projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add support connectable advertising setting
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
0381101f 38
2da9c55c 39#define MGMT_VERSION 1
beb1c21b 40#define MGMT_REVISION 9
02d98129 41
e70bb2e8
JH		 42static const u16 mgmt_commands[] = {
43 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_READ_INFO,
45 MGMT_OP_SET_POWERED,
46 MGMT_OP_SET_DISCOVERABLE,
47 MGMT_OP_SET_CONNECTABLE,
48 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 49 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 50 MGMT_OP_SET_LINK_SECURITY,
51 MGMT_OP_SET_SSP,
52 MGMT_OP_SET_HS,
53 MGMT_OP_SET_LE,
54 MGMT_OP_SET_DEV_CLASS,
55 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_ADD_UUID,
57 MGMT_OP_REMOVE_UUID,
58 MGMT_OP_LOAD_LINK_KEYS,
59 MGMT_OP_LOAD_LONG_TERM_KEYS,
60 MGMT_OP_DISCONNECT,
61 MGMT_OP_GET_CONNECTIONS,
62 MGMT_OP_PIN_CODE_REPLY,
63 MGMT_OP_PIN_CODE_NEG_REPLY,
64 MGMT_OP_SET_IO_CAPABILITY,
65 MGMT_OP_PAIR_DEVICE,
66 MGMT_OP_CANCEL_PAIR_DEVICE,
67 MGMT_OP_UNPAIR_DEVICE,
68 MGMT_OP_USER_CONFIRM_REPLY,
69 MGMT_OP_USER_CONFIRM_NEG_REPLY,
70 MGMT_OP_USER_PASSKEY_REPLY,
71 MGMT_OP_USER_PASSKEY_NEG_REPLY,
72 MGMT_OP_READ_LOCAL_OOB_DATA,
73 MGMT_OP_ADD_REMOTE_OOB_DATA,
74 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
75 MGMT_OP_START_DISCOVERY,
76 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_CONFIRM_NAME,
78 MGMT_OP_BLOCK_DEVICE,
79 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 80 MGMT_OP_SET_DEVICE_ID,
4375f103 81 MGMT_OP_SET_ADVERTISING,
0663ca2a 82 MGMT_OP_SET_BREDR,
d13eafce 83 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 84 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 85 MGMT_OP_SET_SECURE_CONN,
4e39ac81 86 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 87 MGMT_OP_SET_PRIVACY,
41edf160 88 MGMT_OP_LOAD_IRKS,
dd983808 89 MGMT_OP_GET_CONN_INFO,
95868426 90 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 91 MGMT_OP_ADD_DEVICE,
92 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 93 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 94 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 95 MGMT_OP_READ_CONFIG_INFO,
dbece37a 96 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 97 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 98 MGMT_OP_START_SERVICE_DISCOVERY,
e70bb2e8
JH		 99};
100
101static const u16 mgmt_events[] = {
102 MGMT_EV_CONTROLLER_ERROR,
103 MGMT_EV_INDEX_ADDED,
104 MGMT_EV_INDEX_REMOVED,
105 MGMT_EV_NEW_SETTINGS,
106 MGMT_EV_CLASS_OF_DEV_CHANGED,
107 MGMT_EV_LOCAL_NAME_CHANGED,
108 MGMT_EV_NEW_LINK_KEY,
109 MGMT_EV_NEW_LONG_TERM_KEY,
110 MGMT_EV_DEVICE_CONNECTED,
111 MGMT_EV_DEVICE_DISCONNECTED,
112 MGMT_EV_CONNECT_FAILED,
113 MGMT_EV_PIN_CODE_REQUEST,
114 MGMT_EV_USER_CONFIRM_REQUEST,
115 MGMT_EV_USER_PASSKEY_REQUEST,
116 MGMT_EV_AUTH_FAILED,
117 MGMT_EV_DEVICE_FOUND,
118 MGMT_EV_DISCOVERING,
119 MGMT_EV_DEVICE_BLOCKED,
120 MGMT_EV_DEVICE_UNBLOCKED,
121 MGMT_EV_DEVICE_UNPAIRED,
92a25256 122 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 123 MGMT_EV_NEW_IRK,
7ee4ea36 124 MGMT_EV_NEW_CSRK,
8afef092
MH		 125 MGMT_EV_DEVICE_ADDED,
126 MGMT_EV_DEVICE_REMOVED,
ffb5a827 127 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 128 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 129 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 130 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 131};
132
17b02e62 133#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 134
d25b78e2
JH		 135#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
136 "\x00\x00\x00\x00\x00\x00\x00\x00"
137
3b0602cd 138struct mgmt_pending_cmd {
eec8d2bc 139 struct list_head list;
fc2f4b13 140 u16 opcode;
eec8d2bc 141 int index;
c68fb7ff 142 void *param;
323b0b88 143 size_t param_len;
eec8d2bc 144 struct sock *sk;
e9a416b5 145 void *user_data;
3b0602cd 146 int (*cmd_complete)(struct mgmt_pending_cmd *cmd, u8 status);
eec8d2bc
JH		 147};
148
ca69b795
JH		 149/* HCI to MGMT error code conversion table */
150static u8 mgmt_status_table[] = {
151 MGMT_STATUS_SUCCESS,
152 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
153 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
154 MGMT_STATUS_FAILED, /* Hardware Failure */
155 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
156 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 157 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 158 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
159 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
160 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
161 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
162 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
163 MGMT_STATUS_BUSY, /* Command Disallowed */
164 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
165 MGMT_STATUS_REJECTED, /* Rejected Security */
166 MGMT_STATUS_REJECTED, /* Rejected Personal */
167 MGMT_STATUS_TIMEOUT, /* Host Timeout */
168 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
169 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
170 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
171 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
172 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
173 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
174 MGMT_STATUS_BUSY, /* Repeated Attempts */
175 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
176 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
177 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
178 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
179 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
180 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
181 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
182 MGMT_STATUS_FAILED, /* Unspecified Error */
183 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
184 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
185 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
186 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
187 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
188 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
189 MGMT_STATUS_FAILED, /* Unit Link Key Used */
190 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
191 MGMT_STATUS_TIMEOUT, /* Instant Passed */
192 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
193 MGMT_STATUS_FAILED, /* Transaction Collision */
194 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
195 MGMT_STATUS_REJECTED, /* QoS Rejected */
196 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
197 MGMT_STATUS_REJECTED, /* Insufficient Security */
198 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
199 MGMT_STATUS_BUSY, /* Role Switch Pending */
200 MGMT_STATUS_FAILED, /* Slot Violation */
201 MGMT_STATUS_FAILED, /* Role Switch Failed */
202 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
203 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
204 MGMT_STATUS_BUSY, /* Host Busy Pairing */
205 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
206 MGMT_STATUS_BUSY, /* Controller Busy */
207 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
208 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
209 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
210 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
211 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
212};
213
214static u8 mgmt_status(u8 hci_status)
215{
216 if (hci_status < ARRAY_SIZE(mgmt_status_table))
217 return mgmt_status_table[hci_status];
218
219 return MGMT_STATUS_FAILED;
220}
221
7a00ff44
JH		 222static int mgmt_send_event(u16 event, struct hci_dev *hdev,
223 unsigned short channel, void *data, u16 data_len,
224 struct sock *skip_sk)
04c60f05
MH		 225{
226 struct sk_buff *skb;
227 struct mgmt_hdr *hdr;
228
229 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
230 if (!skb)
231 return -ENOMEM;
232
233 hdr = (void *) skb_put(skb, sizeof(*hdr));
234 hdr->opcode = cpu_to_le16(event);
235 if (hdev)
236 hdr->index = cpu_to_le16(hdev->id);
237 else
238 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
239 hdr->len = cpu_to_le16(data_len);
240
241 if (data)
242 memcpy(skb_put(skb, data_len), data, data_len);
243
244 /* Time stamp */
245 __net_timestamp(skb);
246
7a00ff44 247 hci_send_to_channel(channel, skb, skip_sk);
04c60f05
MH		 248 kfree_skb(skb);
249
250 return 0;
251}
252
7a00ff44
JH		 253static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
254 struct sock *skip_sk)
255{
256 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
257 skip_sk);
258}
259
a69e8375 260static int mgmt_cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 261{
262 struct sk_buff *skb;
263 struct mgmt_hdr *hdr;
264 struct mgmt_ev_cmd_status *ev;
56b7d137 265 int err;
f7b64e69 266
34eb525c 267 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 268
790eff44 269 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 270 if (!skb)
271 return -ENOMEM;
272
273 hdr = (void *) skb_put(skb, sizeof(*hdr));
274
dcf4adbf 275 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 276 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 277 hdr->len = cpu_to_le16(sizeof(*ev));
278
279 ev = (void *) skb_put(skb, sizeof(*ev));
280 ev->status = status;
eb55ef07 281 ev->opcode = cpu_to_le16(cmd);
f7b64e69 282
56b7d137
GP		 283 err = sock_queue_rcv_skb(sk, skb);
284 if (err < 0)
f7b64e69
JH		 285 kfree_skb(skb);
286
56b7d137 287 return err;
f7b64e69
JH		 288}
289
2a1afb5a
JH		 290static int mgmt_cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
291 void *rp, size_t rp_len)
02d98129
JH		 292{
293 struct sk_buff *skb;
294 struct mgmt_hdr *hdr;
295 struct mgmt_ev_cmd_complete *ev;
56b7d137 296 int err;
02d98129
JH		 297
298 BT_DBG("sock %p", sk);
299
790eff44 300 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 301 if (!skb)
302 return -ENOMEM;
303
304 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 305
dcf4adbf 306 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 307 hdr->index = cpu_to_le16(index);
a38528f1 308 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 309
a38528f1 310 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 311 ev->opcode = cpu_to_le16(cmd);
aee9b218 312 ev->status = status;
8020c16a
SJ		 313
314 if (rp)
315 memcpy(ev->data, rp, rp_len);
02d98129 316
56b7d137
GP		 317 err = sock_queue_rcv_skb(sk, skb);
318 if (err < 0)
02d98129
JH		 319 kfree_skb(skb);
320
e5f0e151 321 return err;
02d98129
JH		 322}
323
04124681
GP		 324static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
325 u16 data_len)
a38528f1
JH		 326{
327 struct mgmt_rp_read_version rp;
328
329 BT_DBG("sock %p", sk);
330
331 rp.version = MGMT_VERSION;
dcf4adbf 332 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 333
2a1afb5a
JH		 334 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
335 &rp, sizeof(rp));
a38528f1
JH		 336}
337
04124681
GP		 338static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
339 u16 data_len)
e70bb2e8
JH		 340{
341 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 342 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
343 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 344 __le16 *opcode;
e70bb2e8
JH		 345 size_t rp_size;
346 int i, err;
347
348 BT_DBG("sock %p", sk);
349
350 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
351
352 rp = kmalloc(rp_size, GFP_KERNEL);
353 if (!rp)
354 return -ENOMEM;
355
dcf4adbf
JP		 356 rp->num_commands = cpu_to_le16(num_commands);
357 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 358
359 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
360 put_unaligned_le16(mgmt_commands[i], opcode);
361
362 for (i = 0; i < num_events; i++, opcode++)
363 put_unaligned_le16(mgmt_events[i], opcode);
364
2a1afb5a
JH		 365 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
366 rp, rp_size);
e70bb2e8
JH		 367 kfree(rp);
368
369 return err;
370}
371
04124681
GP		 372static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
373 u16 data_len)
faba42eb 374{
faba42eb 375 struct mgmt_rp_read_index_list *rp;
8035ded4 376 struct hci_dev *d;
a38528f1 377 size_t rp_len;
faba42eb 378 u16 count;
476e44cb 379 int err;
faba42eb
JH		 380
381 BT_DBG("sock %p", sk);
382
383 read_lock(&hci_dev_list_lock);
384
385 count = 0;
bb4b2a9a 386 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 387 if (d->dev_type == HCI_BREDR &&
388 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 389 count++;
faba42eb
JH		 390 }
391
a38528f1
JH		 392 rp_len = sizeof(*rp) + (2 * count);
393 rp = kmalloc(rp_len, GFP_ATOMIC);
394 if (!rp) {
b2c60d42 395 read_unlock(&hci_dev_list_lock);
faba42eb 396 return -ENOMEM;
b2c60d42 397 }
faba42eb 398
476e44cb 399 count = 0;
8035ded4 400 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 401 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 402 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 403 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 404 continue;
405
73d1df2a
MH		 406 /* Devices marked as raw-only are neither configured
407 * nor unconfigured controllers.
408 */
409 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 410 continue;
411
73d1df2a
MH		 412 if (d->dev_type == HCI_BREDR &&
413 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 414 rp->index[count++] = cpu_to_le16(d->id);
415 BT_DBG("Added hci%u", d->id);
416 }
faba42eb
JH		 417 }
418
476e44cb
JH		 419 rp->num_controllers = cpu_to_le16(count);
420 rp_len = sizeof(*rp) + (2 * count);
421
faba42eb
JH		 422 read_unlock(&hci_dev_list_lock);
423
2a1afb5a
JH		 424 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
425 0, rp, rp_len);
faba42eb 426
a38528f1
JH		 427 kfree(rp);
428
429 return err;
faba42eb
JH		 430}
431
73d1df2a
MH		 432static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
433 void *data, u16 data_len)
434{
435 struct mgmt_rp_read_unconf_index_list *rp;
436 struct hci_dev *d;
437 size_t rp_len;
438 u16 count;
439 int err;
440
441 BT_DBG("sock %p", sk);
442
443 read_lock(&hci_dev_list_lock);
444
445 count = 0;
446 list_for_each_entry(d, &hci_dev_list, list) {
447 if (d->dev_type == HCI_BREDR &&
448 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
449 count++;
450 }
451
452 rp_len = sizeof(*rp) + (2 * count);
453 rp = kmalloc(rp_len, GFP_ATOMIC);
454 if (!rp) {
455 read_unlock(&hci_dev_list_lock);
456 return -ENOMEM;
457 }
458
459 count = 0;
460 list_for_each_entry(d, &hci_dev_list, list) {
461 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 462 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 463 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
464 continue;
465
466 /* Devices marked as raw-only are neither configured
467 * nor unconfigured controllers.
468 */
469 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
470 continue;
471
472 if (d->dev_type == HCI_BREDR &&
473 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
474 rp->index[count++] = cpu_to_le16(d->id);
475 BT_DBG("Added hci%u", d->id);
476 }
477 }
478
479 rp->num_controllers = cpu_to_le16(count);
480 rp_len = sizeof(*rp) + (2 * count);
481
482 read_unlock(&hci_dev_list_lock);
483
2a1afb5a
JH		 484 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
485 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 486
487 kfree(rp);
488
489 return err;
490}
491
dbece37a
MH		 492static bool is_configured(struct hci_dev *hdev)
493{
494 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
495 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
496 return false;
497
498 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
499 !bacmp(&hdev->public_addr, BDADDR_ANY))
500 return false;
501
502 return true;
503}
504
89bc22d2
MH		 505static __le32 get_missing_options(struct hci_dev *hdev)
506{
507 u32 options = 0;
508
dbece37a
MH		 509 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
510 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 511 options |= MGMT_OPTION_EXTERNAL_CONFIG;
512
89bc22d2
MH		 513 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
514 !bacmp(&hdev->public_addr, BDADDR_ANY))
515 options |= MGMT_OPTION_PUBLIC_ADDRESS;
516
517 return cpu_to_le32(options);
518}
519
f4537c04
MH		 520static int new_options(struct hci_dev *hdev, struct sock *skip)
521{
522 __le32 options = get_missing_options(hdev);
523
524 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
525 sizeof(options), skip);
526}
527
dbece37a
MH		 528static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
529{
530 __le32 options = get_missing_options(hdev);
531
2a1afb5a
JH		 532 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
533 sizeof(options));
dbece37a
MH		 534}
535
9fc3bfb6
MH		 536static int read_config_info(struct sock *sk, struct hci_dev *hdev,
537 void *data, u16 data_len)
538{
539 struct mgmt_rp_read_config_info rp;
89bc22d2 540 u32 options = 0;
9fc3bfb6
MH		 541
542 BT_DBG("sock %p %s", sk, hdev->name);
543
544 hci_dev_lock(hdev);
545
546 memset(&rp, 0, sizeof(rp));
547 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 548
eb1904f4
MH		 549 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
550 options |= MGMT_OPTION_EXTERNAL_CONFIG;
551
9fc3bfb6 552 if (hdev->set_bdaddr)
89bc22d2
MH		 553 options |= MGMT_OPTION_PUBLIC_ADDRESS;
554
555 rp.supported_options = cpu_to_le32(options);
556 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 557
558 hci_dev_unlock(hdev);
559
2a1afb5a
JH		 560 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
561 &rp, sizeof(rp));
9fc3bfb6
MH		 562}
563
69ab39ea
JH		 564static u32 get_supported_settings(struct hci_dev *hdev)
565{
566 u32 settings = 0;
567
568 settings |= MGMT_SETTING_POWERED;
b2939475 569 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 570 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 571 settings |= MGMT_SETTING_CONNECTABLE;
572 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 573
ed3fa31f 574 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 575 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
576 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 577 settings |= MGMT_SETTING_BREDR;
578 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 579
580 if (lmp_ssp_capable(hdev)) {
581 settings |= MGMT_SETTING_SSP;
582 settings |= MGMT_SETTING_HS;
583 }
e98d2ce2 584
05b3c3e7 585 if (lmp_sc_capable(hdev))
e98d2ce2 586 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 587 }
d7b7e796 588
eeca6f89 589 if (lmp_le_capable(hdev)) {
9d42820f 590 settings |= MGMT_SETTING_LE;
eeca6f89 591 settings |= MGMT_SETTING_ADVERTISING;
a3209694 592 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 593 settings |= MGMT_SETTING_PRIVACY;
93690c22 594 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 595 }
69ab39ea 596
eb1904f4
MH		 597 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
598 hdev->set_bdaddr)
9fc3bfb6
MH		 599 settings |= MGMT_SETTING_CONFIGURATION;
600
69ab39ea
JH		 601 return settings;
602}
603
604static u32 get_current_settings(struct hci_dev *hdev)
605{
606 u32 settings = 0;
607
f1f0eb02 608 if (hdev_is_powered(hdev))
f0d4b78a
MH		 609 settings |= MGMT_SETTING_POWERED;
610
5e5282bb 611 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 612 settings |= MGMT_SETTING_CONNECTABLE;
613
1a4d3c4b
JH		 614 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
615 settings |= MGMT_SETTING_FAST_CONNECTABLE;
616
5e5282bb 617 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 618 settings |= MGMT_SETTING_DISCOVERABLE;
619
b6ae8457 620 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
b2939475 621 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 622
56f87901 623 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 624 settings |= MGMT_SETTING_BREDR;
625
06199cf8 626 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 627 settings |= MGMT_SETTING_LE;
628
47990ea0 629 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 630 settings |= MGMT_SETTING_LINK_SECURITY;
631
84bde9d6 632 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 633 settings |= MGMT_SETTING_SSP;
634
6d80dfd0
JH		 635 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
636 settings |= MGMT_SETTING_HS;
637
f3d3444a 638 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 639 settings |= MGMT_SETTING_ADVERTISING;
640
e98d2ce2
MH		 641 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
642 settings |= MGMT_SETTING_SECURE_CONN;
643
0663b297 644 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 645 settings |= MGMT_SETTING_DEBUG_KEYS;
646
0f4bd942
JH		 647 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
648 settings |= MGMT_SETTING_PRIVACY;
649
93690c22
MH		 650 /* The current setting for static address has two purposes. The
651 * first is to indicate if the static address will be used and
652 * the second is to indicate if it is actually set.
653 *
654 * This means if the static address is not configured, this flag
655 * will never bet set. If the address is configured, then if the
656 * address is actually used decides if the flag is set or not.
657 *
658 * For single mode LE only controllers and dual-mode controllers
659 * with BR/EDR disabled, the existence of the static address will
660 * be evaluated.
661 */
662 if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ||
663 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
664 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
665 if (bacmp(&hdev->static_addr, BDADDR_ANY))
666 settings |= MGMT_SETTING_STATIC_ADDRESS;
667 }
668
69ab39ea
JH		 669 return settings;
670}
671
ef580372
JH		 672#define PNP_INFO_SVCLASS_ID 0x1200
673
213202ed
JH		 674static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
675{
676 u8 *ptr = data, *uuids_start = NULL;
677 struct bt_uuid *uuid;
678
679 if (len < 4)
680 return ptr;
681
682 list_for_each_entry(uuid, &hdev->uuids, list) {
683 u16 uuid16;
684
685 if (uuid->size != 16)
686 continue;
687
688 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
689 if (uuid16 < 0x1100)
690 continue;
691
692 if (uuid16 == PNP_INFO_SVCLASS_ID)
693 continue;
694
695 if (!uuids_start) {
696 uuids_start = ptr;
697 uuids_start[0] = 1;
698 uuids_start[1] = EIR_UUID16_ALL;
699 ptr += 2;
700 }
701
702 /* Stop if not enough space to put next UUID */
703 if ((ptr - data) + sizeof(u16) > len) {
704 uuids_start[1] = EIR_UUID16_SOME;
705 break;
706 }
707
708 *ptr++ = (uuid16 & 0x00ff);
709 *ptr++ = (uuid16 & 0xff00) >> 8;
710 uuids_start[0] += sizeof(uuid16);
711 }
712
713 return ptr;
714}
715
cdf1963f
JH		 716static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
717{
718 u8 *ptr = data, *uuids_start = NULL;
719 struct bt_uuid *uuid;
720
721 if (len < 6)
722 return ptr;
723
724 list_for_each_entry(uuid, &hdev->uuids, list) {
725 if (uuid->size != 32)
726 continue;
727
728 if (!uuids_start) {
729 uuids_start = ptr;
730 uuids_start[0] = 1;
731 uuids_start[1] = EIR_UUID32_ALL;
732 ptr += 2;
733 }
734
735 /* Stop if not enough space to put next UUID */
736 if ((ptr - data) + sizeof(u32) > len) {
737 uuids_start[1] = EIR_UUID32_SOME;
738 break;
739 }
740
741 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
742 ptr += sizeof(u32);
743 uuids_start[0] += sizeof(u32);
744 }
745
746 return ptr;
747}
748
c00d575b
JH		 749static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
750{
751 u8 *ptr = data, *uuids_start = NULL;
752 struct bt_uuid *uuid;
753
754 if (len < 18)
755 return ptr;
756
757 list_for_each_entry(uuid, &hdev->uuids, list) {
758 if (uuid->size != 128)
759 continue;
760
761 if (!uuids_start) {
762 uuids_start = ptr;
763 uuids_start[0] = 1;
764 uuids_start[1] = EIR_UUID128_ALL;
765 ptr += 2;
766 }
767
768 /* Stop if not enough space to put next UUID */
769 if ((ptr - data) + 16 > len) {
770 uuids_start[1] = EIR_UUID128_SOME;
771 break;
772 }
773
774 memcpy(ptr, uuid->uuid, 16);
775 ptr += 16;
776 uuids_start[0] += 16;
777 }
778
779 return ptr;
780}
781
3b0602cd
JH		 782static struct mgmt_pending_cmd *mgmt_pending_find(u16 opcode,
783 struct hci_dev *hdev)
eb2a8d20 784{
3b0602cd 785 struct mgmt_pending_cmd *cmd;
eb2a8d20
JH		 786
787 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
788 if (cmd->opcode == opcode)
789 return cmd;
790 }
791
792 return NULL;
793}
794
3b0602cd
JH		 795static struct mgmt_pending_cmd *mgmt_pending_find_data(u16 opcode,
796 struct hci_dev *hdev,
797 const void *data)
95868426 798{
3b0602cd 799 struct mgmt_pending_cmd *cmd;
95868426
JH		 800
801 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
802 if (cmd->user_data != data)
803 continue;
804 if (cmd->opcode == opcode)
805 return cmd;
806 }
807
808 return NULL;
809}
810
f14d8f64
MH		 811static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
812{
7a5f4990
MH		 813 u8 ad_len = 0;
814 size_t name_len;
815
816 name_len = strlen(hdev->dev_name);
817 if (name_len > 0) {
818 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
819
820 if (name_len > max_len) {
821 name_len = max_len;
822 ptr[1] = EIR_NAME_SHORT;
823 } else
824 ptr[1] = EIR_NAME_COMPLETE;
825
826 ptr[0] = name_len + 1;
827
828 memcpy(ptr + 2, hdev->dev_name, name_len);
829
830 ad_len += (name_len + 2);
831 ptr += (name_len + 2);
832 }
833
834 return ad_len;
f14d8f64
MH		 835}
836
837static void update_scan_rsp_data(struct hci_request *req)
838{
839 struct hci_dev *hdev = req->hdev;
840 struct hci_cp_le_set_scan_rsp_data cp;
841 u8 len;
842
7751ef1b 843 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 844 return;
845
846 memset(&cp, 0, sizeof(cp));
847
848 len = create_scan_rsp_data(hdev, cp.data);
849
eb438b5f
JH		 850 if (hdev->scan_rsp_data_len == len &&
851 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 852 return;
853
eb438b5f
JH		 854 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
855 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 856
857 cp.length = len;
858
859 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
860}
861
9a43e25f
JH		 862static u8 get_adv_discov_flags(struct hci_dev *hdev)
863{
3b0602cd 864 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 865
866 /* If there's a pending mgmt command the flags will not yet have
867 * their final values, so check for this first.
