projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Make is_identity_address a global function
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
730f091b 38#define MGMT_REVISION 7
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 89 MGMT_OP_ADD_DEVICE,
90 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 91 MGMT_OP_LOAD_CONN_PARAM,
e70bb2e8
JH		 92};
93
94static const u16 mgmt_events[] = {
95 MGMT_EV_CONTROLLER_ERROR,
96 MGMT_EV_INDEX_ADDED,
97 MGMT_EV_INDEX_REMOVED,
98 MGMT_EV_NEW_SETTINGS,
99 MGMT_EV_CLASS_OF_DEV_CHANGED,
100 MGMT_EV_LOCAL_NAME_CHANGED,
101 MGMT_EV_NEW_LINK_KEY,
102 MGMT_EV_NEW_LONG_TERM_KEY,
103 MGMT_EV_DEVICE_CONNECTED,
104 MGMT_EV_DEVICE_DISCONNECTED,
105 MGMT_EV_CONNECT_FAILED,
106 MGMT_EV_PIN_CODE_REQUEST,
107 MGMT_EV_USER_CONFIRM_REQUEST,
108 MGMT_EV_USER_PASSKEY_REQUEST,
109 MGMT_EV_AUTH_FAILED,
110 MGMT_EV_DEVICE_FOUND,
111 MGMT_EV_DISCOVERING,
112 MGMT_EV_DEVICE_BLOCKED,
113 MGMT_EV_DEVICE_UNBLOCKED,
114 MGMT_EV_DEVICE_UNPAIRED,
92a25256 115 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 116 MGMT_EV_NEW_IRK,
7ee4ea36 117 MGMT_EV_NEW_CSRK,
8afef092
MH		 118 MGMT_EV_DEVICE_ADDED,
119 MGMT_EV_DEVICE_REMOVED,
ffb5a827 120 MGMT_EV_NEW_CONN_PARAM,
e70bb2e8
JH		 121};
122
17b02e62 123#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 124
4b34ee78
JH		 125#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
126 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
127
eec8d2bc
JH		 128struct pending_cmd {
129 struct list_head list;
fc2f4b13 130 u16 opcode;
eec8d2bc 131 int index;
c68fb7ff 132 void *param;
eec8d2bc 133 struct sock *sk;
e9a416b5 134 void *user_data;
eec8d2bc
JH		 135};
136
ca69b795
JH		 137/* HCI to MGMT error code conversion table */
138static u8 mgmt_status_table[] = {
139 MGMT_STATUS_SUCCESS,
140 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
141 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
142 MGMT_STATUS_FAILED, /* Hardware Failure */
143 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
144 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 145 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 146 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
147 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
148 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
149 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
150 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
151 MGMT_STATUS_BUSY, /* Command Disallowed */
152 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
153 MGMT_STATUS_REJECTED, /* Rejected Security */
154 MGMT_STATUS_REJECTED, /* Rejected Personal */
155 MGMT_STATUS_TIMEOUT, /* Host Timeout */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
157 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
158 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
159 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
160 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
161 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
162 MGMT_STATUS_BUSY, /* Repeated Attempts */
163 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
164 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
165 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
166 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
167 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
168 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
169 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
170 MGMT_STATUS_FAILED, /* Unspecified Error */
171 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
172 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
173 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
174 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
175 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
176 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
177 MGMT_STATUS_FAILED, /* Unit Link Key Used */
178 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
179 MGMT_STATUS_TIMEOUT, /* Instant Passed */
180 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
181 MGMT_STATUS_FAILED, /* Transaction Collision */
182 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
183 MGMT_STATUS_REJECTED, /* QoS Rejected */
184 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
185 MGMT_STATUS_REJECTED, /* Insufficient Security */
186 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
187 MGMT_STATUS_BUSY, /* Role Switch Pending */
188 MGMT_STATUS_FAILED, /* Slot Violation */
189 MGMT_STATUS_FAILED, /* Role Switch Failed */
190 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
191 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
192 MGMT_STATUS_BUSY, /* Host Busy Pairing */
193 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
194 MGMT_STATUS_BUSY, /* Controller Busy */
195 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
196 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
197 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
198 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
199 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
200};
201
202static u8 mgmt_status(u8 hci_status)
203{
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
206
207 return MGMT_STATUS_FAILED;
208}
209
4e51eae9 210static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 211{
212 struct sk_buff *skb;
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
56b7d137 215 int err;
f7b64e69 216
34eb525c 217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 218
790eff44 219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 220 if (!skb)
221 return -ENOMEM;
222
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
224
dcf4adbf 225 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 226 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 227 hdr->len = cpu_to_le16(sizeof(*ev));
228
229 ev = (void *) skb_put(skb, sizeof(*ev));
230 ev->status = status;
eb55ef07 231 ev->opcode = cpu_to_le16(cmd);
f7b64e69 232
56b7d137
GP		 233 err = sock_queue_rcv_skb(sk, skb);
234 if (err < 0)
f7b64e69
JH		 235 kfree_skb(skb);
236
56b7d137 237 return err;
f7b64e69
JH		 238}
239
aee9b218 240static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 241 void *rp, size_t rp_len)
02d98129
JH		 242{
243 struct sk_buff *skb;
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
56b7d137 246 int err;
02d98129
JH		 247
248 BT_DBG("sock %p", sk);
249
790eff44 250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 251 if (!skb)
252 return -ENOMEM;
253
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 255
dcf4adbf 256 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 257 hdr->index = cpu_to_le16(index);
a38528f1 258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 259
a38528f1 260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 261 ev->opcode = cpu_to_le16(cmd);
aee9b218 262 ev->status = status;
8020c16a
SJ		 263
264 if (rp)
265 memcpy(ev->data, rp, rp_len);
02d98129 266
56b7d137
GP		 267 err = sock_queue_rcv_skb(sk, skb);
268 if (err < 0)
02d98129
JH		 269 kfree_skb(skb);
270
e5f0e151 271 return err;
02d98129
JH		 272}
273
04124681
GP		 274static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
275 u16 data_len)
a38528f1
JH		 276{
277 struct mgmt_rp_read_version rp;
278
279 BT_DBG("sock %p", sk);
280
281 rp.version = MGMT_VERSION;
dcf4adbf 282 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 283
aee9b218 284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 285 sizeof(rp));
a38528f1
JH		 286}
287
04124681
GP		 288static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
289 u16 data_len)
e70bb2e8
JH		 290{
291 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 294 __le16 *opcode;
e70bb2e8
JH		 295 size_t rp_size;
296 int i, err;
297
298 BT_DBG("sock %p", sk);
299
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
301
302 rp = kmalloc(rp_size, GFP_KERNEL);
303 if (!rp)
304 return -ENOMEM;
305
dcf4adbf
JP		 306 rp->num_commands = cpu_to_le16(num_commands);
307 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 308
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
311
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
314
aee9b218 315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 316 rp_size);
e70bb2e8
JH		 317 kfree(rp);
318
319 return err;
320}
321
04124681
GP		 322static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
323 u16 data_len)
faba42eb 324{
faba42eb 325 struct mgmt_rp_read_index_list *rp;
8035ded4 326 struct hci_dev *d;
a38528f1 327 size_t rp_len;
faba42eb 328 u16 count;
476e44cb 329 int err;
faba42eb
JH		 330
331 BT_DBG("sock %p", sk);
332
333 read_lock(&hci_dev_list_lock);
334
335 count = 0;
bb4b2a9a 336 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 337 if (d->dev_type == HCI_BREDR)
338 count++;
faba42eb
JH		 339 }
340
a38528f1
JH		 341 rp_len = sizeof(*rp) + (2 * count);
342 rp = kmalloc(rp_len, GFP_ATOMIC);
343 if (!rp) {
b2c60d42 344 read_unlock(&hci_dev_list_lock);
faba42eb 345 return -ENOMEM;
b2c60d42 346 }
faba42eb 347
476e44cb 348 count = 0;
8035ded4 349 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 350 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 351 continue;
352
0736cfa8
MH		 353 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
354 continue;
355
fee746b0
MH		 356 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
357 continue;
358
1514b892
MH		 359 if (d->dev_type == HCI_BREDR) {
360 rp->index[count++] = cpu_to_le16(d->id);
361 BT_DBG("Added hci%u", d->id);
362 }
faba42eb
JH		 363 }
364
476e44cb
JH		 365 rp->num_controllers = cpu_to_le16(count);
366 rp_len = sizeof(*rp) + (2 * count);
367
faba42eb
JH		 368 read_unlock(&hci_dev_list_lock);
369
aee9b218 370 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 371 rp_len);
faba42eb 372
a38528f1
JH		 373 kfree(rp);
374
375 return err;
faba42eb
JH		 376}
377
69ab39ea
JH		 378static u32 get_supported_settings(struct hci_dev *hdev)
379{
380 u32 settings = 0;
381
382 settings |= MGMT_SETTING_POWERED;
69ab39ea 383 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 384 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 385
ed3fa31f 386 if (lmp_bredr_capable(hdev)) {
33c525c0 387 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 388 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
389 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 390 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 391 settings |= MGMT_SETTING_BREDR;
392 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 393
394 if (lmp_ssp_capable(hdev)) {
395 settings |= MGMT_SETTING_SSP;
396 settings |= MGMT_SETTING_HS;
397 }
e98d2ce2 398
5afeac14 399 if (lmp_sc_capable(hdev) ||
111902f7 400 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 401 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 402 }
d7b7e796 403
eeca6f89 404 if (lmp_le_capable(hdev)) {
9d42820f 405 settings |= MGMT_SETTING_LE;
eeca6f89 406 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 407 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 408 }
69ab39ea
JH		 409
410 return settings;
411}
412
413static u32 get_current_settings(struct hci_dev *hdev)
414{
415 u32 settings = 0;
416
f1f0eb02 417 if (hdev_is_powered(hdev))
f0d4b78a
MH		 418 settings |= MGMT_SETTING_POWERED;
419
5e5282bb 420 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 421 settings |= MGMT_SETTING_CONNECTABLE;
422
1a4d3c4b
JH		 423 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
424 settings |= MGMT_SETTING_FAST_CONNECTABLE;
425
5e5282bb 426 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 427 settings |= MGMT_SETTING_DISCOVERABLE;
428
a8b2d5c2 429 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 430 settings |= MGMT_SETTING_PAIRABLE;
431
56f87901 432 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 433 settings |= MGMT_SETTING_BREDR;
434
06199cf8 435 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 436 settings |= MGMT_SETTING_LE;
437
47990ea0 438 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 439 settings |= MGMT_SETTING_LINK_SECURITY;
440
84bde9d6 441 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 442 settings |= MGMT_SETTING_SSP;
443
6d80dfd0
JH		 444 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
445 settings |= MGMT_SETTING_HS;
446
f3d3444a 447 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 448 settings |= MGMT_SETTING_ADVERTISING;
449
e98d2ce2
MH		 450 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
451 settings |= MGMT_SETTING_SECURE_CONN;
452
0663b297 453 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 454 settings |= MGMT_SETTING_DEBUG_KEYS;
455
0f4bd942
JH		 456 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
457 settings |= MGMT_SETTING_PRIVACY;
458
69ab39ea
JH		 459 return settings;
460}
461
ef580372
JH		 462#define PNP_INFO_SVCLASS_ID 0x1200
463
213202ed
JH		 464static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
465{
466 u8 *ptr = data, *uuids_start = NULL;
467 struct bt_uuid *uuid;
468
469 if (len < 4)
470 return ptr;
471
472 list_for_each_entry(uuid, &hdev->uuids, list) {
473 u16 uuid16;
474
475 if (uuid->size != 16)
476 continue;
477
478 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
479 if (uuid16 < 0x1100)
480 continue;
481
482 if (uuid16 == PNP_INFO_SVCLASS_ID)
483 continue;
484
485 if (!uuids_start) {
486 uuids_start = ptr;
487 uuids_start[0] = 1;
488 uuids_start[1] = EIR_UUID16_ALL;
489 ptr += 2;
490 }
491
492 /* Stop if not enough space to put next UUID */
493 if ((ptr - data) + sizeof(u16) > len) {
494 uuids_start[1] = EIR_UUID16_SOME;
495 break;
496 }
497
498 *ptr++ = (uuid16 & 0x00ff);
499 *ptr++ = (uuid16 & 0xff00) >> 8;
500 uuids_start[0] += sizeof(uuid16);
501 }
502
503 return ptr;
504}
505
cdf1963f
JH		 506static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
507{
508 u8 *ptr = data, *uuids_start = NULL;
509 struct bt_uuid *uuid;
510
511 if (len < 6)
512 return ptr;
513
514 list_for_each_entry(uuid, &hdev->uuids, list) {
515 if (uuid->size != 32)
516 continue;
517
518 if (!uuids_start) {
519 uuids_start = ptr;
520 uuids_start[0] = 1;
521 uuids_start[1] = EIR_UUID32_ALL;
522 ptr += 2;
523 }
524
525 /* Stop if not enough space to put next UUID */
526 if ((ptr - data) + sizeof(u32) > len) {
527 uuids_start[1] = EIR_UUID32_SOME;
528 break;
529 }
530
531 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
532 ptr += sizeof(u32);
533 uuids_start[0] += sizeof(u32);
534 }
535
536 return ptr;
537}
538
c00d575b
JH		 539static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
540{
541 u8 *ptr = data, *uuids_start = NULL;
542 struct bt_uuid *uuid;
543
544 if (len < 18)
545 return ptr;
546
547 list_for_each_entry(uuid, &hdev->uuids, list) {
548 if (uuid->size != 128)
549 continue;
550
551 if (!uuids_start) {
552 uuids_start = ptr;
553 uuids_start[0] = 1;
554 uuids_start[1] = EIR_UUID128_ALL;
555 ptr += 2;
556 }
557
558 /* Stop if not enough space to put next UUID */
559 if ((ptr - data) + 16 > len) {
560 uuids_start[1] = EIR_UUID128_SOME;
561 break;
562 }
563
564 memcpy(ptr, uuid->uuid, 16);
565 ptr += 16;
566 uuids_start[0] += 16;
567 }
568
569 return ptr;
570}
571
eb2a8d20
JH		 572static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
573{
574 struct pending_cmd *cmd;
575
576 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
577 if (cmd->opcode == opcode)
578 return cmd;
579 }
580
581 return NULL;
582}
583
95868426
JH		 584static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
585 struct hci_dev *hdev,
586 const void *data)
587{
588 struct pending_cmd *cmd;
589
590 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
591 if (cmd->user_data != data)
592 continue;
593 if (cmd->opcode == opcode)
594 return cmd;
595 }
596
597 return NULL;
598}
599
f14d8f64
MH		 600static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
601{
7a5f4990
MH		 602 u8 ad_len = 0;
603 size_t name_len;
604
605 name_len = strlen(hdev->dev_name);
606 if (name_len > 0) {
607 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
608
609 if (name_len > max_len) {
610 name_len = max_len;
611 ptr[1] = EIR_NAME_SHORT;
612 } else
613 ptr[1] = EIR_NAME_COMPLETE;
614
615 ptr[0] = name_len + 1;
616
617 memcpy(ptr + 2, hdev->dev_name, name_len);
618
619 ad_len += (name_len + 2);
620 ptr += (name_len + 2);
621 }
622
623 return ad_len;
f14d8f64
MH		 624}
625
626static void update_scan_rsp_data(struct hci_request *req)
627{
628 struct hci_dev *hdev = req->hdev;
629 struct hci_cp_le_set_scan_rsp_data cp;
630 u8 len;
631
7751ef1b 632 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 633 return;
634
635 memset(&cp, 0, sizeof(cp));
636
637 len = create_scan_rsp_data(hdev, cp.data);
638
eb438b5f
JH		 639 if (hdev->scan_rsp_data_len == len &&
640 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 641 return;
642
eb438b5f
JH		 643 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
644 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 645
646 cp.length = len;
647
648 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
649}
650
9a43e25f
JH		 651static u8 get_adv_discov_flags(struct hci_dev *hdev)
652{
653 struct pending_cmd *cmd;
654
655 /* If there's a pending mgmt command the flags will not yet have
656 * their final values, so check for this first.
657 */
658 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
659 if (cmd) {
660 struct mgmt_mode *cp = cmd->param;
661 if (cp->val == 0x01)
662 return LE_AD_GENERAL;
663 else if (cp->val == 0x02)
664 return LE_AD_LIMITED;
665 } else {
666 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
667 return LE_AD_LIMITED;
668 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
669 return LE_AD_GENERAL;
670 }
671
672 return 0;
673}
674
46cad2ed 675static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 676{
677 u8 ad_len = 0, flags = 0;
441ad2d0 678
9a43e25f 679 flags |= get_adv_discov_flags(hdev);
441ad2d0 680
e834004b 681 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 682 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 683
684 if (flags) {
685 BT_DBG("adv flags 0x%02x", flags);
686
687 ptr[0] = 2;
688 ptr[1] = EIR_FLAGS;
689 ptr[2] = flags;
690
691 ad_len += 3;
692 ptr += 3;
693 }
694
695 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
696 ptr[0] = 2;
697 ptr[1] = EIR_TX_POWER;
698 ptr[2] = (u8) hdev->adv_tx_power;
699
700 ad_len += 3;
701 ptr += 3;
702 }
703
441ad2d0
MH		 704 return ad_len;
705}
706
5947f4bc 707static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 708{
709 struct hci_dev *hdev = req->hdev;
710 struct hci_cp_le_set_adv_data cp;
711 u8 len;
712
10994ce6 713 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 714 return;
715
716 memset(&cp, 0, sizeof(cp));
717
46cad2ed 718 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 719
720 if (hdev->adv_data_len == len &&
721 memcmp(cp.data, hdev->adv_data, len) == 0)
722 return;
723
724 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
725 hdev->adv_data_len = len;
726
727 cp.length = len;
728
729 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
730}
731
ef580372
JH		 732static void create_eir(struct hci_dev *hdev, u8 *data)
733{
734 u8 *ptr = data;
ef580372
JH		 735 size_t name_len;
736
737 name_len = strlen(hdev->dev_name);
738
739 if (name_len > 0) {
740 /* EIR Data type */
741 if (name_len > 48) {
742 name_len = 48;
743 ptr[1] = EIR_NAME_SHORT;
744 } else
745 ptr[1] = EIR_NAME_COMPLETE;
746
747 /* EIR Data length */
748 ptr[0] = name_len + 1;
749
750 memcpy(ptr + 2, hdev->dev_name, name_len);
751
ef580372
JH		 752 ptr += (name_len + 2);
753 }
754
bbaf444a 755 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 756 ptr[0] = 2;
757 ptr[1] = EIR_TX_POWER;
758 ptr[2] = (u8) hdev->inq_tx_power;
759
91c4e9b1
MH		 760 ptr += 3;
761 }
762
2b9be137
MH		 763 if (hdev->devid_source > 0) {
764 ptr[0] = 9;
765 ptr[1] = EIR_DEVICE_ID;
766
767 put_unaligned_le16(hdev->devid_source, ptr + 2);
768 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
769 put_unaligned_le16(hdev->devid_product, ptr + 6);
770 put_unaligned_le16(hdev->devid_version, ptr + 8);
771
2b9be137
MH		 772 ptr += 10;
773 }
774
213202ed 775 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 776 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 777 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 778}
779
890ea898 780static void update_eir(struct hci_request *req)
ef580372 781{
890ea898 782 struct hci_dev *hdev = req->hdev;
ef580372
JH		 783 struct hci_cp_write_eir cp;
784
504c8dcd 785 if (!hdev_is_powered(hdev))
890ea898 786 return;
7770c4aa 787
976eb20e 788 if (!lmp_ext_inq_capable(hdev))
890ea898 789 return;
ef580372 790
84bde9d6 791 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 792 return;
ef580372 793
a8b2d5c2 794 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 795 return;
ef580372
JH		 796
797 memset(&cp, 0, sizeof(cp));
798
799 create_eir(hdev, cp.data);
800
801 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 802 return;
ef580372
JH		 803
804 memcpy(hdev->eir, cp.data, sizeof(cp.data));
805
890ea898 806 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 807}
808
809static u8 get_service_classes(struct hci_dev *hdev)
810{
811 struct bt_uuid *uuid;
812 u8 val = 0;
813
814 list_for_each_entry(uuid, &hdev->uuids, list)
815 val |= uuid->svc_hint;
816
817 return val;
818}
819
890ea898 820static void update_class(struct hci_request *req)
ef580372 821{
890ea898 822 struct hci_dev *hdev = req->hdev;
ef580372
JH		 823 u8 cod[3];
824
825 BT_DBG("%s", hdev->name);
826
504c8dcd 827 if (!hdev_is_powered(hdev))
890ea898 828 return;
7770c4aa 829
f87ea1da
JH		 830 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
831 return;
832
a8b2d5c2 833 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 834 return;
ef580372
JH		 835
836 cod[0] = hdev->minor_class;
837 cod[1] = hdev->major_class;
838 cod[2] = get_service_classes(hdev);
839
6acd7db4
MH		 840 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
841 cod[1] |= 0x20;
842
ef580372 843 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 844 return;
ef580372 845
890ea898 846 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 847}
848
a4858cb9 849static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 850{
851 struct pending_cmd *cmd;
199a2fb1
JH		 852
853 /* If there's a pending mgmt command the flag will not yet have
854 * it's final value, so check for this first.
855 */
856 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
857 if (cmd) {
858 struct mgmt_mode *cp = cmd->param;
a4858cb9 859 return cp->val;
199a2fb1
JH		 860 }
861
a4858cb9 862 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 863}
864
865static void enable_advertising(struct hci_request *req)
866{
867 struct hci_dev *hdev = req->hdev;
868 struct hci_cp_le_set_adv_param cp;
8f2a0601 869 u8 own_addr_type, enable = 0x01;
a4858cb9 870 bool connectable;
199a2fb1 871
8d97250e
JH		 872 /* Clear the HCI_ADVERTISING bit temporarily so that the
873 * hci_update_random_address knows that it's safe to go ahead
874 * and write a new random address. The flag will be set back on
875 * as soon as the SET_ADV_ENABLE HCI command completes.
876 */
877 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
878
a4858cb9 879 connectable = get_connectable(hdev);
8f2a0601 880
a4858cb9
JH		 881 /* Set require_privacy to true only when non-connectable
882 * advertising is used. In that case it is fine to use a
883 * non-resolvable private address.
