projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Introduce hci_dev_change_flag helper macro
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
0381101f 38
2da9c55c 39#define MGMT_VERSION 1
beb1c21b 40#define MGMT_REVISION 9
02d98129 41
e70bb2e8
JH		 42static const u16 mgmt_commands[] = {
43 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_READ_INFO,
45 MGMT_OP_SET_POWERED,
46 MGMT_OP_SET_DISCOVERABLE,
47 MGMT_OP_SET_CONNECTABLE,
48 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 49 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 50 MGMT_OP_SET_LINK_SECURITY,
51 MGMT_OP_SET_SSP,
52 MGMT_OP_SET_HS,
53 MGMT_OP_SET_LE,
54 MGMT_OP_SET_DEV_CLASS,
55 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_ADD_UUID,
57 MGMT_OP_REMOVE_UUID,
58 MGMT_OP_LOAD_LINK_KEYS,
59 MGMT_OP_LOAD_LONG_TERM_KEYS,
60 MGMT_OP_DISCONNECT,
61 MGMT_OP_GET_CONNECTIONS,
62 MGMT_OP_PIN_CODE_REPLY,
63 MGMT_OP_PIN_CODE_NEG_REPLY,
64 MGMT_OP_SET_IO_CAPABILITY,
65 MGMT_OP_PAIR_DEVICE,
66 MGMT_OP_CANCEL_PAIR_DEVICE,
67 MGMT_OP_UNPAIR_DEVICE,
68 MGMT_OP_USER_CONFIRM_REPLY,
69 MGMT_OP_USER_CONFIRM_NEG_REPLY,
70 MGMT_OP_USER_PASSKEY_REPLY,
71 MGMT_OP_USER_PASSKEY_NEG_REPLY,
72 MGMT_OP_READ_LOCAL_OOB_DATA,
73 MGMT_OP_ADD_REMOTE_OOB_DATA,
74 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
75 MGMT_OP_START_DISCOVERY,
76 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_CONFIRM_NAME,
78 MGMT_OP_BLOCK_DEVICE,
79 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 80 MGMT_OP_SET_DEVICE_ID,
4375f103 81 MGMT_OP_SET_ADVERTISING,
0663ca2a 82 MGMT_OP_SET_BREDR,
d13eafce 83 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 84 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 85 MGMT_OP_SET_SECURE_CONN,
4e39ac81 86 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 87 MGMT_OP_SET_PRIVACY,
41edf160 88 MGMT_OP_LOAD_IRKS,
dd983808 89 MGMT_OP_GET_CONN_INFO,
95868426 90 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 91 MGMT_OP_ADD_DEVICE,
92 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 93 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 94 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 95 MGMT_OP_READ_CONFIG_INFO,
dbece37a 96 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 97 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 98 MGMT_OP_START_SERVICE_DISCOVERY,
e70bb2e8
JH		 99};
100
101static const u16 mgmt_events[] = {
102 MGMT_EV_CONTROLLER_ERROR,
103 MGMT_EV_INDEX_ADDED,
104 MGMT_EV_INDEX_REMOVED,
105 MGMT_EV_NEW_SETTINGS,
106 MGMT_EV_CLASS_OF_DEV_CHANGED,
107 MGMT_EV_LOCAL_NAME_CHANGED,
108 MGMT_EV_NEW_LINK_KEY,
109 MGMT_EV_NEW_LONG_TERM_KEY,
110 MGMT_EV_DEVICE_CONNECTED,
111 MGMT_EV_DEVICE_DISCONNECTED,
112 MGMT_EV_CONNECT_FAILED,
113 MGMT_EV_PIN_CODE_REQUEST,
114 MGMT_EV_USER_CONFIRM_REQUEST,
115 MGMT_EV_USER_PASSKEY_REQUEST,
116 MGMT_EV_AUTH_FAILED,
117 MGMT_EV_DEVICE_FOUND,
118 MGMT_EV_DISCOVERING,
119 MGMT_EV_DEVICE_BLOCKED,
120 MGMT_EV_DEVICE_UNBLOCKED,
121 MGMT_EV_DEVICE_UNPAIRED,
92a25256 122 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 123 MGMT_EV_NEW_IRK,
7ee4ea36 124 MGMT_EV_NEW_CSRK,
8afef092
MH		 125 MGMT_EV_DEVICE_ADDED,
126 MGMT_EV_DEVICE_REMOVED,
ffb5a827 127 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 128 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 129 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 130 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 131};
132
17b02e62 133#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 134
d25b78e2
JH		 135#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
136 "\x00\x00\x00\x00\x00\x00\x00\x00"
137
3b0602cd 138struct mgmt_pending_cmd {
eec8d2bc 139 struct list_head list;
fc2f4b13 140 u16 opcode;
eec8d2bc 141 int index;
c68fb7ff 142 void *param;
323b0b88 143 size_t param_len;
eec8d2bc 144 struct sock *sk;
e9a416b5 145 void *user_data;
3b0602cd 146 int (*cmd_complete)(struct mgmt_pending_cmd *cmd, u8 status);
eec8d2bc
JH		 147};
148
ca69b795
JH		 149/* HCI to MGMT error code conversion table */
150static u8 mgmt_status_table[] = {
151 MGMT_STATUS_SUCCESS,
152 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
153 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
154 MGMT_STATUS_FAILED, /* Hardware Failure */
155 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
156 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 157 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 158 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
159 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
160 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
161 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
162 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
163 MGMT_STATUS_BUSY, /* Command Disallowed */
164 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
165 MGMT_STATUS_REJECTED, /* Rejected Security */
166 MGMT_STATUS_REJECTED, /* Rejected Personal */
167 MGMT_STATUS_TIMEOUT, /* Host Timeout */
168 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
169 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
170 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
171 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
172 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
173 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
174 MGMT_STATUS_BUSY, /* Repeated Attempts */
175 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
176 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
177 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
178 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
179 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
180 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
181 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
182 MGMT_STATUS_FAILED, /* Unspecified Error */
183 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
184 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
185 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
186 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
187 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
188 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
189 MGMT_STATUS_FAILED, /* Unit Link Key Used */
190 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
191 MGMT_STATUS_TIMEOUT, /* Instant Passed */
192 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
193 MGMT_STATUS_FAILED, /* Transaction Collision */
194 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
195 MGMT_STATUS_REJECTED, /* QoS Rejected */
196 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
197 MGMT_STATUS_REJECTED, /* Insufficient Security */
198 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
199 MGMT_STATUS_BUSY, /* Role Switch Pending */
200 MGMT_STATUS_FAILED, /* Slot Violation */
201 MGMT_STATUS_FAILED, /* Role Switch Failed */
202 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
203 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
204 MGMT_STATUS_BUSY, /* Host Busy Pairing */
205 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
206 MGMT_STATUS_BUSY, /* Controller Busy */
207 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
208 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
209 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
210 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
211 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
212};
213
214static u8 mgmt_status(u8 hci_status)
215{
216 if (hci_status < ARRAY_SIZE(mgmt_status_table))
217 return mgmt_status_table[hci_status];
218
219 return MGMT_STATUS_FAILED;
220}
221
7a00ff44
JH		 222static int mgmt_send_event(u16 event, struct hci_dev *hdev,
223 unsigned short channel, void *data, u16 data_len,
224 struct sock *skip_sk)
04c60f05
MH		 225{
226 struct sk_buff *skb;
227 struct mgmt_hdr *hdr;
228
229 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
230 if (!skb)
231 return -ENOMEM;
232
233 hdr = (void *) skb_put(skb, sizeof(*hdr));
234 hdr->opcode = cpu_to_le16(event);
235 if (hdev)
236 hdr->index = cpu_to_le16(hdev->id);
237 else
238 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
239 hdr->len = cpu_to_le16(data_len);
240
241 if (data)
242 memcpy(skb_put(skb, data_len), data, data_len);
243
244 /* Time stamp */
245 __net_timestamp(skb);
246
7a00ff44 247 hci_send_to_channel(channel, skb, skip_sk);
04c60f05
MH		 248 kfree_skb(skb);
249
250 return 0;
251}
252
7a00ff44
JH		 253static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
254 struct sock *skip_sk)
255{
256 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
257 skip_sk);
258}
259
a69e8375 260static int mgmt_cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 261{
262 struct sk_buff *skb;
263 struct mgmt_hdr *hdr;
264 struct mgmt_ev_cmd_status *ev;
56b7d137 265 int err;
f7b64e69 266
34eb525c 267 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 268
790eff44 269 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 270 if (!skb)
271 return -ENOMEM;
272
273 hdr = (void *) skb_put(skb, sizeof(*hdr));
274
dcf4adbf 275 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 276 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 277 hdr->len = cpu_to_le16(sizeof(*ev));
278
279 ev = (void *) skb_put(skb, sizeof(*ev));
280 ev->status = status;
eb55ef07 281 ev->opcode = cpu_to_le16(cmd);
f7b64e69 282
56b7d137
GP		 283 err = sock_queue_rcv_skb(sk, skb);
284 if (err < 0)
f7b64e69
JH		 285 kfree_skb(skb);
286
56b7d137 287 return err;
f7b64e69
JH		 288}
289
2a1afb5a
JH		 290static int mgmt_cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
291 void *rp, size_t rp_len)
02d98129
JH		 292{
293 struct sk_buff *skb;
294 struct mgmt_hdr *hdr;
295 struct mgmt_ev_cmd_complete *ev;
56b7d137 296 int err;
02d98129
JH		 297
298 BT_DBG("sock %p", sk);
299
790eff44 300 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 301 if (!skb)
302 return -ENOMEM;
303
304 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 305
dcf4adbf 306 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 307 hdr->index = cpu_to_le16(index);
a38528f1 308 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 309
a38528f1 310 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 311 ev->opcode = cpu_to_le16(cmd);
aee9b218 312 ev->status = status;
8020c16a
SJ		 313
314 if (rp)
315 memcpy(ev->data, rp, rp_len);
02d98129 316
56b7d137
GP		 317 err = sock_queue_rcv_skb(sk, skb);
318 if (err < 0)
02d98129
JH		 319 kfree_skb(skb);
320
e5f0e151 321 return err;
02d98129
JH		 322}
323
04124681
GP		 324static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
325 u16 data_len)
a38528f1
JH		 326{
327 struct mgmt_rp_read_version rp;
328
329 BT_DBG("sock %p", sk);
330
331 rp.version = MGMT_VERSION;
dcf4adbf 332 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 333
2a1afb5a
JH		 334 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
335 &rp, sizeof(rp));
a38528f1
JH		 336}
337
04124681
GP		 338static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
339 u16 data_len)
e70bb2e8
JH		 340{
341 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 342 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
343 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 344 __le16 *opcode;
e70bb2e8
JH		 345 size_t rp_size;
346 int i, err;
347
348 BT_DBG("sock %p", sk);
349
350 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
351
352 rp = kmalloc(rp_size, GFP_KERNEL);
353 if (!rp)
354 return -ENOMEM;
355
dcf4adbf
JP		 356 rp->num_commands = cpu_to_le16(num_commands);
357 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 358
359 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
360 put_unaligned_le16(mgmt_commands[i], opcode);
361
362 for (i = 0; i < num_events; i++, opcode++)
363 put_unaligned_le16(mgmt_events[i], opcode);
364
2a1afb5a
JH		 365 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
366 rp, rp_size);
e70bb2e8
JH		 367 kfree(rp);
368
369 return err;
370}
371
04124681
GP		 372static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
373 u16 data_len)
faba42eb 374{
faba42eb 375 struct mgmt_rp_read_index_list *rp;
8035ded4 376 struct hci_dev *d;
a38528f1 377 size_t rp_len;
faba42eb 378 u16 count;
476e44cb 379 int err;
faba42eb
JH		 380
381 BT_DBG("sock %p", sk);
382
383 read_lock(&hci_dev_list_lock);
384
385 count = 0;
bb4b2a9a 386 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 387 if (d->dev_type == HCI_BREDR &&
d7a5a11d 388 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 389 count++;
faba42eb
JH		 390 }
391
a38528f1
JH		 392 rp_len = sizeof(*rp) + (2 * count);
393 rp = kmalloc(rp_len, GFP_ATOMIC);
394 if (!rp) {
b2c60d42 395 read_unlock(&hci_dev_list_lock);
faba42eb 396 return -ENOMEM;
b2c60d42 397 }
faba42eb 398
476e44cb 399 count = 0;
8035ded4 400 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 401 if (hci_dev_test_flag(d, HCI_SETUP) ||
402 hci_dev_test_flag(d, HCI_CONFIG) ||
403 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 404 continue;
405
73d1df2a
MH		 406 /* Devices marked as raw-only are neither configured
407 * nor unconfigured controllers.
408 */
409 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 410 continue;
411
73d1df2a 412 if (d->dev_type == HCI_BREDR &&
d7a5a11d 413 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 414 rp->index[count++] = cpu_to_le16(d->id);
415 BT_DBG("Added hci%u", d->id);
416 }
faba42eb
JH		 417 }
418
476e44cb
JH		 419 rp->num_controllers = cpu_to_le16(count);
420 rp_len = sizeof(*rp) + (2 * count);
421
faba42eb
JH		 422 read_unlock(&hci_dev_list_lock);
423
2a1afb5a
JH		 424 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
425 0, rp, rp_len);
faba42eb 426
a38528f1
JH		 427 kfree(rp);
428
429 return err;
faba42eb
JH		 430}
431
73d1df2a
MH		 432static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
433 void *data, u16 data_len)
434{
435 struct mgmt_rp_read_unconf_index_list *rp;
436 struct hci_dev *d;
437 size_t rp_len;
438 u16 count;
439 int err;
440
441 BT_DBG("sock %p", sk);
442
443 read_lock(&hci_dev_list_lock);
444
445 count = 0;
446 list_for_each_entry(d, &hci_dev_list, list) {
447 if (d->dev_type == HCI_BREDR &&
d7a5a11d 448 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 449 count++;
450 }
451
452 rp_len = sizeof(*rp) + (2 * count);
453 rp = kmalloc(rp_len, GFP_ATOMIC);
454 if (!rp) {
455 read_unlock(&hci_dev_list_lock);
456 return -ENOMEM;
457 }
458
459 count = 0;
460 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 461 if (hci_dev_test_flag(d, HCI_SETUP) ||
462 hci_dev_test_flag(d, HCI_CONFIG) ||
463 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 464 continue;
465
466 /* Devices marked as raw-only are neither configured
467 * nor unconfigured controllers.
468 */
469 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
470 continue;
471
472 if (d->dev_type == HCI_BREDR &&
d7a5a11d 473 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 474 rp->index[count++] = cpu_to_le16(d->id);
475 BT_DBG("Added hci%u", d->id);
476 }
477 }
478
479 rp->num_controllers = cpu_to_le16(count);
480 rp_len = sizeof(*rp) + (2 * count);
481
482 read_unlock(&hci_dev_list_lock);
483
2a1afb5a
JH		 484 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
485 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 486
487 kfree(rp);
488
489 return err;
490}
491
dbece37a
MH		 492static bool is_configured(struct hci_dev *hdev)
493{
494 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 495 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 496 return false;
497
498 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
499 !bacmp(&hdev->public_addr, BDADDR_ANY))
500 return false;
501
502 return true;
503}
504
89bc22d2
MH		 505static __le32 get_missing_options(struct hci_dev *hdev)
506{
507 u32 options = 0;
508
dbece37a 509 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 510 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 511 options |= MGMT_OPTION_EXTERNAL_CONFIG;
512
89bc22d2
MH		 513 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
514 !bacmp(&hdev->public_addr, BDADDR_ANY))
515 options |= MGMT_OPTION_PUBLIC_ADDRESS;
516
517 return cpu_to_le32(options);
518}
519
f4537c04
MH		 520static int new_options(struct hci_dev *hdev, struct sock *skip)
521{
522 __le32 options = get_missing_options(hdev);
523
524 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
525 sizeof(options), skip);
526}
527
dbece37a
MH		 528static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
529{
530 __le32 options = get_missing_options(hdev);
531
2a1afb5a
JH		 532 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
533 sizeof(options));
dbece37a
MH		 534}
535
9fc3bfb6
MH		 536static int read_config_info(struct sock *sk, struct hci_dev *hdev,
537 void *data, u16 data_len)
538{
539 struct mgmt_rp_read_config_info rp;
89bc22d2 540 u32 options = 0;
9fc3bfb6
MH		 541
542 BT_DBG("sock %p %s", sk, hdev->name);
543
544 hci_dev_lock(hdev);
545
546 memset(&rp, 0, sizeof(rp));
547 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 548
eb1904f4
MH		 549 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
550 options |= MGMT_OPTION_EXTERNAL_CONFIG;
551
9fc3bfb6 552 if (hdev->set_bdaddr)
89bc22d2
MH		 553 options |= MGMT_OPTION_PUBLIC_ADDRESS;
554
555 rp.supported_options = cpu_to_le32(options);
556 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 557
558 hci_dev_unlock(hdev);
559
2a1afb5a
JH		 560 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
561 &rp, sizeof(rp));
9fc3bfb6
MH		 562}
563
69ab39ea
JH		 564static u32 get_supported_settings(struct hci_dev *hdev)
565{
566 u32 settings = 0;
567
568 settings |= MGMT_SETTING_POWERED;
b2939475 569 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 570 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 571 settings |= MGMT_SETTING_CONNECTABLE;
572 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 573
ed3fa31f 574 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 575 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
576 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 577 settings |= MGMT_SETTING_BREDR;
578 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 579
580 if (lmp_ssp_capable(hdev)) {
581 settings |= MGMT_SETTING_SSP;
582 settings |= MGMT_SETTING_HS;
583 }
e98d2ce2 584
05b3c3e7 585 if (lmp_sc_capable(hdev))
e98d2ce2 586 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 587 }
d7b7e796 588
eeca6f89 589 if (lmp_le_capable(hdev)) {
9d42820f 590 settings |= MGMT_SETTING_LE;
eeca6f89 591 settings |= MGMT_SETTING_ADVERTISING;
a3209694 592 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 593 settings |= MGMT_SETTING_PRIVACY;
93690c22 594 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 595 }
69ab39ea 596
eb1904f4
MH		 597 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
598 hdev->set_bdaddr)
9fc3bfb6
MH		 599 settings |= MGMT_SETTING_CONFIGURATION;
600
69ab39ea
JH		 601 return settings;
602}
603
604static u32 get_current_settings(struct hci_dev *hdev)
605{
606 u32 settings = 0;
607
f1f0eb02 608 if (hdev_is_powered(hdev))
f0d4b78a
MH		 609 settings |= MGMT_SETTING_POWERED;
610
d7a5a11d 611 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 612 settings |= MGMT_SETTING_CONNECTABLE;
613
d7a5a11d 614 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 615 settings |= MGMT_SETTING_FAST_CONNECTABLE;
616
d7a5a11d 617 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 618 settings |= MGMT_SETTING_DISCOVERABLE;
619
d7a5a11d 620 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 621 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 622
d7a5a11d 623 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 624 settings |= MGMT_SETTING_BREDR;
625
d7a5a11d 626 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 627 settings |= MGMT_SETTING_LE;
628
d7a5a11d 629 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 630 settings |= MGMT_SETTING_LINK_SECURITY;
631
d7a5a11d 632 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 633 settings |= MGMT_SETTING_SSP;
634
d7a5a11d 635 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 636 settings |= MGMT_SETTING_HS;
637
d7a5a11d 638 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 639 settings |= MGMT_SETTING_ADVERTISING;
640
d7a5a11d 641 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 642 settings |= MGMT_SETTING_SECURE_CONN;
643
d7a5a11d 644 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 645 settings |= MGMT_SETTING_DEBUG_KEYS;
646
d7a5a11d 647 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 648 settings |= MGMT_SETTING_PRIVACY;
649
93690c22
MH		 650 /* The current setting for static address has two purposes. The
651 * first is to indicate if the static address will be used and
652 * the second is to indicate if it is actually set.