868 */
869 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
870 if (cmd) {
871 struct mgmt_mode *cp = cmd->param;
872 if (cp->val == 0x01)
873 return LE_AD_GENERAL;
874 else if (cp->val == 0x02)
875 return LE_AD_LIMITED;
876 } else {
877 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
878 return LE_AD_LIMITED;
879 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
880 return LE_AD_GENERAL;
881 }
882
883 return 0;
884}
885
46cad2ed 886static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 887{
888 u8 ad_len = 0, flags = 0;
441ad2d0 889
9a43e25f 890 flags |= get_adv_discov_flags(hdev);
441ad2d0 891
e834004b 892 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 893 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 894
895 if (flags) {
896 BT_DBG("adv flags 0x%02x", flags);
897
898 ptr[0] = 2;
899 ptr[1] = EIR_FLAGS;
900 ptr[2] = flags;
901
902 ad_len += 3;
903 ptr += 3;
904 }
905
906 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
907 ptr[0] = 2;
908 ptr[1] = EIR_TX_POWER;
909 ptr[2] = (u8) hdev->adv_tx_power;
910
911 ad_len += 3;
912 ptr += 3;
913 }
914
441ad2d0
MH		 915 return ad_len;
916}
917
5947f4bc 918static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 919{
920 struct hci_dev *hdev = req->hdev;
921 struct hci_cp_le_set_adv_data cp;
922 u8 len;
923
10994ce6 924 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 925 return;
926
927 memset(&cp, 0, sizeof(cp));
928
46cad2ed 929 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 930
931 if (hdev->adv_data_len == len &&
932 memcmp(cp.data, hdev->adv_data, len) == 0)
933 return;
934
935 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
936 hdev->adv_data_len = len;
937
938 cp.length = len;
939
940 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
941}
942
bc6d2d04
JH		 943int mgmt_update_adv_data(struct hci_dev *hdev)
944{
945 struct hci_request req;
946
947 hci_req_init(&req, hdev);
948 update_adv_data(&req);
949
950 return hci_req_run(&req, NULL);
951}
952
ef580372
JH		 953static void create_eir(struct hci_dev *hdev, u8 *data)
954{
955 u8 *ptr = data;
ef580372
JH		 956 size_t name_len;
957
958 name_len = strlen(hdev->dev_name);
959
960 if (name_len > 0) {
961 /* EIR Data type */
962 if (name_len > 48) {
963 name_len = 48;
964 ptr[1] = EIR_NAME_SHORT;
965 } else
966 ptr[1] = EIR_NAME_COMPLETE;
967
968 /* EIR Data length */
969 ptr[0] = name_len + 1;
970
971 memcpy(ptr + 2, hdev->dev_name, name_len);
972
ef580372
JH		 973 ptr += (name_len + 2);
974 }
975
bbaf444a 976 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 977 ptr[0] = 2;
978 ptr[1] = EIR_TX_POWER;
979 ptr[2] = (u8) hdev->inq_tx_power;
980
91c4e9b1
MH		 981 ptr += 3;
982 }
983
2b9be137
MH		 984 if (hdev->devid_source > 0) {
985 ptr[0] = 9;
986 ptr[1] = EIR_DEVICE_ID;
987
988 put_unaligned_le16(hdev->devid_source, ptr + 2);
989 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
990 put_unaligned_le16(hdev->devid_product, ptr + 6);
991 put_unaligned_le16(hdev->devid_version, ptr + 8);
992
2b9be137
MH		 993 ptr += 10;
994 }
995
213202ed 996 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 997 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 998 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 999}
1000
890ea898 1001static void update_eir(struct hci_request *req)
ef580372 1002{
890ea898 1003 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1004 struct hci_cp_write_eir cp;
1005
504c8dcd 1006 if (!hdev_is_powered(hdev))
890ea898 1007 return;
7770c4aa 1008
976eb20e 1009 if (!lmp_ext_inq_capable(hdev))
890ea898 1010 return;
ef580372 1011
84bde9d6 1012 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 1013 return;
ef580372 1014
a8b2d5c2 1015 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1016 return;
ef580372
JH		 1017
1018 memset(&cp, 0, sizeof(cp));
1019
1020 create_eir(hdev, cp.data);
1021
1022 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 1023 return;
ef580372
JH		 1024
1025 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1026
890ea898 1027 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 1028}
1029
1030static u8 get_service_classes(struct hci_dev *hdev)
1031{
1032 struct bt_uuid *uuid;
1033 u8 val = 0;
1034
1035 list_for_each_entry(uuid, &hdev->uuids, list)
1036 val |= uuid->svc_hint;
1037
1038 return val;
1039}
1040
890ea898 1041static void update_class(struct hci_request *req)
ef580372 1042{
890ea898 1043 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1044 u8 cod[3];
1045
1046 BT_DBG("%s", hdev->name);
1047
504c8dcd 1048 if (!hdev_is_powered(hdev))
890ea898 1049 return;
7770c4aa 1050
f87ea1da
JH		 1051 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1052 return;
1053
a8b2d5c2 1054 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1055 return;
ef580372
JH		 1056
1057 cod[0] = hdev->minor_class;
1058 cod[1] = hdev->major_class;
1059 cod[2] = get_service_classes(hdev);
1060
6acd7db4
MH		 1061 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1062 cod[1] |= 0x20;
1063
ef580372 1064 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1065 return;
ef580372 1066
890ea898 1067 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1068}
1069
a4858cb9 1070static bool get_connectable(struct hci_dev *hdev)
199a2fb1 1071{
3b0602cd 1072 struct mgmt_pending_cmd *cmd;
199a2fb1
JH		 1073
1074 /* If there's a pending mgmt command the flag will not yet have
1075 * it's final value, so check for this first.
1076 */
1077 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1078 if (cmd) {
1079 struct mgmt_mode *cp = cmd->param;
a4858cb9 1080 return cp->val;
199a2fb1
JH		 1081 }
1082
a4858cb9 1083 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1084}
1085
0ec5ae84
JH		 1086static void disable_advertising(struct hci_request *req)
1087{
1088 u8 enable = 0x00;
1089
1090 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1091}
1092
199a2fb1
JH		 1093static void enable_advertising(struct hci_request *req)
1094{
1095 struct hci_dev *hdev = req->hdev;
1096 struct hci_cp_le_set_adv_param cp;
8f2a0601 1097 u8 own_addr_type, enable = 0x01;
a4858cb9 1098 bool connectable;
199a2fb1 1099
0ec5ae84
JH		 1100 if (hci_conn_num(hdev, LE_LINK) > 0)
1101 return;
1102
1103 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1104 disable_advertising(req);
1105
5ce194c4 1106 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1107 * hci_update_random_address knows that it's safe to go ahead
1108 * and write a new random address. The flag will be set back on
1109 * as soon as the SET_ADV_ENABLE HCI command completes.
1110 */
5ce194c4 1111 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
8d97250e 1112
cc91cb04
MH		 1113 if (test_bit(HCI_ADVERTISING_CONNECTABLE, &hdev->dev_flags))
1114 connectable = true;
1115 else
1116 connectable = get_connectable(hdev);
8f2a0601 1117
a4858cb9
JH		 1118 /* Set require_privacy to true only when non-connectable
1119 * advertising is used. In that case it is fine to use a
1120 * non-resolvable private address.
1121 */
1122 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1123 return;
1124
41c90c18 1125 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1126 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1127 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1128 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1129 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1130 cp.channel_map = hdev->le_adv_channel_map;
1131
1132 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1133
1134 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1135}
1136
7d78525d
JH		 1137static void service_cache_off(struct work_struct *work)
1138{
1139 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1140 service_cache.work);
890ea898 1141 struct hci_request req;
7d78525d 1142
a8b2d5c2 1143 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1144 return;
1145
890ea898
JH		 1146 hci_req_init(&req, hdev);
1147
7d78525d
JH		 1148 hci_dev_lock(hdev);
1149
890ea898
JH		 1150 update_eir(&req);
1151 update_class(&req);
7d78525d
JH		 1152
1153 hci_dev_unlock(hdev);
890ea898
JH		 1154
1155 hci_req_run(&req, NULL);
7d78525d
JH		 1156}
1157
d6bfd59c
JH		 1158static void rpa_expired(struct work_struct *work)
1159{
1160 struct hci_dev *hdev = container_of(work, struct hci_dev,
1161 rpa_expired.work);
1162 struct hci_request req;
1163
1164 BT_DBG("");
1165
1166 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1167
0ec5ae84 1168 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
d6bfd59c
JH		 1169 return;
1170
1171 /* The generation of a new RPA and programming it into the
1172 * controller happens in the enable_advertising() function.
1173 */
d6bfd59c 1174 hci_req_init(&req, hdev);
d6bfd59c 1175 enable_advertising(&req);
d6bfd59c
JH		 1176 hci_req_run(&req, NULL);
1177}
1178
6a919082 1179static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1180{
4f87da80 1181 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1182 return;
1183
4f87da80 1184 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1185 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1186
4f87da80
JH		 1187 /* Non-mgmt controlled devices get this bit set
1188 * implicitly so that pairing works for them, however
1189 * for mgmt we require user-space to explicitly enable
1190 * it
1191 */
b6ae8457 1192 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
7d78525d
JH		 1193}
1194
0f4e68cf 1195static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1196 void *data, u16 data_len)
0381101f 1197{
a38528f1 1198 struct mgmt_rp_read_info rp;
f7b64e69 1199
bdb6d971 1200 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1201
09fd0de5 1202 hci_dev_lock(hdev);
f7b64e69 1203
dc4fe30b
JH		 1204 memset(&rp, 0, sizeof(rp));
1205
69ab39ea 1206 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1207
69ab39ea 1208 rp.version = hdev->hci_ver;
eb55ef07 1209 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1210
1211 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1212 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1213
a38528f1 1214 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1215
dc4fe30b 1216 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1217 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1218
09fd0de5 1219 hci_dev_unlock(hdev);
0381101f 1220
2a1afb5a
JH		 1221 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1222 sizeof(rp));
0381101f
JH		 1223}
1224
3b0602cd 1225static void mgmt_pending_free(struct mgmt_pending_cmd *cmd)
eec8d2bc
JH		 1226{
1227 sock_put(cmd->sk);
c68fb7ff 1228 kfree(cmd->param);
eec8d2bc
JH		 1229 kfree(cmd);
1230}
1231
3b0602cd
JH		 1232static struct mgmt_pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1233 struct hci_dev *hdev,
1234 void *data, u16 len)
eec8d2bc 1235{
3b0602cd 1236 struct mgmt_pending_cmd *cmd;
eec8d2bc 1237
fca20018 1238 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1239 if (!cmd)
366a0336 1240 return NULL;
eec8d2bc
JH		 1241
1242 cmd->opcode = opcode;
2e58ef3e 1243 cmd->index = hdev->id;
eec8d2bc 1244
323b0b88 1245 cmd->param = kmemdup(data, len, GFP_KERNEL);
c68fb7ff 1246 if (!cmd->param) {
eec8d2bc 1247 kfree(cmd);
366a0336 1248 return NULL;
eec8d2bc
JH		 1249 }
1250
323b0b88 1251 cmd->param_len = len;
eec8d2bc
JH		 1252
1253 cmd->sk = sk;
1254 sock_hold(sk);
1255
2e58ef3e 1256 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1257
366a0336 1258 return cmd;
eec8d2bc
JH		 1259}
1260
744cf19e 1261static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
3b0602cd 1262 void (*cb)(struct mgmt_pending_cmd *cmd,
8fc9ced3 1263 void *data),
04124681 1264 void *data)
eec8d2bc 1265{
3b0602cd 1266 struct mgmt_pending_cmd *cmd, *tmp;
eec8d2bc 1267
a3d09356 1268 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1269 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1270 continue;
1271
eec8d2bc
JH		 1272 cb(cmd, data);
1273 }
1274}
1275
3b0602cd 1276static void mgmt_pending_remove(struct mgmt_pending_cmd *cmd)
73f22f62 1277{
73f22f62
JH		 1278 list_del(&cmd->list);
1279 mgmt_pending_free(cmd);
1280}
1281
69ab39ea 1282static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1283{
69ab39ea 1284 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1285
2a1afb5a
JH		 1286 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1287 sizeof(settings));
8680570b
JH		 1288}
1289
1904a853 1290static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1291{
1292 BT_DBG("%s status 0x%02x", hdev->name, status);
1293
a3172b7e
JH		 1294 if (hci_conn_count(hdev) == 0) {
1295 cancel_delayed_work(&hdev->power_off);
8b064a3a 1296 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1297 }
8b064a3a
JH		 1298}
1299
23a48093 1300static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1301{
1302 struct hci_dev *hdev = req->hdev;
1303 struct hci_cp_remote_name_req_cancel cp;
1304 struct inquiry_entry *e;
1305
1306 switch (hdev->discovery.state) {
1307 case DISCOVERY_FINDING:
1308 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1309 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1310 } else {
1311 cancel_delayed_work(&hdev->le_scan_disable);
1312 hci_req_add_le_scan_disable(req);
1313 }
1314
23a48093 1315 return true;
21a60d30
JH		 1316
1317 case DISCOVERY_RESOLVING:
1318 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1319 NAME_PENDING);
1320 if (!e)
23a48093 1321 break;
21a60d30
JH		 1322
1323 bacpy(&cp.bdaddr, &e->data.bdaddr);
1324 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1325 &cp);
1326
23a48093 1327 return true;
21a60d30
JH		 1328
1329 default:
1330 /* Passive scanning */
23a48093 1331 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
21a60d30 1332 hci_req_add_le_scan_disable(req);
23a48093
JH		 1333 return true;
1334 }
1335
21a60d30
JH		 1336 break;
1337 }
23a48093
JH		 1338
1339 return false;
21a60d30
JH		 1340}
1341
8b064a3a
JH		 1342static int clean_up_hci_state(struct hci_dev *hdev)
1343{
1344 struct hci_request req;
1345 struct hci_conn *conn;
23a48093
JH		 1346 bool discov_stopped;
1347 int err;
8b064a3a
JH		 1348
1349 hci_req_init(&req, hdev);
1350
1351 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1352 test_bit(HCI_PSCAN, &hdev->flags)) {
1353 u8 scan = 0x00;
1354 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1355 }
1356
73e082f8 1357 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
8b064a3a
JH		 1358 disable_advertising(&req);
1359
23a48093 1360 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1361
1362 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1363 struct hci_cp_disconnect dc;
c9910d0f
JH		 1364 struct hci_cp_reject_conn_req rej;
1365
1366 switch (conn->state) {
1367 case BT_CONNECTED:
1368 case BT_CONFIG:
1369 dc.handle = cpu_to_le16(conn->handle);
1370 dc.reason = 0x15; /* Terminated due to Power Off */
1371 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1372 break;
1373 case BT_CONNECT:
1374 if (conn->type == LE_LINK)
1375 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1376 0, NULL);
1377 else if (conn->type == ACL_LINK)
1378 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1379 6, &conn->dst);
1380 break;
1381 case BT_CONNECT2:
1382 bacpy(&rej.bdaddr, &conn->dst);
1383 rej.reason = 0x15; /* Terminated due to Power Off */
1384 if (conn->type == ACL_LINK)
1385 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1386 sizeof(rej), &rej);
1387 else if (conn->type == SCO_LINK)
1388 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1389 sizeof(rej), &rej);
1390 break;
1391 }
8b064a3a
JH		 1392 }
1393
23a48093
JH		 1394 err = hci_req_run(&req, clean_up_hci_complete);
1395 if (!err && discov_stopped)
1396 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1397
1398 return err;
8b064a3a
JH		 1399}
1400
bdb6d971 1401static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1402 u16 len)
eec8d2bc 1403{
650f726d 1404 struct mgmt_mode *cp = data;
3b0602cd 1405 struct mgmt_pending_cmd *cmd;
4b34ee78 1406 int err;
eec8d2bc 1407
bdb6d971 1408 BT_DBG("request for %s", hdev->name);
eec8d2bc 1409
a7e80f25 1410 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1411 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1412 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1413
09fd0de5 1414 hci_dev_lock(hdev);
eec8d2bc 1415
87b95ba6 1416 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1417 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1418 MGMT_STATUS_BUSY);
87b95ba6
JH		 1419 goto failed;
1420 }
1421
f0d4b78a
MH		 1422 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1423 cancel_delayed_work(&hdev->power_off);
1424
1425 if (cp->val) {
a1d70450
JH		 1426 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1427 data, len);
1428 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1429 goto failed;
1430 }
1431 }
1432
4b34ee78 1433 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1434 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1435 goto failed;
1436 }
1437
2e58ef3e 1438 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1439 if (!cmd) {
1440 err = -ENOMEM;
eec8d2bc 1441 goto failed;
366a0336 1442 }
eec8d2bc 1443
8b064a3a 1444 if (cp->val) {
19202573 1445 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1446 err = 0;
1447 } else {
1448 /* Disconnect connections, stop scans, etc */
1449 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1450 if (!err)
1451 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1452 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1453
8b064a3a
JH		 1454 /* ENODATA means there were no HCI commands queued */
1455 if (err == -ENODATA) {
a3172b7e 1456 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1457 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1458 err = 0;
1459 }
1460 }
eec8d2bc
JH		 1461
1462failed:
09fd0de5 1463 hci_dev_unlock(hdev);
366a0336 1464 return err;
eec8d2bc
JH		 1465}
1466
beadb2bd
JH		 1467static int new_settings(struct hci_dev *hdev, struct sock *skip)
1468{
1469 __le32 ev;
1470
1471 ev = cpu_to_le32(get_current_settings(hdev));
1472
1473 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1474}
1475
91a668b0
JH		 1476int mgmt_new_settings(struct hci_dev *hdev)
1477{
1478 return new_settings(hdev, NULL);
1479}
1480
bd99abdd
JH		 1481struct cmd_lookup {
1482 struct sock *sk;
1483 struct hci_dev *hdev;
1484 u8 mgmt_status;
1485};
1486
3b0602cd 1487static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1488{
1489 struct cmd_lookup *match = data;
1490
1491 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1492
1493 list_del(&cmd->list);
1494
1495 if (match->sk == NULL) {
1496 match->sk = cmd->sk;
1497 sock_hold(match->sk);
1498 }
1499
1500 mgmt_pending_free(cmd);
1501}
1502
3b0602cd 1503static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1504{
1505 u8 *status = data;
1506
a69e8375 1507 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1508 mgmt_pending_remove(cmd);
1509}
1510
3b0602cd 1511static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1512{
1513 if (cmd->cmd_complete) {
1514 u8 *status = data;
1515
1516 cmd->cmd_complete(cmd, *status);
1517 mgmt_pending_remove(cmd);
1518
1519 return;
1520 }
1521
1522 cmd_status_rsp(cmd, data);
1523}
1524
3b0602cd 1525static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1526{
2a1afb5a
JH		 1527 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1528 cmd->param, cmd->param_len);
f5818c22
JH		 1529}
1530
3b0602cd 1531static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1532{
2a1afb5a
JH		 1533 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1534 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1535}
1536
e6fe7986
JH		 1537static u8 mgmt_bredr_support(struct hci_dev *hdev)
1538{
1539 if (!lmp_bredr_capable(hdev))
1540 return MGMT_STATUS_NOT_SUPPORTED;
1541 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1542 return MGMT_STATUS_REJECTED;
1543 else
1544 return MGMT_STATUS_SUCCESS;
1545}
1546
1547static u8 mgmt_le_support(struct hci_dev *hdev)
1548{
1549 if (!lmp_le_capable(hdev))
1550 return MGMT_STATUS_NOT_SUPPORTED;
1551 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1552 return MGMT_STATUS_REJECTED;
1553 else
1554 return MGMT_STATUS_SUCCESS;
1555}
1556
1904a853
MH		 1557static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1558 u16 opcode)
bfaf8c9f 1559{
3b0602cd 1560 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1561 struct mgmt_mode *cp;
970ba524 1562 struct hci_request req;
bfaf8c9f
JH		 1563 bool changed;
1564
1565 BT_DBG("status 0x%02x", status);
1566
1567 hci_dev_lock(hdev);
1568
1569 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1570 if (!cmd)
1571 goto unlock;
1572
1573 if (status) {
1574 u8 mgmt_err = mgmt_status(status);
a69e8375 1575 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1576 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1577 goto remove_cmd;
1578 }
1579
1580 cp = cmd->param;
d4462a07 1581 if (cp->val) {
bfaf8c9f
JH		 1582 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1583 &hdev->dev_flags);
d4462a07
MH		 1584
1585 if (hdev->discov_timeout > 0) {
1586 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1587 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1588 to);
1589 }
1590 } else {
bfaf8c9f
JH		 1591 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1592 &hdev->dev_flags);
d4462a07 1593 }
bfaf8c9f
JH		 1594
1595 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1596
1597 if (changed)
1598 new_settings(hdev, cmd->sk);
1599
970ba524
MH		 1600 /* When the discoverable mode gets changed, make sure
1601 * that class of device has the limited discoverable
432df05e
JH		 1602 * bit correctly set. Also update page scan based on whitelist
1603 * entries.
970ba524
MH		 1604 */
1605 hci_req_init(&req, hdev);
1d2dc5b7 1606 __hci_update_page_scan(&req);
970ba524
MH		 1607 update_class(&req);
1608 hci_req_run(&req, NULL);
1609
bfaf8c9f
JH		 1610remove_cmd:
1611 mgmt_pending_remove(cmd);
1612
1613unlock:
1614 hci_dev_unlock(hdev);
1615}
1616
bdb6d971 1617static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1618 u16 len)
73f22f62 1619{
650f726d 1620 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1621 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1622 struct hci_request req;
5e5282bb 1623 u16 timeout;
9a43e25f 1624 u8 scan;
73f22f62
JH		 1625 int err;
1626
bdb6d971 1627 BT_DBG("request for %s", hdev->name);
73f22f62 1628
9a43e25f
JH		 1629 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1630 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
a69e8375
JH		 1631 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1632 MGMT_STATUS_REJECTED);
33c525c0 1633
310a3d48 1634 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1635 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1636 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1637
1f350c87 1638 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1639
1640 /* Disabling discoverable requires that no timeout is set,
1641 * and enabling limited discoverable requires a timeout.
1642 */
1643 if ((cp->val == 0x00 && timeout > 0) ||
1644 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1645 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1646 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1647
09fd0de5 1648 hci_dev_lock(hdev);
73f22f62 1649
5e5282bb 1650 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1651 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1652 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1653 goto failed;
1654 }
1655
2e58ef3e 1656 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1657 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1658 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1659 MGMT_STATUS_BUSY);
73f22f62
JH		 1660 goto failed;
1661 }
1662
5e5282bb 1663 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
a69e8375
JH		 1664 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1665 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1666 goto failed;
1667 }
1668
1669 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1670 bool changed = false;
1671
310a3d48
MH		 1672 /* Setting limited discoverable when powered off is
1673 * not a valid operation since it requires a timeout
1674 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1675 */
0224d2fa
JH		 1676 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1677 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1678 changed = true;
1679 }
1680
5e5282bb 1681 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1682 if (err < 0)
1683 goto failed;
1684
1685 if (changed)
1686 err = new_settings(hdev, sk);
1687
5e5282bb
JH		 1688 goto failed;
1689 }
1690
310a3d48
MH		 1691 /* If the current mode is the same, then just update the timeout
1692 * value with the new value. And if only the timeout gets updated,
1693 * then no need for any HCI transactions.
1694 */
1695 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1696 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1697 &hdev->dev_flags)) {
36261547
MH		 1698 cancel_delayed_work(&hdev->discov_off);
1699 hdev->discov_timeout = timeout;
955638ec 1700
36261547
MH		 1701 if (cp->val && hdev->discov_timeout > 0) {
1702 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1703 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1704 to);
955638ec
MH		 1705 }
1706
69ab39ea 1707 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1708 goto failed;
1709 }
1710
2e58ef3e 1711 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1712 if (!cmd) {
1713 err = -ENOMEM;
73f22f62 1714 goto failed;
366a0336 1715 }
73f22f62 1716
310a3d48
MH		 1717 /* Cancel any potential discoverable timeout that might be
1718 * still active and store new timeout value. The arming of
1719 * the timeout happens in the complete handler.
1720 */
1721 cancel_delayed_work(&hdev->discov_off);
1722 hdev->discov_timeout = timeout;
1723
b456f87c
JH		 1724 /* Limited discoverable mode */
1725 if (cp->val == 0x02)
1726 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1727 else
1728 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1729
bfaf8c9f
JH		 1730 hci_req_init(&req, hdev);
1731
9a43e25f
JH		 1732 /* The procedure for LE-only controllers is much simpler - just
1733 * update the advertising data.
1734 */
1735 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1736 goto update_ad;
1737
73f22f62
JH		 1738 scan = SCAN_PAGE;
1739
310a3d48
MH		 1740 if (cp->val) {
1741 struct hci_cp_write_current_iac_lap hci_cp;
1742
1743 if (cp->val == 0x02) {
1744 /* Limited discoverable mode */
33337dcb 1745 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1746 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1747 hci_cp.iac_lap[1] = 0x8b;
1748 hci_cp.iac_lap[2] = 0x9e;
1749 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1750 hci_cp.iac_lap[4] = 0x8b;
1751 hci_cp.iac_lap[5] = 0x9e;
1752 } else {
1753 /* General discoverable mode */
310a3d48
MH		 1754 hci_cp.num_iac = 1;
1755 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1756 hci_cp.iac_lap[1] = 0x8b;
1757 hci_cp.iac_lap[2] = 0x9e;
1758 }
1759
1760 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1761 (hci_cp.num_iac * 3) + 1, &hci_cp);
1762
73f22f62 1763 scan |= SCAN_INQUIRY;
310a3d48
MH		 1764 } else {
1765 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1766 }
73f22f62 1767
310a3d48 1768 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1769
9a43e25f
JH		 1770update_ad:
1771 update_adv_data(&req);
1772
bfaf8c9f 1773 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1774 if (err < 0)
a664b5bc 1775 mgmt_pending_remove(cmd);
73f22f62
JH		 1776
1777failed:
09fd0de5 1778 hci_dev_unlock(hdev);
73f22f62
JH		 1779 return err;
1780}
1781
406d7804
JH		 1782static void write_fast_connectable(struct hci_request *req, bool enable)
1783{
bd98b996 1784 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1785 struct hci_cp_write_page_scan_activity acp;
1786 u8 type;
1787
547003b1
JH		 1788 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1789 return;
1790
4c01f8b8
JH		 1791 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1792 return;
1793
406d7804
JH		 1794 if (enable) {
1795 type = PAGE_SCAN_TYPE_INTERLACED;
1796
1797 /* 160 msec page scan interval */
dcf4adbf 1798 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1799 } else {
1800 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1801
1802 /* default 1.28 sec page scan */
dcf4adbf 1803 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1804 }
1805
dcf4adbf 1806 acp.window = cpu_to_le16(0x0012);
406d7804 1807
bd98b996
JH		 1808 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1809 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1810 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1811 sizeof(acp), &acp);
1812
1813 if (hdev->page_scan_type != type)
1814 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1815}
1816
1904a853
MH		 1817static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1818 u16 opcode)
2b76f453 1819{
3b0602cd 1820 struct mgmt_pending_cmd *cmd;
d7b856f9 1821 struct mgmt_mode *cp;
bc6d2d04 1822 bool conn_changed, discov_changed;
2b76f453
JH		 1823
1824 BT_DBG("status 0x%02x", status);
1825
1826 hci_dev_lock(hdev);
1827
1828 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1829 if (!cmd)
1830 goto unlock;
1831
37438c1f
JH		 1832 if (status) {
1833 u8 mgmt_err = mgmt_status(status);
a69e8375 1834 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1835 goto remove_cmd;
1836 }
1837
d7b856f9 1838 cp = cmd->param;
bc6d2d04
JH		 1839 if (cp->val) {
1840 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1841 &hdev->dev_flags);
1842 discov_changed = false;
1843 } else {
1844 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1845 &hdev->dev_flags);
1846 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1847 &hdev->dev_flags);
1848 }
d7b856f9 1849
2b76f453
JH		 1850 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1851
bc6d2d04 1852 if (conn_changed || discov_changed) {
d7b856f9 1853 new_settings(hdev, cmd->sk);
1d2dc5b7 1854 hci_update_page_scan(hdev);
bc6d2d04
JH		 1855 if (discov_changed)
1856 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1857 hci_update_background_scan(hdev);
1858 }
d7b856f9 1859
37438c1f 1860remove_cmd:
2b76f453
JH		 1861 mgmt_pending_remove(cmd);
1862
1863unlock:
1864 hci_dev_unlock(hdev);
1865}
1866
e8ba3a1f
JH		 1867static int set_connectable_update_settings(struct hci_dev *hdev,
1868 struct sock *sk, u8 val)
1869{
1870 bool changed = false;
1871 int err;
1872
1873 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1874 changed = true;
1875
1876 if (val) {
1877 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1878 } else {
1879 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1880 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1881 }
1882
1883 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1884 if (err < 0)
1885 return err;
1886
562064e6 1887 if (changed) {
1d2dc5b7 1888 hci_update_page_scan(hdev);
562064e6 1889 hci_update_background_scan(hdev);
e8ba3a1f 1890 return new_settings(hdev, sk);
562064e6 1891 }
e8ba3a1f
JH		 1892
1893 return 0;
1894}
1895
bdb6d971 1896static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1897 u16 len)
9fbcbb45 1898{
650f726d 1899 struct mgmt_mode *cp = data;
3b0602cd 1900 struct mgmt_pending_cmd *cmd;
2b76f453 1901 struct hci_request req;
1987fdc7 1902 u8 scan;
9fbcbb45
JH		 1903 int err;
1904
bdb6d971 1905 BT_DBG("request for %s", hdev->name);
9fbcbb45 1906
1987fdc7
JH		 1907 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1908 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
a69e8375
JH		 1909 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1910 MGMT_STATUS_REJECTED);
33c525c0 1911
a7e80f25 1912 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1913 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1914 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1915
09fd0de5 1916 hci_dev_lock(hdev);
9fbcbb45 1917
4b34ee78 1918 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1919 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1920 goto failed;
1921 }
1922
2e58ef3e 1923 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1924 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1925 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1926 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1927 goto failed;
1928 }
1929
2e58ef3e 1930 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1931 if (!cmd) {
1932 err = -ENOMEM;
9fbcbb45 1933 goto failed;
366a0336 1934 }
9fbcbb45 1935
9b74246f 1936 hci_req_init(&req, hdev);
9fbcbb45 1937
9a43e25f
JH		 1938 /* If BR/EDR is not enabled and we disable advertising as a
1939 * by-product of disabling connectable, we need to update the
1940 * advertising flags.