884 */
885 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 886 return;
887
41c90c18 888 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 889 cp.min_interval = cpu_to_le16(0x0800);
890 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 891 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 892 cp.own_address_type = own_addr_type;
199a2fb1
JH		 893 cp.channel_map = hdev->le_adv_channel_map;
894
895 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
896
897 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
898}
899
900static void disable_advertising(struct hci_request *req)
901{
902 u8 enable = 0x00;
903
904 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
905}
906
7d78525d
JH		 907static void service_cache_off(struct work_struct *work)
908{
909 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 910 service_cache.work);
890ea898 911 struct hci_request req;
7d78525d 912
a8b2d5c2 913 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 914 return;
915
890ea898
JH		 916 hci_req_init(&req, hdev);
917
7d78525d
JH		 918 hci_dev_lock(hdev);
919
890ea898
JH		 920 update_eir(&req);
921 update_class(&req);
7d78525d
JH		 922
923 hci_dev_unlock(hdev);
890ea898
JH		 924
925 hci_req_run(&req, NULL);
7d78525d
JH		 926}
927
d6bfd59c
JH		 928static void rpa_expired(struct work_struct *work)
929{
930 struct hci_dev *hdev = container_of(work, struct hci_dev,
931 rpa_expired.work);
932 struct hci_request req;
933
934 BT_DBG("");
935
936 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
937
938 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
939 hci_conn_num(hdev, LE_LINK) > 0)
940 return;
941
942 /* The generation of a new RPA and programming it into the
943 * controller happens in the enable_advertising() function.
944 */
945
946 hci_req_init(&req, hdev);
947
948 disable_advertising(&req);
949 enable_advertising(&req);
950
951 hci_req_run(&req, NULL);
952}
953
6a919082 954static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 955{
4f87da80 956 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 957 return;
958
4f87da80 959 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 960 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 961
4f87da80
JH		 962 /* Non-mgmt controlled devices get this bit set
963 * implicitly so that pairing works for them, however
964 * for mgmt we require user-space to explicitly enable
965 * it
966 */
967 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 968}
969
0f4e68cf 970static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 971 void *data, u16 data_len)
0381101f 972{
a38528f1 973 struct mgmt_rp_read_info rp;
f7b64e69 974
bdb6d971 975 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 976
09fd0de5 977 hci_dev_lock(hdev);
f7b64e69 978
dc4fe30b
JH		 979 memset(&rp, 0, sizeof(rp));
980
69ab39ea 981 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 982
69ab39ea 983 rp.version = hdev->hci_ver;
eb55ef07 984 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 985
986 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
987 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 988
a38528f1 989 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 990
dc4fe30b 991 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 992 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 993
09fd0de5 994 hci_dev_unlock(hdev);
0381101f 995
bdb6d971 996 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 997 sizeof(rp));
0381101f
JH		 998}
999
eec8d2bc
JH		 1000static void mgmt_pending_free(struct pending_cmd *cmd)
1001{
1002 sock_put(cmd->sk);
c68fb7ff 1003 kfree(cmd->param);
eec8d2bc
JH		 1004 kfree(cmd);
1005}
1006
366a0336 1007static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1008 struct hci_dev *hdev, void *data,
1009 u16 len)
eec8d2bc
JH		 1010{
1011 struct pending_cmd *cmd;
1012
fca20018 1013 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1014 if (!cmd)
366a0336 1015 return NULL;
eec8d2bc
JH		 1016
1017 cmd->opcode = opcode;
2e58ef3e 1018 cmd->index = hdev->id;
eec8d2bc 1019
12b94565 1020 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 1021 if (!cmd->param) {
eec8d2bc 1022 kfree(cmd);
366a0336 1023 return NULL;
eec8d2bc
JH		 1024 }
1025
8fce6357
SJ		 1026 if (data)
1027 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1028
1029 cmd->sk = sk;
1030 sock_hold(sk);
1031
2e58ef3e 1032 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1033
366a0336 1034 return cmd;
eec8d2bc
JH		 1035}
1036
744cf19e 1037static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1038 void (*cb)(struct pending_cmd *cmd,
1039 void *data),
04124681 1040 void *data)
eec8d2bc 1041{
a3d09356 1042 struct pending_cmd *cmd, *tmp;
eec8d2bc 1043
a3d09356 1044 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1045 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1046 continue;
1047
eec8d2bc
JH		 1048 cb(cmd, data);
1049 }
1050}
1051
a664b5bc 1052static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1053{
73f22f62
JH		 1054 list_del(&cmd->list);
1055 mgmt_pending_free(cmd);
1056}
1057
69ab39ea 1058static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1059{
69ab39ea 1060 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1061
aee9b218 1062 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1063 sizeof(settings));
8680570b
JH		 1064}
1065
8b064a3a
JH		 1066static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1067{
1068 BT_DBG("%s status 0x%02x", hdev->name, status);
1069
a3172b7e
JH		 1070 if (hci_conn_count(hdev) == 0) {
1071 cancel_delayed_work(&hdev->power_off);
8b064a3a 1072 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1073 }
8b064a3a
JH		 1074}
1075
21a60d30
JH		 1076static void hci_stop_discovery(struct hci_request *req)
1077{
1078 struct hci_dev *hdev = req->hdev;
1079 struct hci_cp_remote_name_req_cancel cp;
1080 struct inquiry_entry *e;
1081
1082 switch (hdev->discovery.state) {
1083 case DISCOVERY_FINDING:
1084 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1085 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1086 } else {
1087 cancel_delayed_work(&hdev->le_scan_disable);
1088 hci_req_add_le_scan_disable(req);
1089 }
1090
1091 break;
1092
1093 case DISCOVERY_RESOLVING:
1094 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1095 NAME_PENDING);
1096 if (!e)
1097 return;
1098
1099 bacpy(&cp.bdaddr, &e->data.bdaddr);
1100 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1101 &cp);
1102
1103 break;
1104
1105 default:
1106 /* Passive scanning */
1107 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1108 hci_req_add_le_scan_disable(req);
1109 break;
1110 }
1111}
1112
8b064a3a
JH		 1113static int clean_up_hci_state(struct hci_dev *hdev)
1114{
1115 struct hci_request req;
1116 struct hci_conn *conn;
1117
1118 hci_req_init(&req, hdev);
1119
1120 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1121 test_bit(HCI_PSCAN, &hdev->flags)) {
1122 u8 scan = 0x00;
1123 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1124 }
1125
1126 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1127 disable_advertising(&req);
1128
f8680f12 1129 hci_stop_discovery(&req);
8b064a3a
JH		 1130
1131 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1132 struct hci_cp_disconnect dc;
c9910d0f
JH		 1133 struct hci_cp_reject_conn_req rej;
1134
1135 switch (conn->state) {
1136 case BT_CONNECTED:
1137 case BT_CONFIG:
1138 dc.handle = cpu_to_le16(conn->handle);
1139 dc.reason = 0x15; /* Terminated due to Power Off */
1140 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1141 break;
1142 case BT_CONNECT:
1143 if (conn->type == LE_LINK)
1144 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1145 0, NULL);
1146 else if (conn->type == ACL_LINK)
1147 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1148 6, &conn->dst);
1149 break;
1150 case BT_CONNECT2:
1151 bacpy(&rej.bdaddr, &conn->dst);
1152 rej.reason = 0x15; /* Terminated due to Power Off */
1153 if (conn->type == ACL_LINK)
1154 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1155 sizeof(rej), &rej);
1156 else if (conn->type == SCO_LINK)
1157 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1158 sizeof(rej), &rej);
1159 break;
1160 }
8b064a3a
JH		 1161 }
1162
1163 return hci_req_run(&req, clean_up_hci_complete);
1164}
1165
bdb6d971 1166static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1167 u16 len)
eec8d2bc 1168{
650f726d 1169 struct mgmt_mode *cp = data;
366a0336 1170 struct pending_cmd *cmd;
4b34ee78 1171 int err;
eec8d2bc 1172
bdb6d971 1173 BT_DBG("request for %s", hdev->name);
eec8d2bc 1174
a7e80f25
JH		 1175 if (cp->val != 0x00 && cp->val != 0x01)
1176 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1177 MGMT_STATUS_INVALID_PARAMS);
1178
09fd0de5 1179 hci_dev_lock(hdev);
eec8d2bc 1180
87b95ba6
JH		 1181 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1182 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1183 MGMT_STATUS_BUSY);
1184 goto failed;
1185 }
1186
f0d4b78a
MH		 1187 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1188 cancel_delayed_work(&hdev->power_off);
1189
1190 if (cp->val) {
a1d70450
JH		 1191 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1192 data, len);
1193 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1194 goto failed;
1195 }
1196 }
1197
4b34ee78 1198 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1199 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1200 goto failed;
1201 }
1202
2e58ef3e 1203 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1204 if (!cmd) {
1205 err = -ENOMEM;
eec8d2bc 1206 goto failed;
366a0336 1207 }
eec8d2bc 1208
8b064a3a 1209 if (cp->val) {
19202573 1210 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1211 err = 0;
1212 } else {
1213 /* Disconnect connections, stop scans, etc */
1214 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1215 if (!err)
1216 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1217 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1218
8b064a3a
JH		 1219 /* ENODATA means there were no HCI commands queued */
1220 if (err == -ENODATA) {
a3172b7e 1221 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1222 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1223 err = 0;
1224 }
1225 }
eec8d2bc
JH		 1226
1227failed:
09fd0de5 1228 hci_dev_unlock(hdev);
366a0336 1229 return err;
eec8d2bc
JH		 1230}
1231
04124681
GP		 1232static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1233 struct sock *skip_sk)
beadb2bd
JH		 1234{
1235 struct sk_buff *skb;
1236 struct mgmt_hdr *hdr;
1237
790eff44 1238 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1239 if (!skb)
1240 return -ENOMEM;
1241
1242 hdr = (void *) skb_put(skb, sizeof(*hdr));
1243 hdr->opcode = cpu_to_le16(event);
1244 if (hdev)
1245 hdr->index = cpu_to_le16(hdev->id);
1246 else
dcf4adbf 1247 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1248 hdr->len = cpu_to_le16(data_len);
1249
1250 if (data)
1251 memcpy(skb_put(skb, data_len), data, data_len);
1252
97e0bdeb
MH		 1253 /* Time stamp */
1254 __net_timestamp(skb);
1255
beadb2bd
JH		 1256 hci_send_to_control(skb, skip_sk);
1257 kfree_skb(skb);
1258
1259 return 0;
1260}
1261
1262static int new_settings(struct hci_dev *hdev, struct sock *skip)
1263{
1264 __le32 ev;
1265
1266 ev = cpu_to_le32(get_current_settings(hdev));
1267
1268 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1269}
1270
bd99abdd
JH		 1271struct cmd_lookup {
1272 struct sock *sk;
1273 struct hci_dev *hdev;
1274 u8 mgmt_status;
1275};
1276
1277static void settings_rsp(struct pending_cmd *cmd, void *data)
1278{
1279 struct cmd_lookup *match = data;
1280
1281 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1282
1283 list_del(&cmd->list);
1284
1285 if (match->sk == NULL) {
1286 match->sk = cmd->sk;
1287 sock_hold(match->sk);
1288 }
1289
1290 mgmt_pending_free(cmd);
1291}
1292
1293static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1294{
1295 u8 *status = data;
1296
1297 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1298 mgmt_pending_remove(cmd);
1299}
1300
e6fe7986
JH		 1301static u8 mgmt_bredr_support(struct hci_dev *hdev)
1302{
1303 if (!lmp_bredr_capable(hdev))
1304 return MGMT_STATUS_NOT_SUPPORTED;
1305 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1306 return MGMT_STATUS_REJECTED;
1307 else
1308 return MGMT_STATUS_SUCCESS;
1309}
1310
1311static u8 mgmt_le_support(struct hci_dev *hdev)
1312{
1313 if (!lmp_le_capable(hdev))
1314 return MGMT_STATUS_NOT_SUPPORTED;
1315 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1316 return MGMT_STATUS_REJECTED;
1317 else
1318 return MGMT_STATUS_SUCCESS;
1319}
1320
bfaf8c9f
JH		 1321static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1322{
1323 struct pending_cmd *cmd;
1324 struct mgmt_mode *cp;
970ba524 1325 struct hci_request req;
bfaf8c9f
JH		 1326 bool changed;
1327
1328 BT_DBG("status 0x%02x", status);
1329
1330 hci_dev_lock(hdev);
1331
1332 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1333 if (!cmd)
1334 goto unlock;
1335
1336 if (status) {
1337 u8 mgmt_err = mgmt_status(status);
1338 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1339 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1340 goto remove_cmd;
1341 }
1342
1343 cp = cmd->param;
d4462a07 1344 if (cp->val) {
bfaf8c9f
JH		 1345 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1346 &hdev->dev_flags);
d4462a07
MH		 1347
1348 if (hdev->discov_timeout > 0) {
1349 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1350 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1351 to);
1352 }
1353 } else {
bfaf8c9f
JH		 1354 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1355 &hdev->dev_flags);
d4462a07 1356 }
bfaf8c9f
JH		 1357
1358 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1359
1360 if (changed)
1361 new_settings(hdev, cmd->sk);
1362
970ba524
MH		 1363 /* When the discoverable mode gets changed, make sure
1364 * that class of device has the limited discoverable
1365 * bit correctly set.
1366 */
1367 hci_req_init(&req, hdev);
1368 update_class(&req);
1369 hci_req_run(&req, NULL);
1370
bfaf8c9f
JH		 1371remove_cmd:
1372 mgmt_pending_remove(cmd);
1373
1374unlock:
1375 hci_dev_unlock(hdev);
1376}
1377
bdb6d971 1378static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1379 u16 len)
73f22f62 1380{
650f726d 1381 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1382 struct pending_cmd *cmd;
bfaf8c9f 1383 struct hci_request req;
5e5282bb 1384 u16 timeout;
9a43e25f 1385 u8 scan;
73f22f62
JH		 1386 int err;
1387
bdb6d971 1388 BT_DBG("request for %s", hdev->name);
73f22f62 1389
9a43e25f
JH		 1390 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1391 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1392 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1393 MGMT_STATUS_REJECTED);
33c525c0 1394
310a3d48 1395 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1396 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1397 MGMT_STATUS_INVALID_PARAMS);
1398
1f350c87 1399 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1400
1401 /* Disabling discoverable requires that no timeout is set,
1402 * and enabling limited discoverable requires a timeout.
1403 */
1404 if ((cp->val == 0x00 && timeout > 0) ||
1405 (cp->val == 0x02 && timeout == 0))
bdb6d971 1406 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1407 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1408
09fd0de5 1409 hci_dev_lock(hdev);
73f22f62 1410
5e5282bb 1411 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1412 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1413 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1414 goto failed;
1415 }
1416
2e58ef3e 1417 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1418 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1419 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1420 MGMT_STATUS_BUSY);
73f22f62
JH		 1421 goto failed;
1422 }
1423
5e5282bb 1424 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1425 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1426 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1427 goto failed;
1428 }
1429
1430 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1431 bool changed = false;
1432
310a3d48
MH		 1433 /* Setting limited discoverable when powered off is
1434 * not a valid operation since it requires a timeout
1435 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1436 */
0224d2fa
JH		 1437 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1438 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1439 changed = true;
1440 }
1441
5e5282bb 1442 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1443 if (err < 0)
1444 goto failed;
1445
1446 if (changed)
1447 err = new_settings(hdev, sk);
1448
5e5282bb
JH		 1449 goto failed;
1450 }
1451
310a3d48
MH		 1452 /* If the current mode is the same, then just update the timeout
1453 * value with the new value. And if only the timeout gets updated,
1454 * then no need for any HCI transactions.
1455 */
1456 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1457 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1458 &hdev->dev_flags)) {
36261547
MH		 1459 cancel_delayed_work(&hdev->discov_off);
1460 hdev->discov_timeout = timeout;
955638ec 1461
36261547
MH		 1462 if (cp->val && hdev->discov_timeout > 0) {
1463 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1464 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1465 to);
955638ec
MH		 1466 }
1467
69ab39ea 1468 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1469 goto failed;
1470 }
1471
2e58ef3e 1472 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1473 if (!cmd) {
1474 err = -ENOMEM;
73f22f62 1475 goto failed;
366a0336 1476 }
73f22f62 1477
310a3d48
MH		 1478 /* Cancel any potential discoverable timeout that might be
1479 * still active and store new timeout value. The arming of
1480 * the timeout happens in the complete handler.
1481 */
1482 cancel_delayed_work(&hdev->discov_off);
1483 hdev->discov_timeout = timeout;
1484
b456f87c
JH		 1485 /* Limited discoverable mode */
1486 if (cp->val == 0x02)
1487 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1488 else
1489 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1490
bfaf8c9f
JH		 1491 hci_req_init(&req, hdev);
1492
9a43e25f
JH		 1493 /* The procedure for LE-only controllers is much simpler - just
1494 * update the advertising data.
1495 */
1496 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1497 goto update_ad;
1498
73f22f62
JH		 1499 scan = SCAN_PAGE;
1500
310a3d48
MH		 1501 if (cp->val) {
1502 struct hci_cp_write_current_iac_lap hci_cp;
1503
1504 if (cp->val == 0x02) {
1505 /* Limited discoverable mode */
33337dcb 1506 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1507 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1508 hci_cp.iac_lap[1] = 0x8b;
1509 hci_cp.iac_lap[2] = 0x9e;
1510 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1511 hci_cp.iac_lap[4] = 0x8b;
1512 hci_cp.iac_lap[5] = 0x9e;
1513 } else {
1514 /* General discoverable mode */
310a3d48
MH		 1515 hci_cp.num_iac = 1;
1516 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1517 hci_cp.iac_lap[1] = 0x8b;
1518 hci_cp.iac_lap[2] = 0x9e;
1519 }
1520
1521 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1522 (hci_cp.num_iac * 3) + 1, &hci_cp);
1523
73f22f62 1524 scan |= SCAN_INQUIRY;
310a3d48
MH		 1525 } else {
1526 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1527 }
73f22f62 1528
310a3d48 1529 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1530
9a43e25f
JH		 1531update_ad:
1532 update_adv_data(&req);
1533
bfaf8c9f 1534 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1535 if (err < 0)
a664b5bc 1536 mgmt_pending_remove(cmd);
73f22f62
JH		 1537
1538failed:
09fd0de5 1539 hci_dev_unlock(hdev);
73f22f62
JH		 1540 return err;
1541}
1542
406d7804
JH		 1543static void write_fast_connectable(struct hci_request *req, bool enable)
1544{
bd98b996 1545 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1546 struct hci_cp_write_page_scan_activity acp;
1547 u8 type;
1548
547003b1
JH		 1549 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1550 return;
1551
4c01f8b8
JH		 1552 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1553 return;
1554
406d7804
JH		 1555 if (enable) {
1556 type = PAGE_SCAN_TYPE_INTERLACED;
1557
1558 /* 160 msec page scan interval */
dcf4adbf 1559 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1560 } else {
1561 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1562
1563 /* default 1.28 sec page scan */
dcf4adbf 1564 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1565 }
1566
dcf4adbf 1567 acp.window = cpu_to_le16(0x0012);
406d7804 1568
bd98b996
JH		 1569 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1570 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1571 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1572 sizeof(acp), &acp);
1573
1574 if (hdev->page_scan_type != type)
1575 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1576}
1577
2b76f453
JH		 1578static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1579{
1580 struct pending_cmd *cmd;
d7b856f9
JH		 1581 struct mgmt_mode *cp;
1582 bool changed;
2b76f453
JH		 1583
1584 BT_DBG("status 0x%02x", status);
1585
1586 hci_dev_lock(hdev);
1587
1588 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1589 if (!cmd)
1590 goto unlock;
1591
37438c1f
JH		 1592 if (status) {
1593 u8 mgmt_err = mgmt_status(status);
1594 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1595 goto remove_cmd;
1596 }
1597
d7b856f9
JH		 1598 cp = cmd->param;
1599 if (cp->val)
1600 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1601 else
1602 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1603
2b76f453
JH		 1604 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1605
d7b856f9
JH		 1606 if (changed)
1607 new_settings(hdev, cmd->sk);
1608
37438c1f 1609remove_cmd:
2b76f453
JH		 1610 mgmt_pending_remove(cmd);
1611
1612unlock:
1613 hci_dev_unlock(hdev);
1614}
1615
e8ba3a1f
JH		 1616static int set_connectable_update_settings(struct hci_dev *hdev,
1617 struct sock *sk, u8 val)
1618{
1619 bool changed = false;
1620 int err;
1621
1622 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1623 changed = true;
1624
1625 if (val) {
1626 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1627 } else {
1628 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1629 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1630 }
1631
1632 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1633 if (err < 0)
1634 return err;
1635
1636 if (changed)
1637 return new_settings(hdev, sk);
1638
1639 return 0;
1640}
1641
bdb6d971 1642static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1643 u16 len)
9fbcbb45 1644{
650f726d 1645 struct mgmt_mode *cp = data;
366a0336 1646 struct pending_cmd *cmd;
2b76f453 1647 struct hci_request req;
1987fdc7 1648 u8 scan;
9fbcbb45
JH		 1649 int err;
1650
bdb6d971 1651 BT_DBG("request for %s", hdev->name);
9fbcbb45 1652
1987fdc7
JH		 1653 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1654 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1655 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1656 MGMT_STATUS_REJECTED);
33c525c0 1657
a7e80f25
JH		 1658 if (cp->val != 0x00 && cp->val != 0x01)
1659 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1660 MGMT_STATUS_INVALID_PARAMS);
1661
09fd0de5 1662 hci_dev_lock(hdev);
9fbcbb45 1663
4b34ee78 1664 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1665 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1666 goto failed;
1667 }
1668
2e58ef3e 1669 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1670 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1671 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1672 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1673 goto failed;
1674 }
1675
2e58ef3e 1676 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1677 if (!cmd) {
1678 err = -ENOMEM;
9fbcbb45 1679 goto failed;
366a0336 1680 }
9fbcbb45 1681
9b74246f 1682 hci_req_init(&req, hdev);
9fbcbb45 1683
9a43e25f
JH		 1684 /* If BR/EDR is not enabled and we disable advertising as a
1685 * by-product of disabling connectable, we need to update the
1686 * advertising flags.
1687 */
1688 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1689 if (!cp->val) {
1690 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1691 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1692 }
1693 update_adv_data(&req);
1694 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1695 if (cp->val) {
1696 scan = SCAN_PAGE;
1697 } else {
1698 scan = 0;
1699
1700 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1701 hdev->discov_timeout > 0)
9b74246f
JH		 1702 cancel_delayed_work(&hdev->discov_off);
1703 }
2b76f453 1704
9b74246f
JH		 1705 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1706 }
2b76f453 1707
4c01f8b8
JH		 1708 /* If we're going from non-connectable to connectable or
1709 * vice-versa when fast connectable is enabled ensure that fast
1710 * connectable gets disabled. write_fast_connectable won't do
1711 * anything if the page scan parameters are already what they
1712 * should be.