653 *
654 * This means if the static address is not configured, this flag
655 * will never bet set. If the address is configured, then if the
656 * address is actually used decides if the flag is set or not.
657 *
658 * For single mode LE only controllers and dual-mode controllers
659 * with BR/EDR disabled, the existence of the static address will
660 * be evaluated.
661 */
662 if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ||
d7a5a11d 663 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 664 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
665 if (bacmp(&hdev->static_addr, BDADDR_ANY))
666 settings |= MGMT_SETTING_STATIC_ADDRESS;
667 }
668
69ab39ea
JH		 669 return settings;
670}
671
ef580372
JH		 672#define PNP_INFO_SVCLASS_ID 0x1200
673
213202ed
JH		 674static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
675{
676 u8 *ptr = data, *uuids_start = NULL;
677 struct bt_uuid *uuid;
678
679 if (len < 4)
680 return ptr;
681
682 list_for_each_entry(uuid, &hdev->uuids, list) {
683 u16 uuid16;
684
685 if (uuid->size != 16)
686 continue;
687
688 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
689 if (uuid16 < 0x1100)
690 continue;
691
692 if (uuid16 == PNP_INFO_SVCLASS_ID)
693 continue;
694
695 if (!uuids_start) {
696 uuids_start = ptr;
697 uuids_start[0] = 1;
698 uuids_start[1] = EIR_UUID16_ALL;
699 ptr += 2;
700 }
701
702 /* Stop if not enough space to put next UUID */
703 if ((ptr - data) + sizeof(u16) > len) {
704 uuids_start[1] = EIR_UUID16_SOME;
705 break;
706 }
707
708 *ptr++ = (uuid16 & 0x00ff);
709 *ptr++ = (uuid16 & 0xff00) >> 8;
710 uuids_start[0] += sizeof(uuid16);
711 }
712
713 return ptr;
714}
715
cdf1963f
JH		 716static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
717{
718 u8 *ptr = data, *uuids_start = NULL;
719 struct bt_uuid *uuid;
720
721 if (len < 6)
722 return ptr;
723
724 list_for_each_entry(uuid, &hdev->uuids, list) {
725 if (uuid->size != 32)
726 continue;
727
728 if (!uuids_start) {
729 uuids_start = ptr;
730 uuids_start[0] = 1;
731 uuids_start[1] = EIR_UUID32_ALL;
732 ptr += 2;
733 }
734
735 /* Stop if not enough space to put next UUID */
736 if ((ptr - data) + sizeof(u32) > len) {
737 uuids_start[1] = EIR_UUID32_SOME;
738 break;
739 }
740
741 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
742 ptr += sizeof(u32);
743 uuids_start[0] += sizeof(u32);
744 }
745
746 return ptr;
747}
748
c00d575b
JH		 749static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
750{
751 u8 *ptr = data, *uuids_start = NULL;
752 struct bt_uuid *uuid;
753
754 if (len < 18)
755 return ptr;
756
757 list_for_each_entry(uuid, &hdev->uuids, list) {
758 if (uuid->size != 128)
759 continue;
760
761 if (!uuids_start) {
762 uuids_start = ptr;
763 uuids_start[0] = 1;
764 uuids_start[1] = EIR_UUID128_ALL;
765 ptr += 2;
766 }
767
768 /* Stop if not enough space to put next UUID */
769 if ((ptr - data) + 16 > len) {
770 uuids_start[1] = EIR_UUID128_SOME;
771 break;
772 }
773
774 memcpy(ptr, uuid->uuid, 16);
775 ptr += 16;
776 uuids_start[0] += 16;
777 }
778
779 return ptr;
780}
781
3b0602cd
JH		 782static struct mgmt_pending_cmd *mgmt_pending_find(u16 opcode,
783 struct hci_dev *hdev)
eb2a8d20 784{
3b0602cd 785 struct mgmt_pending_cmd *cmd;
eb2a8d20
JH		 786
787 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
788 if (cmd->opcode == opcode)
789 return cmd;
790 }
791
792 return NULL;
793}
794
3b0602cd
JH		 795static struct mgmt_pending_cmd *mgmt_pending_find_data(u16 opcode,
796 struct hci_dev *hdev,
797 const void *data)
95868426 798{
3b0602cd 799 struct mgmt_pending_cmd *cmd;
95868426
JH		 800
801 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
802 if (cmd->user_data != data)
803 continue;
804 if (cmd->opcode == opcode)
805 return cmd;
806 }
807
808 return NULL;
809}
810
f14d8f64
MH		 811static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
812{
7a5f4990
MH		 813 u8 ad_len = 0;
814 size_t name_len;
815
816 name_len = strlen(hdev->dev_name);
817 if (name_len > 0) {
818 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
819
820 if (name_len > max_len) {
821 name_len = max_len;
822 ptr[1] = EIR_NAME_SHORT;
823 } else
824 ptr[1] = EIR_NAME_COMPLETE;
825
826 ptr[0] = name_len + 1;
827
828 memcpy(ptr + 2, hdev->dev_name, name_len);
829
830 ad_len += (name_len + 2);
831 ptr += (name_len + 2);
832 }
833
834 return ad_len;
f14d8f64
MH		 835}
836
837static void update_scan_rsp_data(struct hci_request *req)
838{
839 struct hci_dev *hdev = req->hdev;
840 struct hci_cp_le_set_scan_rsp_data cp;
841 u8 len;
842
d7a5a11d 843 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
f14d8f64
MH		 844 return;
845
846 memset(&cp, 0, sizeof(cp));
847
848 len = create_scan_rsp_data(hdev, cp.data);
849
eb438b5f
JH		 850 if (hdev->scan_rsp_data_len == len &&
851 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 852 return;
853
eb438b5f
JH		 854 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
855 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 856
857 cp.length = len;
858
859 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
860}
861
9a43e25f
JH		 862static u8 get_adv_discov_flags(struct hci_dev *hdev)
863{
3b0602cd 864 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 865
866 /* If there's a pending mgmt command the flags will not yet have
867 * their final values, so check for this first.
868 */
869 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
870 if (cmd) {
871 struct mgmt_mode *cp = cmd->param;
872 if (cp->val == 0x01)
873 return LE_AD_GENERAL;
874 else if (cp->val == 0x02)
875 return LE_AD_LIMITED;
876 } else {
d7a5a11d 877 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 878 return LE_AD_LIMITED;
d7a5a11d 879 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 880 return LE_AD_GENERAL;
881 }
882
883 return 0;
884}
885
46cad2ed 886static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 887{
888 u8 ad_len = 0, flags = 0;
441ad2d0 889
9a43e25f 890 flags |= get_adv_discov_flags(hdev);
441ad2d0 891
d7a5a11d 892 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
441ad2d0 893 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 894
895 if (flags) {
896 BT_DBG("adv flags 0x%02x", flags);
897
898 ptr[0] = 2;
899 ptr[1] = EIR_FLAGS;
900 ptr[2] = flags;
901
902 ad_len += 3;
903 ptr += 3;
904 }
905
906 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
907 ptr[0] = 2;
908 ptr[1] = EIR_TX_POWER;
909 ptr[2] = (u8) hdev->adv_tx_power;
910
911 ad_len += 3;
912 ptr += 3;
913 }
914
441ad2d0
MH		 915 return ad_len;
916}
917
5947f4bc 918static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 919{
920 struct hci_dev *hdev = req->hdev;
921 struct hci_cp_le_set_adv_data cp;
922 u8 len;
923
d7a5a11d 924 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
441ad2d0
MH		 925 return;
926
927 memset(&cp, 0, sizeof(cp));
928
46cad2ed 929 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 930
931 if (hdev->adv_data_len == len &&
932 memcmp(cp.data, hdev->adv_data, len) == 0)
933 return;
934
935 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
936 hdev->adv_data_len = len;
937
938 cp.length = len;
939
940 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
941}
942
bc6d2d04
JH		 943int mgmt_update_adv_data(struct hci_dev *hdev)
944{
945 struct hci_request req;
946
947 hci_req_init(&req, hdev);
948 update_adv_data(&req);
949
950 return hci_req_run(&req, NULL);
951}
952
ef580372
JH		 953static void create_eir(struct hci_dev *hdev, u8 *data)
954{
955 u8 *ptr = data;
ef580372
JH		 956 size_t name_len;
957
958 name_len = strlen(hdev->dev_name);
959
960 if (name_len > 0) {
961 /* EIR Data type */
962 if (name_len > 48) {
963 name_len = 48;
964 ptr[1] = EIR_NAME_SHORT;
965 } else
966 ptr[1] = EIR_NAME_COMPLETE;
967
968 /* EIR Data length */
969 ptr[0] = name_len + 1;
970
971 memcpy(ptr + 2, hdev->dev_name, name_len);
972
ef580372
JH		 973 ptr += (name_len + 2);
974 }
975
bbaf444a 976 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 977 ptr[0] = 2;
978 ptr[1] = EIR_TX_POWER;
979 ptr[2] = (u8) hdev->inq_tx_power;
980
91c4e9b1
MH		 981 ptr += 3;
982 }
983
2b9be137
MH		 984 if (hdev->devid_source > 0) {
985 ptr[0] = 9;
986 ptr[1] = EIR_DEVICE_ID;
987
988 put_unaligned_le16(hdev->devid_source, ptr + 2);
989 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
990 put_unaligned_le16(hdev->devid_product, ptr + 6);
991 put_unaligned_le16(hdev->devid_version, ptr + 8);
992
2b9be137
MH		 993 ptr += 10;
994 }
995
213202ed 996 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 997 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 998 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 999}
1000
890ea898 1001static void update_eir(struct hci_request *req)
ef580372 1002{
890ea898 1003 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1004 struct hci_cp_write_eir cp;
1005
504c8dcd 1006 if (!hdev_is_powered(hdev))
890ea898 1007 return;
7770c4aa 1008
976eb20e 1009 if (!lmp_ext_inq_capable(hdev))
890ea898 1010 return;
ef580372 1011
d7a5a11d 1012 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
890ea898 1013 return;
ef580372 1014
d7a5a11d 1015 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1016 return;
ef580372
JH		 1017
1018 memset(&cp, 0, sizeof(cp));
1019
1020 create_eir(hdev, cp.data);
1021
1022 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 1023 return;
ef580372
JH		 1024
1025 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1026
890ea898 1027 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 1028}
1029
1030static u8 get_service_classes(struct hci_dev *hdev)
1031{
1032 struct bt_uuid *uuid;
1033 u8 val = 0;
1034
1035 list_for_each_entry(uuid, &hdev->uuids, list)
1036 val |= uuid->svc_hint;
1037
1038 return val;
1039}
1040
890ea898 1041static void update_class(struct hci_request *req)
ef580372 1042{
890ea898 1043 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1044 u8 cod[3];
1045
1046 BT_DBG("%s", hdev->name);
1047
504c8dcd 1048 if (!hdev_is_powered(hdev))
890ea898 1049 return;
7770c4aa 1050
d7a5a11d 1051 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
f87ea1da
JH		 1052 return;
1053
d7a5a11d 1054 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1055 return;
ef580372
JH		 1056
1057 cod[0] = hdev->minor_class;
1058 cod[1] = hdev->major_class;
1059 cod[2] = get_service_classes(hdev);
1060
d7a5a11d 1061 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
6acd7db4
MH		 1062 cod[1] |= 0x20;
1063
ef580372 1064 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1065 return;
ef580372 1066
890ea898 1067 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1068}
1069
a4858cb9 1070static bool get_connectable(struct hci_dev *hdev)
199a2fb1 1071{
3b0602cd 1072 struct mgmt_pending_cmd *cmd;
199a2fb1
JH		 1073
1074 /* If there's a pending mgmt command the flag will not yet have
1075 * it's final value, so check for this first.
1076 */
1077 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1078 if (cmd) {
1079 struct mgmt_mode *cp = cmd->param;
a4858cb9 1080 return cp->val;
199a2fb1
JH		 1081 }
1082
d7a5a11d 1083 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
199a2fb1
JH		 1084}
1085
0ec5ae84
JH		 1086static void disable_advertising(struct hci_request *req)
1087{
1088 u8 enable = 0x00;
1089
1090 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1091}
1092
199a2fb1
JH		 1093static void enable_advertising(struct hci_request *req)
1094{
1095 struct hci_dev *hdev = req->hdev;
1096 struct hci_cp_le_set_adv_param cp;
8f2a0601 1097 u8 own_addr_type, enable = 0x01;
a4858cb9 1098 bool connectable;
199a2fb1 1099
0ec5ae84
JH		 1100 if (hci_conn_num(hdev, LE_LINK) > 0)
1101 return;
1102
d7a5a11d 1103 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
0ec5ae84
JH		 1104 disable_advertising(req);
1105
5ce194c4 1106 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1107 * hci_update_random_address knows that it's safe to go ahead
1108 * and write a new random address. The flag will be set back on
1109 * as soon as the SET_ADV_ENABLE HCI command completes.
1110 */
a358dc11 1111 hci_dev_clear_flag(hdev, HCI_LE_ADV);
8d97250e 1112
d7a5a11d 1113 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
cc91cb04
MH		 1114 connectable = true;
1115 else
1116 connectable = get_connectable(hdev);
8f2a0601 1117
a4858cb9
JH		 1118 /* Set require_privacy to true only when non-connectable
1119 * advertising is used. In that case it is fine to use a
1120 * non-resolvable private address.
1121 */
1122 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1123 return;
1124
41c90c18 1125 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1126 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1127 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1128 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1129 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1130 cp.channel_map = hdev->le_adv_channel_map;
1131
1132 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1133
1134 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1135}
1136
7d78525d
JH		 1137static void service_cache_off(struct work_struct *work)
1138{
1139 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1140 service_cache.work);
890ea898 1141 struct hci_request req;
7d78525d 1142
a8b2d5c2 1143 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1144 return;
1145
890ea898
JH		 1146 hci_req_init(&req, hdev);
1147
7d78525d
JH		 1148 hci_dev_lock(hdev);
1149
890ea898
JH		 1150 update_eir(&req);
1151 update_class(&req);
7d78525d
JH		 1152
1153 hci_dev_unlock(hdev);
890ea898
JH		 1154
1155 hci_req_run(&req, NULL);
7d78525d
JH		 1156}
1157
d6bfd59c
JH		 1158static void rpa_expired(struct work_struct *work)
1159{
1160 struct hci_dev *hdev = container_of(work, struct hci_dev,
1161 rpa_expired.work);
1162 struct hci_request req;
1163
1164 BT_DBG("");
1165
a1536da2 1166 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 1167
d7a5a11d 1168 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 1169 return;
1170
1171 /* The generation of a new RPA and programming it into the
1172 * controller happens in the enable_advertising() function.
