab39ea 864static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 865{
69ab39ea 866 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 867
2a1afb5a
JH		 868 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
869 sizeof(settings));
8680570b
JH		 870}
871
1904a853 872static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 873{
874 BT_DBG("%s status 0x%02x", hdev->name, status);
875
a3172b7e
JH		 876 if (hci_conn_count(hdev) == 0) {
877 cancel_delayed_work(&hdev->power_off);
8b064a3a 878 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 879 }
8b064a3a
JH		 880}
881
f2252570 882void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
912098a6
AU		 883{
884 struct mgmt_ev_advertising_added ev;
885
886 ev.instance = instance;
887
888 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
889}
890
f2252570
JH		 891void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
892 u8 instance)
912098a6
AU		 893{
894 struct mgmt_ev_advertising_removed ev;
895
896 ev.instance = instance;
897
898 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
899}
900
7816b820
FG		 901static void cancel_adv_timeout(struct hci_dev *hdev)
902{
903 if (hdev->adv_instance_timeout) {
904 hdev->adv_instance_timeout = 0;
905 cancel_delayed_work(&hdev->adv_instance_expire);
906 }
907}
908
8b064a3a
JH		 909static int clean_up_hci_state(struct hci_dev *hdev)
910{
911 struct hci_request req;
912 struct hci_conn *conn;
23a48093
JH		 913 bool discov_stopped;
914 int err;
8b064a3a
JH		 915
916 hci_req_init(&req, hdev);
917
918 if (test_bit(HCI_ISCAN, &hdev->flags) ||
919 test_bit(HCI_PSCAN, &hdev->flags)) {
920 u8 scan = 0x00;
921 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
922 }
923
f2252570 924 hci_req_clear_adv_instance(hdev, NULL, 0x00, false);
912098a6 925
d7a5a11d 926 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 927 __hci_req_disable_advertising(&req);
8b064a3a 928
2154d3f4 929 discov_stopped = hci_req_stop_discovery(&req);
8b064a3a
JH		 930
931 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
89e0ccc8
JH		 932 /* 0x15 == Terminated due to Power Off */
933 __hci_abort_conn(&req, conn, 0x15);
8b064a3a
JH		 934 }
935
23a48093
JH		 936 err = hci_req_run(&req, clean_up_hci_complete);
937 if (!err && discov_stopped)
938 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
939
940 return err;
8b064a3a
JH		 941}
942
bdb6d971 943static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 944 u16 len)
eec8d2bc 945{
650f726d 946 struct mgmt_mode *cp = data;
3b0602cd 947 struct mgmt_pending_cmd *cmd;
4b34ee78 948 int err;
eec8d2bc 949
bdb6d971 950 BT_DBG("request for %s", hdev->name);
eec8d2bc 951
a7e80f25 952 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 953 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
954 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 955
09fd0de5 956 hci_dev_lock(hdev);
eec8d2bc 957
333ae95d 958 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 959 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
960 MGMT_STATUS_BUSY);
87b95ba6
JH		 961 goto failed;
962 }
963
a69d8927 964 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
f0d4b78a
MH		 965 cancel_delayed_work(&hdev->power_off);
966
967 if (cp->val) {
a1d70450
JH		 968 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
969 data, len);
970 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 971 goto failed;
972 }
973 }
974
4b34ee78 975 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 976 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 977 goto failed;
978 }
979
2e58ef3e 980 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 981 if (!cmd) {
982 err = -ENOMEM;
eec8d2bc 983 goto failed;
366a0336 984 }
eec8d2bc 985
8b064a3a 986 if (cp->val) {
19202573 987 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 988 err = 0;
989 } else {
990 /* Disconnect connections, stop scans, etc */
991 err = clean_up_hci_state(hdev);
a3172b7e
JH		 992 if (!err)
993 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
994 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 995
8b064a3a
JH		 996 /* ENODATA means there were no HCI commands queued */
997 if (err == -ENODATA) {
a3172b7e 998 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 999 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1000 err = 0;
1001 }
1002 }
eec8d2bc
JH		 1003
1004failed:
09fd0de5 1005 hci_dev_unlock(hdev);
366a0336 1006 return err;
eec8d2bc
JH		 1007}
1008
beadb2bd
JH		 1009static int new_settings(struct hci_dev *hdev, struct sock *skip)
1010{
f6b7712e 1011 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1012
f6b7712e
MH		 1013 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1014 sizeof(ev), skip);
beadb2bd
JH		 1015}
1016
91a668b0
JH		 1017int mgmt_new_settings(struct hci_dev *hdev)
1018{
1019 return new_settings(hdev, NULL);
1020}
1021
bd99abdd
JH		 1022struct cmd_lookup {
1023 struct sock *sk;
1024 struct hci_dev *hdev;
1025 u8 mgmt_status;
1026};
1027
3b0602cd 1028static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1029{
1030 struct cmd_lookup *match = data;
1031
1032 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1033
1034 list_del(&cmd->list);
1035
1036 if (match->sk == NULL) {
1037 match->sk = cmd->sk;
1038 sock_hold(match->sk);
1039 }
1040
1041 mgmt_pending_free(cmd);
1042}
1043
3b0602cd 1044static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1045{
1046 u8 *status = data;
1047
a69e8375 1048 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1049 mgmt_pending_remove(cmd);
1050}
1051
3b0602cd 1052static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1053{
1054 if (cmd->cmd_complete) {
1055 u8 *status = data;
1056
1057 cmd->cmd_complete(cmd, *status);
1058 mgmt_pending_remove(cmd);
1059
1060 return;
1061 }
1062
1063 cmd_status_rsp(cmd, data);
1064}
1065
3b0602cd 1066static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1067{
2a1afb5a
JH		 1068 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1069 cmd->param, cmd->param_len);
f5818c22
JH		 1070}
1071
3b0602cd 1072static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1073{
2a1afb5a
JH		 1074 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1075 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1076}
1077
e6fe7986
JH		 1078static u8 mgmt_bredr_support(struct hci_dev *hdev)
1079{
1080 if (!lmp_bredr_capable(hdev))
1081 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1082 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1083 return MGMT_STATUS_REJECTED;
1084 else
1085 return MGMT_STATUS_SUCCESS;
1086}
1087
1088static u8 mgmt_le_support(struct hci_dev *hdev)
1089{
1090 if (!lmp_le_capable(hdev))
1091 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1092 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1093 return MGMT_STATUS_REJECTED;
1094 else
1095 return MGMT_STATUS_SUCCESS;
1096}
1097
aed1a885 1098void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
bfaf8c9f 1099{
3b0602cd 1100 struct mgmt_pending_cmd *cmd;
bfaf8c9f
JH		 1101
1102 BT_DBG("status 0x%02x", status);
1103
1104 hci_dev_lock(hdev);
1105
333ae95d 1106 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1107 if (!cmd)
1108 goto unlock;
1109
1110 if (status) {
1111 u8 mgmt_err = mgmt_status(status);
a69e8375 1112 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1113 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1114 goto remove_cmd;
1115 }
1116
aed1a885
JH		 1117 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1118 hdev->discov_timeout > 0) {
1119 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1120 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
d4462a07 1121 }
bfaf8c9f
JH		 1122
1123 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
aed1a885 1124 new_settings(hdev, cmd->sk);
970ba524 1125
bfaf8c9f
JH		 1126remove_cmd:
1127 mgmt_pending_remove(cmd);
1128
1129unlock:
1130 hci_dev_unlock(hdev);
1131}
1132
bdb6d971 1133static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1134 u16 len)
73f22f62 1135{
650f726d 1136 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1137 struct mgmt_pending_cmd *cmd;
5e5282bb 1138 u16 timeout;
73f22f62
JH		 1139 int err;
1140
bdb6d971 1141 BT_DBG("request for %s", hdev->name);
73f22f62 1142
d7a5a11d
MH		 1143 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1144 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1145 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1146 MGMT_STATUS_REJECTED);
33c525c0 1147
310a3d48 1148 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1149 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1150 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1151
1f350c87 1152 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1153
1154 /* Disabling discoverable requires that no timeout is set,
1155 * and enabling limited discoverable requires a timeout.
1156 */
1157 if ((cp->val == 0x00 && timeout > 0) ||
1158 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1159 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1160 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1161
09fd0de5 1162 hci_dev_lock(hdev);
73f22f62 1163
5e5282bb 1164 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1165 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1166 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1167 goto failed;
1168 }
1169
333ae95d
JH		 1170 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1171 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1172 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1173 MGMT_STATUS_BUSY);
73f22f62
JH		 1174 goto failed;
1175 }
1176
d7a5a11d 1177 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1178 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1179 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1180 goto failed;
1181 }
1182
1183 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1184 bool changed = false;
1185
310a3d48
MH		 1186 /* Setting limited discoverable when powered off is
1187 * not a valid operation since it requires a timeout
1188 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1189 */
d7a5a11d 1190 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1191 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1192 changed = true;
1193 }
1194
5e5282bb 1195 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1196 if (err < 0)
1197 goto failed;
1198
1199 if (changed)
1200 err = new_settings(hdev, sk);
1201
5e5282bb
JH		 1202 goto failed;
1203 }
1204
310a3d48
MH		 1205 /* If the current mode is the same, then just update the timeout
1206 * value with the new value. And if only the timeout gets updated,
1207 * then no need for any HCI transactions.
1208 */
d7a5a11d
MH		 1209 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1210 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1211 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1212 cancel_delayed_work(&hdev->discov_off);
1213 hdev->discov_timeout = timeout;
955638ec 1214
36261547
MH		 1215 if (cp->val && hdev->discov_timeout > 0) {
1216 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
c366f555
JH		 1217 queue_delayed_work(hdev->req_workqueue,
1218 &hdev->discov_off, to);
955638ec
MH		 1219 }
1220
69ab39ea 1221 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1222 goto failed;
1223 }
1224
2e58ef3e 1225 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1226 if (!cmd) {
1227 err = -ENOMEM;
73f22f62 1228 goto failed;
366a0336 1229 }
73f22f62 1230
310a3d48
MH		 1231 /* Cancel any potential discoverable timeout that might be
1232 * still active and store new timeout value. The arming of
1233 * the timeout happens in the complete handler.
1234 */
1235 cancel_delayed_work(&hdev->discov_off);
1236 hdev->discov_timeout = timeout;
1237
aed1a885
JH		 1238 if (cp->val)
1239 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1240 else
1241 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1242
b456f87c
JH		 1243 /* Limited discoverable mode */
1244 if (cp->val == 0x02)
a1536da2 1245 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1246 else
a358dc11 1247 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1248
aed1a885
JH		 1249 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1250 err = 0;
73f22f62
JH		 1251
1252failed:
09fd0de5 1253 hci_dev_unlock(hdev);
73f22f62
JH		 1254 return err;
1255}
1256
53c0ba74 1257void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
2b76f453 1258{
3b0602cd 1259 struct mgmt_pending_cmd *cmd;
2b76f453
JH		 1260
1261 BT_DBG("status 0x%02x", status);
1262
1263 hci_dev_lock(hdev);
1264
333ae95d 1265 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 1266 if (!cmd)
1267 goto unlock;
1268
37438c1f
JH		 1269 if (status) {
1270 u8 mgmt_err = mgmt_status(status);
a69e8375 1271 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1272 goto remove_cmd;
1273 }
1274
2b76f453 1275 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
53c0ba74 1276 new_settings(hdev, cmd->sk);
d7b856f9 1277
37438c1f 1278remove_cmd:
2b76f453
JH		 1279 mgmt_pending_remove(cmd);
1280
1281unlock:
1282 hci_dev_unlock(hdev);
1283}
1284
e8ba3a1f
JH		 1285static int set_connectable_update_settings(struct hci_dev *hdev,
1286 struct sock *sk, u8 val)
1287{
1288 bool changed = false;
1289 int err;
1290
d7a5a11d 1291 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1292 changed = true;
1293
1294 if (val) {
a1536da2 1295 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1296 } else {
a358dc11
MH		 1297 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1298 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1299 }
1300
1301 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1302 if (err < 0)
1303 return err;
1304
562064e6 1305 if (changed) {
01b1cb87 1306 hci_req_update_scan(hdev);
562064e6 1307 hci_update_background_scan(hdev);
e8ba3a1f 1308 return new_settings(hdev, sk);
562064e6 1309 }
e8ba3a1f
JH		 1310
1311 return 0;
1312}
1313
bdb6d971 1314static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1315 u16 len)
9fbcbb45 1316{
650f726d 1317 struct mgmt_mode *cp = data;
3b0602cd 1318 struct mgmt_pending_cmd *cmd;
9fbcbb45
JH		 1319 int err;
1320
bdb6d971 1321 BT_DBG("request for %s", hdev->name);
9fbcbb45 1322
d7a5a11d
MH		 1323 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1324 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1325 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1326 MGMT_STATUS_REJECTED);
33c525c0 1327
a7e80f25 1328 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1329 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1330 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1331
09fd0de5 1332 hci_dev_lock(hdev);
9fbcbb45 1333
4b34ee78 1334 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1335 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1336 goto failed;
1337 }
1338
333ae95d
JH		 1339 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1340 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1341 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1342 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1343 goto failed;
1344 }
1345
2e58ef3e 1346 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1347 if (!cmd) {
1348 err = -ENOMEM;
9fbcbb45 1349 goto failed;
366a0336 1350 }
9fbcbb45 1351
53c0ba74
JH		 1352 if (cp->val) {
1353 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1354 } else {
1355 if (hdev->discov_timeout > 0)
1356 cancel_delayed_work(&hdev->discov_off);
2b76f453 1357
53c0ba74
JH		 1358 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1359 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1360 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
9b74246f 1361 }
2b76f453 1362
53c0ba74
JH		 1363 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1364 err = 0;
9fbcbb45
JH		 1365
1366failed:
09fd0de5 1367 hci_dev_unlock(hdev);
9fbcbb45
JH		 1368 return err;
1369}
1370
b2939475 1371static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1372 u16 len)
c542a06c 1373{
650f726d 1374 struct mgmt_mode *cp = data;
55594356 1375 bool changed;
c542a06c
JH		 1376 int err;
1377
bdb6d971 1378 BT_DBG("request for %s", hdev->name);
c542a06c 1379
a7e80f25 1380 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1381 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1382 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1383
09fd0de5 1384 hci_dev_lock(hdev);
c542a06c
JH		 1385
1386 if (cp->val)
238be788 1387 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 1388 else
a69d8927 1389 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 1390
b2939475 1391 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1392 if (err < 0)
55594356 1393 goto unlock;
c542a06c 1394
55594356
MH		 1395 if (changed)
1396 err = new_settings(hdev, sk);
c542a06c 1397
55594356 1398unlock:
09fd0de5 1399 hci_dev_unlock(hdev);
c542a06c
JH		 1400 return err;
1401}
1402
04124681
GP		 1403static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1404 u16 len)
33ef95ed
JH		 1405{
1406 struct mgmt_mode *cp = data;
3b0602cd 1407 struct mgmt_pending_cmd *cmd;
e6fe7986 1408 u8 val, status;
33ef95ed
JH		 1409 int err;
1410
bdb6d971 1411 BT_DBG("request for %s", hdev->name);
33ef95ed 1412
e6fe7986
JH		 1413 status = mgmt_bredr_support(hdev);
1414 if (status)
a69e8375
JH		 1415 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1416 status);
33c525c0 1417
a7e80f25 1418 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1419 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1420 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1421
33ef95ed
JH		 1422 hci_dev_lock(hdev);
1423
4b34ee78 1424 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1425 bool changed = false;
1426
d7a5a11d 1427 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 1428 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 1429 changed = true;
1430 }
1431
1432 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1433 if (err < 0)
1434 goto failed;
1435
1436 if (changed)
1437 err = new_settings(hdev, sk);
1438
33ef95ed
JH		 1439 goto failed;
1440 }
1441
333ae95d 1442 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 1443 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1444 MGMT_STATUS_BUSY);
33ef95ed
JH		 1445 goto failed;
1446 }
1447
1448 val = !!cp->val;
1449
1450 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1451 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1452 goto failed;
1453 }
1454
1455 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1456 if (!cmd) {
1457 err = -ENOMEM;
1458 goto failed;
1459 }
1460
1461 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1462 if (err < 0) {
1463 mgmt_pending_remove(cmd);
1464 goto failed;
1465 }
1466
1467failed:
1468 hci_dev_unlock(hdev);
33ef95ed
JH		 1469 return err;
1470}
1471
bdb6d971 1472static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1473{
1474 struct mgmt_mode *cp = data;
3b0602cd 1475 struct mgmt_pending_cmd *cmd;
72ef0c1a 1476 u8 status;
ed2c4ee3
JH		 1477 int err;
1478
bdb6d971 1479 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1480
cdba5281
MH		 1481 status = mgmt_bredr_support(hdev);
1482 if (status)
a69e8375 1483 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 1484
13ecd8b6 1485 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1486 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1487 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1488
a7e80f25 1489 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1490 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1491 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1492
13ecd8b6 1493 hci_dev_lock(hdev);
6c8f12c1 1494
4b34ee78 1495 if (!hdev_is_powered(hdev)) {
9ecb3e24 1496 bool changed;
c0ecddc2 1497
9ecb3e24 1498 if (cp->val) {
238be788
MH		 1499 changed = !hci_dev_test_and_set_flag(hdev,
1500 HCI_SSP_ENABLED);
9ecb3e24 1501 } else {
a69d8927
MH		 1502 changed = hci_dev_test_and_clear_flag(hdev,
1503 HCI_SSP_ENABLED);
9ecb3e24 1504 if (!changed)
a69d8927
MH		 1505 changed = hci_dev_test_and_clear_flag(hdev,
1506 HCI_HS_ENABLED);
9ecb3e24 1507 else
a358dc11 1508 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 1509 }
1510
1511 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1512 if (err < 0)
1513 goto failed;
1514
1515 if (changed)
1516 err = new_settings(hdev, sk);
1517
ed2c4ee3
JH		 1518 goto failed;
1519 }
1520
333ae95d 1521 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1522 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1523 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1524 goto failed;
1525 }
1526
d7a5a11d 1527 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 1528 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1529 goto failed;
1530 }
1531
1532 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1533 if (!cmd) {
1534 err = -ENOMEM;
1535 goto failed;
1536 }
1537
d7a5a11d 1538 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 1539 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1540 sizeof(cp->val), &cp->val);
1541
72ef0c1a 1542 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1543 if (err < 0) {
1544 mgmt_pending_remove(cmd);
1545 goto failed;
1546 }
1547
1548failed:
1549 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1550 return err;
1551}
1552
bdb6d971 1553static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1554{
1555 struct mgmt_mode *cp = data;
ee392693 1556 bool changed;
e6fe7986 1557 u8 status;
ee392693 1558 int err;
6d80dfd0 1559
bdb6d971 1560 BT_DBG("request for %s", hdev->name);
6d80dfd0 1561
e6fe7986
JH		 1562 status = mgmt_bredr_support(hdev);
1563 if (status)
a69e8375 1564 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1565
9ecb3e24 1566 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1567 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1568 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 1569
d7a5a11d 1570 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 1571 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1572 MGMT_STATUS_REJECTED);
9ecb3e24 1573
a7e80f25 1574 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1575 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1576 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1577
ee392693
MH		 1578 hci_dev_lock(hdev);
1579
333ae95d 1580 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1581 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1582 MGMT_STATUS_BUSY);
a2cb01de
JH		 1583 goto unlock;
1584 }
1585
a0cdf960 1586 if (cp->val) {
238be788 1587 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 1588 } else {
1589 if (hdev_is_powered(hdev)) {
a69e8375
JH		 1590 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1591 MGMT_STATUS_REJECTED);
a0cdf960
MH		 1592 goto unlock;
1593 }
1594
a69d8927 1595 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 1596 }
ee392693
MH		 1597
1598 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1599 if (err < 0)
1600 goto unlock;
1601
1602 if (changed)
1603 err = new_settings(hdev, sk);
6d80dfd0 1604
ee392693
MH		 1605unlock:
1606 hci_dev_unlock(hdev);
1607 return err;
6d80dfd0
JH		 1608}
1609
1904a853 1610static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 1611{
1612 struct cmd_lookup match = { NULL, hdev };
1613
3ad67582
JK		 1614 hci_dev_lock(hdev);
1615
416a4ae5
JH		 1616 if (status) {
1617 u8 mgmt_err = mgmt_status(status);
1618
1619 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1620 &mgmt_err);
3ad67582 1621 goto unlock;
416a4ae5
JH		 1622 }
1623
1624 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1625
1626 new_settings(hdev, match.sk);
1627
1628 if (match.sk)
1629 sock_put(match.sk);
441ad2d0
MH		 1630
1631 /* Make sure the controller has a good default for
1632 * advertising data. Restrict the update to when LE
1633 * has actually been enabled. During power on, the
1634 * update in powered_update_hci will take care of it.
1635 */
d7a5a11d 1636 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 1637 struct hci_request req;
1638
441ad2d0 1639 hci_req_init(&req, hdev);
f2252570
JH		 1640 __hci_req_update_adv_data(&req, HCI_ADV_CURRENT);
1641 __hci_req_update_scan_rsp_data(&req, HCI_ADV_CURRENT);
441ad2d0 1642 hci_req_run(&req, NULL);
2e93e53b 1643 hci_update_background_scan(hdev);
441ad2d0 1644 }
3ad67582
JK		 1645
1646unlock:
1647 hci_dev_unlock(hdev);
416a4ae5
JH		 1648}
1649
bdb6d971 1650static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1651{
1652 struct mgmt_mode *cp = data;
1653 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 1654 struct mgmt_pending_cmd *cmd;
416a4ae5 1655 struct hci_request req;
06199cf8 1656 int err;
0b60eba1 1657 u8 val, enabled;
06199cf8 1658
bdb6d971 1659 BT_DBG("request for %s", hdev->name);
06199cf8 1660
13ecd8b6 1661 if (!lmp_le_capable(hdev))
a69e8375
JH		 1662 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1663 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1664
a7e80f25 1665 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1666 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1667 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1668
e7844ee5
MH		 1669 /* Bluetooth single mode LE only controllers or dual-mode
1670 * controllers configured as LE only devices, do not allow
1671 * switching LE off. These have either LE enabled explicitly
1672 * or BR/EDR has been previously switched off.
1673 *
1674 * When trying to enable an already enabled LE, then gracefully
1675 * send a positive response. Trying to disable it however will
1676 * result into rejection.
1677 */
1678 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1679 if (cp->val == 0x01)
1680 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1681
a69e8375
JH		 1682 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1683 MGMT_STATUS_REJECTED);
e7844ee5 1684 }
c73eee91 1685
13ecd8b6 1686 hci_dev_lock(hdev);
06199cf8
JH		 1687
1688 val = !!cp->val;
ffa88e02 1689 enabled = lmp_host_le_capable(hdev);
06199cf8 1690
847818d9 1691 if (!val)
f2252570 1692 hci_req_clear_adv_instance(hdev, NULL, 0x00, true);
847818d9 1693
0b60eba1 1694 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1695 bool changed = false;
1696
d7a5a11d 1697 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 1698 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 1699 changed = true;
1700 }
1701
d7a5a11d 1702 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 1703 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 1704 changed = true;
1705 }
1706
06199cf8
JH		 1707 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1708 if (err < 0)
1de028ce 1709 goto unlock;
06199cf8
JH		 1710
1711 if (changed)
1712 err = new_settings(hdev, sk);
1713
1de028ce 1714 goto unlock;
06199cf8
JH		 1715 }
1716
333ae95d
JH		 1717 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1718 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 1719 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1720 MGMT_STATUS_BUSY);
1de028ce 1721 goto unlock;
06199cf8
JH		 1722 }
1723
1724 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1725 if (!cmd) {
1726 err = -ENOMEM;
1de028ce 1727 goto unlock;
06199cf8
JH		 1728 }
1729
441ad2d0
MH		 1730 hci_req_init(&req, hdev);
1731
06199cf8
JH		 1732 memset(&hci_cp, 0, sizeof(hci_cp));
1733
1734 if (val) {
1735 hci_cp.le = val;
32226e4f 1736 hci_cp.simul = 0x00;
441ad2d0 1737 } else {
d7a5a11d 1738 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 1739 __hci_req_disable_advertising(&req);
06199cf8
JH		 1740 }
1741
416a4ae5
JH		 1742 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1743 &hci_cp);
1744
1745 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1746 if (err < 0)
06199cf8 1747 mgmt_pending_remove(cmd);
06199cf8 1748
1de028ce
JH		 1749unlock:
1750 hci_dev_unlock(hdev);
06199cf8
JH		 1751 return err;
1752}
1753
0cab9c80
JH		 1754/* This is a helper function to test for pending mgmt commands that can
1755 * cause CoD or EIR HCI commands. We can only allow one such pending
1756 * mgmt command at a time since otherwise we cannot easily track what
1757 * the current values are, will be, and based on that calculate if a new
1758 * HCI command needs to be sent and if yes with what value.