1713 */
1714 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1715 write_fast_connectable(&req, false);
1716
1987fdc7
JH		 1717 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1718 hci_conn_num(hdev, LE_LINK) == 0) {
1719 disable_advertising(&req);
1720 enable_advertising(&req);
1721 }
1722
2b76f453 1723 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1724 if (err < 0) {
a664b5bc 1725 mgmt_pending_remove(cmd);
9b74246f 1726 if (err == -ENODATA)
a81070ba
JH		 1727 err = set_connectable_update_settings(hdev, sk,
1728 cp->val);
9b74246f
JH		 1729 goto failed;
1730 }
9fbcbb45
JH		 1731
1732failed:
09fd0de5 1733 hci_dev_unlock(hdev);
9fbcbb45
JH		 1734 return err;
1735}
1736
bdb6d971 1737static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1738 u16 len)
c542a06c 1739{
650f726d 1740 struct mgmt_mode *cp = data;
55594356 1741 bool changed;
c542a06c
JH		 1742 int err;
1743
bdb6d971 1744 BT_DBG("request for %s", hdev->name);
c542a06c 1745
a7e80f25
JH		 1746 if (cp->val != 0x00 && cp->val != 0x01)
1747 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1748 MGMT_STATUS_INVALID_PARAMS);
1749
09fd0de5 1750 hci_dev_lock(hdev);
c542a06c
JH		 1751
1752 if (cp->val)
55594356 1753 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1754 else
55594356 1755 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1756
69ab39ea 1757 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1758 if (err < 0)
55594356 1759 goto unlock;
c542a06c 1760
55594356
MH		 1761 if (changed)
1762 err = new_settings(hdev, sk);
c542a06c 1763
55594356 1764unlock:
09fd0de5 1765 hci_dev_unlock(hdev);
c542a06c
JH		 1766 return err;
1767}
1768
04124681
GP		 1769static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1770 u16 len)
33ef95ed
JH		 1771{
1772 struct mgmt_mode *cp = data;
1773 struct pending_cmd *cmd;
e6fe7986 1774 u8 val, status;
33ef95ed
JH		 1775 int err;
1776
bdb6d971 1777 BT_DBG("request for %s", hdev->name);
33ef95ed 1778
e6fe7986
JH		 1779 status = mgmt_bredr_support(hdev);
1780 if (status)
33c525c0 1781 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1782 status);
33c525c0 1783
a7e80f25
JH		 1784 if (cp->val != 0x00 && cp->val != 0x01)
1785 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1786 MGMT_STATUS_INVALID_PARAMS);
1787
33ef95ed
JH		 1788 hci_dev_lock(hdev);
1789
4b34ee78 1790 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1791 bool changed = false;
1792
1793 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1794 &hdev->dev_flags)) {
47990ea0
JH		 1795 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1796 changed = true;
1797 }
1798
1799 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1800 if (err < 0)
1801 goto failed;
1802
1803 if (changed)
1804 err = new_settings(hdev, sk);
1805
33ef95ed
JH		 1806 goto failed;
1807 }
1808
1809 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1810 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1811 MGMT_STATUS_BUSY);
33ef95ed
JH		 1812 goto failed;
1813 }
1814
1815 val = !!cp->val;
1816
1817 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1818 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1819 goto failed;
1820 }
1821
1822 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1823 if (!cmd) {
1824 err = -ENOMEM;
1825 goto failed;
1826 }
1827
1828 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1829 if (err < 0) {
1830 mgmt_pending_remove(cmd);
1831 goto failed;
1832 }
1833
1834failed:
1835 hci_dev_unlock(hdev);
33ef95ed
JH		 1836 return err;
1837}
1838
bdb6d971 1839static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1840{
1841 struct mgmt_mode *cp = data;
1842 struct pending_cmd *cmd;
72ef0c1a 1843 u8 status;
ed2c4ee3
JH		 1844 int err;
1845
bdb6d971 1846 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1847
cdba5281
MH		 1848 status = mgmt_bredr_support(hdev);
1849 if (status)
1850 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1851
13ecd8b6
JH		 1852 if (!lmp_ssp_capable(hdev))
1853 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1854 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1855
a7e80f25
JH		 1856 if (cp->val != 0x00 && cp->val != 0x01)
1857 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1858 MGMT_STATUS_INVALID_PARAMS);
1859
13ecd8b6 1860 hci_dev_lock(hdev);
6c8f12c1 1861
4b34ee78 1862 if (!hdev_is_powered(hdev)) {
9ecb3e24 1863 bool changed;
c0ecddc2 1864
9ecb3e24
MH		 1865 if (cp->val) {
1866 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1867 &hdev->dev_flags);
1868 } else {
1869 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1870 &hdev->dev_flags);
1871 if (!changed)
1872 changed = test_and_clear_bit(HCI_HS_ENABLED,
1873 &hdev->dev_flags);
1874 else
1875 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1876 }
1877
1878 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1879 if (err < 0)
1880 goto failed;
1881
1882 if (changed)
1883 err = new_settings(hdev, sk);
1884
ed2c4ee3
JH		 1885 goto failed;
1886 }
1887
9ecb3e24
MH		 1888 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1889 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1890 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1891 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1892 goto failed;
1893 }
1894
72ef0c1a 1895 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1896 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1897 goto failed;
1898 }
1899
1900 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1901 if (!cmd) {
1902 err = -ENOMEM;
1903 goto failed;
1904 }
1905
3769972b
JH		 1906 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
1907 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1908 sizeof(cp->val), &cp->val);
1909
72ef0c1a 1910 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1911 if (err < 0) {
1912 mgmt_pending_remove(cmd);
1913 goto failed;
1914 }
1915
1916failed:
1917 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1918 return err;
1919}
1920
bdb6d971 1921static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1922{
1923 struct mgmt_mode *cp = data;
ee392693 1924 bool changed;
e6fe7986 1925 u8 status;
ee392693 1926 int err;
6d80dfd0 1927
bdb6d971 1928 BT_DBG("request for %s", hdev->name);
6d80dfd0 1929
e6fe7986
JH		 1930 status = mgmt_bredr_support(hdev);
1931 if (status)
1932 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1933
9ecb3e24
MH		 1934 if (!lmp_ssp_capable(hdev))
1935 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1936 MGMT_STATUS_NOT_SUPPORTED);
1937
1938 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1939 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1940 MGMT_STATUS_REJECTED);
1941
a7e80f25
JH		 1942 if (cp->val != 0x00 && cp->val != 0x01)
1943 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1944 MGMT_STATUS_INVALID_PARAMS);
1945
ee392693
MH		 1946 hci_dev_lock(hdev);
1947
a0cdf960 1948 if (cp->val) {
ee392693 1949 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1950 } else {
1951 if (hdev_is_powered(hdev)) {
1952 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1953 MGMT_STATUS_REJECTED);
1954 goto unlock;
1955 }
1956
ee392693 1957 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1958 }
ee392693
MH		 1959
1960 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1961 if (err < 0)
1962 goto unlock;
1963
1964 if (changed)
1965 err = new_settings(hdev, sk);
6d80dfd0 1966
ee392693
MH		 1967unlock:
1968 hci_dev_unlock(hdev);
1969 return err;
6d80dfd0
JH		 1970}
1971
416a4ae5
JH		 1972static void le_enable_complete(struct hci_dev *hdev, u8 status)
1973{
1974 struct cmd_lookup match = { NULL, hdev };
1975
1976 if (status) {
1977 u8 mgmt_err = mgmt_status(status);
1978
1979 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1980 &mgmt_err);
1981 return;
1982 }
1983
1984 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1985
1986 new_settings(hdev, match.sk);
1987
1988 if (match.sk)
1989 sock_put(match.sk);
441ad2d0
MH		 1990
1991 /* Make sure the controller has a good default for
1992 * advertising data. Restrict the update to when LE
1993 * has actually been enabled. During power on, the
1994 * update in powered_update_hci will take care of it.
1995 */
1996 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1997 struct hci_request req;
1998
1999 hci_dev_lock(hdev);
2000
2001 hci_req_init(&req, hdev);
5947f4bc 2002 update_adv_data(&req);
f14d8f64 2003 update_scan_rsp_data(&req);
441ad2d0
MH		 2004 hci_req_run(&req, NULL);
2005
2006 hci_dev_unlock(hdev);
2007 }
416a4ae5
JH		 2008}
2009
bdb6d971 2010static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2011{
2012 struct mgmt_mode *cp = data;
2013 struct hci_cp_write_le_host_supported hci_cp;
2014 struct pending_cmd *cmd;
416a4ae5 2015 struct hci_request req;
06199cf8 2016 int err;
0b60eba1 2017 u8 val, enabled;
06199cf8 2018
bdb6d971 2019 BT_DBG("request for %s", hdev->name);
06199cf8 2020
13ecd8b6
JH		 2021 if (!lmp_le_capable(hdev))
2022 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2023 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2024
a7e80f25
JH		 2025 if (cp->val != 0x00 && cp->val != 0x01)
2026 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2027 MGMT_STATUS_INVALID_PARAMS);
2028
c73eee91 2029 /* LE-only devices do not allow toggling LE on/off */
56f87901 2030 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2031 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2032 MGMT_STATUS_REJECTED);
2033
13ecd8b6 2034 hci_dev_lock(hdev);
06199cf8
JH		 2035
2036 val = !!cp->val;
ffa88e02 2037 enabled = lmp_host_le_capable(hdev);
06199cf8 2038
0b60eba1 2039 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2040 bool changed = false;
2041
2042 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2043 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2044 changed = true;
2045 }
2046
f3d3444a
JH		 2047 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2048 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2049 changed = true;
2050 }
2051
06199cf8
JH		 2052 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2053 if (err < 0)
1de028ce 2054 goto unlock;
06199cf8
JH		 2055
2056 if (changed)
2057 err = new_settings(hdev, sk);
2058
1de028ce 2059 goto unlock;
06199cf8
JH		 2060 }
2061
4375f103
JH		 2062 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2063 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2064 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2065 MGMT_STATUS_BUSY);
1de028ce 2066 goto unlock;
06199cf8
JH		 2067 }
2068
2069 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2070 if (!cmd) {
2071 err = -ENOMEM;
1de028ce 2072 goto unlock;
06199cf8
JH		 2073 }
2074
441ad2d0
MH		 2075 hci_req_init(&req, hdev);
2076
06199cf8
JH		 2077 memset(&hci_cp, 0, sizeof(hci_cp));
2078
2079 if (val) {
2080 hci_cp.le = val;
ffa88e02 2081 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2082 } else {
2083 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2084 disable_advertising(&req);
06199cf8
JH		 2085 }
2086
416a4ae5
JH		 2087 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2088 &hci_cp);
2089
2090 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2091 if (err < 0)
06199cf8 2092 mgmt_pending_remove(cmd);
06199cf8 2093
1de028ce
JH		 2094unlock:
2095 hci_dev_unlock(hdev);
06199cf8
JH		 2096 return err;
2097}
2098
0cab9c80
JH		 2099/* This is a helper function to test for pending mgmt commands that can
2100 * cause CoD or EIR HCI commands. We can only allow one such pending
2101 * mgmt command at a time since otherwise we cannot easily track what
2102 * the current values are, will be, and based on that calculate if a new
2103 * HCI command needs to be sent and if yes with what value.
2104 */
2105static bool pending_eir_or_class(struct hci_dev *hdev)
2106{
2107 struct pending_cmd *cmd;
2108
2109 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2110 switch (cmd->opcode) {
2111 case MGMT_OP_ADD_UUID:
2112 case MGMT_OP_REMOVE_UUID:
2113 case MGMT_OP_SET_DEV_CLASS:
2114 case MGMT_OP_SET_POWERED:
2115 return true;
2116 }
2117 }
2118
2119 return false;
2120}
2121
83be8eca
JH		 2122static const u8 bluetooth_base_uuid[] = {
2123 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2124 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2125};
2126
2127static u8 get_uuid_size(const u8 *uuid)
2128{
2129 u32 val;
2130
2131 if (memcmp(uuid, bluetooth_base_uuid, 12))
2132 return 128;
2133
2134 val = get_unaligned_le32(&uuid[12]);
2135 if (val > 0xffff)
2136 return 32;
2137
2138 return 16;
2139}
2140
92da6097
JH		 2141static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2142{
2143 struct pending_cmd *cmd;
2144
2145 hci_dev_lock(hdev);
2146
2147 cmd = mgmt_pending_find(mgmt_op, hdev);
2148 if (!cmd)
2149 goto unlock;
2150
2151 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2152 hdev->dev_class, 3);
2153
2154 mgmt_pending_remove(cmd);
2155
2156unlock:
2157 hci_dev_unlock(hdev);
2158}
2159
2160static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2161{
2162 BT_DBG("status 0x%02x", status);
2163
2164 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2165}
2166
bdb6d971 2167static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2168{
650f726d 2169 struct mgmt_cp_add_uuid *cp = data;
90e70454 2170 struct pending_cmd *cmd;
890ea898 2171 struct hci_request req;
2aeb9a1a 2172 struct bt_uuid *uuid;
2aeb9a1a
JH		 2173 int err;
2174
bdb6d971 2175 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2176
09fd0de5 2177 hci_dev_lock(hdev);
2aeb9a1a 2178
0cab9c80 2179 if (pending_eir_or_class(hdev)) {
bdb6d971 2180 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2181 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2182 goto failed;
2183 }
2184
92c4c204 2185 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2186 if (!uuid) {
2187 err = -ENOMEM;
2188 goto failed;
2189 }
2190
2191 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2192 uuid->svc_hint = cp->svc_hint;
83be8eca 2193 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2194
de66aa63 2195 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2196
890ea898 2197 hci_req_init(&req, hdev);
1aff6f09 2198
890ea898
JH		 2199 update_class(&req);
2200 update_eir(&req);
2201
92da6097
JH		 2202 err = hci_req_run(&req, add_uuid_complete);
2203 if (err < 0) {
2204 if (err != -ENODATA)
2205 goto failed;
80a1e1db 2206
bdb6d971 2207 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2208 hdev->dev_class, 3);
90e70454
JH		 2209 goto failed;
2210 }
2211
2212 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2213 if (!cmd) {
90e70454 2214 err = -ENOMEM;
890ea898
JH		 2215 goto failed;
2216 }
2217
2218 err = 0;
2aeb9a1a
JH		 2219
2220failed:
09fd0de5 2221 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2222 return err;
2223}
2224
24b78d0f
JH		 2225static bool enable_service_cache(struct hci_dev *hdev)
2226{
2227 if (!hdev_is_powered(hdev))
2228 return false;
2229
2230 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2231 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2232 CACHE_TIMEOUT);
24b78d0f
JH		 2233 return true;
2234 }
2235
2236 return false;
2237}
2238
92da6097
JH		 2239static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2240{
2241 BT_DBG("status 0x%02x", status);
2242
2243 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2244}
2245
bdb6d971 2246static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2247 u16 len)
2aeb9a1a 2248{
650f726d 2249 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2250 struct pending_cmd *cmd;
056341c8 2251 struct bt_uuid *match, *tmp;
2aeb9a1a 2252 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2253 struct hci_request req;
2aeb9a1a
JH		 2254 int err, found;
2255
bdb6d971 2256 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2257
09fd0de5 2258 hci_dev_lock(hdev);
2aeb9a1a 2259
0cab9c80 2260 if (pending_eir_or_class(hdev)) {
bdb6d971 2261 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2262 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2263 goto unlock;
2264 }
2265
2aeb9a1a 2266 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2267 hci_uuids_clear(hdev);
4004b6d9 2268
24b78d0f 2269 if (enable_service_cache(hdev)) {
bdb6d971 2270 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2271 0, hdev->dev_class, 3);
24b78d0f
JH		 2272 goto unlock;
2273 }
4004b6d9 2274
9246a869 2275 goto update_class;
2aeb9a1a
JH		 2276 }
2277
2278 found = 0;
2279
056341c8 2280 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2281 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2282 continue;
2283
2284 list_del(&match->list);
482049f7 2285 kfree(match);
2aeb9a1a
JH		 2286 found++;
2287 }
2288
2289 if (found == 0) {
bdb6d971 2290 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2291 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2292 goto unlock;
2293 }
2294
9246a869 2295update_class:
890ea898 2296 hci_req_init(&req, hdev);
1aff6f09 2297
890ea898
JH		 2298 update_class(&req);
2299 update_eir(&req);
2300
92da6097
JH		 2301 err = hci_req_run(&req, remove_uuid_complete);
2302 if (err < 0) {
2303 if (err != -ENODATA)
2304 goto unlock;
80a1e1db 2305
bdb6d971 2306 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2307 hdev->dev_class, 3);
90e70454
JH		 2308 goto unlock;
2309 }
2310
2311 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2312 if (!cmd) {
90e70454 2313 err = -ENOMEM;
890ea898
JH		 2314 goto unlock;
2315 }
2316
2317 err = 0;
2aeb9a1a
JH		 2318
2319unlock:
09fd0de5 2320 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2321 return err;
2322}
2323
92da6097
JH		 2324static void set_class_complete(struct hci_dev *hdev, u8 status)
2325{
2326 BT_DBG("status 0x%02x", status);
2327
2328 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2329}
2330
bdb6d971 2331static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2332 u16 len)
1aff6f09 2333{
650f726d 2334 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2335 struct pending_cmd *cmd;
890ea898 2336 struct hci_request req;
1aff6f09
JH		 2337 int err;
2338
bdb6d971 2339 BT_DBG("request for %s", hdev->name);
1aff6f09 2340
6203fc98 2341 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2342 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2343 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2344
0cab9c80 2345 hci_dev_lock(hdev);
ee98f473 2346
0cab9c80
JH		 2347 if (pending_eir_or_class(hdev)) {
2348 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2349 MGMT_STATUS_BUSY);
2350 goto unlock;
2351 }
c95f0ba7 2352
0cab9c80
JH		 2353 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2354 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2355 MGMT_STATUS_INVALID_PARAMS);
2356 goto unlock;
2357 }
575b3a02 2358
932f5ff5
JH		 2359 hdev->major_class = cp->major;
2360 hdev->minor_class = cp->minor;
2361
b5235a65 2362 if (!hdev_is_powered(hdev)) {
bdb6d971 2363 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2364 hdev->dev_class, 3);
b5235a65
JH		 2365 goto unlock;
2366 }
2367
890ea898
JH		 2368 hci_req_init(&req, hdev);
2369
a8b2d5c2 2370 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2371 hci_dev_unlock(hdev);
2372 cancel_delayed_work_sync(&hdev->service_cache);
2373 hci_dev_lock(hdev);
890ea898 2374 update_eir(&req);
7d78525d 2375 }
14c0b608 2376
890ea898
JH		 2377 update_class(&req);
2378
92da6097
JH		 2379 err = hci_req_run(&req, set_class_complete);
2380 if (err < 0) {
2381 if (err != -ENODATA)
2382 goto unlock;
1aff6f09 2383
bdb6d971 2384 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2385 hdev->dev_class, 3);
90e70454
JH		 2386 goto unlock;
2387 }
2388
2389 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2390 if (!cmd) {
90e70454 2391 err = -ENOMEM;
890ea898
JH		 2392 goto unlock;
2393 }
2394
2395 err = 0;
1aff6f09 2396
b5235a65 2397unlock:
09fd0de5 2398 hci_dev_unlock(hdev);
1aff6f09
JH		 2399 return err;
2400}
2401
bdb6d971 2402static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2403 u16 len)
55ed8ca1 2404{
650f726d 2405 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2406 u16 key_count, expected_len;
b1de97d8 2407 bool changed;
a492cd52 2408 int i;
55ed8ca1 2409
9060d5cf
MH		 2410 BT_DBG("request for %s", hdev->name);
2411
2412 if (!lmp_bredr_capable(hdev))
2413 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2414 MGMT_STATUS_NOT_SUPPORTED);
2415
1f350c87 2416 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2417
86742e1e
JH		 2418 expected_len = sizeof(*cp) + key_count *
2419 sizeof(struct mgmt_link_key_info);
a492cd52 2420 if (expected_len != len) {
86742e1e 2421 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2422 expected_len, len);
bdb6d971 2423 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2424 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2425 }
2426
4ae14301
JH		 2427 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2428 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2429 MGMT_STATUS_INVALID_PARAMS);
2430
bdb6d971 2431 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2432 key_count);
55ed8ca1 2433
4ee71b20
JH		 2434 for (i = 0; i < key_count; i++) {
2435 struct mgmt_link_key_info *key = &cp->keys[i];
2436
8e991132 2437 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2438 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2439 MGMT_STATUS_INVALID_PARAMS);
2440 }
2441
09fd0de5 2442 hci_dev_lock(hdev);
55ed8ca1
JH		 2443
2444 hci_link_keys_clear(hdev);
2445
55ed8ca1 2446 if (cp->debug_keys)
0663b297
JH		 2447 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2448 &hdev->dev_flags);
55ed8ca1 2449 else
0663b297
JH		 2450 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2451 &hdev->dev_flags);
b1de97d8
MH		 2452
2453 if (changed)
2454 new_settings(hdev, NULL);
55ed8ca1 2455
a492cd52 2456 for (i = 0; i < key_count; i++) {
86742e1e 2457 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2458
58e9293c
JH		 2459 /* Always ignore debug keys and require a new pairing if
2460 * the user wants to use them.