1173 */
d6bfd59c 1174 hci_req_init(&req, hdev);
d6bfd59c 1175 enable_advertising(&req);
d6bfd59c
JH		 1176 hci_req_run(&req, NULL);
1177}
1178
6a919082 1179static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1180{
4f87da80 1181 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1182 return;
1183
4f87da80 1184 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1185 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1186
4f87da80
JH		 1187 /* Non-mgmt controlled devices get this bit set
1188 * implicitly so that pairing works for them, however
1189 * for mgmt we require user-space to explicitly enable
1190 * it
1191 */
a358dc11 1192 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 1193}
1194
0f4e68cf 1195static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1196 void *data, u16 data_len)
0381101f 1197{
a38528f1 1198 struct mgmt_rp_read_info rp;
f7b64e69 1199
bdb6d971 1200 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1201
09fd0de5 1202 hci_dev_lock(hdev);
f7b64e69 1203
dc4fe30b
JH		 1204 memset(&rp, 0, sizeof(rp));
1205
69ab39ea 1206 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1207
69ab39ea 1208 rp.version = hdev->hci_ver;
eb55ef07 1209 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1210
1211 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1212 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1213
a38528f1 1214 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1215
dc4fe30b 1216 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1217 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1218
09fd0de5 1219 hci_dev_unlock(hdev);
0381101f 1220
2a1afb5a
JH		 1221 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1222 sizeof(rp));
0381101f
JH		 1223}
1224
3b0602cd 1225static void mgmt_pending_free(struct mgmt_pending_cmd *cmd)
eec8d2bc
JH		 1226{
1227 sock_put(cmd->sk);
c68fb7ff 1228 kfree(cmd->param);
eec8d2bc
JH		 1229 kfree(cmd);
1230}
1231
3b0602cd
JH		 1232static struct mgmt_pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1233 struct hci_dev *hdev,
1234 void *data, u16 len)
eec8d2bc 1235{
3b0602cd 1236 struct mgmt_pending_cmd *cmd;
eec8d2bc 1237
fca20018 1238 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1239 if (!cmd)
366a0336 1240 return NULL;
eec8d2bc
JH		 1241
1242 cmd->opcode = opcode;
2e58ef3e 1243 cmd->index = hdev->id;
eec8d2bc 1244
323b0b88 1245 cmd->param = kmemdup(data, len, GFP_KERNEL);
c68fb7ff 1246 if (!cmd->param) {
eec8d2bc 1247 kfree(cmd);
366a0336 1248 return NULL;
eec8d2bc
JH		 1249 }
1250
323b0b88 1251 cmd->param_len = len;
eec8d2bc
JH		 1252
1253 cmd->sk = sk;
1254 sock_hold(sk);
1255
2e58ef3e 1256 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1257
366a0336 1258 return cmd;
eec8d2bc
JH		 1259}
1260
744cf19e 1261static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
3b0602cd 1262 void (*cb)(struct mgmt_pending_cmd *cmd,
8fc9ced3 1263 void *data),
04124681 1264 void *data)
eec8d2bc 1265{
3b0602cd 1266 struct mgmt_pending_cmd *cmd, *tmp;
eec8d2bc 1267
a3d09356 1268 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1269 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1270 continue;
1271
eec8d2bc
JH		 1272 cb(cmd, data);
1273 }
1274}
1275
3b0602cd 1276static void mgmt_pending_remove(struct mgmt_pending_cmd *cmd)
73f22f62 1277{
73f22f62
JH		 1278 list_del(&cmd->list);
1279 mgmt_pending_free(cmd);
1280}
1281
69ab39ea 1282static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1283{
69ab39ea 1284 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1285
2a1afb5a
JH		 1286 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1287 sizeof(settings));
8680570b
JH		 1288}
1289
1904a853 1290static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1291{
1292 BT_DBG("%s status 0x%02x", hdev->name, status);
1293
a3172b7e
JH		 1294 if (hci_conn_count(hdev) == 0) {
1295 cancel_delayed_work(&hdev->power_off);
8b064a3a 1296 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1297 }
8b064a3a
JH		 1298}
1299
23a48093 1300static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1301{
1302 struct hci_dev *hdev = req->hdev;
1303 struct hci_cp_remote_name_req_cancel cp;
1304 struct inquiry_entry *e;
1305
1306 switch (hdev->discovery.state) {
1307 case DISCOVERY_FINDING:
1308 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1309 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1310 } else {
1311 cancel_delayed_work(&hdev->le_scan_disable);
1312 hci_req_add_le_scan_disable(req);
1313 }
1314
23a48093 1315 return true;
21a60d30
JH		 1316
1317 case DISCOVERY_RESOLVING:
1318 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1319 NAME_PENDING);
1320 if (!e)
23a48093 1321 break;
21a60d30
JH		 1322
1323 bacpy(&cp.bdaddr, &e->data.bdaddr);
1324 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1325 &cp);
1326
23a48093 1327 return true;
21a60d30
JH		 1328
1329 default:
1330 /* Passive scanning */
d7a5a11d 1331 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
21a60d30 1332 hci_req_add_le_scan_disable(req);
23a48093
JH		 1333 return true;
1334 }
1335
21a60d30
JH		 1336 break;
1337 }
23a48093
JH		 1338
1339 return false;
21a60d30
JH		 1340}
1341
8b064a3a
JH		 1342static int clean_up_hci_state(struct hci_dev *hdev)
1343{
1344 struct hci_request req;
1345 struct hci_conn *conn;
23a48093
JH		 1346 bool discov_stopped;
1347 int err;
8b064a3a
JH		 1348
1349 hci_req_init(&req, hdev);
1350
1351 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1352 test_bit(HCI_PSCAN, &hdev->flags)) {
1353 u8 scan = 0x00;
1354 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1355 }
1356
d7a5a11d 1357 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
8b064a3a
JH		 1358 disable_advertising(&req);
1359
23a48093 1360 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1361
1362 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1363 struct hci_cp_disconnect dc;
c9910d0f
JH		 1364 struct hci_cp_reject_conn_req rej;
1365
1366 switch (conn->state) {
1367 case BT_CONNECTED:
1368 case BT_CONFIG:
1369 dc.handle = cpu_to_le16(conn->handle);
1370 dc.reason = 0x15; /* Terminated due to Power Off */
1371 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1372 break;
1373 case BT_CONNECT:
1374 if (conn->type == LE_LINK)
1375 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1376 0, NULL);
1377 else if (conn->type == ACL_LINK)
1378 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1379 6, &conn->dst);
1380 break;
1381 case BT_CONNECT2:
1382 bacpy(&rej.bdaddr, &conn->dst);
1383 rej.reason = 0x15; /* Terminated due to Power Off */
1384 if (conn->type == ACL_LINK)
1385 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1386 sizeof(rej), &rej);
1387 else if (conn->type == SCO_LINK)
1388 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1389 sizeof(rej), &rej);
1390 break;
1391 }
8b064a3a
JH		 1392 }
1393
23a48093
JH		 1394 err = hci_req_run(&req, clean_up_hci_complete);
1395 if (!err && discov_stopped)
1396 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1397
1398 return err;
8b064a3a
JH		 1399}
1400
bdb6d971 1401static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1402 u16 len)
eec8d2bc 1403{
650f726d 1404 struct mgmt_mode *cp = data;
3b0602cd 1405 struct mgmt_pending_cmd *cmd;
4b34ee78 1406 int err;
eec8d2bc 1407
bdb6d971 1408 BT_DBG("request for %s", hdev->name);
eec8d2bc 1409
a7e80f25 1410 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1411 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1412 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1413
09fd0de5 1414 hci_dev_lock(hdev);
eec8d2bc 1415
87b95ba6 1416 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1417 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1418 MGMT_STATUS_BUSY);
87b95ba6
JH		 1419 goto failed;
1420 }
1421
f0d4b78a
MH		 1422 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1423 cancel_delayed_work(&hdev->power_off);
1424
1425 if (cp->val) {
a1d70450
JH		 1426 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1427 data, len);
1428 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1429 goto failed;
1430 }
1431 }
1432
4b34ee78 1433 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1434 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1435 goto failed;
1436 }
1437
2e58ef3e 1438 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1439 if (!cmd) {
1440 err = -ENOMEM;
eec8d2bc 1441 goto failed;
366a0336 1442 }
eec8d2bc 1443
8b064a3a 1444 if (cp->val) {
19202573 1445 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1446 err = 0;
1447 } else {
1448 /* Disconnect connections, stop scans, etc */
1449 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1450 if (!err)
1451 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1452 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1453
8b064a3a
JH		 1454 /* ENODATA means there were no HCI commands queued */
1455 if (err == -ENODATA) {
a3172b7e 1456 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1457 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1458 err = 0;
1459 }
1460 }
eec8d2bc
JH		 1461
1462failed:
09fd0de5 1463 hci_dev_unlock(hdev);
366a0336 1464 return err;
eec8d2bc
JH		 1465}
1466
beadb2bd
JH		 1467static int new_settings(struct hci_dev *hdev, struct sock *skip)
1468{
1469 __le32 ev;
1470
1471 ev = cpu_to_le32(get_current_settings(hdev));
1472
1473 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1474}
1475
91a668b0
JH		 1476int mgmt_new_settings(struct hci_dev *hdev)
1477{
1478 return new_settings(hdev, NULL);
1479}
1480
bd99abdd
JH		 1481struct cmd_lookup {
1482 struct sock *sk;
1483 struct hci_dev *hdev;
1484 u8 mgmt_status;
1485};
1486
3b0602cd 1487static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1488{
1489 struct cmd_lookup *match = data;
1490
1491 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1492
1493 list_del(&cmd->list);
1494
1495 if (match->sk == NULL) {
1496 match->sk = cmd->sk;
1497 sock_hold(match->sk);
1498 }
1499
1500 mgmt_pending_free(cmd);
1501}
1502
3b0602cd 1503static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1504{
1505 u8 *status = data;
1506
a69e8375 1507 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1508 mgmt_pending_remove(cmd);
1509}
1510
3b0602cd 1511static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1512{
1513 if (cmd->cmd_complete) {
1514 u8 *status = data;
1515
1516 cmd->cmd_complete(cmd, *status);
1517 mgmt_pending_remove(cmd);
1518
1519 return;
1520 }
1521
1522 cmd_status_rsp(cmd, data);
1523}
1524
3b0602cd 1525static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1526{
2a1afb5a
JH		 1527 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1528 cmd->param, cmd->param_len);
f5818c22
JH		 1529}
1530
3b0602cd 1531static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1532{
2a1afb5a
JH		 1533 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1534 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1535}
1536
e6fe7986
JH		 1537static u8 mgmt_bredr_support(struct hci_dev *hdev)
1538{
1539 if (!lmp_bredr_capable(hdev))
1540 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1541 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1542 return MGMT_STATUS_REJECTED;
1543 else
1544 return MGMT_STATUS_SUCCESS;
1545}
1546
1547static u8 mgmt_le_support(struct hci_dev *hdev)
1548{
1549 if (!lmp_le_capable(hdev))
1550 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1551 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1552 return MGMT_STATUS_REJECTED;
1553 else
1554 return MGMT_STATUS_SUCCESS;
1555}
1556
1904a853
MH		 1557static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1558 u16 opcode)
bfaf8c9f 1559{
3b0602cd 1560 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1561 struct mgmt_mode *cp;
970ba524 1562 struct hci_request req;
bfaf8c9f
JH		 1563 bool changed;
1564
1565 BT_DBG("status 0x%02x", status);
1566
1567 hci_dev_lock(hdev);
1568
1569 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1570 if (!cmd)
1571 goto unlock;
1572
1573 if (status) {
1574 u8 mgmt_err = mgmt_status(status);
a69e8375 1575 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1576 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1577 goto remove_cmd;
1578 }
1579
1580 cp = cmd->param;
d4462a07 1581 if (cp->val) {
bfaf8c9f
JH		 1582 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1583 &hdev->dev_flags);
d4462a07
MH		 1584
1585 if (hdev->discov_timeout > 0) {
1586 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1587 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1588 to);
1589 }
1590 } else {
bfaf8c9f
JH		 1591 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1592 &hdev->dev_flags);
d4462a07 1593 }
bfaf8c9f
JH		 1594
1595 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1596
1597 if (changed)
1598 new_settings(hdev, cmd->sk);
1599
970ba524
MH		 1600 /* When the discoverable mode gets changed, make sure
1601 * that class of device has the limited discoverable
432df05e
JH		 1602 * bit correctly set. Also update page scan based on whitelist
1603 * entries.
970ba524
MH		 1604 */
1605 hci_req_init(&req, hdev);
1d2dc5b7 1606 __hci_update_page_scan(&req);
970ba524
MH		 1607 update_class(&req);
1608 hci_req_run(&req, NULL);
1609
bfaf8c9f
JH		 1610remove_cmd:
1611 mgmt_pending_remove(cmd);
1612
1613unlock:
1614 hci_dev_unlock(hdev);
1615}
1616
bdb6d971 1617static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1618 u16 len)
73f22f62 1619{
650f726d 1620 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1621 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1622 struct hci_request req;
5e5282bb 1623 u16 timeout;
9a43e25f 1624 u8 scan;
73f22f62
JH		 1625 int err;
1626
bdb6d971 1627 BT_DBG("request for %s", hdev->name);
73f22f62 1628
d7a5a11d
MH		 1629 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1630 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1631 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1632 MGMT_STATUS_REJECTED);
33c525c0 1633
310a3d48 1634 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1635 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1636 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1637
1f350c87 1638 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1639
1640 /* Disabling discoverable requires that no timeout is set,
1641 * and enabling limited discoverable requires a timeout.
1642 */
1643 if ((cp->val == 0x00 && timeout > 0) ||
1644 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1645 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1646 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1647
09fd0de5 1648 hci_dev_lock(hdev);
73f22f62 1649
5e5282bb 1650 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1651 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1652 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1653 goto failed;
1654 }
1655
2e58ef3e 1656 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1657 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1658 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1659 MGMT_STATUS_BUSY);
73f22f62
JH		 1660 goto failed;
1661 }
1662
d7a5a11d 1663 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1664 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1665 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1666 goto failed;
1667 }
1668
1669 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1670 bool changed = false;
1671
310a3d48
MH		 1672 /* Setting limited discoverable when powered off is
1673 * not a valid operation since it requires a timeout
1674 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1675 */
d7a5a11d 1676 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1677 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1678 changed = true;
1679 }
1680
5e5282bb 1681 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1682 if (err < 0)
1683 goto failed;
1684
1685 if (changed)
1686 err = new_settings(hdev, sk);
1687
5e5282bb
JH		 1688 goto failed;
1689 }
1690
310a3d48
MH		 1691 /* If the current mode is the same, then just update the timeout
1692 * value with the new value. And if only the timeout gets updated,
1693 * then no need for any HCI transactions.
1694 */
d7a5a11d
MH		 1695 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1696 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1697 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1698 cancel_delayed_work(&hdev->discov_off);
1699 hdev->discov_timeout = timeout;
955638ec 1700
36261547
MH		 1701 if (cp->val && hdev->discov_timeout > 0) {
1702 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1703 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1704 to);
955638ec
MH		 1705 }
1706
69ab39ea 1707 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1708 goto failed;
1709 }
1710
2e58ef3e 1711 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1712 if (!cmd) {
1713 err = -ENOMEM;
73f22f62 1714 goto failed;
366a0336 1715 }
73f22f62 1716
310a3d48
MH		 1717 /* Cancel any potential discoverable timeout that might be
1718 * still active and store new timeout value. The arming of
1719 * the timeout happens in the complete handler.
1720 */
1721 cancel_delayed_work(&hdev->discov_off);
1722 hdev->discov_timeout = timeout;
1723
b456f87c
JH		 1724 /* Limited discoverable mode */
1725 if (cp->val == 0x02)
a1536da2 1726 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1727 else
a358dc11 1728 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1729
bfaf8c9f
JH		 1730 hci_req_init(&req, hdev);
1731
9a43e25f
JH		 1732 /* The procedure for LE-only controllers is much simpler - just
1733 * update the advertising data.
1734 */
d7a5a11d 1735 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
9a43e25f
JH		 1736 goto update_ad;
1737
73f22f62
JH		 1738 scan = SCAN_PAGE;
1739
310a3d48
MH		 1740 if (cp->val) {
1741 struct hci_cp_write_current_iac_lap hci_cp;
1742
1743 if (cp->val == 0x02) {
1744 /* Limited discoverable mode */
33337dcb 1745 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1746 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1747 hci_cp.iac_lap[1] = 0x8b;
1748 hci_cp.iac_lap[2] = 0x9e;
1749 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1750 hci_cp.iac_lap[4] = 0x8b;
1751 hci_cp.iac_lap[5] = 0x9e;
1752 } else {
1753 /* General discoverable mode */
310a3d48
MH		 1754 hci_cp.num_iac = 1;
1755 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1756 hci_cp.iac_lap[1] = 0x8b;
1757 hci_cp.iac_lap[2] = 0x9e;
1758 }
1759
1760 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1761 (hci_cp.num_iac * 3) + 1, &hci_cp);
1762
73f22f62 1763 scan |= SCAN_INQUIRY;
310a3d48 1764 } else {
a358dc11 1765 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
310a3d48 1766 }
73f22f62 1767
310a3d48 1768 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1769
9a43e25f
JH		 1770update_ad:
1771 update_adv_data(&req);
1772
bfaf8c9f 1773 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1774 if (err < 0)
a664b5bc 1775 mgmt_pending_remove(cmd);
73f22f62
JH		 1776
1777failed:
09fd0de5 1778 hci_dev_unlock(hdev);
73f22f62
JH		 1779 return err;
1780}
1781
406d7804
JH		 1782static void write_fast_connectable(struct hci_request *req, bool enable)
1783{
bd98b996 1784 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1785 struct hci_cp_write_page_scan_activity acp;
1786 u8 type;
1787
d7a5a11d 1788 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
547003b1
JH		 1789 return;
1790
4c01f8b8
JH		 1791 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1792 return;
1793
406d7804
JH		 1794 if (enable) {
1795 type = PAGE_SCAN_TYPE_INTERLACED;
1796
1797 /* 160 msec page scan interval */
dcf4adbf 1798 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1799 } else {
1800 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1801
1802 /* default 1.28 sec page scan */
dcf4adbf 1803 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1804 }
1805
dcf4adbf 1806 acp.window = cpu_to_le16(0x0012);
406d7804 1807
bd98b996
JH		 1808 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1809 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1810 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1811 sizeof(acp), &acp);
1812
1813 if (hdev->page_scan_type != type)
1814 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1815}
1816
1904a853
MH		 1817static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1818 u16 opcode)
2b76f453 1819{
3b0602cd 1820 struct mgmt_pending_cmd *cmd;
d7b856f9 1821 struct mgmt_mode *cp;
bc6d2d04 1822 bool conn_changed, discov_changed;
2b76f453
JH		 1823
1824 BT_DBG("status 0x%02x", status);
1825
1826 hci_dev_lock(hdev);
1827
1828 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1829 if (!cmd)
1830 goto unlock;
1831
37438c1f
JH		 1832 if (status) {
1833 u8 mgmt_err = mgmt_status(status);
a69e8375 1834 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1835 goto remove_cmd;
1836 }
1837
d7b856f9 1838 cp = cmd->param;
bc6d2d04
JH		 1839 if (cp->val) {
1840 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1841 &hdev->dev_flags);
1842 discov_changed = false;
1843 } else {
1844 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1845 &hdev->dev_flags);
1846 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1847 &hdev->dev_flags);
1848 }
d7b856f9 1849
2b76f453
JH		 1850 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1851
bc6d2d04 1852 if (conn_changed || discov_changed) {
d7b856f9 1853 new_settings(hdev, cmd->sk);
1d2dc5b7 1854 hci_update_page_scan(hdev);
bc6d2d04
JH		 1855 if (discov_changed)
1856 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1857 hci_update_background_scan(hdev);
1858 }
d7b856f9 1859
37438c1f 1860remove_cmd:
2b76f453
JH		 1861 mgmt_pending_remove(cmd);
1862
1863unlock:
1864 hci_dev_unlock(hdev);
1865}
1866
e8ba3a1f
JH		 1867static int set_connectable_update_settings(struct hci_dev *hdev,
1868 struct sock *sk, u8 val)
1869{
1870 bool changed = false;
1871 int err;
1872
d7a5a11d 1873 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1874 changed = true;
1875
1876 if (val) {
a1536da2 1877 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1878 } else {
a358dc11
MH		 1879 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1880 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1881 }
1882
1883 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1884 if (err < 0)
1885 return err;
1886
562064e6 1887 if (changed) {
1d2dc5b7 1888 hci_update_page_scan(hdev);
562064e6 1889 hci_update_background_scan(hdev);
e8ba3a1f 1890 return new_settings(hdev, sk);
562064e6 1891 }
e8ba3a1f
JH		 1892
1893 return 0;
1894}
1895
bdb6d971 1896static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1897 u16 len)
9fbcbb45 1898{
650f726d 1899 struct mgmt_mode *cp = data;
3b0602cd 1900 struct mgmt_pending_cmd *cmd;
2b76f453 1901 struct hci_request req;
1987fdc7 1902 u8 scan;
9fbcbb45
JH		 1903 int err;
1904
bdb6d971 1905 BT_DBG("request for %s", hdev->name);
9fbcbb45 1906
d7a5a11d
MH		 1907 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1908 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1909 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1910 MGMT_STATUS_REJECTED);
33c525c0 1911
a7e80f25 1912 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1913 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1914 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1915
09fd0de5 1916 hci_dev_lock(hdev);
9fbcbb45 1917
4b34ee78 1918 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1919 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1920 goto failed;
1921 }
1922
2e58ef3e 1923 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1924 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1925 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1926 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1927 goto failed;
1928 }
1929
2e58ef3e 1930 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1931 if (!cmd) {
1932 err = -ENOMEM;
9fbcbb45 1933 goto failed;
366a0336 1934 }
9fbcbb45 1935
9b74246f 1936 hci_req_init(&req, hdev);
9fbcbb45 1937
9a43e25f
JH		 1938 /* If BR/EDR is not enabled and we disable advertising as a
1939 * by-product of disabling connectable, we need to update the
1940 * advertising flags.
1941 */
d7a5a11d 1942 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
9a43e25f 1943 if (!cp->val) {
a358dc11
MH		 1944 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1945 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
9a43e25f
JH		 1946 }
1947 update_adv_data(&req);
1948 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1949 if (cp->val) {
1950 scan = SCAN_PAGE;
1951 } else {
3bd27240
JH		 1952 /* If we don't have any whitelist entries just
1953 * disable all scanning. If there are entries
1954 * and we had both page and inquiry scanning
1955 * enabled then fall back to only page scanning.
1956 * Otherwise no changes are needed.