1759 */
1760static bool pending_eir_or_class(struct hci_dev *hdev)
1761{
3b0602cd 1762 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 1763
1764 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1765 switch (cmd->opcode) {
1766 case MGMT_OP_ADD_UUID:
1767 case MGMT_OP_REMOVE_UUID:
1768 case MGMT_OP_SET_DEV_CLASS:
1769 case MGMT_OP_SET_POWERED:
1770 return true;
1771 }
1772 }
1773
1774 return false;
1775}
1776
83be8eca
JH		 1777static const u8 bluetooth_base_uuid[] = {
1778 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1779 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1780};
1781
1782static u8 get_uuid_size(const u8 *uuid)
1783{
1784 u32 val;
1785
1786 if (memcmp(uuid, bluetooth_base_uuid, 12))
1787 return 128;
1788
1789 val = get_unaligned_le32(&uuid[12]);
1790 if (val > 0xffff)
1791 return 32;
1792
1793 return 16;
1794}
1795
92da6097
JH		 1796static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1797{
3b0602cd 1798 struct mgmt_pending_cmd *cmd;
92da6097
JH		 1799
1800 hci_dev_lock(hdev);
1801
333ae95d 1802 cmd = pending_find(mgmt_op, hdev);
92da6097
JH		 1803 if (!cmd)
1804 goto unlock;
1805
2a1afb5a
JH		 1806 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
1807 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 1808
1809 mgmt_pending_remove(cmd);
1810
1811unlock:
1812 hci_dev_unlock(hdev);
1813}
1814
1904a853 1815static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 1816{
1817 BT_DBG("status 0x%02x", status);
1818
1819 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1820}
1821
bdb6d971 1822static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1823{
650f726d 1824 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 1825 struct mgmt_pending_cmd *cmd;
890ea898 1826 struct hci_request req;
2aeb9a1a 1827 struct bt_uuid *uuid;
2aeb9a1a
JH		 1828 int err;
1829
bdb6d971 1830 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1831
09fd0de5 1832 hci_dev_lock(hdev);
2aeb9a1a 1833
0cab9c80 1834 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 1835 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1836 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1837 goto failed;
1838 }
1839
92c4c204 1840 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1841 if (!uuid) {
1842 err = -ENOMEM;
1843 goto failed;
1844 }
1845
1846 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1847 uuid->svc_hint = cp->svc_hint;
83be8eca 1848 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1849
de66aa63 1850 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1851
890ea898 1852 hci_req_init(&req, hdev);
1aff6f09 1853
14bf5eac 1854 __hci_req_update_class(&req);
b1a8917c 1855 __hci_req_update_eir(&req);
890ea898 1856
92da6097
JH		 1857 err = hci_req_run(&req, add_uuid_complete);
1858 if (err < 0) {
1859 if (err != -ENODATA)
1860 goto failed;
80a1e1db 1861
2a1afb5a
JH		 1862 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1863 hdev->dev_class, 3);
90e70454
JH		 1864 goto failed;
1865 }
1866
1867 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1868 if (!cmd) {
90e70454 1869 err = -ENOMEM;
890ea898
JH		 1870 goto failed;
1871 }
1872
1873 err = 0;
2aeb9a1a
JH		 1874
1875failed:
09fd0de5 1876 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1877 return err;
1878}
1879
24b78d0f
JH		 1880static bool enable_service_cache(struct hci_dev *hdev)
1881{
1882 if (!hdev_is_powered(hdev))
1883 return false;
1884
238be788 1885 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 1886 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1887 CACHE_TIMEOUT);
24b78d0f
JH		 1888 return true;
1889 }
1890
1891 return false;
1892}
1893
1904a853 1894static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 1895{
1896 BT_DBG("status 0x%02x", status);
1897
1898 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1899}
1900
bdb6d971 1901static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1902 u16 len)
2aeb9a1a 1903{
650f726d 1904 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 1905 struct mgmt_pending_cmd *cmd;
056341c8 1906 struct bt_uuid *match, *tmp;
2aeb9a1a 1907 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1908 struct hci_request req;
2aeb9a1a
JH		 1909 int err, found;
1910
bdb6d971 1911 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1912
09fd0de5 1913 hci_dev_lock(hdev);
2aeb9a1a 1914
0cab9c80 1915 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 1916 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1917 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1918 goto unlock;
1919 }
1920
2aeb9a1a 1921 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 1922 hci_uuids_clear(hdev);
4004b6d9 1923
24b78d0f 1924 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 1925 err = mgmt_cmd_complete(sk, hdev->id,
1926 MGMT_OP_REMOVE_UUID,
1927 0, hdev->dev_class, 3);
24b78d0f
JH		 1928 goto unlock;
1929 }
4004b6d9 1930
9246a869 1931 goto update_class;
2aeb9a1a
JH		 1932 }
1933
1934 found = 0;
1935
056341c8 1936 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1937 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1938 continue;
1939
1940 list_del(&match->list);
482049f7 1941 kfree(match);
2aeb9a1a
JH		 1942 found++;
1943 }
1944
1945 if (found == 0) {
a69e8375
JH		 1946 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1947 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1948 goto unlock;
1949 }
1950
9246a869 1951update_class:
890ea898 1952 hci_req_init(&req, hdev);
1aff6f09 1953
14bf5eac 1954 __hci_req_update_class(&req);
b1a8917c 1955 __hci_req_update_eir(&req);
890ea898 1956
92da6097
JH		 1957 err = hci_req_run(&req, remove_uuid_complete);
1958 if (err < 0) {
1959 if (err != -ENODATA)
1960 goto unlock;
80a1e1db 1961
2a1afb5a
JH		 1962 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1963 hdev->dev_class, 3);
90e70454
JH		 1964 goto unlock;
1965 }
1966
1967 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1968 if (!cmd) {
90e70454 1969 err = -ENOMEM;
890ea898
JH		 1970 goto unlock;
1971 }
1972
1973 err = 0;
2aeb9a1a
JH		 1974
1975unlock:
09fd0de5 1976 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1977 return err;
1978}
1979
1904a853 1980static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 1981{
1982 BT_DBG("status 0x%02x", status);
1983
1984 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1985}
1986
bdb6d971 1987static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1988 u16 len)
1aff6f09 1989{
650f726d 1990 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 1991 struct mgmt_pending_cmd *cmd;
890ea898 1992 struct hci_request req;
1aff6f09
JH		 1993 int err;
1994
bdb6d971 1995 BT_DBG("request for %s", hdev->name);
1aff6f09 1996
6203fc98 1997 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 1998 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1999 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2000
0cab9c80 2001 hci_dev_lock(hdev);
ee98f473 2002
0cab9c80 2003 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2004 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2005 MGMT_STATUS_BUSY);
0cab9c80
JH		 2006 goto unlock;
2007 }
c95f0ba7 2008
0cab9c80 2009 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2010 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2011 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2012 goto unlock;
2013 }
575b3a02 2014
932f5ff5
JH		 2015 hdev->major_class = cp->major;
2016 hdev->minor_class = cp->minor;
2017
b5235a65 2018 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2019 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2020 hdev->dev_class, 3);
b5235a65
JH		 2021 goto unlock;
2022 }
2023
890ea898
JH		 2024 hci_req_init(&req, hdev);
2025
a69d8927 2026 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2027 hci_dev_unlock(hdev);
2028 cancel_delayed_work_sync(&hdev->service_cache);
2029 hci_dev_lock(hdev);
b1a8917c 2030 __hci_req_update_eir(&req);
7d78525d 2031 }
14c0b608 2032
14bf5eac 2033 __hci_req_update_class(&req);
890ea898 2034
92da6097
JH		 2035 err = hci_req_run(&req, set_class_complete);
2036 if (err < 0) {
2037 if (err != -ENODATA)
2038 goto unlock;
1aff6f09 2039
2a1afb5a
JH		 2040 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2041 hdev->dev_class, 3);
90e70454
JH		 2042 goto unlock;
2043 }
2044
2045 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2046 if (!cmd) {
90e70454 2047 err = -ENOMEM;
890ea898
JH		 2048 goto unlock;
2049 }
2050
2051 err = 0;
1aff6f09 2052
b5235a65 2053unlock:
09fd0de5 2054 hci_dev_unlock(hdev);
1aff6f09
JH		 2055 return err;
2056}
2057
bdb6d971 2058static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2059 u16 len)
55ed8ca1 2060{
650f726d 2061 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2062 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2063 sizeof(struct mgmt_link_key_info));
4e51eae9 2064 u16 key_count, expected_len;
b1de97d8 2065 bool changed;
a492cd52 2066 int i;
55ed8ca1 2067
9060d5cf
MH		 2068 BT_DBG("request for %s", hdev->name);
2069
2070 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2071 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2072 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2073
1f350c87 2074 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2075 if (key_count > max_key_count) {
2076 BT_ERR("load_link_keys: too big key_count value %u",
2077 key_count);
a69e8375
JH		 2078 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2079 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2080 }
55ed8ca1 2081
86742e1e
JH		 2082 expected_len = sizeof(*cp) + key_count *
2083 sizeof(struct mgmt_link_key_info);
a492cd52 2084 if (expected_len != len) {
86742e1e 2085 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2086 expected_len, len);
a69e8375
JH		 2087 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2088 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2089 }
2090
4ae14301 2091 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2092 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2093 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2094
bdb6d971 2095 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2096 key_count);
55ed8ca1 2097
4ee71b20
JH		 2098 for (i = 0; i < key_count; i++) {
2099 struct mgmt_link_key_info *key = &cp->keys[i];
2100
8e991132 2101 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2102 return mgmt_cmd_status(sk, hdev->id,
2103 MGMT_OP_LOAD_LINK_KEYS,
2104 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2105 }
2106
09fd0de5 2107 hci_dev_lock(hdev);
55ed8ca1
JH		 2108
2109 hci_link_keys_clear(hdev);
2110
55ed8ca1 2111 if (cp->debug_keys)
238be788 2112 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2113 else
a69d8927
MH		 2114 changed = hci_dev_test_and_clear_flag(hdev,
2115 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2116
2117 if (changed)
2118 new_settings(hdev, NULL);
55ed8ca1 2119
a492cd52 2120 for (i = 0; i < key_count; i++) {
86742e1e 2121 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2122
58e9293c
JH		 2123 /* Always ignore debug keys and require a new pairing if
2124 * the user wants to use them.
2125 */
2126 if (key->type == HCI_LK_DEBUG_COMBINATION)
2127 continue;
2128
7652ff6a
JH		 2129 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2130 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2131 }
2132
2a1afb5a 2133 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2134
09fd0de5 2135 hci_dev_unlock(hdev);
55ed8ca1 2136
a492cd52 2137 return 0;
55ed8ca1
JH		 2138}
2139
b1078ad0 2140static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2141 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2142{
2143 struct mgmt_ev_device_unpaired ev;
2144
2145 bacpy(&ev.addr.bdaddr, bdaddr);
2146 ev.addr.type = addr_type;
2147
2148 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2149 skip_sk);
b1078ad0
JH		 2150}
2151
bdb6d971 2152static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2153 u16 len)
55ed8ca1 2154{
124f6e35
JH		 2155 struct mgmt_cp_unpair_device *cp = data;
2156 struct mgmt_rp_unpair_device rp;
fc64361a 2157 struct hci_conn_params *params;
3b0602cd 2158 struct mgmt_pending_cmd *cmd;
55ed8ca1 2159 struct hci_conn *conn;
ec182f03 2160 u8 addr_type;
55ed8ca1
JH		 2161 int err;
2162
a8a1d19e 2163 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2164 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2165 rp.addr.type = cp->addr.type;
a8a1d19e 2166
4ee71b20 2167 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2168 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2169 MGMT_STATUS_INVALID_PARAMS,
2170 &rp, sizeof(rp));
4ee71b20 2171
118da70b 2172 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2173 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2174 MGMT_STATUS_INVALID_PARAMS,
2175 &rp, sizeof(rp));
118da70b 2176
4ee71b20
JH		 2177 hci_dev_lock(hdev);
2178
86a8cfc6 2179 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2180 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2181 MGMT_STATUS_NOT_POWERED, &rp,
2182 sizeof(rp));
86a8cfc6
JH		 2183 goto unlock;
2184 }
2185
e0b2b27e 2186 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2187 /* If disconnection is requested, then look up the
2188 * connection. If the remote device is connected, it
2189 * will be later used to terminate the link.
2190 *
2191 * Setting it to NULL explicitly will cause no
2192 * termination of the link.
2193 */
2194 if (cp->disconnect)
2195 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2196 &cp->addr.bdaddr);
2197 else
2198 conn = NULL;
2199
124f6e35 2200 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
ec182f03
JH		 2201 if (err < 0) {
2202 err = mgmt_cmd_complete(sk, hdev->id,
2203 MGMT_OP_UNPAIR_DEVICE,
2204 MGMT_STATUS_NOT_PAIRED, &rp,
2205 sizeof(rp));
2206 goto unlock;
89cbb063
AA		 2207 }
2208
ec182f03 2209 goto done;
e0b2b27e 2210 }
b0dbfb46 2211
ec182f03
JH		 2212 /* LE address type */
2213 addr_type = le_addr_type(cp->addr.type);
2214
2215 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2216
2217 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
55ed8ca1 2218 if (err < 0) {
2a1afb5a
JH		 2219 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2220 MGMT_STATUS_NOT_PAIRED, &rp,
2221 sizeof(rp));
55ed8ca1
JH		 2222 goto unlock;
2223 }
2224
ec182f03
JH		 2225 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2226 if (!conn) {
2227 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2228 goto done;
2229 }
2230
c81d555a
JH		 2231 /* Abort any ongoing SMP pairing */
2232 smp_cancel_pairing(conn);
2233
ec182f03
JH		 2234 /* Defer clearing up the connection parameters until closing to
2235 * give a chance of keeping them if a repairing happens.
2236 */
2237 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2238
fc64361a
JH		 2239 /* Disable auto-connection parameters if present */
2240 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2241 if (params) {
2242 if (params->explicit_connect)
2243 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2244 else
2245 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2246 }
2247
ec182f03
JH		 2248 /* If disconnection is not requested, then clear the connection
2249 * variable so that the link is not terminated.
2250 */
2251 if (!cp->disconnect)
2252 conn = NULL;
2253
2254done:
89cbb063
AA		 2255 /* If the connection variable is set, then termination of the
2256 * link is requested.
2257 */
a8a1d19e 2258 if (!conn) {
2a1afb5a
JH		 2259 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2260 &rp, sizeof(rp));
b1078ad0 2261 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2262 goto unlock;
2263 }
55ed8ca1 2264
124f6e35 2265 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2266 sizeof(*cp));
a8a1d19e
JH		 2267 if (!cmd) {
2268 err = -ENOMEM;
2269 goto unlock;
55ed8ca1
JH		 2270 }
2271
d8b7b1e4
JH		 2272 cmd->cmd_complete = addr_cmd_complete;
2273
89e0ccc8 2274 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
a8a1d19e
JH		 2275 if (err < 0)
2276 mgmt_pending_remove(cmd);
2277
55ed8ca1 2278unlock:
09fd0de5 2279 hci_dev_unlock(hdev);
55ed8ca1
JH		 2280 return err;
2281}
2282
bdb6d971 2283static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2284 u16 len)
8962ee74 2285{
650f726d 2286 struct mgmt_cp_disconnect *cp = data;
06a63b19 2287 struct mgmt_rp_disconnect rp;
3b0602cd 2288 struct mgmt_pending_cmd *cmd;
8962ee74 2289 struct hci_conn *conn;
8962ee74
JH		 2290 int err;
2291
2292 BT_DBG("");
2293
06a63b19
JH		 2294 memset(&rp, 0, sizeof(rp));
2295 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2296 rp.addr.type = cp->addr.type;
2297
4ee71b20 2298 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2299 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2300 MGMT_STATUS_INVALID_PARAMS,
2301 &rp, sizeof(rp));
4ee71b20 2302
09fd0de5 2303 hci_dev_lock(hdev);
8962ee74
JH		 2304
2305 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2306 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2307 MGMT_STATUS_NOT_POWERED, &rp,
2308 sizeof(rp));
8962ee74
JH		 2309 goto failed;
2310 }
2311
333ae95d 2312 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2313 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2314 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2315 goto failed;
2316 }
2317
591f47f3 2318 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2319 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2320 &cp->addr.bdaddr);
88c3df13 2321 else
9d4c1cc1
JH		 2322 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2323 le_addr_type(cp->addr.type));
365227e5 2324
f960727e 2325 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2326 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2327 MGMT_STATUS_NOT_CONNECTED, &rp,
2328 sizeof(rp));
8962ee74
JH		 2329 goto failed;
2330 }
2331
2e58ef3e 2332 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2333 if (!cmd) {
2334 err = -ENOMEM;
8962ee74 2335 goto failed;
366a0336 2336 }
8962ee74 2337
f5818c22
JH		 2338 cmd->cmd_complete = generic_cmd_complete;
2339
e3f2f92a 2340 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2341 if (err < 0)
a664b5bc 2342 mgmt_pending_remove(cmd);
8962ee74
JH		 2343
2344failed:
09fd0de5 2345 hci_dev_unlock(hdev);
8962ee74
JH		 2346 return err;
2347}
2348
57c1477c 2349static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2350{
2351 switch (link_type) {
2352 case LE_LINK:
48264f06
JH		 2353 switch (addr_type) {
2354 case ADDR_LE_DEV_PUBLIC:
591f47f3 2355 return BDADDR_LE_PUBLIC;
0ed09148 2356
48264f06 2357 default:
0ed09148 2358 /* Fallback to LE Random address type */
591f47f3 2359 return BDADDR_LE_RANDOM;
48264f06 2360 }
0ed09148 2361
4c659c39 2362 default:
0ed09148 2363 /* Fallback to BR/EDR type */
591f47f3 2364 return BDADDR_BREDR;
4c659c39
JH		 2365 }
2366}
2367
04124681
GP		 2368static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2369 u16 data_len)
2784eb41 2370{
2784eb41 2371 struct mgmt_rp_get_connections *rp;
8035ded4 2372 struct hci_conn *c;
a38528f1 2373 size_t rp_len;
60fc5fb6
JH		 2374 int err;
2375 u16 i;
2784eb41
JH		 2376
2377 BT_DBG("");
2378
09fd0de5 2379 hci_dev_lock(hdev);
2784eb41 2380
5f97c1df 2381 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2382 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2383 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2384 goto unlock;
2385 }
2386
60fc5fb6 2387 i = 0;
b644ba33
JH		 2388 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2389 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2390 i++;
2784eb41
JH		 2391 }
2392
60fc5fb6 2393 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2394 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2395 if (!rp) {
2784eb41
JH		 2396 err = -ENOMEM;
2397 goto unlock;
2398 }
2399
2784eb41 2400 i = 0;
4c659c39 2401 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2402 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2403 continue;
4c659c39 2404 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2405 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2406 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2407 continue;
2408 i++;
2409 }
2410
eb55ef07 2411 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2412
4c659c39
JH		 2413 /* Recalculate length in case of filtered SCO connections, etc */
2414 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2415
2a1afb5a
JH		 2416 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2417 rp_len);
2784eb41 2418
a38528f1 2419 kfree(rp);
5f97c1df
JH		 2420
2421unlock:
09fd0de5 2422 hci_dev_unlock(hdev);
2784eb41
JH		 2423 return err;
2424}
2425
bdb6d971 2426static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2427 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 2428{
3b0602cd 2429 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 2430 int err;
2431
2e58ef3e 2432 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2433 sizeof(*cp));
96d97a67
WR		 2434 if (!cmd)
2435 return -ENOMEM;
2436
d8457698 2437 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2438 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2439 if (err < 0)
2440 mgmt_pending_remove(cmd);
2441
2442 return err;
2443}
2444
bdb6d971 2445static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2446 u16 len)
980e1a53 2447{
96d97a67 2448 struct hci_conn *conn;
650f726d 2449 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2450 struct hci_cp_pin_code_reply reply;
3b0602cd 2451 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 2452 int err;
2453
2454 BT_DBG("");
2455
09fd0de5 2456 hci_dev_lock(hdev);
980e1a53 2457
4b34ee78 2458 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2459 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2460 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2461 goto failed;
2462 }
2463
d8457698 2464 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2465 if (!conn) {
a69e8375
JH		 2466 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2467 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2468 goto failed;
2469 }
2470
2471 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2472 struct mgmt_cp_pin_code_neg_reply ncp;
2473
2474 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2475
2476 BT_ERR("PIN code is not 16 bytes long");
2477
bdb6d971 2478 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2479 if (err >= 0)
a69e8375
JH		 2480 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2481 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2482
2483 goto failed;
2484 }
2485
00abfe44 2486 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2487 if (!cmd) {
2488 err = -ENOMEM;
980e1a53 2489 goto failed;
366a0336 2490 }
980e1a53 2491
7776d1d8
JH		 2492 cmd->cmd_complete = addr_cmd_complete;
2493
d8457698 2494 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2495 reply.pin_len = cp->pin_len;
24718ca5 2496 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2497
2498 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2499 if (err < 0)
a664b5bc 2500 mgmt_pending_remove(cmd);
980e1a53
JH		 2501
2502failed:
09fd0de5 2503 hci_dev_unlock(hdev);
980e1a53
JH		 2504 return err;
2505}
2506
04124681
GP		 2507static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2508 u16 len)
17fa4b9d 2509{
650f726d 2510 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2511
2512 BT_DBG("");
2513
4ec86d4c 2514 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 2515 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2516 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 2517
09fd0de5 2518 hci_dev_lock(hdev);
17fa4b9d
JH		 2519
2520 hdev->io_capability = cp->io_capability;
2521
2522 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2523 hdev->io_capability);
17fa4b9d 2524
09fd0de5 2525 hci_dev_unlock(hdev);
17fa4b9d 2526
2a1afb5a
JH		 2527 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2528 NULL, 0);
17fa4b9d
JH		 2529}
2530
3b0602cd 2531static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2532{
2533 struct hci_dev *hdev = conn->hdev;
3b0602cd 2534 struct mgmt_pending_cmd *cmd;
e9a416b5 2535
2e58ef3e 2536 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2537 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2538 continue;
2539
e9a416b5
JH		 2540 if (cmd->user_data != conn)
2541 continue;
2542
2543 return cmd;
2544 }
2545
2546 return NULL;
2547}
2548
3b0602cd 2549static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 2550{
2551 struct mgmt_rp_pair_device rp;
2552 struct hci_conn *conn = cmd->user_data;
9df74653 2553 int err;
e9a416b5 2554
61b1a7fb
JH		 2555 bacpy(&rp.addr.bdaddr, &conn->dst);
2556 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2557
2a1afb5a
JH		 2558 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2559 status, &rp, sizeof(rp));
e9a416b5
JH		 2560
2561 /* So we don't get further callbacks for this connection */
2562 conn->connect_cfm_cb = NULL;
2563 conn->security_cfm_cb = NULL;
2564 conn->disconn_cfm_cb = NULL;
2565
76a68ba0 2566 hci_conn_drop(conn);
89cbb063
AA		 2567
2568 /* The device is paired so there is no need to remove
2569 * its connection parameters anymore.