1941 */
1942 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1943 if (!cp->val) {
1944 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1945 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1946 }
1947 update_adv_data(&req);
1948 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1949 if (cp->val) {
1950 scan = SCAN_PAGE;
1951 } else {
3bd27240
JH		 1952 /* If we don't have any whitelist entries just
1953 * disable all scanning. If there are entries
1954 * and we had both page and inquiry scanning
1955 * enabled then fall back to only page scanning.
1956 * Otherwise no changes are needed.
1957 */
1958 if (list_empty(&hdev->whitelist))
1959 scan = SCAN_DISABLED;
1960 else if (test_bit(HCI_ISCAN, &hdev->flags))
1961 scan = SCAN_PAGE;
1962 else
1963 goto no_scan_update;
9b74246f
JH		 1964
1965 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1966 hdev->discov_timeout > 0)
9b74246f
JH		 1967 cancel_delayed_work(&hdev->discov_off);
1968 }
2b76f453 1969
9b74246f
JH		 1970 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1971 }
2b76f453 1972
3bd27240 1973no_scan_update:
e8b1202c
JH		 1974 /* Update the advertising parameters if necessary */
1975 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1987fdc7 1976 enable_advertising(&req);
1987fdc7 1977
2b76f453 1978 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1979 if (err < 0) {
a664b5bc 1980 mgmt_pending_remove(cmd);
9b74246f 1981 if (err == -ENODATA)
a81070ba
JH		 1982 err = set_connectable_update_settings(hdev, sk,
1983 cp->val);
9b74246f
JH		 1984 goto failed;
1985 }
9fbcbb45
JH		 1986
1987failed:
09fd0de5 1988 hci_dev_unlock(hdev);
9fbcbb45
JH		 1989 return err;
1990}
1991
b2939475 1992static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1993 u16 len)
c542a06c 1994{
650f726d 1995 struct mgmt_mode *cp = data;
55594356 1996 bool changed;
c542a06c
JH		 1997 int err;
1998
bdb6d971 1999 BT_DBG("request for %s", hdev->name);
c542a06c 2000
a7e80f25 2001 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2002 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2003 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2004
09fd0de5 2005 hci_dev_lock(hdev);
c542a06c
JH		 2006
2007 if (cp->val)
b6ae8457 2008 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 2009 else
b6ae8457 2010 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 2011
b2939475 2012 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 2013 if (err < 0)
55594356 2014 goto unlock;
c542a06c 2015
55594356
MH		 2016 if (changed)
2017 err = new_settings(hdev, sk);
c542a06c 2018
55594356 2019unlock:
09fd0de5 2020 hci_dev_unlock(hdev);
c542a06c
JH		 2021 return err;
2022}
2023
04124681
GP		 2024static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2025 u16 len)
33ef95ed
JH		 2026{
2027 struct mgmt_mode *cp = data;
3b0602cd 2028 struct mgmt_pending_cmd *cmd;
e6fe7986 2029 u8 val, status;
33ef95ed
JH		 2030 int err;
2031
bdb6d971 2032 BT_DBG("request for %s", hdev->name);
33ef95ed 2033
e6fe7986
JH		 2034 status = mgmt_bredr_support(hdev);
2035 if (status)
a69e8375
JH		 2036 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2037 status);
33c525c0 2038
a7e80f25 2039 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2040 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2041 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2042
33ef95ed
JH		 2043 hci_dev_lock(hdev);
2044
4b34ee78 2045 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2046 bool changed = false;
2047
2048 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 2049 &hdev->dev_flags)) {
47990ea0
JH		 2050 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
2051 changed = true;
2052 }
2053
2054 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2055 if (err < 0)
2056 goto failed;
2057
2058 if (changed)
2059 err = new_settings(hdev, sk);
2060
33ef95ed
JH		 2061 goto failed;
2062 }
2063
2064 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 2065 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2066 MGMT_STATUS_BUSY);
33ef95ed
JH		 2067 goto failed;
2068 }
2069
2070 val = !!cp->val;
2071
2072 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2073 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2074 goto failed;
2075 }
2076
2077 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2078 if (!cmd) {
2079 err = -ENOMEM;
2080 goto failed;
2081 }
2082
2083 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2084 if (err < 0) {
2085 mgmt_pending_remove(cmd);
2086 goto failed;
2087 }
2088
2089failed:
2090 hci_dev_unlock(hdev);
33ef95ed
JH		 2091 return err;
2092}
2093
bdb6d971 2094static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2095{
2096 struct mgmt_mode *cp = data;
3b0602cd 2097 struct mgmt_pending_cmd *cmd;
72ef0c1a 2098 u8 status;
ed2c4ee3
JH		 2099 int err;
2100
bdb6d971 2101 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2102
cdba5281
MH		 2103 status = mgmt_bredr_support(hdev);
2104 if (status)
a69e8375 2105 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 2106
13ecd8b6 2107 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2108 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2109 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2110
a7e80f25 2111 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2112 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2113 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2114
13ecd8b6 2115 hci_dev_lock(hdev);
6c8f12c1 2116
4b34ee78 2117 if (!hdev_is_powered(hdev)) {
9ecb3e24 2118 bool changed;
c0ecddc2 2119
9ecb3e24
MH		 2120 if (cp->val) {
2121 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2122 &hdev->dev_flags);
2123 } else {
2124 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2125 &hdev->dev_flags);
2126 if (!changed)
2127 changed = test_and_clear_bit(HCI_HS_ENABLED,
2128 &hdev->dev_flags);
2129 else
2130 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2131 }
2132
2133 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2134 if (err < 0)
2135 goto failed;
2136
2137 if (changed)
2138 err = new_settings(hdev, sk);
2139
ed2c4ee3
JH		 2140 goto failed;
2141 }
2142
94d52dad 2143 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2144 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2145 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2146 goto failed;
2147 }
2148
72ef0c1a 2149 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2150 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2151 goto failed;
2152 }
2153
2154 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2155 if (!cmd) {
2156 err = -ENOMEM;
2157 goto failed;
2158 }
2159
3769972b
JH		 2160 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2161 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2162 sizeof(cp->val), &cp->val);
2163
72ef0c1a 2164 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2165 if (err < 0) {
2166 mgmt_pending_remove(cmd);
2167 goto failed;
2168 }
2169
2170failed:
2171 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2172 return err;
2173}
2174
bdb6d971 2175static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2176{
2177 struct mgmt_mode *cp = data;
ee392693 2178 bool changed;
e6fe7986 2179 u8 status;
ee392693 2180 int err;
6d80dfd0 2181
bdb6d971 2182 BT_DBG("request for %s", hdev->name);
6d80dfd0 2183
e6fe7986
JH		 2184 status = mgmt_bredr_support(hdev);
2185 if (status)
a69e8375 2186 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2187
9ecb3e24 2188 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2189 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2190 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24
MH		 2191
2192 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
a69e8375
JH		 2193 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2194 MGMT_STATUS_REJECTED);
9ecb3e24 2195
a7e80f25 2196 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2197 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2198 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2199
ee392693
MH		 2200 hci_dev_lock(hdev);
2201
a2cb01de 2202 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2203 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2204 MGMT_STATUS_BUSY);
a2cb01de
JH		 2205 goto unlock;
2206 }
2207
a0cdf960 2208 if (cp->val) {
ee392693 2209 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2210 } else {
2211 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2212 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2213 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2214 goto unlock;
2215 }
2216
ee392693 2217 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2218 }
ee392693
MH		 2219
2220 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2221 if (err < 0)
2222 goto unlock;
2223
2224 if (changed)
2225 err = new_settings(hdev, sk);
6d80dfd0 2226
ee392693
MH		 2227unlock:
2228 hci_dev_unlock(hdev);
2229 return err;
6d80dfd0
JH		 2230}
2231
1904a853 2232static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2233{
2234 struct cmd_lookup match = { NULL, hdev };
2235
3ad67582
JK		 2236 hci_dev_lock(hdev);
2237
416a4ae5
JH		 2238 if (status) {
2239 u8 mgmt_err = mgmt_status(status);
2240
2241 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2242 &mgmt_err);
3ad67582 2243 goto unlock;
416a4ae5
JH		 2244 }
2245
2246 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2247
2248 new_settings(hdev, match.sk);
2249
2250 if (match.sk)
2251 sock_put(match.sk);
441ad2d0
MH		 2252
2253 /* Make sure the controller has a good default for
2254 * advertising data. Restrict the update to when LE
2255 * has actually been enabled. During power on, the
2256 * update in powered_update_hci will take care of it.
2257 */
2258 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2259 struct hci_request req;
2260
441ad2d0 2261 hci_req_init(&req, hdev);
5947f4bc 2262 update_adv_data(&req);
f14d8f64 2263 update_scan_rsp_data(&req);
2cf22218 2264 __hci_update_background_scan(&req);
441ad2d0 2265 hci_req_run(&req, NULL);
441ad2d0 2266 }
3ad67582
JK		 2267
2268unlock:
2269 hci_dev_unlock(hdev);
416a4ae5
JH		 2270}
2271
bdb6d971 2272static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2273{
2274 struct mgmt_mode *cp = data;
2275 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 2276 struct mgmt_pending_cmd *cmd;
416a4ae5 2277 struct hci_request req;
06199cf8 2278 int err;
0b60eba1 2279 u8 val, enabled;
06199cf8 2280
bdb6d971 2281 BT_DBG("request for %s", hdev->name);
06199cf8 2282
13ecd8b6 2283 if (!lmp_le_capable(hdev))
a69e8375
JH		 2284 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2285 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2286
a7e80f25 2287 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2288 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2289 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2290
c73eee91 2291 /* LE-only devices do not allow toggling LE on/off */
56f87901 2292 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
a69e8375
JH		 2293 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2294 MGMT_STATUS_REJECTED);
c73eee91 2295
13ecd8b6 2296 hci_dev_lock(hdev);
06199cf8
JH		 2297
2298 val = !!cp->val;
ffa88e02 2299 enabled = lmp_host_le_capable(hdev);
06199cf8 2300
0b60eba1 2301 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2302 bool changed = false;
2303
2304 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2305 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2306 changed = true;
2307 }
2308
f3d3444a
JH		 2309 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2310 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2311 changed = true;
2312 }
2313
06199cf8
JH		 2314 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2315 if (err < 0)
1de028ce 2316 goto unlock;
06199cf8
JH		 2317
2318 if (changed)
2319 err = new_settings(hdev, sk);
2320
1de028ce 2321 goto unlock;
06199cf8
JH		 2322 }
2323
4375f103
JH		 2324 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2325 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2326 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2327 MGMT_STATUS_BUSY);
1de028ce 2328 goto unlock;
06199cf8
JH		 2329 }
2330
2331 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2332 if (!cmd) {
2333 err = -ENOMEM;
1de028ce 2334 goto unlock;
06199cf8
JH		 2335 }
2336
441ad2d0
MH		 2337 hci_req_init(&req, hdev);
2338
06199cf8
JH		 2339 memset(&hci_cp, 0, sizeof(hci_cp));
2340
2341 if (val) {
2342 hci_cp.le = val;
32226e4f 2343 hci_cp.simul = 0x00;
441ad2d0 2344 } else {
73e082f8 2345 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
441ad2d0 2346 disable_advertising(&req);
06199cf8
JH		 2347 }
2348
416a4ae5
JH		 2349 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2350 &hci_cp);
2351
2352 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2353 if (err < 0)
06199cf8 2354 mgmt_pending_remove(cmd);
06199cf8 2355
1de028ce
JH		 2356unlock:
2357 hci_dev_unlock(hdev);
06199cf8
JH		 2358 return err;
2359}
2360
0cab9c80
JH		 2361/* This is a helper function to test for pending mgmt commands that can
2362 * cause CoD or EIR HCI commands. We can only allow one such pending
2363 * mgmt command at a time since otherwise we cannot easily track what
2364 * the current values are, will be, and based on that calculate if a new
2365 * HCI command needs to be sent and if yes with what value.
2366 */
2367static bool pending_eir_or_class(struct hci_dev *hdev)
2368{
3b0602cd 2369 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2370
2371 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2372 switch (cmd->opcode) {
2373 case MGMT_OP_ADD_UUID:
2374 case MGMT_OP_REMOVE_UUID:
2375 case MGMT_OP_SET_DEV_CLASS:
2376 case MGMT_OP_SET_POWERED:
2377 return true;
2378 }
2379 }
2380
2381 return false;
2382}
2383
83be8eca
JH		 2384static const u8 bluetooth_base_uuid[] = {
2385 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2386 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2387};
2388
2389static u8 get_uuid_size(const u8 *uuid)
2390{
2391 u32 val;
2392
2393 if (memcmp(uuid, bluetooth_base_uuid, 12))
2394 return 128;
2395
2396 val = get_unaligned_le32(&uuid[12]);
2397 if (val > 0xffff)
2398 return 32;
2399
2400 return 16;
2401}
2402
92da6097
JH		 2403static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2404{
3b0602cd 2405 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2406
2407 hci_dev_lock(hdev);
2408
2409 cmd = mgmt_pending_find(mgmt_op, hdev);
2410 if (!cmd)
2411 goto unlock;
2412
2a1afb5a
JH		 2413 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2414 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2415
2416 mgmt_pending_remove(cmd);
2417
2418unlock:
2419 hci_dev_unlock(hdev);
2420}
2421
1904a853 2422static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2423{
2424 BT_DBG("status 0x%02x", status);
2425
2426 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2427}
2428
bdb6d971 2429static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2430{
650f726d 2431 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2432 struct mgmt_pending_cmd *cmd;
890ea898 2433 struct hci_request req;
2aeb9a1a 2434 struct bt_uuid *uuid;
2aeb9a1a
JH		 2435 int err;
2436
bdb6d971 2437 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2438
09fd0de5 2439 hci_dev_lock(hdev);
2aeb9a1a 2440
0cab9c80 2441 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2442 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2443 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2444 goto failed;
2445 }
2446
92c4c204 2447 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2448 if (!uuid) {
2449 err = -ENOMEM;
2450 goto failed;
2451 }
2452
2453 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2454 uuid->svc_hint = cp->svc_hint;
83be8eca 2455 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2456
de66aa63 2457 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2458
890ea898 2459 hci_req_init(&req, hdev);
1aff6f09 2460
890ea898
JH		 2461 update_class(&req);
2462 update_eir(&req);
2463
92da6097
JH		 2464 err = hci_req_run(&req, add_uuid_complete);
2465 if (err < 0) {
2466 if (err != -ENODATA)
2467 goto failed;
80a1e1db 2468
2a1afb5a
JH		 2469 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2470 hdev->dev_class, 3);
90e70454
JH		 2471 goto failed;
2472 }
2473
2474 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2475 if (!cmd) {
90e70454 2476 err = -ENOMEM;
890ea898
JH		 2477 goto failed;
2478 }
2479
2480 err = 0;
2aeb9a1a
JH		 2481
2482failed:
09fd0de5 2483 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2484 return err;
2485}
2486
24b78d0f
JH		 2487static bool enable_service_cache(struct hci_dev *hdev)
2488{
2489 if (!hdev_is_powered(hdev))
2490 return false;
2491
2492 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2493 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2494 CACHE_TIMEOUT);
24b78d0f
JH		 2495 return true;
2496 }
2497
2498 return false;
2499}
2500
1904a853 2501static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2502{
2503 BT_DBG("status 0x%02x", status);
2504
2505 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2506}
2507
bdb6d971 2508static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2509 u16 len)
2aeb9a1a 2510{
650f726d 2511 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2512 struct mgmt_pending_cmd *cmd;
056341c8 2513 struct bt_uuid *match, *tmp;
2aeb9a1a 2514 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2515 struct hci_request req;
2aeb9a1a
JH		 2516 int err, found;
2517
bdb6d971 2518 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2519
09fd0de5 2520 hci_dev_lock(hdev);
2aeb9a1a 2521
0cab9c80 2522 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2523 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2524 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2525 goto unlock;
2526 }
2527
2aeb9a1a 2528 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2529 hci_uuids_clear(hdev);
4004b6d9 2530
24b78d0f 2531 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2532 err = mgmt_cmd_complete(sk, hdev->id,
2533 MGMT_OP_REMOVE_UUID,
2534 0, hdev->dev_class, 3);
24b78d0f
JH		 2535 goto unlock;
2536 }
4004b6d9 2537
9246a869 2538 goto update_class;
2aeb9a1a
JH		 2539 }
2540
2541 found = 0;
2542
056341c8 2543 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2544 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2545 continue;
2546
2547 list_del(&match->list);
482049f7 2548 kfree(match);
2aeb9a1a
JH		 2549 found++;
2550 }
2551
2552 if (found == 0) {
a69e8375
JH		 2553 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2554 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2555 goto unlock;
2556 }
2557
9246a869 2558update_class:
890ea898 2559 hci_req_init(&req, hdev);
1aff6f09 2560
890ea898
JH		 2561 update_class(&req);
2562 update_eir(&req);
2563
92da6097
JH		 2564 err = hci_req_run(&req, remove_uuid_complete);
2565 if (err < 0) {
2566 if (err != -ENODATA)
2567 goto unlock;
80a1e1db 2568
2a1afb5a
JH		 2569 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2570 hdev->dev_class, 3);
90e70454
JH		 2571 goto unlock;
2572 }
2573
2574 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2575 if (!cmd) {
90e70454 2576 err = -ENOMEM;
890ea898
JH		 2577 goto unlock;
2578 }
2579
2580 err = 0;
2aeb9a1a
JH		 2581
2582unlock:
09fd0de5 2583 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2584 return err;
2585}
2586
1904a853 2587static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2588{
2589 BT_DBG("status 0x%02x", status);
2590
2591 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2592}
2593
bdb6d971 2594static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2595 u16 len)
1aff6f09 2596{
650f726d 2597 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2598 struct mgmt_pending_cmd *cmd;
890ea898 2599 struct hci_request req;
1aff6f09
JH		 2600 int err;
2601
bdb6d971 2602 BT_DBG("request for %s", hdev->name);
1aff6f09 2603
6203fc98 2604 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2605 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2606 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2607
0cab9c80 2608 hci_dev_lock(hdev);
ee98f473 2609
0cab9c80 2610 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2611 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2612 MGMT_STATUS_BUSY);
0cab9c80
JH		 2613 goto unlock;
2614 }
c95f0ba7 2615
0cab9c80 2616 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2617 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2618 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2619 goto unlock;
2620 }
575b3a02 2621
932f5ff5
JH		 2622 hdev->major_class = cp->major;
2623 hdev->minor_class = cp->minor;
2624
b5235a65 2625 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2626 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2627 hdev->dev_class, 3);
b5235a65
JH		 2628 goto unlock;
2629 }
2630
890ea898
JH		 2631 hci_req_init(&req, hdev);
2632
a8b2d5c2 2633 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2634 hci_dev_unlock(hdev);
2635 cancel_delayed_work_sync(&hdev->service_cache);
2636 hci_dev_lock(hdev);
890ea898 2637 update_eir(&req);
7d78525d 2638 }
14c0b608 2639
890ea898
JH		 2640 update_class(&req);
2641
92da6097
JH		 2642 err = hci_req_run(&req, set_class_complete);
2643 if (err < 0) {
2644 if (err != -ENODATA)
2645 goto unlock;
1aff6f09 2646
2a1afb5a
JH		 2647 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2648 hdev->dev_class, 3);
90e70454
JH		 2649 goto unlock;
2650 }
2651
2652 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2653 if (!cmd) {
90e70454 2654 err = -ENOMEM;
890ea898
JH		 2655 goto unlock;
2656 }
2657
2658 err = 0;
1aff6f09 2659
b5235a65 2660unlock:
09fd0de5 2661 hci_dev_unlock(hdev);
1aff6f09
JH		 2662 return err;
2663}
2664
bdb6d971 2665static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2666 u16 len)
55ed8ca1 2667{
650f726d 2668 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2669 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2670 sizeof(struct mgmt_link_key_info));
4e51eae9 2671 u16 key_count, expected_len;
b1de97d8 2672 bool changed;
a492cd52 2673 int i;
55ed8ca1 2674
9060d5cf
MH		 2675 BT_DBG("request for %s", hdev->name);
2676
2677 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2678 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2679 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2680
1f350c87 2681 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2682 if (key_count > max_key_count) {
2683 BT_ERR("load_link_keys: too big key_count value %u",
2684 key_count);
a69e8375
JH		 2685 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2686 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2687 }
55ed8ca1 2688
86742e1e
JH		 2689 expected_len = sizeof(*cp) + key_count *
2690 sizeof(struct mgmt_link_key_info);
a492cd52 2691 if (expected_len != len) {
86742e1e 2692 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2693 expected_len, len);
a69e8375
JH		 2694 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2695 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2696 }
2697
4ae14301 2698 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2699 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2700 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2701
bdb6d971 2702 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2703 key_count);
55ed8ca1 2704
4ee71b20
JH		 2705 for (i = 0; i < key_count; i++) {
2706 struct mgmt_link_key_info *key = &cp->keys[i];
2707
8e991132 2708 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2709 return mgmt_cmd_status(sk, hdev->id,
2710 MGMT_OP_LOAD_LINK_KEYS,
2711 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2712 }
2713
09fd0de5 2714 hci_dev_lock(hdev);
55ed8ca1
JH		 2715
2716 hci_link_keys_clear(hdev);
2717
55ed8ca1 2718 if (cp->debug_keys)
0663b297
JH		 2719 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2720 &hdev->dev_flags);
55ed8ca1 2721 else
0663b297
JH		 2722 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2723 &hdev->dev_flags);
b1de97d8
MH		 2724
2725 if (changed)
2726 new_settings(hdev, NULL);
55ed8ca1 2727
a492cd52 2728 for (i = 0; i < key_count; i++) {
86742e1e 2729 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2730
58e9293c
JH		 2731 /* Always ignore debug keys and require a new pairing if
2732 * the user wants to use them.
2733 */
2734 if (key->type == HCI_LK_DEBUG_COMBINATION)
2735 continue;
2736
7652ff6a
JH		 2737 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2738 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2739 }
2740
2a1afb5a 2741 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2742
09fd0de5 2743 hci_dev_unlock(hdev);
55ed8ca1 2744
a492cd52 2745 return 0;
55ed8ca1
JH		 2746}
2747
b1078ad0 2748static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2749 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2750{
2751 struct mgmt_ev_device_unpaired ev;
2752
2753 bacpy(&ev.addr.bdaddr, bdaddr);
2754 ev.addr.type = addr_type;
2755
2756 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2757 skip_sk);
b1078ad0
JH		 2758}
2759
bdb6d971 2760static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2761 u16 len)
55ed8ca1 2762{
124f6e35
JH		 2763 struct mgmt_cp_unpair_device *cp = data;
2764 struct mgmt_rp_unpair_device rp;
a8a1d19e 2765 struct hci_cp_disconnect dc;
3b0602cd 2766 struct mgmt_pending_cmd *cmd;
55ed8ca1 2767 struct hci_conn *conn;
55ed8ca1
JH		 2768 int err;
2769
a8a1d19e 2770 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2771 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2772 rp.addr.type = cp->addr.type;
a8a1d19e 2773
4ee71b20 2774 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2775 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2776 MGMT_STATUS_INVALID_PARAMS,
2777 &rp, sizeof(rp));
4ee71b20 2778
118da70b 2779 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2780 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2781 MGMT_STATUS_INVALID_PARAMS,
2782 &rp, sizeof(rp));
118da70b 2783
4ee71b20
JH		 2784 hci_dev_lock(hdev);
2785
86a8cfc6 2786 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2787 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2788 MGMT_STATUS_NOT_POWERED, &rp,
2789 sizeof(rp));
86a8cfc6
JH		 2790 goto unlock;
2791 }
2792
e0b2b27e 2793 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2794 /* If disconnection is requested, then look up the
2795 * connection. If the remote device is connected, it
2796 * will be later used to terminate the link.
2797 *
2798 * Setting it to NULL explicitly will cause no
2799 * termination of the link.
2800 */
2801 if (cp->disconnect)
2802 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2803 &cp->addr.bdaddr);
2804 else
2805 conn = NULL;
2806
124f6e35 2807 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2808 } else {
2809 u8 addr_type;
2810
89cbb063
AA		 2811 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2812 &cp->addr.bdaddr);
2813 if (conn) {
2814 /* Defer clearing up the connection parameters
2815 * until closing to give a chance of keeping
2816 * them if a repairing happens.
2817 */
2818 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2819
2820 /* If disconnection is not requested, then
2821 * clear the connection variable so that the
2822 * link is not terminated.
2823 */
2824 if (!cp->disconnect)
2825 conn = NULL;
2826 }
2827
e0b2b27e
JH		 2828 if (cp->addr.type == BDADDR_LE_PUBLIC)
2829 addr_type = ADDR_LE_DEV_PUBLIC;
2830 else
2831 addr_type = ADDR_LE_DEV_RANDOM;
2832
a7ec7338
JH		 2833 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2834
e0b2b27e
JH		 2835 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2836 }
b0dbfb46 2837
55ed8ca1 2838 if (err < 0) {
2a1afb5a
JH		 2839 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2840 MGMT_STATUS_NOT_PAIRED, &rp,
2841 sizeof(rp));
55ed8ca1
JH		 2842 goto unlock;
2843 }
2844
89cbb063
AA		 2845 /* If the connection variable is set, then termination of the
2846 * link is requested.