2461 */
2462 if (key->type == HCI_LK_DEBUG_COMBINATION)
2463 continue;
2464
7652ff6a
JH		 2465 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2466 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2467 }
2468
bdb6d971 2469 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2470
09fd0de5 2471 hci_dev_unlock(hdev);
55ed8ca1 2472
a492cd52 2473 return 0;
55ed8ca1
JH		 2474}
2475
b1078ad0 2476static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2477 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2478{
2479 struct mgmt_ev_device_unpaired ev;
2480
2481 bacpy(&ev.addr.bdaddr, bdaddr);
2482 ev.addr.type = addr_type;
2483
2484 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2485 skip_sk);
b1078ad0
JH		 2486}
2487
bdb6d971 2488static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2489 u16 len)
55ed8ca1 2490{
124f6e35
JH		 2491 struct mgmt_cp_unpair_device *cp = data;
2492 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2493 struct hci_cp_disconnect dc;
2494 struct pending_cmd *cmd;
55ed8ca1 2495 struct hci_conn *conn;
55ed8ca1
JH		 2496 int err;
2497
a8a1d19e 2498 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2499 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2500 rp.addr.type = cp->addr.type;
a8a1d19e 2501
4ee71b20
JH		 2502 if (!bdaddr_type_is_valid(cp->addr.type))
2503 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2504 MGMT_STATUS_INVALID_PARAMS,
2505 &rp, sizeof(rp));
2506
118da70b
JH		 2507 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2508 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2509 MGMT_STATUS_INVALID_PARAMS,
2510 &rp, sizeof(rp));
2511
4ee71b20
JH		 2512 hci_dev_lock(hdev);
2513
86a8cfc6 2514 if (!hdev_is_powered(hdev)) {
bdb6d971 2515 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2516 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2517 goto unlock;
2518 }
2519
e0b2b27e 2520 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2521 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2522 } else {
2523 u8 addr_type;
2524
2525 if (cp->addr.type == BDADDR_LE_PUBLIC)
2526 addr_type = ADDR_LE_DEV_PUBLIC;
2527 else
2528 addr_type = ADDR_LE_DEV_RANDOM;
2529
a7ec7338
JH		 2530 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2531
a9b0a04c
AG		 2532 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2533
e0b2b27e
JH		 2534 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2535 }
b0dbfb46 2536
55ed8ca1 2537 if (err < 0) {
bdb6d971 2538 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2539 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2540 goto unlock;
2541 }
2542
86a8cfc6 2543 if (cp->disconnect) {
591f47f3 2544 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2545 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2546 &cp->addr.bdaddr);
86a8cfc6
JH		 2547 else
2548 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2549 &cp->addr.bdaddr);
86a8cfc6
JH		 2550 } else {
2551 conn = NULL;
2552 }
124f6e35 2553
a8a1d19e 2554 if (!conn) {
bdb6d971 2555 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2556 &rp, sizeof(rp));
b1078ad0 2557 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2558 goto unlock;
2559 }
55ed8ca1 2560
124f6e35 2561 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2562 sizeof(*cp));
a8a1d19e
JH		 2563 if (!cmd) {
2564 err = -ENOMEM;
2565 goto unlock;
55ed8ca1
JH		 2566 }
2567
eb55ef07 2568 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2569 dc.reason = 0x13; /* Remote User Terminated Connection */
2570 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2571 if (err < 0)
2572 mgmt_pending_remove(cmd);
2573
55ed8ca1 2574unlock:
09fd0de5 2575 hci_dev_unlock(hdev);
55ed8ca1
JH		 2576 return err;
2577}
2578
bdb6d971 2579static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2580 u16 len)
8962ee74 2581{
650f726d 2582 struct mgmt_cp_disconnect *cp = data;
06a63b19 2583 struct mgmt_rp_disconnect rp;
8962ee74 2584 struct hci_cp_disconnect dc;
366a0336 2585 struct pending_cmd *cmd;
8962ee74 2586 struct hci_conn *conn;
8962ee74
JH		 2587 int err;
2588
2589 BT_DBG("");
2590
06a63b19
JH		 2591 memset(&rp, 0, sizeof(rp));
2592 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2593 rp.addr.type = cp->addr.type;
2594
4ee71b20 2595 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2596 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2597 MGMT_STATUS_INVALID_PARAMS,
2598 &rp, sizeof(rp));
4ee71b20 2599
09fd0de5 2600 hci_dev_lock(hdev);
8962ee74
JH		 2601
2602 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2603 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2604 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2605 goto failed;
2606 }
2607
2e58ef3e 2608 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2609 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2610 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2611 goto failed;
2612 }
2613
591f47f3 2614 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2615 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2616 &cp->addr.bdaddr);
88c3df13
JH		 2617 else
2618 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2619
f960727e 2620 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2621 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2622 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2623 goto failed;
2624 }
2625
2e58ef3e 2626 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2627 if (!cmd) {
2628 err = -ENOMEM;
8962ee74 2629 goto failed;
366a0336 2630 }
8962ee74 2631
eb55ef07 2632 dc.handle = cpu_to_le16(conn->handle);
3701f944 2633 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2634
2635 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2636 if (err < 0)
a664b5bc 2637 mgmt_pending_remove(cmd);
8962ee74
JH		 2638
2639failed:
09fd0de5 2640 hci_dev_unlock(hdev);
8962ee74
JH		 2641 return err;
2642}
2643
57c1477c 2644static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2645{
2646 switch (link_type) {
2647 case LE_LINK:
48264f06
JH		 2648 switch (addr_type) {
2649 case ADDR_LE_DEV_PUBLIC:
591f47f3 2650 return BDADDR_LE_PUBLIC;
0ed09148 2651
48264f06 2652 default:
0ed09148 2653 /* Fallback to LE Random address type */
591f47f3 2654 return BDADDR_LE_RANDOM;
48264f06 2655 }
0ed09148 2656
4c659c39 2657 default:
0ed09148 2658 /* Fallback to BR/EDR type */
591f47f3 2659 return BDADDR_BREDR;
4c659c39
JH		 2660 }
2661}
2662
04124681
GP		 2663static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2664 u16 data_len)
2784eb41 2665{
2784eb41 2666 struct mgmt_rp_get_connections *rp;
8035ded4 2667 struct hci_conn *c;
a38528f1 2668 size_t rp_len;
60fc5fb6
JH		 2669 int err;
2670 u16 i;
2784eb41
JH		 2671
2672 BT_DBG("");
2673
09fd0de5 2674 hci_dev_lock(hdev);
2784eb41 2675
5f97c1df 2676 if (!hdev_is_powered(hdev)) {
bdb6d971 2677 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2678 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2679 goto unlock;
2680 }
2681
60fc5fb6 2682 i = 0;
b644ba33
JH		 2683 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2684 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2685 i++;
2784eb41
JH		 2686 }
2687
60fc5fb6 2688 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2689 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2690 if (!rp) {
2784eb41
JH		 2691 err = -ENOMEM;
2692 goto unlock;
2693 }
2694
2784eb41 2695 i = 0;
4c659c39 2696 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2697 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2698 continue;
4c659c39 2699 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2700 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2701 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2702 continue;
2703 i++;
2704 }
2705
eb55ef07 2706 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2707
4c659c39
JH		 2708 /* Recalculate length in case of filtered SCO connections, etc */
2709 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2710
bdb6d971 2711 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2712 rp_len);
2784eb41 2713
a38528f1 2714 kfree(rp);
5f97c1df
JH		 2715
2716unlock:
09fd0de5 2717 hci_dev_unlock(hdev);
2784eb41
JH		 2718 return err;
2719}
2720
bdb6d971 2721static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2722 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2723{
2724 struct pending_cmd *cmd;
2725 int err;
2726
2e58ef3e 2727 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2728 sizeof(*cp));
96d97a67
WR		 2729 if (!cmd)
2730 return -ENOMEM;
2731
d8457698 2732 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2733 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2734 if (err < 0)
2735 mgmt_pending_remove(cmd);
2736
2737 return err;
2738}
2739
bdb6d971 2740static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2741 u16 len)
980e1a53 2742{
96d97a67 2743 struct hci_conn *conn;
650f726d 2744 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2745 struct hci_cp_pin_code_reply reply;
366a0336 2746 struct pending_cmd *cmd;
980e1a53
JH		 2747 int err;
2748
2749 BT_DBG("");
2750
09fd0de5 2751 hci_dev_lock(hdev);
980e1a53 2752
4b34ee78 2753 if (!hdev_is_powered(hdev)) {
bdb6d971 2754 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2755 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2756 goto failed;
2757 }
2758
d8457698 2759 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2760 if (!conn) {
bdb6d971 2761 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2762 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2763 goto failed;
2764 }
2765
2766 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2767 struct mgmt_cp_pin_code_neg_reply ncp;
2768
2769 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2770
2771 BT_ERR("PIN code is not 16 bytes long");
2772
bdb6d971 2773 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2774 if (err >= 0)
bdb6d971 2775 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2776 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2777
2778 goto failed;
2779 }
2780
00abfe44 2781 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2782 if (!cmd) {
2783 err = -ENOMEM;
980e1a53 2784 goto failed;
366a0336 2785 }
980e1a53 2786
d8457698 2787 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2788 reply.pin_len = cp->pin_len;
24718ca5 2789 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2790
2791 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2792 if (err < 0)
a664b5bc 2793 mgmt_pending_remove(cmd);
980e1a53
JH		 2794
2795failed:
09fd0de5 2796 hci_dev_unlock(hdev);
980e1a53
JH		 2797 return err;
2798}
2799
04124681
GP		 2800static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2801 u16 len)
17fa4b9d 2802{
650f726d 2803 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2804
2805 BT_DBG("");
2806
4ec86d4c
JH		 2807 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2808 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2809 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
2810
09fd0de5 2811 hci_dev_lock(hdev);
17fa4b9d
JH		 2812
2813 hdev->io_capability = cp->io_capability;
2814
2815 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2816 hdev->io_capability);
17fa4b9d 2817
09fd0de5 2818 hci_dev_unlock(hdev);
17fa4b9d 2819
04124681
GP		 2820 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2821 0);
17fa4b9d
JH		 2822}
2823
6039aa73 2824static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2825{
2826 struct hci_dev *hdev = conn->hdev;
8035ded4 2827 struct pending_cmd *cmd;
e9a416b5 2828
2e58ef3e 2829 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2830 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2831 continue;
2832
e9a416b5
JH		 2833 if (cmd->user_data != conn)
2834 continue;
2835
2836 return cmd;
2837 }
2838
2839 return NULL;
2840}
2841
2842static void pairing_complete(struct pending_cmd *cmd, u8 status)
2843{
2844 struct mgmt_rp_pair_device rp;
2845 struct hci_conn *conn = cmd->user_data;
2846
61b1a7fb
JH		 2847 bacpy(&rp.addr.bdaddr, &conn->dst);
2848 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2849
aee9b218 2850 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2851 &rp, sizeof(rp));
e9a416b5
JH		 2852
2853 /* So we don't get further callbacks for this connection */
2854 conn->connect_cfm_cb = NULL;
2855 conn->security_cfm_cb = NULL;
2856 conn->disconn_cfm_cb = NULL;
2857
76a68ba0 2858 hci_conn_drop(conn);
e9a416b5 2859
a664b5bc 2860 mgmt_pending_remove(cmd);
e9a416b5
JH		 2861}
2862
f4a407be
JH		 2863void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2864{
2865 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2866 struct pending_cmd *cmd;
2867
2868 cmd = find_pairing(conn);
2869 if (cmd)
2870 pairing_complete(cmd, status);
2871}
2872
e9a416b5
JH		 2873static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2874{
2875 struct pending_cmd *cmd;
2876
2877 BT_DBG("status %u", status);
2878
2879 cmd = find_pairing(conn);
56e5cb86 2880 if (!cmd)
e9a416b5 2881 BT_DBG("Unable to find a pending command");
56e5cb86 2882 else
e211326c 2883 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2884}
2885
f4a407be 2886static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2887{
2888 struct pending_cmd *cmd;
2889
2890 BT_DBG("status %u", status);
2891
2892 if (!status)
2893 return;
2894
2895 cmd = find_pairing(conn);
2896 if (!cmd)
2897 BT_DBG("Unable to find a pending command");
2898 else
2899 pairing_complete(cmd, mgmt_status(status));
2900}
2901
bdb6d971 2902static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2903 u16 len)
e9a416b5 2904{
650f726d 2905 struct mgmt_cp_pair_device *cp = data;
1425acb7 2906 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2907 struct pending_cmd *cmd;
2908 u8 sec_level, auth_type;
2909 struct hci_conn *conn;
e9a416b5
JH		 2910 int err;
2911
2912 BT_DBG("");
2913
f950a30e
SJ		 2914 memset(&rp, 0, sizeof(rp));
2915 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2916 rp.addr.type = cp->addr.type;
2917
4ee71b20
JH		 2918 if (!bdaddr_type_is_valid(cp->addr.type))
2919 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2920 MGMT_STATUS_INVALID_PARAMS,
2921 &rp, sizeof(rp));
2922
4ec86d4c
JH		 2923 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2924 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2925 MGMT_STATUS_INVALID_PARAMS,
2926 &rp, sizeof(rp));
2927
09fd0de5 2928 hci_dev_lock(hdev);
e9a416b5 2929
5f97c1df 2930 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2931 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2932 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2933 goto unlock;
2934 }
2935
c908df36 2936 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2937 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2938
6f77d8c7 2939 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2940 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2941 auth_type);
6f77d8c7
AG		 2942 } else {
2943 u8 addr_type;
2944
2945 /* Convert from L2CAP channel address type to HCI address type
2946 */
2947 if (cp->addr.type == BDADDR_LE_PUBLIC)
2948 addr_type = ADDR_LE_DEV_PUBLIC;
2949 else
2950 addr_type = ADDR_LE_DEV_RANDOM;
2951
7c264b10
MH		 2952 /* When pairing a new device, it is expected to remember
2953 * this device for future connections. Adding the connection
2954 * parameter information ahead of time allows tracking
2955 * of the slave preferred values and will speed up any
2956 * further connection establishment.
2957 *
2958 * If connection parameters already exist, then they
2959 * will be kept and this function does nothing.
2960 */
2961 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2962
6f77d8c7 2963 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 2964 sec_level, auth_type);
6f77d8c7 2965 }
7a512d01 2966
30e76272 2967 if (IS_ERR(conn)) {
489dc48e
AK		 2968 int status;
2969
2970 if (PTR_ERR(conn) == -EBUSY)
2971 status = MGMT_STATUS_BUSY;
2972 else
2973 status = MGMT_STATUS_CONNECT_FAILED;
2974
bdb6d971 2975 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2976 status, &rp,
04124681 2977 sizeof(rp));
e9a416b5
JH		 2978 goto unlock;
2979 }
2980
2981 if (conn->connect_cfm_cb) {
76a68ba0 2982 hci_conn_drop(conn);
bdb6d971 2983 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2984 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2985 goto unlock;
2986 }
2987
2e58ef3e 2988 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2989 if (!cmd) {
2990 err = -ENOMEM;
76a68ba0 2991 hci_conn_drop(conn);
e9a416b5
JH		 2992 goto unlock;
2993 }
2994
7a512d01 2995 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2996 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2997 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2998 conn->security_cfm_cb = pairing_complete_cb;
2999 conn->disconn_cfm_cb = pairing_complete_cb;
3000 } else {
3001 conn->connect_cfm_cb = le_pairing_complete_cb;
3002 conn->security_cfm_cb = le_pairing_complete_cb;
3003 conn->disconn_cfm_cb = le_pairing_complete_cb;
3004 }
7a512d01 3005
e9a416b5
JH		 3006 conn->io_capability = cp->io_cap;
3007 cmd->user_data = conn;
3008
3009 if (conn->state == BT_CONNECTED &&
8ce8e2b5 3010 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 3011 pairing_complete(cmd, 0);
3012
3013 err = 0;
3014
3015unlock:
09fd0de5 3016 hci_dev_unlock(hdev);
e9a416b5
JH		 3017 return err;
3018}
3019
04124681
GP		 3020static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3021 u16 len)
28424707 3022{
0f4e68cf 3023 struct mgmt_addr_info *addr = data;
28424707
JH		 3024 struct pending_cmd *cmd;
3025 struct hci_conn *conn;
3026 int err;
3027
3028 BT_DBG("");
3029
28424707
JH		 3030 hci_dev_lock(hdev);
3031
5f97c1df 3032 if (!hdev_is_powered(hdev)) {
bdb6d971 3033 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3034 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3035 goto unlock;
3036 }
3037
28424707
JH		 3038 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3039 if (!cmd) {
bdb6d971 3040 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3041 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3042 goto unlock;
3043 }
3044
3045 conn = cmd->user_data;
3046
3047 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3048 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3049 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3050 goto unlock;
3051 }
3052
3053 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3054
bdb6d971 3055 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3056 addr, sizeof(*addr));
28424707
JH		 3057unlock:
3058 hci_dev_unlock(hdev);
28424707
JH		 3059 return err;
3060}
3061
bdb6d971 3062static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3063 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3064 u16 hci_op, __le32 passkey)
a5c29683 3065{
a5c29683 3066 struct pending_cmd *cmd;
0df4c185 3067 struct hci_conn *conn;
a5c29683
JH		 3068 int err;
3069
09fd0de5 3070 hci_dev_lock(hdev);
08ba5382 3071
4b34ee78 3072 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3073 err = cmd_complete(sk, hdev->id, mgmt_op,
3074 MGMT_STATUS_NOT_POWERED, addr,
3075 sizeof(*addr));
0df4c185 3076 goto done;
a5c29683
JH		 3077 }
3078
1707c60e
JH		 3079 if (addr->type == BDADDR_BREDR)
3080 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3081 else
1707c60e 3082 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3083
3084 if (!conn) {
feb94d3d
JH		 3085 err = cmd_complete(sk, hdev->id, mgmt_op,
3086 MGMT_STATUS_NOT_CONNECTED, addr,
3087 sizeof(*addr));
272d90df
JH		 3088 goto done;
3089 }
47c15e2b 3090
1707c60e 3091 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3092 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3093 if (!err)
feb94d3d
JH		 3094 err = cmd_complete(sk, hdev->id, mgmt_op,
3095 MGMT_STATUS_SUCCESS, addr,
3096 sizeof(*addr));
5fe57d9e 3097 else
feb94d3d
JH		 3098 err = cmd_complete(sk, hdev->id, mgmt_op,
3099 MGMT_STATUS_FAILED, addr,
3100 sizeof(*addr));
47c15e2b 3101
47c15e2b
BG		 3102 goto done;
3103 }
3104
1707c60e 3105 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3106 if (!cmd) {
3107 err = -ENOMEM;
0df4c185 3108 goto done;
a5c29683
JH		 3109 }
3110
0df4c185 3111 /* Continue with pairing via HCI */
604086b7
BG		 3112 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3113 struct hci_cp_user_passkey_reply cp;
3114
1707c60e 3115 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3116 cp.passkey = passkey;
3117 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3118 } else
1707c60e
JH		 3119 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3120 &addr->bdaddr);
604086b7 3121
a664b5bc
JH		 3122 if (err < 0)
3123 mgmt_pending_remove(cmd);
a5c29683 3124
0df4c185 3125done:
09fd0de5 3126 hci_dev_unlock(hdev);
a5c29683
JH		 3127 return err;
3128}
3129
afeb019d
JK		 3130static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3131 void *data, u16 len)
3132{
3133 struct mgmt_cp_pin_code_neg_reply *cp = data;
3134
3135 BT_DBG("");
3136
1707c60e 3137 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3138 MGMT_OP_PIN_CODE_NEG_REPLY,
3139 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3140}
3141
04124681
GP		 3142static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3143 u16 len)
0df4c185 3144{
650f726d 3145 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3146
3147 BT_DBG("");
3148
3149 if (len != sizeof(*cp))
bdb6d971 3150 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3151 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3152
1707c60e 3153 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3154 MGMT_OP_USER_CONFIRM_REPLY,
3155 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3156}
3157
bdb6d971 3158static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3159 void *data, u16 len)
0df4c185 3160{
c9c2659f 3161 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3162
3163 BT_DBG("");
3164
1707c60e 3165 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3166 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3167 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3168}
3169
04124681
GP		 3170static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3171 u16 len)
604086b7 3172{
650f726d 3173 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3174
3175 BT_DBG("");
3176
1707c60e 3177 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3178 MGMT_OP_USER_PASSKEY_REPLY,
3179 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3180}
3181
bdb6d971 3182static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3183 void *data, u16 len)
604086b7 3184{
650f726d 3185 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3186
3187 BT_DBG("");
3188
1707c60e 3189 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3190 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3191 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3192}
3193
13928971 3194static void update_name(struct hci_request *req)
2b4bf397 3195{
13928971 3196 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3197 struct hci_cp_write_local_name cp;
3198
13928971 3199 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3200
890ea898 3201 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3202}
3203
13928971
JH		 3204static void set_name_complete(struct hci_dev *hdev, u8 status)
3205{
3206 struct mgmt_cp_set_local_name *cp;
3207 struct pending_cmd *cmd;
3208
3209 BT_DBG("status 0x%02x", status);
3210
3211 hci_dev_lock(hdev);
3212
3213 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3214 if (!cmd)
3215 goto unlock;
3216
3217 cp = cmd->param;
3218
3219 if (status)
3220 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3221 mgmt_status(status));
3222 else
3223 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3224 cp, sizeof(*cp));
3225
3226 mgmt_pending_remove(cmd);
3227
3228unlock:
3229 hci_dev_unlock(hdev);
3230}
3231
bdb6d971 3232static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3233 u16 len)
b312b161 3234{
2b4bf397 3235 struct mgmt_cp_set_local_name *cp = data;
b312b161 3236 struct pending_cmd *cmd;
890ea898 3237 struct hci_request req;
b312b161
JH		 3238 int err;
3239
3240 BT_DBG("");
3241
09fd0de5 3242 hci_dev_lock(hdev);
b312b161 3243
b3f2ca94
JH		 3244 /* If the old values are the same as the new ones just return a
3245 * direct command complete event.
3246 */
3247 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3248 !memcmp(hdev->short_name, cp->short_name,
3249 sizeof(hdev->short_name))) {
3250 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3251 data, len);
3252 goto failed;
3253 }
3254
2b4bf397 3255 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3256
b5235a65 3257 if (!hdev_is_powered(hdev)) {
2b4bf397 3258 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3259
3260 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3261 data, len);
28cc7bde
JH		 3262 if (err < 0)
3263 goto failed;
3264
3265 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3266 sk);
28cc7bde 3267
b5235a65
JH		 3268 goto failed;
3269 }
3270
28cc7bde 3271 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3272 if (!cmd) {
3273 err = -ENOMEM;
3274 goto failed;
3275 }
3276
13928971
JH		 3277 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3278
890ea898 3279 hci_req_init(&req, hdev);
3f985050
JH		 3280
3281 if (lmp_bredr_capable(hdev)) {
3282 update_name(&req);
3283 update_eir(&req);
3284 }
3285
7a5f4990
MH		 3286 /* The name is stored in the scan response data and so
3287 * no need to udpate the advertising data here.