2570 */
2571 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 2572
2573 hci_conn_put(conn);
9df74653
JH		 2574
2575 return err;
e9a416b5
JH		 2576}
2577
f4a407be
JH		 2578void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2579{
2580 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 2581 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 2582
2583 cmd = find_pairing(conn);
a511b35b 2584 if (cmd) {
04ab2749 2585 cmd->cmd_complete(cmd, status);
a511b35b
JH		 2586 mgmt_pending_remove(cmd);
2587 }
f4a407be
JH		 2588}
2589
e9a416b5
JH		 2590static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2591{
3b0602cd 2592 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2593
2594 BT_DBG("status %u", status);
2595
2596 cmd = find_pairing(conn);
a511b35b 2597 if (!cmd) {
e9a416b5 2598 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2599 return;
2600 }
2601
2602 cmd->cmd_complete(cmd, mgmt_status(status));
2603 mgmt_pending_remove(cmd);
e9a416b5
JH		 2604}
2605
f4a407be 2606static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 2607{
3b0602cd 2608 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 2609
2610 BT_DBG("status %u", status);
2611
2612 if (!status)
2613 return;
2614
2615 cmd = find_pairing(conn);
a511b35b 2616 if (!cmd) {
4c47d739 2617 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2618 return;
2619 }
2620
2621 cmd->cmd_complete(cmd, mgmt_status(status));
2622 mgmt_pending_remove(cmd);
4c47d739
VA		 2623}
2624
bdb6d971 2625static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2626 u16 len)
e9a416b5 2627{
650f726d 2628 struct mgmt_cp_pair_device *cp = data;
1425acb7 2629 struct mgmt_rp_pair_device rp;
3b0602cd 2630 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2631 u8 sec_level, auth_type;
2632 struct hci_conn *conn;
e9a416b5
JH		 2633 int err;
2634
2635 BT_DBG("");
2636
f950a30e
SJ		 2637 memset(&rp, 0, sizeof(rp));
2638 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2639 rp.addr.type = cp->addr.type;
2640
4ee71b20 2641 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2642 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2643 MGMT_STATUS_INVALID_PARAMS,
2644 &rp, sizeof(rp));
4ee71b20 2645
4ec86d4c 2646 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 2647 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2648 MGMT_STATUS_INVALID_PARAMS,
2649 &rp, sizeof(rp));
4ec86d4c 2650
09fd0de5 2651 hci_dev_lock(hdev);
e9a416b5 2652
5f97c1df 2653 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2654 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2655 MGMT_STATUS_NOT_POWERED, &rp,
2656 sizeof(rp));
5f97c1df
JH		 2657 goto unlock;
2658 }
2659
55e76b38
JH		 2660 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2661 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2662 MGMT_STATUS_ALREADY_PAIRED, &rp,
2663 sizeof(rp));
2664 goto unlock;
2665 }
2666
c908df36 2667 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2668 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2669
6f77d8c7 2670 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2671 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2672 auth_type);
6f77d8c7 2673 } else {
85813a7e 2674 u8 addr_type = le_addr_type(cp->addr.type);
5157b8a5 2675 struct hci_conn_params *p;
6f77d8c7 2676
7c264b10
MH		 2677 /* When pairing a new device, it is expected to remember
2678 * this device for future connections. Adding the connection
2679 * parameter information ahead of time allows tracking
2680 * of the slave preferred values and will speed up any
2681 * further connection establishment.
2682 *
2683 * If connection parameters already exist, then they
2684 * will be kept and this function does nothing.
2685 */
5157b8a5
JP		 2686 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2687
2688 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2689 p->auto_connect = HCI_AUTO_CONN_DISABLED;
7c264b10 2690
fa142220
JP		 2691 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2692 addr_type, sec_level,
0ad06aa6 2693 HCI_LE_CONN_TIMEOUT);
6f77d8c7 2694 }
7a512d01 2695
30e76272 2696 if (IS_ERR(conn)) {
489dc48e
AK		 2697 int status;
2698
2699 if (PTR_ERR(conn) == -EBUSY)
2700 status = MGMT_STATUS_BUSY;
faa81030
LR		 2701 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2702 status = MGMT_STATUS_NOT_SUPPORTED;
2703 else if (PTR_ERR(conn) == -ECONNREFUSED)
2704 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 2705 else
2706 status = MGMT_STATUS_CONNECT_FAILED;
2707
2a1afb5a
JH		 2708 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2709 status, &rp, sizeof(rp));
e9a416b5
JH		 2710 goto unlock;
2711 }
2712
2713 if (conn->connect_cfm_cb) {
76a68ba0 2714 hci_conn_drop(conn);
2a1afb5a
JH		 2715 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2716 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2717 goto unlock;
2718 }
2719
2e58ef3e 2720 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2721 if (!cmd) {
2722 err = -ENOMEM;
76a68ba0 2723 hci_conn_drop(conn);
e9a416b5
JH		 2724 goto unlock;
2725 }
2726
04ab2749
JH		 2727 cmd->cmd_complete = pairing_complete;
2728
7a512d01 2729 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2730 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2731 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2732 conn->security_cfm_cb = pairing_complete_cb;
2733 conn->disconn_cfm_cb = pairing_complete_cb;
2734 } else {
2735 conn->connect_cfm_cb = le_pairing_complete_cb;
2736 conn->security_cfm_cb = le_pairing_complete_cb;
2737 conn->disconn_cfm_cb = le_pairing_complete_cb;
2738 }
7a512d01 2739
e9a416b5 2740 conn->io_capability = cp->io_cap;
f8aaf9b6 2741 cmd->user_data = hci_conn_get(conn);
e9a416b5 2742
6f78fd4b 2743 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 2744 hci_conn_security(conn, sec_level, auth_type, true)) {
2745 cmd->cmd_complete(cmd, 0);
2746 mgmt_pending_remove(cmd);
2747 }
e9a416b5
JH		 2748
2749 err = 0;
2750
2751unlock:
09fd0de5 2752 hci_dev_unlock(hdev);
e9a416b5
JH		 2753 return err;
2754}
2755
04124681
GP		 2756static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2757 u16 len)
28424707 2758{
0f4e68cf 2759 struct mgmt_addr_info *addr = data;
3b0602cd 2760 struct mgmt_pending_cmd *cmd;
28424707
JH		 2761 struct hci_conn *conn;
2762 int err;
2763
2764 BT_DBG("");
2765
28424707
JH		 2766 hci_dev_lock(hdev);
2767
5f97c1df 2768 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2769 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2770 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2771 goto unlock;
2772 }
2773
333ae95d 2774 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 2775 if (!cmd) {
a69e8375
JH		 2776 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2777 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2778 goto unlock;
2779 }
2780
2781 conn = cmd->user_data;
2782
2783 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 2784 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2785 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2786 goto unlock;
2787 }
2788
a511b35b
JH		 2789 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
2790 mgmt_pending_remove(cmd);
28424707 2791
2a1afb5a
JH		 2792 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2793 addr, sizeof(*addr));
28424707
JH		 2794unlock:
2795 hci_dev_unlock(hdev);
28424707
JH		 2796 return err;
2797}
2798
bdb6d971 2799static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2800 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2801 u16 hci_op, __le32 passkey)
a5c29683 2802{
3b0602cd 2803 struct mgmt_pending_cmd *cmd;
0df4c185 2804 struct hci_conn *conn;
a5c29683
JH		 2805 int err;
2806
09fd0de5 2807 hci_dev_lock(hdev);
08ba5382 2808
4b34ee78 2809 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2810 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2811 MGMT_STATUS_NOT_POWERED, addr,
2812 sizeof(*addr));
0df4c185 2813 goto done;
a5c29683
JH		 2814 }
2815
1707c60e
JH		 2816 if (addr->type == BDADDR_BREDR)
2817 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2818 else
9d4c1cc1
JH		 2819 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
2820 le_addr_type(addr->type));
272d90df
JH		 2821
2822 if (!conn) {
2a1afb5a
JH		 2823 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2824 MGMT_STATUS_NOT_CONNECTED, addr,
2825 sizeof(*addr));
272d90df
JH		 2826 goto done;
2827 }
47c15e2b 2828
1707c60e 2829 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 2830 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 2831 if (!err)
2a1afb5a
JH		 2832 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2833 MGMT_STATUS_SUCCESS, addr,
2834 sizeof(*addr));
5fe57d9e 2835 else
2a1afb5a
JH		 2836 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2837 MGMT_STATUS_FAILED, addr,
2838 sizeof(*addr));
47c15e2b 2839
47c15e2b
BG		 2840 goto done;
2841 }
2842
1707c60e 2843 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2844 if (!cmd) {
2845 err = -ENOMEM;
0df4c185 2846 goto done;
a5c29683
JH		 2847 }
2848
7776d1d8
JH		 2849 cmd->cmd_complete = addr_cmd_complete;
2850
0df4c185 2851 /* Continue with pairing via HCI */
604086b7
BG		 2852 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2853 struct hci_cp_user_passkey_reply cp;
2854
1707c60e 2855 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2856 cp.passkey = passkey;
2857 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2858 } else
1707c60e
JH		 2859 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2860 &addr->bdaddr);
604086b7 2861
a664b5bc
JH		 2862 if (err < 0)
2863 mgmt_pending_remove(cmd);
a5c29683 2864
0df4c185 2865done:
09fd0de5 2866 hci_dev_unlock(hdev);
a5c29683
JH		 2867 return err;
2868}
2869
afeb019d
JK		 2870static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2871 void *data, u16 len)
2872{
2873 struct mgmt_cp_pin_code_neg_reply *cp = data;
2874
2875 BT_DBG("");
2876
1707c60e 2877 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2878 MGMT_OP_PIN_CODE_NEG_REPLY,
2879 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2880}
2881
04124681
GP		 2882static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2883 u16 len)
0df4c185 2884{
650f726d 2885 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2886
2887 BT_DBG("");
2888
2889 if (len != sizeof(*cp))
a69e8375
JH		 2890 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2891 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2892
1707c60e 2893 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2894 MGMT_OP_USER_CONFIRM_REPLY,
2895 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2896}
2897
bdb6d971 2898static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2899 void *data, u16 len)
0df4c185 2900{
c9c2659f 2901 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2902
2903 BT_DBG("");
2904
1707c60e 2905 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2906 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2907 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2908}
2909
04124681
GP		 2910static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2911 u16 len)
604086b7 2912{
650f726d 2913 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2914
2915 BT_DBG("");
2916
1707c60e 2917 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2918 MGMT_OP_USER_PASSKEY_REPLY,
2919 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2920}
2921
bdb6d971 2922static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2923 void *data, u16 len)
604086b7 2924{
650f726d 2925 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2926
2927 BT_DBG("");
2928
1707c60e 2929 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2930 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2931 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2932}
2933
1904a853 2934static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 2935{
2936 struct mgmt_cp_set_local_name *cp;
3b0602cd 2937 struct mgmt_pending_cmd *cmd;
13928971
JH		 2938
2939 BT_DBG("status 0x%02x", status);
2940
2941 hci_dev_lock(hdev);
2942
333ae95d 2943 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 2944 if (!cmd)
2945 goto unlock;
2946
2947 cp = cmd->param;
2948
2949 if (status)
a69e8375
JH		 2950 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2951 mgmt_status(status));
13928971 2952 else
2a1afb5a
JH		 2953 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2954 cp, sizeof(*cp));
13928971
JH		 2955
2956 mgmt_pending_remove(cmd);
2957
2958unlock:
2959 hci_dev_unlock(hdev);
2960}
2961
bdb6d971 2962static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2963 u16 len)
b312b161 2964{
2b4bf397 2965 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 2966 struct mgmt_pending_cmd *cmd;
890ea898 2967 struct hci_request req;
b312b161
JH		 2968 int err;
2969
2970 BT_DBG("");
2971
09fd0de5 2972 hci_dev_lock(hdev);
b312b161 2973
b3f2ca94
JH		 2974 /* If the old values are the same as the new ones just return a
2975 * direct command complete event.
2976 */
2977 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2978 !memcmp(hdev->short_name, cp->short_name,
2979 sizeof(hdev->short_name))) {
2a1afb5a
JH		 2980 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2981 data, len);
b3f2ca94
JH		 2982 goto failed;
2983 }
2984
2b4bf397 2985 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2986
b5235a65 2987 if (!hdev_is_powered(hdev)) {
2b4bf397 2988 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 2989
2a1afb5a
JH		 2990 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2991 data, len);
28cc7bde
JH		 2992 if (err < 0)
2993 goto failed;
2994
f6b7712e
MH		 2995 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
2996 data, len, sk);
28cc7bde 2997
b5235a65
JH		 2998 goto failed;
2999 }
3000
28cc7bde 3001 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3002 if (!cmd) {
3003 err = -ENOMEM;
3004 goto failed;
3005 }
3006
13928971
JH		 3007 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3008
890ea898 3009 hci_req_init(&req, hdev);
3f985050
JH		 3010
3011 if (lmp_bredr_capable(hdev)) {
00cf5040 3012 __hci_req_update_name(&req);
b1a8917c 3013 __hci_req_update_eir(&req);
3f985050
JH		 3014 }
3015
7a5f4990
MH		 3016 /* The name is stored in the scan response data and so
3017 * no need to udpate the advertising data here.
3018 */
3f985050 3019 if (lmp_le_capable(hdev))
f2252570 3020 __hci_req_update_scan_rsp_data(&req, HCI_ADV_CURRENT);
3f985050 3021
13928971 3022 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3023 if (err < 0)
3024 mgmt_pending_remove(cmd);
3025
3026failed:
09fd0de5 3027 hci_dev_unlock(hdev);
b312b161
JH		 3028 return err;
3029}
3030
1b9441f8
JH		 3031static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3032 u16 opcode, struct sk_buff *skb)
3033{
3034 struct mgmt_rp_read_local_oob_data mgmt_rp;
3035 size_t rp_size = sizeof(mgmt_rp);
3036 struct mgmt_pending_cmd *cmd;
3037
3038 BT_DBG("%s status %u", hdev->name, status);
3039
3040 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3041 if (!cmd)
3042 return;
3043
3044 if (status || !skb) {
3045 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3046 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3047 goto remove;
3048 }
3049
3050 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3051
3052 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3053 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3054
3055 if (skb->len < sizeof(*rp)) {
3056 mgmt_cmd_status(cmd->sk, hdev->id,
3057 MGMT_OP_READ_LOCAL_OOB_DATA,
3058 MGMT_STATUS_FAILED);
3059 goto remove;
3060 }
3061
3062 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3063 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3064
3065 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3066 } else {
3067 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3068
3069 if (skb->len < sizeof(*rp)) {
3070 mgmt_cmd_status(cmd->sk, hdev->id,
3071 MGMT_OP_READ_LOCAL_OOB_DATA,
3072 MGMT_STATUS_FAILED);
3073 goto remove;
3074 }
3075
3076 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3077 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3078
3079 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3080 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3081 }
3082
3083 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3084 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3085
3086remove:
3087 mgmt_pending_remove(cmd);
3088}
3089
0f4e68cf 3090static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3091 void *data, u16 data_len)
c35938b2 3092{
3b0602cd 3093 struct mgmt_pending_cmd *cmd;
1b9441f8 3094 struct hci_request req;
c35938b2
SJ		 3095 int err;
3096
bdb6d971 3097 BT_DBG("%s", hdev->name);
c35938b2 3098
09fd0de5 3099 hci_dev_lock(hdev);
c35938b2 3100
4b34ee78 3101 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3102 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3103 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3104 goto unlock;
3105 }
3106
9a1a1996 3107 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3108 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3109 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3110 goto unlock;
3111 }
3112
333ae95d 3113 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3114 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3115 MGMT_STATUS_BUSY);
c35938b2
SJ		 3116 goto unlock;
3117 }
3118
2e58ef3e 3119 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3120 if (!cmd) {
3121 err = -ENOMEM;
3122 goto unlock;
3123 }
3124
1b9441f8
JH		 3125 hci_req_init(&req, hdev);
3126
710f11c0 3127 if (bredr_sc_enabled(hdev))
1b9441f8 3128 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4d2d2796 3129 else
1b9441f8 3130 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4d2d2796 3131
1b9441f8 3132 err = hci_req_run_skb(&req, read_local_oob_data_complete);
c35938b2
SJ		 3133 if (err < 0)
3134 mgmt_pending_remove(cmd);
3135
3136unlock:
09fd0de5 3137 hci_dev_unlock(hdev);
c35938b2
SJ		 3138 return err;
3139}
3140
bdb6d971 3141static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3142 void *data, u16 len)
2763eda6 3143{
5d57e796 3144 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3145 int err;
3146
bdb6d971 3147 BT_DBG("%s ", hdev->name);
2763eda6 3148
5d57e796 3149 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3150 return mgmt_cmd_complete(sk, hdev->id,
3151 MGMT_OP_ADD_REMOTE_OOB_DATA,
3152 MGMT_STATUS_INVALID_PARAMS,
3153 addr, sizeof(*addr));
5d57e796 3154
09fd0de5 3155 hci_dev_lock(hdev);
2763eda6 3156
ec109113
MH		 3157 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3158 struct mgmt_cp_add_remote_oob_data *cp = data;
3159 u8 status;
bf1e3541 3160
c19a495c 3161 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3162 err = mgmt_cmd_complete(sk, hdev->id,
3163 MGMT_OP_ADD_REMOTE_OOB_DATA,
3164 MGMT_STATUS_INVALID_PARAMS,
3165 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3166 goto unlock;
3167 }
3168
ec109113 3169 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3170 cp->addr.type, cp->hash,
3171 cp->rand, NULL, NULL);
ec109113
MH		 3172 if (err < 0)
3173 status = MGMT_STATUS_FAILED;
3174 else
3175 status = MGMT_STATUS_SUCCESS;
3176
2a1afb5a
JH		 3177 err = mgmt_cmd_complete(sk, hdev->id,
3178 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3179 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3180 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3181 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3182 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3183 u8 status;
3184
86df9200 3185 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3186 /* Enforce zero-valued 192-bit parameters as
3187 * long as legacy SMP OOB isn't implemented.
3188 */
3189 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3190 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3191 err = mgmt_cmd_complete(sk, hdev->id,
3192 MGMT_OP_ADD_REMOTE_OOB_DATA,
3193 MGMT_STATUS_INVALID_PARAMS,
3194 addr, sizeof(*addr));
d25b78e2
JH		 3195 goto unlock;
3196 }
3197
86df9200
JH		 3198 rand192 = NULL;
3199 hash192 = NULL;
3200 } else {
41bcfd50
MH		 3201 /* In case one of the P-192 values is set to zero,
3202 * then just disable OOB data for P-192.
3203 */
3204 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3205 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3206 rand192 = NULL;
3207 hash192 = NULL;
3208 } else {
3209 rand192 = cp->rand192;
3210 hash192 = cp->hash192;
3211 }
3212 }
3213
3214 /* In case one of the P-256 values is set to zero, then just
3215 * disable OOB data for P-256.
3216 */
3217 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3218 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3219 rand256 = NULL;
3220 hash256 = NULL;
3221 } else {
3222 rand256 = cp->rand256;
3223 hash256 = cp->hash256;
86df9200
JH		 3224 }
3225
81328d5c 3226 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3227 cp->addr.type, hash192, rand192,
41bcfd50 3228 hash256, rand256);
ec109113
MH		 3229 if (err < 0)
3230 status = MGMT_STATUS_FAILED;
3231 else
3232 status = MGMT_STATUS_SUCCESS;
3233
2a1afb5a
JH		 3234 err = mgmt_cmd_complete(sk, hdev->id,
3235 MGMT_OP_ADD_REMOTE_OOB_DATA,
3236 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3237 } else {
3238 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3239 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3240 MGMT_STATUS_INVALID_PARAMS);
ec109113 3241 }
2763eda6 3242
c19a495c 3243unlock:
09fd0de5 3244 hci_dev_unlock(hdev);
2763eda6
SJ		 3245 return err;
3246}
3247
bdb6d971 3248static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3249 void *data, u16 len)
2763eda6 3250{
650f726d 3251 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3252 u8 status;
2763eda6
SJ		 3253 int err;
3254
bdb6d971 3255 BT_DBG("%s", hdev->name);
2763eda6 3256
c19a495c 3257 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3258 return mgmt_cmd_complete(sk, hdev->id,
3259 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3260 MGMT_STATUS_INVALID_PARAMS,
3261 &cp->addr, sizeof(cp->addr));
c19a495c 3262
09fd0de5 3263 hci_dev_lock(hdev);
2763eda6 3264
eedbd581
JH		 3265 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3266 hci_remote_oob_data_clear(hdev);
3267 status = MGMT_STATUS_SUCCESS;
3268 goto done;
3269 }
3270
6928a924 3271 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3272 if (err < 0)
bf1e3541 3273 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3274 else
a6785be2 3275 status = MGMT_STATUS_SUCCESS;
bf1e3541 3276
eedbd581 3277done:
2a1afb5a
JH		 3278 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3279 status, &cp->addr, sizeof(cp->addr));
2763eda6 3280
09fd0de5 3281 hci_dev_unlock(hdev);
2763eda6
SJ		 3282 return err;
3283}
3284
e68f072b 3285void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
7c307720 3286{
3b0602cd 3287 struct mgmt_pending_cmd *cmd;
ae55f598 3288
7c307720
AG		 3289 BT_DBG("status %d", status);
3290
11e6e25d 3291 hci_dev_lock(hdev);
41dc2bd6 3292
333ae95d 3293 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 3294 if (!cmd)
333ae95d 3295 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 3296
11e6e25d 3297 if (cmd) {
2922a94f 3298 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3299 mgmt_pending_remove(cmd);
3300 }
7c307720 3301
11e6e25d 3302 hci_dev_unlock(hdev);
7c307720
AG		 3303}
3304
591752af
JH		 3305static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3306 uint8_t *mgmt_status)
3307{
3308 switch (type) {
3309 case DISCOV_TYPE_LE:
3310 *mgmt_status = mgmt_le_support(hdev);
3311 if (*mgmt_status)
3312 return false;
3313 break;
3314 case DISCOV_TYPE_INTERLEAVED:
3315 *mgmt_status = mgmt_le_support(hdev);
3316 if (*mgmt_status)
3317 return false;
3318 /* Intentional fall-through */
3319 case DISCOV_TYPE_BREDR:
3320 *mgmt_status = mgmt_bredr_support(hdev);
3321 if (*mgmt_status)
3322 return false;
3323 break;
3324 default:
3325 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3326 return false;
3327 }
3328
3329 return true;
3330}
3331
bdb6d971 3332static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3333 void *data, u16 len)
14a53664 3334{
650f726d 3335 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 3336 struct mgmt_pending_cmd *cmd;
8019044d 3337 u8 status;
14a53664
JH		 3338 int err;
3339
bdb6d971 3340 BT_DBG("%s", hdev->name);
14a53664 3341
09fd0de5 3342 hci_dev_lock(hdev);
14a53664 3343
4b34ee78 3344 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3345 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3346 MGMT_STATUS_NOT_POWERED,
3347 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3348 goto failed;
3349 }
3350
f5a969f2 3351 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 3352 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 3353 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3354 MGMT_STATUS_BUSY, &cp->type,
3355 sizeof(cp->type));
642be6c7
AG		 3356 goto failed;
3357 }
3358
591752af
JH		 3359 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3360 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3361 status, &cp->type, sizeof(cp->type));
3362 goto failed;
3363 }
3364
22078800
MH		 3365 /* Clear the discovery filter first to free any previously
3366 * allocated memory for the UUID list.
3367 */
3368 hci_discovery_filter_clear(hdev);
3369
4aab14e5 3370 hdev->discovery.type = cp->type;
da25cf6a 3371 hdev->discovery.report_invalid_rssi = false;
4aab14e5 3372
e68f072b
JH		 3373 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
3374 if (!cmd) {
3375 err = -ENOMEM;
04106755 3376 goto failed;
f39799f5 3377 }
04106755 3378
e68f072b 3379 cmd->cmd_complete = generic_cmd_complete;
7c307720 3380
f5a969f2 3381 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 3382 queue_work(hdev->req_workqueue, &hdev->discov_update);
3383 err = 0;
7c307720 3384
14a53664 3385failed:
09fd0de5 3386 hci_dev_unlock(hdev);
14a53664
JH		 3387 return err;
3388}
f39799f5 3389
3b0602cd
JH		 3390static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3391 u8 status)
2922a94f 3392{
2a1afb5a
JH		 3393 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3394 cmd->param, 1);
2922a94f 3395}
04106755 3396
66ea9427
JP		 3397static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3398 void *data, u16 len)
3399{
3400 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 3401 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 3402 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3403 u16 uuid_count, expected_len;
3404 u8 status;
3405 int err;
04106755 3406
66ea9427 3407 BT_DBG("%s", hdev->name);
e8bb6b97 3408
66ea9427 3409 hci_dev_lock(hdev);
7c307720 3410
66ea9427 3411 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3412 err = mgmt_cmd_complete(sk, hdev->id,
3413 MGMT_OP_START_SERVICE_DISCOVERY,
3414 MGMT_STATUS_NOT_POWERED,
3415 &cp->type, sizeof(cp->type));
66ea9427
JP		 3416 goto failed;
3417 }
7c307720 3418
66ea9427 3419 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 3420 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 3421 err = mgmt_cmd_complete(sk, hdev->id,
3422 MGMT_OP_START_SERVICE_DISCOVERY,
3423 MGMT_STATUS_BUSY, &cp->type,
3424 sizeof(cp->type));
66ea9427
JP		 3425 goto failed;
3426 }
d9483943 3427
66ea9427
JP		 3428 uuid_count = __le16_to_cpu(cp->uuid_count);
3429 if (uuid_count > max_uuid_count) {
3430 BT_ERR("service_discovery: too big uuid_count value %u",
3431 uuid_count);
2a1afb5a
JH		 3432 err = mgmt_cmd_complete(sk, hdev->id,
3433 MGMT_OP_START_SERVICE_DISCOVERY,
3434 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3435 sizeof(cp->type));
66ea9427
JP		 3436 goto failed;
3437 }
3438
3439 expected_len = sizeof(*cp) + uuid_count * 16;
3440 if (expected_len != len) {
3441 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
3442 expected_len, len);
2a1afb5a
JH		 3443 err = mgmt_cmd_complete(sk, hdev->id,
3444 MGMT_OP_START_SERVICE_DISCOVERY,
3445 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3446 sizeof(cp->type));
66ea9427
JP		 3447 goto failed;
3448 }
3449
591752af
JH		 3450 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3451 err = mgmt_cmd_complete(sk, hdev->id,
3452 MGMT_OP_START_SERVICE_DISCOVERY,
3453 status, &cp->type, sizeof(cp->type));
3454 goto failed;
3455 }
3456
66ea9427 3457 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 3458 hdev, data, len);
66ea9427
JP		 3459 if (!cmd) {
3460 err = -ENOMEM;
3461 goto failed;
3462 }
3463
2922a94f
JH		 3464 cmd->cmd_complete = service_discovery_cmd_complete;
3465
22078800
MH		 3466 /* Clear the discovery filter first to free any previously
3467 * allocated memory for the UUID list.