2847 */
a8a1d19e 2848 if (!conn) {
2a1afb5a
JH		 2849 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2850 &rp, sizeof(rp));
b1078ad0 2851 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2852 goto unlock;
2853 }
55ed8ca1 2854
124f6e35 2855 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2856 sizeof(*cp));
a8a1d19e
JH		 2857 if (!cmd) {
2858 err = -ENOMEM;
2859 goto unlock;
55ed8ca1
JH		 2860 }
2861
d8b7b1e4
JH		 2862 cmd->cmd_complete = addr_cmd_complete;
2863
eb55ef07 2864 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2865 dc.reason = 0x13; /* Remote User Terminated Connection */
2866 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2867 if (err < 0)
2868 mgmt_pending_remove(cmd);
2869
55ed8ca1 2870unlock:
09fd0de5 2871 hci_dev_unlock(hdev);
55ed8ca1
JH		 2872 return err;
2873}
2874
bdb6d971 2875static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2876 u16 len)
8962ee74 2877{
650f726d 2878 struct mgmt_cp_disconnect *cp = data;
06a63b19 2879 struct mgmt_rp_disconnect rp;
3b0602cd 2880 struct mgmt_pending_cmd *cmd;
8962ee74 2881 struct hci_conn *conn;
8962ee74
JH		 2882 int err;
2883
2884 BT_DBG("");
2885
06a63b19
JH		 2886 memset(&rp, 0, sizeof(rp));
2887 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2888 rp.addr.type = cp->addr.type;
2889
4ee71b20 2890 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2891 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2892 MGMT_STATUS_INVALID_PARAMS,
2893 &rp, sizeof(rp));
4ee71b20 2894
09fd0de5 2895 hci_dev_lock(hdev);
8962ee74
JH		 2896
2897 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2898 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2899 MGMT_STATUS_NOT_POWERED, &rp,
2900 sizeof(rp));
8962ee74
JH		 2901 goto failed;
2902 }
2903
2e58ef3e 2904 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2905 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2906 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2907 goto failed;
2908 }
2909
591f47f3 2910 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2911 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2912 &cp->addr.bdaddr);
88c3df13
JH		 2913 else
2914 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2915
f960727e 2916 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2917 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2918 MGMT_STATUS_NOT_CONNECTED, &rp,
2919 sizeof(rp));
8962ee74
JH		 2920 goto failed;
2921 }
2922
2e58ef3e 2923 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2924 if (!cmd) {
2925 err = -ENOMEM;
8962ee74 2926 goto failed;
366a0336 2927 }
8962ee74 2928
f5818c22
JH		 2929 cmd->cmd_complete = generic_cmd_complete;
2930
e3f2f92a 2931 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2932 if (err < 0)
a664b5bc 2933 mgmt_pending_remove(cmd);
8962ee74
JH		 2934
2935failed:
09fd0de5 2936 hci_dev_unlock(hdev);
8962ee74
JH		 2937 return err;
2938}
2939
57c1477c 2940static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2941{
2942 switch (link_type) {
2943 case LE_LINK:
48264f06
JH		 2944 switch (addr_type) {
2945 case ADDR_LE_DEV_PUBLIC:
591f47f3 2946 return BDADDR_LE_PUBLIC;
0ed09148 2947
48264f06 2948 default:
0ed09148 2949 /* Fallback to LE Random address type */
591f47f3 2950 return BDADDR_LE_RANDOM;
48264f06 2951 }
0ed09148 2952
4c659c39 2953 default:
0ed09148 2954 /* Fallback to BR/EDR type */
591f47f3 2955 return BDADDR_BREDR;
4c659c39
JH		 2956 }
2957}
2958
04124681
GP		 2959static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2960 u16 data_len)
2784eb41 2961{
2784eb41 2962 struct mgmt_rp_get_connections *rp;
8035ded4 2963 struct hci_conn *c;
a38528f1 2964 size_t rp_len;
60fc5fb6
JH		 2965 int err;
2966 u16 i;
2784eb41
JH		 2967
2968 BT_DBG("");
2969
09fd0de5 2970 hci_dev_lock(hdev);
2784eb41 2971
5f97c1df 2972 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2973 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2974 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2975 goto unlock;
2976 }
2977
60fc5fb6 2978 i = 0;
b644ba33
JH		 2979 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2980 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2981 i++;
2784eb41
JH		 2982 }
2983
60fc5fb6 2984 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2985 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2986 if (!rp) {
2784eb41
JH		 2987 err = -ENOMEM;
2988 goto unlock;
2989 }
2990
2784eb41 2991 i = 0;
4c659c39 2992 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2993 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2994 continue;
4c659c39 2995 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2996 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2997 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2998 continue;
2999 i++;
3000 }
3001
eb55ef07 3002 rp->conn_count = cpu_to_le16(i);
60fc5fb6 3003
4c659c39
JH		 3004 /* Recalculate length in case of filtered SCO connections, etc */
3005 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 3006
2a1afb5a
JH		 3007 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3008 rp_len);
2784eb41 3009
a38528f1 3010 kfree(rp);
5f97c1df
JH		 3011
3012unlock:
09fd0de5 3013 hci_dev_unlock(hdev);
2784eb41
JH		 3014 return err;
3015}
3016
bdb6d971 3017static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3018 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 3019{
3b0602cd 3020 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 3021 int err;
3022
2e58ef3e 3023 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 3024 sizeof(*cp));
96d97a67
WR		 3025 if (!cmd)
3026 return -ENOMEM;
3027
d8457698 3028 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 3029 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 3030 if (err < 0)
3031 mgmt_pending_remove(cmd);
3032
3033 return err;
3034}
3035
bdb6d971 3036static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3037 u16 len)
980e1a53 3038{
96d97a67 3039 struct hci_conn *conn;
650f726d 3040 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3041 struct hci_cp_pin_code_reply reply;
3b0602cd 3042 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3043 int err;
3044
3045 BT_DBG("");
3046
09fd0de5 3047 hci_dev_lock(hdev);
980e1a53 3048
4b34ee78 3049 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3050 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3051 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3052 goto failed;
3053 }
3054
d8457698 3055 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3056 if (!conn) {
a69e8375
JH		 3057 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3058 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3059 goto failed;
3060 }
3061
3062 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3063 struct mgmt_cp_pin_code_neg_reply ncp;
3064
3065 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3066
3067 BT_ERR("PIN code is not 16 bytes long");
3068
bdb6d971 3069 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3070 if (err >= 0)
a69e8375
JH		 3071 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3072 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3073
3074 goto failed;
3075 }
3076
00abfe44 3077 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3078 if (!cmd) {
3079 err = -ENOMEM;
980e1a53 3080 goto failed;
366a0336 3081 }
980e1a53 3082
7776d1d8
JH		 3083 cmd->cmd_complete = addr_cmd_complete;
3084
d8457698 3085 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3086 reply.pin_len = cp->pin_len;
24718ca5 3087 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3088
3089 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3090 if (err < 0)
a664b5bc 3091 mgmt_pending_remove(cmd);
980e1a53
JH		 3092
3093failed:
09fd0de5 3094 hci_dev_unlock(hdev);
980e1a53
JH		 3095 return err;
3096}
3097
04124681
GP		 3098static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3099 u16 len)
17fa4b9d 3100{
650f726d 3101 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3102
3103 BT_DBG("");
3104
4ec86d4c 3105 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3106 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3107 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 3108
09fd0de5 3109 hci_dev_lock(hdev);
17fa4b9d
JH		 3110
3111 hdev->io_capability = cp->io_capability;
3112
3113 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3114 hdev->io_capability);
17fa4b9d 3115
09fd0de5 3116 hci_dev_unlock(hdev);
17fa4b9d 3117
2a1afb5a
JH		 3118 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3119 NULL, 0);
17fa4b9d
JH		 3120}
3121
3b0602cd 3122static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3123{
3124 struct hci_dev *hdev = conn->hdev;
3b0602cd 3125 struct mgmt_pending_cmd *cmd;
e9a416b5 3126
2e58ef3e 3127 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3128 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3129 continue;
3130
e9a416b5
JH		 3131 if (cmd->user_data != conn)
3132 continue;
3133
3134 return cmd;
3135 }
3136
3137 return NULL;
3138}
3139
3b0602cd 3140static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3141{
3142 struct mgmt_rp_pair_device rp;
3143 struct hci_conn *conn = cmd->user_data;
9df74653 3144 int err;
e9a416b5 3145
61b1a7fb
JH		 3146 bacpy(&rp.addr.bdaddr, &conn->dst);
3147 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3148
2a1afb5a
JH		 3149 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3150 status, &rp, sizeof(rp));
e9a416b5
JH		 3151
3152 /* So we don't get further callbacks for this connection */
3153 conn->connect_cfm_cb = NULL;
3154 conn->security_cfm_cb = NULL;
3155 conn->disconn_cfm_cb = NULL;
3156
76a68ba0 3157 hci_conn_drop(conn);
89cbb063
AA		 3158
3159 /* The device is paired so there is no need to remove
3160 * its connection parameters anymore.
3161 */
3162 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3163
3164 hci_conn_put(conn);
9df74653
JH		 3165
3166 return err;
e9a416b5
JH		 3167}
3168
f4a407be
JH		 3169void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3170{
3171 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3172 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3173
3174 cmd = find_pairing(conn);
a511b35b 3175 if (cmd) {
04ab2749 3176 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3177 mgmt_pending_remove(cmd);
3178 }
f4a407be
JH		 3179}
3180
e9a416b5
JH		 3181static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3182{
3b0602cd 3183 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3184
3185 BT_DBG("status %u", status);
3186
3187 cmd = find_pairing(conn);
a511b35b 3188 if (!cmd) {
e9a416b5 3189 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3190 return;
3191 }
3192
3193 cmd->cmd_complete(cmd, mgmt_status(status));
3194 mgmt_pending_remove(cmd);
e9a416b5
JH		 3195}
3196
f4a407be 3197static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3198{
3b0602cd 3199 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3200
3201 BT_DBG("status %u", status);
3202
3203 if (!status)
3204 return;
3205
3206 cmd = find_pairing(conn);
a511b35b 3207 if (!cmd) {
4c47d739 3208 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3209 return;
3210 }
3211
3212 cmd->cmd_complete(cmd, mgmt_status(status));
3213 mgmt_pending_remove(cmd);
4c47d739
VA		 3214}
3215
bdb6d971 3216static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3217 u16 len)
e9a416b5 3218{
650f726d 3219 struct mgmt_cp_pair_device *cp = data;
1425acb7 3220 struct mgmt_rp_pair_device rp;
3b0602cd 3221 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3222 u8 sec_level, auth_type;
3223 struct hci_conn *conn;
e9a416b5
JH		 3224 int err;
3225
3226 BT_DBG("");
3227
f950a30e
SJ		 3228 memset(&rp, 0, sizeof(rp));
3229 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3230 rp.addr.type = cp->addr.type;
3231
4ee71b20 3232 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3233 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3234 MGMT_STATUS_INVALID_PARAMS,
3235 &rp, sizeof(rp));
4ee71b20 3236
4ec86d4c 3237 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3238 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3239 MGMT_STATUS_INVALID_PARAMS,
3240 &rp, sizeof(rp));
4ec86d4c 3241
09fd0de5 3242 hci_dev_lock(hdev);
e9a416b5 3243
5f97c1df 3244 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3245 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3246 MGMT_STATUS_NOT_POWERED, &rp,
3247 sizeof(rp));
5f97c1df
JH		 3248 goto unlock;
3249 }
3250
55e76b38
JH		 3251 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3252 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3253 MGMT_STATUS_ALREADY_PAIRED, &rp,
3254 sizeof(rp));
3255 goto unlock;
3256 }
3257
c908df36 3258 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3259 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3260
6f77d8c7 3261 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3262 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3263 auth_type);
6f77d8c7
AG		 3264 } else {
3265 u8 addr_type;
3266
3267 /* Convert from L2CAP channel address type to HCI address type
3268 */
3269 if (cp->addr.type == BDADDR_LE_PUBLIC)
3270 addr_type = ADDR_LE_DEV_PUBLIC;
3271 else
3272 addr_type = ADDR_LE_DEV_RANDOM;
3273
7c264b10
MH		 3274 /* When pairing a new device, it is expected to remember
3275 * this device for future connections. Adding the connection
3276 * parameter information ahead of time allows tracking
3277 * of the slave preferred values and will speed up any
3278 * further connection establishment.
3279 *
3280 * If connection parameters already exist, then they
3281 * will be kept and this function does nothing.
3282 */
3283 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3284
6f77d8c7 3285 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3286 sec_level, HCI_LE_CONN_TIMEOUT,
3287 HCI_ROLE_MASTER);
6f77d8c7 3288 }
7a512d01 3289
30e76272 3290 if (IS_ERR(conn)) {
489dc48e
AK		 3291 int status;
3292
3293 if (PTR_ERR(conn) == -EBUSY)
3294 status = MGMT_STATUS_BUSY;
faa81030
LR		 3295 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3296 status = MGMT_STATUS_NOT_SUPPORTED;
3297 else if (PTR_ERR(conn) == -ECONNREFUSED)
3298 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3299 else
3300 status = MGMT_STATUS_CONNECT_FAILED;
3301
2a1afb5a
JH		 3302 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3303 status, &rp, sizeof(rp));
e9a416b5
JH		 3304 goto unlock;
3305 }
3306
3307 if (conn->connect_cfm_cb) {
76a68ba0 3308 hci_conn_drop(conn);
2a1afb5a
JH		 3309 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3310 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3311 goto unlock;
3312 }
3313
2e58ef3e 3314 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3315 if (!cmd) {
3316 err = -ENOMEM;
76a68ba0 3317 hci_conn_drop(conn);
e9a416b5
JH		 3318 goto unlock;
3319 }
3320
04ab2749
JH		 3321 cmd->cmd_complete = pairing_complete;
3322
7a512d01 3323 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3324 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3325 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3326 conn->security_cfm_cb = pairing_complete_cb;
3327 conn->disconn_cfm_cb = pairing_complete_cb;
3328 } else {
3329 conn->connect_cfm_cb = le_pairing_complete_cb;
3330 conn->security_cfm_cb = le_pairing_complete_cb;
3331 conn->disconn_cfm_cb = le_pairing_complete_cb;
3332 }
7a512d01 3333
e9a416b5 3334 conn->io_capability = cp->io_cap;
f8aaf9b6 3335 cmd->user_data = hci_conn_get(conn);
e9a416b5 3336
6f78fd4b 3337 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3338 hci_conn_security(conn, sec_level, auth_type, true)) {
3339 cmd->cmd_complete(cmd, 0);
3340 mgmt_pending_remove(cmd);
3341 }
e9a416b5
JH		 3342
3343 err = 0;
3344
3345unlock:
09fd0de5 3346 hci_dev_unlock(hdev);
e9a416b5
JH		 3347 return err;
3348}
3349
04124681
GP		 3350static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3351 u16 len)
28424707 3352{
0f4e68cf 3353 struct mgmt_addr_info *addr = data;
3b0602cd 3354 struct mgmt_pending_cmd *cmd;
28424707
JH		 3355 struct hci_conn *conn;
3356 int err;
3357
3358 BT_DBG("");
3359
28424707
JH		 3360 hci_dev_lock(hdev);
3361
5f97c1df 3362 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3363 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3364 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3365 goto unlock;
3366 }
3367
28424707
JH		 3368 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3369 if (!cmd) {
a69e8375
JH		 3370 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3371 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3372 goto unlock;
3373 }
3374
3375 conn = cmd->user_data;
3376
3377 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3378 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3379 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3380 goto unlock;
3381 }
3382
a511b35b
JH		 3383 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3384 mgmt_pending_remove(cmd);
28424707 3385
2a1afb5a
JH		 3386 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3387 addr, sizeof(*addr));
28424707
JH		 3388unlock:
3389 hci_dev_unlock(hdev);
28424707
JH		 3390 return err;
3391}
3392
bdb6d971 3393static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3394 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3395 u16 hci_op, __le32 passkey)
a5c29683 3396{
3b0602cd 3397 struct mgmt_pending_cmd *cmd;
0df4c185 3398 struct hci_conn *conn;
a5c29683
JH		 3399 int err;
3400
09fd0de5 3401 hci_dev_lock(hdev);
08ba5382 3402
4b34ee78 3403 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3404 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3405 MGMT_STATUS_NOT_POWERED, addr,
3406 sizeof(*addr));
0df4c185 3407 goto done;
a5c29683
JH		 3408 }
3409
1707c60e
JH		 3410 if (addr->type == BDADDR_BREDR)
3411 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3412 else
1707c60e 3413 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3414
3415 if (!conn) {
2a1afb5a
JH		 3416 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3417 MGMT_STATUS_NOT_CONNECTED, addr,
3418 sizeof(*addr));
272d90df
JH		 3419 goto done;
3420 }
47c15e2b 3421
1707c60e 3422 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3423 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3424 if (!err)
2a1afb5a
JH		 3425 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3426 MGMT_STATUS_SUCCESS, addr,
3427 sizeof(*addr));
5fe57d9e 3428 else
2a1afb5a
JH		 3429 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3430 MGMT_STATUS_FAILED, addr,
3431 sizeof(*addr));
47c15e2b 3432
47c15e2b
BG		 3433 goto done;
3434 }
3435
1707c60e 3436 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3437 if (!cmd) {
3438 err = -ENOMEM;
0df4c185 3439 goto done;
a5c29683
JH		 3440 }
3441
7776d1d8
JH		 3442 cmd->cmd_complete = addr_cmd_complete;
3443
0df4c185 3444 /* Continue with pairing via HCI */
604086b7
BG		 3445 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3446 struct hci_cp_user_passkey_reply cp;
3447
1707c60e 3448 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3449 cp.passkey = passkey;
3450 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3451 } else
1707c60e
JH		 3452 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3453 &addr->bdaddr);
604086b7 3454
a664b5bc
JH		 3455 if (err < 0)
3456 mgmt_pending_remove(cmd);
a5c29683 3457
0df4c185 3458done:
09fd0de5 3459 hci_dev_unlock(hdev);
a5c29683
JH		 3460 return err;
3461}
3462
afeb019d
JK		 3463static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3464 void *data, u16 len)
3465{
3466 struct mgmt_cp_pin_code_neg_reply *cp = data;
3467
3468 BT_DBG("");
3469
1707c60e 3470 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3471 MGMT_OP_PIN_CODE_NEG_REPLY,
3472 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3473}
3474
04124681
GP		 3475static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3476 u16 len)
0df4c185 3477{
650f726d 3478 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3479
3480 BT_DBG("");
3481
3482 if (len != sizeof(*cp))
a69e8375
JH		 3483 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3484 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3485
1707c60e 3486 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3487 MGMT_OP_USER_CONFIRM_REPLY,
3488 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3489}
3490
bdb6d971 3491static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3492 void *data, u16 len)
0df4c185 3493{
c9c2659f 3494 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3495
3496 BT_DBG("");
3497
1707c60e 3498 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3499 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3500 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3501}
3502
04124681
GP		 3503static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3504 u16 len)
604086b7 3505{
650f726d 3506 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3507
3508 BT_DBG("");
3509
1707c60e 3510 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3511 MGMT_OP_USER_PASSKEY_REPLY,
3512 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3513}
3514
bdb6d971 3515static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3516 void *data, u16 len)
604086b7 3517{
650f726d 3518 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3519
3520 BT_DBG("");
3521
1707c60e 3522 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3523 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3524 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3525}
3526
13928971 3527static void update_name(struct hci_request *req)
2b4bf397 3528{
13928971 3529 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3530 struct hci_cp_write_local_name cp;
3531
13928971 3532 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3533
890ea898 3534 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3535}
3536
1904a853 3537static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3538{
3539 struct mgmt_cp_set_local_name *cp;
3b0602cd 3540 struct mgmt_pending_cmd *cmd;
13928971
JH		 3541
3542 BT_DBG("status 0x%02x", status);
3543
3544 hci_dev_lock(hdev);
3545
3546 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3547 if (!cmd)
3548 goto unlock;
3549
3550 cp = cmd->param;
3551
3552 if (status)
a69e8375
JH		 3553 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3554 mgmt_status(status));
13928971 3555 else
2a1afb5a
JH		 3556 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3557 cp, sizeof(*cp));
13928971
JH		 3558
3559 mgmt_pending_remove(cmd);
3560
3561unlock:
3562 hci_dev_unlock(hdev);
3563}
3564
bdb6d971 3565static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3566 u16 len)
b312b161 3567{
2b4bf397 3568 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3569 struct mgmt_pending_cmd *cmd;
890ea898 3570 struct hci_request req;
b312b161
JH		 3571 int err;
3572
3573 BT_DBG("");
3574
09fd0de5 3575 hci_dev_lock(hdev);
b312b161 3576
b3f2ca94
JH		 3577 /* If the old values are the same as the new ones just return a
3578 * direct command complete event.
3579 */
3580 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3581 !memcmp(hdev->short_name, cp->short_name,
3582 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3583 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3584 data, len);
b3f2ca94
JH		 3585 goto failed;
3586 }
3587
2b4bf397 3588 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3589
b5235a65 3590 if (!hdev_is_powered(hdev)) {
2b4bf397 3591 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3592
2a1afb5a
JH		 3593 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3594 data, len);
28cc7bde
JH		 3595 if (err < 0)
3596 goto failed;
3597
3598 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3599 sk);
28cc7bde 3600
b5235a65
JH		 3601 goto failed;
3602 }
3603
28cc7bde 3604 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3605 if (!cmd) {
3606 err = -ENOMEM;
3607 goto failed;
3608 }
3609
13928971
JH		 3610 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3611
890ea898 3612 hci_req_init(&req, hdev);
3f985050
JH		 3613
3614 if (lmp_bredr_capable(hdev)) {
3615 update_name(&req);
3616 update_eir(&req);
3617 }
3618
7a5f4990
MH		 3619 /* The name is stored in the scan response data and so
3620 * no need to udpate the advertising data here.
3621 */
3f985050 3622 if (lmp_le_capable(hdev))
7a5f4990 3623 update_scan_rsp_data(&req);
3f985050 3624
13928971 3625 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3626 if (err < 0)
3627 mgmt_pending_remove(cmd);
3628
3629failed:
09fd0de5 3630 hci_dev_unlock(hdev);
b312b161
JH		 3631 return err;
3632}
3633
0f4e68cf 3634static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3635 void *data, u16 data_len)
c35938b2 3636{
3b0602cd 3637 struct mgmt_pending_cmd *cmd;
c35938b2
SJ		 3638 int err;
3639
bdb6d971 3640 BT_DBG("%s", hdev->name);
c35938b2 3641
09fd0de5 3642 hci_dev_lock(hdev);
c35938b2 3643
4b34ee78 3644 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3645 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3646 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3647 goto unlock;
3648 }
3649
9a1a1996 3650 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3651 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3652 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3653 goto unlock;
3654 }
3655
2e58ef3e 3656 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3657 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3658 MGMT_STATUS_BUSY);
c35938b2
SJ		 3659 goto unlock;
3660 }
3661
2e58ef3e 3662 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3663 if (!cmd) {
3664 err = -ENOMEM;
3665 goto unlock;
3666 }
3667
710f11c0 3668 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3669 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3670 0, NULL);
3671 else
3672 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3673
c35938b2
SJ		 3674 if (err < 0)
3675 mgmt_pending_remove(cmd);
3676
3677unlock:
09fd0de5 3678 hci_dev_unlock(hdev);
c35938b2
SJ		 3679 return err;
3680}
3681
bdb6d971 3682static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3683 void *data, u16 len)
2763eda6 3684{
5d57e796 3685 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3686 int err;
3687
bdb6d971 3688 BT_DBG("%s ", hdev->name);
2763eda6 3689
5d57e796 3690 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3691 return mgmt_cmd_complete(sk, hdev->id,
3692 MGMT_OP_ADD_REMOTE_OOB_DATA,
3693 MGMT_STATUS_INVALID_PARAMS,
3694 addr, sizeof(*addr));
5d57e796 3695
09fd0de5 3696 hci_dev_lock(hdev);
2763eda6 3697
ec109113
MH		 3698 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3699 struct mgmt_cp_add_remote_oob_data *cp = data;
3700 u8 status;
bf1e3541 3701
c19a495c 3702 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3703 err = mgmt_cmd_complete(sk, hdev->id,
3704 MGMT_OP_ADD_REMOTE_OOB_DATA,
3705 MGMT_STATUS_INVALID_PARAMS,
3706 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3707 goto unlock;
3708 }
3709
ec109113 3710 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3711 cp->addr.type, cp->hash,
3712 cp->rand, NULL, NULL);
ec109113
MH		 3713 if (err < 0)
3714 status = MGMT_STATUS_FAILED;
3715 else
3716 status = MGMT_STATUS_SUCCESS;
3717
2a1afb5a
JH		 3718 err = mgmt_cmd_complete(sk, hdev->id,
3719 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3720 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3721 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3722 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3723 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3724 u8 status;
3725
86df9200 3726 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3727 /* Enforce zero-valued 192-bit parameters as
3728 * long as legacy SMP OOB isn't implemented.
3729 */
3730 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3731 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3732 err = mgmt_cmd_complete(sk, hdev->id,
3733 MGMT_OP_ADD_REMOTE_OOB_DATA,
3734 MGMT_STATUS_INVALID_PARAMS,
3735 addr, sizeof(*addr));
d25b78e2
JH		 3736 goto unlock;
3737 }
3738
86df9200
JH		 3739 rand192 = NULL;
3740 hash192 = NULL;
3741 } else {
41bcfd50
MH		 3742 /* In case one of the P-192 values is set to zero,
3743 * then just disable OOB data for P-192.
3744 */
3745 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3746 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3747 rand192 = NULL;
3748 hash192 = NULL;
3749 } else {
3750 rand192 = cp->rand192;
3751 hash192 = cp->hash192;
3752 }
3753 }
3754
3755 /* In case one of the P-256 values is set to zero, then just
3756 * disable OOB data for P-256.
3757 */
3758 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3759 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3760 rand256 = NULL;
3761 hash256 = NULL;
3762 } else {
3763 rand256 = cp->rand256;
3764 hash256 = cp->hash256;
86df9200
JH		 3765 }
3766
81328d5c 3767 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3768 cp->addr.type, hash192, rand192,
41bcfd50 3769 hash256, rand256);
ec109113
MH		 3770 if (err < 0)
3771 status = MGMT_STATUS_FAILED;
3772 else
3773 status = MGMT_STATUS_SUCCESS;
3774
2a1afb5a
JH		 3775 err = mgmt_cmd_complete(sk, hdev->id,
3776 MGMT_OP_ADD_REMOTE_OOB_DATA,
3777 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3778 } else {
3779 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3780 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3781 MGMT_STATUS_INVALID_PARAMS);
ec109113 3782 }
2763eda6 3783
c19a495c 3784unlock:
09fd0de5 3785 hci_dev_unlock(hdev);
2763eda6
SJ		 3786 return err;
3787}
3788
bdb6d971 3789static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3790 void *data, u16 len)
2763eda6 3791{
650f726d 3792 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3793 u8 status;
2763eda6
SJ		 3794 int err;
3795
bdb6d971 3796 BT_DBG("%s", hdev->name);
2763eda6 3797
c19a495c 3798 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3799 return mgmt_cmd_complete(sk, hdev->id,
3800 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3801 MGMT_STATUS_INVALID_PARAMS,
3802 &cp->addr, sizeof(cp->addr));
c19a495c 3803
09fd0de5 3804 hci_dev_lock(hdev);
2763eda6 3805
eedbd581
JH		 3806 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3807 hci_remote_oob_data_clear(hdev);
3808 status = MGMT_STATUS_SUCCESS;
3809 goto done;
3810 }
3811
6928a924 3812 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3813 if (err < 0)
bf1e3541 3814 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3815 else
a6785be2 3816 status = MGMT_STATUS_SUCCESS;
bf1e3541 3817
eedbd581 3818done:
2a1afb5a
JH		 3819 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3820 status, &cp->addr, sizeof(cp->addr));
2763eda6 3821
09fd0de5 3822 hci_dev_unlock(hdev);
2763eda6
SJ		 3823 return err;
3824}
3825
8019044d 3826static bool trigger_discovery(struct hci_request *req, u8 *status)
41dc2bd6 3827{
8019044d
MH		 3828 struct hci_dev *hdev = req->hdev;
3829 struct hci_cp_le_set_scan_param param_cp;
3830 struct hci_cp_le_set_scan_enable enable_cp;
3831 struct hci_cp_inquiry inq_cp;
3832 /* General inquiry access code (GIAC) */
3833 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3834 u8 own_addr_type;
41dc2bd6
AG		 3835 int err;
3836
8019044d
MH		 3837 switch (hdev->discovery.type) {
3838 case DISCOV_TYPE_BREDR:
3839 *status = mgmt_bredr_support(hdev);
3840 if (*status)
3841 return false;
41dc2bd6 3842
8019044d
MH		 3843 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3844 *status = MGMT_STATUS_BUSY;
3845 return false;
3846 }
41dc2bd6 3847
8019044d 3848 hci_inquiry_cache_flush(hdev);
41dc2bd6 3849
8019044d
MH		 3850 memset(&inq_cp, 0, sizeof(inq_cp));
3851 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3852 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3853 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3854 break;
41dc2bd6 3855
8019044d
MH		 3856 case DISCOV_TYPE_LE:
3857 case DISCOV_TYPE_INTERLEAVED:
3858 *status = mgmt_le_support(hdev);
3859 if (*status)
3860 return false;
3861
3862 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3863 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3864 *status = MGMT_STATUS_NOT_SUPPORTED;
3865 return false;
3866 }
3867
3868 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3869 /* Don't let discovery abort an outgoing
3870 * connection attempt that's using directed
3871 * advertising.