1957 */
1958 if (list_empty(&hdev->whitelist))
1959 scan = SCAN_DISABLED;
1960 else if (test_bit(HCI_ISCAN, &hdev->flags))
1961 scan = SCAN_PAGE;
1962 else
1963 goto no_scan_update;
9b74246f
JH		 1964
1965 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1966 hdev->discov_timeout > 0)
9b74246f
JH		 1967 cancel_delayed_work(&hdev->discov_off);
1968 }
2b76f453 1969
9b74246f
JH		 1970 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1971 }
2b76f453 1972
3bd27240 1973no_scan_update:
e8b1202c 1974 /* Update the advertising parameters if necessary */
d7a5a11d 1975 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
1987fdc7 1976 enable_advertising(&req);
1987fdc7 1977
2b76f453 1978 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1979 if (err < 0) {
a664b5bc 1980 mgmt_pending_remove(cmd);
9b74246f 1981 if (err == -ENODATA)
a81070ba
JH		 1982 err = set_connectable_update_settings(hdev, sk,
1983 cp->val);
9b74246f
JH		 1984 goto failed;
1985 }
9fbcbb45
JH		 1986
1987failed:
09fd0de5 1988 hci_dev_unlock(hdev);
9fbcbb45
JH		 1989 return err;
1990}
1991
b2939475 1992static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1993 u16 len)
c542a06c 1994{
650f726d 1995 struct mgmt_mode *cp = data;
55594356 1996 bool changed;
c542a06c
JH		 1997 int err;
1998
bdb6d971 1999 BT_DBG("request for %s", hdev->name);
c542a06c 2000
a7e80f25 2001 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2002 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2003 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2004
09fd0de5 2005 hci_dev_lock(hdev);
c542a06c
JH		 2006
2007 if (cp->val)
b6ae8457 2008 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 2009 else
b6ae8457 2010 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 2011
b2939475 2012 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 2013 if (err < 0)
55594356 2014 goto unlock;
c542a06c 2015
55594356
MH		 2016 if (changed)
2017 err = new_settings(hdev, sk);
c542a06c 2018
55594356 2019unlock:
09fd0de5 2020 hci_dev_unlock(hdev);
c542a06c
JH		 2021 return err;
2022}
2023
04124681
GP		 2024static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2025 u16 len)
33ef95ed
JH		 2026{
2027 struct mgmt_mode *cp = data;
3b0602cd 2028 struct mgmt_pending_cmd *cmd;
e6fe7986 2029 u8 val, status;
33ef95ed
JH		 2030 int err;
2031
bdb6d971 2032 BT_DBG("request for %s", hdev->name);
33ef95ed 2033
e6fe7986
JH		 2034 status = mgmt_bredr_support(hdev);
2035 if (status)
a69e8375
JH		 2036 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2037 status);
33c525c0 2038
a7e80f25 2039 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2040 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2041 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2042
33ef95ed
JH		 2043 hci_dev_lock(hdev);
2044
4b34ee78 2045 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2046 bool changed = false;
2047
d7a5a11d 2048 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 2049 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 2050 changed = true;
2051 }
2052
2053 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2054 if (err < 0)
2055 goto failed;
2056
2057 if (changed)
2058 err = new_settings(hdev, sk);
2059
33ef95ed
JH		 2060 goto failed;
2061 }
2062
2063 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 2064 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2065 MGMT_STATUS_BUSY);
33ef95ed
JH		 2066 goto failed;
2067 }
2068
2069 val = !!cp->val;
2070
2071 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2072 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2073 goto failed;
2074 }
2075
2076 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2077 if (!cmd) {
2078 err = -ENOMEM;
2079 goto failed;
2080 }
2081
2082 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2083 if (err < 0) {
2084 mgmt_pending_remove(cmd);
2085 goto failed;
2086 }
2087
2088failed:
2089 hci_dev_unlock(hdev);
33ef95ed
JH		 2090 return err;
2091}
2092
bdb6d971 2093static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2094{
2095 struct mgmt_mode *cp = data;
3b0602cd 2096 struct mgmt_pending_cmd *cmd;
72ef0c1a 2097 u8 status;
ed2c4ee3
JH		 2098 int err;
2099
bdb6d971 2100 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2101
cdba5281
MH		 2102 status = mgmt_bredr_support(hdev);
2103 if (status)
a69e8375 2104 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 2105
13ecd8b6 2106 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2107 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2108 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2109
a7e80f25 2110 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2111 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2112 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2113
13ecd8b6 2114 hci_dev_lock(hdev);
6c8f12c1 2115
4b34ee78 2116 if (!hdev_is_powered(hdev)) {
9ecb3e24 2117 bool changed;
c0ecddc2 2118
9ecb3e24
MH		 2119 if (cp->val) {
2120 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2121 &hdev->dev_flags);
2122 } else {
2123 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2124 &hdev->dev_flags);
2125 if (!changed)
2126 changed = test_and_clear_bit(HCI_HS_ENABLED,
2127 &hdev->dev_flags);
2128 else
a358dc11 2129 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 2130 }
2131
2132 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2133 if (err < 0)
2134 goto failed;
2135
2136 if (changed)
2137 err = new_settings(hdev, sk);
2138
ed2c4ee3
JH		 2139 goto failed;
2140 }
2141
94d52dad 2142 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2143 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2144 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2145 goto failed;
2146 }
2147
d7a5a11d 2148 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 2149 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2150 goto failed;
2151 }
2152
2153 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2154 if (!cmd) {
2155 err = -ENOMEM;
2156 goto failed;
2157 }
2158
d7a5a11d 2159 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 2160 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2161 sizeof(cp->val), &cp->val);
2162
72ef0c1a 2163 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2164 if (err < 0) {
2165 mgmt_pending_remove(cmd);
2166 goto failed;
2167 }
2168
2169failed:
2170 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2171 return err;
2172}
2173
bdb6d971 2174static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2175{
2176 struct mgmt_mode *cp = data;
ee392693 2177 bool changed;
e6fe7986 2178 u8 status;
ee392693 2179 int err;
6d80dfd0 2180
bdb6d971 2181 BT_DBG("request for %s", hdev->name);
6d80dfd0 2182
e6fe7986
JH		 2183 status = mgmt_bredr_support(hdev);
2184 if (status)
a69e8375 2185 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2186
9ecb3e24 2187 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2188 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2189 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 2190
d7a5a11d 2191 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 2192 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2193 MGMT_STATUS_REJECTED);
9ecb3e24 2194
a7e80f25 2195 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2196 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2197 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2198
ee392693
MH		 2199 hci_dev_lock(hdev);
2200
a2cb01de 2201 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2202 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2203 MGMT_STATUS_BUSY);
a2cb01de
JH		 2204 goto unlock;
2205 }
2206
a0cdf960 2207 if (cp->val) {
ee392693 2208 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2209 } else {
2210 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2211 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2212 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2213 goto unlock;
2214 }
2215
ee392693 2216 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2217 }
ee392693
MH		 2218
2219 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2220 if (err < 0)
2221 goto unlock;
2222
2223 if (changed)
2224 err = new_settings(hdev, sk);
6d80dfd0 2225
ee392693
MH		 2226unlock:
2227 hci_dev_unlock(hdev);
2228 return err;
6d80dfd0
JH		 2229}
2230
1904a853 2231static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2232{
2233 struct cmd_lookup match = { NULL, hdev };
2234
3ad67582
JK		 2235 hci_dev_lock(hdev);
2236
416a4ae5
JH		 2237 if (status) {
2238 u8 mgmt_err = mgmt_status(status);
2239
2240 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2241 &mgmt_err);
3ad67582 2242 goto unlock;
416a4ae5
JH		 2243 }
2244
2245 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2246
2247 new_settings(hdev, match.sk);
2248
2249 if (match.sk)
2250 sock_put(match.sk);
441ad2d0
MH		 2251
2252 /* Make sure the controller has a good default for
2253 * advertising data. Restrict the update to when LE
2254 * has actually been enabled. During power on, the
2255 * update in powered_update_hci will take care of it.
2256 */
d7a5a11d 2257 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 2258 struct hci_request req;
2259
441ad2d0 2260 hci_req_init(&req, hdev);
5947f4bc 2261 update_adv_data(&req);
f14d8f64 2262 update_scan_rsp_data(&req);
2cf22218 2263 __hci_update_background_scan(&req);
441ad2d0 2264 hci_req_run(&req, NULL);
441ad2d0 2265 }
3ad67582
JK		 2266
2267unlock:
2268 hci_dev_unlock(hdev);
416a4ae5
JH		 2269}
2270
bdb6d971 2271static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2272{
2273 struct mgmt_mode *cp = data;
2274 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 2275 struct mgmt_pending_cmd *cmd;
416a4ae5 2276 struct hci_request req;
06199cf8 2277 int err;
0b60eba1 2278 u8 val, enabled;
06199cf8 2279
bdb6d971 2280 BT_DBG("request for %s", hdev->name);
06199cf8 2281
13ecd8b6 2282 if (!lmp_le_capable(hdev))
a69e8375
JH		 2283 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2284 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2285
a7e80f25 2286 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2287 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2288 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2289
c73eee91 2290 /* LE-only devices do not allow toggling LE on/off */
d7a5a11d 2291 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 2292 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2293 MGMT_STATUS_REJECTED);
c73eee91 2294
13ecd8b6 2295 hci_dev_lock(hdev);
06199cf8
JH		 2296
2297 val = !!cp->val;
ffa88e02 2298 enabled = lmp_host_le_capable(hdev);
06199cf8 2299
0b60eba1 2300 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2301 bool changed = false;
2302
d7a5a11d 2303 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 2304 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 2305 changed = true;
2306 }
2307
d7a5a11d 2308 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 2309 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 2310 changed = true;
2311 }
2312
06199cf8
JH		 2313 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2314 if (err < 0)
1de028ce 2315 goto unlock;
06199cf8
JH		 2316
2317 if (changed)
2318 err = new_settings(hdev, sk);
2319
1de028ce 2320 goto unlock;
06199cf8
JH		 2321 }
2322
4375f103
JH		 2323 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2324 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2325 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2326 MGMT_STATUS_BUSY);
1de028ce 2327 goto unlock;
06199cf8
JH		 2328 }
2329
2330 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2331 if (!cmd) {
2332 err = -ENOMEM;
1de028ce 2333 goto unlock;
06199cf8
JH		 2334 }
2335
441ad2d0
MH		 2336 hci_req_init(&req, hdev);
2337
06199cf8
JH		 2338 memset(&hci_cp, 0, sizeof(hci_cp));
2339
2340 if (val) {
2341 hci_cp.le = val;
32226e4f 2342 hci_cp.simul = 0x00;
441ad2d0 2343 } else {
d7a5a11d 2344 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
441ad2d0 2345 disable_advertising(&req);
06199cf8
JH		 2346 }
2347
416a4ae5
JH		 2348 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2349 &hci_cp);
2350
2351 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2352 if (err < 0)
06199cf8 2353 mgmt_pending_remove(cmd);
06199cf8 2354
1de028ce
JH		 2355unlock:
2356 hci_dev_unlock(hdev);
06199cf8
JH		 2357 return err;
2358}
2359
0cab9c80
JH		 2360/* This is a helper function to test for pending mgmt commands that can
2361 * cause CoD or EIR HCI commands. We can only allow one such pending
2362 * mgmt command at a time since otherwise we cannot easily track what
2363 * the current values are, will be, and based on that calculate if a new
2364 * HCI command needs to be sent and if yes with what value.
2365 */
2366static bool pending_eir_or_class(struct hci_dev *hdev)
2367{
3b0602cd 2368 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2369
2370 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2371 switch (cmd->opcode) {
2372 case MGMT_OP_ADD_UUID:
2373 case MGMT_OP_REMOVE_UUID:
2374 case MGMT_OP_SET_DEV_CLASS:
2375 case MGMT_OP_SET_POWERED:
2376 return true;
2377 }
2378 }
2379
2380 return false;
2381}
2382
83be8eca
JH		 2383static const u8 bluetooth_base_uuid[] = {
2384 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2385 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2386};
2387
2388static u8 get_uuid_size(const u8 *uuid)
2389{
2390 u32 val;
2391
2392 if (memcmp(uuid, bluetooth_base_uuid, 12))
2393 return 128;
2394
2395 val = get_unaligned_le32(&uuid[12]);
2396 if (val > 0xffff)
2397 return 32;
2398
2399 return 16;
2400}
2401
92da6097
JH		 2402static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2403{
3b0602cd 2404 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2405
2406 hci_dev_lock(hdev);
2407
2408 cmd = mgmt_pending_find(mgmt_op, hdev);
2409 if (!cmd)
2410 goto unlock;
2411
2a1afb5a
JH		 2412 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2413 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2414
2415 mgmt_pending_remove(cmd);
2416
2417unlock:
2418 hci_dev_unlock(hdev);
2419}
2420
1904a853 2421static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2422{
2423 BT_DBG("status 0x%02x", status);
2424
2425 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2426}
2427
bdb6d971 2428static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2429{
650f726d 2430 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2431 struct mgmt_pending_cmd *cmd;
890ea898 2432 struct hci_request req;
2aeb9a1a 2433 struct bt_uuid *uuid;
2aeb9a1a
JH		 2434 int err;
2435
bdb6d971 2436 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2437
09fd0de5 2438 hci_dev_lock(hdev);
2aeb9a1a 2439
0cab9c80 2440 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2441 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2442 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2443 goto failed;
2444 }
2445
92c4c204 2446 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2447 if (!uuid) {
2448 err = -ENOMEM;
2449 goto failed;
2450 }
2451
2452 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2453 uuid->svc_hint = cp->svc_hint;
83be8eca 2454 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2455
de66aa63 2456 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2457
890ea898 2458 hci_req_init(&req, hdev);
1aff6f09 2459
890ea898
JH		 2460 update_class(&req);
2461 update_eir(&req);
2462
92da6097
JH		 2463 err = hci_req_run(&req, add_uuid_complete);
2464 if (err < 0) {
2465 if (err != -ENODATA)
2466 goto failed;
80a1e1db 2467
2a1afb5a
JH		 2468 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2469 hdev->dev_class, 3);
90e70454
JH		 2470 goto failed;
2471 }
2472
2473 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2474 if (!cmd) {
90e70454 2475 err = -ENOMEM;
890ea898
JH		 2476 goto failed;
2477 }
2478
2479 err = 0;
2aeb9a1a
JH		 2480
2481failed:
09fd0de5 2482 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2483 return err;
2484}
2485
24b78d0f
JH		 2486static bool enable_service_cache(struct hci_dev *hdev)
2487{
2488 if (!hdev_is_powered(hdev))
2489 return false;
2490
2491 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2492 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2493 CACHE_TIMEOUT);
24b78d0f
JH		 2494 return true;
2495 }
2496
2497 return false;
2498}
2499
1904a853 2500static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2501{
2502 BT_DBG("status 0x%02x", status);
2503
2504 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2505}
2506
bdb6d971 2507static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2508 u16 len)
2aeb9a1a 2509{
650f726d 2510 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2511 struct mgmt_pending_cmd *cmd;
056341c8 2512 struct bt_uuid *match, *tmp;
2aeb9a1a 2513 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2514 struct hci_request req;
2aeb9a1a
JH		 2515 int err, found;
2516
bdb6d971 2517 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2518
09fd0de5 2519 hci_dev_lock(hdev);
2aeb9a1a 2520
0cab9c80 2521 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2522 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2523 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2524 goto unlock;
2525 }
2526
2aeb9a1a 2527 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2528 hci_uuids_clear(hdev);
4004b6d9 2529
24b78d0f 2530 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2531 err = mgmt_cmd_complete(sk, hdev->id,
2532 MGMT_OP_REMOVE_UUID,
2533 0, hdev->dev_class, 3);
24b78d0f
JH		 2534 goto unlock;
2535 }
4004b6d9 2536
9246a869 2537 goto update_class;
2aeb9a1a
JH		 2538 }
2539
2540 found = 0;
2541
056341c8 2542 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2543 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2544 continue;
2545
2546 list_del(&match->list);
482049f7 2547 kfree(match);
2aeb9a1a
JH		 2548 found++;
2549 }
2550
2551 if (found == 0) {
a69e8375
JH		 2552 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2553 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2554 goto unlock;
2555 }
2556
9246a869 2557update_class:
890ea898 2558 hci_req_init(&req, hdev);
1aff6f09 2559
890ea898
JH		 2560 update_class(&req);
2561 update_eir(&req);
2562
92da6097
JH		 2563 err = hci_req_run(&req, remove_uuid_complete);
2564 if (err < 0) {
2565 if (err != -ENODATA)
2566 goto unlock;
80a1e1db 2567
2a1afb5a
JH		 2568 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2569 hdev->dev_class, 3);
90e70454
JH		 2570 goto unlock;
2571 }
2572
2573 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2574 if (!cmd) {
90e70454 2575 err = -ENOMEM;
890ea898
JH		 2576 goto unlock;
2577 }
2578
2579 err = 0;
2aeb9a1a
JH		 2580
2581unlock:
09fd0de5 2582 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2583 return err;
2584}
2585
1904a853 2586static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2587{
2588 BT_DBG("status 0x%02x", status);
2589
2590 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2591}
2592
bdb6d971 2593static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2594 u16 len)
1aff6f09 2595{
650f726d 2596 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2597 struct mgmt_pending_cmd *cmd;
890ea898 2598 struct hci_request req;
1aff6f09
JH		 2599 int err;
2600
bdb6d971 2601 BT_DBG("request for %s", hdev->name);
1aff6f09 2602
6203fc98 2603 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2604 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2605 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2606
0cab9c80 2607 hci_dev_lock(hdev);
ee98f473 2608
0cab9c80 2609 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2610 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2611 MGMT_STATUS_BUSY);
0cab9c80
JH		 2612 goto unlock;
2613 }
c95f0ba7 2614
0cab9c80 2615 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2616 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2617 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2618 goto unlock;
2619 }
575b3a02 2620
932f5ff5
JH		 2621 hdev->major_class = cp->major;
2622 hdev->minor_class = cp->minor;
2623
b5235a65 2624 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2625 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2626 hdev->dev_class, 3);
b5235a65
JH		 2627 goto unlock;
2628 }
2629
890ea898
JH		 2630 hci_req_init(&req, hdev);
2631
a8b2d5c2 2632 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2633 hci_dev_unlock(hdev);
2634 cancel_delayed_work_sync(&hdev->service_cache);
2635 hci_dev_lock(hdev);
890ea898 2636 update_eir(&req);
7d78525d 2637 }
14c0b608 2638
890ea898
JH		 2639 update_class(&req);
2640
92da6097
JH		 2641 err = hci_req_run(&req, set_class_complete);
2642 if (err < 0) {
2643 if (err != -ENODATA)
2644 goto unlock;
1aff6f09 2645
2a1afb5a
JH		 2646 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2647 hdev->dev_class, 3);
90e70454
JH		 2648 goto unlock;
2649 }
2650
2651 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2652 if (!cmd) {
90e70454 2653 err = -ENOMEM;
890ea898
JH		 2654 goto unlock;
2655 }
2656
2657 err = 0;
1aff6f09 2658
b5235a65 2659unlock:
09fd0de5 2660 hci_dev_unlock(hdev);
1aff6f09
JH		 2661 return err;
2662}
2663
bdb6d971 2664static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2665 u16 len)
55ed8ca1 2666{
650f726d 2667 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2668 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2669 sizeof(struct mgmt_link_key_info));
4e51eae9 2670 u16 key_count, expected_len;
b1de97d8 2671 bool changed;
a492cd52 2672 int i;
55ed8ca1 2673
9060d5cf
MH		 2674 BT_DBG("request for %s", hdev->name);
2675
2676 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2677 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2678 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2679
1f350c87 2680 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2681 if (key_count > max_key_count) {
2682 BT_ERR("load_link_keys: too big key_count value %u",
2683 key_count);
a69e8375
JH		 2684 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2685 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2686 }
55ed8ca1 2687
86742e1e
JH		 2688 expected_len = sizeof(*cp) + key_count *
2689 sizeof(struct mgmt_link_key_info);
a492cd52 2690 if (expected_len != len) {
86742e1e 2691 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2692 expected_len, len);
a69e8375
JH		 2693 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2694 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2695 }
2696
4ae14301 2697 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2698 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2699 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2700
bdb6d971 2701 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2702 key_count);
55ed8ca1 2703
4ee71b20
JH		 2704 for (i = 0; i < key_count; i++) {
2705 struct mgmt_link_key_info *key = &cp->keys[i];
2706
8e991132 2707 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2708 return mgmt_cmd_status(sk, hdev->id,
2709 MGMT_OP_LOAD_LINK_KEYS,
2710 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2711 }
2712
09fd0de5 2713 hci_dev_lock(hdev);
55ed8ca1
JH		 2714
2715 hci_link_keys_clear(hdev);
2716
55ed8ca1 2717 if (cp->debug_keys)
0663b297
JH		 2718 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2719 &hdev->dev_flags);
55ed8ca1 2720 else
0663b297
JH		 2721 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2722 &hdev->dev_flags);
b1de97d8
MH		 2723
2724 if (changed)
2725 new_settings(hdev, NULL);
55ed8ca1 2726
a492cd52 2727 for (i = 0; i < key_count; i++) {
86742e1e 2728 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2729
58e9293c
JH		 2730 /* Always ignore debug keys and require a new pairing if
2731 * the user wants to use them.