3468 */
3469 hci_discovery_filter_clear(hdev);
3470
82f8b651 3471 hdev->discovery.result_filtering = true;
66ea9427
JP		 3472 hdev->discovery.type = cp->type;
3473 hdev->discovery.rssi = cp->rssi;
3474 hdev->discovery.uuid_count = uuid_count;
3475
3476 if (uuid_count > 0) {
3477 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
3478 GFP_KERNEL);
3479 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 3480 err = mgmt_cmd_complete(sk, hdev->id,
3481 MGMT_OP_START_SERVICE_DISCOVERY,
3482 MGMT_STATUS_FAILED,
3483 &cp->type, sizeof(cp->type));
d9483943
JH		 3484 mgmt_pending_remove(cmd);
3485 goto failed;
3486 }
66ea9427 3487 }
d9483943 3488
66ea9427 3489 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 3490 queue_work(hdev->req_workqueue, &hdev->discov_update);
3491 err = 0;
14a53664
JH		 3492
3493failed:
09fd0de5 3494 hci_dev_unlock(hdev);
14a53664
JH		 3495 return err;
3496}
3497
2154d3f4 3498void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca 3499{
3b0602cd 3500 struct mgmt_pending_cmd *cmd;
1183fdca 3501
0e05bba6
AG		 3502 BT_DBG("status %d", status);
3503
3504 hci_dev_lock(hdev);
3505
333ae95d 3506 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 3507 if (cmd) {
2922a94f 3508 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 3509 mgmt_pending_remove(cmd);
0e05bba6
AG		 3510 }
3511
0e05bba6
AG		 3512 hci_dev_unlock(hdev);
3513}
3514
bdb6d971 3515static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3516 u16 len)
14a53664 3517{
d930650b 3518 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 3519 struct mgmt_pending_cmd *cmd;
14a53664
JH		 3520 int err;
3521
bdb6d971 3522 BT_DBG("%s", hdev->name);
14a53664 3523
09fd0de5 3524 hci_dev_lock(hdev);
14a53664 3525
30dc78e1 3526 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 3527 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3528 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3529 sizeof(mgmt_cp->type));
d930650b
JH		 3530 goto unlock;
3531 }
3532
3533 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 3534 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3535 MGMT_STATUS_INVALID_PARAMS,
3536 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 3537 goto unlock;
ff9ef578
JH		 3538 }
3539
2922a94f 3540 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 3541 if (!cmd) {
3542 err = -ENOMEM;
30dc78e1
JH		 3543 goto unlock;
3544 }
3545
2922a94f
JH		 3546 cmd->cmd_complete = generic_cmd_complete;
3547
2154d3f4
JH		 3548 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3549 queue_work(hdev->req_workqueue, &hdev->discov_update);
3550 err = 0;
14a53664 3551
30dc78e1 3552unlock:
09fd0de5 3553 hci_dev_unlock(hdev);
14a53664
JH		 3554 return err;
3555}
3556
bdb6d971 3557static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3558 u16 len)
561aafbc 3559{
650f726d 3560 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3561 struct inquiry_entry *e;
561aafbc
JH		 3562 int err;
3563
bdb6d971 3564 BT_DBG("%s", hdev->name);
561aafbc 3565
561aafbc
JH		 3566 hci_dev_lock(hdev);
3567
30dc78e1 3568 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 3569 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3570 MGMT_STATUS_FAILED, &cp->addr,
3571 sizeof(cp->addr));
30dc78e1
JH		 3572 goto failed;
3573 }
3574
a198e7b1 3575 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3576 if (!e) {
2a1afb5a
JH		 3577 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3578 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3579 sizeof(cp->addr));
561aafbc
JH		 3580 goto failed;
3581 }
3582
3583 if (cp->name_known) {
3584 e->name_state = NAME_KNOWN;
3585 list_del(&e->list);
3586 } else {
3587 e->name_state = NAME_NEEDED;
a3d4e20a 3588 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3589 }
3590
2a1afb5a
JH		 3591 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
3592 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 3593
3594failed:
3595 hci_dev_unlock(hdev);
561aafbc
JH		 3596 return err;
3597}
3598
bdb6d971 3599static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3600 u16 len)
7fbec224 3601{
650f726d 3602 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3603 u8 status;
7fbec224
AJ		 3604 int err;
3605
bdb6d971 3606 BT_DBG("%s", hdev->name);
7fbec224 3607
4ee71b20 3608 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3609 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3610 MGMT_STATUS_INVALID_PARAMS,
3611 &cp->addr, sizeof(cp->addr));
4ee71b20 3612
09fd0de5 3613 hci_dev_lock(hdev);
5e762444 3614
dcc36c16
JH		 3615 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3616 cp->addr.type);
2a8357f2 3617 if (err < 0) {
f0eeea8b 3618 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3619 goto done;
3620 }
3621
3622 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3623 sk);
3624 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3625
2a8357f2 3626done:
2a1afb5a
JH		 3627 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3628 &cp->addr, sizeof(cp->addr));
5e762444 3629
09fd0de5 3630 hci_dev_unlock(hdev);
7fbec224
AJ		 3631
3632 return err;
3633}
3634
bdb6d971 3635static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3636 u16 len)
7fbec224 3637{
650f726d 3638 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3639 u8 status;
7fbec224
AJ		 3640 int err;
3641
bdb6d971 3642 BT_DBG("%s", hdev->name);
7fbec224 3643
4ee71b20 3644 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3645 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3646 MGMT_STATUS_INVALID_PARAMS,
3647 &cp->addr, sizeof(cp->addr));
4ee71b20 3648
09fd0de5 3649 hci_dev_lock(hdev);
5e762444 3650
dcc36c16
JH		 3651 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
3652 cp->addr.type);
2a8357f2 3653 if (err < 0) {
f0eeea8b 3654 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 3655 goto done;
3656 }
3657
3658 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3659 sk);
3660 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3661
2a8357f2 3662done:
2a1afb5a
JH		 3663 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3664 &cp->addr, sizeof(cp->addr));
5e762444 3665
09fd0de5 3666 hci_dev_unlock(hdev);
7fbec224
AJ		 3667
3668 return err;
3669}
3670
cdbaccca
MH		 3671static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3672 u16 len)
3673{
3674 struct mgmt_cp_set_device_id *cp = data;
890ea898 3675 struct hci_request req;
cdbaccca 3676 int err;
c72d4b8a 3677 __u16 source;
cdbaccca
MH		 3678
3679 BT_DBG("%s", hdev->name);
3680
c72d4b8a
SJ		 3681 source = __le16_to_cpu(cp->source);
3682
3683 if (source > 0x0002)
a69e8375
JH		 3684 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3685 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 3686
cdbaccca
MH		 3687 hci_dev_lock(hdev);
3688
c72d4b8a 3689 hdev->devid_source = source;
cdbaccca
MH		 3690 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3691 hdev->devid_product = __le16_to_cpu(cp->product);
3692 hdev->devid_version = __le16_to_cpu(cp->version);
3693
2a1afb5a
JH		 3694 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
3695 NULL, 0);
cdbaccca 3696
890ea898 3697 hci_req_init(&req, hdev);
b1a8917c 3698 __hci_req_update_eir(&req);
890ea898 3699 hci_req_run(&req, NULL);
cdbaccca
MH		 3700
3701 hci_dev_unlock(hdev);
3702
3703 return err;
3704}
3705
24b4f38f
AU		 3706static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
3707 u16 opcode)
3708{
3709 BT_DBG("status %d", status);
3710}
3711
1904a853
MH		 3712static void set_advertising_complete(struct hci_dev *hdev, u8 status,
3713 u16 opcode)
4375f103
JH		 3714{
3715 struct cmd_lookup match = { NULL, hdev };
24b4f38f 3716 struct hci_request req;
7816b820
FG		 3717 u8 instance;
3718 struct adv_info *adv_instance;
3719 int err;
4375f103 3720
3ad67582
JK		 3721 hci_dev_lock(hdev);
3722
4375f103
JH		 3723 if (status) {
3724 u8 mgmt_err = mgmt_status(status);
3725
3726 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3727 cmd_status_rsp, &mgmt_err);
3ad67582 3728 goto unlock;
4375f103
JH		 3729 }
3730
d7a5a11d 3731 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 3732 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 3733 else
a358dc11 3734 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 3735
4375f103
JH		 3736 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3737 &match);
3738
3739 new_settings(hdev, match.sk);
3740
3741 if (match.sk)
3742 sock_put(match.sk);
3ad67582 3743
24b4f38f 3744 /* If "Set Advertising" was just disabled and instance advertising was
7816b820 3745 * set up earlier, then re-enable multi-instance advertising.
24b4f38f
AU		 3746 */
3747 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7816b820
FG		 3748 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) ||
3749 list_empty(&hdev->adv_instances))
24b4f38f
AU		 3750 goto unlock;
3751
7816b820
FG		 3752 instance = hdev->cur_adv_instance;
3753 if (!instance) {
3754 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
3755 struct adv_info, list);
3756 if (!adv_instance)
3757 goto unlock;
3758
3759 instance = adv_instance->instance;
3760 }
3761
24b4f38f
AU		 3762 hci_req_init(&req, hdev);
3763
f2252570 3764 err = __hci_req_schedule_adv_instance(&req, instance, true);
7816b820
FG		 3765
3766 if (!err)
3767 err = hci_req_run(&req, enable_advertising_instance);
24b4f38f 3768
7816b820 3769 if (err)
24b4f38f
AU		 3770 BT_ERR("Failed to re-configure advertising");
3771
3ad67582
JK		 3772unlock:
3773 hci_dev_unlock(hdev);
4375f103
JH		 3774}
3775
21b5187f
MH		 3776static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3777 u16 len)
4375f103
JH		 3778{
3779 struct mgmt_mode *cp = data;
3b0602cd 3780 struct mgmt_pending_cmd *cmd;
4375f103 3781 struct hci_request req;
cc91cb04 3782 u8 val, status;
4375f103
JH		 3783 int err;
3784
3785 BT_DBG("request for %s", hdev->name);
3786
e6fe7986
JH		 3787 status = mgmt_le_support(hdev);
3788 if (status)
a69e8375
JH		 3789 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3790 status);
4375f103 3791
cc91cb04 3792 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 3793 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3794 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 3795
3796 hci_dev_lock(hdev);
3797
3798 val = !!cp->val;
4375f103 3799
f74ca9b8
JH		 3800 /* The following conditions are ones which mean that we should
3801 * not do any HCI communication but directly send a mgmt
3802 * response to user space (after toggling the flag if
3803 * necessary).
3804 */
cc91cb04 3805 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 3806 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
3807 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 3808 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 3809 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 3810 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 3811 bool changed;
4375f103 3812
cc91cb04 3813 if (cp->val) {
238be788 3814 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 3815 if (cp->val == 0x02)
a1536da2 3816 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3817 else
a358dc11 3818 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3819 } else {
a69d8927 3820 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 3821 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 3822 }
3823
3824 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3825 if (err < 0)
3826 goto unlock;
3827
3828 if (changed)
3829 err = new_settings(hdev, sk);
3830
3831 goto unlock;
3832 }
3833
333ae95d
JH		 3834 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3835 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 3836 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3837 MGMT_STATUS_BUSY);
4375f103
JH		 3838 goto unlock;
3839 }
3840
3841 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3842 if (!cmd) {
3843 err = -ENOMEM;
3844 goto unlock;
3845 }
3846
3847 hci_req_init(&req, hdev);
3848
cc91cb04 3849 if (cp->val == 0x02)
a1536da2 3850 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3851 else
a358dc11 3852 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3853
7816b820
FG		 3854 cancel_adv_timeout(hdev);
3855
24b4f38f 3856 if (val) {
7816b820
FG		 3857 /* Switch to instance "0" for the Set Advertising setting.
3858 * We cannot use update_[adv|scan_rsp]_data() here as the
3859 * HCI_ADVERTISING flag is not yet set.
3860 */
f2252570
JH		 3861 __hci_req_update_adv_data(&req, 0x00);
3862 __hci_req_update_scan_rsp_data(&req, 0x00);
3863 __hci_req_enable_advertising(&req);
24b4f38f 3864 } else {
f2252570 3865 __hci_req_disable_advertising(&req);
24b4f38f 3866 }
4375f103
JH		 3867
3868 err = hci_req_run(&req, set_advertising_complete);
3869 if (err < 0)
3870 mgmt_pending_remove(cmd);
3871
3872unlock:
3873 hci_dev_unlock(hdev);
3874 return err;
3875}
3876
d13eafce
MH		 3877static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3878 void *data, u16 len)
3879{
3880 struct mgmt_cp_set_static_address *cp = data;
3881 int err;
3882
3883 BT_DBG("%s", hdev->name);
3884
62af4443 3885 if (!lmp_le_capable(hdev))
a69e8375
JH		 3886 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3887 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3888
3889 if (hdev_is_powered(hdev))
a69e8375
JH		 3890 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3891 MGMT_STATUS_REJECTED);
d13eafce
MH		 3892
3893 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3894 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 3895 return mgmt_cmd_status(sk, hdev->id,
3896 MGMT_OP_SET_STATIC_ADDRESS,
3897 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 3898
3899 /* Two most significant bits shall be set */
3900 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 3901 return mgmt_cmd_status(sk, hdev->id,
3902 MGMT_OP_SET_STATIC_ADDRESS,
3903 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 3904 }
3905
3906 hci_dev_lock(hdev);
3907
3908 bacpy(&hdev->static_addr, &cp->bdaddr);
3909
93690c22
MH		 3910 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
3911 if (err < 0)
3912 goto unlock;
3913
3914 err = new_settings(hdev, sk);
d13eafce 3915
93690c22 3916unlock:
d13eafce 3917 hci_dev_unlock(hdev);
d13eafce
MH		 3918 return err;
3919}
3920
14b49b9a
MH		 3921static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3922 void *data, u16 len)
3923{
3924 struct mgmt_cp_set_scan_params *cp = data;
3925 __u16 interval, window;
3926 int err;
3927
3928 BT_DBG("%s", hdev->name);
3929
3930 if (!lmp_le_capable(hdev))
a69e8375
JH		 3931 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3932 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 3933
3934 interval = __le16_to_cpu(cp->interval);
3935
3936 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 3937 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3938 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 3939
3940 window = __le16_to_cpu(cp->window);
3941
3942 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 3943 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3944 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 3945
899e1075 3946 if (window > interval)
a69e8375
JH		 3947 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3948 MGMT_STATUS_INVALID_PARAMS);
899e1075 3949
14b49b9a
MH		 3950 hci_dev_lock(hdev);
3951
3952 hdev->le_scan_interval = interval;
3953 hdev->le_scan_window = window;
3954
2a1afb5a
JH		 3955 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
3956 NULL, 0);
14b49b9a 3957
dd2ef8e2
AG		 3958 /* If background scan is running, restart it so new parameters are
3959 * loaded.
3960 */
d7a5a11d 3961 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 3962 hdev->discovery.state == DISCOVERY_STOPPED) {
3963 struct hci_request req;
3964
3965 hci_req_init(&req, hdev);
3966
3967 hci_req_add_le_scan_disable(&req);
3968 hci_req_add_le_passive_scan(&req);
3969
3970 hci_req_run(&req, NULL);
3971 }
3972
14b49b9a
MH		 3973 hci_dev_unlock(hdev);
3974
3975 return err;
3976}
3977
1904a853
MH		 3978static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
3979 u16 opcode)
33e38b3e 3980{
3b0602cd 3981 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 3982
3983 BT_DBG("status 0x%02x", status);
3984
3985 hci_dev_lock(hdev);
3986
333ae95d 3987 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
33e38b3e
JH		 3988 if (!cmd)
3989 goto unlock;
3990
3991 if (status) {
a69e8375
JH		 3992 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3993 mgmt_status(status));
33e38b3e 3994 } else {
1a4d3c4b
JH		 3995 struct mgmt_mode *cp = cmd->param;
3996
3997 if (cp->val)
a1536da2 3998 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 3999 else
a358dc11 4000 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4001
33e38b3e
JH		 4002 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4003 new_settings(hdev, cmd->sk);
4004 }
4005
4006 mgmt_pending_remove(cmd);
4007
4008unlock:
4009 hci_dev_unlock(hdev);
4010}
4011
bdb6d971 4012static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4013 void *data, u16 len)
f6422ec6 4014{
650f726d 4015 struct mgmt_mode *cp = data;
3b0602cd 4016 struct mgmt_pending_cmd *cmd;
33e38b3e 4017 struct hci_request req;
f6422ec6
AJ		 4018 int err;
4019
bdb6d971 4020 BT_DBG("%s", hdev->name);
f6422ec6 4021
d7a5a11d 4022 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4023 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4024 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4025 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4026
a7e80f25 4027 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4028 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4029 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4030
f6422ec6
AJ		 4031 hci_dev_lock(hdev);
4032
333ae95d 4033 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4034 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4035 MGMT_STATUS_BUSY);
05cbf29f
JH		 4036 goto unlock;
4037 }
4038
d7a5a11d 4039 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4040 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4041 hdev);
4042 goto unlock;
4043 }
4044
406ef2a6 4045 if (!hdev_is_powered(hdev)) {
ce05d603 4046 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4047 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4048 hdev);
4049 new_settings(hdev, sk);
4050 goto unlock;
4051 }
4052
33e38b3e
JH		 4053 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4054 data, len);
4055 if (!cmd) {
4056 err = -ENOMEM;
4057 goto unlock;
f6422ec6
AJ		 4058 }
4059
33e38b3e
JH		 4060 hci_req_init(&req, hdev);
4061
bf943cbf 4062 __hci_req_write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4063
4064 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4065 if (err < 0) {
a69e8375
JH		 4066 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4067 MGMT_STATUS_FAILED);
33e38b3e 4068 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4069 }
4070
33e38b3e 4071unlock:
f6422ec6 4072 hci_dev_unlock(hdev);
33e38b3e 4073
f6422ec6
AJ		 4074 return err;
4075}
4076
1904a853 4077static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4078{
3b0602cd 4079 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4080
4081 BT_DBG("status 0x%02x", status);
4082
4083 hci_dev_lock(hdev);
4084
333ae95d 4085 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
0663ca2a
JH		 4086 if (!cmd)
4087 goto unlock;
4088
4089 if (status) {
4090 u8 mgmt_err = mgmt_status(status);
4091
4092 /* We need to restore the flag if related HCI commands
4093 * failed.
4094 */
a358dc11 4095 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4096
a69e8375 4097 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4098 } else {
4099 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4100 new_settings(hdev, cmd->sk);
4101 }
4102
4103 mgmt_pending_remove(cmd);
4104
4105unlock:
4106 hci_dev_unlock(hdev);
4107}
4108
4109static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4110{
4111 struct mgmt_mode *cp = data;
3b0602cd 4112 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4113 struct hci_request req;
4114 int err;
4115
4116 BT_DBG("request for %s", hdev->name);
4117
4118 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4119 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4120 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4121
d7a5a11d 4122 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4123 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4124 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4125
4126 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4127 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4128 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4129
4130 hci_dev_lock(hdev);
4131
d7a5a11d 4132 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4133 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4134 goto unlock;
4135 }
4136
4137 if (!hdev_is_powered(hdev)) {
4138 if (!cp->val) {
a358dc11
MH		 4139 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4140 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4141 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4142 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4143 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4144 }
4145
ce05d603 4146 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4147
4148 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4149 if (err < 0)
4150 goto unlock;
4151
4152 err = new_settings(hdev, sk);
4153 goto unlock;
4154 }
4155
4156 /* Reject disabling when powered on */
4157 if (!cp->val) {
a69e8375
JH		 4158 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4159 MGMT_STATUS_REJECTED);
0663ca2a 4160 goto unlock;
111e4bcc
MH		 4161 } else {
4162 /* When configuring a dual-mode controller to operate
4163 * with LE only and using a static address, then switching
4164 * BR/EDR back on is not allowed.
4165 *
4166 * Dual-mode controllers shall operate with the public
4167 * address as its identity address for BR/EDR and LE. So
4168 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4169 *
4170 * The same restrictions applies when secure connections
4171 * has been enabled. For BR/EDR this is a controller feature
4172 * while for LE it is a host stack feature. This means that
4173 * switching BR/EDR back on when secure connections has been
4174 * enabled is not a supported transaction.
111e4bcc 4175 */
d7a5a11d 4176 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 4177 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 4178 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 4179 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4180 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4181 goto unlock;
4182 }
0663ca2a
JH		 4183 }
4184
333ae95d 4185 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4186 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4187 MGMT_STATUS_BUSY);
0663ca2a
JH		 4188 goto unlock;
4189 }
4190
4191 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4192 if (!cmd) {
4193 err = -ENOMEM;
4194 goto unlock;
4195 }
4196
f2252570
JH		 4197 /* We need to flip the bit already here so that
4198 * hci_req_update_adv_data generates the correct flags.
0663ca2a 4199 */
a1536da2 4200 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4201
4202 hci_req_init(&req, hdev);
aa8af46e 4203
bf943cbf 4204 __hci_req_write_fast_connectable(&req, false);
01b1cb87 4205 __hci_req_update_scan(&req);
aa8af46e 4206
f14d8f64
MH		 4207 /* Since only the advertising data flags will change, there
4208 * is no need to update the scan response data.