3872 */
3873 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3874 BT_CONNECT)) {
3875 *status = MGMT_STATUS_REJECTED;
3876 return false;
3877 }
3878
3879 disable_advertising(req);
3880 }
3881
3882 /* If controller is scanning, it means the background scanning
3883 * is running. Thus, we should temporarily stop it in order to
3884 * set the discovery scanning parameters.
3885 */
3886 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3887 hci_req_add_le_scan_disable(req);
3888
3889 memset(&param_cp, 0, sizeof(param_cp));
3890
3891 /* All active scans will be done with either a resolvable
3892 * private address (when privacy feature has been enabled)
9437d2ed 3893 * or non-resolvable private address.
8019044d
MH		 3894 */
3895 err = hci_update_random_address(req, true, &own_addr_type);
3896 if (err < 0) {
3897 *status = MGMT_STATUS_FAILED;
3898 return false;
3899 }
3900
3901 param_cp.type = LE_SCAN_ACTIVE;
3902 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3903 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3904 param_cp.own_address_type = own_addr_type;
3905 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3906 &param_cp);
3907
3908 memset(&enable_cp, 0, sizeof(enable_cp));
3909 enable_cp.enable = LE_SCAN_ENABLE;
3910 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3911 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3912 &enable_cp);
3913 break;
3914
3915 default:
3916 *status = MGMT_STATUS_INVALID_PARAMS;
3917 return false;
3918 }
3919
3920 return true;
41dc2bd6
AG		 3921}
3922
1904a853
MH		 3923static void start_discovery_complete(struct hci_dev *hdev, u8 status,
3924 u16 opcode)
7c307720 3925{
3b0602cd 3926 struct mgmt_pending_cmd *cmd;
11e6e25d 3927 unsigned long timeout;
ae55f598 3928
7c307720
AG		 3929 BT_DBG("status %d", status);
3930
11e6e25d 3931 hci_dev_lock(hdev);
41dc2bd6 3932
11e6e25d 3933 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427
JP		 3934 if (!cmd)
3935 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3936
11e6e25d 3937 if (cmd) {
2922a94f 3938 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3939 mgmt_pending_remove(cmd);
3940 }
7c307720
AG		 3941
3942 if (status) {
11e6e25d
MH		 3943 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3944 goto unlock;
7c307720
AG		 3945 }
3946
7c307720 3947 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720 3948
2d28cfe7
JP		 3949 /* If the scan involves LE scan, pick proper timeout to schedule
3950 * hdev->le_scan_disable that will stop it.
3951 */
7c307720
AG		 3952 switch (hdev->discovery.type) {
3953 case DISCOV_TYPE_LE:
3d5a76f0 3954 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 3955 break;
7c307720 3956 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3957 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 3958 break;
7c307720 3959 case DISCOV_TYPE_BREDR:
11e6e25d 3960 timeout = 0;
7c307720 3961 break;
7c307720
AG		 3962 default:
3963 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 3964 timeout = 0;
3965 break;
7c307720 3966 }
ae55f598 3967
2d28cfe7
JP		 3968 if (timeout) {
3969 /* When service discovery is used and the controller has
3970 * a strict duplicate filter, it is important to remember
3971 * the start and duration of the scan. This is required
3972 * for restarting scanning during the discovery phase.
3973 */
3974 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
3975 &hdev->quirks) &&
82f8b651 3976 hdev->discovery.result_filtering) {
2d28cfe7
JP		 3977 hdev->discovery.scan_start = jiffies;
3978 hdev->discovery.scan_duration = timeout;
3979 }
3980
11e6e25d
MH		 3981 queue_delayed_work(hdev->workqueue,
3982 &hdev->le_scan_disable, timeout);
2d28cfe7 3983 }
ae55f598 3984
11e6e25d
MH		 3985unlock:
3986 hci_dev_unlock(hdev);
7c307720
AG		 3987}
3988
bdb6d971 3989static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3990 void *data, u16 len)
14a53664 3991{
650f726d 3992 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 3993 struct mgmt_pending_cmd *cmd;
7c307720 3994 struct hci_request req;
8019044d 3995 u8 status;
14a53664
JH		 3996 int err;
3997
bdb6d971 3998 BT_DBG("%s", hdev->name);
14a53664 3999
09fd0de5 4000 hci_dev_lock(hdev);
14a53664 4001
4b34ee78 4002 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4003 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4004 MGMT_STATUS_NOT_POWERED,
4005 &cp->type, sizeof(cp->type));
bd2d1334
JH		 4006 goto failed;
4007 }
4008
f5a969f2
MH		 4009 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4010 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2a1afb5a
JH		 4011 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4012 MGMT_STATUS_BUSY, &cp->type,
4013 sizeof(cp->type));
642be6c7
AG		 4014 goto failed;
4015 }
4016
2922a94f 4017 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 4018 if (!cmd) {
4019 err = -ENOMEM;
4020 goto failed;
4021 }
4022
2922a94f
JH		 4023 cmd->cmd_complete = generic_cmd_complete;
4024
22078800
MH		 4025 /* Clear the discovery filter first to free any previously
4026 * allocated memory for the UUID list.
4027 */
4028 hci_discovery_filter_clear(hdev);
4029
4aab14e5 4030 hdev->discovery.type = cp->type;
da25cf6a 4031 hdev->discovery.report_invalid_rssi = false;
4aab14e5 4032
7c307720
AG		 4033 hci_req_init(&req, hdev);
4034
8019044d 4035 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4036 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4037 status, &cp->type, sizeof(cp->type));
04106755
JH		 4038 mgmt_pending_remove(cmd);
4039 goto failed;
f39799f5 4040 }
04106755 4041
7c307720 4042 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 4043 if (err < 0) {
14a53664 4044 mgmt_pending_remove(cmd);
f5a969f2
MH		 4045 goto failed;
4046 }
7c307720 4047
f5a969f2 4048 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 4049
14a53664 4050failed:
09fd0de5 4051 hci_dev_unlock(hdev);
14a53664
JH		 4052 return err;
4053}
f39799f5 4054
3b0602cd
JH		 4055static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4056 u8 status)
2922a94f 4057{
2a1afb5a
JH		 4058 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4059 cmd->param, 1);
2922a94f 4060}
04106755 4061
66ea9427
JP		 4062static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4063 void *data, u16 len)
4064{
4065 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 4066 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 4067 struct hci_request req;
4068 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4069 u16 uuid_count, expected_len;
4070 u8 status;
4071 int err;
04106755 4072
66ea9427 4073 BT_DBG("%s", hdev->name);
e8bb6b97 4074
66ea9427 4075 hci_dev_lock(hdev);
7c307720 4076
66ea9427 4077 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4078 err = mgmt_cmd_complete(sk, hdev->id,
4079 MGMT_OP_START_SERVICE_DISCOVERY,
4080 MGMT_STATUS_NOT_POWERED,
4081 &cp->type, sizeof(cp->type));
66ea9427
JP		 4082 goto failed;
4083 }
7c307720 4084
66ea9427
JP		 4085 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4086 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2a1afb5a
JH		 4087 err = mgmt_cmd_complete(sk, hdev->id,
4088 MGMT_OP_START_SERVICE_DISCOVERY,
4089 MGMT_STATUS_BUSY, &cp->type,
4090 sizeof(cp->type));
66ea9427
JP		 4091 goto failed;
4092 }
d9483943 4093
66ea9427
JP		 4094 uuid_count = __le16_to_cpu(cp->uuid_count);
4095 if (uuid_count > max_uuid_count) {
4096 BT_ERR("service_discovery: too big uuid_count value %u",
4097 uuid_count);
2a1afb5a
JH		 4098 err = mgmt_cmd_complete(sk, hdev->id,
4099 MGMT_OP_START_SERVICE_DISCOVERY,
4100 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4101 sizeof(cp->type));
66ea9427
JP		 4102 goto failed;
4103 }
4104
4105 expected_len = sizeof(*cp) + uuid_count * 16;
4106 if (expected_len != len) {
4107 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4108 expected_len, len);
2a1afb5a
JH		 4109 err = mgmt_cmd_complete(sk, hdev->id,
4110 MGMT_OP_START_SERVICE_DISCOVERY,
4111 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4112 sizeof(cp->type));
66ea9427
JP		 4113 goto failed;
4114 }
4115
4116 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4117 hdev, data, len);
66ea9427
JP		 4118 if (!cmd) {
4119 err = -ENOMEM;
4120 goto failed;
4121 }
4122
2922a94f
JH		 4123 cmd->cmd_complete = service_discovery_cmd_complete;
4124
22078800
MH		 4125 /* Clear the discovery filter first to free any previously
4126 * allocated memory for the UUID list.
4127 */
4128 hci_discovery_filter_clear(hdev);
4129
82f8b651 4130 hdev->discovery.result_filtering = true;
66ea9427
JP		 4131 hdev->discovery.type = cp->type;
4132 hdev->discovery.rssi = cp->rssi;
4133 hdev->discovery.uuid_count = uuid_count;
4134
4135 if (uuid_count > 0) {
4136 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4137 GFP_KERNEL);
4138 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4139 err = mgmt_cmd_complete(sk, hdev->id,
4140 MGMT_OP_START_SERVICE_DISCOVERY,
4141 MGMT_STATUS_FAILED,
4142 &cp->type, sizeof(cp->type));
d9483943
JH		 4143 mgmt_pending_remove(cmd);
4144 goto failed;
4145 }
66ea9427 4146 }
d9483943 4147
66ea9427 4148 hci_req_init(&req, hdev);
5e0452c0 4149
66ea9427 4150 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4151 err = mgmt_cmd_complete(sk, hdev->id,
4152 MGMT_OP_START_SERVICE_DISCOVERY,
4153 status, &cp->type, sizeof(cp->type));
04106755
JH		 4154 mgmt_pending_remove(cmd);
4155 goto failed;
f39799f5 4156 }
3fd24153 4157
7c307720 4158 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4159 if (err < 0) {
14a53664 4160 mgmt_pending_remove(cmd);
66ea9427
JP		 4161 goto failed;
4162 }
4163
4164 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4165
4166failed:
09fd0de5 4167 hci_dev_unlock(hdev);
14a53664
JH		 4168 return err;
4169}
4170
1904a853 4171static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1183fdca 4172{
3b0602cd 4173 struct mgmt_pending_cmd *cmd;
1183fdca 4174
0e05bba6
AG		 4175 BT_DBG("status %d", status);
4176
4177 hci_dev_lock(hdev);
4178
11e6e25d
MH		 4179 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4180 if (cmd) {
2922a94f 4181 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4182 mgmt_pending_remove(cmd);
0e05bba6
AG		 4183 }
4184
11e6e25d
MH		 4185 if (!status)
4186 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4187
0e05bba6
AG		 4188 hci_dev_unlock(hdev);
4189}
4190
bdb6d971 4191static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4192 u16 len)
14a53664 4193{
d930650b 4194 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4195 struct mgmt_pending_cmd *cmd;
0e05bba6 4196 struct hci_request req;
14a53664
JH		 4197 int err;
4198
bdb6d971 4199 BT_DBG("%s", hdev->name);
14a53664 4200
09fd0de5 4201 hci_dev_lock(hdev);
14a53664 4202
30dc78e1 4203 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4204 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4205 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4206 sizeof(mgmt_cp->type));
d930650b
JH		 4207 goto unlock;
4208 }
4209
4210 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4211 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4212 MGMT_STATUS_INVALID_PARAMS,
4213 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4214 goto unlock;
ff9ef578
JH		 4215 }
4216
2922a94f 4217 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4218 if (!cmd) {
4219 err = -ENOMEM;
30dc78e1
JH		 4220 goto unlock;
4221 }
4222
2922a94f
JH		 4223 cmd->cmd_complete = generic_cmd_complete;
4224
0e05bba6
AG		 4225 hci_req_init(&req, hdev);
4226
21a60d30 4227 hci_stop_discovery(&req);
e0d9727e 4228
21a60d30
JH		 4229 err = hci_req_run(&req, stop_discovery_complete);
4230 if (!err) {
4231 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4232 goto unlock;
14a53664
JH		 4233 }
4234
21a60d30
JH		 4235 mgmt_pending_remove(cmd);
4236
4237 /* If no HCI commands were sent we're done */
4238 if (err == -ENODATA) {
2a1afb5a
JH		 4239 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4240 &mgmt_cp->type, sizeof(mgmt_cp->type));
21a60d30
JH		 4241 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4242 }
14a53664 4243
30dc78e1 4244unlock:
09fd0de5 4245 hci_dev_unlock(hdev);
14a53664
JH		 4246 return err;
4247}
4248
bdb6d971 4249static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4250 u16 len)
561aafbc 4251{
650f726d 4252 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4253 struct inquiry_entry *e;
561aafbc
JH		 4254 int err;
4255
bdb6d971 4256 BT_DBG("%s", hdev->name);
561aafbc 4257
561aafbc
JH		 4258 hci_dev_lock(hdev);
4259
30dc78e1 4260 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4261 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4262 MGMT_STATUS_FAILED, &cp->addr,
4263 sizeof(cp->addr));
30dc78e1
JH		 4264 goto failed;
4265 }
4266
a198e7b1 4267 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4268 if (!e) {
2a1afb5a
JH		 4269 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4270 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4271 sizeof(cp->addr));
561aafbc
JH		 4272 goto failed;
4273 }
4274
4275 if (cp->name_known) {
4276 e->name_state = NAME_KNOWN;
4277 list_del(&e->list);
4278 } else {
4279 e->name_state = NAME_NEEDED;
a3d4e20a 4280 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4281 }
4282
2a1afb5a
JH		 4283 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4284 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4285
4286failed:
4287 hci_dev_unlock(hdev);
561aafbc
JH		 4288 return err;
4289}
4290
bdb6d971 4291static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4292 u16 len)
7fbec224 4293{
650f726d 4294 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4295 u8 status;
7fbec224
AJ		 4296 int err;
4297
bdb6d971 4298 BT_DBG("%s", hdev->name);
7fbec224 4299
4ee71b20 4300 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4301 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4302 MGMT_STATUS_INVALID_PARAMS,
4303 &cp->addr, sizeof(cp->addr));
4ee71b20 4304
09fd0de5 4305 hci_dev_lock(hdev);
5e762444 4306
dcc36c16
JH		 4307 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4308 cp->addr.type);
2a8357f2 4309 if (err < 0) {
f0eeea8b 4310 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4311 goto done;
4312 }
4313
4314 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4315 sk);
4316 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4317
2a8357f2 4318done:
2a1afb5a
JH		 4319 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4320 &cp->addr, sizeof(cp->addr));
5e762444 4321
09fd0de5 4322 hci_dev_unlock(hdev);
7fbec224
AJ		 4323
4324 return err;
4325}
4326
bdb6d971 4327static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4328 u16 len)
7fbec224 4329{
650f726d 4330 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4331 u8 status;
7fbec224
AJ		 4332 int err;
4333
bdb6d971 4334 BT_DBG("%s", hdev->name);
7fbec224 4335
4ee71b20 4336 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4337 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4338 MGMT_STATUS_INVALID_PARAMS,
4339 &cp->addr, sizeof(cp->addr));
4ee71b20 4340
09fd0de5 4341 hci_dev_lock(hdev);
5e762444 4342
dcc36c16
JH		 4343 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4344 cp->addr.type);
2a8357f2 4345 if (err < 0) {
f0eeea8b 4346 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4347 goto done;
4348 }
4349
4350 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4351 sk);
4352 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4353
2a8357f2 4354done:
2a1afb5a
JH		 4355 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4356 &cp->addr, sizeof(cp->addr));
5e762444 4357
09fd0de5 4358 hci_dev_unlock(hdev);
7fbec224
AJ		 4359
4360 return err;
4361}
4362
cdbaccca
MH		 4363static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4364 u16 len)
4365{
4366 struct mgmt_cp_set_device_id *cp = data;
890ea898 4367 struct hci_request req;
cdbaccca 4368 int err;
c72d4b8a 4369 __u16 source;
cdbaccca
MH		 4370
4371 BT_DBG("%s", hdev->name);
4372
c72d4b8a
SJ		 4373 source = __le16_to_cpu(cp->source);
4374
4375 if (source > 0x0002)
a69e8375
JH		 4376 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4377 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4378
cdbaccca
MH		 4379 hci_dev_lock(hdev);
4380
c72d4b8a 4381 hdev->devid_source = source;
cdbaccca
MH		 4382 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4383 hdev->devid_product = __le16_to_cpu(cp->product);
4384 hdev->devid_version = __le16_to_cpu(cp->version);
4385
2a1afb5a
JH		 4386 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4387 NULL, 0);
cdbaccca 4388
890ea898
JH		 4389 hci_req_init(&req, hdev);
4390 update_eir(&req);
4391 hci_req_run(&req, NULL);
cdbaccca
MH		 4392
4393 hci_dev_unlock(hdev);
4394
4395 return err;
4396}
4397
1904a853
MH		 4398static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4399 u16 opcode)
4375f103
JH		 4400{
4401 struct cmd_lookup match = { NULL, hdev };
4402
3ad67582
JK		 4403 hci_dev_lock(hdev);
4404
4375f103
JH		 4405 if (status) {
4406 u8 mgmt_err = mgmt_status(status);
4407
4408 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4409 cmd_status_rsp, &mgmt_err);
3ad67582 4410 goto unlock;
4375f103
JH		 4411 }
4412
c93bd150
JH		 4413 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4414 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4415 else
4416 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4417
4375f103
JH		 4418 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4419 &match);
4420
4421 new_settings(hdev, match.sk);
4422
4423 if (match.sk)
4424 sock_put(match.sk);
3ad67582
JK		 4425
4426unlock:
4427 hci_dev_unlock(hdev);
4375f103
JH		 4428}
4429
21b5187f
MH		 4430static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4431 u16 len)
4375f103
JH		 4432{
4433 struct mgmt_mode *cp = data;
3b0602cd 4434 struct mgmt_pending_cmd *cmd;
4375f103 4435 struct hci_request req;
cc91cb04 4436 u8 val, status;
4375f103
JH		 4437 int err;
4438
4439 BT_DBG("request for %s", hdev->name);
4440
e6fe7986
JH		 4441 status = mgmt_le_support(hdev);
4442 if (status)
a69e8375
JH		 4443 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4444 status);
4375f103 4445
cc91cb04 4446 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4447 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4448 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4449
4450 hci_dev_lock(hdev);
4451
4452 val = !!cp->val;
4375f103 4453
f74ca9b8
JH		 4454 /* The following conditions are ones which mean that we should
4455 * not do any HCI communication but directly send a mgmt
4456 * response to user space (after toggling the flag if
4457 * necessary).
4458 */
cc91cb04
MH		 4459 if (!hdev_is_powered(hdev) ||
4460 (val == test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
4461 (cp->val == 0x02) == test_bit(HCI_ADVERTISING_CONNECTABLE,
4462 &hdev->dev_flags)) ||
e8bb6b97
JH		 4463 hci_conn_num(hdev, LE_LINK) > 0 ||
4464 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4465 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 4466 bool changed;
4375f103 4467
cc91cb04
MH		 4468 if (cp->val) {
4469 changed = !test_and_set_bit(HCI_ADVERTISING,
4470 &hdev->dev_flags);
4471 if (cp->val == 0x02)
4472 set_bit(HCI_ADVERTISING_CONNECTABLE,
4473 &hdev->dev_flags);
4474 else
4475 clear_bit(HCI_ADVERTISING_CONNECTABLE,
4476 &hdev->dev_flags);
4477 } else {
4478 changed = test_and_clear_bit(HCI_ADVERTISING,
4479 &hdev->dev_flags);
4480 clear_bit(HCI_ADVERTISING_CONNECTABLE,
4481 &hdev->dev_flags);
4375f103
JH		 4482 }
4483
4484 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4485 if (err < 0)
4486 goto unlock;
4487
4488 if (changed)
4489 err = new_settings(hdev, sk);
4490
4491 goto unlock;
4492 }
4493
4494 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4495 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4496 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4497 MGMT_STATUS_BUSY);
4375f103
JH		 4498 goto unlock;
4499 }
4500
4501 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4502 if (!cmd) {
4503 err = -ENOMEM;
4504 goto unlock;
4505 }
4506
4507 hci_req_init(&req, hdev);
4508
cc91cb04
MH		 4509 if (cp->val == 0x02)
4510 set_bit(HCI_ADVERTISING_CONNECTABLE, &hdev->dev_flags);
4511 else
4512 clear_bit(HCI_ADVERTISING_CONNECTABLE, &hdev->dev_flags);
4513
bba3aa55
MH		 4514 if (val)
4515 enable_advertising(&req);
4516 else
4517 disable_advertising(&req);
4375f103
JH		 4518
4519 err = hci_req_run(&req, set_advertising_complete);
4520 if (err < 0)
4521 mgmt_pending_remove(cmd);
4522
4523unlock:
4524 hci_dev_unlock(hdev);
4525 return err;
4526}
4527
d13eafce
MH		 4528static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4529 void *data, u16 len)
4530{
4531 struct mgmt_cp_set_static_address *cp = data;
4532 int err;
4533
4534 BT_DBG("%s", hdev->name);
4535
62af4443 4536 if (!lmp_le_capable(hdev))
a69e8375
JH		 4537 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4538 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4539
4540 if (hdev_is_powered(hdev))
a69e8375
JH		 4541 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4542 MGMT_STATUS_REJECTED);
d13eafce
MH		 4543
4544 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4545 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4546 return mgmt_cmd_status(sk, hdev->id,
4547 MGMT_OP_SET_STATIC_ADDRESS,
4548 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4549
4550 /* Two most significant bits shall be set */
4551 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4552 return mgmt_cmd_status(sk, hdev->id,
4553 MGMT_OP_SET_STATIC_ADDRESS,
4554 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4555 }
4556
4557 hci_dev_lock(hdev);
4558
4559 bacpy(&hdev->static_addr, &cp->bdaddr);
4560
93690c22
MH		 4561 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4562 if (err < 0)
4563 goto unlock;
4564
4565 err = new_settings(hdev, sk);
d13eafce 4566
93690c22 4567unlock:
d13eafce 4568 hci_dev_unlock(hdev);
d13eafce
MH		 4569 return err;
4570}
4571
14b49b9a
MH		 4572static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4573 void *data, u16 len)
4574{
4575 struct mgmt_cp_set_scan_params *cp = data;
4576 __u16 interval, window;
4577 int err;
4578
4579 BT_DBG("%s", hdev->name);
4580
4581 if (!lmp_le_capable(hdev))
a69e8375
JH		 4582 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4583 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4584
4585 interval = __le16_to_cpu(cp->interval);
4586
4587 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4588 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4589 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4590
4591 window = __le16_to_cpu(cp->window);
4592
4593 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4594 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4595 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4596
899e1075 4597 if (window > interval)
a69e8375
JH		 4598 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4599 MGMT_STATUS_INVALID_PARAMS);
899e1075 4600
14b49b9a
MH		 4601 hci_dev_lock(hdev);
4602
4603 hdev->le_scan_interval = interval;
4604 hdev->le_scan_window = window;
4605
2a1afb5a
JH		 4606 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4607 NULL, 0);
14b49b9a 4608
dd2ef8e2
AG		 4609 /* If background scan is running, restart it so new parameters are
4610 * loaded.
4611 */
4612 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4613 hdev->discovery.state == DISCOVERY_STOPPED) {
4614 struct hci_request req;
4615
4616 hci_req_init(&req, hdev);
4617
4618 hci_req_add_le_scan_disable(&req);
4619 hci_req_add_le_passive_scan(&req);
4620
4621 hci_req_run(&req, NULL);
4622 }
4623
14b49b9a
MH		 4624 hci_dev_unlock(hdev);
4625
4626 return err;
4627}
4628
1904a853
MH		 4629static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4630 u16 opcode)
33e38b3e 4631{
3b0602cd 4632 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4633
4634 BT_DBG("status 0x%02x", status);
4635
4636 hci_dev_lock(hdev);
4637
4638 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4639 if (!cmd)
4640 goto unlock;
4641
4642 if (status) {
a69e8375
JH		 4643 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4644 mgmt_status(status));
33e38b3e 4645 } else {
1a4d3c4b
JH		 4646 struct mgmt_mode *cp = cmd->param;
4647
4648 if (cp->val)
4649 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4650 else
4651 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4652
33e38b3e
JH		 4653 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4654 new_settings(hdev, cmd->sk);
4655 }
4656
4657 mgmt_pending_remove(cmd);
4658
4659unlock:
4660 hci_dev_unlock(hdev);
4661}
4662
bdb6d971 4663static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4664 void *data, u16 len)
f6422ec6 4665{
650f726d 4666 struct mgmt_mode *cp = data;
3b0602cd 4667 struct mgmt_pending_cmd *cmd;
33e38b3e 4668 struct hci_request req;
f6422ec6
AJ		 4669 int err;
4670
bdb6d971 4671 BT_DBG("%s", hdev->name);
f6422ec6 4672
56f87901
JH		 4673 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4674 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4675 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4676 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4677
a7e80f25 4678 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4679 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4680 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4681
f6422ec6
AJ		 4682 hci_dev_lock(hdev);
4683
05cbf29f 4684 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4685 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4686 MGMT_STATUS_BUSY);
05cbf29f
JH		 4687 goto unlock;
4688 }
4689
1a4d3c4b
JH		 4690 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4691 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4692 hdev);
4693 goto unlock;
4694 }
4695
406ef2a6
JH		 4696 if (!hdev_is_powered(hdev)) {
4697 change_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4698 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4699 hdev);
4700 new_settings(hdev, sk);
4701 goto unlock;
4702 }
4703
33e38b3e
JH		 4704 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4705 data, len);
4706 if (!cmd) {
4707 err = -ENOMEM;
4708 goto unlock;
f6422ec6
AJ		 4709 }
4710
33e38b3e
JH		 4711 hci_req_init(&req, hdev);
4712
406d7804 4713 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4714
4715 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4716 if (err < 0) {
a69e8375
JH		 4717 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4718 MGMT_STATUS_FAILED);
33e38b3e 4719 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4720 }
4721
33e38b3e 4722unlock:
f6422ec6 4723 hci_dev_unlock(hdev);
33e38b3e 4724
f6422ec6
AJ		 4725 return err;
4726}
4727
1904a853 4728static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4729{
3b0602cd 4730 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4731
4732 BT_DBG("status 0x%02x", status);
4733
4734 hci_dev_lock(hdev);
4735
4736 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4737 if (!cmd)
4738 goto unlock;
4739
4740 if (status) {
4741 u8 mgmt_err = mgmt_status(status);
4742
4743 /* We need to restore the flag if related HCI commands
4744 * failed.