2732 */
2733 if (key->type == HCI_LK_DEBUG_COMBINATION)
2734 continue;
2735
7652ff6a
JH		 2736 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2737 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2738 }
2739
2a1afb5a 2740 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2741
09fd0de5 2742 hci_dev_unlock(hdev);
55ed8ca1 2743
a492cd52 2744 return 0;
55ed8ca1
JH		 2745}
2746
b1078ad0 2747static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2748 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2749{
2750 struct mgmt_ev_device_unpaired ev;
2751
2752 bacpy(&ev.addr.bdaddr, bdaddr);
2753 ev.addr.type = addr_type;
2754
2755 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2756 skip_sk);
b1078ad0
JH		 2757}
2758
bdb6d971 2759static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2760 u16 len)
55ed8ca1 2761{
124f6e35
JH		 2762 struct mgmt_cp_unpair_device *cp = data;
2763 struct mgmt_rp_unpair_device rp;
a8a1d19e 2764 struct hci_cp_disconnect dc;
3b0602cd 2765 struct mgmt_pending_cmd *cmd;
55ed8ca1 2766 struct hci_conn *conn;
55ed8ca1
JH		 2767 int err;
2768
a8a1d19e 2769 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2770 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2771 rp.addr.type = cp->addr.type;
a8a1d19e 2772
4ee71b20 2773 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2774 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2775 MGMT_STATUS_INVALID_PARAMS,
2776 &rp, sizeof(rp));
4ee71b20 2777
118da70b 2778 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2779 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2780 MGMT_STATUS_INVALID_PARAMS,
2781 &rp, sizeof(rp));
118da70b 2782
4ee71b20
JH		 2783 hci_dev_lock(hdev);
2784
86a8cfc6 2785 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2786 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2787 MGMT_STATUS_NOT_POWERED, &rp,
2788 sizeof(rp));
86a8cfc6
JH		 2789 goto unlock;
2790 }
2791
e0b2b27e 2792 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2793 /* If disconnection is requested, then look up the
2794 * connection. If the remote device is connected, it
2795 * will be later used to terminate the link.
2796 *
2797 * Setting it to NULL explicitly will cause no
2798 * termination of the link.
2799 */
2800 if (cp->disconnect)
2801 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2802 &cp->addr.bdaddr);
2803 else
2804 conn = NULL;
2805
124f6e35 2806 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2807 } else {
2808 u8 addr_type;
2809
89cbb063
AA		 2810 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2811 &cp->addr.bdaddr);
2812 if (conn) {
2813 /* Defer clearing up the connection parameters
2814 * until closing to give a chance of keeping
2815 * them if a repairing happens.
2816 */
2817 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2818
2819 /* If disconnection is not requested, then
2820 * clear the connection variable so that the
2821 * link is not terminated.
2822 */
2823 if (!cp->disconnect)
2824 conn = NULL;
2825 }
2826
e0b2b27e
JH		 2827 if (cp->addr.type == BDADDR_LE_PUBLIC)
2828 addr_type = ADDR_LE_DEV_PUBLIC;
2829 else
2830 addr_type = ADDR_LE_DEV_RANDOM;
2831
a7ec7338
JH		 2832 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2833
e0b2b27e
JH		 2834 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2835 }
b0dbfb46 2836
55ed8ca1 2837 if (err < 0) {
2a1afb5a
JH		 2838 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2839 MGMT_STATUS_NOT_PAIRED, &rp,
2840 sizeof(rp));
55ed8ca1
JH		 2841 goto unlock;
2842 }
2843
89cbb063
AA		 2844 /* If the connection variable is set, then termination of the
2845 * link is requested.
2846 */
a8a1d19e 2847 if (!conn) {
2a1afb5a
JH		 2848 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2849 &rp, sizeof(rp));
b1078ad0 2850 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2851 goto unlock;
2852 }
55ed8ca1 2853
124f6e35 2854 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2855 sizeof(*cp));
a8a1d19e
JH		 2856 if (!cmd) {
2857 err = -ENOMEM;
2858 goto unlock;
55ed8ca1
JH		 2859 }
2860
d8b7b1e4
JH		 2861 cmd->cmd_complete = addr_cmd_complete;
2862
eb55ef07 2863 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2864 dc.reason = 0x13; /* Remote User Terminated Connection */
2865 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2866 if (err < 0)
2867 mgmt_pending_remove(cmd);
2868
55ed8ca1 2869unlock:
09fd0de5 2870 hci_dev_unlock(hdev);
55ed8ca1
JH		 2871 return err;
2872}
2873
bdb6d971 2874static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2875 u16 len)
8962ee74 2876{
650f726d 2877 struct mgmt_cp_disconnect *cp = data;
06a63b19 2878 struct mgmt_rp_disconnect rp;
3b0602cd 2879 struct mgmt_pending_cmd *cmd;
8962ee74 2880 struct hci_conn *conn;
8962ee74
JH		 2881 int err;
2882
2883 BT_DBG("");
2884
06a63b19
JH		 2885 memset(&rp, 0, sizeof(rp));
2886 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2887 rp.addr.type = cp->addr.type;
2888
4ee71b20 2889 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2890 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2891 MGMT_STATUS_INVALID_PARAMS,
2892 &rp, sizeof(rp));
4ee71b20 2893
09fd0de5 2894 hci_dev_lock(hdev);
8962ee74
JH		 2895
2896 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2897 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2898 MGMT_STATUS_NOT_POWERED, &rp,
2899 sizeof(rp));
8962ee74
JH		 2900 goto failed;
2901 }
2902
2e58ef3e 2903 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2904 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2905 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2906 goto failed;
2907 }
2908
591f47f3 2909 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2910 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2911 &cp->addr.bdaddr);
88c3df13
JH		 2912 else
2913 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2914
f960727e 2915 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2916 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2917 MGMT_STATUS_NOT_CONNECTED, &rp,
2918 sizeof(rp));
8962ee74
JH		 2919 goto failed;
2920 }
2921
2e58ef3e 2922 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2923 if (!cmd) {
2924 err = -ENOMEM;
8962ee74 2925 goto failed;
366a0336 2926 }
8962ee74 2927
f5818c22
JH		 2928 cmd->cmd_complete = generic_cmd_complete;
2929
e3f2f92a 2930 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2931 if (err < 0)
a664b5bc 2932 mgmt_pending_remove(cmd);
8962ee74
JH		 2933
2934failed:
09fd0de5 2935 hci_dev_unlock(hdev);
8962ee74
JH		 2936 return err;
2937}
2938
57c1477c 2939static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2940{
2941 switch (link_type) {
2942 case LE_LINK:
48264f06
JH		 2943 switch (addr_type) {
2944 case ADDR_LE_DEV_PUBLIC:
591f47f3 2945 return BDADDR_LE_PUBLIC;
0ed09148 2946
48264f06 2947 default:
0ed09148 2948 /* Fallback to LE Random address type */
591f47f3 2949 return BDADDR_LE_RANDOM;
48264f06 2950 }
0ed09148 2951
4c659c39 2952 default:
0ed09148 2953 /* Fallback to BR/EDR type */
591f47f3 2954 return BDADDR_BREDR;
4c659c39
JH		 2955 }
2956}
2957
04124681
GP		 2958static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2959 u16 data_len)
2784eb41 2960{
2784eb41 2961 struct mgmt_rp_get_connections *rp;
8035ded4 2962 struct hci_conn *c;
a38528f1 2963 size_t rp_len;
60fc5fb6
JH		 2964 int err;
2965 u16 i;
2784eb41
JH		 2966
2967 BT_DBG("");
2968
09fd0de5 2969 hci_dev_lock(hdev);
2784eb41 2970
5f97c1df 2971 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2972 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2973 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2974 goto unlock;
2975 }
2976
60fc5fb6 2977 i = 0;
b644ba33
JH		 2978 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2979 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2980 i++;
2784eb41
JH		 2981 }
2982
60fc5fb6 2983 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2984 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2985 if (!rp) {
2784eb41
JH		 2986 err = -ENOMEM;
2987 goto unlock;
2988 }
2989
2784eb41 2990 i = 0;
4c659c39 2991 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2992 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2993 continue;
4c659c39 2994 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2995 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2996 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2997 continue;
2998 i++;
2999 }
3000
eb55ef07 3001 rp->conn_count = cpu_to_le16(i);
60fc5fb6 3002
4c659c39
JH		 3003 /* Recalculate length in case of filtered SCO connections, etc */
3004 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 3005
2a1afb5a
JH		 3006 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3007 rp_len);
2784eb41 3008
a38528f1 3009 kfree(rp);
5f97c1df
JH		 3010
3011unlock:
09fd0de5 3012 hci_dev_unlock(hdev);
2784eb41
JH		 3013 return err;
3014}
3015
bdb6d971 3016static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3017 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 3018{
3b0602cd 3019 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 3020 int err;
3021
2e58ef3e 3022 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 3023 sizeof(*cp));
96d97a67
WR		 3024 if (!cmd)
3025 return -ENOMEM;
3026
d8457698 3027 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 3028 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 3029 if (err < 0)
3030 mgmt_pending_remove(cmd);
3031
3032 return err;
3033}
3034
bdb6d971 3035static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3036 u16 len)
980e1a53 3037{
96d97a67 3038 struct hci_conn *conn;
650f726d 3039 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3040 struct hci_cp_pin_code_reply reply;
3b0602cd 3041 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3042 int err;
3043
3044 BT_DBG("");
3045
09fd0de5 3046 hci_dev_lock(hdev);
980e1a53 3047
4b34ee78 3048 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3049 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3050 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3051 goto failed;
3052 }
3053
d8457698 3054 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3055 if (!conn) {
a69e8375
JH		 3056 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3057 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3058 goto failed;
3059 }
3060
3061 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3062 struct mgmt_cp_pin_code_neg_reply ncp;
3063
3064 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3065
3066 BT_ERR("PIN code is not 16 bytes long");
3067
bdb6d971 3068 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3069 if (err >= 0)
a69e8375
JH		 3070 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3071 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3072
3073 goto failed;
3074 }
3075
00abfe44 3076 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3077 if (!cmd) {
3078 err = -ENOMEM;
980e1a53 3079 goto failed;
366a0336 3080 }
980e1a53 3081
7776d1d8
JH		 3082 cmd->cmd_complete = addr_cmd_complete;
3083
d8457698 3084 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3085 reply.pin_len = cp->pin_len;
24718ca5 3086 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3087
3088 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3089 if (err < 0)
a664b5bc 3090 mgmt_pending_remove(cmd);
980e1a53
JH		 3091
3092failed:
09fd0de5 3093 hci_dev_unlock(hdev);
980e1a53
JH		 3094 return err;
3095}
3096
04124681
GP		 3097static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3098 u16 len)
17fa4b9d 3099{
650f726d 3100 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3101
3102 BT_DBG("");
3103
4ec86d4c 3104 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3105 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3106 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 3107
09fd0de5 3108 hci_dev_lock(hdev);
17fa4b9d
JH		 3109
3110 hdev->io_capability = cp->io_capability;
3111
3112 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3113 hdev->io_capability);
17fa4b9d 3114
09fd0de5 3115 hci_dev_unlock(hdev);
17fa4b9d 3116
2a1afb5a
JH		 3117 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3118 NULL, 0);
17fa4b9d
JH		 3119}
3120
3b0602cd 3121static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3122{
3123 struct hci_dev *hdev = conn->hdev;
3b0602cd 3124 struct mgmt_pending_cmd *cmd;
e9a416b5 3125
2e58ef3e 3126 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3127 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3128 continue;
3129
e9a416b5
JH		 3130 if (cmd->user_data != conn)
3131 continue;
3132
3133 return cmd;
3134 }
3135
3136 return NULL;
3137}
3138
3b0602cd 3139static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3140{
3141 struct mgmt_rp_pair_device rp;
3142 struct hci_conn *conn = cmd->user_data;
9df74653 3143 int err;
e9a416b5 3144
61b1a7fb
JH		 3145 bacpy(&rp.addr.bdaddr, &conn->dst);
3146 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3147
2a1afb5a
JH		 3148 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3149 status, &rp, sizeof(rp));
e9a416b5
JH		 3150
3151 /* So we don't get further callbacks for this connection */
3152 conn->connect_cfm_cb = NULL;
3153 conn->security_cfm_cb = NULL;
3154 conn->disconn_cfm_cb = NULL;
3155
76a68ba0 3156 hci_conn_drop(conn);
89cbb063
AA		 3157
3158 /* The device is paired so there is no need to remove
3159 * its connection parameters anymore.
3160 */
3161 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3162
3163 hci_conn_put(conn);
9df74653
JH		 3164
3165 return err;
e9a416b5
JH		 3166}
3167
f4a407be
JH		 3168void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3169{
3170 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3171 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3172
3173 cmd = find_pairing(conn);
a511b35b 3174 if (cmd) {
04ab2749 3175 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3176 mgmt_pending_remove(cmd);
3177 }
f4a407be
JH		 3178}
3179
e9a416b5
JH		 3180static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3181{
3b0602cd 3182 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3183
3184 BT_DBG("status %u", status);
3185
3186 cmd = find_pairing(conn);
a511b35b 3187 if (!cmd) {
e9a416b5 3188 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3189 return;
3190 }
3191
3192 cmd->cmd_complete(cmd, mgmt_status(status));
3193 mgmt_pending_remove(cmd);
e9a416b5
JH		 3194}
3195
f4a407be 3196static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3197{
3b0602cd 3198 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3199
3200 BT_DBG("status %u", status);
3201
3202 if (!status)
3203 return;
3204
3205 cmd = find_pairing(conn);
a511b35b 3206 if (!cmd) {
4c47d739 3207 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3208 return;
3209 }
3210
3211 cmd->cmd_complete(cmd, mgmt_status(status));
3212 mgmt_pending_remove(cmd);
4c47d739
VA		 3213}
3214
bdb6d971 3215static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3216 u16 len)
e9a416b5 3217{
650f726d 3218 struct mgmt_cp_pair_device *cp = data;
1425acb7 3219 struct mgmt_rp_pair_device rp;
3b0602cd 3220 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3221 u8 sec_level, auth_type;
3222 struct hci_conn *conn;
e9a416b5
JH		 3223 int err;
3224
3225 BT_DBG("");
3226
f950a30e
SJ		 3227 memset(&rp, 0, sizeof(rp));
3228 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3229 rp.addr.type = cp->addr.type;
3230
4ee71b20 3231 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3232 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3233 MGMT_STATUS_INVALID_PARAMS,
3234 &rp, sizeof(rp));
4ee71b20 3235
4ec86d4c 3236 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3237 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3238 MGMT_STATUS_INVALID_PARAMS,
3239 &rp, sizeof(rp));
4ec86d4c 3240
09fd0de5 3241 hci_dev_lock(hdev);
e9a416b5 3242
5f97c1df 3243 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3244 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3245 MGMT_STATUS_NOT_POWERED, &rp,
3246 sizeof(rp));
5f97c1df
JH		 3247 goto unlock;
3248 }
3249
55e76b38
JH		 3250 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3251 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3252 MGMT_STATUS_ALREADY_PAIRED, &rp,
3253 sizeof(rp));
3254 goto unlock;
3255 }
3256
c908df36 3257 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3258 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3259
6f77d8c7 3260 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3261 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3262 auth_type);
6f77d8c7
AG		 3263 } else {
3264 u8 addr_type;
3265
3266 /* Convert from L2CAP channel address type to HCI address type
3267 */
3268 if (cp->addr.type == BDADDR_LE_PUBLIC)
3269 addr_type = ADDR_LE_DEV_PUBLIC;
3270 else
3271 addr_type = ADDR_LE_DEV_RANDOM;
3272
7c264b10
MH		 3273 /* When pairing a new device, it is expected to remember
3274 * this device for future connections. Adding the connection
3275 * parameter information ahead of time allows tracking
3276 * of the slave preferred values and will speed up any
3277 * further connection establishment.
3278 *
3279 * If connection parameters already exist, then they
3280 * will be kept and this function does nothing.