3288 */
3f985050 3289 if (lmp_le_capable(hdev))
7a5f4990 3290 update_scan_rsp_data(&req);
3f985050 3291
13928971 3292 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3293 if (err < 0)
3294 mgmt_pending_remove(cmd);
3295
3296failed:
09fd0de5 3297 hci_dev_unlock(hdev);
b312b161
JH		 3298 return err;
3299}
3300
0f4e68cf 3301static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3302 void *data, u16 data_len)
c35938b2 3303{
c35938b2
SJ		 3304 struct pending_cmd *cmd;
3305 int err;
3306
bdb6d971 3307 BT_DBG("%s", hdev->name);
c35938b2 3308
09fd0de5 3309 hci_dev_lock(hdev);
c35938b2 3310
4b34ee78 3311 if (!hdev_is_powered(hdev)) {
bdb6d971 3312 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3313 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3314 goto unlock;
3315 }
3316
9a1a1996 3317 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3318 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3319 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3320 goto unlock;
3321 }
3322
2e58ef3e 3323 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3324 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3325 MGMT_STATUS_BUSY);
c35938b2
SJ		 3326 goto unlock;
3327 }
3328
2e58ef3e 3329 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3330 if (!cmd) {
3331 err = -ENOMEM;
3332 goto unlock;
3333 }
3334
4d2d2796
MH		 3335 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3336 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3337 0, NULL);
3338 else
3339 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3340
c35938b2
SJ		 3341 if (err < 0)
3342 mgmt_pending_remove(cmd);
3343
3344unlock:
09fd0de5 3345 hci_dev_unlock(hdev);
c35938b2
SJ		 3346 return err;
3347}
3348
bdb6d971 3349static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3350 void *data, u16 len)
2763eda6 3351{
2763eda6
SJ		 3352 int err;
3353
bdb6d971 3354 BT_DBG("%s ", hdev->name);
2763eda6 3355
09fd0de5 3356 hci_dev_lock(hdev);
2763eda6 3357
ec109113
MH		 3358 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3359 struct mgmt_cp_add_remote_oob_data *cp = data;
3360 u8 status;
bf1e3541 3361
ec109113
MH		 3362 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3363 cp->hash, cp->randomizer);
3364 if (err < 0)
3365 status = MGMT_STATUS_FAILED;
3366 else
3367 status = MGMT_STATUS_SUCCESS;
3368
3369 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3370 status, &cp->addr, sizeof(cp->addr));
3371 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3372 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3373 u8 status;
3374
3375 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3376 cp->hash192,
3377 cp->randomizer192,
3378 cp->hash256,
3379 cp->randomizer256);
3380 if (err < 0)
3381 status = MGMT_STATUS_FAILED;
3382 else
3383 status = MGMT_STATUS_SUCCESS;
3384
3385 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3386 status, &cp->addr, sizeof(cp->addr));
3387 } else {
3388 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3389 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3390 MGMT_STATUS_INVALID_PARAMS);
3391 }
2763eda6 3392
09fd0de5 3393 hci_dev_unlock(hdev);
2763eda6
SJ		 3394 return err;
3395}
3396
bdb6d971 3397static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3398 void *data, u16 len)
2763eda6 3399{
650f726d 3400 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3401 u8 status;
2763eda6
SJ		 3402 int err;
3403
bdb6d971 3404 BT_DBG("%s", hdev->name);
2763eda6 3405
09fd0de5 3406 hci_dev_lock(hdev);
2763eda6 3407
664ce4cc 3408 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3409 if (err < 0)
bf1e3541 3410 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3411 else
a6785be2 3412 status = MGMT_STATUS_SUCCESS;
bf1e3541 3413
bdb6d971 3414 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3415 status, &cp->addr, sizeof(cp->addr));
2763eda6 3416
09fd0de5 3417 hci_dev_unlock(hdev);
2763eda6
SJ		 3418 return err;
3419}
3420
41dc2bd6
AG		 3421static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3422{
3423 struct pending_cmd *cmd;
3424 u8 type;
3425 int err;
3426
3427 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3428
3429 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3430 if (!cmd)
3431 return -ENOENT;
3432
3433 type = hdev->discovery.type;
3434
3435 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3436 &type, sizeof(type));
3437 mgmt_pending_remove(cmd);
3438
3439 return err;
3440}
3441
7c307720
AG		 3442static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3443{
ae55f598
LR		 3444 unsigned long timeout = 0;
3445
7c307720
AG		 3446 BT_DBG("status %d", status);
3447
3448 if (status) {
3449 hci_dev_lock(hdev);
3450 mgmt_start_discovery_failed(hdev, status);
3451 hci_dev_unlock(hdev);
3452 return;
3453 }
3454
3455 hci_dev_lock(hdev);
3456 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3457 hci_dev_unlock(hdev);
3458
3459 switch (hdev->discovery.type) {
3460 case DISCOV_TYPE_LE:
3d5a76f0 3461 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3462 break;
3463
3464 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3465 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3466 break;
3467
3468 case DISCOV_TYPE_BREDR:
3469 break;
3470
3471 default:
3472 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3473 }
ae55f598
LR		 3474
3475 if (!timeout)
3476 return;
3477
3478 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3479}
3480
bdb6d971 3481static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3482 void *data, u16 len)
14a53664 3483{
650f726d 3484 struct mgmt_cp_start_discovery *cp = data;
14a53664 3485 struct pending_cmd *cmd;
7c307720
AG		 3486 struct hci_cp_le_set_scan_param param_cp;
3487 struct hci_cp_le_set_scan_enable enable_cp;
3488 struct hci_cp_inquiry inq_cp;
3489 struct hci_request req;
3490 /* General inquiry access code (GIAC) */
3491 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3492 u8 status, own_addr_type;
14a53664
JH		 3493 int err;
3494
bdb6d971 3495 BT_DBG("%s", hdev->name);
14a53664 3496
09fd0de5 3497 hci_dev_lock(hdev);
14a53664 3498
4b34ee78 3499 if (!hdev_is_powered(hdev)) {
bdb6d971 3500 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3501 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3502 goto failed;
3503 }
3504
642be6c7
AG		 3505 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3506 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3507 MGMT_STATUS_BUSY);
3508 goto failed;
3509 }
3510
ff9ef578 3511 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3512 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3513 MGMT_STATUS_BUSY);
ff9ef578
JH		 3514 goto failed;
3515 }
3516
2e58ef3e 3517 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3518 if (!cmd) {
3519 err = -ENOMEM;
3520 goto failed;
3521 }
3522
4aab14e5
AG		 3523 hdev->discovery.type = cp->type;
3524
7c307720
AG		 3525 hci_req_init(&req, hdev);
3526
4aab14e5 3527 switch (hdev->discovery.type) {
f39799f5 3528 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3529 status = mgmt_bredr_support(hdev);
3530 if (status) {
04106755 3531 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3532 status);
04106755
JH		 3533 mgmt_pending_remove(cmd);
3534 goto failed;
3535 }
3536
7c307720
AG		 3537 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3538 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3539 MGMT_STATUS_BUSY);
3540 mgmt_pending_remove(cmd);
3541 goto failed;
3542 }
3543
3544 hci_inquiry_cache_flush(hdev);
3545
3546 memset(&inq_cp, 0, sizeof(inq_cp));
3547 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3548 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3549 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3550 break;
3551
3552 case DISCOV_TYPE_LE:
7c307720 3553 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3554 status = mgmt_le_support(hdev);
3555 if (status) {
04106755 3556 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3557 status);
04106755
JH		 3558 mgmt_pending_remove(cmd);
3559 goto failed;
3560 }
3561
7c307720 3562 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3563 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3564 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3565 MGMT_STATUS_NOT_SUPPORTED);
3566 mgmt_pending_remove(cmd);
3567 goto failed;
3568 }
3569
f3d3444a 3570 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3571 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3572 MGMT_STATUS_REJECTED);
3573 mgmt_pending_remove(cmd);
3574 goto failed;
3575 }
3576
c54c3860
AG		 3577 /* If controller is scanning, it means the background scanning
3578 * is running. Thus, we should temporarily stop it in order to
3579 * set the discovery scanning parameters.
3580 */
3581 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3582 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3583
3584 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3585
94b1fc92
MH		 3586 /* All active scans will be done with either a resolvable
3587 * private address (when privacy feature has been enabled)
3588 * or unresolvable private address.
3589 */
3590 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3591 if (err < 0) {
3592 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3593 MGMT_STATUS_FAILED);
3594 mgmt_pending_remove(cmd);
3595 goto failed;
3596 }
3597
7c307720 3598 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3599 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3600 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3601 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3602 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3603 &param_cp);
3604
3605 memset(&enable_cp, 0, sizeof(enable_cp));
3606 enable_cp.enable = LE_SCAN_ENABLE;
3607 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3608 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3609 &enable_cp);
5e0452c0
AG		 3610 break;
3611
f39799f5 3612 default:
04106755
JH		 3613 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3614 MGMT_STATUS_INVALID_PARAMS);
3615 mgmt_pending_remove(cmd);
3616 goto failed;
f39799f5 3617 }
3fd24153 3618
7c307720 3619 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3620 if (err < 0)
3621 mgmt_pending_remove(cmd);
ff9ef578
JH		 3622 else
3623 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3624
3625failed:
09fd0de5 3626 hci_dev_unlock(hdev);
14a53664
JH		 3627 return err;
3628}
3629
1183fdca
AG		 3630static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3631{
3632 struct pending_cmd *cmd;
3633 int err;
3634
3635 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3636 if (!cmd)
3637 return -ENOENT;
3638
3639 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3640 &hdev->discovery.type, sizeof(hdev->discovery.type));
3641 mgmt_pending_remove(cmd);
3642
3643 return err;
3644}
3645
0e05bba6
AG		 3646static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3647{
3648 BT_DBG("status %d", status);
3649
3650 hci_dev_lock(hdev);
3651
3652 if (status) {
3653 mgmt_stop_discovery_failed(hdev, status);
3654 goto unlock;
3655 }
3656
3657 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3658
3659unlock:
3660 hci_dev_unlock(hdev);
3661}
3662
bdb6d971 3663static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3664 u16 len)
14a53664 3665{
d930650b 3666 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3667 struct pending_cmd *cmd;
0e05bba6 3668 struct hci_request req;
14a53664
JH		 3669 int err;
3670
bdb6d971 3671 BT_DBG("%s", hdev->name);
14a53664 3672
09fd0de5 3673 hci_dev_lock(hdev);
14a53664 3674
30dc78e1 3675 if (!hci_discovery_active(hdev)) {
bdb6d971 3676 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3677 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3678 sizeof(mgmt_cp->type));
d930650b
JH		 3679 goto unlock;
3680 }
3681
3682 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3683 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3684 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3685 sizeof(mgmt_cp->type));
30dc78e1 3686 goto unlock;
ff9ef578
JH		 3687 }
3688
2e58ef3e 3689 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3690 if (!cmd) {
3691 err = -ENOMEM;
30dc78e1
JH		 3692 goto unlock;
3693 }
3694
0e05bba6
AG		 3695 hci_req_init(&req, hdev);
3696
21a60d30 3697 hci_stop_discovery(&req);
e0d9727e 3698
21a60d30
JH		 3699 err = hci_req_run(&req, stop_discovery_complete);
3700 if (!err) {
3701 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3702 goto unlock;
14a53664
JH		 3703 }
3704
21a60d30
JH		 3705 mgmt_pending_remove(cmd);
3706
3707 /* If no HCI commands were sent we're done */
3708 if (err == -ENODATA) {
3709 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3710 &mgmt_cp->type, sizeof(mgmt_cp->type));
3711 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3712 }
14a53664 3713
30dc78e1 3714unlock:
09fd0de5 3715 hci_dev_unlock(hdev);
14a53664
JH		 3716 return err;
3717}
3718
bdb6d971 3719static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3720 u16 len)
561aafbc 3721{
650f726d 3722 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3723 struct inquiry_entry *e;
561aafbc
JH		 3724 int err;
3725
bdb6d971 3726 BT_DBG("%s", hdev->name);
561aafbc 3727
561aafbc
JH		 3728 hci_dev_lock(hdev);
3729
30dc78e1 3730 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3731 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3732 MGMT_STATUS_FAILED, &cp->addr,
3733 sizeof(cp->addr));
30dc78e1
JH		 3734 goto failed;
3735 }
3736
a198e7b1 3737 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3738 if (!e) {
d3a2541d
LR		 3739 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3740 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3741 sizeof(cp->addr));
561aafbc
JH		 3742 goto failed;
3743 }
3744
3745 if (cp->name_known) {
3746 e->name_state = NAME_KNOWN;
3747 list_del(&e->list);
3748 } else {
3749 e->name_state = NAME_NEEDED;
a3d4e20a 3750 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3751 }
3752
e384662b
JH		 3753 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3754 sizeof(cp->addr));
561aafbc
JH		 3755
3756failed:
3757 hci_dev_unlock(hdev);
561aafbc
JH		 3758 return err;
3759}
3760
bdb6d971 3761static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3762 u16 len)
7fbec224 3763{
650f726d 3764 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3765 u8 status;
7fbec224
AJ		 3766 int err;
3767
bdb6d971 3768 BT_DBG("%s", hdev->name);
7fbec224 3769
4ee71b20 3770 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3771 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3772 MGMT_STATUS_INVALID_PARAMS,
3773 &cp->addr, sizeof(cp->addr));
4ee71b20 3774
09fd0de5 3775 hci_dev_lock(hdev);
5e762444 3776
88c1fe4b 3777 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3778 if (err < 0) {
f0eeea8b 3779 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3780 goto done;
3781 }
3782
3783 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3784 sk);
3785 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3786
2a8357f2 3787done:
bdb6d971 3788 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3789 &cp->addr, sizeof(cp->addr));
5e762444 3790
09fd0de5 3791 hci_dev_unlock(hdev);
7fbec224
AJ		 3792
3793 return err;
3794}
3795
bdb6d971 3796static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3797 u16 len)
7fbec224 3798{
650f726d 3799 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3800 u8 status;
7fbec224
AJ		 3801 int err;
3802
bdb6d971 3803 BT_DBG("%s", hdev->name);
7fbec224 3804
4ee71b20 3805 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3806 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3807 MGMT_STATUS_INVALID_PARAMS,
3808 &cp->addr, sizeof(cp->addr));
4ee71b20 3809
09fd0de5 3810 hci_dev_lock(hdev);
5e762444 3811
88c1fe4b 3812 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3813 if (err < 0) {
f0eeea8b 3814 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 3815 goto done;
3816 }
3817
3818 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3819 sk);
3820 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3821
2a8357f2 3822done:
bdb6d971 3823 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3824 &cp->addr, sizeof(cp->addr));
5e762444 3825
09fd0de5 3826 hci_dev_unlock(hdev);
7fbec224
AJ		 3827
3828 return err;
3829}
3830
cdbaccca
MH		 3831static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3832 u16 len)
3833{
3834 struct mgmt_cp_set_device_id *cp = data;
890ea898 3835 struct hci_request req;
cdbaccca 3836 int err;
c72d4b8a 3837 __u16 source;
cdbaccca
MH		 3838
3839 BT_DBG("%s", hdev->name);
3840
c72d4b8a
SJ		 3841 source = __le16_to_cpu(cp->source);
3842
3843 if (source > 0x0002)
3844 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3845 MGMT_STATUS_INVALID_PARAMS);
3846
cdbaccca
MH		 3847 hci_dev_lock(hdev);
3848
c72d4b8a 3849 hdev->devid_source = source;
cdbaccca
MH		 3850 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3851 hdev->devid_product = __le16_to_cpu(cp->product);
3852 hdev->devid_version = __le16_to_cpu(cp->version);
3853
3854 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3855
890ea898
JH		 3856 hci_req_init(&req, hdev);
3857 update_eir(&req);
3858 hci_req_run(&req, NULL);
cdbaccca
MH		 3859
3860 hci_dev_unlock(hdev);
3861
3862 return err;
3863}
3864
4375f103
JH		 3865static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3866{
3867 struct cmd_lookup match = { NULL, hdev };
3868
3869 if (status) {
3870 u8 mgmt_err = mgmt_status(status);
3871
3872 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3873 cmd_status_rsp, &mgmt_err);
3874 return;
3875 }
3876
3877 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3878 &match);
3879
3880 new_settings(hdev, match.sk);
3881
3882 if (match.sk)
3883 sock_put(match.sk);
3884}
3885
21b5187f
MH		 3886static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3887 u16 len)
4375f103
JH		 3888{
3889 struct mgmt_mode *cp = data;
3890 struct pending_cmd *cmd;
3891 struct hci_request req;
e6fe7986 3892 u8 val, enabled, status;
4375f103
JH		 3893 int err;
3894
3895 BT_DBG("request for %s", hdev->name);
3896
e6fe7986
JH		 3897 status = mgmt_le_support(hdev);
3898 if (status)
4375f103 3899 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3900 status);
4375f103
JH		 3901
3902 if (cp->val != 0x00 && cp->val != 0x01)
3903 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3904 MGMT_STATUS_INVALID_PARAMS);
3905
3906 hci_dev_lock(hdev);
3907
3908 val = !!cp->val;
f3d3444a 3909 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3910
f74ca9b8
JH		 3911 /* The following conditions are ones which mean that we should
3912 * not do any HCI communication but directly send a mgmt
3913 * response to user space (after toggling the flag if
3914 * necessary).
3915 */
3916 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3917 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3918 bool changed = false;
3919
f3d3444a
JH		 3920 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3921 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3922 changed = true;
3923 }
3924
3925 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3926 if (err < 0)
3927 goto unlock;
3928
3929 if (changed)
3930 err = new_settings(hdev, sk);
3931
3932 goto unlock;
3933 }
3934
3935 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3936 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3937 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3938 MGMT_STATUS_BUSY);
3939 goto unlock;
3940 }
3941
3942 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3943 if (!cmd) {
3944 err = -ENOMEM;
3945 goto unlock;
3946 }
3947
3948 hci_req_init(&req, hdev);
3949
bba3aa55
MH		 3950 if (val)
3951 enable_advertising(&req);
3952 else
3953 disable_advertising(&req);
4375f103
JH		 3954
3955 err = hci_req_run(&req, set_advertising_complete);
3956 if (err < 0)
3957 mgmt_pending_remove(cmd);
3958
3959unlock:
3960 hci_dev_unlock(hdev);
3961 return err;
3962}
3963
d13eafce
MH		 3964static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3965 void *data, u16 len)
3966{
3967 struct mgmt_cp_set_static_address *cp = data;
3968 int err;
3969
3970 BT_DBG("%s", hdev->name);
3971
62af4443 3972 if (!lmp_le_capable(hdev))
d13eafce 3973 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3974 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3975
3976 if (hdev_is_powered(hdev))
3977 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3978 MGMT_STATUS_REJECTED);
3979
3980 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3981 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3982 return cmd_status(sk, hdev->id,
3983 MGMT_OP_SET_STATIC_ADDRESS,
3984 MGMT_STATUS_INVALID_PARAMS);
3985
3986 /* Two most significant bits shall be set */
3987 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3988 return cmd_status(sk, hdev->id,
3989 MGMT_OP_SET_STATIC_ADDRESS,
3990 MGMT_STATUS_INVALID_PARAMS);
3991 }
3992
3993 hci_dev_lock(hdev);
3994
3995 bacpy(&hdev->static_addr, &cp->bdaddr);
3996
3997 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3998
3999 hci_dev_unlock(hdev);
4000
4001 return err;
4002}
4003
14b49b9a
MH		 4004static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4005 void *data, u16 len)
4006{
4007 struct mgmt_cp_set_scan_params *cp = data;
4008 __u16 interval, window;
4009 int err;
4010
4011 BT_DBG("%s", hdev->name);
4012
4013 if (!lmp_le_capable(hdev))
4014 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4015 MGMT_STATUS_NOT_SUPPORTED);
4016
4017 interval = __le16_to_cpu(cp->interval);
4018
4019 if (interval < 0x0004 || interval > 0x4000)
4020 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4021 MGMT_STATUS_INVALID_PARAMS);
4022
4023 window = __le16_to_cpu(cp->window);
4024
4025 if (window < 0x0004 || window > 0x4000)
4026 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4027 MGMT_STATUS_INVALID_PARAMS);
4028
899e1075
MH		 4029 if (window > interval)
4030 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4031 MGMT_STATUS_INVALID_PARAMS);
4032
14b49b9a
MH		 4033 hci_dev_lock(hdev);
4034
4035 hdev->le_scan_interval = interval;
4036 hdev->le_scan_window = window;
4037
4038 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4039
dd2ef8e2
AG		 4040 /* If background scan is running, restart it so new parameters are
4041 * loaded.
4042 */
4043 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4044 hdev->discovery.state == DISCOVERY_STOPPED) {
4045 struct hci_request req;
4046
4047 hci_req_init(&req, hdev);
4048
4049 hci_req_add_le_scan_disable(&req);
4050 hci_req_add_le_passive_scan(&req);
4051
4052 hci_req_run(&req, NULL);
4053 }
4054
14b49b9a
MH		 4055 hci_dev_unlock(hdev);
4056
4057 return err;
4058}
4059
33e38b3e
JH		 4060static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4061{
4062 struct pending_cmd *cmd;
4063
4064 BT_DBG("status 0x%02x", status);
4065
4066 hci_dev_lock(hdev);
4067
4068 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4069 if (!cmd)
4070 goto unlock;
4071
4072 if (status) {
4073 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4074 mgmt_status(status));
4075 } else {
1a4d3c4b
JH		 4076 struct mgmt_mode *cp = cmd->param;
4077
4078 if (cp->val)
4079 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4080 else
4081 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4082
33e38b3e
JH		 4083 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4084 new_settings(hdev, cmd->sk);
4085 }
4086
4087 mgmt_pending_remove(cmd);
4088
4089unlock:
4090 hci_dev_unlock(hdev);
4091}
4092
bdb6d971 4093static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4094 void *data, u16 len)
f6422ec6 4095{
650f726d 4096 struct mgmt_mode *cp = data;
33e38b3e
JH		 4097 struct pending_cmd *cmd;
4098 struct hci_request req;
f6422ec6
AJ		 4099 int err;
4100
bdb6d971 4101 BT_DBG("%s", hdev->name);
f6422ec6 4102
56f87901
JH		 4103 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4104 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4105 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4106 MGMT_STATUS_NOT_SUPPORTED);
4107
a7e80f25
JH		 4108 if (cp->val != 0x00 && cp->val != 0x01)
4109 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4110 MGMT_STATUS_INVALID_PARAMS);
4111
5400c044 4112 if (!hdev_is_powered(hdev))
bdb6d971 4113 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4114 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4115
4116 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4117 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4118 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4119
4120 hci_dev_lock(hdev);
4121
05cbf29f
JH		 4122 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4123 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4124 MGMT_STATUS_BUSY);
4125 goto unlock;
4126 }
4127
1a4d3c4b
JH		 4128 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4129 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4130 hdev);
4131 goto unlock;
4132 }
4133
33e38b3e
JH		 4134 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4135 data, len);
4136 if (!cmd) {
4137 err = -ENOMEM;
4138 goto unlock;
f6422ec6
AJ		 4139 }
4140
33e38b3e
JH		 4141 hci_req_init(&req, hdev);
4142
406d7804 4143 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4144
4145 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4146 if (err < 0) {
bdb6d971 4147 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4148 MGMT_STATUS_FAILED);
33e38b3e 4149 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4150 }
4151
33e38b3e 4152unlock:
f6422ec6 4153 hci_dev_unlock(hdev);
33e38b3e 4154
f6422ec6
AJ		 4155 return err;
4156}
4157
67e5a7a3
JH		 4158static void set_bredr_scan(struct hci_request *req)
4159{
4160 struct hci_dev *hdev = req->hdev;
4161 u8 scan = 0;
4162
4163 /* Ensure that fast connectable is disabled. This function will
4164 * not do anything if the page scan parameters are already what
4165 * they should be.