4745 */
4746 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4747
a69e8375 4748 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4749 } else {
4750 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4751 new_settings(hdev, cmd->sk);
4752 }
4753
4754 mgmt_pending_remove(cmd);
4755
4756unlock:
4757 hci_dev_unlock(hdev);
4758}
4759
4760static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4761{
4762 struct mgmt_mode *cp = data;
3b0602cd 4763 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4764 struct hci_request req;
4765 int err;
4766
4767 BT_DBG("request for %s", hdev->name);
4768
4769 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4770 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4771 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a
JH		 4772
4773 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
a69e8375
JH		 4774 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4775 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4776
4777 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4778 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4779 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4780
4781 hci_dev_lock(hdev);
4782
4783 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4784 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4785 goto unlock;
4786 }
4787
4788 if (!hdev_is_powered(hdev)) {
4789 if (!cp->val) {
0663ca2a
JH		 4790 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4791 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4792 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4793 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4794 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4795 }
4796
4797 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4798
4799 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4800 if (err < 0)
4801 goto unlock;
4802
4803 err = new_settings(hdev, sk);
4804 goto unlock;
4805 }
4806
4807 /* Reject disabling when powered on */
4808 if (!cp->val) {
a69e8375
JH		 4809 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4810 MGMT_STATUS_REJECTED);
0663ca2a 4811 goto unlock;
111e4bcc
MH		 4812 } else {
4813 /* When configuring a dual-mode controller to operate
4814 * with LE only and using a static address, then switching
4815 * BR/EDR back on is not allowed.
4816 *
4817 * Dual-mode controllers shall operate with the public
4818 * address as its identity address for BR/EDR and LE. So
4819 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4820 *
4821 * The same restrictions applies when secure connections
4822 * has been enabled. For BR/EDR this is a controller feature
4823 * while for LE it is a host stack feature. This means that
4824 * switching BR/EDR back on when secure connections has been
4825 * enabled is not a supported transaction.
111e4bcc
MH		 4826 */
4827 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
3a5486e1
MH		 4828 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4829 test_bit(HCI_SC_ENABLED, &hdev->dev_flags))) {
a69e8375
JH		 4830 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4831 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4832 goto unlock;
4833 }
0663ca2a
JH		 4834 }
4835
4836 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4837 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4838 MGMT_STATUS_BUSY);
0663ca2a
JH		 4839 goto unlock;
4840 }
4841
4842 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4843 if (!cmd) {
4844 err = -ENOMEM;
4845 goto unlock;
4846 }
4847
5947f4bc 4848 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4849 * generates the correct flags.
4850 */
4851 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4852
4853 hci_req_init(&req, hdev);
aa8af46e 4854
432df05e 4855 write_fast_connectable(&req, false);
1d2dc5b7 4856 __hci_update_page_scan(&req);
aa8af46e 4857
f14d8f64
MH		 4858 /* Since only the advertising data flags will change, there
4859 * is no need to update the scan response data.
4860 */
5947f4bc 4861 update_adv_data(&req);
aa8af46e 4862
0663ca2a
JH		 4863 err = hci_req_run(&req, set_bredr_complete);
4864 if (err < 0)
4865 mgmt_pending_remove(cmd);
4866
4867unlock:
4868 hci_dev_unlock(hdev);
4869 return err;
4870}
4871
a1443f5a
JH		 4872static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4873{
3b0602cd 4874 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4875 struct mgmt_mode *cp;
4876
4877 BT_DBG("%s status %u", hdev->name, status);
4878
4879 hci_dev_lock(hdev);
4880
4881 cmd = mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4882 if (!cmd)
4883 goto unlock;
4884
4885 if (status) {
a69e8375
JH		 4886 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4887 mgmt_status(status));
a1443f5a
JH		 4888 goto remove;
4889 }
4890
4891 cp = cmd->param;
4892
4893 switch (cp->val) {
4894 case 0x00:
4895 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
4896 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4897 break;
4898 case 0x01:
4899 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
4900 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4901 break;
4902 case 0x02:
4903 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
4904 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4905 break;
4906 }
4907
4908 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4909 new_settings(hdev, cmd->sk);
4910
4911remove:
4912 mgmt_pending_remove(cmd);
4913unlock:
4914 hci_dev_unlock(hdev);
4915}
4916
eac83dc6
MH		 4917static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4918 void *data, u16 len)
4919{
4920 struct mgmt_mode *cp = data;
3b0602cd 4921 struct mgmt_pending_cmd *cmd;
a1443f5a 4922 struct hci_request req;
a3209694 4923 u8 val;
eac83dc6
MH		 4924 int err;
4925
4926 BT_DBG("request for %s", hdev->name);
4927
05b3c3e7
MH		 4928 if (!lmp_sc_capable(hdev) &&
4929 !test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
a69e8375
JH		 4930 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4931 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 4932
ed93ec69 4933 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
59200286 4934 lmp_sc_capable(hdev) &&
ed93ec69 4935 !test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
a69e8375
JH		 4936 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4937 MGMT_STATUS_REJECTED);
ed93ec69 4938
0ab04a9c 4939 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 4940 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 4941 MGMT_STATUS_INVALID_PARAMS);
4942
4943 hci_dev_lock(hdev);
4944
05b3c3e7 4945 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
a3209694 4946 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
eac83dc6
MH		 4947 bool changed;
4948
0ab04a9c 4949 if (cp->val) {
eac83dc6
MH		 4950 changed = !test_and_set_bit(HCI_SC_ENABLED,
4951 &hdev->dev_flags);
0ab04a9c
MH		 4952 if (cp->val == 0x02)
4953 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4954 else
4955 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4956 } else {
eac83dc6
MH		 4957 changed = test_and_clear_bit(HCI_SC_ENABLED,
4958 &hdev->dev_flags);
0ab04a9c
MH		 4959 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4960 }
eac83dc6
MH		 4961
4962 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4963 if (err < 0)
4964 goto failed;
4965
4966 if (changed)
4967 err = new_settings(hdev, sk);
4968
4969 goto failed;
4970 }
4971
4972 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 4973 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4974 MGMT_STATUS_BUSY);
eac83dc6
MH		 4975 goto failed;
4976 }
4977
0ab04a9c
MH		 4978 val = !!cp->val;
4979
4980 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4981 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4982 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4983 goto failed;
4984 }
4985
4986 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4987 if (!cmd) {
4988 err = -ENOMEM;
4989 goto failed;
4990 }
4991
a1443f5a
JH		 4992 hci_req_init(&req, hdev);
4993 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4994 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 4995 if (err < 0) {
4996 mgmt_pending_remove(cmd);
4997 goto failed;
4998 }
4999
5000failed:
5001 hci_dev_unlock(hdev);
5002 return err;
5003}
5004
4e39ac81
MH		 5005static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5006 void *data, u16 len)
5007{
5008 struct mgmt_mode *cp = data;
b9710979 5009 bool changed, use_changed;
4e39ac81
MH		 5010 int err;
5011
5012 BT_DBG("request for %s", hdev->name);
5013
b9710979 5014 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 5015 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5016 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 5017
5018 hci_dev_lock(hdev);
5019
5020 if (cp->val)
0663b297
JH		 5021 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
5022 &hdev->dev_flags);
4e39ac81 5023 else
0663b297
JH		 5024 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
5025 &hdev->dev_flags);
4e39ac81 5026
b9710979
JH		 5027 if (cp->val == 0x02)
5028 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
5029 &hdev->dev_flags);
5030 else
5031 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
5032 &hdev->dev_flags);
5033
5034 if (hdev_is_powered(hdev) && use_changed &&
5035 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
5036 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5037 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5038 sizeof(mode), &mode);
5039 }
5040
4e39ac81
MH		 5041 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5042 if (err < 0)
5043 goto unlock;
5044
5045 if (changed)
5046 err = new_settings(hdev, sk);
5047
5048unlock:
5049 hci_dev_unlock(hdev);
5050 return err;
5051}
5052
62b04cd1
JH		 5053static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5054 u16 len)
5055{
5056 struct mgmt_cp_set_privacy *cp = cp_data;
5057 bool changed;
5058 int err;
5059
5060 BT_DBG("request for %s", hdev->name);
5061
5062 if (!lmp_le_capable(hdev))
a69e8375
JH		 5063 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5064 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 5065
5066 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 5067 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5068 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 5069
5070 if (hdev_is_powered(hdev))
a69e8375
JH		 5071 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5072 MGMT_STATUS_REJECTED);
62b04cd1
JH		 5073
5074 hci_dev_lock(hdev);
5075
c21c0ea0
JH		 5076 /* If user space supports this command it is also expected to
5077 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5078 */
5079 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5080
62b04cd1
JH		 5081 if (cp->privacy) {
5082 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
5083 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5084 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5085 } else {
5086 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
5087 memset(hdev->irk, 0, sizeof(hdev->irk));
5088 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5089 }
5090
5091 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5092 if (err < 0)
5093 goto unlock;
5094
5095 if (changed)
5096 err = new_settings(hdev, sk);
5097
5098unlock:
5099 hci_dev_unlock(hdev);
5100 return err;
5101}
5102
41edf160
JH		 5103static bool irk_is_valid(struct mgmt_irk_info *irk)
5104{
5105 switch (irk->addr.type) {
5106 case BDADDR_LE_PUBLIC:
5107 return true;
5108
5109 case BDADDR_LE_RANDOM:
5110 /* Two most significant bits shall be set */
5111 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5112 return false;
5113 return true;
5114 }
5115
5116 return false;
5117}
5118
5119static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5120 u16 len)
5121{
5122 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5123 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5124 sizeof(struct mgmt_irk_info));
41edf160
JH		 5125 u16 irk_count, expected_len;
5126 int i, err;
5127
5128 BT_DBG("request for %s", hdev->name);
5129
5130 if (!lmp_le_capable(hdev))
a69e8375
JH		 5131 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5132 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5133
5134 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 5135 if (irk_count > max_irk_count) {
5136 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 5137 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5138 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5139 }
41edf160
JH		 5140
5141 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5142 if (expected_len != len) {
5143 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 5144 expected_len, len);
a69e8375
JH		 5145 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5146 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5147 }
5148
5149 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5150
5151 for (i = 0; i < irk_count; i++) {
5152 struct mgmt_irk_info *key = &cp->irks[i];
5153
5154 if (!irk_is_valid(key))
a69e8375
JH		 5155 return mgmt_cmd_status(sk, hdev->id,
5156 MGMT_OP_LOAD_IRKS,
5157 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5158 }
5159
5160 hci_dev_lock(hdev);
5161
5162 hci_smp_irks_clear(hdev);
5163
5164 for (i = 0; i < irk_count; i++) {
5165 struct mgmt_irk_info *irk = &cp->irks[i];
5166 u8 addr_type;
5167
5168 if (irk->addr.type == BDADDR_LE_PUBLIC)
5169 addr_type = ADDR_LE_DEV_PUBLIC;
5170 else
5171 addr_type = ADDR_LE_DEV_RANDOM;
5172
5173 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5174 BDADDR_ANY);
5175 }
5176
5177 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5178
2a1afb5a 5179 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5180
5181 hci_dev_unlock(hdev);
5182
5183 return err;
5184}
5185
3f706b72
JH		 5186static bool ltk_is_valid(struct mgmt_ltk_info *key)
5187{
5188 if (key->master != 0x00 && key->master != 0x01)
5189 return false;
490cb0b3
MH		 5190
5191 switch (key->addr.type) {
5192 case BDADDR_LE_PUBLIC:
5193 return true;
5194
5195 case BDADDR_LE_RANDOM:
5196 /* Two most significant bits shall be set */
5197 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5198 return false;
5199 return true;
5200 }
5201
5202 return false;
3f706b72
JH		 5203}
5204
bdb6d971 5205static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5206 void *cp_data, u16 len)
346af67b 5207{
346af67b 5208 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5209 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5210 sizeof(struct mgmt_ltk_info));
346af67b 5211 u16 key_count, expected_len;
715a5bf2 5212 int i, err;
346af67b 5213
cf99ba13
MH		 5214 BT_DBG("request for %s", hdev->name);
5215
5216 if (!lmp_le_capable(hdev))
a69e8375
JH		 5217 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5218 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5219
1f350c87 5220 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5221 if (key_count > max_key_count) {
5222 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 5223 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5224 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5225 }
346af67b
VCG		 5226
5227 expected_len = sizeof(*cp) + key_count *
5228 sizeof(struct mgmt_ltk_info);
5229 if (expected_len != len) {
5230 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5231 expected_len, len);
a69e8375
JH		 5232 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5233 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5234 }
5235
bdb6d971 5236 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5237
54ad6d8a
JH		 5238 for (i = 0; i < key_count; i++) {
5239 struct mgmt_ltk_info *key = &cp->keys[i];
5240
3f706b72 5241 if (!ltk_is_valid(key))
a69e8375
JH		 5242 return mgmt_cmd_status(sk, hdev->id,
5243 MGMT_OP_LOAD_LONG_TERM_KEYS,
5244 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5245 }
5246
346af67b
VCG		 5247 hci_dev_lock(hdev);
5248
5249 hci_smp_ltks_clear(hdev);
5250
5251 for (i = 0; i < key_count; i++) {
5252 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5253 u8 type, addr_type, authenticated;
79d95a19
MH		 5254
5255 if (key->addr.type == BDADDR_LE_PUBLIC)
5256 addr_type = ADDR_LE_DEV_PUBLIC;
5257 else
5258 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5259
61b43357
JH		 5260 switch (key->type) {
5261 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5262 authenticated = 0x00;
23fb8de3 5263 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5264 break;
5265 case MGMT_LTK_AUTHENTICATED:
d7b25450 5266 authenticated = 0x01;
23fb8de3
JH		 5267 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5268 break;
5269 case MGMT_LTK_P256_UNAUTH:
5270 authenticated = 0x00;
5271 type = SMP_LTK_P256;
61b43357 5272 break;
23fb8de3
JH		 5273 case MGMT_LTK_P256_AUTH:
5274 authenticated = 0x01;
5275 type = SMP_LTK_P256;
61b43357 5276 break;
23fb8de3
JH		 5277 case MGMT_LTK_P256_DEBUG:
5278 authenticated = 0x00;
5279 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5280 default:
5281 continue;
5282 }
d7b25450 5283
35d70271 5284 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5285 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5286 key->rand);
346af67b
VCG		 5287 }
5288
2a1afb5a 5289 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5290 NULL, 0);
5291
346af67b 5292 hci_dev_unlock(hdev);
346af67b 5293
715a5bf2 5294 return err;
346af67b
VCG		 5295}
5296
3b0602cd 5297static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5298{
dd983808 5299 struct hci_conn *conn = cmd->user_data;
9981bdb0 5300 struct mgmt_rp_get_conn_info rp;
9df74653 5301 int err;
dd983808 5302
9981bdb0 5303 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5304
9981bdb0 5305 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5306 rp.rssi = conn->rssi;
9981bdb0
JH		 5307 rp.tx_power = conn->tx_power;
5308 rp.max_tx_power = conn->max_tx_power;
5309 } else {
5310 rp.rssi = HCI_RSSI_INVALID;
5311 rp.tx_power = HCI_TX_POWER_INVALID;
5312 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5313 }
5314
2a1afb5a
JH		 5315 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5316 status, &rp, sizeof(rp));
dd983808
AK		 5317
5318 hci_conn_drop(conn);
f8aaf9b6 5319 hci_conn_put(conn);
9df74653
JH		 5320
5321 return err;
dd983808
AK		 5322}
5323
1904a853
MH		 5324static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5325 u16 opcode)
dd983808
AK		 5326{
5327 struct hci_cp_read_rssi *cp;
3b0602cd 5328 struct mgmt_pending_cmd *cmd;
dd983808 5329 struct hci_conn *conn;
dd983808 5330 u16 handle;
9981bdb0 5331 u8 status;
dd983808 5332
9981bdb0 5333 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5334
5335 hci_dev_lock(hdev);
5336
dd983808
AK		 5337 /* Commands sent in request are either Read RSSI or Read Transmit Power
5338 * Level so we check which one was last sent to retrieve connection
5339 * handle. Both commands have handle as first parameter so it's safe to
5340 * cast data on the same command struct.
5341 *
5342 * First command sent is always Read RSSI and we fail only if it fails.
5343 * In other case we simply override error to indicate success as we
5344 * already remembered if TX power value is actually valid.
5345 */
5346 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5347 if (!cp) {
5348 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5349 status = MGMT_STATUS_SUCCESS;
5350 } else {
5351 status = mgmt_status(hci_status);
dd983808
AK		 5352 }
5353
5354 if (!cp) {
9981bdb0 5355 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5356 goto unlock;
5357 }
5358
5359 handle = __le16_to_cpu(cp->handle);
5360 conn = hci_conn_hash_lookup_handle(hdev, handle);
5361 if (!conn) {
9981bdb0 5362 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5363 goto unlock;
5364 }
5365
9981bdb0
JH		 5366 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5367 if (!cmd)
5368 goto unlock;
dd983808 5369
9981bdb0
JH		 5370 cmd->cmd_complete(cmd, status);
5371 mgmt_pending_remove(cmd);
dd983808
AK		 5372
5373unlock:
5374 hci_dev_unlock(hdev);
5375}
5376
5377static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5378 u16 len)
5379{
5380 struct mgmt_cp_get_conn_info *cp = data;
5381 struct mgmt_rp_get_conn_info rp;
5382 struct hci_conn *conn;
5383 unsigned long conn_info_age;
5384 int err = 0;
5385
5386 BT_DBG("%s", hdev->name);
5387
5388 memset(&rp, 0, sizeof(rp));
5389 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5390 rp.addr.type = cp->addr.type;
5391
5392 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5393 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5394 MGMT_STATUS_INVALID_PARAMS,
5395 &rp, sizeof(rp));
dd983808
AK		 5396
5397 hci_dev_lock(hdev);
5398
5399 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5400 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5401 MGMT_STATUS_NOT_POWERED, &rp,
5402 sizeof(rp));
dd983808
AK		 5403 goto unlock;
5404 }
5405
5406 if (cp->addr.type == BDADDR_BREDR)
5407 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5408 &cp->addr.bdaddr);
5409 else
5410 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5411
5412 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5413 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5414 MGMT_STATUS_NOT_CONNECTED, &rp,
5415 sizeof(rp));
dd983808
AK		 5416 goto unlock;
5417 }
5418
9981bdb0 5419 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5420 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5421 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5422 goto unlock;
5423 }
5424
dd983808
AK		 5425 /* To avoid client trying to guess when to poll again for information we
5426 * calculate conn info age as random value between min/max set in hdev.
5427 */
5428 conn_info_age = hdev->conn_info_min_age +
5429 prandom_u32_max(hdev->conn_info_max_age -
5430 hdev->conn_info_min_age);
5431
5432 /* Query controller to refresh cached values if they are too old or were
5433 * never read.
5434 */
f4e2dd53
AK		 5435 if (time_after(jiffies, conn->conn_info_timestamp +
5436 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5437 !conn->conn_info_timestamp) {
5438 struct hci_request req;
5439 struct hci_cp_read_tx_power req_txp_cp;
5440 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5441 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5442
5443 hci_req_init(&req, hdev);
5444 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5445 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5446 &req_rssi_cp);
5447
f7faab0c
AK		 5448 /* For LE links TX power does not change thus we don't need to
5449 * query for it once value is known.
5450 */
5451 if (!bdaddr_type_is_le(cp->addr.type) ||
5452 conn->tx_power == HCI_TX_POWER_INVALID) {
5453 req_txp_cp.handle = cpu_to_le16(conn->handle);
5454 req_txp_cp.type = 0x00;
5455 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5456 sizeof(req_txp_cp), &req_txp_cp);
5457 }
dd983808 5458
eed5daf3
AK		 5459 /* Max TX power needs to be read only once per connection */
5460 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5461 req_txp_cp.handle = cpu_to_le16(conn->handle);
5462 req_txp_cp.type = 0x01;
5463 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5464 sizeof(req_txp_cp), &req_txp_cp);
5465 }
5466
dd983808
AK		 5467 err = hci_req_run(&req, conn_info_refresh_complete);
5468 if (err < 0)
5469 goto unlock;
5470
5471 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5472 data, len);
5473 if (!cmd) {
5474 err = -ENOMEM;
5475 goto unlock;
5476 }
5477
5478 hci_conn_hold(conn);
f8aaf9b6 5479 cmd->user_data = hci_conn_get(conn);
9981bdb0 5480 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5481
5482 conn->conn_info_timestamp = jiffies;
5483 } else {
5484 /* Cache is valid, just reply with values cached in hci_conn */
5485 rp.rssi = conn->rssi;
5486 rp.tx_power = conn->tx_power;
eed5daf3 5487 rp.max_tx_power = conn->max_tx_power;
dd983808 5488
2a1afb5a
JH		 5489 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5490 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5491 }
5492
5493unlock:
5494 hci_dev_unlock(hdev);
5495 return err;
5496}
5497
3b0602cd 5498static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5499{
69487371 5500 struct hci_conn *conn = cmd->user_data;
95868426 5501 struct mgmt_rp_get_clock_info rp;
69487371 5502 struct hci_dev *hdev;
9df74653 5503 int err;
69487371
JH		 5504
5505 memset(&rp, 0, sizeof(rp));
5506 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5507
5508 if (status)
5509 goto complete;
5510
5511 hdev = hci_dev_get(cmd->index);
5512 if (hdev) {
5513 rp.local_clock = cpu_to_le32(hdev->clock);
5514 hci_dev_put(hdev);
5515 }
5516
5517 if (conn) {
5518 rp.piconet_clock = cpu_to_le32(conn->clock);
5519 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5520 }
5521
5522complete:
2a1afb5a
JH		 5523 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5524 sizeof(rp));
69487371
JH		 5525
5526 if (conn) {
5527 hci_conn_drop(conn);
5528 hci_conn_put(conn);
5529 }
9df74653
JH		 5530
5531 return err;
69487371
JH		 5532}
5533
1904a853 5534static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5535{
95868426 5536 struct hci_cp_read_clock *hci_cp;
3b0602cd 5537 struct mgmt_pending_cmd *cmd;
95868426
JH		 5538 struct hci_conn *conn;
5539
5540 BT_DBG("%s status %u", hdev->name, status);
5541
5542 hci_dev_lock(hdev);
5543
5544 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5545 if (!hci_cp)
5546 goto unlock;
5547
5548 if (hci_cp->which) {
5549 u16 handle = __le16_to_cpu(hci_cp->handle);
5550 conn = hci_conn_hash_lookup_handle(hdev, handle);
5551 } else {
5552 conn = NULL;
5553 }
5554
5555 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5556 if (!cmd)
5557 goto unlock;
5558
69487371 5559 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5560 mgmt_pending_remove(cmd);
95868426
JH		 5561
5562unlock:
5563 hci_dev_unlock(hdev);
5564}
5565
5566static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5567 u16 len)
5568{
5569 struct mgmt_cp_get_clock_info *cp = data;
5570 struct mgmt_rp_get_clock_info rp;
5571 struct hci_cp_read_clock hci_cp;
3b0602cd 5572 struct mgmt_pending_cmd *cmd;
95868426
JH		 5573 struct hci_request req;
5574 struct hci_conn *conn;
5575 int err;
5576
5577 BT_DBG("%s", hdev->name);
5578
5579 memset(&rp, 0, sizeof(rp));
5580 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5581 rp.addr.type = cp->addr.type;
5582
5583 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5584 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5585 MGMT_STATUS_INVALID_PARAMS,
5586 &rp, sizeof(rp));
95868426
JH		 5587
5588 hci_dev_lock(hdev);
5589
5590 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5591 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5592 MGMT_STATUS_NOT_POWERED, &rp,
5593 sizeof(rp));
95868426
JH		 5594 goto unlock;
5595 }
5596
5597 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5598 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5599 &cp->addr.bdaddr);
5600 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5601 err = mgmt_cmd_complete(sk, hdev->id,
5602 MGMT_OP_GET_CLOCK_INFO,
5603 MGMT_STATUS_NOT_CONNECTED,
5604 &rp, sizeof(rp));
95868426
JH		 5605 goto unlock;
5606 }
5607 } else {
5608 conn = NULL;
5609 }
5610
5611 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5612 if (!cmd) {
5613 err = -ENOMEM;
5614 goto unlock;
5615 }
5616
69487371
JH		 5617 cmd->cmd_complete = clock_info_cmd_complete;
5618
95868426
JH		 5619 hci_req_init(&req, hdev);
5620
5621 memset(&hci_cp, 0, sizeof(hci_cp));
5622 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5623
5624 if (conn) {
5625 hci_conn_hold(conn);
f8aaf9b6 5626 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5627
5628 hci_cp.handle = cpu_to_le16(conn->handle);
5629 hci_cp.which = 0x01; /* Piconet clock */
5630 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5631 }
5632
5633 err = hci_req_run(&req, get_clock_info_complete);
5634 if (err < 0)
5635 mgmt_pending_remove(cmd);
5636
5637unlock:
5638 hci_dev_unlock(hdev);
5639 return err;
5640}
5641
5a154e6f
JH		 5642static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5643{
5644 struct hci_conn *conn;
5645
5646 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5647 if (!conn)
5648 return false;
5649
5650 if (conn->dst_type != type)
5651 return false;
5652
5653 if (conn->state != BT_CONNECTED)
5654 return false;
5655
5656 return true;
5657}
5658
5659/* This function requires the caller holds hdev->lock */
5660static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5661 u8 addr_type, u8 auto_connect)
5662{
5663 struct hci_dev *hdev = req->hdev;
5664 struct hci_conn_params *params;
5665
5666 params = hci_conn_params_add(hdev, addr, addr_type);
5667 if (!params)
5668 return -EIO;
5669
5670 if (params->auto_connect == auto_connect)
5671 return 0;
5672
5673 list_del_init(&params->action);
5674
5675 switch (auto_connect) {
5676 case HCI_AUTO_CONN_DISABLED:
5677 case HCI_AUTO_CONN_LINK_LOSS:
5678 __hci_update_background_scan(req);
5679 break;
5680 case HCI_AUTO_CONN_REPORT:
5681 list_add(&params->action, &hdev->pend_le_reports);
5682 __hci_update_background_scan(req);
5683 break;
5684 case HCI_AUTO_CONN_DIRECT:
5685 case HCI_AUTO_CONN_ALWAYS:
5686 if (!is_connected(hdev, addr, addr_type)) {
5687 list_add(&params->action, &hdev->pend_le_conns);
5688 __hci_update_background_scan(req);
5689 }
5690 break;
5691 }
5692
5693 params->auto_connect = auto_connect;
5694
5695 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5696 auto_connect);
5697
5698 return 0;
5699}
5700
8afef092
MH		 5701static void device_added(struct sock *sk, struct hci_dev *hdev,
5702 bdaddr_t *bdaddr, u8 type, u8 action)
5703{
5704 struct mgmt_ev_device_added ev;
5705
5706 bacpy(&ev.addr.bdaddr, bdaddr);
5707 ev.addr.type = type;
5708 ev.action = action;
5709
5710 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5711}
5712
1904a853 5713static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5a154e6f 5714{
3b0602cd 5715 struct mgmt_pending_cmd *cmd;
5a154e6f
JH		 5716
5717 BT_DBG("status 0x%02x", status);
5718
5719 hci_dev_lock(hdev);
5720
5721 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
5722 if (!cmd)
5723 goto unlock;
5724
5725 cmd->cmd_complete(cmd, mgmt_status(status));
5726 mgmt_pending_remove(cmd);
5727
5728unlock:
5729 hci_dev_unlock(hdev);
5730}
5731
2faade53
MH		 5732static int add_device(struct sock *sk, struct hci_dev *hdev,
5733 void *data, u16 len)
5734{
5735 struct mgmt_cp_add_device *cp = data;
3b0602cd 5736 struct mgmt_pending_cmd *cmd;
5a154e6f 5737 struct hci_request req;
2faade53
MH		 5738 u8 auto_conn, addr_type;
5739 int err;
5740
5741 BT_DBG("%s", hdev->name);
5742
6659358e 5743 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5744 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5745 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5746 MGMT_STATUS_INVALID_PARAMS,
5747 &cp->addr, sizeof(cp->addr));
2faade53 5748
4b9e7e75 5749 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5750 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5751 MGMT_STATUS_INVALID_PARAMS,
5752 &cp->addr, sizeof(cp->addr));
2faade53 5753
5a154e6f
JH		 5754 hci_req_init(&req, hdev);
5755
2faade53
MH		 5756 hci_dev_lock(hdev);
5757
5a154e6f
JH		 5758 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5759 if (!cmd) {
5760 err = -ENOMEM;
5761 goto unlock;
5762 }
5763
5764 cmd->cmd_complete = addr_cmd_complete;
5765
6659358e 5766 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5767 /* Only incoming connections action is supported for now */
6659358e 5768 if (cp->action != 0x01) {
9df74653
JH		 5769 err = cmd->cmd_complete(cmd,
5770 MGMT_STATUS_INVALID_PARAMS);
5a154e6f 5771 mgmt_pending_remove(cmd);
6659358e
JH		 5772 goto unlock;
5773 }
5774
5775 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5776 cp->addr.type);
5777 if (err)
5778 goto unlock;
a397407f 5779
5a154e6f 5780 __hci_update_page_scan(&req);
a397407f 5781
6659358e
JH		 5782 goto added;
5783 }
5784
2faade53
MH		 5785 if (cp->addr.type == BDADDR_LE_PUBLIC)
5786 addr_type = ADDR_LE_DEV_PUBLIC;
5787 else
5788 addr_type = ADDR_LE_DEV_RANDOM;
5789
4b9e7e75 5790 if (cp->action == 0x02)
2faade53 5791 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5792 else if (cp->action == 0x01)
5793 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5794 else
a3451d27 5795 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5796
bf5b3c8b
MH		 5797 /* If the connection parameters don't exist for this device,
5798 * they will be created and configured with defaults.