3281 */
3282 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3283
6f77d8c7 3284 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3285 sec_level, HCI_LE_CONN_TIMEOUT,
3286 HCI_ROLE_MASTER);
6f77d8c7 3287 }
7a512d01 3288
30e76272 3289 if (IS_ERR(conn)) {
489dc48e
AK		 3290 int status;
3291
3292 if (PTR_ERR(conn) == -EBUSY)
3293 status = MGMT_STATUS_BUSY;
faa81030
LR		 3294 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3295 status = MGMT_STATUS_NOT_SUPPORTED;
3296 else if (PTR_ERR(conn) == -ECONNREFUSED)
3297 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3298 else
3299 status = MGMT_STATUS_CONNECT_FAILED;
3300
2a1afb5a
JH		 3301 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3302 status, &rp, sizeof(rp));
e9a416b5
JH		 3303 goto unlock;
3304 }
3305
3306 if (conn->connect_cfm_cb) {
76a68ba0 3307 hci_conn_drop(conn);
2a1afb5a
JH		 3308 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3309 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3310 goto unlock;
3311 }
3312
2e58ef3e 3313 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3314 if (!cmd) {
3315 err = -ENOMEM;
76a68ba0 3316 hci_conn_drop(conn);
e9a416b5
JH		 3317 goto unlock;
3318 }
3319
04ab2749
JH		 3320 cmd->cmd_complete = pairing_complete;
3321
7a512d01 3322 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3323 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3324 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3325 conn->security_cfm_cb = pairing_complete_cb;
3326 conn->disconn_cfm_cb = pairing_complete_cb;
3327 } else {
3328 conn->connect_cfm_cb = le_pairing_complete_cb;
3329 conn->security_cfm_cb = le_pairing_complete_cb;
3330 conn->disconn_cfm_cb = le_pairing_complete_cb;
3331 }
7a512d01 3332
e9a416b5 3333 conn->io_capability = cp->io_cap;
f8aaf9b6 3334 cmd->user_data = hci_conn_get(conn);
e9a416b5 3335
6f78fd4b 3336 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3337 hci_conn_security(conn, sec_level, auth_type, true)) {
3338 cmd->cmd_complete(cmd, 0);
3339 mgmt_pending_remove(cmd);
3340 }
e9a416b5
JH		 3341
3342 err = 0;
3343
3344unlock:
09fd0de5 3345 hci_dev_unlock(hdev);
e9a416b5
JH		 3346 return err;
3347}
3348
04124681
GP		 3349static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3350 u16 len)
28424707 3351{
0f4e68cf 3352 struct mgmt_addr_info *addr = data;
3b0602cd 3353 struct mgmt_pending_cmd *cmd;
28424707
JH		 3354 struct hci_conn *conn;
3355 int err;
3356
3357 BT_DBG("");
3358
28424707
JH		 3359 hci_dev_lock(hdev);
3360
5f97c1df 3361 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3362 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3363 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3364 goto unlock;
3365 }
3366
28424707
JH		 3367 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3368 if (!cmd) {
a69e8375
JH		 3369 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3370 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3371 goto unlock;
3372 }
3373
3374 conn = cmd->user_data;
3375
3376 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3377 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3378 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3379 goto unlock;
3380 }
3381
a511b35b
JH		 3382 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3383 mgmt_pending_remove(cmd);
28424707 3384
2a1afb5a
JH		 3385 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3386 addr, sizeof(*addr));
28424707
JH		 3387unlock:
3388 hci_dev_unlock(hdev);
28424707
JH		 3389 return err;
3390}
3391
bdb6d971 3392static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3393 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3394 u16 hci_op, __le32 passkey)
a5c29683 3395{
3b0602cd 3396 struct mgmt_pending_cmd *cmd;
0df4c185 3397 struct hci_conn *conn;
a5c29683
JH		 3398 int err;
3399
09fd0de5 3400 hci_dev_lock(hdev);
08ba5382 3401
4b34ee78 3402 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3403 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3404 MGMT_STATUS_NOT_POWERED, addr,
3405 sizeof(*addr));
0df4c185 3406 goto done;
a5c29683
JH		 3407 }
3408
1707c60e
JH		 3409 if (addr->type == BDADDR_BREDR)
3410 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3411 else
1707c60e 3412 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3413
3414 if (!conn) {
2a1afb5a
JH		 3415 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3416 MGMT_STATUS_NOT_CONNECTED, addr,
3417 sizeof(*addr));
272d90df
JH		 3418 goto done;
3419 }
47c15e2b 3420
1707c60e 3421 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3422 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3423 if (!err)
2a1afb5a
JH		 3424 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3425 MGMT_STATUS_SUCCESS, addr,
3426 sizeof(*addr));
5fe57d9e 3427 else
2a1afb5a
JH		 3428 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3429 MGMT_STATUS_FAILED, addr,
3430 sizeof(*addr));
47c15e2b 3431
47c15e2b
BG		 3432 goto done;
3433 }
3434
1707c60e 3435 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3436 if (!cmd) {
3437 err = -ENOMEM;
0df4c185 3438 goto done;
a5c29683
JH		 3439 }
3440
7776d1d8
JH		 3441 cmd->cmd_complete = addr_cmd_complete;
3442
0df4c185 3443 /* Continue with pairing via HCI */
604086b7
BG		 3444 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3445 struct hci_cp_user_passkey_reply cp;
3446
1707c60e 3447 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3448 cp.passkey = passkey;
3449 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3450 } else
1707c60e
JH		 3451 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3452 &addr->bdaddr);
604086b7 3453
a664b5bc
JH		 3454 if (err < 0)
3455 mgmt_pending_remove(cmd);
a5c29683 3456
0df4c185 3457done:
09fd0de5 3458 hci_dev_unlock(hdev);
a5c29683
JH		 3459 return err;
3460}
3461
afeb019d
JK		 3462static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3463 void *data, u16 len)
3464{
3465 struct mgmt_cp_pin_code_neg_reply *cp = data;
3466
3467 BT_DBG("");
3468
1707c60e 3469 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3470 MGMT_OP_PIN_CODE_NEG_REPLY,
3471 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3472}
3473
04124681
GP		 3474static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3475 u16 len)
0df4c185 3476{
650f726d 3477 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3478
3479 BT_DBG("");
3480
3481 if (len != sizeof(*cp))
a69e8375
JH		 3482 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3483 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3484
1707c60e 3485 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3486 MGMT_OP_USER_CONFIRM_REPLY,
3487 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3488}
3489
bdb6d971 3490static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3491 void *data, u16 len)
0df4c185 3492{
c9c2659f 3493 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3494
3495 BT_DBG("");
3496
1707c60e 3497 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3498 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3499 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3500}
3501
04124681
GP		 3502static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3503 u16 len)
604086b7 3504{
650f726d 3505 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3506
3507 BT_DBG("");
3508
1707c60e 3509 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3510 MGMT_OP_USER_PASSKEY_REPLY,
3511 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3512}
3513
bdb6d971 3514static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3515 void *data, u16 len)
604086b7 3516{
650f726d 3517 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3518
3519 BT_DBG("");
3520
1707c60e 3521 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3522 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3523 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3524}
3525
13928971 3526static void update_name(struct hci_request *req)
2b4bf397 3527{
13928971 3528 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3529 struct hci_cp_write_local_name cp;
3530
13928971 3531 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3532
890ea898 3533 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3534}
3535
1904a853 3536static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3537{
3538 struct mgmt_cp_set_local_name *cp;
3b0602cd 3539 struct mgmt_pending_cmd *cmd;
13928971
JH		 3540
3541 BT_DBG("status 0x%02x", status);
3542
3543 hci_dev_lock(hdev);
3544
3545 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3546 if (!cmd)
3547 goto unlock;
3548
3549 cp = cmd->param;
3550
3551 if (status)
a69e8375
JH		 3552 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3553 mgmt_status(status));
13928971 3554 else
2a1afb5a
JH		 3555 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3556 cp, sizeof(*cp));
13928971
JH		 3557
3558 mgmt_pending_remove(cmd);
3559
3560unlock:
3561 hci_dev_unlock(hdev);
3562}
3563
bdb6d971 3564static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3565 u16 len)
b312b161 3566{
2b4bf397 3567 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3568 struct mgmt_pending_cmd *cmd;
890ea898 3569 struct hci_request req;
b312b161
JH		 3570 int err;
3571
3572 BT_DBG("");
3573
09fd0de5 3574 hci_dev_lock(hdev);
b312b161 3575
b3f2ca94
JH		 3576 /* If the old values are the same as the new ones just return a
3577 * direct command complete event.
3578 */
3579 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3580 !memcmp(hdev->short_name, cp->short_name,
3581 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3582 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3583 data, len);
b3f2ca94
JH		 3584 goto failed;
3585 }
3586
2b4bf397 3587 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3588
b5235a65 3589 if (!hdev_is_powered(hdev)) {
2b4bf397 3590 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3591
2a1afb5a
JH		 3592 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3593 data, len);
28cc7bde
JH		 3594 if (err < 0)
3595 goto failed;
3596
3597 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3598 sk);
28cc7bde 3599
b5235a65
JH		 3600 goto failed;
3601 }
3602
28cc7bde 3603 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3604 if (!cmd) {
3605 err = -ENOMEM;
3606 goto failed;
3607 }
3608
13928971
JH		 3609 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3610
890ea898 3611 hci_req_init(&req, hdev);
3f985050
JH		 3612
3613 if (lmp_bredr_capable(hdev)) {
3614 update_name(&req);
3615 update_eir(&req);
3616 }
3617
7a5f4990
MH		 3618 /* The name is stored in the scan response data and so
3619 * no need to udpate the advertising data here.
3620 */
3f985050 3621 if (lmp_le_capable(hdev))
7a5f4990 3622 update_scan_rsp_data(&req);
3f985050 3623
13928971 3624 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3625 if (err < 0)
3626 mgmt_pending_remove(cmd);
3627
3628failed:
09fd0de5 3629 hci_dev_unlock(hdev);
b312b161
JH		 3630 return err;
3631}
3632
0f4e68cf 3633static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3634 void *data, u16 data_len)
c35938b2 3635{
3b0602cd 3636 struct mgmt_pending_cmd *cmd;
c35938b2
SJ		 3637 int err;
3638
bdb6d971 3639 BT_DBG("%s", hdev->name);
c35938b2 3640
09fd0de5 3641 hci_dev_lock(hdev);
c35938b2 3642
4b34ee78 3643 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3644 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3645 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3646 goto unlock;
3647 }
3648
9a1a1996 3649 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3650 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3651 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3652 goto unlock;
3653 }
3654
2e58ef3e 3655 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3656 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3657 MGMT_STATUS_BUSY);
c35938b2
SJ		 3658 goto unlock;
3659 }
3660
2e58ef3e 3661 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3662 if (!cmd) {
3663 err = -ENOMEM;
3664 goto unlock;
3665 }
3666
710f11c0 3667 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3668 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3669 0, NULL);
3670 else
3671 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3672
c35938b2
SJ		 3673 if (err < 0)
3674 mgmt_pending_remove(cmd);
3675
3676unlock:
09fd0de5 3677 hci_dev_unlock(hdev);
c35938b2
SJ		 3678 return err;
3679}
3680
bdb6d971 3681static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3682 void *data, u16 len)
2763eda6 3683{
5d57e796 3684 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3685 int err;
3686
bdb6d971 3687 BT_DBG("%s ", hdev->name);
2763eda6 3688
5d57e796 3689 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3690 return mgmt_cmd_complete(sk, hdev->id,
3691 MGMT_OP_ADD_REMOTE_OOB_DATA,
3692 MGMT_STATUS_INVALID_PARAMS,
3693 addr, sizeof(*addr));
5d57e796 3694
09fd0de5 3695 hci_dev_lock(hdev);
2763eda6 3696
ec109113
MH		 3697 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3698 struct mgmt_cp_add_remote_oob_data *cp = data;
3699 u8 status;
bf1e3541 3700
c19a495c 3701 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3702 err = mgmt_cmd_complete(sk, hdev->id,
3703 MGMT_OP_ADD_REMOTE_OOB_DATA,
3704 MGMT_STATUS_INVALID_PARAMS,
3705 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3706 goto unlock;
3707 }
3708
ec109113 3709 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3710 cp->addr.type, cp->hash,
3711 cp->rand, NULL, NULL);
ec109113
MH		 3712 if (err < 0)
3713 status = MGMT_STATUS_FAILED;
3714 else
3715 status = MGMT_STATUS_SUCCESS;
3716
2a1afb5a
JH		 3717 err = mgmt_cmd_complete(sk, hdev->id,
3718 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3719 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3720 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3721 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3722 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3723 u8 status;
3724
86df9200 3725 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3726 /* Enforce zero-valued 192-bit parameters as
3727 * long as legacy SMP OOB isn't implemented.
3728 */
3729 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3730 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3731 err = mgmt_cmd_complete(sk, hdev->id,
3732 MGMT_OP_ADD_REMOTE_OOB_DATA,
3733 MGMT_STATUS_INVALID_PARAMS,
3734 addr, sizeof(*addr));
d25b78e2
JH		 3735 goto unlock;
3736 }
3737
86df9200
JH		 3738 rand192 = NULL;
3739 hash192 = NULL;
3740 } else {
41bcfd50
MH		 3741 /* In case one of the P-192 values is set to zero,
3742 * then just disable OOB data for P-192.
3743 */
3744 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3745 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3746 rand192 = NULL;
3747 hash192 = NULL;
3748 } else {
3749 rand192 = cp->rand192;
3750 hash192 = cp->hash192;
3751 }
3752 }
3753
3754 /* In case one of the P-256 values is set to zero, then just
3755 * disable OOB data for P-256.
3756 */
3757 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3758 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3759 rand256 = NULL;
3760 hash256 = NULL;
3761 } else {
3762 rand256 = cp->rand256;
3763 hash256 = cp->hash256;
86df9200
JH		 3764 }
3765
81328d5c 3766 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3767 cp->addr.type, hash192, rand192,
41bcfd50 3768 hash256, rand256);
ec109113
MH		 3769 if (err < 0)
3770 status = MGMT_STATUS_FAILED;
3771 else
3772 status = MGMT_STATUS_SUCCESS;
3773
2a1afb5a
JH		 3774 err = mgmt_cmd_complete(sk, hdev->id,
3775 MGMT_OP_ADD_REMOTE_OOB_DATA,
3776 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3777 } else {
3778 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3779 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3780 MGMT_STATUS_INVALID_PARAMS);
ec109113 3781 }
2763eda6 3782
c19a495c 3783unlock:
09fd0de5 3784 hci_dev_unlock(hdev);
2763eda6
SJ		 3785 return err;
3786}
3787
bdb6d971 3788static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3789 void *data, u16 len)
2763eda6 3790{
650f726d 3791 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3792 u8 status;
2763eda6
SJ		 3793 int err;
3794
bdb6d971 3795 BT_DBG("%s", hdev->name);
2763eda6 3796
c19a495c 3797 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3798 return mgmt_cmd_complete(sk, hdev->id,
3799 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3800 MGMT_STATUS_INVALID_PARAMS,
3801 &cp->addr, sizeof(cp->addr));
c19a495c 3802
09fd0de5 3803 hci_dev_lock(hdev);
2763eda6 3804
eedbd581
JH		 3805 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3806 hci_remote_oob_data_clear(hdev);
3807 status = MGMT_STATUS_SUCCESS;
3808 goto done;
3809 }
3810
6928a924 3811 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3812 if (err < 0)
bf1e3541 3813 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3814 else
a6785be2 3815 status = MGMT_STATUS_SUCCESS;
bf1e3541 3816
eedbd581 3817done:
2a1afb5a
JH		 3818 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3819 status, &cp->addr, sizeof(cp->addr));
2763eda6 3820
09fd0de5 3821 hci_dev_unlock(hdev);
2763eda6
SJ		 3822 return err;
3823}
3824
8019044d 3825static bool trigger_discovery(struct hci_request *req, u8 *status)
41dc2bd6 3826{
8019044d
MH		 3827 struct hci_dev *hdev = req->hdev;
3828 struct hci_cp_le_set_scan_param param_cp;
3829 struct hci_cp_le_set_scan_enable enable_cp;
3830 struct hci_cp_inquiry inq_cp;
3831 /* General inquiry access code (GIAC) */
3832 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3833 u8 own_addr_type;
41dc2bd6
AG		 3834 int err;
3835
8019044d
MH		 3836 switch (hdev->discovery.type) {
3837 case DISCOV_TYPE_BREDR:
3838 *status = mgmt_bredr_support(hdev);
3839 if (*status)
3840 return false;
41dc2bd6 3841
8019044d
MH		 3842 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3843 *status = MGMT_STATUS_BUSY;
3844 return false;
3845 }
41dc2bd6 3846
8019044d 3847 hci_inquiry_cache_flush(hdev);
41dc2bd6 3848
8019044d
MH		 3849 memset(&inq_cp, 0, sizeof(inq_cp));
3850 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3851 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3852 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3853 break;
41dc2bd6 3854
8019044d
MH		 3855 case DISCOV_TYPE_LE:
3856 case DISCOV_TYPE_INTERLEAVED:
3857 *status = mgmt_le_support(hdev);
3858 if (*status)
3859 return false;
3860
3861 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
d7a5a11d 3862 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
8019044d
MH		 3863 *status = MGMT_STATUS_NOT_SUPPORTED;
3864 return false;
3865 }
3866
d7a5a11d 3867 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
8019044d
MH		 3868 /* Don't let discovery abort an outgoing
3869 * connection attempt that's using directed
3870 * advertising.
3871 */
3872 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3873 BT_CONNECT)) {
3874 *status = MGMT_STATUS_REJECTED;
3875 return false;
3876 }
3877
3878 disable_advertising(req);
3879 }
3880
3881 /* If controller is scanning, it means the background scanning
3882 * is running. Thus, we should temporarily stop it in order to
3883 * set the discovery scanning parameters.
3884 */
d7a5a11d 3885 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
8019044d
MH		 3886 hci_req_add_le_scan_disable(req);
3887
3888 memset(&param_cp, 0, sizeof(param_cp));
3889
3890 /* All active scans will be done with either a resolvable
3891 * private address (when privacy feature has been enabled)
9437d2ed 3892 * or non-resolvable private address.
8019044d
MH		 3893 */
3894 err = hci_update_random_address(req, true, &own_addr_type);
3895 if (err < 0) {
3896 *status = MGMT_STATUS_FAILED;
3897 return false;
3898 }
3899
3900 param_cp.type = LE_SCAN_ACTIVE;
3901 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3902 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3903 param_cp.own_address_type = own_addr_type;
3904 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3905 &param_cp);
3906
3907 memset(&enable_cp, 0, sizeof(enable_cp));
3908 enable_cp.enable = LE_SCAN_ENABLE;
3909 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3910 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3911 &enable_cp);
3912 break;
3913
3914 default:
3915 *status = MGMT_STATUS_INVALID_PARAMS;
3916 return false;
3917 }
3918
3919 return true;
41dc2bd6
AG		 3920}
3921
1904a853
MH		 3922static void start_discovery_complete(struct hci_dev *hdev, u8 status,
3923 u16 opcode)
7c307720 3924{
3b0602cd 3925 struct mgmt_pending_cmd *cmd;
11e6e25d 3926 unsigned long timeout;
ae55f598 3927
7c307720
AG		 3928 BT_DBG("status %d", status);
3929
11e6e25d 3930 hci_dev_lock(hdev);
41dc2bd6 3931
11e6e25d 3932 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427
JP		 3933 if (!cmd)
3934 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3935
11e6e25d 3936 if (cmd) {
2922a94f 3937 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3938 mgmt_pending_remove(cmd);
3939 }
7c307720
AG		 3940
3941 if (status) {
11e6e25d
MH		 3942 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3943 goto unlock;
7c307720
AG		 3944 }
3945
7c307720 3946 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720 3947
2d28cfe7
JP		 3948 /* If the scan involves LE scan, pick proper timeout to schedule
3949 * hdev->le_scan_disable that will stop it.
3950 */
7c307720
AG		 3951 switch (hdev->discovery.type) {
3952 case DISCOV_TYPE_LE:
3d5a76f0 3953 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 3954 break;
7c307720 3955 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3956 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 3957 break;
7c307720 3958 case DISCOV_TYPE_BREDR:
11e6e25d 3959 timeout = 0;
7c307720 3960 break;
7c307720
AG		 3961 default:
3962 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 3963 timeout = 0;
3964 break;
7c307720 3965 }
ae55f598 3966
2d28cfe7
JP		 3967 if (timeout) {
3968 /* When service discovery is used and the controller has
3969 * a strict duplicate filter, it is important to remember
3970 * the start and duration of the scan. This is required
3971 * for restarting scanning during the discovery phase.
3972 */
3973 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
3974 &hdev->quirks) &&
82f8b651 3975 hdev->discovery.result_filtering) {
2d28cfe7
JP		 3976 hdev->discovery.scan_start = jiffies;
3977 hdev->discovery.scan_duration = timeout;
3978 }
3979
11e6e25d
MH		 3980 queue_delayed_work(hdev->workqueue,
3981 &hdev->le_scan_disable, timeout);
2d28cfe7 3982 }
ae55f598 3983
11e6e25d
MH		 3984unlock:
3985 hci_dev_unlock(hdev);
7c307720
AG		 3986}
3987
bdb6d971 3988static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3989 void *data, u16 len)
14a53664 3990{
650f726d 3991 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 3992 struct mgmt_pending_cmd *cmd;
7c307720 3993 struct hci_request req;
8019044d 3994 u8 status;
14a53664
JH		 3995 int err;
3996
bdb6d971 3997 BT_DBG("%s", hdev->name);
14a53664 3998
09fd0de5 3999 hci_dev_lock(hdev);
14a53664 4000
4b34ee78 4001 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4002 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4003 MGMT_STATUS_NOT_POWERED,
4004 &cp->type, sizeof(cp->type));
bd2d1334
JH		 4005 goto failed;
4006 }
4007
f5a969f2 4008 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4009 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4010 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4011 MGMT_STATUS_BUSY, &cp->type,
4012 sizeof(cp->type));
642be6c7
AG		 4013 goto failed;
4014 }
4015
2922a94f 4016 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 4017 if (!cmd) {
4018 err = -ENOMEM;
4019 goto failed;
4020 }
4021
2922a94f
JH		 4022 cmd->cmd_complete = generic_cmd_complete;
4023
22078800
MH		 4024 /* Clear the discovery filter first to free any previously
4025 * allocated memory for the UUID list.