4209 */
f2252570 4210 __hci_req_update_adv_data(&req, HCI_ADV_CURRENT);
aa8af46e 4211
0663ca2a
JH		 4212 err = hci_req_run(&req, set_bredr_complete);
4213 if (err < 0)
4214 mgmt_pending_remove(cmd);
4215
4216unlock:
4217 hci_dev_unlock(hdev);
4218 return err;
4219}
4220
a1443f5a
JH		 4221static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4222{
3b0602cd 4223 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4224 struct mgmt_mode *cp;
4225
4226 BT_DBG("%s status %u", hdev->name, status);
4227
4228 hci_dev_lock(hdev);
4229
333ae95d 4230 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
a1443f5a
JH		 4231 if (!cmd)
4232 goto unlock;
4233
4234 if (status) {
a69e8375
JH		 4235 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4236 mgmt_status(status));
a1443f5a
JH		 4237 goto remove;
4238 }
4239
4240 cp = cmd->param;
4241
4242 switch (cp->val) {
4243 case 0x00:
a358dc11
MH		 4244 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4245 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4246 break;
4247 case 0x01:
a1536da2 4248 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 4249 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4250 break;
4251 case 0x02:
a1536da2
MH		 4252 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4253 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4254 break;
4255 }
4256
4257 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4258 new_settings(hdev, cmd->sk);
4259
4260remove:
4261 mgmt_pending_remove(cmd);
4262unlock:
4263 hci_dev_unlock(hdev);
4264}
4265
eac83dc6
MH		 4266static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4267 void *data, u16 len)
4268{
4269 struct mgmt_mode *cp = data;
3b0602cd 4270 struct mgmt_pending_cmd *cmd;
a1443f5a 4271 struct hci_request req;
a3209694 4272 u8 val;
eac83dc6
MH		 4273 int err;
4274
4275 BT_DBG("request for %s", hdev->name);
4276
05b3c3e7 4277 if (!lmp_sc_capable(hdev) &&
d7a5a11d 4278 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4279 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4280 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 4281
d7a5a11d 4282 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 4283 lmp_sc_capable(hdev) &&
d7a5a11d 4284 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 4285 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4286 MGMT_STATUS_REJECTED);
ed93ec69 4287
0ab04a9c 4288 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 4289 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 4290 MGMT_STATUS_INVALID_PARAMS);
4291
4292 hci_dev_lock(hdev);
4293
05b3c3e7 4294 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 4295 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 4296 bool changed;
4297
0ab04a9c 4298 if (cp->val) {
238be788
MH		 4299 changed = !hci_dev_test_and_set_flag(hdev,
4300 HCI_SC_ENABLED);
0ab04a9c 4301 if (cp->val == 0x02)
a1536da2 4302 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4303 else
a358dc11 4304 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4305 } else {
a69d8927
MH		 4306 changed = hci_dev_test_and_clear_flag(hdev,
4307 HCI_SC_ENABLED);
a358dc11 4308 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4309 }
eac83dc6
MH		 4310
4311 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4312 if (err < 0)
4313 goto failed;
4314
4315 if (changed)
4316 err = new_settings(hdev, sk);
4317
4318 goto failed;
4319 }
4320
333ae95d 4321 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 4322 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4323 MGMT_STATUS_BUSY);
eac83dc6
MH		 4324 goto failed;
4325 }
4326
0ab04a9c
MH		 4327 val = !!cp->val;
4328
d7a5a11d
MH		 4329 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4330 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 4331 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4332 goto failed;
4333 }
4334
4335 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4336 if (!cmd) {
4337 err = -ENOMEM;
4338 goto failed;
4339 }
4340
a1443f5a
JH		 4341 hci_req_init(&req, hdev);
4342 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4343 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 4344 if (err < 0) {
4345 mgmt_pending_remove(cmd);
4346 goto failed;
4347 }
4348
4349failed:
4350 hci_dev_unlock(hdev);
4351 return err;
4352}
4353
4e39ac81
MH		 4354static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4355 void *data, u16 len)
4356{
4357 struct mgmt_mode *cp = data;
b9710979 4358 bool changed, use_changed;
4e39ac81
MH		 4359 int err;
4360
4361 BT_DBG("request for %s", hdev->name);
4362
b9710979 4363 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4364 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4365 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 4366
4367 hci_dev_lock(hdev);
4368
4369 if (cp->val)
238be788 4370 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 4371 else
a69d8927
MH		 4372 changed = hci_dev_test_and_clear_flag(hdev,
4373 HCI_KEEP_DEBUG_KEYS);
4e39ac81 4374
b9710979 4375 if (cp->val == 0x02)
238be788
MH		 4376 use_changed = !hci_dev_test_and_set_flag(hdev,
4377 HCI_USE_DEBUG_KEYS);
b9710979 4378 else
a69d8927
MH		 4379 use_changed = hci_dev_test_and_clear_flag(hdev,
4380 HCI_USE_DEBUG_KEYS);
b9710979
JH		 4381
4382 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 4383 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 4384 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4385 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4386 sizeof(mode), &mode);
4387 }
4388
4e39ac81
MH		 4389 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4390 if (err < 0)
4391 goto unlock;
4392
4393 if (changed)
4394 err = new_settings(hdev, sk);
4395
4396unlock:
4397 hci_dev_unlock(hdev);
4398 return err;
4399}
4400
62b04cd1
JH		 4401static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4402 u16 len)
4403{
4404 struct mgmt_cp_set_privacy *cp = cp_data;
4405 bool changed;
4406 int err;
4407
4408 BT_DBG("request for %s", hdev->name);
4409
4410 if (!lmp_le_capable(hdev))
a69e8375
JH		 4411 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4412 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 4413
4414 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 4415 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4416 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 4417
4418 if (hdev_is_powered(hdev))
a69e8375
JH		 4419 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4420 MGMT_STATUS_REJECTED);
62b04cd1
JH		 4421
4422 hci_dev_lock(hdev);
4423
c21c0ea0
JH		 4424 /* If user space supports this command it is also expected to
4425 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4426 */
a1536da2 4427 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 4428
62b04cd1 4429 if (cp->privacy) {
238be788 4430 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 4431 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 4432 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1 4433 } else {
a69d8927 4434 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 4435 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 4436 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 4437 }
4438
4439 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4440 if (err < 0)
4441 goto unlock;
4442
4443 if (changed)
4444 err = new_settings(hdev, sk);
4445
4446unlock:
4447 hci_dev_unlock(hdev);
4448 return err;
4449}
4450
41edf160
JH		 4451static bool irk_is_valid(struct mgmt_irk_info *irk)
4452{
4453 switch (irk->addr.type) {
4454 case BDADDR_LE_PUBLIC:
4455 return true;
4456
4457 case BDADDR_LE_RANDOM:
4458 /* Two most significant bits shall be set */
4459 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4460 return false;
4461 return true;
4462 }
4463
4464 return false;
4465}
4466
4467static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4468 u16 len)
4469{
4470 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4471 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4472 sizeof(struct mgmt_irk_info));
41edf160
JH		 4473 u16 irk_count, expected_len;
4474 int i, err;
4475
4476 BT_DBG("request for %s", hdev->name);
4477
4478 if (!lmp_le_capable(hdev))
a69e8375
JH		 4479 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4480 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 4481
4482 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4483 if (irk_count > max_irk_count) {
4484 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 4485 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4486 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 4487 }
41edf160
JH		 4488
4489 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4490 if (expected_len != len) {
4491 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4492 expected_len, len);
a69e8375
JH		 4493 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4494 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 4495 }
4496
4497 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4498
4499 for (i = 0; i < irk_count; i++) {
4500 struct mgmt_irk_info *key = &cp->irks[i];
4501
4502 if (!irk_is_valid(key))
a69e8375
JH		 4503 return mgmt_cmd_status(sk, hdev->id,
4504 MGMT_OP_LOAD_IRKS,
4505 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 4506 }
4507
4508 hci_dev_lock(hdev);
4509
4510 hci_smp_irks_clear(hdev);
4511
4512 for (i = 0; i < irk_count; i++) {
4513 struct mgmt_irk_info *irk = &cp->irks[i];
41edf160 4514
85813a7e
JH		 4515 hci_add_irk(hdev, &irk->addr.bdaddr,
4516 le_addr_type(irk->addr.type), irk->val,
41edf160
JH		 4517 BDADDR_ANY);
4518 }
4519
a1536da2 4520 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 4521
2a1afb5a 4522 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 4523
4524 hci_dev_unlock(hdev);
4525
4526 return err;
4527}
4528
3f706b72
JH		 4529static bool ltk_is_valid(struct mgmt_ltk_info *key)
4530{
4531 if (key->master != 0x00 && key->master != 0x01)
4532 return false;
490cb0b3
MH		 4533
4534 switch (key->addr.type) {
4535 case BDADDR_LE_PUBLIC:
4536 return true;
4537
4538 case BDADDR_LE_RANDOM:
4539 /* Two most significant bits shall be set */
4540 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4541 return false;
4542 return true;
4543 }
4544
4545 return false;
3f706b72
JH		 4546}
4547
bdb6d971 4548static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4549 void *cp_data, u16 len)
346af67b 4550{
346af67b 4551 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4552 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4553 sizeof(struct mgmt_ltk_info));
346af67b 4554 u16 key_count, expected_len;
715a5bf2 4555 int i, err;
346af67b 4556
cf99ba13
MH		 4557 BT_DBG("request for %s", hdev->name);
4558
4559 if (!lmp_le_capable(hdev))
a69e8375
JH		 4560 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4561 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 4562
1f350c87 4563 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4564 if (key_count > max_key_count) {
4565 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 4566 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4567 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 4568 }
346af67b
VCG		 4569
4570 expected_len = sizeof(*cp) + key_count *
4571 sizeof(struct mgmt_ltk_info);
4572 if (expected_len != len) {
4573 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4574 expected_len, len);
a69e8375
JH		 4575 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4576 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4577 }
4578
bdb6d971 4579 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4580
54ad6d8a
JH		 4581 for (i = 0; i < key_count; i++) {
4582 struct mgmt_ltk_info *key = &cp->keys[i];
4583
3f706b72 4584 if (!ltk_is_valid(key))
a69e8375
JH		 4585 return mgmt_cmd_status(sk, hdev->id,
4586 MGMT_OP_LOAD_LONG_TERM_KEYS,
4587 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 4588 }
4589
346af67b
VCG		 4590 hci_dev_lock(hdev);
4591
4592 hci_smp_ltks_clear(hdev);
4593
4594 for (i = 0; i < key_count; i++) {
4595 struct mgmt_ltk_info *key = &cp->keys[i];
85813a7e 4596 u8 type, authenticated;
346af67b 4597
61b43357
JH		 4598 switch (key->type) {
4599 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4600 authenticated = 0x00;
23fb8de3 4601 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 4602 break;
4603 case MGMT_LTK_AUTHENTICATED:
d7b25450 4604 authenticated = 0x01;
23fb8de3
JH		 4605 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4606 break;
4607 case MGMT_LTK_P256_UNAUTH:
4608 authenticated = 0x00;
4609 type = SMP_LTK_P256;
61b43357 4610 break;
23fb8de3
JH		 4611 case MGMT_LTK_P256_AUTH:
4612 authenticated = 0x01;
4613 type = SMP_LTK_P256;
61b43357 4614 break;
23fb8de3
JH		 4615 case MGMT_LTK_P256_DEBUG:
4616 authenticated = 0x00;
4617 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 4618 default:
4619 continue;
4620 }
d7b25450 4621
85813a7e
JH		 4622 hci_add_ltk(hdev, &key->addr.bdaddr,
4623 le_addr_type(key->addr.type), type, authenticated,
4624 key->val, key->enc_size, key->ediv, key->rand);
346af67b
VCG		 4625 }
4626
2a1afb5a 4627 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 4628 NULL, 0);
4629
346af67b 4630 hci_dev_unlock(hdev);
346af67b 4631
715a5bf2 4632 return err;
346af67b
VCG		 4633}
4634
3b0602cd 4635static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 4636{
dd983808 4637 struct hci_conn *conn = cmd->user_data;
9981bdb0 4638 struct mgmt_rp_get_conn_info rp;
9df74653 4639 int err;
dd983808 4640
9981bdb0 4641 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 4642
9981bdb0 4643 if (status == MGMT_STATUS_SUCCESS) {
dd983808 4644 rp.rssi = conn->rssi;
9981bdb0
JH		 4645 rp.tx_power = conn->tx_power;
4646 rp.max_tx_power = conn->max_tx_power;
4647 } else {
4648 rp.rssi = HCI_RSSI_INVALID;
4649 rp.tx_power = HCI_TX_POWER_INVALID;
4650 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 4651 }
4652
2a1afb5a
JH		 4653 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4654 status, &rp, sizeof(rp));
dd983808
AK		 4655
4656 hci_conn_drop(conn);
f8aaf9b6 4657 hci_conn_put(conn);
9df74653
JH		 4658
4659 return err;
dd983808
AK		 4660}
4661
1904a853
MH		 4662static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
4663 u16 opcode)
dd983808
AK		 4664{
4665 struct hci_cp_read_rssi *cp;
3b0602cd 4666 struct mgmt_pending_cmd *cmd;
dd983808 4667 struct hci_conn *conn;
dd983808 4668 u16 handle;
9981bdb0 4669 u8 status;
dd983808 4670
9981bdb0 4671 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 4672
4673 hci_dev_lock(hdev);
4674
dd983808
AK		 4675 /* Commands sent in request are either Read RSSI or Read Transmit Power
4676 * Level so we check which one was last sent to retrieve connection
4677 * handle. Both commands have handle as first parameter so it's safe to
4678 * cast data on the same command struct.
4679 *
4680 * First command sent is always Read RSSI and we fail only if it fails.
4681 * In other case we simply override error to indicate success as we
4682 * already remembered if TX power value is actually valid.
4683 */
4684 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4685 if (!cp) {
4686 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 4687 status = MGMT_STATUS_SUCCESS;
4688 } else {
4689 status = mgmt_status(hci_status);
dd983808
AK		 4690 }
4691
4692 if (!cp) {
9981bdb0 4693 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 4694 goto unlock;
4695 }
4696
4697 handle = __le16_to_cpu(cp->handle);
4698 conn = hci_conn_hash_lookup_handle(hdev, handle);
4699 if (!conn) {
9981bdb0 4700 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 4701 goto unlock;
4702 }
4703
333ae95d 4704 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
9981bdb0
JH		 4705 if (!cmd)
4706 goto unlock;
dd983808 4707
9981bdb0
JH		 4708 cmd->cmd_complete(cmd, status);
4709 mgmt_pending_remove(cmd);
dd983808
AK		 4710
4711unlock:
4712 hci_dev_unlock(hdev);
4713}
4714
4715static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4716 u16 len)
4717{
4718 struct mgmt_cp_get_conn_info *cp = data;
4719 struct mgmt_rp_get_conn_info rp;
4720 struct hci_conn *conn;
4721 unsigned long conn_info_age;
4722 int err = 0;
4723
4724 BT_DBG("%s", hdev->name);
4725
4726 memset(&rp, 0, sizeof(rp));
4727 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4728 rp.addr.type = cp->addr.type;
4729
4730 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4731 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4732 MGMT_STATUS_INVALID_PARAMS,
4733 &rp, sizeof(rp));
dd983808
AK		 4734
4735 hci_dev_lock(hdev);
4736
4737 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4738 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4739 MGMT_STATUS_NOT_POWERED, &rp,
4740 sizeof(rp));
dd983808
AK		 4741 goto unlock;
4742 }
4743
4744 if (cp->addr.type == BDADDR_BREDR)
4745 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4746 &cp->addr.bdaddr);
4747 else
4748 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4749
4750 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 4751 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4752 MGMT_STATUS_NOT_CONNECTED, &rp,
4753 sizeof(rp));
dd983808
AK		 4754 goto unlock;
4755 }
4756
333ae95d 4757 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 4758 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4759 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 4760 goto unlock;
4761 }
4762
dd983808
AK		 4763 /* To avoid client trying to guess when to poll again for information we
4764 * calculate conn info age as random value between min/max set in hdev.
4765 */
4766 conn_info_age = hdev->conn_info_min_age +
4767 prandom_u32_max(hdev->conn_info_max_age -
4768 hdev->conn_info_min_age);
4769
4770 /* Query controller to refresh cached values if they are too old or were
4771 * never read.
4772 */
f4e2dd53
AK		 4773 if (time_after(jiffies, conn->conn_info_timestamp +
4774 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4775 !conn->conn_info_timestamp) {
4776 struct hci_request req;
4777 struct hci_cp_read_tx_power req_txp_cp;
4778 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 4779 struct mgmt_pending_cmd *cmd;
dd983808
AK		 4780
4781 hci_req_init(&req, hdev);
4782 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4783 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4784 &req_rssi_cp);
4785
f7faab0c
AK		 4786 /* For LE links TX power does not change thus we don't need to
4787 * query for it once value is known.
4788 */
4789 if (!bdaddr_type_is_le(cp->addr.type) ||
4790 conn->tx_power == HCI_TX_POWER_INVALID) {
4791 req_txp_cp.handle = cpu_to_le16(conn->handle);
4792 req_txp_cp.type = 0x00;
4793 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4794 sizeof(req_txp_cp), &req_txp_cp);
4795 }
dd983808 4796
eed5daf3
AK		 4797 /* Max TX power needs to be read only once per connection */
4798 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4799 req_txp_cp.handle = cpu_to_le16(conn->handle);
4800 req_txp_cp.type = 0x01;
4801 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4802 sizeof(req_txp_cp), &req_txp_cp);
4803 }
4804
dd983808
AK		 4805 err = hci_req_run(&req, conn_info_refresh_complete);
4806 if (err < 0)
4807 goto unlock;
4808
4809 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4810 data, len);
4811 if (!cmd) {
4812 err = -ENOMEM;
4813 goto unlock;
4814 }
4815
4816 hci_conn_hold(conn);
f8aaf9b6 4817 cmd->user_data = hci_conn_get(conn);
9981bdb0 4818 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 4819
4820 conn->conn_info_timestamp = jiffies;
4821 } else {
4822 /* Cache is valid, just reply with values cached in hci_conn */
4823 rp.rssi = conn->rssi;
4824 rp.tx_power = conn->tx_power;
eed5daf3 4825 rp.max_tx_power = conn->max_tx_power;
dd983808 4826
2a1afb5a
JH		 4827 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4828 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 4829 }
4830
4831unlock:
4832 hci_dev_unlock(hdev);
4833 return err;
4834}
4835
3b0602cd 4836static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 4837{
69487371 4838 struct hci_conn *conn = cmd->user_data;
95868426 4839 struct mgmt_rp_get_clock_info rp;
69487371 4840 struct hci_dev *hdev;
9df74653 4841 int err;
69487371
JH		 4842
4843 memset(&rp, 0, sizeof(rp));
4844 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
4845
4846 if (status)
4847 goto complete;
4848
4849 hdev = hci_dev_get(cmd->index);
4850 if (hdev) {
4851 rp.local_clock = cpu_to_le32(hdev->clock);
4852 hci_dev_put(hdev);
4853 }
4854
4855 if (conn) {
4856 rp.piconet_clock = cpu_to_le32(conn->clock);
4857 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
4858 }
4859
4860complete:
2a1afb5a
JH		 4861 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
4862 sizeof(rp));
69487371
JH		 4863
4864 if (conn) {
4865 hci_conn_drop(conn);
4866 hci_conn_put(conn);
4867 }
9df74653
JH		 4868
4869 return err;
69487371
JH		 4870}
4871
1904a853 4872static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 4873{
95868426 4874 struct hci_cp_read_clock *hci_cp;
3b0602cd 4875 struct mgmt_pending_cmd *cmd;
95868426
JH		 4876 struct hci_conn *conn;
4877
4878 BT_DBG("%s status %u", hdev->name, status);
4879
4880 hci_dev_lock(hdev);
4881
4882 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
4883 if (!hci_cp)
4884 goto unlock;
4885
4886 if (hci_cp->which) {
4887 u16 handle = __le16_to_cpu(hci_cp->handle);
4888 conn = hci_conn_hash_lookup_handle(hdev, handle);
4889 } else {
4890 conn = NULL;
4891 }
4892
333ae95d 4893 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
95868426
JH		 4894 if (!cmd)
4895 goto unlock;
4896
69487371 4897 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 4898 mgmt_pending_remove(cmd);
95868426
JH		 4899
4900unlock:
4901 hci_dev_unlock(hdev);
4902}
4903
4904static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
4905 u16 len)
4906{
4907 struct mgmt_cp_get_clock_info *cp = data;
4908 struct mgmt_rp_get_clock_info rp;
4909 struct hci_cp_read_clock hci_cp;
3b0602cd 4910 struct mgmt_pending_cmd *cmd;
95868426
JH		 4911 struct hci_request req;
4912 struct hci_conn *conn;
4913 int err;
4914
4915 BT_DBG("%s", hdev->name);
4916
4917 memset(&rp, 0, sizeof(rp));
4918 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4919 rp.addr.type = cp->addr.type;
4920
4921 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 4922 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4923 MGMT_STATUS_INVALID_PARAMS,
4924 &rp, sizeof(rp));
95868426
JH		 4925
4926 hci_dev_lock(hdev);
4927
4928 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4929 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4930 MGMT_STATUS_NOT_POWERED, &rp,
4931 sizeof(rp));
95868426
JH		 4932 goto unlock;
4933 }
4934
4935 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4936 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4937 &cp->addr.bdaddr);
4938 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 4939 err = mgmt_cmd_complete(sk, hdev->id,
4940 MGMT_OP_GET_CLOCK_INFO,
4941 MGMT_STATUS_NOT_CONNECTED,
4942 &rp, sizeof(rp));
95868426
JH		 4943 goto unlock;
4944 }
4945 } else {
4946 conn = NULL;
4947 }
4948
4949 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
4950 if (!cmd) {
4951 err = -ENOMEM;
4952 goto unlock;
4953 }
4954
69487371
JH		 4955 cmd->cmd_complete = clock_info_cmd_complete;
4956
95868426
JH		 4957 hci_req_init(&req, hdev);
4958
4959 memset(&hci_cp, 0, sizeof(hci_cp));
4960 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
4961
4962 if (conn) {
4963 hci_conn_hold(conn);
f8aaf9b6 4964 cmd->user_data = hci_conn_get(conn);
95868426
JH		 4965
4966 hci_cp.handle = cpu_to_le16(conn->handle);
4967 hci_cp.which = 0x01; /* Piconet clock */
4968 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
4969 }
4970
4971 err = hci_req_run(&req, get_clock_info_complete);
4972 if (err < 0)
4973 mgmt_pending_remove(cmd);
4974
4975unlock:
4976 hci_dev_unlock(hdev);
4977 return err;
4978}
4979
5a154e6f
JH		 4980static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
4981{
4982 struct hci_conn *conn;
4983
4984 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
4985 if (!conn)
4986 return false;
4987
4988 if (conn->dst_type != type)
4989 return false;
4990
4991 if (conn->state != BT_CONNECTED)
4992 return false;
4993
4994 return true;
4995}
4996
4997/* This function requires the caller holds hdev->lock */
51d7a94d 4998static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5a154e6f
JH		 4999 u8 addr_type, u8 auto_connect)
5000{
5a154e6f
JH		 5001 struct hci_conn_params *params;
5002
5003 params = hci_conn_params_add(hdev, addr, addr_type);
5004 if (!params)
5005 return -EIO;
5006
5007 if (params->auto_connect == auto_connect)
5008 return 0;
5009
5010 list_del_init(&params->action);
5011
5012 switch (auto_connect) {
5013 case HCI_AUTO_CONN_DISABLED:
5014 case HCI_AUTO_CONN_LINK_LOSS:
28a667c9
JP		 5015 /* If auto connect is being disabled when we're trying to
5016 * connect to device, keep connecting.
5017 */
5018 if (params->explicit_connect)
5019 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5020 break;
5021 case HCI_AUTO_CONN_REPORT:
49c50922
JH		 5022 if (params->explicit_connect)
5023 list_add(&params->action, &hdev->pend_le_conns);
5024 else
5025 list_add(&params->action, &hdev->pend_le_reports);
5a154e6f
JH		 5026 break;
5027 case HCI_AUTO_CONN_DIRECT:
5028 case HCI_AUTO_CONN_ALWAYS:
51d7a94d 5029 if (!is_connected(hdev, addr, addr_type))
5a154e6f 5030 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5031 break;
5032 }
5033
5034 params->auto_connect = auto_connect;
5035
5036 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5037 auto_connect);
5038
5039 return 0;
5040}
5041
8afef092
MH		 5042static void device_added(struct sock *sk, struct hci_dev *hdev,
5043 bdaddr_t *bdaddr, u8 type, u8 action)
5044{
5045 struct mgmt_ev_device_added ev;
5046
5047 bacpy(&ev.addr.bdaddr, bdaddr);
5048 ev.addr.type = type;
5049 ev.action = action;
5050
5051 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5052}
5053
2faade53
MH		 5054static int add_device(struct sock *sk, struct hci_dev *hdev,
5055 void *data, u16 len)
5056{
5057 struct mgmt_cp_add_device *cp = data;
5058 u8 auto_conn, addr_type;
5059 int err;
5060
5061 BT_DBG("%s", hdev->name);
5062
6659358e 5063 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5064 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5065 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5066 MGMT_STATUS_INVALID_PARAMS,
5067 &cp->addr, sizeof(cp->addr));
2faade53 5068
4b9e7e75 5069 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5070 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5071 MGMT_STATUS_INVALID_PARAMS,
5072 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5073
5074 hci_dev_lock(hdev);
5075
6659358e 5076 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5077 /* Only incoming connections action is supported for now */
6659358e 5078 if (cp->action != 0x01) {
51d7a94d
JH		 5079 err = mgmt_cmd_complete(sk, hdev->id,
5080 MGMT_OP_ADD_DEVICE,
5081 MGMT_STATUS_INVALID_PARAMS,
5082 &cp->addr, sizeof(cp->addr));
6659358e
JH		 5083 goto unlock;
5084 }
5085
5086 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5087 cp->addr.type);
5088 if (err)
5089 goto unlock;
a397407f 5090
01b1cb87 5091 hci_req_update_scan(hdev);
a397407f 5092
6659358e
JH		 5093 goto added;
5094 }
5095
85813a7e 5096 addr_type = le_addr_type(cp->addr.type);
2faade53 5097
4b9e7e75 5098 if (cp->action == 0x02)
2faade53 5099 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5100 else if (cp->action == 0x01)
5101 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5102 else
a3451d27 5103 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5104
9a0a8a8e
JP		 5105 /* Kernel internally uses conn_params with resolvable private
5106 * address, but Add Device allows only identity addresses.