5799 */
5a154e6f 5800 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
d06b50ce 5801 auto_conn) < 0) {
9df74653 5802 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5a154e6f 5803 mgmt_pending_remove(cmd);
2faade53
MH		 5804 goto unlock;
5805 }
5806
6659358e 5807added:
8afef092
MH		 5808 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5809
5a154e6f
JH		 5810 err = hci_req_run(&req, add_device_complete);
5811 if (err < 0) {
5812 /* ENODATA means no HCI commands were needed (e.g. if
5813 * the adapter is powered off).
5814 */
9df74653
JH		 5815 if (err == -ENODATA)
5816 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5a154e6f
JH		 5817 mgmt_pending_remove(cmd);
5818 }
2faade53
MH		 5819
5820unlock:
5821 hci_dev_unlock(hdev);
5822 return err;
5823}
5824
8afef092
MH		 5825static void device_removed(struct sock *sk, struct hci_dev *hdev,
5826 bdaddr_t *bdaddr, u8 type)
5827{
5828 struct mgmt_ev_device_removed ev;
5829
5830 bacpy(&ev.addr.bdaddr, bdaddr);
5831 ev.addr.type = type;
5832
5833 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5834}
5835
1904a853 5836static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
51ef3ebe 5837{
3b0602cd 5838 struct mgmt_pending_cmd *cmd;
51ef3ebe
JH		 5839
5840 BT_DBG("status 0x%02x", status);
5841
5842 hci_dev_lock(hdev);
5843
5844 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
5845 if (!cmd)
5846 goto unlock;
5847
5848 cmd->cmd_complete(cmd, mgmt_status(status));
5849 mgmt_pending_remove(cmd);
5850
5851unlock:
5852 hci_dev_unlock(hdev);
5853}
5854
2faade53
MH		 5855static int remove_device(struct sock *sk, struct hci_dev *hdev,
5856 void *data, u16 len)
5857{
5858 struct mgmt_cp_remove_device *cp = data;
3b0602cd 5859 struct mgmt_pending_cmd *cmd;
51ef3ebe 5860 struct hci_request req;
2faade53
MH		 5861 int err;
5862
5863 BT_DBG("%s", hdev->name);
5864
51ef3ebe
JH		 5865 hci_req_init(&req, hdev);
5866
2faade53
MH		 5867 hci_dev_lock(hdev);
5868
51ef3ebe
JH		 5869 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5870 if (!cmd) {
5871 err = -ENOMEM;
5872 goto unlock;
5873 }
5874
5875 cmd->cmd_complete = addr_cmd_complete;
5876
2faade53 5877 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5878 struct hci_conn_params *params;
2faade53
MH		 5879 u8 addr_type;
5880
6659358e 5881 if (!bdaddr_type_is_valid(cp->addr.type)) {
9df74653
JH		 5882 err = cmd->cmd_complete(cmd,
5883 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5884 mgmt_pending_remove(cmd);
2faade53
MH		 5885 goto unlock;
5886 }
5887
6659358e
JH		 5888 if (cp->addr.type == BDADDR_BREDR) {
5889 err = hci_bdaddr_list_del(&hdev->whitelist,
5890 &cp->addr.bdaddr,
5891 cp->addr.type);
5892 if (err) {
9df74653
JH		 5893 err = cmd->cmd_complete(cmd,
5894 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5895 mgmt_pending_remove(cmd);
6659358e
JH		 5896 goto unlock;
5897 }
5898
51ef3ebe 5899 __hci_update_page_scan(&req);
a397407f 5900
6659358e
JH		 5901 device_removed(sk, hdev, &cp->addr.bdaddr,
5902 cp->addr.type);
5903 goto complete;
5904 }
5905
2faade53
MH		 5906 if (cp->addr.type == BDADDR_LE_PUBLIC)
5907 addr_type = ADDR_LE_DEV_PUBLIC;
5908 else
5909 addr_type = ADDR_LE_DEV_RANDOM;
5910
c71593dd
JH		 5911 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5912 addr_type);
5913 if (!params) {
9df74653
JH		 5914 err = cmd->cmd_complete(cmd,
5915 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5916 mgmt_pending_remove(cmd);
c71593dd
JH		 5917 goto unlock;
5918 }
5919
5920 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
9df74653
JH		 5921 err = cmd->cmd_complete(cmd,
5922 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5923 mgmt_pending_remove(cmd);
c71593dd
JH		 5924 goto unlock;
5925 }
5926
d1dbf12e 5927 list_del(&params->action);
c71593dd
JH		 5928 list_del(&params->list);
5929 kfree(params);
51ef3ebe 5930 __hci_update_background_scan(&req);
8afef092
MH		 5931
5932 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5933 } else {
19de0825 5934 struct hci_conn_params *p, *tmp;
6659358e 5935 struct bdaddr_list *b, *btmp;
19de0825 5936
2faade53 5937 if (cp->addr.type) {
9df74653
JH		 5938 err = cmd->cmd_complete(cmd,
5939 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5940 mgmt_pending_remove(cmd);
2faade53
MH		 5941 goto unlock;
5942 }
5943
6659358e
JH		 5944 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5945 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5946 list_del(&b->list);
5947 kfree(b);
5948 }
5949
51ef3ebe 5950 __hci_update_page_scan(&req);
a397407f 5951
19de0825
JH		 5952 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5953 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5954 continue;
5955 device_removed(sk, hdev, &p->addr, p->addr_type);
5956 list_del(&p->action);
5957 list_del(&p->list);
5958 kfree(p);
5959 }
5960
5961 BT_DBG("All LE connection parameters were removed");
5962
51ef3ebe 5963 __hci_update_background_scan(&req);
2faade53
MH		 5964 }
5965
6659358e 5966complete:
51ef3ebe
JH		 5967 err = hci_req_run(&req, remove_device_complete);
5968 if (err < 0) {
5969 /* ENODATA means no HCI commands were needed (e.g. if
5970 * the adapter is powered off).
5971 */
9df74653
JH		 5972 if (err == -ENODATA)
5973 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
51ef3ebe
JH		 5974 mgmt_pending_remove(cmd);
5975 }
2faade53
MH		 5976
5977unlock:
5978 hci_dev_unlock(hdev);
5979 return err;
5980}
5981
a26f3dcf
JH		 5982static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5983 u16 len)
5984{
5985 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5986 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5987 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5988 u16 param_count, expected_len;
5989 int i;
5990
5991 if (!lmp_le_capable(hdev))
a69e8375
JH		 5992 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5993 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 5994
5995 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5996 if (param_count > max_param_count) {
5997 BT_ERR("load_conn_param: too big param_count value %u",
5998 param_count);
a69e8375
JH		 5999 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6000 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 6001 }
a26f3dcf
JH		 6002
6003 expected_len = sizeof(*cp) + param_count *
6004 sizeof(struct mgmt_conn_param);
6005 if (expected_len != len) {
6006 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6007 expected_len, len);
a69e8375
JH		 6008 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6009 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 6010 }
6011
6012 BT_DBG("%s param_count %u", hdev->name, param_count);
6013
6014 hci_dev_lock(hdev);
6015
6016 hci_conn_params_clear_disabled(hdev);
6017
6018 for (i = 0; i < param_count; i++) {
6019 struct mgmt_conn_param *param = &cp->params[i];
6020 struct hci_conn_params *hci_param;
6021 u16 min, max, latency, timeout;
6022 u8 addr_type;
6023
6024 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
6025 param->addr.type);
6026
6027 if (param->addr.type == BDADDR_LE_PUBLIC) {
6028 addr_type = ADDR_LE_DEV_PUBLIC;
6029 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6030 addr_type = ADDR_LE_DEV_RANDOM;
6031 } else {
6032 BT_ERR("Ignoring invalid connection parameters");
6033 continue;
6034 }
6035
6036 min = le16_to_cpu(param->min_interval);
6037 max = le16_to_cpu(param->max_interval);
6038 latency = le16_to_cpu(param->latency);
6039 timeout = le16_to_cpu(param->timeout);
6040
6041 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6042 min, max, latency, timeout);
6043
6044 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6045 BT_ERR("Ignoring invalid connection parameters");
6046 continue;
6047 }
6048
6049 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
6050 addr_type);
6051 if (!hci_param) {
6052 BT_ERR("Failed to add connection parameters");
6053 continue;
6054 }
6055
6056 hci_param->conn_min_interval = min;
6057 hci_param->conn_max_interval = max;
6058 hci_param->conn_latency = latency;
6059 hci_param->supervision_timeout = timeout;
6060 }
6061
6062 hci_dev_unlock(hdev);
6063
2a1afb5a
JH		 6064 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6065 NULL, 0);
a26f3dcf
JH		 6066}
6067
dbece37a
MH		 6068static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6069 void *data, u16 len)
6070{
6071 struct mgmt_cp_set_external_config *cp = data;
6072 bool changed;
6073 int err;
6074
6075 BT_DBG("%s", hdev->name);
6076
6077 if (hdev_is_powered(hdev))
a69e8375
JH		 6078 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6079 MGMT_STATUS_REJECTED);
dbece37a
MH		 6080
6081 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 6082 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6083 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 6084
6085 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 6086 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6087 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 6088
6089 hci_dev_lock(hdev);
6090
6091 if (cp->config)
6092 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
6093 &hdev->dev_flags);
6094 else
6095 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
6096 &hdev->dev_flags);
6097
6098 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6099 if (err < 0)
6100 goto unlock;
6101
6102 if (!changed)
6103 goto unlock;
6104
f4537c04
MH		 6105 err = new_options(hdev, sk);
6106
dbece37a
MH		 6107 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
6108 mgmt_index_removed(hdev);
d603b76b
MH		 6109
6110 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
6111 set_bit(HCI_CONFIG, &hdev->dev_flags);
6112 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
6113
6114 queue_work(hdev->req_workqueue, &hdev->power_on);
6115 } else {
5ea234d3 6116 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6117 mgmt_index_added(hdev);
6118 }
dbece37a
MH		 6119 }
6120
6121unlock:
6122 hci_dev_unlock(hdev);
6123 return err;
6124}
6125
9713c17b
MH		 6126static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6127 void *data, u16 len)
6128{
6129 struct mgmt_cp_set_public_address *cp = data;
6130 bool changed;
6131 int err;
6132
6133 BT_DBG("%s", hdev->name);
6134
6135 if (hdev_is_powered(hdev))
a69e8375
JH		 6136 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6137 MGMT_STATUS_REJECTED);
9713c17b
MH		 6138
6139 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 6140 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6141 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 6142
6143 if (!hdev->set_bdaddr)
a69e8375
JH		 6144 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6145 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 6146
6147 hci_dev_lock(hdev);
6148
6149 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6150 bacpy(&hdev->public_addr, &cp->bdaddr);
6151
6152 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6153 if (err < 0)
6154 goto unlock;
6155
6156 if (!changed)
6157 goto unlock;
6158
6159 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6160 err = new_options(hdev, sk);
6161
6162 if (is_configured(hdev)) {
6163 mgmt_index_removed(hdev);
6164
6165 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
6166
6167 set_bit(HCI_CONFIG, &hdev->dev_flags);
6168 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
6169
6170 queue_work(hdev->req_workqueue, &hdev->power_on);
6171 }
6172
6173unlock:
6174 hci_dev_unlock(hdev);
6175 return err;
6176}
6177
6d785aa3 6178static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6179 { NULL }, /* 0x0000 (no command) */
b9a245fb
JH		 6180 { read_version, MGMT_READ_VERSION_SIZE,
6181 HCI_MGMT_NO_HDEV },
6182 { read_commands, MGMT_READ_COMMANDS_SIZE,
6183 HCI_MGMT_NO_HDEV },
6184 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6185 HCI_MGMT_NO_HDEV },
6186 { read_controller_info, MGMT_READ_INFO_SIZE, 0 },
6187 { set_powered, MGMT_SETTING_SIZE, 0 },
6188 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE, 0 },
6189 { set_connectable, MGMT_SETTING_SIZE, 0 },
6190 { set_fast_connectable, MGMT_SETTING_SIZE, 0 },
6191 { set_bondable, MGMT_SETTING_SIZE, 0 },
6192 { set_link_security, MGMT_SETTING_SIZE, 0 },
6193 { set_ssp, MGMT_SETTING_SIZE, 0 },
6194 { set_hs, MGMT_SETTING_SIZE, 0 },
6195 { set_le, MGMT_SETTING_SIZE, 0 },
6196 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE, 0 },
6197 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE, 0 },
6198 { add_uuid, MGMT_ADD_UUID_SIZE, 0 },
6199 { remove_uuid, MGMT_REMOVE_UUID_SIZE, 0 },
6200 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6201 HCI_MGMT_VAR_LEN },
6202 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6203 HCI_MGMT_VAR_LEN },
6204 { disconnect, MGMT_DISCONNECT_SIZE, 0 },
6205 { get_connections, MGMT_GET_CONNECTIONS_SIZE, 0 },
6206 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE, 0 },
6207 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE, 0 },
6208 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE, 0 },
6209 { pair_device, MGMT_PAIR_DEVICE_SIZE, 0 },
6210 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE, 0 },
6211 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE, 0 },
6212 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE, 0 },
6213 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE, 0 },
6214 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE, 0 },
6215 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE, 0 },
6216 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6217 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6218 HCI_MGMT_VAR_LEN },
6219 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE, 0 },
6220 { start_discovery, MGMT_START_DISCOVERY_SIZE, 0 },
6221 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE, 0 },
6222 { confirm_name, MGMT_CONFIRM_NAME_SIZE, 0 },
6223 { block_device, MGMT_BLOCK_DEVICE_SIZE, 0 },
6224 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE, 0 },
6225 { set_device_id, MGMT_SET_DEVICE_ID_SIZE, 0 },
6226 { set_advertising, MGMT_SETTING_SIZE, 0 },
6227 { set_bredr, MGMT_SETTING_SIZE, 0 },
6228 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE, 0 },
6229 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE, 0 },
6230 { set_secure_conn, MGMT_SETTING_SIZE, 0 },
6231 { set_debug_keys, MGMT_SETTING_SIZE, 0 },
6232 { set_privacy, MGMT_SET_PRIVACY_SIZE, 0 },
6233 { load_irks, MGMT_LOAD_IRKS_SIZE,
6234 HCI_MGMT_VAR_LEN },
6235 { get_conn_info, MGMT_GET_CONN_INFO_SIZE, 0 },
6236 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE, 0 },
6237 { add_device, MGMT_ADD_DEVICE_SIZE, 0 },
6238 { remove_device, MGMT_REMOVE_DEVICE_SIZE, 0 },
6239 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6240 HCI_MGMT_VAR_LEN },
6241 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6242 HCI_MGMT_NO_HDEV },
6243 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6244 HCI_MGMT_UNCONFIGURED },
6245 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6246 HCI_MGMT_UNCONFIGURED },
6247 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6248 HCI_MGMT_UNCONFIGURED },
6249 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6250 HCI_MGMT_VAR_LEN },
0f4e68cf
JH		 6251};
6252
6d785aa3
JH		 6253int mgmt_control(struct hci_mgmt_chan *chan, struct sock *sk,
6254 struct msghdr *msg, size_t msglen)
0381101f 6255{
650f726d
VCG		 6256 void *buf;
6257 u8 *cp;
0381101f 6258 struct mgmt_hdr *hdr;
4e51eae9 6259 u16 opcode, index, len;
bdb6d971 6260 struct hci_dev *hdev = NULL;
6d785aa3 6261 const struct hci_mgmt_handler *handler;
b9a245fb 6262 bool var_len, no_hdev;
0381101f
JH		 6263 int err;
6264
6265 BT_DBG("got %zu bytes", msglen);
6266
6267 if (msglen < sizeof(*hdr))
6268 return -EINVAL;
6269
e63a15ec 6270 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 6271 if (!buf)
6272 return -ENOMEM;
6273
6ce8e9ce 6274 if (memcpy_from_msg(buf, msg, msglen)) {
0381101f
JH		 6275 err = -EFAULT;
6276 goto done;
6277 }
6278
650f726d 6279 hdr = buf;
1f350c87
MH		 6280 opcode = __le16_to_cpu(hdr->opcode);
6281 index = __le16_to_cpu(hdr->index);
6282 len = __le16_to_cpu(hdr->len);
0381101f
JH		 6283
6284 if (len != msglen - sizeof(*hdr)) {
6285 err = -EINVAL;
6286 goto done;
6287 }
6288
b9a245fb
JH		 6289 if (opcode >= chan->handler_count ||
6290 chan->handlers[opcode].func == NULL) {
6291 BT_DBG("Unknown op %u", opcode);
a69e8375
JH		 6292 err = mgmt_cmd_status(sk, index, opcode,
6293 MGMT_STATUS_UNKNOWN_COMMAND);
b9a245fb
JH		 6294 goto done;
6295 }
6296
6297 handler = &chan->handlers[opcode];
6298
0f4e68cf 6299 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 6300 hdev = hci_dev_get(index);
6301 if (!hdev) {
a69e8375
JH		 6302 err = mgmt_cmd_status(sk, index, opcode,
6303 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 6304 goto done;
6305 }
0736cfa8 6306
cebf4cfd 6307 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 6308 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 6309 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
a69e8375
JH		 6310 err = mgmt_cmd_status(sk, index, opcode,
6311 MGMT_STATUS_INVALID_INDEX);
0736cfa8
MH		 6312 goto done;
6313 }
42a9bc14
MH		 6314
6315 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
b9a245fb 6316 !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
a69e8375
JH		 6317 err = mgmt_cmd_status(sk, index, opcode,
6318 MGMT_STATUS_INVALID_INDEX);
42a9bc14
MH		 6319 goto done;
6320 }
bdb6d971
JH		 6321 }
6322
b9a245fb
JH		 6323 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
6324 if (no_hdev != !hdev) {
a69e8375
JH		 6325 err = mgmt_cmd_status(sk, index, opcode,
6326 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 6327 goto done;
0381101f
JH		 6328 }
6329
b9a245fb
JH		 6330 var_len = (handler->flags & HCI_MGMT_VAR_LEN);
6331 if ((var_len && len < handler->data_len) ||
6332 (!var_len && len != handler->data_len)) {
a69e8375
JH		 6333 err = mgmt_cmd_status(sk, index, opcode,
6334 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 6335 goto done;
6336 }
6337
0f4e68cf
JH		 6338 if (hdev)
6339 mgmt_init_hdev(sk, hdev);
6340
6341 cp = buf + sizeof(*hdr);
6342
be22b54e 6343 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 6344 if (err < 0)
6345 goto done;
6346
0381101f
JH		 6347 err = msglen;
6348
6349done:
bdb6d971
JH		 6350 if (hdev)
6351 hci_dev_put(hdev);
6352
0381101f
JH		 6353 kfree(buf);
6354 return err;
6355}
c71e97bf 6356
bf6b56db 6357void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6358{
1514b892 6359 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6360 return;
bb4b2a9a 6361
0602a8ad
MH		 6362 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6363 return;
6364
6365 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6366 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
6367 else
6368 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 6369}
6370
bf6b56db 6371void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6372{
5f159032 6373 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6374
1514b892 6375 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6376 return;
bb4b2a9a 6377
0602a8ad
MH		 6378 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6379 return;
6380
1b9b5ee5 6381 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6382
edd3896b
MH		 6383 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6384 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
6385 else
6386 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 6387}
6388
6046dc3e 6389/* This function requires the caller holds hdev->lock */
2cf22218 6390static void restart_le_actions(struct hci_request *req)
6046dc3e 6391{
2cf22218 6392 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 6393 struct hci_conn_params *p;
6394
6395 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6396 /* Needed for AUTO_OFF case where might not "really"
6397 * have been powered off.
6398 */
6399 list_del_init(&p->action);
6400
6401 switch (p->auto_connect) {
4b9e7e75 6402 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6403 case HCI_AUTO_CONN_ALWAYS:
6404 list_add(&p->action, &hdev->pend_le_conns);
6405 break;
6406 case HCI_AUTO_CONN_REPORT:
6407 list_add(&p->action, &hdev->pend_le_reports);
6408 break;
6409 default:
6410 break;
c83ed19d 6411 }
6046dc3e 6412 }
c83ed19d 6413
2cf22218 6414 __hci_update_background_scan(req);
6046dc3e
AG		 6415}
6416
1904a853 6417static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 6418{
6419 struct cmd_lookup match = { NULL, hdev };
6420
6421 BT_DBG("status 0x%02x", status);
6422
162a3bac
MH		 6423 if (!status) {
6424 /* Register the available SMP channels (BR/EDR and LE) only
6425 * when successfully powering on the controller. This late
6426 * registration is required so that LE SMP can clearly
6427 * decide if the public address or static address is used.
6428 */
6429 smp_register(hdev);
6430 }
6431
229ab39c
JH		 6432 hci_dev_lock(hdev);
6433
6434 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6435
6436 new_settings(hdev, match.sk);
6437
6438 hci_dev_unlock(hdev);
6439
6440 if (match.sk)
6441 sock_put(match.sk);
6442}
6443
70da6243 6444static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6445{
890ea898 6446 struct hci_request req;
70da6243 6447 u8 link_sec;
5add6af8 6448
890ea898
JH		 6449 hci_req_init(&req, hdev);
6450
70da6243
JH		 6451 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
6452 !lmp_host_ssp_capable(hdev)) {
574ea3c7 6453 u8 mode = 0x01;
5e5282bb 6454
574ea3c7
MH		 6455 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6456
6457 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6458 u8 support = 0x01;
5add6af8 6459
574ea3c7
MH		 6460 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6461 sizeof(support), &support);
6462 }
ec6f99b8
JH		 6463 }
6464
c73eee91
JH		 6465 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
6466 lmp_bredr_capable(hdev)) {
70da6243 6467 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6468
32226e4f
MH		 6469 cp.le = 0x01;
6470 cp.simul = 0x00;
3d1cbdd6 6471
70da6243
JH		 6472 /* Check first if we already have the right
6473 * host state (host features set)
6474 */
6475 if (cp.le != lmp_host_le_capable(hdev) ||
6476 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6477 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6478 sizeof(cp), &cp);
70da6243 6479 }
3d1cbdd6 6480
d13eafce 6481 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6482 /* Make sure the controller has a good default for
6483 * advertising data. This also applies to the case
6484 * where BR/EDR was toggled during the AUTO_OFF phase.
6485 */
f14d8f64 6486 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 6487 update_adv_data(&req);
f14d8f64
MH		 6488 update_scan_rsp_data(&req);
6489 }
441ad2d0 6490
bba3aa55
MH		 6491 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6492 enable_advertising(&req);
2cf22218
JH		 6493
6494 restart_le_actions(&req);
eeca6f89
JH		 6495 }
6496
70da6243
JH		 6497 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
6498 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6499 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6500 sizeof(link_sec), &link_sec);
562fcc24 6501
70da6243 6502 if (lmp_bredr_capable(hdev)) {
406ef2a6
JH		 6503 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
6504 write_fast_connectable(&req, true);
6505 else
6506 write_fast_connectable(&req, false);
1d2dc5b7 6507 __hci_update_page_scan(&req);
890ea898 6508 update_class(&req);
13928971 6509 update_name(&req);
890ea898 6510 update_eir(&req);
70da6243 6511 }
562fcc24 6512
229ab39c 6513 return hci_req_run(&req, powered_complete);
70da6243 6514}
562fcc24 6515
70da6243
JH		 6516int mgmt_powered(struct hci_dev *hdev, u8 powered)
6517{
6518 struct cmd_lookup match = { NULL, hdev };
9845904f 6519 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6520 int err;
f0ff92fb 6521
70da6243
JH		 6522 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
6523 return 0;
6524
70da6243 6525 if (powered) {
229ab39c
JH		 6526 if (powered_update_hci(hdev) == 0)
6527 return 0;
fe038884 6528
229ab39c
JH		 6529 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6530 &match);
6531 goto new_settings;
b24752fe
JH		 6532 }
6533
229ab39c 6534 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6535
6536 /* If the power off is because of hdev unregistration let
6537 * use the appropriate INVALID_INDEX status. Otherwise use
6538 * NOT_POWERED. We cover both scenarios here since later in
6539 * mgmt_index_removed() any hci_conn callbacks will have already
6540 * been triggered, potentially causing misleading DISCONNECTED
6541 * status responses.
6542 */
6543 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags))
6544 status = MGMT_STATUS_INVALID_INDEX;
6545 else
6546 status = MGMT_STATUS_NOT_POWERED;
6547
6548 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6549
6550 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6551 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6552 zero_cod, sizeof(zero_cod), NULL);
6553
6554new_settings:
beadb2bd 6555 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6556
6557 if (match.sk)
6558 sock_put(match.sk);
6559
7bb895d6 6560 return err;
5add6af8 6561}
73f22f62 6562
3eec705e 6563void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 6564{
3b0602cd 6565 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 6566 u8 status;
6567
6568 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6569 if (!cmd)
3eec705e 6570 return;
96570ffc
JH		 6571
6572 if (err == -ERFKILL)
6573 status = MGMT_STATUS_RFKILLED;
6574 else
6575 status = MGMT_STATUS_FAILED;
6576
a69e8375 6577 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6578
6579 mgmt_pending_remove(cmd);
96570ffc
JH		 6580}
6581
d1967ff8
MH		 6582void mgmt_discoverable_timeout(struct hci_dev *hdev)
6583{
6584 struct hci_request req;
d1967ff8
MH		 6585
6586 hci_dev_lock(hdev);
6587
6588 /* When discoverable timeout triggers, then just make sure
6589 * the limited discoverable flag is cleared. Even in the case
6590 * of a timeout triggered from general discoverable, it is
6591 * safe to unconditionally clear the flag.