4026 */
4027 hci_discovery_filter_clear(hdev);
4028
4aab14e5 4029 hdev->discovery.type = cp->type;
da25cf6a 4030 hdev->discovery.report_invalid_rssi = false;
4aab14e5 4031
7c307720
AG		 4032 hci_req_init(&req, hdev);
4033
8019044d 4034 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4035 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4036 status, &cp->type, sizeof(cp->type));
04106755
JH		 4037 mgmt_pending_remove(cmd);
4038 goto failed;
f39799f5 4039 }
04106755 4040
7c307720 4041 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 4042 if (err < 0) {
14a53664 4043 mgmt_pending_remove(cmd);
f5a969f2
MH		 4044 goto failed;
4045 }
7c307720 4046
f5a969f2 4047 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 4048
14a53664 4049failed:
09fd0de5 4050 hci_dev_unlock(hdev);
14a53664
JH		 4051 return err;
4052}
f39799f5 4053
3b0602cd
JH		 4054static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4055 u8 status)
2922a94f 4056{
2a1afb5a
JH		 4057 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4058 cmd->param, 1);
2922a94f 4059}
04106755 4060
66ea9427
JP		 4061static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4062 void *data, u16 len)
4063{
4064 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 4065 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 4066 struct hci_request req;
4067 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4068 u16 uuid_count, expected_len;
4069 u8 status;
4070 int err;
04106755 4071
66ea9427 4072 BT_DBG("%s", hdev->name);
e8bb6b97 4073
66ea9427 4074 hci_dev_lock(hdev);
7c307720 4075
66ea9427 4076 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4077 err = mgmt_cmd_complete(sk, hdev->id,
4078 MGMT_OP_START_SERVICE_DISCOVERY,
4079 MGMT_STATUS_NOT_POWERED,
4080 &cp->type, sizeof(cp->type));
66ea9427
JP		 4081 goto failed;
4082 }
7c307720 4083
66ea9427 4084 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4085 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4086 err = mgmt_cmd_complete(sk, hdev->id,
4087 MGMT_OP_START_SERVICE_DISCOVERY,
4088 MGMT_STATUS_BUSY, &cp->type,
4089 sizeof(cp->type));
66ea9427
JP		 4090 goto failed;
4091 }
d9483943 4092
66ea9427
JP		 4093 uuid_count = __le16_to_cpu(cp->uuid_count);
4094 if (uuid_count > max_uuid_count) {
4095 BT_ERR("service_discovery: too big uuid_count value %u",
4096 uuid_count);
2a1afb5a
JH		 4097 err = mgmt_cmd_complete(sk, hdev->id,
4098 MGMT_OP_START_SERVICE_DISCOVERY,
4099 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4100 sizeof(cp->type));
66ea9427
JP		 4101 goto failed;
4102 }
4103
4104 expected_len = sizeof(*cp) + uuid_count * 16;
4105 if (expected_len != len) {
4106 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4107 expected_len, len);
2a1afb5a
JH		 4108 err = mgmt_cmd_complete(sk, hdev->id,
4109 MGMT_OP_START_SERVICE_DISCOVERY,
4110 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4111 sizeof(cp->type));
66ea9427
JP		 4112 goto failed;
4113 }
4114
4115 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4116 hdev, data, len);
66ea9427
JP		 4117 if (!cmd) {
4118 err = -ENOMEM;
4119 goto failed;
4120 }
4121
2922a94f
JH		 4122 cmd->cmd_complete = service_discovery_cmd_complete;
4123
22078800
MH		 4124 /* Clear the discovery filter first to free any previously
4125 * allocated memory for the UUID list.
4126 */
4127 hci_discovery_filter_clear(hdev);
4128
82f8b651 4129 hdev->discovery.result_filtering = true;
66ea9427
JP		 4130 hdev->discovery.type = cp->type;
4131 hdev->discovery.rssi = cp->rssi;
4132 hdev->discovery.uuid_count = uuid_count;
4133
4134 if (uuid_count > 0) {
4135 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4136 GFP_KERNEL);
4137 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4138 err = mgmt_cmd_complete(sk, hdev->id,
4139 MGMT_OP_START_SERVICE_DISCOVERY,
4140 MGMT_STATUS_FAILED,
4141 &cp->type, sizeof(cp->type));
d9483943
JH		 4142 mgmt_pending_remove(cmd);
4143 goto failed;
4144 }
66ea9427 4145 }
d9483943 4146
66ea9427 4147 hci_req_init(&req, hdev);
5e0452c0 4148
66ea9427 4149 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4150 err = mgmt_cmd_complete(sk, hdev->id,
4151 MGMT_OP_START_SERVICE_DISCOVERY,
4152 status, &cp->type, sizeof(cp->type));
04106755
JH		 4153 mgmt_pending_remove(cmd);
4154 goto failed;
f39799f5 4155 }
3fd24153 4156
7c307720 4157 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4158 if (err < 0) {
14a53664 4159 mgmt_pending_remove(cmd);
66ea9427
JP		 4160 goto failed;
4161 }
4162
4163 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4164
4165failed:
09fd0de5 4166 hci_dev_unlock(hdev);
14a53664
JH		 4167 return err;
4168}
4169
1904a853 4170static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1183fdca 4171{
3b0602cd 4172 struct mgmt_pending_cmd *cmd;
1183fdca 4173
0e05bba6
AG		 4174 BT_DBG("status %d", status);
4175
4176 hci_dev_lock(hdev);
4177
11e6e25d
MH		 4178 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4179 if (cmd) {
2922a94f 4180 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4181 mgmt_pending_remove(cmd);
0e05bba6
AG		 4182 }
4183
11e6e25d
MH		 4184 if (!status)
4185 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4186
0e05bba6
AG		 4187 hci_dev_unlock(hdev);
4188}
4189
bdb6d971 4190static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4191 u16 len)
14a53664 4192{
d930650b 4193 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4194 struct mgmt_pending_cmd *cmd;
0e05bba6 4195 struct hci_request req;
14a53664
JH		 4196 int err;
4197
bdb6d971 4198 BT_DBG("%s", hdev->name);
14a53664 4199
09fd0de5 4200 hci_dev_lock(hdev);
14a53664 4201
30dc78e1 4202 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4203 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4204 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4205 sizeof(mgmt_cp->type));
d930650b
JH		 4206 goto unlock;
4207 }
4208
4209 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4210 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4211 MGMT_STATUS_INVALID_PARAMS,
4212 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4213 goto unlock;
ff9ef578
JH		 4214 }
4215
2922a94f 4216 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4217 if (!cmd) {
4218 err = -ENOMEM;
30dc78e1
JH		 4219 goto unlock;
4220 }
4221
2922a94f
JH		 4222 cmd->cmd_complete = generic_cmd_complete;
4223
0e05bba6
AG		 4224 hci_req_init(&req, hdev);
4225
21a60d30 4226 hci_stop_discovery(&req);
e0d9727e 4227
21a60d30
JH		 4228 err = hci_req_run(&req, stop_discovery_complete);
4229 if (!err) {
4230 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4231 goto unlock;
14a53664
JH		 4232 }
4233
21a60d30
JH		 4234 mgmt_pending_remove(cmd);
4235
4236 /* If no HCI commands were sent we're done */
4237 if (err == -ENODATA) {
2a1afb5a
JH		 4238 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4239 &mgmt_cp->type, sizeof(mgmt_cp->type));
21a60d30
JH		 4240 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4241 }
14a53664 4242
30dc78e1 4243unlock:
09fd0de5 4244 hci_dev_unlock(hdev);
14a53664
JH		 4245 return err;
4246}
4247
bdb6d971 4248static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4249 u16 len)
561aafbc 4250{
650f726d 4251 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4252 struct inquiry_entry *e;
561aafbc
JH		 4253 int err;
4254
bdb6d971 4255 BT_DBG("%s", hdev->name);
561aafbc 4256
561aafbc
JH		 4257 hci_dev_lock(hdev);
4258
30dc78e1 4259 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4260 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4261 MGMT_STATUS_FAILED, &cp->addr,
4262 sizeof(cp->addr));
30dc78e1
JH		 4263 goto failed;
4264 }
4265
a198e7b1 4266 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4267 if (!e) {
2a1afb5a
JH		 4268 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4269 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4270 sizeof(cp->addr));
561aafbc
JH		 4271 goto failed;
4272 }
4273
4274 if (cp->name_known) {
4275 e->name_state = NAME_KNOWN;
4276 list_del(&e->list);
4277 } else {
4278 e->name_state = NAME_NEEDED;
a3d4e20a 4279 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4280 }
4281
2a1afb5a
JH		 4282 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4283 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4284
4285failed:
4286 hci_dev_unlock(hdev);
561aafbc
JH		 4287 return err;
4288}
4289
bdb6d971 4290static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4291 u16 len)
7fbec224 4292{
650f726d 4293 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4294 u8 status;
7fbec224
AJ		 4295 int err;
4296
bdb6d971 4297 BT_DBG("%s", hdev->name);
7fbec224 4298
4ee71b20 4299 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4300 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4301 MGMT_STATUS_INVALID_PARAMS,
4302 &cp->addr, sizeof(cp->addr));
4ee71b20 4303
09fd0de5 4304 hci_dev_lock(hdev);
5e762444 4305
dcc36c16
JH		 4306 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4307 cp->addr.type);
2a8357f2 4308 if (err < 0) {
f0eeea8b 4309 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4310 goto done;
4311 }
4312
4313 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4314 sk);
4315 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4316
2a8357f2 4317done:
2a1afb5a
JH		 4318 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4319 &cp->addr, sizeof(cp->addr));
5e762444 4320
09fd0de5 4321 hci_dev_unlock(hdev);
7fbec224
AJ		 4322
4323 return err;
4324}
4325
bdb6d971 4326static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4327 u16 len)
7fbec224 4328{
650f726d 4329 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4330 u8 status;
7fbec224
AJ		 4331 int err;
4332
bdb6d971 4333 BT_DBG("%s", hdev->name);
7fbec224 4334
4ee71b20 4335 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4336 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4337 MGMT_STATUS_INVALID_PARAMS,
4338 &cp->addr, sizeof(cp->addr));
4ee71b20 4339
09fd0de5 4340 hci_dev_lock(hdev);
5e762444 4341
dcc36c16
JH		 4342 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4343 cp->addr.type);
2a8357f2 4344 if (err < 0) {
f0eeea8b 4345 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4346 goto done;
4347 }
4348
4349 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4350 sk);
4351 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4352
2a8357f2 4353done:
2a1afb5a
JH		 4354 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4355 &cp->addr, sizeof(cp->addr));
5e762444 4356
09fd0de5 4357 hci_dev_unlock(hdev);
7fbec224
AJ		 4358
4359 return err;
4360}
4361
cdbaccca
MH		 4362static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4363 u16 len)
4364{
4365 struct mgmt_cp_set_device_id *cp = data;
890ea898 4366 struct hci_request req;
cdbaccca 4367 int err;
c72d4b8a 4368 __u16 source;
cdbaccca
MH		 4369
4370 BT_DBG("%s", hdev->name);
4371
c72d4b8a
SJ		 4372 source = __le16_to_cpu(cp->source);
4373
4374 if (source > 0x0002)
a69e8375
JH		 4375 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4376 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4377
cdbaccca
MH		 4378 hci_dev_lock(hdev);
4379
c72d4b8a 4380 hdev->devid_source = source;
cdbaccca
MH		 4381 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4382 hdev->devid_product = __le16_to_cpu(cp->product);
4383 hdev->devid_version = __le16_to_cpu(cp->version);
4384
2a1afb5a
JH		 4385 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4386 NULL, 0);
cdbaccca 4387
890ea898
JH		 4388 hci_req_init(&req, hdev);
4389 update_eir(&req);
4390 hci_req_run(&req, NULL);
cdbaccca
MH		 4391
4392 hci_dev_unlock(hdev);
4393
4394 return err;
4395}
4396
1904a853
MH		 4397static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4398 u16 opcode)
4375f103
JH		 4399{
4400 struct cmd_lookup match = { NULL, hdev };
4401
3ad67582
JK		 4402 hci_dev_lock(hdev);
4403
4375f103
JH		 4404 if (status) {
4405 u8 mgmt_err = mgmt_status(status);
4406
4407 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4408 cmd_status_rsp, &mgmt_err);
3ad67582 4409 goto unlock;
4375f103
JH		 4410 }
4411
d7a5a11d 4412 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 4413 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 4414 else
a358dc11 4415 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 4416
4375f103
JH		 4417 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4418 &match);
4419
4420 new_settings(hdev, match.sk);
4421
4422 if (match.sk)
4423 sock_put(match.sk);
3ad67582
JK		 4424
4425unlock:
4426 hci_dev_unlock(hdev);
4375f103
JH		 4427}
4428
21b5187f
MH		 4429static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4430 u16 len)
4375f103
JH		 4431{
4432 struct mgmt_mode *cp = data;
3b0602cd 4433 struct mgmt_pending_cmd *cmd;
4375f103 4434 struct hci_request req;
cc91cb04 4435 u8 val, status;
4375f103
JH		 4436 int err;
4437
4438 BT_DBG("request for %s", hdev->name);
4439
e6fe7986
JH		 4440 status = mgmt_le_support(hdev);
4441 if (status)
a69e8375
JH		 4442 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4443 status);
4375f103 4444
cc91cb04 4445 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4446 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4447 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4448
4449 hci_dev_lock(hdev);
4450
4451 val = !!cp->val;
4375f103 4452
f74ca9b8
JH		 4453 /* The following conditions are ones which mean that we should
4454 * not do any HCI communication but directly send a mgmt
4455 * response to user space (after toggling the flag if
4456 * necessary).
4457 */
cc91cb04 4458 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 4459 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4460 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 4461 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 4462 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 4463 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 4464 bool changed;
4375f103 4465
cc91cb04
MH		 4466 if (cp->val) {
4467 changed = !test_and_set_bit(HCI_ADVERTISING,
4468 &hdev->dev_flags);
4469 if (cp->val == 0x02)
a1536da2 4470 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4471 else
a358dc11 4472 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04
MH		 4473 } else {
4474 changed = test_and_clear_bit(HCI_ADVERTISING,
4475 &hdev->dev_flags);
a358dc11 4476 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 4477 }
4478
4479 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4480 if (err < 0)
4481 goto unlock;
4482
4483 if (changed)
4484 err = new_settings(hdev, sk);
4485
4486 goto unlock;
4487 }
4488
4489 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4490 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4491 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4492 MGMT_STATUS_BUSY);
4375f103
JH		 4493 goto unlock;
4494 }
4495
4496 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4497 if (!cmd) {
4498 err = -ENOMEM;
4499 goto unlock;
4500 }
4501
4502 hci_req_init(&req, hdev);
4503
cc91cb04 4504 if (cp->val == 0x02)
a1536da2 4505 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4506 else
a358dc11 4507 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4508
bba3aa55
MH		 4509 if (val)
4510 enable_advertising(&req);
4511 else
4512 disable_advertising(&req);
4375f103
JH		 4513
4514 err = hci_req_run(&req, set_advertising_complete);
4515 if (err < 0)
4516 mgmt_pending_remove(cmd);
4517
4518unlock:
4519 hci_dev_unlock(hdev);
4520 return err;
4521}
4522
d13eafce
MH		 4523static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4524 void *data, u16 len)
4525{
4526 struct mgmt_cp_set_static_address *cp = data;
4527 int err;
4528
4529 BT_DBG("%s", hdev->name);
4530
62af4443 4531 if (!lmp_le_capable(hdev))
a69e8375
JH		 4532 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4533 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4534
4535 if (hdev_is_powered(hdev))
a69e8375
JH		 4536 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4537 MGMT_STATUS_REJECTED);
d13eafce
MH		 4538
4539 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4540 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4541 return mgmt_cmd_status(sk, hdev->id,
4542 MGMT_OP_SET_STATIC_ADDRESS,
4543 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4544
4545 /* Two most significant bits shall be set */
4546 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4547 return mgmt_cmd_status(sk, hdev->id,
4548 MGMT_OP_SET_STATIC_ADDRESS,
4549 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4550 }
4551
4552 hci_dev_lock(hdev);
4553
4554 bacpy(&hdev->static_addr, &cp->bdaddr);
4555
93690c22
MH		 4556 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4557 if (err < 0)
4558 goto unlock;
4559
4560 err = new_settings(hdev, sk);
d13eafce 4561
93690c22 4562unlock:
d13eafce 4563 hci_dev_unlock(hdev);
d13eafce
MH		 4564 return err;
4565}
4566
14b49b9a
MH		 4567static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4568 void *data, u16 len)
4569{
4570 struct mgmt_cp_set_scan_params *cp = data;
4571 __u16 interval, window;
4572 int err;
4573
4574 BT_DBG("%s", hdev->name);
4575
4576 if (!lmp_le_capable(hdev))
a69e8375
JH		 4577 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4578 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4579
4580 interval = __le16_to_cpu(cp->interval);
4581
4582 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4583 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4584 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4585
4586 window = __le16_to_cpu(cp->window);
4587
4588 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4589 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4590 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4591
899e1075 4592 if (window > interval)
a69e8375
JH		 4593 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4594 MGMT_STATUS_INVALID_PARAMS);
899e1075 4595
14b49b9a
MH		 4596 hci_dev_lock(hdev);
4597
4598 hdev->le_scan_interval = interval;
4599 hdev->le_scan_window = window;
4600
2a1afb5a
JH		 4601 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4602 NULL, 0);
14b49b9a 4603
dd2ef8e2
AG		 4604 /* If background scan is running, restart it so new parameters are
4605 * loaded.
4606 */
d7a5a11d 4607 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4608 hdev->discovery.state == DISCOVERY_STOPPED) {
4609 struct hci_request req;
4610
4611 hci_req_init(&req, hdev);
4612
4613 hci_req_add_le_scan_disable(&req);
4614 hci_req_add_le_passive_scan(&req);
4615
4616 hci_req_run(&req, NULL);
4617 }
4618
14b49b9a
MH		 4619 hci_dev_unlock(hdev);
4620
4621 return err;
4622}
4623
1904a853
MH		 4624static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4625 u16 opcode)
33e38b3e 4626{
3b0602cd 4627 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4628
4629 BT_DBG("status 0x%02x", status);
4630
4631 hci_dev_lock(hdev);
4632
4633 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4634 if (!cmd)
4635 goto unlock;
4636
4637 if (status) {
a69e8375
JH		 4638 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4639 mgmt_status(status));
33e38b3e 4640 } else {
1a4d3c4b
JH		 4641 struct mgmt_mode *cp = cmd->param;
4642
4643 if (cp->val)
a1536da2 4644 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4645 else
a358dc11 4646 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4647
33e38b3e
JH		 4648 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4649 new_settings(hdev, cmd->sk);
4650 }
4651
4652 mgmt_pending_remove(cmd);
4653
4654unlock:
4655 hci_dev_unlock(hdev);
4656}
4657
bdb6d971 4658static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4659 void *data, u16 len)
f6422ec6 4660{
650f726d 4661 struct mgmt_mode *cp = data;
3b0602cd 4662 struct mgmt_pending_cmd *cmd;
33e38b3e 4663 struct hci_request req;
f6422ec6
AJ		 4664 int err;
4665
bdb6d971 4666 BT_DBG("%s", hdev->name);
f6422ec6 4667
d7a5a11d 4668 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4669 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4670 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4671 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4672
a7e80f25 4673 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4674 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4675 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4676
f6422ec6
AJ		 4677 hci_dev_lock(hdev);
4678
05cbf29f 4679 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4680 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4681 MGMT_STATUS_BUSY);
05cbf29f
JH		 4682 goto unlock;
4683 }
4684
d7a5a11d 4685 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4686 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4687 hdev);
4688 goto unlock;
4689 }
4690
406ef2a6 4691 if (!hdev_is_powered(hdev)) {
ce05d603 4692 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4693 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4694 hdev);
4695 new_settings(hdev, sk);
4696 goto unlock;
4697 }
4698
33e38b3e
JH		 4699 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4700 data, len);
4701 if (!cmd) {
4702 err = -ENOMEM;
4703 goto unlock;
f6422ec6
AJ		 4704 }
4705
33e38b3e
JH		 4706 hci_req_init(&req, hdev);
4707
406d7804 4708 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4709
4710 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4711 if (err < 0) {
a69e8375
JH		 4712 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4713 MGMT_STATUS_FAILED);
33e38b3e 4714 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4715 }
4716
33e38b3e 4717unlock:
f6422ec6 4718 hci_dev_unlock(hdev);
33e38b3e 4719
f6422ec6
AJ		 4720 return err;
4721}
4722
1904a853 4723static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4724{
3b0602cd 4725 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4726
4727 BT_DBG("status 0x%02x", status);
4728
4729 hci_dev_lock(hdev);
4730
4731 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4732 if (!cmd)
4733 goto unlock;
4734
4735 if (status) {
4736 u8 mgmt_err = mgmt_status(status);
4737
4738 /* We need to restore the flag if related HCI commands
4739 * failed.