5107 * Make sure it is enforced before calling
5108 * hci_conn_params_lookup.
5109 */
5110 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5111 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5112 MGMT_STATUS_INVALID_PARAMS,
5113 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5114 goto unlock;
5115 }
5116
bf5b3c8b
MH		 5117 /* If the connection parameters don't exist for this device,
5118 * they will be created and configured with defaults.
5119 */
51d7a94d 5120 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
d06b50ce 5121 auto_conn) < 0) {
51d7a94d
JH		 5122 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5123 MGMT_STATUS_FAILED, &cp->addr,
5124 sizeof(cp->addr));
2faade53
MH		 5125 goto unlock;
5126 }
5127
51d7a94d
JH		 5128 hci_update_background_scan(hdev);
5129
6659358e 5130added:
8afef092
MH		 5131 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5132
51d7a94d
JH		 5133 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5134 MGMT_STATUS_SUCCESS, &cp->addr,
5135 sizeof(cp->addr));
2faade53
MH		 5136
5137unlock:
5138 hci_dev_unlock(hdev);
5139 return err;
5140}
5141
8afef092
MH		 5142static void device_removed(struct sock *sk, struct hci_dev *hdev,
5143 bdaddr_t *bdaddr, u8 type)
5144{
5145 struct mgmt_ev_device_removed ev;
5146
5147 bacpy(&ev.addr.bdaddr, bdaddr);
5148 ev.addr.type = type;
5149
5150 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5151}
5152
2faade53
MH		 5153static int remove_device(struct sock *sk, struct hci_dev *hdev,
5154 void *data, u16 len)
5155{
5156 struct mgmt_cp_remove_device *cp = data;
5157 int err;
5158
5159 BT_DBG("%s", hdev->name);
5160
5161 hci_dev_lock(hdev);
5162
5163 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5164 struct hci_conn_params *params;
2faade53
MH		 5165 u8 addr_type;
5166
6659358e 5167 if (!bdaddr_type_is_valid(cp->addr.type)) {
51d7a94d
JH		 5168 err = mgmt_cmd_complete(sk, hdev->id,
5169 MGMT_OP_REMOVE_DEVICE,
5170 MGMT_STATUS_INVALID_PARAMS,
5171 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5172 goto unlock;
5173 }
5174
6659358e
JH		 5175 if (cp->addr.type == BDADDR_BREDR) {
5176 err = hci_bdaddr_list_del(&hdev->whitelist,
5177 &cp->addr.bdaddr,
5178 cp->addr.type);
5179 if (err) {
51d7a94d
JH		 5180 err = mgmt_cmd_complete(sk, hdev->id,
5181 MGMT_OP_REMOVE_DEVICE,
5182 MGMT_STATUS_INVALID_PARAMS,
5183 &cp->addr,
5184 sizeof(cp->addr));
6659358e
JH		 5185 goto unlock;
5186 }
5187
01b1cb87 5188 hci_req_update_scan(hdev);
a397407f 5189
6659358e
JH		 5190 device_removed(sk, hdev, &cp->addr.bdaddr,
5191 cp->addr.type);
5192 goto complete;
5193 }
5194
85813a7e 5195 addr_type = le_addr_type(cp->addr.type);
2faade53 5196
9a0a8a8e
JP		 5197 /* Kernel internally uses conn_params with resolvable private
5198 * address, but Remove Device allows only identity addresses.
5199 * Make sure it is enforced before calling
5200 * hci_conn_params_lookup.
5201 */
5202 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5203 err = mgmt_cmd_complete(sk, hdev->id,
5204 MGMT_OP_REMOVE_DEVICE,
5205 MGMT_STATUS_INVALID_PARAMS,
5206 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5207 goto unlock;
5208 }
5209
c71593dd
JH		 5210 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5211 addr_type);
5212 if (!params) {
51d7a94d
JH		 5213 err = mgmt_cmd_complete(sk, hdev->id,
5214 MGMT_OP_REMOVE_DEVICE,
5215 MGMT_STATUS_INVALID_PARAMS,
5216 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 5217 goto unlock;
5218 }
5219
679d2b6f
JH		 5220 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5221 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
51d7a94d
JH		 5222 err = mgmt_cmd_complete(sk, hdev->id,
5223 MGMT_OP_REMOVE_DEVICE,
5224 MGMT_STATUS_INVALID_PARAMS,
5225 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 5226 goto unlock;
5227 }
5228
d1dbf12e 5229 list_del(&params->action);
c71593dd
JH		 5230 list_del(&params->list);
5231 kfree(params);
51d7a94d 5232 hci_update_background_scan(hdev);
8afef092
MH		 5233
5234 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5235 } else {
19de0825 5236 struct hci_conn_params *p, *tmp;
6659358e 5237 struct bdaddr_list *b, *btmp;
19de0825 5238
2faade53 5239 if (cp->addr.type) {
51d7a94d
JH		 5240 err = mgmt_cmd_complete(sk, hdev->id,
5241 MGMT_OP_REMOVE_DEVICE,
5242 MGMT_STATUS_INVALID_PARAMS,
5243 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5244 goto unlock;
5245 }
5246
6659358e
JH		 5247 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5248 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5249 list_del(&b->list);
5250 kfree(b);
5251 }
5252
01b1cb87 5253 hci_req_update_scan(hdev);
a397407f 5254
19de0825
JH		 5255 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5256 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5257 continue;
5258 device_removed(sk, hdev, &p->addr, p->addr_type);
679d2b6f
JH		 5259 if (p->explicit_connect) {
5260 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5261 continue;
5262 }
19de0825
JH		 5263 list_del(&p->action);
5264 list_del(&p->list);
5265 kfree(p);
5266 }
5267
5268 BT_DBG("All LE connection parameters were removed");
5269
51d7a94d 5270 hci_update_background_scan(hdev);
2faade53
MH		 5271 }
5272
6659358e 5273complete:
51d7a94d
JH		 5274 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5275 MGMT_STATUS_SUCCESS, &cp->addr,
5276 sizeof(cp->addr));
2faade53
MH		 5277unlock:
5278 hci_dev_unlock(hdev);
5279 return err;
5280}
5281
a26f3dcf
JH		 5282static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5283 u16 len)
5284{
5285 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5286 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5287 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5288 u16 param_count, expected_len;
5289 int i;
5290
5291 if (!lmp_le_capable(hdev))
a69e8375
JH		 5292 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5293 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 5294
5295 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5296 if (param_count > max_param_count) {
5297 BT_ERR("load_conn_param: too big param_count value %u",
5298 param_count);
a69e8375
JH		 5299 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5300 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5301 }
a26f3dcf
JH		 5302
5303 expected_len = sizeof(*cp) + param_count *
5304 sizeof(struct mgmt_conn_param);
5305 if (expected_len != len) {
5306 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5307 expected_len, len);
a69e8375
JH		 5308 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5309 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 5310 }
5311
5312 BT_DBG("%s param_count %u", hdev->name, param_count);
5313
5314 hci_dev_lock(hdev);
5315
5316 hci_conn_params_clear_disabled(hdev);
5317
5318 for (i = 0; i < param_count; i++) {
5319 struct mgmt_conn_param *param = &cp->params[i];
5320 struct hci_conn_params *hci_param;
5321 u16 min, max, latency, timeout;
5322 u8 addr_type;
5323
5324 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5325 param->addr.type);
5326
5327 if (param->addr.type == BDADDR_LE_PUBLIC) {
5328 addr_type = ADDR_LE_DEV_PUBLIC;
5329 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5330 addr_type = ADDR_LE_DEV_RANDOM;
5331 } else {
5332 BT_ERR("Ignoring invalid connection parameters");
5333 continue;
5334 }
5335
5336 min = le16_to_cpu(param->min_interval);
5337 max = le16_to_cpu(param->max_interval);
5338 latency = le16_to_cpu(param->latency);
5339 timeout = le16_to_cpu(param->timeout);
5340
5341 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5342 min, max, latency, timeout);
5343
5344 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5345 BT_ERR("Ignoring invalid connection parameters");
5346 continue;
5347 }
5348
5349 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5350 addr_type);
5351 if (!hci_param) {
5352 BT_ERR("Failed to add connection parameters");
5353 continue;
5354 }
5355
5356 hci_param->conn_min_interval = min;
5357 hci_param->conn_max_interval = max;
5358 hci_param->conn_latency = latency;
5359 hci_param->supervision_timeout = timeout;
5360 }
5361
5362 hci_dev_unlock(hdev);
5363
2a1afb5a
JH		 5364 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5365 NULL, 0);
a26f3dcf
JH		 5366}
5367
dbece37a
MH		 5368static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5369 void *data, u16 len)
5370{
5371 struct mgmt_cp_set_external_config *cp = data;
5372 bool changed;
5373 int err;
5374
5375 BT_DBG("%s", hdev->name);
5376
5377 if (hdev_is_powered(hdev))
a69e8375
JH		 5378 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5379 MGMT_STATUS_REJECTED);
dbece37a
MH		 5380
5381 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 5382 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5383 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 5384
5385 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 5386 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5387 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 5388
5389 hci_dev_lock(hdev);
5390
5391 if (cp->config)
238be788 5392 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 5393 else
a69d8927 5394 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 5395
5396 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5397 if (err < 0)
5398 goto unlock;
5399
5400 if (!changed)
5401 goto unlock;
5402
f4537c04
MH		 5403 err = new_options(hdev, sk);
5404
d7a5a11d 5405 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 5406 mgmt_index_removed(hdev);
d603b76b 5407
516018a9 5408 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 5409 hci_dev_set_flag(hdev, HCI_CONFIG);
5410 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 5411
5412 queue_work(hdev->req_workqueue, &hdev->power_on);
5413 } else {
5ea234d3 5414 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5415 mgmt_index_added(hdev);
5416 }
dbece37a
MH		 5417 }
5418
5419unlock:
5420 hci_dev_unlock(hdev);
5421 return err;
5422}
5423
9713c17b
MH		 5424static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5425 void *data, u16 len)
5426{
5427 struct mgmt_cp_set_public_address *cp = data;
5428 bool changed;
5429 int err;
5430
5431 BT_DBG("%s", hdev->name);
5432
5433 if (hdev_is_powered(hdev))
a69e8375
JH		 5434 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5435 MGMT_STATUS_REJECTED);
9713c17b
MH		 5436
5437 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 5438 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5439 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 5440
5441 if (!hdev->set_bdaddr)
a69e8375
JH		 5442 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5443 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 5444
5445 hci_dev_lock(hdev);
5446
5447 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5448 bacpy(&hdev->public_addr, &cp->bdaddr);
5449
5450 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5451 if (err < 0)
5452 goto unlock;
5453
5454 if (!changed)
5455 goto unlock;
5456
d7a5a11d 5457 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 5458 err = new_options(hdev, sk);
5459
5460 if (is_configured(hdev)) {
5461 mgmt_index_removed(hdev);
5462
a358dc11 5463 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 5464
a1536da2
MH		 5465 hci_dev_set_flag(hdev, HCI_CONFIG);
5466 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 5467
5468 queue_work(hdev->req_workqueue, &hdev->power_on);
5469 }
5470
5471unlock:
5472 hci_dev_unlock(hdev);
5473 return err;
5474}
5475
bea41609
MH		 5476static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5477 u8 data_len)
5478{
5479 eir[eir_len++] = sizeof(type) + data_len;
5480 eir[eir_len++] = type;
5481 memcpy(&eir[eir_len], data, data_len);
5482 eir_len += data_len;
5483
5484 return eir_len;
5485}
5486
40f66c05
JH		 5487static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
5488 u16 opcode, struct sk_buff *skb)
5489{
5490 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
5491 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
5492 u8 *h192, *r192, *h256, *r256;
5493 struct mgmt_pending_cmd *cmd;
5494 u16 eir_len;
5495 int err;
5496
5497 BT_DBG("%s status %u", hdev->name, status);
5498
5499 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
5500 if (!cmd)
5501 return;
5502
5503 mgmt_cp = cmd->param;
5504
5505 if (status) {
5506 status = mgmt_status(status);
5507 eir_len = 0;
5508
5509 h192 = NULL;
5510 r192 = NULL;
5511 h256 = NULL;
5512 r256 = NULL;
5513 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
5514 struct hci_rp_read_local_oob_data *rp;
5515
5516 if (skb->len != sizeof(*rp)) {
5517 status = MGMT_STATUS_FAILED;
5518 eir_len = 0;
5519 } else {
5520 status = MGMT_STATUS_SUCCESS;
5521 rp = (void *)skb->data;
5522
5523 eir_len = 5 + 18 + 18;
5524 h192 = rp->hash;
5525 r192 = rp->rand;
5526 h256 = NULL;
5527 r256 = NULL;
5528 }
5529 } else {
5530 struct hci_rp_read_local_oob_ext_data *rp;
5531
5532 if (skb->len != sizeof(*rp)) {
5533 status = MGMT_STATUS_FAILED;
5534 eir_len = 0;
5535 } else {
5536 status = MGMT_STATUS_SUCCESS;
5537 rp = (void *)skb->data;
5538
5539 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5540 eir_len = 5 + 18 + 18;
5541 h192 = NULL;
5542 r192 = NULL;
5543 } else {
5544 eir_len = 5 + 18 + 18 + 18 + 18;
5545 h192 = rp->hash192;
5546 r192 = rp->rand192;
5547 }
5548
5549 h256 = rp->hash256;
5550 r256 = rp->rand256;
5551 }
5552 }
5553
5554 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
5555 if (!mgmt_rp)
5556 goto done;
5557
5558 if (status)
5559 goto send_rsp;
5560
5561 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
5562 hdev->dev_class, 3);
5563
5564 if (h192 && r192) {
5565 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5566 EIR_SSP_HASH_C192, h192, 16);
5567 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5568 EIR_SSP_RAND_R192, r192, 16);
5569 }
5570
5571 if (h256 && r256) {
5572 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5573 EIR_SSP_HASH_C256, h256, 16);
5574 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5575 EIR_SSP_RAND_R256, r256, 16);
5576 }
5577
5578send_rsp:
5579 mgmt_rp->type = mgmt_cp->type;
5580 mgmt_rp->eir_len = cpu_to_le16(eir_len);
5581
5582 err = mgmt_cmd_complete(cmd->sk, hdev->id,
5583 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
5584 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
5585 if (err < 0 || status)
5586 goto done;
5587
5588 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
5589
5590 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5591 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
5592 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
5593done:
5594 kfree(mgmt_rp);
5595 mgmt_pending_remove(cmd);
5596}
5597
5598static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
5599 struct mgmt_cp_read_local_oob_ext_data *cp)
5600{
5601 struct mgmt_pending_cmd *cmd;
5602 struct hci_request req;
5603 int err;
5604
5605 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
5606 cp, sizeof(*cp));
5607 if (!cmd)
5608 return -ENOMEM;
5609
5610 hci_req_init(&req, hdev);
5611
5612 if (bredr_sc_enabled(hdev))
5613 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
5614 else
5615 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
5616
5617 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
5618 if (err < 0) {
5619 mgmt_pending_remove(cmd);
5620 return err;
5621 }
5622
5623 return 0;
5624}
5625
4f0f155c
MH		 5626static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
5627 void *data, u16 data_len)
5628{
5629 struct mgmt_cp_read_local_oob_ext_data *cp = data;
5630 struct mgmt_rp_read_local_oob_ext_data *rp;
5631 size_t rp_len;
5632 u16 eir_len;
0821a2c5 5633 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 5634 int err;
5635
5636 BT_DBG("%s", hdev->name);
5637
57b0d3e8
MH		 5638 if (hdev_is_powered(hdev)) {
5639 switch (cp->type) {
5640 case BIT(BDADDR_BREDR):
5641 status = mgmt_bredr_support(hdev);
5642 if (status)
5643 eir_len = 0;
5644 else
5645 eir_len = 5;
5646 break;
5647 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5648 status = mgmt_le_support(hdev);
5649 if (status)
5650 eir_len = 0;
5651 else
5652 eir_len = 9 + 3 + 18 + 18 + 3;
5653 break;
5654 default:
5655 status = MGMT_STATUS_INVALID_PARAMS;
5656 eir_len = 0;
5657 break;
5658 }
5659 } else {
5660 status = MGMT_STATUS_NOT_POWERED;
5661 eir_len = 0;
4f0f155c
MH		 5662 }
5663
4f0f155c
MH		 5664 rp_len = sizeof(*rp) + eir_len;
5665 rp = kmalloc(rp_len, GFP_ATOMIC);
efcd8c98 5666 if (!rp)
4f0f155c 5667 return -ENOMEM;
efcd8c98 5668
57b0d3e8
MH		 5669 if (status)
5670 goto complete;
5671
efcd8c98 5672 hci_dev_lock(hdev);
4f0f155c
MH		 5673
5674 eir_len = 0;
5675 switch (cp->type) {
5676 case BIT(BDADDR_BREDR):
40f66c05
JH		 5677 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5678 err = read_local_ssp_oob_req(hdev, sk, cp);
5679 hci_dev_unlock(hdev);
5680 if (!err)
5681 goto done;
5682
5683 status = MGMT_STATUS_FAILED;
5684 goto complete;
5685 } else {
5686 eir_len = eir_append_data(rp->eir, eir_len,
5687 EIR_CLASS_OF_DEV,
5688 hdev->dev_class, 3);
5689 }
4f0f155c
MH		 5690 break;
5691 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 5692 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5693 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5 5694 hci_dev_unlock(hdev);
57b0d3e8
MH		 5695 status = MGMT_STATUS_FAILED;
5696 goto complete;
0821a2c5
MH		 5697 }
5698
e213568a
MH		 5699 /* This should return the active RPA, but since the RPA
5700 * is only programmed on demand, it is really hard to fill
5701 * this in at the moment. For now disallow retrieving
5702 * local out-of-band data when privacy is in use.
5703 *
5704 * Returning the identity address will not help here since
5705 * pairing happens before the identity resolving key is
5706 * known and thus the connection establishment happens
5707 * based on the RPA and not the identity address.
5708 */
4f0f155c 5709 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
e213568a
MH		 5710 hci_dev_unlock(hdev);
5711 status = MGMT_STATUS_REJECTED;
5712 goto complete;
5713 }
5714
5715 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
5716 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
5717 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5718 bacmp(&hdev->static_addr, BDADDR_ANY))) {
4f0f155c
MH		 5719 memcpy(addr, &hdev->static_addr, 6);
5720 addr[6] = 0x01;
5721 } else {
5722 memcpy(addr, &hdev->bdaddr, 6);
5723 addr[6] = 0x00;
5724 }
5725
5726 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
5727 addr, sizeof(addr));
5728
5729 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
5730 role = 0x02;
5731 else
5732 role = 0x01;
5733
5734 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
5735 &role, sizeof(role));
5736
5082a599
MH		 5737 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
5738 eir_len = eir_append_data(rp->eir, eir_len,
5739 EIR_LE_SC_CONFIRM,
5740 hash, sizeof(hash));
0821a2c5 5741
5082a599
MH		 5742 eir_len = eir_append_data(rp->eir, eir_len,
5743 EIR_LE_SC_RANDOM,
5744 rand, sizeof(rand));
5745 }
0821a2c5 5746
f2252570 5747 flags = mgmt_get_adv_discov_flags(hdev);
4f0f155c
MH		 5748
5749 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
5750 flags |= LE_AD_NO_BREDR;
5751
5752 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
5753 &flags, sizeof(flags));
5754 break;
5755 }
5756
4f0f155c
MH		 5757 hci_dev_unlock(hdev);
5758
72000df2
MH		 5759 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
5760
57b0d3e8
MH		 5761 status = MGMT_STATUS_SUCCESS;
5762
5763complete:
efcd8c98
MH		 5764 rp->type = cp->type;
5765 rp->eir_len = cpu_to_le16(eir_len);
5766
4f0f155c 5767 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
57b0d3e8
MH		 5768 status, rp, sizeof(*rp) + eir_len);
5769 if (err < 0 || status)
72000df2
MH		 5770 goto done;
5771
5772 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5773 rp, sizeof(*rp) + eir_len,
5774 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 5775
0821a2c5 5776done:
4f0f155c
MH		 5777 kfree(rp);
5778
5779 return err;
5780}
5781
089fa8c0
AU		 5782static u32 get_supported_adv_flags(struct hci_dev *hdev)
5783{
5784 u32 flags = 0;
5785
5786 flags |= MGMT_ADV_FLAG_CONNECTABLE;
5787 flags |= MGMT_ADV_FLAG_DISCOV;
5788 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
5789 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
5790
5791 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
5792 flags |= MGMT_ADV_FLAG_TX_POWER;
5793
5794 return flags;
5795}
5796
d3d5305b
MH		 5797static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
5798 void *data, u16 data_len)
5799{
5800 struct mgmt_rp_read_adv_features *rp;
5801 size_t rp_len;
286e0c83 5802 int err, i;
24b4f38f 5803 bool instance;
286e0c83 5804 struct adv_info *adv_instance;
089fa8c0 5805 u32 supported_flags;
d3d5305b
MH		 5806
5807 BT_DBG("%s", hdev->name);
5808
089fa8c0
AU		 5809 if (!lmp_le_capable(hdev))
5810 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
5811 MGMT_STATUS_REJECTED);
5812
d3d5305b
MH		 5813 hci_dev_lock(hdev);
5814
5815 rp_len = sizeof(*rp);
24b4f38f 5816
24b4f38f
AU		 5817 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
5818 if (instance)
286e0c83 5819 rp_len += hdev->adv_instance_cnt;
24b4f38f 5820
d3d5305b
MH		 5821 rp = kmalloc(rp_len, GFP_ATOMIC);
5822 if (!rp) {
5823 hci_dev_unlock(hdev);
5824 return -ENOMEM;
5825 }
5826
089fa8c0
AU		 5827 supported_flags = get_supported_adv_flags(hdev);
5828
5829 rp->supported_flags = cpu_to_le32(supported_flags);
dc5d82a9
MH		 5830 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
5831 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
d2609b34 5832 rp->max_instances = HCI_MAX_ADV_INSTANCES;
24b4f38f 5833
24b4f38f 5834 if (instance) {
286e0c83
FG		 5835 i = 0;
5836 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
5837 if (i >= hdev->adv_instance_cnt)
5838 break;
5839
5840 rp->instance[i] = adv_instance->instance;
5841 i++;
5842 }
5843 rp->num_instances = hdev->adv_instance_cnt;
24b4f38f
AU		 5844 } else {
5845 rp->num_instances = 0;
5846 }
d3d5305b
MH		 5847
5848 hci_dev_unlock(hdev);
5849
5850 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
5851 MGMT_STATUS_SUCCESS, rp, rp_len);
5852
5853 kfree(rp);
5854
5855 return err;
5856}
5857
4117ed70 5858static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
b44133ff 5859 u8 len, bool is_adv_data)
24b4f38f 5860{
4117ed70 5861 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f 5862 int i, cur_len;
b44133ff 5863 bool flags_managed = false;
5507e358 5864 bool tx_power_managed = false;
24b4f38f 5865
31a3248d
MH		 5866 if (is_adv_data) {
5867 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
5868 MGMT_ADV_FLAG_LIMITED_DISCOV |
5869 MGMT_ADV_FLAG_MANAGED_FLAGS)) {
5870 flags_managed = true;
5871 max_len -= 3;
5872 }
24b4f38f 5873
31a3248d
MH		 5874 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) {
5875 tx_power_managed = true;
5876 max_len -= 3;
5877 }
5507e358
AU		 5878 }
5879
4117ed70 5880 if (len > max_len)
24b4f38f
AU		 5881 return false;
5882
4117ed70
AU		 5883 /* Make sure that the data is correctly formatted. */
5884 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
5885 cur_len = data[i];
24b4f38f 5886
b44133ff
AU		 5887 if (flags_managed && data[i + 1] == EIR_FLAGS)
5888 return false;
5889
5507e358
AU		 5890 if (tx_power_managed && data[i + 1] == EIR_TX_POWER)
5891 return false;
5892
24b4f38f
AU		 5893 /* If the current field length would exceed the total data
5894 * length, then it's invalid.