4166 */
4167 write_fast_connectable(req, false);
4168
4169 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4170 scan |= SCAN_PAGE;
4171 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4172 scan |= SCAN_INQUIRY;
4173
4174 if (scan)
4175 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4176}
4177
0663ca2a
JH		 4178static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4179{
4180 struct pending_cmd *cmd;
4181
4182 BT_DBG("status 0x%02x", status);
4183
4184 hci_dev_lock(hdev);
4185
4186 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4187 if (!cmd)
4188 goto unlock;
4189
4190 if (status) {
4191 u8 mgmt_err = mgmt_status(status);
4192
4193 /* We need to restore the flag if related HCI commands
4194 * failed.
4195 */
4196 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4197
4198 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4199 } else {
4200 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4201 new_settings(hdev, cmd->sk);
4202 }
4203
4204 mgmt_pending_remove(cmd);
4205
4206unlock:
4207 hci_dev_unlock(hdev);
4208}
4209
4210static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4211{
4212 struct mgmt_mode *cp = data;
4213 struct pending_cmd *cmd;
4214 struct hci_request req;
4215 int err;
4216
4217 BT_DBG("request for %s", hdev->name);
4218
4219 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4220 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4221 MGMT_STATUS_NOT_SUPPORTED);
4222
4223 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4224 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4225 MGMT_STATUS_REJECTED);
4226
4227 if (cp->val != 0x00 && cp->val != 0x01)
4228 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4229 MGMT_STATUS_INVALID_PARAMS);
4230
4231 hci_dev_lock(hdev);
4232
4233 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4234 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4235 goto unlock;
4236 }
4237
4238 if (!hdev_is_powered(hdev)) {
4239 if (!cp->val) {
0663ca2a
JH		 4240 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4241 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4242 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4243 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4244 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4245 }
4246
4247 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4248
4249 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4250 if (err < 0)
4251 goto unlock;
4252
4253 err = new_settings(hdev, sk);
4254 goto unlock;
4255 }
4256
4257 /* Reject disabling when powered on */
4258 if (!cp->val) {
4259 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4260 MGMT_STATUS_REJECTED);
4261 goto unlock;
4262 }
4263
4264 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4265 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4266 MGMT_STATUS_BUSY);
4267 goto unlock;
4268 }
4269
4270 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4271 if (!cmd) {
4272 err = -ENOMEM;
4273 goto unlock;
4274 }
4275
5947f4bc 4276 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4277 * generates the correct flags.
4278 */
4279 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4280
4281 hci_req_init(&req, hdev);
aa8af46e
JH		 4282
4283 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4284 set_bredr_scan(&req);
4285
f14d8f64
MH		 4286 /* Since only the advertising data flags will change, there
4287 * is no need to update the scan response data.
4288 */
5947f4bc 4289 update_adv_data(&req);
aa8af46e 4290
0663ca2a
JH		 4291 err = hci_req_run(&req, set_bredr_complete);
4292 if (err < 0)
4293 mgmt_pending_remove(cmd);
4294
4295unlock:
4296 hci_dev_unlock(hdev);
4297 return err;
4298}
4299
eac83dc6
MH		 4300static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4301 void *data, u16 len)
4302{
4303 struct mgmt_mode *cp = data;
4304 struct pending_cmd *cmd;
0ab04a9c 4305 u8 val, status;
eac83dc6
MH		 4306 int err;
4307
4308 BT_DBG("request for %s", hdev->name);
4309
4310 status = mgmt_bredr_support(hdev);
4311 if (status)
4312 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4313 status);
4314
5afeac14 4315 if (!lmp_sc_capable(hdev) &&
111902f7 4316 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4317 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4318 MGMT_STATUS_NOT_SUPPORTED);
4319
0ab04a9c 4320 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4321 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4322 MGMT_STATUS_INVALID_PARAMS);
4323
4324 hci_dev_lock(hdev);
4325
4326 if (!hdev_is_powered(hdev)) {
4327 bool changed;
4328
0ab04a9c 4329 if (cp->val) {
eac83dc6
MH		 4330 changed = !test_and_set_bit(HCI_SC_ENABLED,
4331 &hdev->dev_flags);
0ab04a9c
MH		 4332 if (cp->val == 0x02)
4333 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4334 else
4335 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4336 } else {
eac83dc6
MH		 4337 changed = test_and_clear_bit(HCI_SC_ENABLED,
4338 &hdev->dev_flags);
0ab04a9c
MH		 4339 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4340 }
eac83dc6
MH		 4341
4342 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4343 if (err < 0)
4344 goto failed;
4345
4346 if (changed)
4347 err = new_settings(hdev, sk);
4348
4349 goto failed;
4350 }
4351
4352 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4353 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4354 MGMT_STATUS_BUSY);
4355 goto failed;
4356 }
4357
0ab04a9c
MH		 4358 val = !!cp->val;
4359
4360 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4361 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4362 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4363 goto failed;
4364 }
4365
4366 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4367 if (!cmd) {
4368 err = -ENOMEM;
4369 goto failed;
4370 }
4371
0ab04a9c 4372 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4373 if (err < 0) {
4374 mgmt_pending_remove(cmd);
4375 goto failed;
4376 }
4377
0ab04a9c
MH		 4378 if (cp->val == 0x02)
4379 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4380 else
4381 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4382
eac83dc6
MH		 4383failed:
4384 hci_dev_unlock(hdev);
4385 return err;
4386}
4387
4e39ac81
MH		 4388static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4389 void *data, u16 len)
4390{
4391 struct mgmt_mode *cp = data;
b9710979 4392 bool changed, use_changed;
4e39ac81
MH		 4393 int err;
4394
4395 BT_DBG("request for %s", hdev->name);
4396
b9710979 4397 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4398 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4399 MGMT_STATUS_INVALID_PARAMS);
4400
4401 hci_dev_lock(hdev);
4402
4403 if (cp->val)
0663b297
JH		 4404 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4405 &hdev->dev_flags);
4e39ac81 4406 else
0663b297
JH		 4407 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4408 &hdev->dev_flags);
4e39ac81 4409
b9710979
JH		 4410 if (cp->val == 0x02)
4411 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4412 &hdev->dev_flags);
4413 else
4414 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4415 &hdev->dev_flags);
4416
4417 if (hdev_is_powered(hdev) && use_changed &&
4418 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4419 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4420 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4421 sizeof(mode), &mode);
4422 }
4423
4e39ac81
MH		 4424 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4425 if (err < 0)
4426 goto unlock;
4427
4428 if (changed)
4429 err = new_settings(hdev, sk);
4430
4431unlock:
4432 hci_dev_unlock(hdev);
4433 return err;
4434}
4435
62b04cd1
JH		 4436static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4437 u16 len)
4438{
4439 struct mgmt_cp_set_privacy *cp = cp_data;
4440 bool changed;
4441 int err;
4442
4443 BT_DBG("request for %s", hdev->name);
4444
4445 if (!lmp_le_capable(hdev))
4446 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4447 MGMT_STATUS_NOT_SUPPORTED);
4448
4449 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4450 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4451 MGMT_STATUS_INVALID_PARAMS);
4452
4453 if (hdev_is_powered(hdev))
4454 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4455 MGMT_STATUS_REJECTED);
4456
4457 hci_dev_lock(hdev);
4458
c21c0ea0
JH		 4459 /* If user space supports this command it is also expected to
4460 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4461 */
4462 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4463
62b04cd1
JH		 4464 if (cp->privacy) {
4465 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4466 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4467 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4468 } else {
4469 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4470 memset(hdev->irk, 0, sizeof(hdev->irk));
4471 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4472 }
4473
4474 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4475 if (err < 0)
4476 goto unlock;
4477
4478 if (changed)
4479 err = new_settings(hdev, sk);
4480
4481unlock:
4482 hci_dev_unlock(hdev);
4483 return err;
4484}
4485
41edf160
JH		 4486static bool irk_is_valid(struct mgmt_irk_info *irk)
4487{
4488 switch (irk->addr.type) {
4489 case BDADDR_LE_PUBLIC:
4490 return true;
4491
4492 case BDADDR_LE_RANDOM:
4493 /* Two most significant bits shall be set */
4494 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4495 return false;
4496 return true;
4497 }
4498
4499 return false;
4500}
4501
4502static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4503 u16 len)
4504{
4505 struct mgmt_cp_load_irks *cp = cp_data;
4506 u16 irk_count, expected_len;
4507 int i, err;
4508
4509 BT_DBG("request for %s", hdev->name);
4510
4511 if (!lmp_le_capable(hdev))
4512 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4513 MGMT_STATUS_NOT_SUPPORTED);
4514
4515 irk_count = __le16_to_cpu(cp->irk_count);
4516
4517 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4518 if (expected_len != len) {
4519 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4520 expected_len, len);
41edf160
JH		 4521 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4522 MGMT_STATUS_INVALID_PARAMS);
4523 }
4524
4525 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4526
4527 for (i = 0; i < irk_count; i++) {
4528 struct mgmt_irk_info *key = &cp->irks[i];
4529
4530 if (!irk_is_valid(key))
4531 return cmd_status(sk, hdev->id,
4532 MGMT_OP_LOAD_IRKS,
4533 MGMT_STATUS_INVALID_PARAMS);
4534 }
4535
4536 hci_dev_lock(hdev);
4537
4538 hci_smp_irks_clear(hdev);
4539
4540 for (i = 0; i < irk_count; i++) {
4541 struct mgmt_irk_info *irk = &cp->irks[i];
4542 u8 addr_type;
4543
4544 if (irk->addr.type == BDADDR_LE_PUBLIC)
4545 addr_type = ADDR_LE_DEV_PUBLIC;
4546 else
4547 addr_type = ADDR_LE_DEV_RANDOM;
4548
4549 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4550 BDADDR_ANY);
4551 }
4552
4553 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4554
4555 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4556
4557 hci_dev_unlock(hdev);
4558
4559 return err;
4560}
4561
3f706b72
JH		 4562static bool ltk_is_valid(struct mgmt_ltk_info *key)
4563{
4564 if (key->master != 0x00 && key->master != 0x01)
4565 return false;
490cb0b3
MH		 4566
4567 switch (key->addr.type) {
4568 case BDADDR_LE_PUBLIC:
4569 return true;
4570
4571 case BDADDR_LE_RANDOM:
4572 /* Two most significant bits shall be set */
4573 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4574 return false;
4575 return true;
4576 }
4577
4578 return false;
3f706b72
JH		 4579}
4580
bdb6d971 4581static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4582 void *cp_data, u16 len)
346af67b 4583{
346af67b
VCG		 4584 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4585 u16 key_count, expected_len;
715a5bf2 4586 int i, err;
346af67b 4587
cf99ba13
MH		 4588 BT_DBG("request for %s", hdev->name);
4589
4590 if (!lmp_le_capable(hdev))
4591 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4592 MGMT_STATUS_NOT_SUPPORTED);
4593
1f350c87 4594 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4595
4596 expected_len = sizeof(*cp) + key_count *
4597 sizeof(struct mgmt_ltk_info);
4598 if (expected_len != len) {
4599 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4600 expected_len, len);
bdb6d971 4601 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4602 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4603 }
4604
bdb6d971 4605 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4606
54ad6d8a
JH		 4607 for (i = 0; i < key_count; i++) {
4608 struct mgmt_ltk_info *key = &cp->keys[i];
4609
3f706b72 4610 if (!ltk_is_valid(key))
54ad6d8a
JH		 4611 return cmd_status(sk, hdev->id,
4612 MGMT_OP_LOAD_LONG_TERM_KEYS,
4613 MGMT_STATUS_INVALID_PARAMS);
4614 }
4615
346af67b
VCG		 4616 hci_dev_lock(hdev);
4617
4618 hci_smp_ltks_clear(hdev);
4619
4620 for (i = 0; i < key_count; i++) {
4621 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4622 u8 type, addr_type, authenticated;
79d95a19
MH		 4623
4624 if (key->addr.type == BDADDR_LE_PUBLIC)
4625 addr_type = ADDR_LE_DEV_PUBLIC;
4626 else
4627 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4628
4629 if (key->master)
2ceba539 4630 type = SMP_LTK;
346af67b 4631 else
2ceba539 4632 type = SMP_LTK_SLAVE;
346af67b 4633
61b43357
JH		 4634 switch (key->type) {
4635 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4636 authenticated = 0x00;
61b43357
JH		 4637 break;
4638 case MGMT_LTK_AUTHENTICATED:
d7b25450 4639 authenticated = 0x01;
61b43357
JH		 4640 break;
4641 default:
4642 continue;
4643 }
d7b25450 4644
35d70271 4645 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4646 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4647 key->rand);
346af67b
VCG		 4648 }
4649
715a5bf2
JH		 4650 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4651 NULL, 0);
4652
346af67b 4653 hci_dev_unlock(hdev);
346af67b 4654
715a5bf2 4655 return err;
346af67b
VCG		 4656}
4657
dd983808
AK		 4658struct cmd_conn_lookup {
4659 struct hci_conn *conn;
4660 bool valid_tx_power;
4661 u8 mgmt_status;
4662};
4663
4664static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4665{
4666 struct cmd_conn_lookup *match = data;
4667 struct mgmt_cp_get_conn_info *cp;
4668 struct mgmt_rp_get_conn_info rp;
4669 struct hci_conn *conn = cmd->user_data;
4670
4671 if (conn != match->conn)
4672 return;
4673
4674 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4675
4676 memset(&rp, 0, sizeof(rp));
4677 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4678 rp.addr.type = cp->addr.type;
4679
4680 if (!match->mgmt_status) {
4681 rp.rssi = conn->rssi;
4682
eed5daf3 4683 if (match->valid_tx_power) {
dd983808 4684 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4685 rp.max_tx_power = conn->max_tx_power;
4686 } else {
dd983808 4687 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4688 rp.max_tx_power = HCI_TX_POWER_INVALID;
4689 }
dd983808
AK		 4690 }
4691
4692 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4693 match->mgmt_status, &rp, sizeof(rp));
4694
4695 hci_conn_drop(conn);
4696
4697 mgmt_pending_remove(cmd);
4698}
4699
4700static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4701{
4702 struct hci_cp_read_rssi *cp;
4703 struct hci_conn *conn;
4704 struct cmd_conn_lookup match;
4705 u16 handle;
4706
4707 BT_DBG("status 0x%02x", status);
4708
4709 hci_dev_lock(hdev);
4710
4711 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4712 * otherwise we assume it's not valid. At the moment we assume that
4713 * either both or none of current and max values are valid to keep code
4714 * simple.
dd983808
AK		 4715 */
4716 match.valid_tx_power = !status;
4717
4718 /* Commands sent in request are either Read RSSI or Read Transmit Power
4719 * Level so we check which one was last sent to retrieve connection
4720 * handle. Both commands have handle as first parameter so it's safe to
4721 * cast data on the same command struct.
4722 *
4723 * First command sent is always Read RSSI and we fail only if it fails.
4724 * In other case we simply override error to indicate success as we
4725 * already remembered if TX power value is actually valid.
4726 */
4727 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4728 if (!cp) {
4729 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4730 status = 0;
4731 }
4732
4733 if (!cp) {
4734 BT_ERR("invalid sent_cmd in response");
4735 goto unlock;
4736 }
4737
4738 handle = __le16_to_cpu(cp->handle);
4739 conn = hci_conn_hash_lookup_handle(hdev, handle);
4740 if (!conn) {
4741 BT_ERR("unknown handle (%d) in response", handle);
4742 goto unlock;
4743 }
4744
4745 match.conn = conn;
4746 match.mgmt_status = mgmt_status(status);
4747
4748 /* Cache refresh is complete, now reply for mgmt request for given
4749 * connection only.
4750 */
4751 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4752 get_conn_info_complete, &match);
4753
4754unlock:
4755 hci_dev_unlock(hdev);
4756}
4757
4758static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4759 u16 len)
4760{
4761 struct mgmt_cp_get_conn_info *cp = data;
4762 struct mgmt_rp_get_conn_info rp;
4763 struct hci_conn *conn;
4764 unsigned long conn_info_age;
4765 int err = 0;
4766
4767 BT_DBG("%s", hdev->name);
4768
4769 memset(&rp, 0, sizeof(rp));
4770 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4771 rp.addr.type = cp->addr.type;
4772
4773 if (!bdaddr_type_is_valid(cp->addr.type))
4774 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4775 MGMT_STATUS_INVALID_PARAMS,
4776 &rp, sizeof(rp));
4777
4778 hci_dev_lock(hdev);
4779
4780 if (!hdev_is_powered(hdev)) {
4781 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4782 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4783 goto unlock;
4784 }
4785
4786 if (cp->addr.type == BDADDR_BREDR)
4787 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4788 &cp->addr.bdaddr);
4789 else
4790 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4791
4792 if (!conn || conn->state != BT_CONNECTED) {
4793 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4794 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4795 goto unlock;
4796 }
4797
4798 /* To avoid client trying to guess when to poll again for information we
4799 * calculate conn info age as random value between min/max set in hdev.
4800 */
4801 conn_info_age = hdev->conn_info_min_age +
4802 prandom_u32_max(hdev->conn_info_max_age -
4803 hdev->conn_info_min_age);
4804
4805 /* Query controller to refresh cached values if they are too old or were
4806 * never read.
4807 */
f4e2dd53
AK		 4808 if (time_after(jiffies, conn->conn_info_timestamp +
4809 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4810 !conn->conn_info_timestamp) {
4811 struct hci_request req;
4812 struct hci_cp_read_tx_power req_txp_cp;
4813 struct hci_cp_read_rssi req_rssi_cp;
4814 struct pending_cmd *cmd;
4815
4816 hci_req_init(&req, hdev);
4817 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4818 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4819 &req_rssi_cp);
4820
f7faab0c
AK		 4821 /* For LE links TX power does not change thus we don't need to
4822 * query for it once value is known.
4823 */
4824 if (!bdaddr_type_is_le(cp->addr.type) ||
4825 conn->tx_power == HCI_TX_POWER_INVALID) {
4826 req_txp_cp.handle = cpu_to_le16(conn->handle);
4827 req_txp_cp.type = 0x00;
4828 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4829 sizeof(req_txp_cp), &req_txp_cp);
4830 }
dd983808 4831
eed5daf3
AK		 4832 /* Max TX power needs to be read only once per connection */
4833 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4834 req_txp_cp.handle = cpu_to_le16(conn->handle);
4835 req_txp_cp.type = 0x01;
4836 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4837 sizeof(req_txp_cp), &req_txp_cp);
4838 }
4839
dd983808
AK		 4840 err = hci_req_run(&req, conn_info_refresh_complete);
4841 if (err < 0)
4842 goto unlock;
4843
4844 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4845 data, len);
4846 if (!cmd) {
4847 err = -ENOMEM;
4848 goto unlock;
4849 }
4850
4851 hci_conn_hold(conn);
4852 cmd->user_data = conn;
4853
4854 conn->conn_info_timestamp = jiffies;
4855 } else {
4856 /* Cache is valid, just reply with values cached in hci_conn */
4857 rp.rssi = conn->rssi;
4858 rp.tx_power = conn->tx_power;
eed5daf3 4859 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 4860
4861 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4862 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
4863 }
4864
4865unlock:
4866 hci_dev_unlock(hdev);
4867 return err;
4868}
4869
95868426
JH		 4870static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
4871{
4872 struct mgmt_cp_get_clock_info *cp;
4873 struct mgmt_rp_get_clock_info rp;
4874 struct hci_cp_read_clock *hci_cp;
4875 struct pending_cmd *cmd;
4876 struct hci_conn *conn;
4877
4878 BT_DBG("%s status %u", hdev->name, status);
4879
4880 hci_dev_lock(hdev);
4881
4882 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
4883 if (!hci_cp)
4884 goto unlock;
4885
4886 if (hci_cp->which) {
4887 u16 handle = __le16_to_cpu(hci_cp->handle);
4888 conn = hci_conn_hash_lookup_handle(hdev, handle);
4889 } else {
4890 conn = NULL;
4891 }
4892
4893 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
4894 if (!cmd)
4895 goto unlock;
4896
4897 cp = cmd->param;
4898
4899 memset(&rp, 0, sizeof(rp));
4900 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
4901
4902 if (status)
4903 goto send_rsp;
4904
4905 rp.local_clock = cpu_to_le32(hdev->clock);
4906
4907 if (conn) {
4908 rp.piconet_clock = cpu_to_le32(conn->clock);
4909 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
4910 }
4911
4912send_rsp:
4913 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
4914 &rp, sizeof(rp));
4915 mgmt_pending_remove(cmd);
4916 if (conn)
4917 hci_conn_drop(conn);
4918
4919unlock:
4920 hci_dev_unlock(hdev);
4921}
4922
4923static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
4924 u16 len)
4925{
4926 struct mgmt_cp_get_clock_info *cp = data;
4927 struct mgmt_rp_get_clock_info rp;
4928 struct hci_cp_read_clock hci_cp;
4929 struct pending_cmd *cmd;
4930 struct hci_request req;
4931 struct hci_conn *conn;
4932 int err;
4933
4934 BT_DBG("%s", hdev->name);
4935
4936 memset(&rp, 0, sizeof(rp));
4937 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4938 rp.addr.type = cp->addr.type;
4939
4940 if (cp->addr.type != BDADDR_BREDR)
4941 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4942 MGMT_STATUS_INVALID_PARAMS,
4943 &rp, sizeof(rp));
4944
4945 hci_dev_lock(hdev);
4946
4947 if (!hdev_is_powered(hdev)) {
4948 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4949 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4950 goto unlock;
4951 }
4952
4953 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4954 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4955 &cp->addr.bdaddr);
4956 if (!conn || conn->state != BT_CONNECTED) {
4957 err = cmd_complete(sk, hdev->id,
4958 MGMT_OP_GET_CLOCK_INFO,
4959 MGMT_STATUS_NOT_CONNECTED,
4960 &rp, sizeof(rp));
4961 goto unlock;
4962 }
4963 } else {
4964 conn = NULL;
4965 }
4966
4967 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
4968 if (!cmd) {
4969 err = -ENOMEM;
4970 goto unlock;
4971 }
4972
4973 hci_req_init(&req, hdev);
4974
4975 memset(&hci_cp, 0, sizeof(hci_cp));
4976 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
4977
4978 if (conn) {
4979 hci_conn_hold(conn);
4980 cmd->user_data = conn;
4981
4982 hci_cp.handle = cpu_to_le16(conn->handle);
4983 hci_cp.which = 0x01; /* Piconet clock */
4984 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
4985 }
4986
4987 err = hci_req_run(&req, get_clock_info_complete);
4988 if (err < 0)
4989 mgmt_pending_remove(cmd);
4990
4991unlock:
4992 hci_dev_unlock(hdev);
4993 return err;
4994}
4995
8afef092
MH		 4996static void device_added(struct sock *sk, struct hci_dev *hdev,
4997 bdaddr_t *bdaddr, u8 type, u8 action)
4998{
4999 struct mgmt_ev_device_added ev;
5000
5001 bacpy(&ev.addr.bdaddr, bdaddr);
5002 ev.addr.type = type;
5003 ev.action = action;
5004
5005 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5006}
5007
2faade53
MH		 5008static int add_device(struct sock *sk, struct hci_dev *hdev,
5009 void *data, u16 len)
5010{
5011 struct mgmt_cp_add_device *cp = data;
5012 u8 auto_conn, addr_type;
5013 int err;
5014
5015 BT_DBG("%s", hdev->name);
5016
5017 if (!bdaddr_type_is_le(cp->addr.type) ||
5018 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5019 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5020 MGMT_STATUS_INVALID_PARAMS,
5021 &cp->addr, sizeof(cp->addr));
5022
5023 if (cp->action != 0x00 && cp->action != 0x01)
5024 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5025 MGMT_STATUS_INVALID_PARAMS,
5026 &cp->addr, sizeof(cp->addr));
5027
5028 hci_dev_lock(hdev);
5029
5030 if (cp->addr.type == BDADDR_LE_PUBLIC)
5031 addr_type = ADDR_LE_DEV_PUBLIC;
5032 else
5033 addr_type = ADDR_LE_DEV_RANDOM;
5034
5035 if (cp->action)
5036 auto_conn = HCI_AUTO_CONN_ALWAYS;
5037 else
a3451d27 5038 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5039
bf5b3c8b
MH		 5040 /* If the connection parameters don't exist for this device,
5041 * they will be created and configured with defaults.