6592 */
6593 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 6594 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 6595
6596 hci_req_init(&req, hdev);
4b580614
JH		 6597 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6598 u8 scan = SCAN_PAGE;
6599 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6600 sizeof(scan), &scan);
6601 }
d1967ff8 6602 update_class(&req);
9a43e25f 6603 update_adv_data(&req);
d1967ff8
MH		 6604 hci_req_run(&req, NULL);
6605
6606 hdev->discov_timeout = 0;
6607
9a43e25f
JH		 6608 new_settings(hdev, NULL);
6609
d1967ff8
MH		 6610 hci_dev_unlock(hdev);
6611}
6612
dc4a5ee2
MH		 6613void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6614 bool persistent)
55ed8ca1 6615{
86742e1e 6616 struct mgmt_ev_new_link_key ev;
55ed8ca1 6617
a492cd52 6618 memset(&ev, 0, sizeof(ev));
55ed8ca1 6619
a492cd52 6620 ev.store_hint = persistent;
d753fdc4 6621 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6622 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6623 ev.key.type = key->type;
9b3b4460 6624 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6625 ev.key.pin_len = key->pin_len;
55ed8ca1 6626
dc4a5ee2 6627 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6628}
f7520543 6629
d7b25450
JH		 6630static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6631{
23fb8de3
JH		 6632 switch (ltk->type) {
6633 case SMP_LTK:
6634 case SMP_LTK_SLAVE:
6635 if (ltk->authenticated)
6636 return MGMT_LTK_AUTHENTICATED;
6637 return MGMT_LTK_UNAUTHENTICATED;
6638 case SMP_LTK_P256:
6639 if (ltk->authenticated)
6640 return MGMT_LTK_P256_AUTH;
6641 return MGMT_LTK_P256_UNAUTH;
6642 case SMP_LTK_P256_DEBUG:
6643 return MGMT_LTK_P256_DEBUG;
6644 }
d7b25450
JH		 6645
6646 return MGMT_LTK_UNAUTHENTICATED;
6647}
6648
53ac6ab6 6649void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6650{
6651 struct mgmt_ev_new_long_term_key ev;
6652
6653 memset(&ev, 0, sizeof(ev));
6654
5192d301
MH		 6655 /* Devices using resolvable or non-resolvable random addresses
6656 * without providing an indentity resolving key don't require
6657 * to store long term keys. Their addresses will change the
6658 * next time around.
6659 *
6660 * Only when a remote device provides an identity address
6661 * make sure the long term key is stored. If the remote
6662 * identity is known, the long term keys are internally
6663 * mapped to the identity address. So allow static random
6664 * and public addresses here.
6665 */
ba74b666
JH		 6666 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6667 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6668 ev.store_hint = 0x00;
6669 else
53ac6ab6 6670 ev.store_hint = persistent;
ba74b666 6671
346af67b 6672 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6673 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6674 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6675 ev.key.enc_size = key->enc_size;
6676 ev.key.ediv = key->ediv;
fe39c7b2 6677 ev.key.rand = key->rand;
346af67b 6678
2ceba539 6679 if (key->type == SMP_LTK)
346af67b
VCG		 6680 ev.key.master = 1;
6681
346af67b
VCG		 6682 memcpy(ev.key.val, key->val, sizeof(key->val));
6683
083368f7 6684 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6685}
6686
95fbac8a
JH		 6687void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6688{
6689 struct mgmt_ev_new_irk ev;
6690
6691 memset(&ev, 0, sizeof(ev));
6692
bab6d1e5
MH		 6693 /* For identity resolving keys from devices that are already
6694 * using a public address or static random address, do not
6695 * ask for storing this key. The identity resolving key really
6696 * is only mandatory for devices using resovlable random
6697 * addresses.
6698 *
6699 * Storing all identity resolving keys has the downside that
6700 * they will be also loaded on next boot of they system. More
6701 * identity resolving keys, means more time during scanning is
6702 * needed to actually resolve these addresses.
6703 */
6704 if (bacmp(&irk->rpa, BDADDR_ANY))
6705 ev.store_hint = 0x01;
6706 else
6707 ev.store_hint = 0x00;
6708
95fbac8a
JH		 6709 bacpy(&ev.rpa, &irk->rpa);
6710 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6711 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6712 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6713
6714 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6715}
6716
53ac6ab6
MH		 6717void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6718 bool persistent)
7ee4ea36
MH		 6719{
6720 struct mgmt_ev_new_csrk ev;
6721
6722 memset(&ev, 0, sizeof(ev));
6723
6724 /* Devices using resolvable or non-resolvable random addresses
6725 * without providing an indentity resolving key don't require
6726 * to store signature resolving keys. Their addresses will change
6727 * the next time around.
6728 *
6729 * Only when a remote device provides an identity address
6730 * make sure the signature resolving key is stored. So allow
6731 * static random and public addresses here.
6732 */
6733 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6734 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6735 ev.store_hint = 0x00;
6736 else
53ac6ab6 6737 ev.store_hint = persistent;
7ee4ea36
MH		 6738
6739 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6740 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 6741 ev.key.type = csrk->type;
7ee4ea36
MH		 6742 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6743
6744 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6745}
6746
ffb5a827 6747void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6748 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6749 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6750{
6751 struct mgmt_ev_new_conn_param ev;
6752
c103aea6
JH		 6753 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6754 return;
6755
ffb5a827
AG		 6756 memset(&ev, 0, sizeof(ev));
6757 bacpy(&ev.addr.bdaddr, bdaddr);
6758 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6759 ev.store_hint = store_hint;
ffb5a827
AG		 6760 ev.min_interval = cpu_to_le16(min_interval);
6761 ev.max_interval = cpu_to_le16(max_interval);
6762 ev.latency = cpu_to_le16(latency);
6763 ev.timeout = cpu_to_le16(timeout);
6764
6765 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6766}
6767
94933991
MH		 6768static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6769 u8 data_len)
6770{
6771 eir[eir_len++] = sizeof(type) + data_len;
6772 eir[eir_len++] = type;
6773 memcpy(&eir[eir_len], data, data_len);
6774 eir_len += data_len;
6775
6776 return eir_len;
6777}
6778
48ec92fa
AA		 6779void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6780 u32 flags, u8 *name, u8 name_len)
f7520543 6781{
b644ba33
JH		 6782 char buf[512];
6783 struct mgmt_ev_device_connected *ev = (void *) buf;
6784 u16 eir_len = 0;
f7520543 6785
48ec92fa
AA		 6786 bacpy(&ev->addr.bdaddr, &conn->dst);
6787 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6788
c95f0ba7 6789 ev->flags = __cpu_to_le32(flags);
08c79b61 6790
fd45ada9
AA		 6791 /* We must ensure that the EIR Data fields are ordered and
6792 * unique. Keep it simple for now and avoid the problem by not
6793 * adding any BR/EDR data to the LE adv.
6794 */
6795 if (conn->le_adv_data_len > 0) {
6796 memcpy(&ev->eir[eir_len],
6797 conn->le_adv_data, conn->le_adv_data_len);
6798 eir_len = conn->le_adv_data_len;
6799 } else {
6800 if (name_len > 0)
6801 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6802 name, name_len);
b644ba33 6803
ddbea5cf 6804 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6805 eir_len = eir_append_data(ev->eir, eir_len,
6806 EIR_CLASS_OF_DEV,
6807 conn->dev_class, 3);
6808 }
b644ba33 6809
eb55ef07 6810 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6811
ecd90ae7
MH		 6812 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6813 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6814}
6815
3b0602cd 6816static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 6817{
8962ee74 6818 struct sock **sk = data;
8962ee74 6819
f5818c22 6820 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6821
6822 *sk = cmd->sk;
6823 sock_hold(*sk);
6824
a664b5bc 6825 mgmt_pending_remove(cmd);
8962ee74
JH		 6826}
6827
3b0602cd 6828static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 6829{
b1078ad0 6830 struct hci_dev *hdev = data;
124f6e35 6831 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6832
b1078ad0
JH		 6833 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6834
d8b7b1e4 6835 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6836 mgmt_pending_remove(cmd);
6837}
6838
84c61d92
JH		 6839bool mgmt_powering_down(struct hci_dev *hdev)
6840{
3b0602cd 6841 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 6842 struct mgmt_mode *cp;
6843
6844 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6845 if (!cmd)
6846 return false;
6847
6848 cp = cmd->param;
6849 if (!cp->val)
6850 return true;
6851
6852 return false;
6853}
6854
9b80ec5e 6855void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6856 u8 link_type, u8 addr_type, u8 reason,
6857 bool mgmt_connected)
f7520543 6858{
f0d6a0ea 6859 struct mgmt_ev_device_disconnected ev;
8962ee74 6860 struct sock *sk = NULL;
8962ee74 6861
84c61d92
JH		 6862 /* The connection is still in hci_conn_hash so test for 1
6863 * instead of 0 to know if this is the last one.
6864 */
6865 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6866 cancel_delayed_work(&hdev->power_off);
6867 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6868 }
6869
12d4a3b2
JH		 6870 if (!mgmt_connected)
6871 return;
6872
57eb776f
AG		 6873 if (link_type != ACL_LINK && link_type != LE_LINK)
6874 return;
6875
744cf19e 6876 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6877
f0d6a0ea
MA		 6878 bacpy(&ev.addr.bdaddr, bdaddr);
6879 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6880 ev.reason = reason;
f7520543 6881
9b80ec5e 6882 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6883
6884 if (sk)
d97dcb66 6885 sock_put(sk);
8962ee74 6886
124f6e35 6887 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6888 hdev);
8962ee74
JH		 6889}
6890
7892924c
MH		 6891void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6892 u8 link_type, u8 addr_type, u8 status)
8962ee74 6893{
3655bba8
AG		 6894 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6895 struct mgmt_cp_disconnect *cp;
3b0602cd 6896 struct mgmt_pending_cmd *cmd;
8962ee74 6897
36a75f1b
JD		 6898 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6899 hdev);
6900
2e58ef3e 6901 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6902 if (!cmd)
7892924c 6903 return;
8962ee74 6904
3655bba8
AG		 6905 cp = cmd->param;
6906
6907 if (bacmp(bdaddr, &cp->addr.bdaddr))
6908 return;
6909
6910 if (cp->addr.type != bdaddr_type)
6911 return;
6912
f5818c22 6913 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6914 mgmt_pending_remove(cmd);
f7520543 6915}
17d5c04c 6916
445608d0
MH		 6917void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6918 u8 addr_type, u8 status)
17d5c04c
JH		 6919{
6920 struct mgmt_ev_connect_failed ev;
c9910d0f 6921
84c61d92
JH		 6922 /* The connection is still in hci_conn_hash so test for 1
6923 * instead of 0 to know if this is the last one.
6924 */
6925 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6926 cancel_delayed_work(&hdev->power_off);
6927 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6928 }
17d5c04c 6929
4c659c39 6930 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6931 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6932 ev.status = mgmt_status(status);
17d5c04c 6933
445608d0 6934 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6935}
980e1a53 6936
ce0e4a0d 6937void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6938{
6939 struct mgmt_ev_pin_code_request ev;
6940
d8457698 6941 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6942 ev.addr.type = BDADDR_BREDR;
a770bb5a 6943 ev.secure = secure;
980e1a53 6944
ce0e4a0d 6945 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6946}
6947
e669cf80
MH		 6948void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6949 u8 status)
980e1a53 6950{
3b0602cd 6951 struct mgmt_pending_cmd *cmd;
980e1a53 6952
2e58ef3e 6953 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6954 if (!cmd)
e669cf80 6955 return;
980e1a53 6956
7776d1d8 6957 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6958 mgmt_pending_remove(cmd);
980e1a53
JH		 6959}
6960
3eb38528
MH		 6961void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6962 u8 status)
980e1a53 6963{
3b0602cd 6964 struct mgmt_pending_cmd *cmd;
980e1a53 6965
2e58ef3e 6966 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6967 if (!cmd)
3eb38528 6968 return;
980e1a53 6969
7776d1d8 6970 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6971 mgmt_pending_remove(cmd);
980e1a53 6972}
a5c29683 6973
744cf19e 6974int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6975 u8 link_type, u8 addr_type, u32 value,
04124681 6976 u8 confirm_hint)
a5c29683
JH		 6977{
6978 struct mgmt_ev_user_confirm_request ev;
6979
744cf19e 6980 BT_DBG("%s", hdev->name);
a5c29683 6981
272d90df 6982 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6983 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6984 ev.confirm_hint = confirm_hint;
39adbffe 6985 ev.value = cpu_to_le32(value);
a5c29683 6986
744cf19e 6987 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6988 NULL);
a5c29683
JH		 6989}
6990
272d90df 6991int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6992 u8 link_type, u8 addr_type)
604086b7
BG		 6993{
6994 struct mgmt_ev_user_passkey_request ev;
6995
6996 BT_DBG("%s", hdev->name);
6997
272d90df 6998 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6999 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7000
7001 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7002 NULL);
604086b7
BG		 7003}
7004
0df4c185 7005static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7006 u8 link_type, u8 addr_type, u8 status,
7007 u8 opcode)
a5c29683 7008{
3b0602cd 7009 struct mgmt_pending_cmd *cmd;
a5c29683 7010
2e58ef3e 7011 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 7012 if (!cmd)
7013 return -ENOENT;
7014
7776d1d8 7015 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7016 mgmt_pending_remove(cmd);
a5c29683 7017
7776d1d8 7018 return 0;
a5c29683
JH		 7019}
7020
744cf19e 7021int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7022 u8 link_type, u8 addr_type, u8 status)
a5c29683 7023{
272d90df 7024 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7025 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7026}
7027
272d90df 7028int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7029 u8 link_type, u8 addr_type, u8 status)
a5c29683 7030{
272d90df 7031 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7032 status,
7033 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7034}
2a611692 7035
604086b7 7036int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7037 u8 link_type, u8 addr_type, u8 status)
604086b7 7038{
272d90df 7039 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7040 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7041}
7042
272d90df 7043int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7044 u8 link_type, u8 addr_type, u8 status)
604086b7 7045{
272d90df 7046 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7047 status,
7048 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7049}
7050
92a25256
JH		 7051int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7052 u8 link_type, u8 addr_type, u32 passkey,
7053 u8 entered)
7054{
7055 struct mgmt_ev_passkey_notify ev;
7056
7057 BT_DBG("%s", hdev->name);
7058
7059 bacpy(&ev.addr.bdaddr, bdaddr);
7060 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7061 ev.passkey = __cpu_to_le32(passkey);
7062 ev.entered = entered;
7063
7064 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7065}
7066
e1e930f5 7067void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7068{
7069 struct mgmt_ev_auth_failed ev;
3b0602cd 7070 struct mgmt_pending_cmd *cmd;
e1e930f5 7071 u8 status = mgmt_status(hci_status);
2a611692 7072
e1e930f5
JH		 7073 bacpy(&ev.addr.bdaddr, &conn->dst);
7074 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7075 ev.status = status;
2a611692 7076
e1e930f5
JH		 7077 cmd = find_pairing(conn);
7078
7079 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7080 cmd ? cmd->sk : NULL);
7081
a511b35b
JH		 7082 if (cmd) {
7083 cmd->cmd_complete(cmd, status);
7084 mgmt_pending_remove(cmd);
7085 }
2a611692 7086}
b312b161 7087
464996ae 7088void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7089{
7090 struct cmd_lookup match = { NULL, hdev };
464996ae 7091 bool changed;
33ef95ed
JH		 7092
7093 if (status) {
7094 u8 mgmt_err = mgmt_status(status);
7095 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7096 cmd_status_rsp, &mgmt_err);
464996ae 7097 return;
33ef95ed
JH		 7098 }
7099
464996ae
MH		 7100 if (test_bit(HCI_AUTH, &hdev->flags))
7101 changed = !test_and_set_bit(HCI_LINK_SECURITY,
7102 &hdev->dev_flags);
7103 else
7104 changed = test_and_clear_bit(HCI_LINK_SECURITY,
7105 &hdev->dev_flags);
47990ea0 7106
33ef95ed 7107 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7108 &match);
33ef95ed 7109
47990ea0 7110 if (changed)
464996ae 7111 new_settings(hdev, match.sk);
33ef95ed
JH		 7112
7113 if (match.sk)
7114 sock_put(match.sk);
33ef95ed
JH		 7115}
7116
890ea898 7117static void clear_eir(struct hci_request *req)
cacaf52f 7118{
890ea898 7119 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7120 struct hci_cp_write_eir cp;
7121
976eb20e 7122 if (!lmp_ext_inq_capable(hdev))
890ea898 7123 return;
cacaf52f 7124
c80da27e
JH		 7125 memset(hdev->eir, 0, sizeof(hdev->eir));
7126
cacaf52f
JH		 7127 memset(&cp, 0, sizeof(cp));
7128
890ea898 7129 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7130}
7131
3e248560 7132void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7133{
7134 struct cmd_lookup match = { NULL, hdev };
890ea898 7135 struct hci_request req;
c0ecddc2 7136 bool changed = false;
ed2c4ee3
JH		 7137
7138 if (status) {
7139 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 7140
7141 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 7142 &hdev->dev_flags)) {
7143 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 7144 new_settings(hdev, NULL);
9ecb3e24 7145 }
c0ecddc2 7146
04124681
GP		 7147 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7148 &mgmt_err);
3e248560 7149 return;
c0ecddc2
JH		 7150 }
7151
7152 if (enable) {
9ecb3e24 7153 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 7154 } else {
9ecb3e24
MH		 7155 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
7156 if (!changed)
7157 changed = test_and_clear_bit(HCI_HS_ENABLED,
7158 &hdev->dev_flags);
7159 else
7160 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 7161 }
7162
7163 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7164
c0ecddc2 7165 if (changed)
3e248560 7166 new_settings(hdev, match.sk);
ed2c4ee3 7167
5fc6ebb1 7168 if (match.sk)
ed2c4ee3
JH		 7169 sock_put(match.sk);
7170
890ea898
JH		 7171 hci_req_init(&req, hdev);
7172
3769972b
JH		 7173 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
7174 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
7175 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7176 sizeof(enable), &enable);
890ea898 7177 update_eir(&req);
3769972b 7178 } else {
890ea898 7179 clear_eir(&req);
3769972b 7180 }
890ea898
JH		 7181
7182 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7183}
7184
3b0602cd 7185static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7186{
7187 struct cmd_lookup *match = data;
7188
90e70454
JH		 7189 if (match->sk == NULL) {
7190 match->sk = cmd->sk;
7191 sock_hold(match->sk);
7192 }
90e70454
JH		 7193}
7194
4e1b0245
MH		 7195void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7196 u8 status)
7f9a903c 7197{
90e70454 7198 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7199
92da6097
JH		 7200 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7201 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7202 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7203
7204 if (!status)
4e1b0245
MH		 7205 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
7206 NULL);
90e70454
JH		 7207
7208 if (match.sk)
7209 sock_put(match.sk);
7f9a903c
MH		 7210}
7211
7667da34 7212void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7213{
b312b161 7214 struct mgmt_cp_set_local_name ev;
3b0602cd 7215 struct mgmt_pending_cmd *cmd;
28cc7bde 7216
13928971 7217 if (status)
7667da34 7218 return;
b312b161
JH		 7219
7220 memset(&ev, 0, sizeof(ev));
7221 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7222 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7223
2e58ef3e 7224 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7225 if (!cmd) {
7226 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7227
13928971
JH		 7228 /* If this is a HCI command related to powering on the
7229 * HCI dev don't send any mgmt signals.
7230 */
7231 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7232 return;
890ea898 7233 }
b312b161 7234
7667da34
MH		 7235 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7236 cmd ? cmd->sk : NULL);
b312b161 7237}
c35938b2 7238
4d2d2796 7239void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 7240 u8 *rand192, u8 *hash256, u8 *rand256,
7241 u8 status)
c35938b2 7242{
3b0602cd 7243 struct mgmt_pending_cmd *cmd;
c35938b2 7244
744cf19e 7245 BT_DBG("%s status %u", hdev->name, status);
c35938b2 7246
2e58ef3e 7247 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 7248 if (!cmd)
3edaf092 7249 return;
c35938b2
SJ		 7250
7251 if (status) {
a69e8375
JH		 7252 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7253 mgmt_status(status));
c35938b2 7254 } else {
66f096f7
JH		 7255 struct mgmt_rp_read_local_oob_data rp;
7256 size_t rp_size = sizeof(rp);
4d2d2796 7257
66f096f7
JH		 7258 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7259 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 7260
66f096f7 7261 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796 7262 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 7263 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
4d2d2796 7264 } else {
66f096f7 7265 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
4d2d2796 7266 }
66f096f7 7267
2a1afb5a
JH		 7268 mgmt_cmd_complete(cmd->sk, hdev->id,
7269 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7270 &rp, rp_size);
c35938b2
SJ		 7271 }
7272
7273 mgmt_pending_remove(cmd);
c35938b2 7274}
e17acd40 7275
799ce93d
JP		 7276static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7277{
7278 int i;
7279
7280 for (i = 0; i < uuid_count; i++) {
7281 if (!memcmp(uuid, uuids[i], 16))
7282 return true;
7283 }
7284
7285 return false;
7286}
7287
b487b9ce
MH		 7288static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7289{
799ce93d
JP		 7290 u16 parsed = 0;
7291
7292 while (parsed < eir_len) {
7293 u8 field_len = eir[0];
7294 u8 uuid[16];
7295 int i;
7296
7297 if (field_len == 0)
7298 break;
7299
7300 if (eir_len - parsed < field_len + 1)
7301 break;
7302
7303 switch (eir[1]) {
7304 case EIR_UUID16_ALL:
7305 case EIR_UUID16_SOME:
7306 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7307 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7308 uuid[13] = eir[i + 3];
7309 uuid[12] = eir[i + 2];
7310 if (has_uuid(uuid, uuid_count, uuids))
7311 return true;
7312 }
7313 break;
7314 case EIR_UUID32_ALL:
7315 case EIR_UUID32_SOME:
7316 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7317 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7318 uuid[15] = eir[i + 5];
7319 uuid[14] = eir[i + 4];
7320 uuid[13] = eir[i + 3];
7321 uuid[12] = eir[i + 2];
7322 if (has_uuid(uuid, uuid_count, uuids))
7323 return true;
7324 }
7325 break;
7326 case EIR_UUID128_ALL:
7327 case EIR_UUID128_SOME:
7328 for (i = 0; i + 17 <= field_len; i += 16) {
7329 memcpy(uuid, eir + i + 2, 16);
7330 if (has_uuid(uuid, uuid_count, uuids))
7331 return true;
7332 }
7333 break;
7334 }
7335
7336 parsed += field_len + 1;
7337 eir += field_len + 1;
7338 }
7339
b487b9ce
MH		 7340 return false;
7341}
7342
4b0e0ced
JP		 7343static void restart_le_scan(struct hci_dev *hdev)
7344{
7345 /* If controller is not scanning we are done. */
7346 if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags))
7347 return;
7348
7349 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7350 hdev->discovery.scan_start +
7351 hdev->discovery.scan_duration))
7352 return;
7353
7354 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
7355 DISCOV_LE_RESTART_DELAY);
7356}
7357
48f86b7f
JP		 7358static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7359 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7360{
48f86b7f
JP		 7361 /* If a RSSI threshold has been specified, and
7362 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7363 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7364 * is set, let it through for further processing, as we might need to
7365 * restart the scan.
efb2513f
MH		 7366 *
7367 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7368 * the results are also dropped.
bda157a4
MH		 7369 */
7370 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7371 (rssi == HCI_RSSI_INVALID ||
7372 (rssi < hdev->discovery.rssi &&
7373 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7374 return false;
efb2513f 7375
2976cdeb
JP		 7376 if (hdev->discovery.uuid_count != 0) {
7377 /* If a list of UUIDs is provided in filter, results with no
7378 * matching UUID should be dropped.
b487b9ce 7379 */
2976cdeb
JP		 7380 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7381 hdev->discovery.uuids) &&
7382 !eir_has_uuids(scan_rsp, scan_rsp_len,
7383 hdev->discovery.uuid_count,
7384 hdev->discovery.uuids))
7385 return false;
b487b9ce 7386 }
5d2e9fad 7387
2976cdeb
JP		 7388 /* If duplicate filtering does not report RSSI changes, then restart
7389 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7390 */
2976cdeb
JP		 7391 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7392 restart_le_scan(hdev);
7393
7394 /* Validate RSSI value against the RSSI threshold once more. */
7395 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7396 rssi < hdev->discovery.rssi)
7397 return false;
7398 }
48f86b7f
JP		 7399
7400 return true;
7401}
7402
7403void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7404 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7405 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7406{
7407 char buf[512];
7408 struct mgmt_ev_device_found *ev = (void *)buf;
7409 size_t ev_size;
7410
7411 /* Don't send events for a non-kernel initiated discovery. With
7412 * LE one exception is if we have pend_le_reports > 0 in which
7413 * case we're doing passive scanning and want these events.
7414 */
7415 if (!hci_discovery_active(hdev)) {
7416 if (link_type == ACL_LINK)
7417 return;
7418 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7419 return;
7420 }
7421
82f8b651 7422 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7423 /* We are using service discovery */
7424 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7425 scan_rsp_len))
7426 return;
7427 }
7428
7429 /* Make sure that the buffer is big enough. The 5 extra bytes
7430 * are for the potential CoD field.
7431 */
7432 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7433 return;
7434
48f86b7f
JP		 7435 memset(buf, 0, sizeof(buf));
7436
7437 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7438 * RSSI value was reported as 0 when not available. This behavior
7439 * is kept when using device discovery. This is required for full
7440 * backwards compatibility with the API.
7441 *
7442 * However when using service discovery, the value 127 will be
7443 * returned when the RSSI is not available.
7444 */
7445 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7446 link_type == ACL_LINK)
7447 rssi = 0;
7448
7449 bacpy(&ev->addr.bdaddr, bdaddr);
7450 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7451 ev->rssi = rssi;
7452 ev->flags = cpu_to_le32(flags);
7453
7454 if (eir_len > 0)
7455 /* Copy EIR or advertising data into event */
7456 memcpy(ev->eir, eir, eir_len);
7457
7458 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7459 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7460 dev_class, 3);
7461
7462 if (scan_rsp_len > 0)
7463 /* Append scan response data to event */
7464 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7465
5d2e9fad
JH		 7466 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7467 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7468
901801b9 7469 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7470}
a88a9652 7471
9cf12aee
MH		 7472void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7473 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7474{
b644ba33
JH		 7475 struct mgmt_ev_device_found *ev;
7476 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7477 u16 eir_len;
a88a9652 7478
b644ba33 7479 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7480
b644ba33
JH		 7481 memset(buf, 0, sizeof(buf));
7482
7483 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7484 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7485 ev->rssi = rssi;
7486
7487 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7488 name_len);
b644ba33 7489
eb55ef07 7490 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7491
9cf12aee 7492 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7493}
314b2381 7494
2f1e063b 7495void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7496{
f963e8e9 7497 struct mgmt_ev_discovering ev;
164a6e78 7498
343fb145
AG		 7499 BT_DBG("%s discovering %u", hdev->name, discovering);
7500
f963e8e9
JH		 7501 memset(&ev, 0, sizeof(ev));
7502 ev.type = hdev->discovery.type;
7503 ev.discovering = discovering;
7504
2f1e063b 7505 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7506}
5e762444 7507
1904a853 7508static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 7509{
7510 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 7511}
7512
7513void mgmt_reenable_advertising(struct hci_dev *hdev)
7514{
7515 struct hci_request req;
7516
5976e608
MH		 7517 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
7518 return;
7519
7520 hci_req_init(&req, hdev);
7521 enable_advertising(&req);
0ec5ae84 7522 hci_req_run(&req, adv_enable_complete);
5976e608 7523}
6d785aa3
JH		 7524
7525static struct hci_mgmt_chan chan = {
7526 .channel = HCI_CHANNEL_CONTROL,
7527 .handler_count = ARRAY_SIZE(mgmt_handlers),
7528 .handlers = mgmt_handlers,
7529};
7530
7531int mgmt_init(void)
7532{
7533 return hci_mgmt_chan_register(&chan);
7534}
7535
7536void mgmt_exit(void)
7537{
7538 hci_mgmt_chan_unregister(&chan);
7539}
Linux kernel - Deliverables
This page took 0.846541 seconds and 5 git commands to generate.