5895 */
4117ed70 5896 if (i + cur_len >= len)
24b4f38f
AU		 5897 return false;
5898 }
5899
5900 return true;
5901}
5902
24b4f38f
AU		 5903static void add_advertising_complete(struct hci_dev *hdev, u8 status,
5904 u16 opcode)
5905{
5906 struct mgmt_pending_cmd *cmd;
fffd38bc 5907 struct mgmt_cp_add_advertising *cp;
24b4f38f 5908 struct mgmt_rp_add_advertising rp;
fffd38bc
FG		 5909 struct adv_info *adv_instance, *n;
5910 u8 instance;
24b4f38f
AU		 5911
5912 BT_DBG("status %d", status);
5913
5914 hci_dev_lock(hdev);
5915
5916 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
5917
fffd38bc 5918 if (status)
24b4f38f 5919 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
fffd38bc
FG		 5920
5921 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
5922 if (!adv_instance->pending)
5923 continue;
5924
5925 if (!status) {
5926 adv_instance->pending = false;
5927 continue;
5928 }
5929
5930 instance = adv_instance->instance;
5931
5932 if (hdev->cur_adv_instance == instance)
5933 cancel_adv_timeout(hdev);
5934
5935 hci_remove_adv_instance(hdev, instance);
f2252570 5936 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
24b4f38f
AU		 5937 }
5938
5939 if (!cmd)
5940 goto unlock;
5941
fffd38bc
FG		 5942 cp = cmd->param;
5943 rp.instance = cp->instance;
24b4f38f
AU		 5944
5945 if (status)
5946 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5947 mgmt_status(status));
5948 else
5949 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
5950 mgmt_status(status), &rp, sizeof(rp));
5951
5952 mgmt_pending_remove(cmd);
5953
5954unlock:
5955 hci_dev_unlock(hdev);
5956}
5957
5958static int add_advertising(struct sock *sk, struct hci_dev *hdev,
5959 void *data, u16 data_len)
5960{
5961 struct mgmt_cp_add_advertising *cp = data;
5962 struct mgmt_rp_add_advertising rp;
5963 u32 flags;
089fa8c0 5964 u32 supported_flags;
24b4f38f 5965 u8 status;
fffd38bc
FG		 5966 u16 timeout, duration;
5967 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
5968 u8 schedule_instance = 0;
5969 struct adv_info *next_instance;
24b4f38f
AU		 5970 int err;
5971 struct mgmt_pending_cmd *cmd;
5972 struct hci_request req;
5973
5974 BT_DBG("%s", hdev->name);
5975
5976 status = mgmt_le_support(hdev);
5977 if (status)
5978 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
5979 status);
5980
ceff86af
MH		 5981 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
5982 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
5983 MGMT_STATUS_INVALID_PARAMS);
5984
24b4f38f 5985 flags = __le32_to_cpu(cp->flags);
912098a6 5986 timeout = __le16_to_cpu(cp->timeout);
fffd38bc 5987 duration = __le16_to_cpu(cp->duration);
24b4f38f 5988
fffd38bc
FG		 5989 /* The current implementation only supports a subset of the specified
5990 * flags.
089fa8c0
AU		 5991 */
5992 supported_flags = get_supported_adv_flags(hdev);
fffd38bc 5993 if (flags & ~supported_flags)
24b4f38f
AU		 5994 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
5995 MGMT_STATUS_INVALID_PARAMS);
5996
5997 hci_dev_lock(hdev);
5998
912098a6
AU		 5999 if (timeout && !hdev_is_powered(hdev)) {
6000 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6001 MGMT_STATUS_REJECTED);
6002 goto unlock;
6003 }
6004
24b4f38f 6005 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
da929335 6006 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
24b4f38f
AU		 6007 pending_find(MGMT_OP_SET_LE, hdev)) {
6008 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6009 MGMT_STATUS_BUSY);
6010 goto unlock;
6011 }
6012
b44133ff 6013 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
4117ed70 6014 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
b44133ff 6015 cp->scan_rsp_len, false)) {
24b4f38f
AU		 6016 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6017 MGMT_STATUS_INVALID_PARAMS);
6018 goto unlock;
6019 }
6020
fffd38bc
FG		 6021 err = hci_add_adv_instance(hdev, cp->instance, flags,
6022 cp->adv_data_len, cp->data,
6023 cp->scan_rsp_len,
6024 cp->data + cp->adv_data_len,
6025 timeout, duration);
6026 if (err < 0) {
6027 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6028 MGMT_STATUS_FAILED);
6029 goto unlock;
6030 }
24b4f38f 6031
fffd38bc
FG		 6032 /* Only trigger an advertising added event if a new instance was
6033 * actually added.
6034 */
6035 if (hdev->adv_instance_cnt > prev_instance_cnt)
f2252570 6036 mgmt_advertising_added(sk, hdev, cp->instance);
912098a6 6037
fffd38bc 6038 hci_dev_set_flag(hdev, HCI_ADVERTISING_INSTANCE);
912098a6 6039
fffd38bc
FG		 6040 if (hdev->cur_adv_instance == cp->instance) {
6041 /* If the currently advertised instance is being changed then
6042 * cancel the current advertising and schedule the next
6043 * instance. If there is only one instance then the overridden
6044 * advertising data will be visible right away.
6045 */
6046 cancel_adv_timeout(hdev);
912098a6 6047
fffd38bc
FG		 6048 next_instance = hci_get_next_instance(hdev, cp->instance);
6049 if (next_instance)
6050 schedule_instance = next_instance->instance;
6051 } else if (!hdev->adv_instance_timeout) {
6052 /* Immediately advertise the new instance if no other
6053 * instance is currently being advertised.
6054 */
6055 schedule_instance = cp->instance;
6056 }
24b4f38f 6057
fffd38bc
FG		 6058 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6059 * there is no instance to be advertised then we have no HCI
6060 * communication to make. Simply return.
24b4f38f
AU		 6061 */
6062 if (!hdev_is_powered(hdev) ||
fffd38bc
FG		 6063 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6064 !schedule_instance) {
6065 rp.instance = cp->instance;
24b4f38f
AU		 6066 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6067 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6068 goto unlock;
6069 }
6070
6071 /* We're good to go, update advertising data, parameters, and start
6072 * advertising.
6073 */
6074 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6075 data_len);
6076 if (!cmd) {
6077 err = -ENOMEM;
6078 goto unlock;
6079 }
6080
6081 hci_req_init(&req, hdev);
6082
f2252570 6083 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
fffd38bc
FG		 6084
6085 if (!err)
6086 err = hci_req_run(&req, add_advertising_complete);
24b4f38f 6087
24b4f38f
AU		 6088 if (err < 0)
6089 mgmt_pending_remove(cmd);
6090
6091unlock:
6092 hci_dev_unlock(hdev);
6093
6094 return err;
6095}
6096
da929335
AU		 6097static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6098 u16 opcode)
6099{
6100 struct mgmt_pending_cmd *cmd;
01948331 6101 struct mgmt_cp_remove_advertising *cp;
da929335
AU		 6102 struct mgmt_rp_remove_advertising rp;
6103
6104 BT_DBG("status %d", status);
6105
6106 hci_dev_lock(hdev);
6107
6108 /* A failure status here only means that we failed to disable
6109 * advertising. Otherwise, the advertising instance has been removed,
6110 * so report success.
6111 */
6112 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6113 if (!cmd)
6114 goto unlock;
6115
01948331
FG		 6116 cp = cmd->param;
6117 rp.instance = cp->instance;
da929335
AU		 6118
6119 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6120 &rp, sizeof(rp));
6121 mgmt_pending_remove(cmd);
6122
6123unlock:
6124 hci_dev_unlock(hdev);
6125}
6126
6127static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6128 void *data, u16 data_len)
6129{
6130 struct mgmt_cp_remove_advertising *cp = data;
6131 struct mgmt_rp_remove_advertising rp;
da929335
AU		 6132 struct mgmt_pending_cmd *cmd;
6133 struct hci_request req;
952497b1 6134 int err;
da929335
AU		 6135
6136 BT_DBG("%s", hdev->name);
6137
da929335
AU		 6138 hci_dev_lock(hdev);
6139
952497b1 6140 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
01948331
FG		 6141 err = mgmt_cmd_status(sk, hdev->id,
6142 MGMT_OP_REMOVE_ADVERTISING,
6143 MGMT_STATUS_INVALID_PARAMS);
6144 goto unlock;
6145 }
6146
da929335
AU		 6147 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6148 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6149 pending_find(MGMT_OP_SET_LE, hdev)) {
6150 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6151 MGMT_STATUS_BUSY);
6152 goto unlock;
6153 }
6154
6155 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
6156 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6157 MGMT_STATUS_INVALID_PARAMS);
6158 goto unlock;
6159 }
6160
01948331 6161 hci_req_init(&req, hdev);
da929335 6162
f2252570 6163 hci_req_clear_adv_instance(hdev, &req, cp->instance, true);
da929335 6164
01948331 6165 if (list_empty(&hdev->adv_instances))
f2252570 6166 __hci_req_disable_advertising(&req);
da929335 6167
01948331
FG		 6168 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6169 * flag is set or the device isn't powered then we have no HCI
6170 * communication to make. Simply return.
da929335 6171 */
01948331
FG		 6172 if (skb_queue_empty(&req.cmd_q) ||
6173 !hdev_is_powered(hdev) ||
da929335 6174 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
01948331 6175 rp.instance = cp->instance;
da929335
AU		 6176 err = mgmt_cmd_complete(sk, hdev->id,
6177 MGMT_OP_REMOVE_ADVERTISING,
6178 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6179 goto unlock;
6180 }
6181
6182 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6183 data_len);
6184 if (!cmd) {
6185 err = -ENOMEM;
6186 goto unlock;
6187 }
6188
da929335
AU		 6189 err = hci_req_run(&req, remove_advertising_complete);
6190 if (err < 0)
6191 mgmt_pending_remove(cmd);
6192
6193unlock:
6194 hci_dev_unlock(hdev);
6195
6196 return err;
6197}
6198
40b25fe5
MH		 6199static u8 tlv_data_max_len(u32 adv_flags, bool is_adv_data)
6200{
6201 u8 max_len = HCI_MAX_AD_LENGTH;
6202
6203 if (is_adv_data) {
6204 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6205 MGMT_ADV_FLAG_LIMITED_DISCOV |
6206 MGMT_ADV_FLAG_MANAGED_FLAGS))
6207 max_len -= 3;
6208
6209 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6210 max_len -= 3;
6211 }
6212
6213 return max_len;
6214}
6215
6216static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6217 void *data, u16 data_len)
6218{
6219 struct mgmt_cp_get_adv_size_info *cp = data;
6220 struct mgmt_rp_get_adv_size_info rp;
6221 u32 flags, supported_flags;
6222 int err;
6223
6224 BT_DBG("%s", hdev->name);
6225
6226 if (!lmp_le_capable(hdev))
6227 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6228 MGMT_STATUS_REJECTED);
6229
6230 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6231 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6232 MGMT_STATUS_INVALID_PARAMS);
6233
6234 flags = __le32_to_cpu(cp->flags);
6235
6236 /* The current implementation only supports a subset of the specified
6237 * flags.
6238 */
6239 supported_flags = get_supported_adv_flags(hdev);
6240 if (flags & ~supported_flags)
6241 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6242 MGMT_STATUS_INVALID_PARAMS);
6243
6244 rp.instance = cp->instance;
6245 rp.flags = cp->flags;
6246 rp.max_adv_data_len = tlv_data_max_len(flags, true);
6247 rp.max_scan_rsp_len = tlv_data_max_len(flags, false);
6248
6249 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6250 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6251
6252 return err;
6253}
6254
6d785aa3 6255static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6256 { NULL }, /* 0x0000 (no command) */
b9a245fb 6257 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 6258 HCI_MGMT_NO_HDEV |
6259 HCI_MGMT_UNTRUSTED },
b9a245fb 6260 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 6261 HCI_MGMT_NO_HDEV |
6262 HCI_MGMT_UNTRUSTED },
b9a245fb 6263 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 6264 HCI_MGMT_NO_HDEV |
6265 HCI_MGMT_UNTRUSTED },
6266 { read_controller_info, MGMT_READ_INFO_SIZE,
6267 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 6268 { set_powered, MGMT_SETTING_SIZE },
6269 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6270 { set_connectable, MGMT_SETTING_SIZE },
6271 { set_fast_connectable, MGMT_SETTING_SIZE },
6272 { set_bondable, MGMT_SETTING_SIZE },
6273 { set_link_security, MGMT_SETTING_SIZE },
6274 { set_ssp, MGMT_SETTING_SIZE },
6275 { set_hs, MGMT_SETTING_SIZE },
6276 { set_le, MGMT_SETTING_SIZE },
6277 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6278 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6279 { add_uuid, MGMT_ADD_UUID_SIZE },
6280 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 6281 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6282 HCI_MGMT_VAR_LEN },
6283 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6284 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6285 { disconnect, MGMT_DISCONNECT_SIZE },
6286 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6287 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6288 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6289 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6290 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6291 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6292 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6293 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6294 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6295 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6296 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 6297 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6298 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6299 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6300 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6301 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6302 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6303 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6304 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6305 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6306 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6307 { set_advertising, MGMT_SETTING_SIZE },
6308 { set_bredr, MGMT_SETTING_SIZE },
6309 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6310 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6311 { set_secure_conn, MGMT_SETTING_SIZE },
6312 { set_debug_keys, MGMT_SETTING_SIZE },
6313 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 6314 { load_irks, MGMT_LOAD_IRKS_SIZE,
6315 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6316 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6317 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6318 { add_device, MGMT_ADD_DEVICE_SIZE },
6319 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 6320 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6321 HCI_MGMT_VAR_LEN },
6322 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 6323 HCI_MGMT_NO_HDEV |
6324 HCI_MGMT_UNTRUSTED },
b9a245fb 6325 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 6326 HCI_MGMT_UNCONFIGURED |
6327 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 6328 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6329 HCI_MGMT_UNCONFIGURED },
6330 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6331 HCI_MGMT_UNCONFIGURED },
6332 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6333 HCI_MGMT_VAR_LEN },
4f0f155c 6334 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 6335 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 6336 HCI_MGMT_NO_HDEV |
6337 HCI_MGMT_UNTRUSTED },
d3d5305b 6338 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 6339 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6340 HCI_MGMT_VAR_LEN },
da929335 6341 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
40b25fe5 6342 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
0f4e68cf
JH		 6343};
6344
bf6b56db 6345void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6346{
ced85549 6347 struct mgmt_ev_ext_index ev;
bb4b2a9a 6348
0602a8ad
MH		 6349 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6350 return;
6351
f9207338
MH		 6352 switch (hdev->dev_type) {
6353 case HCI_BREDR:
6354 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6355 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6356 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6357 ev.type = 0x01;
f9207338
MH		 6358 } else {
6359 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6360 HCI_MGMT_INDEX_EVENTS);
ced85549 6361 ev.type = 0x00;
f9207338
MH		 6362 }
6363 break;
ced85549
MH		 6364 case HCI_AMP:
6365 ev.type = 0x02;
6366 break;
6367 default:
6368 return;
f9207338 6369 }
ced85549
MH		 6370
6371 ev.bus = hdev->bus;
6372
6373 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6374 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 6375}
6376
bf6b56db 6377void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6378{
ced85549 6379 struct mgmt_ev_ext_index ev;
5f159032 6380 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6381
0602a8ad
MH		 6382 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6383 return;
6384
f9207338
MH		 6385 switch (hdev->dev_type) {
6386 case HCI_BREDR:
6387 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6388
f9207338
MH		 6389 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6390 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6391 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6392 ev.type = 0x01;
f9207338
MH		 6393 } else {
6394 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6395 HCI_MGMT_INDEX_EVENTS);
ced85549 6396 ev.type = 0x00;
f9207338
MH		 6397 }
6398 break;
ced85549
MH		 6399 case HCI_AMP:
6400 ev.type = 0x02;
6401 break;
6402 default:
6403 return;
f9207338 6404 }
ced85549
MH		 6405
6406 ev.bus = hdev->bus;
6407
6408 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6409 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 6410}
6411
6046dc3e 6412/* This function requires the caller holds hdev->lock */
af02dd44 6413static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 6414{
6415 struct hci_conn_params *p;
6416
6417 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6418 /* Needed for AUTO_OFF case where might not "really"
6419 * have been powered off.
6420 */
6421 list_del_init(&p->action);
6422
6423 switch (p->auto_connect) {
4b9e7e75 6424 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6425 case HCI_AUTO_CONN_ALWAYS:
6426 list_add(&p->action, &hdev->pend_le_conns);
6427 break;
6428 case HCI_AUTO_CONN_REPORT:
6429 list_add(&p->action, &hdev->pend_le_reports);
6430 break;
6431 default:
6432 break;
c83ed19d 6433 }
6046dc3e
AG		 6434 }
6435}
6436
1904a853 6437static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 6438{
6439 struct cmd_lookup match = { NULL, hdev };
6440
6441 BT_DBG("status 0x%02x", status);
6442
162a3bac 6443 if (!status) {
af02dd44
JH		 6444 restart_le_actions(hdev);
6445 hci_update_background_scan(hdev);
162a3bac
MH		 6446 }
6447
229ab39c
JH		 6448 hci_dev_lock(hdev);
6449
6450 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6451
6452 new_settings(hdev, match.sk);
6453
6454 hci_dev_unlock(hdev);
6455
6456 if (match.sk)
6457 sock_put(match.sk);
6458}
6459
70da6243 6460static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6461{
890ea898 6462 struct hci_request req;
320b3bf7 6463 struct adv_info *adv_instance;
70da6243 6464 u8 link_sec;
5add6af8 6465
890ea898
JH		 6466 hci_req_init(&req, hdev);
6467
d7a5a11d 6468 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
70da6243 6469 !lmp_host_ssp_capable(hdev)) {
574ea3c7 6470 u8 mode = 0x01;
5e5282bb 6471
574ea3c7
MH		 6472 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6473
6474 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6475 u8 support = 0x01;
5add6af8 6476
574ea3c7
MH		 6477 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6478 sizeof(support), &support);
6479 }
ec6f99b8
JH		 6480 }
6481
d7a5a11d 6482 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
c73eee91 6483 lmp_bredr_capable(hdev)) {
70da6243 6484 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6485
32226e4f
MH		 6486 cp.le = 0x01;
6487 cp.simul = 0x00;
3d1cbdd6 6488
70da6243
JH		 6489 /* Check first if we already have the right
6490 * host state (host features set)
6491 */
6492 if (cp.le != lmp_host_le_capable(hdev) ||
6493 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6494 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6495 sizeof(cp), &cp);
70da6243 6496 }
3d1cbdd6 6497
d13eafce 6498 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6499 /* Make sure the controller has a good default for
6500 * advertising data. This also applies to the case
6501 * where BR/EDR was toggled during the AUTO_OFF phase.
6502 */
320b3bf7
FG		 6503 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
6504 (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6505 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))) {
f2252570
JH		 6506 __hci_req_update_adv_data(&req, HCI_ADV_CURRENT);
6507 __hci_req_update_scan_rsp_data(&req, HCI_ADV_CURRENT);
f14d8f64 6508 }
441ad2d0 6509
320b3bf7
FG		 6510 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
6511 hdev->cur_adv_instance == 0x00 &&
6512 !list_empty(&hdev->adv_instances)) {
6513 adv_instance = list_first_entry(&hdev->adv_instances,
6514 struct adv_info, list);
6515 hdev->cur_adv_instance = adv_instance->instance;
6516 }
6517
6518 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
f2252570 6519 __hci_req_enable_advertising(&req);
320b3bf7
FG		 6520 else if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
6521 hdev->cur_adv_instance)
f2252570
JH		 6522 __hci_req_schedule_adv_instance(&req,
6523 hdev->cur_adv_instance,
6524 true);
eeca6f89
JH		 6525 }
6526
d7a5a11d 6527 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
70da6243 6528 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6529 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6530 sizeof(link_sec), &link_sec);
562fcc24 6531
70da6243 6532 if (lmp_bredr_capable(hdev)) {
d7a5a11d 6533 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
bf943cbf 6534 __hci_req_write_fast_connectable(&req, true);
406ef2a6 6535 else
bf943cbf 6536 __hci_req_write_fast_connectable(&req, false);
01b1cb87 6537 __hci_req_update_scan(&req);
14bf5eac 6538 __hci_req_update_class(&req);
00cf5040 6539 __hci_req_update_name(&req);
b1a8917c 6540 __hci_req_update_eir(&req);
70da6243 6541 }
562fcc24 6542
229ab39c 6543 return hci_req_run(&req, powered_complete);
70da6243 6544}
562fcc24 6545
70da6243
JH		 6546int mgmt_powered(struct hci_dev *hdev, u8 powered)
6547{
6548 struct cmd_lookup match = { NULL, hdev };
9845904f 6549 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6550 int err;
f0ff92fb 6551
d7a5a11d 6552 if (!hci_dev_test_flag(hdev, HCI_MGMT))
70da6243
JH		 6553 return 0;
6554
70da6243 6555 if (powered) {
e59a5542
AK		 6556 /* Register the available SMP channels (BR/EDR and LE) only
6557 * when successfully powering on the controller. This late
6558 * registration is required so that LE SMP can clearly
6559 * decide if the public address or static address is used.
6560 */
6561 smp_register(hdev);
6562
229ab39c
JH		 6563 if (powered_update_hci(hdev) == 0)
6564 return 0;
fe038884 6565
229ab39c
JH		 6566 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6567 &match);
6568 goto new_settings;
b24752fe
JH		 6569 }
6570
229ab39c 6571 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6572
6573 /* If the power off is because of hdev unregistration let
6574 * use the appropriate INVALID_INDEX status. Otherwise use
6575 * NOT_POWERED. We cover both scenarios here since later in
6576 * mgmt_index_removed() any hci_conn callbacks will have already
6577 * been triggered, potentially causing misleading DISCONNECTED
6578 * status responses.
6579 */
d7a5a11d 6580 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 6581 status = MGMT_STATUS_INVALID_INDEX;
6582 else
6583 status = MGMT_STATUS_NOT_POWERED;
6584
6585 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6586
6587 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
f6b7712e
MH		 6588 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6589 zero_cod, sizeof(zero_cod), NULL);
229ab39c
JH		 6590
6591new_settings:
beadb2bd 6592 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6593
6594 if (match.sk)
6595 sock_put(match.sk);
6596
7bb895d6 6597 return err;
5add6af8 6598}
73f22f62 6599
3eec705e 6600void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 6601{
3b0602cd 6602 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 6603 u8 status;
6604
333ae95d 6605 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 6606 if (!cmd)
3eec705e 6607 return;
96570ffc
JH		 6608
6609 if (err == -ERFKILL)
6610 status = MGMT_STATUS_RFKILLED;
6611 else
6612 status = MGMT_STATUS_FAILED;
6613
a69e8375 6614 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6615
6616 mgmt_pending_remove(cmd);
96570ffc
JH		 6617}
6618
dc4a5ee2
MH		 6619void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6620 bool persistent)
55ed8ca1 6621{
86742e1e 6622 struct mgmt_ev_new_link_key ev;
55ed8ca1 6623
a492cd52 6624 memset(&ev, 0, sizeof(ev));
55ed8ca1 6625
a492cd52 6626 ev.store_hint = persistent;
d753fdc4 6627 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6628 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6629 ev.key.type = key->type;
9b3b4460 6630 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6631 ev.key.pin_len = key->pin_len;
55ed8ca1 6632
dc4a5ee2 6633 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6634}
f7520543 6635
d7b25450
JH		 6636static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6637{
23fb8de3
JH		 6638 switch (ltk->type) {
6639 case SMP_LTK:
6640 case SMP_LTK_SLAVE:
6641 if (ltk->authenticated)
6642 return MGMT_LTK_AUTHENTICATED;
6643 return MGMT_LTK_UNAUTHENTICATED;
6644 case SMP_LTK_P256:
6645 if (ltk->authenticated)
6646 return MGMT_LTK_P256_AUTH;
6647 return MGMT_LTK_P256_UNAUTH;
6648 case SMP_LTK_P256_DEBUG:
6649 return MGMT_LTK_P256_DEBUG;
6650 }
d7b25450
JH		 6651
6652 return MGMT_LTK_UNAUTHENTICATED;
6653}
6654
53ac6ab6 6655void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6656{
6657 struct mgmt_ev_new_long_term_key ev;
6658
6659 memset(&ev, 0, sizeof(ev));
6660
5192d301 6661 /* Devices using resolvable or non-resolvable random addresses
f72186d2 6662 * without providing an identity resolving key don't require
5192d301
MH		 6663 * to store long term keys. Their addresses will change the
6664 * next time around.