5042 */
d06b50ce
MH		 5043 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5044 auto_conn) < 0) {
2faade53
MH		 5045 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5046 MGMT_STATUS_FAILED,
5047 &cp->addr, sizeof(cp->addr));
5048 goto unlock;
5049 }
5050
8afef092
MH		 5051 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5052
2faade53
MH		 5053 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5054 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5055
5056unlock:
5057 hci_dev_unlock(hdev);
5058 return err;
5059}
5060
8afef092
MH		 5061static void device_removed(struct sock *sk, struct hci_dev *hdev,
5062 bdaddr_t *bdaddr, u8 type)
5063{
5064 struct mgmt_ev_device_removed ev;
5065
5066 bacpy(&ev.addr.bdaddr, bdaddr);
5067 ev.addr.type = type;
5068
5069 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5070}
5071
2faade53
MH		 5072static int remove_device(struct sock *sk, struct hci_dev *hdev,
5073 void *data, u16 len)
5074{
5075 struct mgmt_cp_remove_device *cp = data;
5076 int err;
5077
5078 BT_DBG("%s", hdev->name);
5079
5080 hci_dev_lock(hdev);
5081
5082 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5083 struct hci_conn_params *params;
2faade53
MH		 5084 u8 addr_type;
5085
5086 if (!bdaddr_type_is_le(cp->addr.type)) {
5087 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5088 MGMT_STATUS_INVALID_PARAMS,
5089 &cp->addr, sizeof(cp->addr));
5090 goto unlock;
5091 }
5092
5093 if (cp->addr.type == BDADDR_LE_PUBLIC)
5094 addr_type = ADDR_LE_DEV_PUBLIC;
5095 else
5096 addr_type = ADDR_LE_DEV_RANDOM;
5097
c71593dd
JH		 5098 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5099 addr_type);
5100 if (!params) {
5101 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5102 MGMT_STATUS_INVALID_PARAMS,
5103 &cp->addr, sizeof(cp->addr));
5104 goto unlock;
5105 }
5106
5107 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5108 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5109 MGMT_STATUS_INVALID_PARAMS,
5110 &cp->addr, sizeof(cp->addr));
5111 goto unlock;
5112 }
5113
5114 hci_pend_le_conn_del(hdev, &cp->addr.bdaddr, addr_type);
5115 list_del(&params->list);
5116 kfree(params);
8afef092
MH		 5117
5118 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53
MH		 5119 } else {
5120 if (cp->addr.type) {
5121 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5122 MGMT_STATUS_INVALID_PARAMS,
5123 &cp->addr, sizeof(cp->addr));
5124 goto unlock;
5125 }
5126
c71593dd 5127 hci_conn_params_clear_enabled(hdev);
2faade53
MH		 5128 }
5129
5130 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5131 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5132
5133unlock:
5134 hci_dev_unlock(hdev);
5135 return err;
5136}
5137
a26f3dcf
JH		 5138static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5139 u16 len)
5140{
5141 struct mgmt_cp_load_conn_param *cp = data;
5142 u16 param_count, expected_len;
5143 int i;
5144
5145 if (!lmp_le_capable(hdev))
5146 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5147 MGMT_STATUS_NOT_SUPPORTED);
5148
5149 param_count = __le16_to_cpu(cp->param_count);
5150
5151 expected_len = sizeof(*cp) + param_count *
5152 sizeof(struct mgmt_conn_param);
5153 if (expected_len != len) {
5154 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5155 expected_len, len);
5156 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5157 MGMT_STATUS_INVALID_PARAMS);
5158 }
5159
5160 BT_DBG("%s param_count %u", hdev->name, param_count);
5161
5162 hci_dev_lock(hdev);
5163
5164 hci_conn_params_clear_disabled(hdev);
5165
5166 for (i = 0; i < param_count; i++) {
5167 struct mgmt_conn_param *param = &cp->params[i];
5168 struct hci_conn_params *hci_param;
5169 u16 min, max, latency, timeout;
5170 u8 addr_type;
5171
5172 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5173 param->addr.type);
5174
5175 if (param->addr.type == BDADDR_LE_PUBLIC) {
5176 addr_type = ADDR_LE_DEV_PUBLIC;
5177 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5178 addr_type = ADDR_LE_DEV_RANDOM;
5179 } else {
5180 BT_ERR("Ignoring invalid connection parameters");
5181 continue;
5182 }
5183
5184 min = le16_to_cpu(param->min_interval);
5185 max = le16_to_cpu(param->max_interval);
5186 latency = le16_to_cpu(param->latency);
5187 timeout = le16_to_cpu(param->timeout);
5188
5189 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5190 min, max, latency, timeout);
5191
5192 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5193 BT_ERR("Ignoring invalid connection parameters");
5194 continue;
5195 }
5196
5197 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5198 addr_type);
5199 if (!hci_param) {
5200 BT_ERR("Failed to add connection parameters");
5201 continue;
5202 }
5203
5204 hci_param->conn_min_interval = min;
5205 hci_param->conn_max_interval = max;
5206 hci_param->conn_latency = latency;
5207 hci_param->supervision_timeout = timeout;
5208 }
5209
5210 hci_dev_unlock(hdev);
5211
5212 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5213}
5214
2e3c35ea 5215static const struct mgmt_handler {
04124681
GP		 5216 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5217 u16 data_len);
be22b54e
JH		 5218 bool var_len;
5219 size_t data_len;
0f4e68cf
JH		 5220} mgmt_handlers[] = {
5221 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5222 { read_version, false, MGMT_READ_VERSION_SIZE },
5223 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5224 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5225 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5226 { set_powered, false, MGMT_SETTING_SIZE },
5227 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5228 { set_connectable, false, MGMT_SETTING_SIZE },
5229 { set_fast_connectable, false, MGMT_SETTING_SIZE },
5230 { set_pairable, false, MGMT_SETTING_SIZE },
5231 { set_link_security, false, MGMT_SETTING_SIZE },
5232 { set_ssp, false, MGMT_SETTING_SIZE },
5233 { set_hs, false, MGMT_SETTING_SIZE },
5234 { set_le, false, MGMT_SETTING_SIZE },
5235 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5236 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5237 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5238 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5239 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5240 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5241 { disconnect, false, MGMT_DISCONNECT_SIZE },
5242 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5243 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5244 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5245 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5246 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5247 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5248 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5249 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5250 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5251 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5252 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5253 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5254 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5255 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5256 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5257 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5258 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5259 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5260 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5261 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5262 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5263 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5264 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5265 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5266 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5267 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5268 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5269 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5270 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5271 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5272 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5273 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
a26f3dcf 5274 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
0f4e68cf
JH		 5275};
5276
0381101f
JH		 5277int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5278{
650f726d
VCG		 5279 void *buf;
5280 u8 *cp;
0381101f 5281 struct mgmt_hdr *hdr;
4e51eae9 5282 u16 opcode, index, len;
bdb6d971 5283 struct hci_dev *hdev = NULL;
2e3c35ea 5284 const struct mgmt_handler *handler;
0381101f
JH		 5285 int err;
5286
5287 BT_DBG("got %zu bytes", msglen);
5288
5289 if (msglen < sizeof(*hdr))
5290 return -EINVAL;
5291
e63a15ec 5292 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5293 if (!buf)
5294 return -ENOMEM;
5295
5296 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5297 err = -EFAULT;
5298 goto done;
5299 }
5300
650f726d 5301 hdr = buf;
1f350c87
MH		 5302 opcode = __le16_to_cpu(hdr->opcode);
5303 index = __le16_to_cpu(hdr->index);
5304 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5305
5306 if (len != msglen - sizeof(*hdr)) {
5307 err = -EINVAL;
5308 goto done;
5309 }
5310
0f4e68cf 5311 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5312 hdev = hci_dev_get(index);
5313 if (!hdev) {
5314 err = cmd_status(sk, index, opcode,
04124681 5315 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5316 goto done;
5317 }
0736cfa8 5318
cebf4cfd 5319 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
fee746b0
MH		 5320 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) ||
5321 test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) {
0736cfa8
MH		 5322 err = cmd_status(sk, index, opcode,
5323 MGMT_STATUS_INVALID_INDEX);
5324 goto done;
5325 }
bdb6d971
JH		 5326 }
5327
0f4e68cf 5328 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5329 mgmt_handlers[opcode].func == NULL) {
0381101f 5330 BT_DBG("Unknown op %u", opcode);
ca69b795 5331 err = cmd_status(sk, index, opcode,
04124681 5332 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5333 goto done;
5334 }
5335
5336 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 5337 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 5338 err = cmd_status(sk, index, opcode,
04124681 5339 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5340 goto done;
0381101f
JH		 5341 }
5342
be22b54e
JH		 5343 handler = &mgmt_handlers[opcode];
5344
5345 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5346 (!handler->var_len && len != handler->data_len)) {
be22b54e 5347 err = cmd_status(sk, index, opcode,
04124681 5348 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5349 goto done;
5350 }
5351
0f4e68cf
JH		 5352 if (hdev)
5353 mgmt_init_hdev(sk, hdev);
5354
5355 cp = buf + sizeof(*hdr);
5356
be22b54e 5357 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5358 if (err < 0)
5359 goto done;
5360
0381101f
JH		 5361 err = msglen;
5362
5363done:
bdb6d971
JH		 5364 if (hdev)
5365 hci_dev_put(hdev);
5366
0381101f
JH		 5367 kfree(buf);
5368 return err;
5369}
c71e97bf 5370
bf6b56db 5371void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 5372{
1514b892 5373 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5374 return;
bb4b2a9a 5375
bf6b56db 5376 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 5377}
5378
bf6b56db 5379void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 5380{
5f159032 5381 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 5382
1514b892 5383 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5384 return;
bb4b2a9a 5385
744cf19e 5386 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 5387
bf6b56db 5388 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 5389}
5390
6046dc3e
AG		 5391/* This function requires the caller holds hdev->lock */
5392static void restart_le_auto_conns(struct hci_dev *hdev)
5393{
5394 struct hci_conn_params *p;
c83ed19d 5395 bool added = false;
6046dc3e
AG		 5396
5397 list_for_each_entry(p, &hdev->le_conn_params, list) {
c83ed19d 5398 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS) {
6046dc3e 5399 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
c83ed19d
MH		 5400 added = true;
5401 }
6046dc3e 5402 }
c83ed19d
MH		 5403
5404 /* Calling hci_pend_le_conn_add will actually already trigger
5405 * background scanning when needed. So no need to trigger it
5406 * just another time.
5407 *
5408 * This check is here to avoid an unneeded restart of the
5409 * passive scanning. Since this is during the controller
5410 * power up phase the duplicate filtering is not an issue.
5411 */
5412 if (added)
5413 return;
5414
5415 hci_update_background_scan(hdev);
6046dc3e
AG		 5416}
5417
229ab39c
JH		 5418static void powered_complete(struct hci_dev *hdev, u8 status)
5419{
5420 struct cmd_lookup match = { NULL, hdev };
5421
5422 BT_DBG("status 0x%02x", status);
5423
5424 hci_dev_lock(hdev);
5425
6046dc3e
AG		 5426 restart_le_auto_conns(hdev);
5427
229ab39c
JH		 5428 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5429
5430 new_settings(hdev, match.sk);
5431
5432 hci_dev_unlock(hdev);
5433
5434 if (match.sk)
5435 sock_put(match.sk);
5436}
5437
70da6243 5438static int powered_update_hci(struct hci_dev *hdev)
5add6af8 5439{
890ea898 5440 struct hci_request req;
70da6243 5441 u8 link_sec;
5add6af8 5442
890ea898
JH		 5443 hci_req_init(&req, hdev);
5444
70da6243
JH		 5445 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5446 !lmp_host_ssp_capable(hdev)) {
5447 u8 ssp = 1;
5e5282bb 5448
890ea898 5449 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5450 }
5add6af8 5451
c73eee91
JH		 5452 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5453 lmp_bredr_capable(hdev)) {
70da6243 5454 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5455
70da6243
JH		 5456 cp.le = 1;
5457 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 5458
70da6243
JH		 5459 /* Check first if we already have the right
5460 * host state (host features set)
5461 */
5462 if (cp.le != lmp_host_le_capable(hdev) ||
5463 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5464 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5465 sizeof(cp), &cp);
70da6243 5466 }
3d1cbdd6 5467
d13eafce 5468 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5469 /* Make sure the controller has a good default for
5470 * advertising data. This also applies to the case
5471 * where BR/EDR was toggled during the AUTO_OFF phase.
5472 */
f14d8f64 5473 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5474 update_adv_data(&req);
f14d8f64
MH		 5475 update_scan_rsp_data(&req);
5476 }
441ad2d0 5477
bba3aa55
MH		 5478 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5479 enable_advertising(&req);
eeca6f89
JH		 5480 }
5481
70da6243
JH		 5482 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5483 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5484 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5485 sizeof(link_sec), &link_sec);
562fcc24 5486
70da6243 5487 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5488 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5489 set_bredr_scan(&req);
890ea898 5490 update_class(&req);
13928971 5491 update_name(&req);
890ea898 5492 update_eir(&req);
70da6243 5493 }
562fcc24 5494
229ab39c 5495 return hci_req_run(&req, powered_complete);
70da6243 5496}
562fcc24 5497
70da6243
JH		 5498int mgmt_powered(struct hci_dev *hdev, u8 powered)
5499{
5500 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5501 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5502 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5503 int err;
f0ff92fb 5504
70da6243
JH		 5505 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5506 return 0;
5507
70da6243 5508 if (powered) {
229ab39c
JH		 5509 if (powered_update_hci(hdev) == 0)
5510 return 0;
fe038884 5511
229ab39c
JH		 5512 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5513 &match);
5514 goto new_settings;
b24752fe
JH		 5515 }
5516
229ab39c
JH		 5517 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5518 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5519
5520 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5521 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5522 zero_cod, sizeof(zero_cod), NULL);
5523
5524new_settings:
beadb2bd 5525 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5526
5527 if (match.sk)
5528 sock_put(match.sk);
5529
7bb895d6 5530 return err;
5add6af8 5531}
73f22f62 5532
3eec705e 5533void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5534{
5535 struct pending_cmd *cmd;
5536 u8 status;
5537
5538 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5539 if (!cmd)
3eec705e 5540 return;
96570ffc
JH		 5541
5542 if (err == -ERFKILL)
5543 status = MGMT_STATUS_RFKILLED;
5544 else
5545 status = MGMT_STATUS_FAILED;
5546
3eec705e 5547 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5548
5549 mgmt_pending_remove(cmd);
96570ffc
JH		 5550}
5551
d1967ff8
MH		 5552void mgmt_discoverable_timeout(struct hci_dev *hdev)
5553{
5554 struct hci_request req;
d1967ff8
MH		 5555
5556 hci_dev_lock(hdev);
5557
5558 /* When discoverable timeout triggers, then just make sure
5559 * the limited discoverable flag is cleared. Even in the case
5560 * of a timeout triggered from general discoverable, it is
5561 * safe to unconditionally clear the flag.
5562 */
5563 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 5564 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 5565
5566 hci_req_init(&req, hdev);
4b580614
JH		 5567 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5568 u8 scan = SCAN_PAGE;
5569 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5570 sizeof(scan), &scan);
5571 }
d1967ff8 5572 update_class(&req);
9a43e25f 5573 update_adv_data(&req);
d1967ff8
MH		 5574 hci_req_run(&req, NULL);
5575
5576 hdev->discov_timeout = 0;
5577
9a43e25f
JH		 5578 new_settings(hdev, NULL);
5579
d1967ff8
MH		 5580 hci_dev_unlock(hdev);
5581}
5582
86a75645 5583void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 5584{
86a75645 5585 bool changed;
73f22f62 5586
bfaf8c9f
JH		 5587 /* Nothing needed here if there's a pending command since that
5588 * commands request completion callback takes care of everything
5589 * necessary.
5590 */
5591 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 5592 return;
bfaf8c9f 5593
bd107999
JH		 5594 /* Powering off may clear the scan mode - don't let that interfere */
5595 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5596 return;
5597
9a43e25f 5598 if (discoverable) {
86a75645 5599 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5600 } else {
5601 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 5602 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5603 }
5604
5605 if (changed) {
5606 struct hci_request req;
5607
5608 /* In case this change in discoverable was triggered by
5609 * a disabling of connectable there could be a need to
5610 * update the advertising flags.
5611 */
5612 hci_req_init(&req, hdev);
5613 update_adv_data(&req);
5614 hci_req_run(&req, NULL);
73f22f62 5615
86a75645 5616 new_settings(hdev, NULL);
9a43e25f 5617 }
73f22f62 5618}
9fbcbb45 5619
a330916c 5620void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 5621{
a330916c 5622 bool changed;
9fbcbb45 5623
d7b856f9
JH		 5624 /* Nothing needed here if there's a pending command since that
5625 * commands request completion callback takes care of everything
5626 * necessary.
5627 */
5628 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 5629 return;
d7b856f9 5630
ce3f24cf
JH		 5631 /* Powering off may clear the scan mode - don't let that interfere */
5632 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5633 return;
5634
a330916c
MH		 5635 if (connectable)
5636 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5637 else
5638 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 5639
beadb2bd 5640 if (changed)
a330916c 5641 new_settings(hdev, NULL);
9fbcbb45 5642}
55ed8ca1 5643
778b235a
JH		 5644void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
5645{
7c4cfab8
JH		 5646 /* Powering off may stop advertising - don't let that interfere */
5647 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5648 return;
5649
778b235a
JH		 5650 if (advertising)
5651 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
5652 else
5653 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5654}
5655
4796e8af 5656void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 5657{
ca69b795
JH		 5658 u8 mgmt_err = mgmt_status(status);
5659
2d7cee58 5660 if (scan & SCAN_PAGE)
744cf19e 5661 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 5662 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5663
5664 if (scan & SCAN_INQUIRY)
744cf19e 5665 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 5666 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5667}
5668
dc4a5ee2
MH		 5669void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
5670 bool persistent)
55ed8ca1 5671{
86742e1e 5672 struct mgmt_ev_new_link_key ev;
55ed8ca1 5673
a492cd52 5674 memset(&ev, 0, sizeof(ev));
55ed8ca1 5675
a492cd52 5676 ev.store_hint = persistent;
d753fdc4 5677 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 5678 ev.key.addr.type = BDADDR_BREDR;
a492cd52 5679 ev.key.type = key->type;
9b3b4460 5680 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 5681 ev.key.pin_len = key->pin_len;
55ed8ca1 5682
dc4a5ee2 5683 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 5684}
f7520543 5685
d7b25450
JH		 5686static u8 mgmt_ltk_type(struct smp_ltk *ltk)
5687{
5688 if (ltk->authenticated)
5689 return MGMT_LTK_AUTHENTICATED;
5690
5691 return MGMT_LTK_UNAUTHENTICATED;
5692}
5693
53ac6ab6 5694void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 5695{
5696 struct mgmt_ev_new_long_term_key ev;
5697
5698 memset(&ev, 0, sizeof(ev));
5699
5192d301
MH		 5700 /* Devices using resolvable or non-resolvable random addresses
5701 * without providing an indentity resolving key don't require
5702 * to store long term keys. Their addresses will change the
5703 * next time around.
5704 *
5705 * Only when a remote device provides an identity address
5706 * make sure the long term key is stored. If the remote
5707 * identity is known, the long term keys are internally
5708 * mapped to the identity address. So allow static random
5709 * and public addresses here.
5710 */
ba74b666
JH		 5711 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5712 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5713 ev.store_hint = 0x00;
5714 else
53ac6ab6 5715 ev.store_hint = persistent;
ba74b666 5716
346af67b 5717 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 5718 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 5719 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 5720 ev.key.enc_size = key->enc_size;
5721 ev.key.ediv = key->ediv;
fe39c7b2 5722 ev.key.rand = key->rand;
346af67b 5723
2ceba539 5724 if (key->type == SMP_LTK)
346af67b
VCG		 5725 ev.key.master = 1;
5726
346af67b
VCG		 5727 memcpy(ev.key.val, key->val, sizeof(key->val));
5728
083368f7 5729 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 5730}
5731
95fbac8a
JH		 5732void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5733{
5734 struct mgmt_ev_new_irk ev;
5735
5736 memset(&ev, 0, sizeof(ev));
5737
bab6d1e5
MH		 5738 /* For identity resolving keys from devices that are already
5739 * using a public address or static random address, do not
5740 * ask for storing this key. The identity resolving key really
5741 * is only mandatory for devices using resovlable random
5742 * addresses.