6665 *
6666 * Only when a remote device provides an identity address
6667 * make sure the long term key is stored. If the remote
6668 * identity is known, the long term keys are internally
6669 * mapped to the identity address. So allow static random
6670 * and public addresses here.
6671 */
ba74b666
JH		 6672 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6673 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6674 ev.store_hint = 0x00;
6675 else
53ac6ab6 6676 ev.store_hint = persistent;
ba74b666 6677
346af67b 6678 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6679 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6680 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6681 ev.key.enc_size = key->enc_size;
6682 ev.key.ediv = key->ediv;
fe39c7b2 6683 ev.key.rand = key->rand;
346af67b 6684
2ceba539 6685 if (key->type == SMP_LTK)
346af67b
VCG		 6686 ev.key.master = 1;
6687
1fc62c52
JH		 6688 /* Make sure we copy only the significant bytes based on the
6689 * encryption key size, and set the rest of the value to zeroes.
6690 */
cb92205b 6691 memcpy(ev.key.val, key->val, key->enc_size);
1fc62c52
JH		 6692 memset(ev.key.val + key->enc_size, 0,
6693 sizeof(ev.key.val) - key->enc_size);
346af67b 6694
083368f7 6695 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6696}
6697
cad20c27 6698void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
95fbac8a
JH		 6699{
6700 struct mgmt_ev_new_irk ev;
6701
6702 memset(&ev, 0, sizeof(ev));
6703
cad20c27 6704 ev.store_hint = persistent;
bab6d1e5 6705
95fbac8a
JH		 6706 bacpy(&ev.rpa, &irk->rpa);
6707 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6708 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6709 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6710
6711 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6712}
6713
53ac6ab6
MH		 6714void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6715 bool persistent)
7ee4ea36
MH		 6716{
6717 struct mgmt_ev_new_csrk ev;
6718
6719 memset(&ev, 0, sizeof(ev));
6720
6721 /* Devices using resolvable or non-resolvable random addresses
f72186d2 6722 * without providing an identity resolving key don't require
7ee4ea36
MH		 6723 * to store signature resolving keys. Their addresses will change
6724 * the next time around.
6725 *
6726 * Only when a remote device provides an identity address
6727 * make sure the signature resolving key is stored. So allow
6728 * static random and public addresses here.
6729 */
6730 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6731 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6732 ev.store_hint = 0x00;
6733 else
53ac6ab6 6734 ev.store_hint = persistent;
7ee4ea36
MH		 6735
6736 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6737 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 6738 ev.key.type = csrk->type;
7ee4ea36
MH		 6739 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6740
6741 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6742}
6743
ffb5a827 6744void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6745 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6746 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6747{
6748 struct mgmt_ev_new_conn_param ev;
6749
c103aea6
JH		 6750 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6751 return;
6752
ffb5a827
AG		 6753 memset(&ev, 0, sizeof(ev));
6754 bacpy(&ev.addr.bdaddr, bdaddr);
6755 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6756 ev.store_hint = store_hint;
ffb5a827
AG		 6757 ev.min_interval = cpu_to_le16(min_interval);
6758 ev.max_interval = cpu_to_le16(max_interval);
6759 ev.latency = cpu_to_le16(latency);
6760 ev.timeout = cpu_to_le16(timeout);
6761
6762 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6763}
6764
48ec92fa
AA		 6765void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6766 u32 flags, u8 *name, u8 name_len)
f7520543 6767{
b644ba33
JH		 6768 char buf[512];
6769 struct mgmt_ev_device_connected *ev = (void *) buf;
6770 u16 eir_len = 0;
f7520543 6771
48ec92fa
AA		 6772 bacpy(&ev->addr.bdaddr, &conn->dst);
6773 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6774
c95f0ba7 6775 ev->flags = __cpu_to_le32(flags);
08c79b61 6776
fd45ada9
AA		 6777 /* We must ensure that the EIR Data fields are ordered and
6778 * unique. Keep it simple for now and avoid the problem by not
6779 * adding any BR/EDR data to the LE adv.
6780 */
6781 if (conn->le_adv_data_len > 0) {
6782 memcpy(&ev->eir[eir_len],
6783 conn->le_adv_data, conn->le_adv_data_len);
6784 eir_len = conn->le_adv_data_len;
6785 } else {
6786 if (name_len > 0)
6787 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6788 name, name_len);
b644ba33 6789
ddbea5cf 6790 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6791 eir_len = eir_append_data(ev->eir, eir_len,
6792 EIR_CLASS_OF_DEV,
6793 conn->dev_class, 3);
6794 }
b644ba33 6795
eb55ef07 6796 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6797
ecd90ae7
MH		 6798 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6799 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6800}
6801
3b0602cd 6802static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 6803{
8962ee74 6804 struct sock **sk = data;
8962ee74 6805
f5818c22 6806 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6807
6808 *sk = cmd->sk;
6809 sock_hold(*sk);
6810
a664b5bc 6811 mgmt_pending_remove(cmd);
8962ee74
JH		 6812}
6813
3b0602cd 6814static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 6815{
b1078ad0 6816 struct hci_dev *hdev = data;
124f6e35 6817 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6818
b1078ad0
JH		 6819 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6820
d8b7b1e4 6821 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6822 mgmt_pending_remove(cmd);
6823}
6824
84c61d92
JH		 6825bool mgmt_powering_down(struct hci_dev *hdev)
6826{
3b0602cd 6827 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 6828 struct mgmt_mode *cp;
6829
333ae95d 6830 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 6831 if (!cmd)
6832 return false;
6833
6834 cp = cmd->param;
6835 if (!cp->val)
6836 return true;
6837
6838 return false;
6839}
6840
9b80ec5e 6841void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6842 u8 link_type, u8 addr_type, u8 reason,
6843 bool mgmt_connected)
f7520543 6844{
f0d6a0ea 6845 struct mgmt_ev_device_disconnected ev;
8962ee74 6846 struct sock *sk = NULL;
8962ee74 6847
84c61d92
JH		 6848 /* The connection is still in hci_conn_hash so test for 1
6849 * instead of 0 to know if this is the last one.
6850 */
6851 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6852 cancel_delayed_work(&hdev->power_off);
6853 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6854 }
6855
12d4a3b2
JH		 6856 if (!mgmt_connected)
6857 return;
6858
57eb776f
AG		 6859 if (link_type != ACL_LINK && link_type != LE_LINK)
6860 return;
6861
744cf19e 6862 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6863
f0d6a0ea
MA		 6864 bacpy(&ev.addr.bdaddr, bdaddr);
6865 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6866 ev.reason = reason;
f7520543 6867
9b80ec5e 6868 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6869
6870 if (sk)
d97dcb66 6871 sock_put(sk);
8962ee74 6872
124f6e35 6873 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6874 hdev);
8962ee74
JH		 6875}
6876
7892924c
MH		 6877void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6878 u8 link_type, u8 addr_type, u8 status)
8962ee74 6879{
3655bba8
AG		 6880 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6881 struct mgmt_cp_disconnect *cp;
3b0602cd 6882 struct mgmt_pending_cmd *cmd;
8962ee74 6883
36a75f1b
JD		 6884 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6885 hdev);
6886
333ae95d 6887 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6888 if (!cmd)
7892924c 6889 return;
8962ee74 6890
3655bba8
AG		 6891 cp = cmd->param;
6892
6893 if (bacmp(bdaddr, &cp->addr.bdaddr))
6894 return;
6895
6896 if (cp->addr.type != bdaddr_type)
6897 return;
6898
f5818c22 6899 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6900 mgmt_pending_remove(cmd);
f7520543 6901}
17d5c04c 6902
445608d0
MH		 6903void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6904 u8 addr_type, u8 status)
17d5c04c
JH		 6905{
6906 struct mgmt_ev_connect_failed ev;
c9910d0f 6907
84c61d92
JH		 6908 /* The connection is still in hci_conn_hash so test for 1
6909 * instead of 0 to know if this is the last one.
6910 */
6911 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6912 cancel_delayed_work(&hdev->power_off);
6913 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6914 }
17d5c04c 6915
4c659c39 6916 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6917 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6918 ev.status = mgmt_status(status);
17d5c04c 6919
445608d0 6920 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6921}
980e1a53 6922
ce0e4a0d 6923void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6924{
6925 struct mgmt_ev_pin_code_request ev;
6926
d8457698 6927 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6928 ev.addr.type = BDADDR_BREDR;
a770bb5a 6929 ev.secure = secure;
980e1a53 6930
ce0e4a0d 6931 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6932}
6933
e669cf80
MH		 6934void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6935 u8 status)
980e1a53 6936{
3b0602cd 6937 struct mgmt_pending_cmd *cmd;
980e1a53 6938
333ae95d 6939 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6940 if (!cmd)
e669cf80 6941 return;
980e1a53 6942
7776d1d8 6943 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6944 mgmt_pending_remove(cmd);
980e1a53
JH		 6945}
6946
3eb38528
MH		 6947void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6948 u8 status)
980e1a53 6949{
3b0602cd 6950 struct mgmt_pending_cmd *cmd;
980e1a53 6951
333ae95d 6952 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6953 if (!cmd)
3eb38528 6954 return;
980e1a53 6955
7776d1d8 6956 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6957 mgmt_pending_remove(cmd);
980e1a53 6958}
a5c29683 6959
744cf19e 6960int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6961 u8 link_type, u8 addr_type, u32 value,
04124681 6962 u8 confirm_hint)
a5c29683
JH		 6963{
6964 struct mgmt_ev_user_confirm_request ev;
6965
744cf19e 6966 BT_DBG("%s", hdev->name);
a5c29683 6967
272d90df 6968 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6969 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6970 ev.confirm_hint = confirm_hint;
39adbffe 6971 ev.value = cpu_to_le32(value);
a5c29683 6972
744cf19e 6973 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6974 NULL);
a5c29683
JH		 6975}
6976
272d90df 6977int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6978 u8 link_type, u8 addr_type)
604086b7
BG		 6979{
6980 struct mgmt_ev_user_passkey_request ev;
6981
6982 BT_DBG("%s", hdev->name);
6983
272d90df 6984 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6985 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6986
6987 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6988 NULL);
604086b7
BG		 6989}
6990
0df4c185 6991static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6992 u8 link_type, u8 addr_type, u8 status,
6993 u8 opcode)
a5c29683 6994{
3b0602cd 6995 struct mgmt_pending_cmd *cmd;
a5c29683 6996
333ae95d 6997 cmd = pending_find(opcode, hdev);
a5c29683
JH		 6998 if (!cmd)
6999 return -ENOENT;
7000
7776d1d8 7001 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7002 mgmt_pending_remove(cmd);
a5c29683 7003
7776d1d8 7004 return 0;
a5c29683
JH		 7005}
7006
744cf19e 7007int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7008 u8 link_type, u8 addr_type, u8 status)
a5c29683 7009{
272d90df 7010 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7011 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7012}
7013
272d90df 7014int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7015 u8 link_type, u8 addr_type, u8 status)
a5c29683 7016{
272d90df 7017 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7018 status,
7019 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7020}
2a611692 7021
604086b7 7022int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7023 u8 link_type, u8 addr_type, u8 status)
604086b7 7024{
272d90df 7025 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7026 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7027}
7028
272d90df 7029int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7030 u8 link_type, u8 addr_type, u8 status)
604086b7 7031{
272d90df 7032 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7033 status,
7034 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7035}
7036
92a25256
JH		 7037int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7038 u8 link_type, u8 addr_type, u32 passkey,
7039 u8 entered)
7040{
7041 struct mgmt_ev_passkey_notify ev;
7042
7043 BT_DBG("%s", hdev->name);
7044
7045 bacpy(&ev.addr.bdaddr, bdaddr);
7046 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7047 ev.passkey = __cpu_to_le32(passkey);
7048 ev.entered = entered;
7049
7050 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7051}
7052
e1e930f5 7053void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7054{
7055 struct mgmt_ev_auth_failed ev;
3b0602cd 7056 struct mgmt_pending_cmd *cmd;
e1e930f5 7057 u8 status = mgmt_status(hci_status);
2a611692 7058
e1e930f5
JH		 7059 bacpy(&ev.addr.bdaddr, &conn->dst);
7060 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7061 ev.status = status;
2a611692 7062
e1e930f5
JH		 7063 cmd = find_pairing(conn);
7064
7065 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7066 cmd ? cmd->sk : NULL);
7067
a511b35b
JH		 7068 if (cmd) {
7069 cmd->cmd_complete(cmd, status);
7070 mgmt_pending_remove(cmd);
7071 }
2a611692 7072}
b312b161 7073
464996ae 7074void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7075{
7076 struct cmd_lookup match = { NULL, hdev };
464996ae 7077 bool changed;
33ef95ed
JH		 7078
7079 if (status) {
7080 u8 mgmt_err = mgmt_status(status);
7081 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7082 cmd_status_rsp, &mgmt_err);
464996ae 7083 return;
33ef95ed
JH		 7084 }
7085
464996ae 7086 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7087 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7088 else
a69d8927 7089 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 7090
33ef95ed 7091 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7092 &match);
33ef95ed 7093
47990ea0 7094 if (changed)
464996ae 7095 new_settings(hdev, match.sk);
33ef95ed
JH		 7096
7097 if (match.sk)
7098 sock_put(match.sk);
33ef95ed
JH		 7099}
7100
890ea898 7101static void clear_eir(struct hci_request *req)
cacaf52f 7102{
890ea898 7103 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7104 struct hci_cp_write_eir cp;
7105
976eb20e 7106 if (!lmp_ext_inq_capable(hdev))
890ea898 7107 return;
cacaf52f 7108
c80da27e
JH		 7109 memset(hdev->eir, 0, sizeof(hdev->eir));
7110
cacaf52f
JH		 7111 memset(&cp, 0, sizeof(cp));
7112
890ea898 7113 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7114}
7115
3e248560 7116void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7117{
7118 struct cmd_lookup match = { NULL, hdev };
890ea898 7119 struct hci_request req;
c0ecddc2 7120 bool changed = false;
ed2c4ee3
JH		 7121
7122 if (status) {
7123 u8 mgmt_err = mgmt_status(status);
c0ecddc2 7124
a69d8927
MH		 7125 if (enable && hci_dev_test_and_clear_flag(hdev,
7126 HCI_SSP_ENABLED)) {
a358dc11 7127 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 7128 new_settings(hdev, NULL);
9ecb3e24 7129 }
c0ecddc2 7130
04124681
GP		 7131 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7132 &mgmt_err);
3e248560 7133 return;
c0ecddc2
JH		 7134 }
7135
7136 if (enable) {
238be788 7137 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7138 } else {
a69d8927 7139 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7140 if (!changed)
a69d8927
MH		 7141 changed = hci_dev_test_and_clear_flag(hdev,
7142 HCI_HS_ENABLED);
9ecb3e24 7143 else
a358dc11 7144 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7145 }
7146
7147 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7148
c0ecddc2 7149 if (changed)
3e248560 7150 new_settings(hdev, match.sk);
ed2c4ee3 7151
5fc6ebb1 7152 if (match.sk)
ed2c4ee3
JH		 7153 sock_put(match.sk);
7154
890ea898
JH		 7155 hci_req_init(&req, hdev);
7156
d7a5a11d
MH		 7157 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7158 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7159 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7160 sizeof(enable), &enable);
b1a8917c 7161 __hci_req_update_eir(&req);
3769972b 7162 } else {
890ea898 7163 clear_eir(&req);
3769972b 7164 }
890ea898
JH		 7165
7166 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7167}
7168
3b0602cd 7169static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7170{
7171 struct cmd_lookup *match = data;
7172
90e70454
JH		 7173 if (match->sk == NULL) {
7174 match->sk = cmd->sk;
7175 sock_hold(match->sk);
7176 }
90e70454
JH		 7177}
7178
4e1b0245
MH		 7179void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7180 u8 status)
7f9a903c 7181{
90e70454 7182 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7183
92da6097
JH		 7184 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7185 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7186 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7187
7188 if (!status)
f6b7712e
MH		 7189 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7190 dev_class, 3, NULL);
90e70454
JH		 7191
7192 if (match.sk)
7193 sock_put(match.sk);
7f9a903c
MH		 7194}
7195
7667da34 7196void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7197{
b312b161 7198 struct mgmt_cp_set_local_name ev;
3b0602cd 7199 struct mgmt_pending_cmd *cmd;
28cc7bde 7200
13928971 7201 if (status)
7667da34 7202 return;
b312b161
JH		 7203
7204 memset(&ev, 0, sizeof(ev));
7205 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7206 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7207
333ae95d 7208 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7209 if (!cmd) {
7210 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7211
13928971
JH		 7212 /* If this is a HCI command related to powering on the
7213 * HCI dev don't send any mgmt signals.
7214 */
333ae95d 7215 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7216 return;
890ea898 7217 }
b312b161 7218
f6b7712e
MH		 7219 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7220 cmd ? cmd->sk : NULL);
b312b161 7221}
c35938b2 7222
799ce93d
JP		 7223static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7224{
7225 int i;
7226
7227 for (i = 0; i < uuid_count; i++) {
7228 if (!memcmp(uuid, uuids[i], 16))
7229 return true;
7230 }
7231
7232 return false;
7233}
7234
b487b9ce
MH		 7235static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7236{
799ce93d
JP		 7237 u16 parsed = 0;
7238
7239 while (parsed < eir_len) {
7240 u8 field_len = eir[0];
7241 u8 uuid[16];
7242 int i;
7243
7244 if (field_len == 0)
7245 break;
7246
7247 if (eir_len - parsed < field_len + 1)
7248 break;
7249
7250 switch (eir[1]) {
7251 case EIR_UUID16_ALL:
7252 case EIR_UUID16_SOME:
7253 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7254 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7255 uuid[13] = eir[i + 3];
7256 uuid[12] = eir[i + 2];
7257 if (has_uuid(uuid, uuid_count, uuids))
7258 return true;
7259 }
7260 break;
7261 case EIR_UUID32_ALL:
7262 case EIR_UUID32_SOME:
7263 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7264 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7265 uuid[15] = eir[i + 5];
7266 uuid[14] = eir[i + 4];
7267 uuid[13] = eir[i + 3];
7268 uuid[12] = eir[i + 2];
7269 if (has_uuid(uuid, uuid_count, uuids))
7270 return true;
7271 }
7272 break;
7273 case EIR_UUID128_ALL:
7274 case EIR_UUID128_SOME:
7275 for (i = 0; i + 17 <= field_len; i += 16) {
7276 memcpy(uuid, eir + i + 2, 16);
7277 if (has_uuid(uuid, uuid_count, uuids))
7278 return true;
7279 }
7280 break;
7281 }
7282
7283 parsed += field_len + 1;
7284 eir += field_len + 1;
7285 }
7286
b487b9ce
MH		 7287 return false;
7288}
7289
4b0e0ced
JP		 7290static void restart_le_scan(struct hci_dev *hdev)
7291{
7292 /* If controller is not scanning we are done. */
d7a5a11d 7293 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 7294 return;
7295
7296 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7297 hdev->discovery.scan_start +
7298 hdev->discovery.scan_duration))
7299 return;
7300
7c1fbed2 7301 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
4b0e0ced
JP		 7302 DISCOV_LE_RESTART_DELAY);
7303}
7304
48f86b7f
JP		 7305static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7306 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7307{
48f86b7f
JP		 7308 /* If a RSSI threshold has been specified, and
7309 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7310 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7311 * is set, let it through for further processing, as we might need to
7312 * restart the scan.
efb2513f
MH		 7313 *
7314 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7315 * the results are also dropped.
bda157a4
MH		 7316 */
7317 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7318 (rssi == HCI_RSSI_INVALID ||
7319 (rssi < hdev->discovery.rssi &&
7320 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7321 return false;
efb2513f 7322
2976cdeb
JP		 7323 if (hdev->discovery.uuid_count != 0) {
7324 /* If a list of UUIDs is provided in filter, results with no
7325 * matching UUID should be dropped.
b487b9ce 7326 */
2976cdeb
JP		 7327 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7328 hdev->discovery.uuids) &&
7329 !eir_has_uuids(scan_rsp, scan_rsp_len,
7330 hdev->discovery.uuid_count,
7331 hdev->discovery.uuids))
7332 return false;
b487b9ce 7333 }
5d2e9fad 7334
2976cdeb
JP		 7335 /* If duplicate filtering does not report RSSI changes, then restart
7336 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7337 */
2976cdeb
JP		 7338 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7339 restart_le_scan(hdev);
7340
7341 /* Validate RSSI value against the RSSI threshold once more. */
7342 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7343 rssi < hdev->discovery.rssi)
7344 return false;
7345 }
48f86b7f
JP		 7346
7347 return true;
7348}
7349
7350void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7351 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7352 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7353{
7354 char buf[512];
7355 struct mgmt_ev_device_found *ev = (void *)buf;
7356 size_t ev_size;
7357
7358 /* Don't send events for a non-kernel initiated discovery. With
7359 * LE one exception is if we have pend_le_reports > 0 in which
7360 * case we're doing passive scanning and want these events.
7361 */
7362 if (!hci_discovery_active(hdev)) {
7363 if (link_type == ACL_LINK)
7364 return;
7365 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7366 return;
7367 }
7368
82f8b651 7369 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7370 /* We are using service discovery */
7371 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7372 scan_rsp_len))
7373 return;
7374 }
7375
7376 /* Make sure that the buffer is big enough. The 5 extra bytes
7377 * are for the potential CoD field.
7378 */
7379 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7380 return;
7381
48f86b7f
JP		 7382 memset(buf, 0, sizeof(buf));
7383
7384 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7385 * RSSI value was reported as 0 when not available. This behavior
7386 * is kept when using device discovery. This is required for full
7387 * backwards compatibility with the API.
7388 *
7389 * However when using service discovery, the value 127 will be
7390 * returned when the RSSI is not available.
7391 */
7392 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7393 link_type == ACL_LINK)
7394 rssi = 0;
7395
7396 bacpy(&ev->addr.bdaddr, bdaddr);
7397 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7398 ev->rssi = rssi;
7399 ev->flags = cpu_to_le32(flags);
7400
7401 if (eir_len > 0)
7402 /* Copy EIR or advertising data into event */
7403 memcpy(ev->eir, eir, eir_len);
7404
7405 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7406 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7407 dev_class, 3);
7408
7409 if (scan_rsp_len > 0)
7410 /* Append scan response data to event */
7411 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7412
5d2e9fad
JH		 7413 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7414 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7415
901801b9 7416 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7417}
a88a9652 7418
9cf12aee
MH		 7419void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7420 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7421{
b644ba33
JH		 7422 struct mgmt_ev_device_found *ev;
7423 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7424 u16 eir_len;
a88a9652 7425
b644ba33 7426 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7427
b644ba33
JH		 7428 memset(buf, 0, sizeof(buf));
7429
7430 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7431 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7432 ev->rssi = rssi;
7433
7434 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7435 name_len);
b644ba33 7436
eb55ef07 7437 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7438
9cf12aee 7439 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7440}
314b2381 7441
2f1e063b 7442void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7443{
f963e8e9 7444 struct mgmt_ev_discovering ev;
164a6e78 7445
343fb145
AG		 7446 BT_DBG("%s discovering %u", hdev->name, discovering);
7447
f963e8e9
JH		 7448 memset(&ev, 0, sizeof(ev));
7449 ev.type = hdev->discovery.type;
7450 ev.discovering = discovering;
7451
2f1e063b 7452 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7453}
5e762444 7454
6d785aa3
JH		 7455static struct hci_mgmt_chan chan = {
7456 .channel = HCI_CHANNEL_CONTROL,
7457 .handler_count = ARRAY_SIZE(mgmt_handlers),
7458 .handlers = mgmt_handlers,
88b94ce9 7459 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 7460};
7461
7462int mgmt_init(void)
7463{
7464 return hci_mgmt_chan_register(&chan);
7465}
7466
7467void mgmt_exit(void)
7468{
7469 hci_mgmt_chan_unregister(&chan);
7470}
Linux kernel - Deliverables
This page took 0.985041 seconds and 5 git commands to generate.