5743 *
5744 * Storing all identity resolving keys has the downside that
5745 * they will be also loaded on next boot of they system. More
5746 * identity resolving keys, means more time during scanning is
5747 * needed to actually resolve these addresses.
5748 */
5749 if (bacmp(&irk->rpa, BDADDR_ANY))
5750 ev.store_hint = 0x01;
5751 else
5752 ev.store_hint = 0x00;
5753
95fbac8a
JH		 5754 bacpy(&ev.rpa, &irk->rpa);
5755 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5756 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5757 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5758
5759 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5760}
5761
53ac6ab6
MH		 5762void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
5763 bool persistent)
7ee4ea36
MH		 5764{
5765 struct mgmt_ev_new_csrk ev;
5766
5767 memset(&ev, 0, sizeof(ev));
5768
5769 /* Devices using resolvable or non-resolvable random addresses
5770 * without providing an indentity resolving key don't require
5771 * to store signature resolving keys. Their addresses will change
5772 * the next time around.
5773 *
5774 * Only when a remote device provides an identity address
5775 * make sure the signature resolving key is stored. So allow
5776 * static random and public addresses here.
5777 */
5778 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5779 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
5780 ev.store_hint = 0x00;
5781 else
53ac6ab6 5782 ev.store_hint = persistent;
7ee4ea36
MH		 5783
5784 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
5785 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
5786 ev.key.master = csrk->master;
5787 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
5788
5789 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
5790}
5791
ffb5a827 5792void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 5793 u8 bdaddr_type, u8 store_hint, u16 min_interval,
5794 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 5795{
5796 struct mgmt_ev_new_conn_param ev;
5797
5798 memset(&ev, 0, sizeof(ev));
5799 bacpy(&ev.addr.bdaddr, bdaddr);
5800 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 5801 ev.store_hint = store_hint;
ffb5a827
AG		 5802 ev.min_interval = cpu_to_le16(min_interval);
5803 ev.max_interval = cpu_to_le16(max_interval);
5804 ev.latency = cpu_to_le16(latency);
5805 ev.timeout = cpu_to_le16(timeout);
5806
5807 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
5808}
5809
94933991
MH		 5810static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5811 u8 data_len)
5812{
5813 eir[eir_len++] = sizeof(type) + data_len;
5814 eir[eir_len++] = type;
5815 memcpy(&eir[eir_len], data, data_len);
5816 eir_len += data_len;
5817
5818 return eir_len;
5819}
5820
ecd90ae7
MH		 5821void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5822 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5823 u8 *dev_class)
f7520543 5824{
b644ba33
JH		 5825 char buf[512];
5826 struct mgmt_ev_device_connected *ev = (void *) buf;
5827 u16 eir_len = 0;
f7520543 5828
b644ba33 5829 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5830 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 5831
c95f0ba7 5832 ev->flags = __cpu_to_le32(flags);
08c79b61 5833
b644ba33
JH		 5834 if (name_len > 0)
5835 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 5836 name, name_len);
b644ba33
JH		 5837
5838 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 5839 eir_len = eir_append_data(ev->eir, eir_len,
04124681 5840 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 5841
eb55ef07 5842 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 5843
ecd90ae7
MH		 5844 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5845 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 5846}
5847
8962ee74
JH		 5848static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5849{
c68fb7ff 5850 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 5851 struct sock **sk = data;
a38528f1 5852 struct mgmt_rp_disconnect rp;
8962ee74 5853
88c3df13
JH		 5854 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5855 rp.addr.type = cp->addr.type;
8962ee74 5856
aee9b218 5857 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 5858 sizeof(rp));
8962ee74
JH		 5859
5860 *sk = cmd->sk;
5861 sock_hold(*sk);
5862
a664b5bc 5863 mgmt_pending_remove(cmd);
8962ee74
JH		 5864}
5865
124f6e35 5866static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 5867{
b1078ad0 5868 struct hci_dev *hdev = data;
124f6e35
JH		 5869 struct mgmt_cp_unpair_device *cp = cmd->param;
5870 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 5871
5872 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 5873 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5874 rp.addr.type = cp->addr.type;
a8a1d19e 5875
b1078ad0
JH		 5876 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5877
aee9b218 5878 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 5879
5880 mgmt_pending_remove(cmd);
5881}
5882
9b80ec5e 5883void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 5884 u8 link_type, u8 addr_type, u8 reason,
5885 bool mgmt_connected)
f7520543 5886{
f0d6a0ea 5887 struct mgmt_ev_device_disconnected ev;
8b064a3a 5888 struct pending_cmd *power_off;
8962ee74 5889 struct sock *sk = NULL;
8962ee74 5890
8b064a3a
JH		 5891 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5892 if (power_off) {
5893 struct mgmt_mode *cp = power_off->param;
5894
5895 /* The connection is still in hci_conn_hash so test for 1
5896 * instead of 0 to know if this is the last one.
5897 */
a3172b7e
JH		 5898 if (!cp->val && hci_conn_count(hdev) == 1) {
5899 cancel_delayed_work(&hdev->power_off);
8b064a3a 5900 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5901 }
8b064a3a
JH		 5902 }
5903
12d4a3b2
JH		 5904 if (!mgmt_connected)
5905 return;
5906
57eb776f
AG		 5907 if (link_type != ACL_LINK && link_type != LE_LINK)
5908 return;
5909
744cf19e 5910 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5911
f0d6a0ea
MA		 5912 bacpy(&ev.addr.bdaddr, bdaddr);
5913 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5914 ev.reason = reason;
f7520543 5915
9b80ec5e 5916 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5917
5918 if (sk)
d97dcb66 5919 sock_put(sk);
8962ee74 5920
124f6e35 5921 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5922 hdev);
8962ee74
JH		 5923}
5924
7892924c
MH		 5925void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5926 u8 link_type, u8 addr_type, u8 status)
8962ee74 5927{
3655bba8
AG		 5928 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5929 struct mgmt_cp_disconnect *cp;
88c3df13 5930 struct mgmt_rp_disconnect rp;
8962ee74 5931 struct pending_cmd *cmd;
8962ee74 5932
36a75f1b
JD		 5933 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5934 hdev);
5935
2e58ef3e 5936 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5937 if (!cmd)
7892924c 5938 return;
8962ee74 5939
3655bba8
AG		 5940 cp = cmd->param;
5941
5942 if (bacmp(bdaddr, &cp->addr.bdaddr))
5943 return;
5944
5945 if (cp->addr.type != bdaddr_type)
5946 return;
5947
88c3df13 5948 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5949 rp.addr.type = bdaddr_type;
37d9ef76 5950
7892924c
MH		 5951 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5952 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5953
a664b5bc 5954 mgmt_pending_remove(cmd);
f7520543 5955}
17d5c04c 5956
445608d0
MH		 5957void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5958 u8 addr_type, u8 status)
17d5c04c
JH		 5959{
5960 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 5961 struct pending_cmd *power_off;
5962
5963 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5964 if (power_off) {
5965 struct mgmt_mode *cp = power_off->param;
5966
5967 /* The connection is still in hci_conn_hash so test for 1
5968 * instead of 0 to know if this is the last one.
5969 */
a3172b7e
JH		 5970 if (!cp->val && hci_conn_count(hdev) == 1) {
5971 cancel_delayed_work(&hdev->power_off);
c9910d0f 5972 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5973 }
c9910d0f 5974 }
17d5c04c 5975
4c659c39 5976 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5977 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5978 ev.status = mgmt_status(status);
17d5c04c 5979
445608d0 5980 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5981}
980e1a53 5982
ce0e4a0d 5983void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 5984{
5985 struct mgmt_ev_pin_code_request ev;
5986
d8457698 5987 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 5988 ev.addr.type = BDADDR_BREDR;
a770bb5a 5989 ev.secure = secure;
980e1a53 5990
ce0e4a0d 5991 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 5992}
5993
e669cf80
MH		 5994void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5995 u8 status)
980e1a53
JH		 5996{
5997 struct pending_cmd *cmd;
ac56fb13 5998 struct mgmt_rp_pin_code_reply rp;
980e1a53 5999
2e58ef3e 6000 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6001 if (!cmd)
e669cf80 6002 return;
980e1a53 6003
d8457698 6004 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6005 rp.addr.type = BDADDR_BREDR;
ac56fb13 6006
e669cf80
MH		 6007 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6008 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6009
a664b5bc 6010 mgmt_pending_remove(cmd);
980e1a53
JH		 6011}
6012
3eb38528
MH		 6013void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6014 u8 status)
980e1a53
JH		 6015{
6016 struct pending_cmd *cmd;
ac56fb13 6017 struct mgmt_rp_pin_code_reply rp;
980e1a53 6018
2e58ef3e 6019 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6020 if (!cmd)
3eb38528 6021 return;
980e1a53 6022
d8457698 6023 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6024 rp.addr.type = BDADDR_BREDR;
ac56fb13 6025
3eb38528
MH		 6026 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6027 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6028
a664b5bc 6029 mgmt_pending_remove(cmd);
980e1a53 6030}
a5c29683 6031
744cf19e 6032int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6033 u8 link_type, u8 addr_type, u32 value,
04124681 6034 u8 confirm_hint)
a5c29683
JH		 6035{
6036 struct mgmt_ev_user_confirm_request ev;
6037
744cf19e 6038 BT_DBG("%s", hdev->name);
a5c29683 6039
272d90df 6040 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6041 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6042 ev.confirm_hint = confirm_hint;
39adbffe 6043 ev.value = cpu_to_le32(value);
a5c29683 6044
744cf19e 6045 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6046 NULL);
a5c29683
JH		 6047}
6048
272d90df 6049int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6050 u8 link_type, u8 addr_type)
604086b7
BG		 6051{
6052 struct mgmt_ev_user_passkey_request ev;
6053
6054 BT_DBG("%s", hdev->name);
6055
272d90df 6056 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6057 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6058
6059 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6060 NULL);
604086b7
BG		 6061}
6062
0df4c185 6063static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6064 u8 link_type, u8 addr_type, u8 status,
6065 u8 opcode)
a5c29683
JH		 6066{
6067 struct pending_cmd *cmd;
6068 struct mgmt_rp_user_confirm_reply rp;
6069 int err;
6070
2e58ef3e 6071 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6072 if (!cmd)
6073 return -ENOENT;
6074
272d90df 6075 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 6076 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 6077 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 6078 &rp, sizeof(rp));
a5c29683 6079
a664b5bc 6080 mgmt_pending_remove(cmd);
a5c29683
JH		 6081
6082 return err;
6083}
6084
744cf19e 6085int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6086 u8 link_type, u8 addr_type, u8 status)
a5c29683 6087{
272d90df 6088 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6089 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6090}
6091
272d90df 6092int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6093 u8 link_type, u8 addr_type, u8 status)
a5c29683 6094{
272d90df 6095 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6096 status,
6097 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6098}
2a611692 6099
604086b7 6100int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6101 u8 link_type, u8 addr_type, u8 status)
604086b7 6102{
272d90df 6103 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6104 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6105}
6106
272d90df 6107int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6108 u8 link_type, u8 addr_type, u8 status)
604086b7 6109{
272d90df 6110 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6111 status,
6112 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6113}
6114
92a25256
JH		 6115int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6116 u8 link_type, u8 addr_type, u32 passkey,
6117 u8 entered)
6118{
6119 struct mgmt_ev_passkey_notify ev;
6120
6121 BT_DBG("%s", hdev->name);
6122
6123 bacpy(&ev.addr.bdaddr, bdaddr);
6124 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6125 ev.passkey = __cpu_to_le32(passkey);
6126 ev.entered = entered;
6127
6128 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6129}
6130
e546099c
MH		 6131void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6132 u8 addr_type, u8 status)
2a611692
JH		 6133{
6134 struct mgmt_ev_auth_failed ev;
6135
bab73cb6 6136 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6137 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6138 ev.status = mgmt_status(status);
2a611692 6139
e546099c 6140 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 6141}
b312b161 6142
464996ae 6143void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6144{
6145 struct cmd_lookup match = { NULL, hdev };
464996ae 6146 bool changed;
33ef95ed
JH		 6147
6148 if (status) {
6149 u8 mgmt_err = mgmt_status(status);
6150 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6151 cmd_status_rsp, &mgmt_err);
464996ae 6152 return;
33ef95ed
JH		 6153 }
6154
464996ae
MH		 6155 if (test_bit(HCI_AUTH, &hdev->flags))
6156 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6157 &hdev->dev_flags);
6158 else
6159 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6160 &hdev->dev_flags);
47990ea0 6161
33ef95ed 6162 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6163 &match);
33ef95ed 6164
47990ea0 6165 if (changed)
464996ae 6166 new_settings(hdev, match.sk);
33ef95ed
JH		 6167
6168 if (match.sk)
6169 sock_put(match.sk);
33ef95ed
JH		 6170}
6171
890ea898 6172static void clear_eir(struct hci_request *req)
cacaf52f 6173{
890ea898 6174 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6175 struct hci_cp_write_eir cp;
6176
976eb20e 6177 if (!lmp_ext_inq_capable(hdev))
890ea898 6178 return;
cacaf52f 6179
c80da27e
JH		 6180 memset(hdev->eir, 0, sizeof(hdev->eir));
6181
cacaf52f
JH		 6182 memset(&cp, 0, sizeof(cp));
6183
890ea898 6184 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6185}
6186
3e248560 6187void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6188{
6189 struct cmd_lookup match = { NULL, hdev };
890ea898 6190 struct hci_request req;
c0ecddc2 6191 bool changed = false;
ed2c4ee3
JH		 6192
6193 if (status) {
6194 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6195
6196 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6197 &hdev->dev_flags)) {
6198 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6199 new_settings(hdev, NULL);
9ecb3e24 6200 }
c0ecddc2 6201
04124681
GP		 6202 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6203 &mgmt_err);
3e248560 6204 return;
c0ecddc2
JH		 6205 }
6206
6207 if (enable) {
9ecb3e24 6208 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6209 } else {
9ecb3e24
MH		 6210 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6211 if (!changed)
6212 changed = test_and_clear_bit(HCI_HS_ENABLED,
6213 &hdev->dev_flags);
6214 else
6215 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6216 }
6217
6218 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6219
c0ecddc2 6220 if (changed)
3e248560 6221 new_settings(hdev, match.sk);
ed2c4ee3 6222
5fc6ebb1 6223 if (match.sk)
ed2c4ee3
JH		 6224 sock_put(match.sk);
6225
890ea898
JH		 6226 hci_req_init(&req, hdev);
6227
3769972b
JH		 6228 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6229 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6230 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6231 sizeof(enable), &enable);
890ea898 6232 update_eir(&req);
3769972b 6233 } else {
890ea898 6234 clear_eir(&req);
3769972b 6235 }
890ea898
JH		 6236
6237 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6238}
6239
eac83dc6
MH		 6240void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6241{
6242 struct cmd_lookup match = { NULL, hdev };
6243 bool changed = false;
6244
6245 if (status) {
6246 u8 mgmt_err = mgmt_status(status);
6247
0ab04a9c
MH		 6248 if (enable) {
6249 if (test_and_clear_bit(HCI_SC_ENABLED,
6250 &hdev->dev_flags))
6251 new_settings(hdev, NULL);
6252 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6253 }
eac83dc6
MH		 6254
6255 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6256 cmd_status_rsp, &mgmt_err);
6257 return;
6258 }
6259
0ab04a9c 6260 if (enable) {
eac83dc6 6261 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6262 } else {
eac83dc6 6263 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6264 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6265 }
eac83dc6
MH		 6266
6267 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6268 settings_rsp, &match);
6269
6270 if (changed)
6271 new_settings(hdev, match.sk);
6272
6273 if (match.sk)
6274 sock_put(match.sk);
6275}
6276
92da6097 6277static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6278{
6279 struct cmd_lookup *match = data;
6280
90e70454
JH		 6281 if (match->sk == NULL) {
6282 match->sk = cmd->sk;
6283 sock_hold(match->sk);
6284 }
90e70454
JH		 6285}
6286
4e1b0245
MH		 6287void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6288 u8 status)
7f9a903c 6289{
90e70454 6290 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6291
92da6097
JH		 6292 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6293 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6294 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6295
6296 if (!status)
4e1b0245
MH		 6297 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6298 NULL);
90e70454
JH		 6299
6300 if (match.sk)
6301 sock_put(match.sk);
7f9a903c
MH		 6302}
6303
7667da34 6304void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6305{
b312b161 6306 struct mgmt_cp_set_local_name ev;
13928971 6307 struct pending_cmd *cmd;
28cc7bde 6308
13928971 6309 if (status)
7667da34 6310 return;
b312b161
JH		 6311
6312 memset(&ev, 0, sizeof(ev));
6313 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6314 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6315
2e58ef3e 6316 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6317 if (!cmd) {
6318 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6319
13928971
JH		 6320 /* If this is a HCI command related to powering on the
6321 * HCI dev don't send any mgmt signals.
6322 */
6323 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6324 return;
890ea898 6325 }
b312b161 6326
7667da34
MH		 6327 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6328 cmd ? cmd->sk : NULL);
b312b161 6329}
c35938b2 6330
4d2d2796
MH		 6331void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6332 u8 *randomizer192, u8 *hash256,
6333 u8 *randomizer256, u8 status)
c35938b2
SJ		 6334{
6335 struct pending_cmd *cmd;
c35938b2 6336
744cf19e 6337 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6338
2e58ef3e 6339 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6340 if (!cmd)
3edaf092 6341 return;
c35938b2
SJ		 6342
6343 if (status) {
3edaf092
MH		 6344 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6345 mgmt_status(status));
c35938b2 6346 } else {
4d2d2796
MH		 6347 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6348 hash256 && randomizer256) {
6349 struct mgmt_rp_read_local_oob_ext_data rp;
6350
6351 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6352 memcpy(rp.randomizer192, randomizer192,
6353 sizeof(rp.randomizer192));
c35938b2 6354
4d2d2796
MH		 6355 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6356 memcpy(rp.randomizer256, randomizer256,
6357 sizeof(rp.randomizer256));
c35938b2 6358
4d2d2796
MH		 6359 cmd_complete(cmd->sk, hdev->id,
6360 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6361 &rp, sizeof(rp));
6362 } else {
6363 struct mgmt_rp_read_local_oob_data rp;
6364
6365 memcpy(rp.hash, hash192, sizeof(rp.hash));
6366 memcpy(rp.randomizer, randomizer192,
6367 sizeof(rp.randomizer));
6368
6369 cmd_complete(cmd->sk, hdev->id,
6370 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6371 &rp, sizeof(rp));
6372 }
c35938b2
SJ		 6373 }
6374
6375 mgmt_pending_remove(cmd);
c35938b2 6376}
e17acd40 6377
901801b9 6378void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 6379 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6380 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 6381{
e319d2e7
JH		 6382 char buf[512];
6383 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 6384 struct smp_irk *irk;
1dc06093 6385 size_t ev_size;
e17acd40 6386
12602d0c 6387 if (!hci_discovery_active(hdev))
901801b9 6388 return;
12602d0c 6389
5d2e9fad
JH		 6390 /* Make sure that the buffer is big enough. The 5 extra bytes
6391 * are for the potential CoD field.
6392 */
6393 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 6394 return;
7d262f86 6395
1dc06093
JH		 6396 memset(buf, 0, sizeof(buf));
6397
5cedbb8d
JH		 6398 irk = hci_get_irk(hdev, bdaddr, addr_type);
6399 if (irk) {
6400 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
6401 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
6402 } else {
6403 bacpy(&ev->addr.bdaddr, bdaddr);
6404 ev->addr.type = link_to_bdaddr(link_type, addr_type);
6405 }
6406
e319d2e7 6407 ev->rssi = rssi;
af58925c 6408 ev->flags = cpu_to_le32(flags);
e17acd40 6409
1dc06093 6410 if (eir_len > 0)
e319d2e7 6411 memcpy(ev->eir, eir, eir_len);
e17acd40 6412
1dc06093
JH		 6413 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6414 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 6415 dev_class, 3);
1dc06093 6416
5d2e9fad
JH		 6417 if (scan_rsp_len > 0)
6418 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6419
6420 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6421 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 6422
901801b9 6423 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 6424}
a88a9652 6425
9cf12aee
MH		 6426void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6427 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 6428{
b644ba33
JH		 6429 struct mgmt_ev_device_found *ev;
6430 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6431 u16 eir_len;
a88a9652 6432
b644ba33 6433 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 6434
b644ba33
JH		 6435 memset(buf, 0, sizeof(buf));
6436
6437 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6438 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 6439 ev->rssi = rssi;
6440
6441 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 6442 name_len);
b644ba33 6443
eb55ef07 6444 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 6445
9cf12aee 6446 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 6447}
314b2381 6448
2f1e063b 6449void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 6450{
f963e8e9 6451 struct mgmt_ev_discovering ev;
164a6e78
JH		 6452 struct pending_cmd *cmd;
6453
343fb145
AG		 6454 BT_DBG("%s discovering %u", hdev->name, discovering);
6455
164a6e78 6456 if (discovering)
2e58ef3e 6457 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 6458 else
2e58ef3e 6459 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6460
6461 if (cmd != NULL) {
f808e166
JH		 6462 u8 type = hdev->discovery.type;
6463
04124681
GP		 6464 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6465 sizeof(type));
164a6e78
JH		 6466 mgmt_pending_remove(cmd);
6467 }
6468
f963e8e9
JH		 6469 memset(&ev, 0, sizeof(ev));
6470 ev.type = hdev->discovery.type;
6471 ev.discovering = discovering;
6472
2f1e063b 6473 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6474}
5e762444 6475
5976e608
MH		 6476static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6477{
6478 BT_DBG("%s status %u", hdev->name, status);
6479
6480 /* Clear the advertising mgmt setting if we failed to re-enable it */
6481 if (status) {
6482 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6483 new_settings(hdev, NULL);
5976e608
MH		 6484 }
6485}
6486
6487void mgmt_reenable_advertising(struct hci_dev *hdev)
6488{
6489 struct hci_request req;
6490
b145edcd 6491 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 6492 return;
6493
6494 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6495 return;
6496
6497 hci_req_init(&req, hdev);
6498 enable_advertising(&req);
6499
6500 /* If this fails we have no option but to let user space know
6501 * that we've disabled advertising.
6502 */
6503 if (hci_req_run(&req, adv_enable_complete) < 0) {
6504 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6505 new_settings(hdev, NULL);
5976e608
MH		 6506 }
6507}
Linux kernel - Deliverables
This page took 1.015505 seconds and 5 git commands to generate.