4740 */
a358dc11 4741 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4742
a69e8375 4743 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4744 } else {
4745 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4746 new_settings(hdev, cmd->sk);
4747 }
4748
4749 mgmt_pending_remove(cmd);
4750
4751unlock:
4752 hci_dev_unlock(hdev);
4753}
4754
4755static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4756{
4757 struct mgmt_mode *cp = data;
3b0602cd 4758 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4759 struct hci_request req;
4760 int err;
4761
4762 BT_DBG("request for %s", hdev->name);
4763
4764 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4765 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4766 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4767
d7a5a11d 4768 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4769 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4770 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4771
4772 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4773 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4774 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4775
4776 hci_dev_lock(hdev);
4777
d7a5a11d 4778 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4779 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4780 goto unlock;
4781 }
4782
4783 if (!hdev_is_powered(hdev)) {
4784 if (!cp->val) {
a358dc11
MH		 4785 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4786 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4787 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4788 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4789 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4790 }
4791
ce05d603 4792 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4793
4794 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4795 if (err < 0)
4796 goto unlock;
4797
4798 err = new_settings(hdev, sk);
4799 goto unlock;
4800 }
4801
4802 /* Reject disabling when powered on */
4803 if (!cp->val) {
a69e8375
JH		 4804 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4805 MGMT_STATUS_REJECTED);
0663ca2a 4806 goto unlock;
111e4bcc
MH		 4807 } else {
4808 /* When configuring a dual-mode controller to operate
4809 * with LE only and using a static address, then switching
4810 * BR/EDR back on is not allowed.
4811 *
4812 * Dual-mode controllers shall operate with the public
4813 * address as its identity address for BR/EDR and LE. So
4814 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4815 *
4816 * The same restrictions applies when secure connections
4817 * has been enabled. For BR/EDR this is a controller feature
4818 * while for LE it is a host stack feature. This means that
4819 * switching BR/EDR back on when secure connections has been
4820 * enabled is not a supported transaction.
111e4bcc 4821 */
d7a5a11d 4822 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 4823 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 4824 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 4825 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4826 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4827 goto unlock;
4828 }
0663ca2a
JH		 4829 }
4830
4831 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4832 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4833 MGMT_STATUS_BUSY);
0663ca2a
JH		 4834 goto unlock;
4835 }
4836
4837 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4838 if (!cmd) {
4839 err = -ENOMEM;
4840 goto unlock;
4841 }
4842
5947f4bc 4843 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4844 * generates the correct flags.
4845 */
a1536da2 4846 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4847
4848 hci_req_init(&req, hdev);
aa8af46e 4849
432df05e 4850 write_fast_connectable(&req, false);
1d2dc5b7 4851 __hci_update_page_scan(&req);
aa8af46e 4852
f14d8f64
MH		 4853 /* Since only the advertising data flags will change, there
4854 * is no need to update the scan response data.
4855 */
5947f4bc 4856 update_adv_data(&req);
aa8af46e 4857
0663ca2a
JH		 4858 err = hci_req_run(&req, set_bredr_complete);
4859 if (err < 0)
4860 mgmt_pending_remove(cmd);
4861
4862unlock:
4863 hci_dev_unlock(hdev);
4864 return err;
4865}
4866
a1443f5a
JH		 4867static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4868{
3b0602cd 4869 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4870 struct mgmt_mode *cp;
4871
4872 BT_DBG("%s status %u", hdev->name, status);
4873
4874 hci_dev_lock(hdev);
4875
4876 cmd = mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4877 if (!cmd)
4878 goto unlock;
4879
4880 if (status) {
a69e8375
JH		 4881 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4882 mgmt_status(status));
a1443f5a
JH		 4883 goto remove;
4884 }
4885
4886 cp = cmd->param;
4887
4888 switch (cp->val) {
4889 case 0x00:
a358dc11
MH		 4890 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4891 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4892 break;
4893 case 0x01:
a1536da2 4894 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 4895 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4896 break;
4897 case 0x02:
a1536da2
MH		 4898 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4899 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4900 break;
4901 }
4902
4903 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4904 new_settings(hdev, cmd->sk);
4905
4906remove:
4907 mgmt_pending_remove(cmd);
4908unlock:
4909 hci_dev_unlock(hdev);
4910}
4911
eac83dc6
MH		 4912static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4913 void *data, u16 len)
4914{
4915 struct mgmt_mode *cp = data;
3b0602cd 4916 struct mgmt_pending_cmd *cmd;
a1443f5a 4917 struct hci_request req;
a3209694 4918 u8 val;
eac83dc6
MH		 4919 int err;
4920
4921 BT_DBG("request for %s", hdev->name);
4922
05b3c3e7 4923 if (!lmp_sc_capable(hdev) &&
d7a5a11d 4924 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4925 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4926 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 4927
d7a5a11d 4928 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 4929 lmp_sc_capable(hdev) &&
d7a5a11d 4930 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 4931 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4932 MGMT_STATUS_REJECTED);
ed93ec69 4933
0ab04a9c 4934 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 4935 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 4936 MGMT_STATUS_INVALID_PARAMS);
4937
4938 hci_dev_lock(hdev);
4939
05b3c3e7 4940 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 4941 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 4942 bool changed;
4943
0ab04a9c 4944 if (cp->val) {
eac83dc6
MH		 4945 changed = !test_and_set_bit(HCI_SC_ENABLED,
4946 &hdev->dev_flags);
0ab04a9c 4947 if (cp->val == 0x02)
a1536da2 4948 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4949 else
a358dc11 4950 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4951 } else {
eac83dc6
MH		 4952 changed = test_and_clear_bit(HCI_SC_ENABLED,
4953 &hdev->dev_flags);
a358dc11 4954 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4955 }
eac83dc6
MH		 4956
4957 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4958 if (err < 0)
4959 goto failed;
4960
4961 if (changed)
4962 err = new_settings(hdev, sk);
4963
4964 goto failed;
4965 }
4966
4967 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 4968 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4969 MGMT_STATUS_BUSY);
eac83dc6
MH		 4970 goto failed;
4971 }
4972
0ab04a9c
MH		 4973 val = !!cp->val;
4974
d7a5a11d
MH		 4975 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4976 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 4977 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4978 goto failed;
4979 }
4980
4981 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4982 if (!cmd) {
4983 err = -ENOMEM;
4984 goto failed;
4985 }
4986
a1443f5a
JH		 4987 hci_req_init(&req, hdev);
4988 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4989 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 4990 if (err < 0) {
4991 mgmt_pending_remove(cmd);
4992 goto failed;
4993 }
4994
4995failed:
4996 hci_dev_unlock(hdev);
4997 return err;
4998}
4999
4e39ac81
MH		 5000static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5001 void *data, u16 len)
5002{
5003 struct mgmt_mode *cp = data;
b9710979 5004 bool changed, use_changed;
4e39ac81
MH		 5005 int err;
5006
5007 BT_DBG("request for %s", hdev->name);
5008
b9710979 5009 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 5010 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5011 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 5012
5013 hci_dev_lock(hdev);
5014
5015 if (cp->val)
0663b297
JH		 5016 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
5017 &hdev->dev_flags);
4e39ac81 5018 else
0663b297
JH		 5019 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
5020 &hdev->dev_flags);
4e39ac81 5021
b9710979
JH		 5022 if (cp->val == 0x02)
5023 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
5024 &hdev->dev_flags);
5025 else
5026 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
5027 &hdev->dev_flags);
5028
5029 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 5030 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 5031 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5032 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5033 sizeof(mode), &mode);
5034 }
5035
4e39ac81
MH		 5036 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5037 if (err < 0)
5038 goto unlock;
5039
5040 if (changed)
5041 err = new_settings(hdev, sk);
5042
5043unlock:
5044 hci_dev_unlock(hdev);
5045 return err;
5046}
5047
62b04cd1
JH		 5048static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5049 u16 len)
5050{
5051 struct mgmt_cp_set_privacy *cp = cp_data;
5052 bool changed;
5053 int err;
5054
5055 BT_DBG("request for %s", hdev->name);
5056
5057 if (!lmp_le_capable(hdev))
a69e8375
JH		 5058 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5059 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 5060
5061 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 5062 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5063 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 5064
5065 if (hdev_is_powered(hdev))
a69e8375
JH		 5066 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5067 MGMT_STATUS_REJECTED);
62b04cd1
JH		 5068
5069 hci_dev_lock(hdev);
5070
c21c0ea0
JH		 5071 /* If user space supports this command it is also expected to
5072 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5073 */
a1536da2 5074 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 5075
62b04cd1
JH		 5076 if (cp->privacy) {
5077 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
5078 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 5079 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 5080 } else {
5081 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
5082 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 5083 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 5084 }
5085
5086 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5087 if (err < 0)
5088 goto unlock;
5089
5090 if (changed)
5091 err = new_settings(hdev, sk);
5092
5093unlock:
5094 hci_dev_unlock(hdev);
5095 return err;
5096}
5097
41edf160
JH		 5098static bool irk_is_valid(struct mgmt_irk_info *irk)
5099{
5100 switch (irk->addr.type) {
5101 case BDADDR_LE_PUBLIC:
5102 return true;
5103
5104 case BDADDR_LE_RANDOM:
5105 /* Two most significant bits shall be set */
5106 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5107 return false;
5108 return true;
5109 }
5110
5111 return false;
5112}
5113
5114static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5115 u16 len)
5116{
5117 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5118 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5119 sizeof(struct mgmt_irk_info));
41edf160
JH		 5120 u16 irk_count, expected_len;
5121 int i, err;
5122
5123 BT_DBG("request for %s", hdev->name);
5124
5125 if (!lmp_le_capable(hdev))
a69e8375
JH		 5126 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5127 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5128
5129 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 5130 if (irk_count > max_irk_count) {
5131 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 5132 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5133 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5134 }
41edf160
JH		 5135
5136 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5137 if (expected_len != len) {
5138 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 5139 expected_len, len);
a69e8375
JH		 5140 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5141 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5142 }
5143
5144 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5145
5146 for (i = 0; i < irk_count; i++) {
5147 struct mgmt_irk_info *key = &cp->irks[i];
5148
5149 if (!irk_is_valid(key))
a69e8375
JH		 5150 return mgmt_cmd_status(sk, hdev->id,
5151 MGMT_OP_LOAD_IRKS,
5152 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5153 }
5154
5155 hci_dev_lock(hdev);
5156
5157 hci_smp_irks_clear(hdev);
5158
5159 for (i = 0; i < irk_count; i++) {
5160 struct mgmt_irk_info *irk = &cp->irks[i];
5161 u8 addr_type;
5162
5163 if (irk->addr.type == BDADDR_LE_PUBLIC)
5164 addr_type = ADDR_LE_DEV_PUBLIC;
5165 else
5166 addr_type = ADDR_LE_DEV_RANDOM;
5167
5168 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5169 BDADDR_ANY);
5170 }
5171
a1536da2 5172 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 5173
2a1afb5a 5174 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5175
5176 hci_dev_unlock(hdev);
5177
5178 return err;
5179}
5180
3f706b72
JH		 5181static bool ltk_is_valid(struct mgmt_ltk_info *key)
5182{
5183 if (key->master != 0x00 && key->master != 0x01)
5184 return false;
490cb0b3
MH		 5185
5186 switch (key->addr.type) {
5187 case BDADDR_LE_PUBLIC:
5188 return true;
5189
5190 case BDADDR_LE_RANDOM:
5191 /* Two most significant bits shall be set */
5192 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5193 return false;
5194 return true;
5195 }
5196
5197 return false;
3f706b72
JH		 5198}
5199
bdb6d971 5200static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5201 void *cp_data, u16 len)
346af67b 5202{
346af67b 5203 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5204 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5205 sizeof(struct mgmt_ltk_info));
346af67b 5206 u16 key_count, expected_len;
715a5bf2 5207 int i, err;
346af67b 5208
cf99ba13
MH		 5209 BT_DBG("request for %s", hdev->name);
5210
5211 if (!lmp_le_capable(hdev))
a69e8375
JH		 5212 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5213 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5214
1f350c87 5215 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5216 if (key_count > max_key_count) {
5217 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 5218 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5219 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5220 }
346af67b
VCG		 5221
5222 expected_len = sizeof(*cp) + key_count *
5223 sizeof(struct mgmt_ltk_info);
5224 if (expected_len != len) {
5225 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5226 expected_len, len);
a69e8375
JH		 5227 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5228 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5229 }
5230
bdb6d971 5231 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5232
54ad6d8a
JH		 5233 for (i = 0; i < key_count; i++) {
5234 struct mgmt_ltk_info *key = &cp->keys[i];
5235
3f706b72 5236 if (!ltk_is_valid(key))
a69e8375
JH		 5237 return mgmt_cmd_status(sk, hdev->id,
5238 MGMT_OP_LOAD_LONG_TERM_KEYS,
5239 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5240 }
5241
346af67b
VCG		 5242 hci_dev_lock(hdev);
5243
5244 hci_smp_ltks_clear(hdev);
5245
5246 for (i = 0; i < key_count; i++) {
5247 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5248 u8 type, addr_type, authenticated;
79d95a19
MH		 5249
5250 if (key->addr.type == BDADDR_LE_PUBLIC)
5251 addr_type = ADDR_LE_DEV_PUBLIC;
5252 else
5253 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5254
61b43357
JH		 5255 switch (key->type) {
5256 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5257 authenticated = 0x00;
23fb8de3 5258 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5259 break;
5260 case MGMT_LTK_AUTHENTICATED:
d7b25450 5261 authenticated = 0x01;
23fb8de3
JH		 5262 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5263 break;
5264 case MGMT_LTK_P256_UNAUTH:
5265 authenticated = 0x00;
5266 type = SMP_LTK_P256;
61b43357 5267 break;
23fb8de3
JH		 5268 case MGMT_LTK_P256_AUTH:
5269 authenticated = 0x01;
5270 type = SMP_LTK_P256;
61b43357 5271 break;
23fb8de3
JH		 5272 case MGMT_LTK_P256_DEBUG:
5273 authenticated = 0x00;
5274 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5275 default:
5276 continue;
5277 }
d7b25450 5278
35d70271 5279 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5280 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5281 key->rand);
346af67b
VCG		 5282 }
5283
2a1afb5a 5284 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5285 NULL, 0);
5286
346af67b 5287 hci_dev_unlock(hdev);
346af67b 5288
715a5bf2 5289 return err;
346af67b
VCG		 5290}
5291
3b0602cd 5292static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5293{
dd983808 5294 struct hci_conn *conn = cmd->user_data;
9981bdb0 5295 struct mgmt_rp_get_conn_info rp;
9df74653 5296 int err;
dd983808 5297
9981bdb0 5298 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5299
9981bdb0 5300 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5301 rp.rssi = conn->rssi;
9981bdb0
JH		 5302 rp.tx_power = conn->tx_power;
5303 rp.max_tx_power = conn->max_tx_power;
5304 } else {
5305 rp.rssi = HCI_RSSI_INVALID;
5306 rp.tx_power = HCI_TX_POWER_INVALID;
5307 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5308 }
5309
2a1afb5a
JH		 5310 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5311 status, &rp, sizeof(rp));
dd983808
AK		 5312
5313 hci_conn_drop(conn);
f8aaf9b6 5314 hci_conn_put(conn);
9df74653
JH		 5315
5316 return err;
dd983808
AK		 5317}
5318
1904a853
MH		 5319static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5320 u16 opcode)
dd983808
AK		 5321{
5322 struct hci_cp_read_rssi *cp;
3b0602cd 5323 struct mgmt_pending_cmd *cmd;
dd983808 5324 struct hci_conn *conn;
dd983808 5325 u16 handle;
9981bdb0 5326 u8 status;
dd983808 5327
9981bdb0 5328 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5329
5330 hci_dev_lock(hdev);
5331
dd983808
AK		 5332 /* Commands sent in request are either Read RSSI or Read Transmit Power
5333 * Level so we check which one was last sent to retrieve connection
5334 * handle. Both commands have handle as first parameter so it's safe to
5335 * cast data on the same command struct.
5336 *
5337 * First command sent is always Read RSSI and we fail only if it fails.
5338 * In other case we simply override error to indicate success as we
5339 * already remembered if TX power value is actually valid.
5340 */
5341 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5342 if (!cp) {
5343 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5344 status = MGMT_STATUS_SUCCESS;
5345 } else {
5346 status = mgmt_status(hci_status);
dd983808
AK		 5347 }
5348
5349 if (!cp) {
9981bdb0 5350 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5351 goto unlock;
5352 }
5353
5354 handle = __le16_to_cpu(cp->handle);
5355 conn = hci_conn_hash_lookup_handle(hdev, handle);
5356 if (!conn) {
9981bdb0 5357 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5358 goto unlock;
5359 }
5360
9981bdb0
JH		 5361 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5362 if (!cmd)
5363 goto unlock;
dd983808 5364
9981bdb0
JH		 5365 cmd->cmd_complete(cmd, status);
5366 mgmt_pending_remove(cmd);
dd983808
AK		 5367
5368unlock:
5369 hci_dev_unlock(hdev);
5370}
5371
5372static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5373 u16 len)
5374{
5375 struct mgmt_cp_get_conn_info *cp = data;
5376 struct mgmt_rp_get_conn_info rp;
5377 struct hci_conn *conn;
5378 unsigned long conn_info_age;
5379 int err = 0;
5380
5381 BT_DBG("%s", hdev->name);
5382
5383 memset(&rp, 0, sizeof(rp));
5384 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5385 rp.addr.type = cp->addr.type;
5386
5387 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5388 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5389 MGMT_STATUS_INVALID_PARAMS,
5390 &rp, sizeof(rp));
dd983808
AK		 5391
5392 hci_dev_lock(hdev);
5393
5394 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5395 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5396 MGMT_STATUS_NOT_POWERED, &rp,
5397 sizeof(rp));
dd983808
AK		 5398 goto unlock;
5399 }
5400
5401 if (cp->addr.type == BDADDR_BREDR)
5402 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5403 &cp->addr.bdaddr);
5404 else
5405 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5406
5407 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5408 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5409 MGMT_STATUS_NOT_CONNECTED, &rp,
5410 sizeof(rp));
dd983808
AK		 5411 goto unlock;
5412 }
5413
9981bdb0 5414 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5415 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5416 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5417 goto unlock;
5418 }
5419
dd983808
AK		 5420 /* To avoid client trying to guess when to poll again for information we
5421 * calculate conn info age as random value between min/max set in hdev.
5422 */
5423 conn_info_age = hdev->conn_info_min_age +
5424 prandom_u32_max(hdev->conn_info_max_age -
5425 hdev->conn_info_min_age);
5426
5427 /* Query controller to refresh cached values if they are too old or were
5428 * never read.
5429 */
f4e2dd53
AK		 5430 if (time_after(jiffies, conn->conn_info_timestamp +
5431 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5432 !conn->conn_info_timestamp) {
5433 struct hci_request req;
5434 struct hci_cp_read_tx_power req_txp_cp;
5435 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5436 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5437
5438 hci_req_init(&req, hdev);
5439 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5440 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5441 &req_rssi_cp);
5442
f7faab0c
AK		 5443 /* For LE links TX power does not change thus we don't need to
5444 * query for it once value is known.
5445 */
5446 if (!bdaddr_type_is_le(cp->addr.type) ||
5447 conn->tx_power == HCI_TX_POWER_INVALID) {
5448 req_txp_cp.handle = cpu_to_le16(conn->handle);
5449 req_txp_cp.type = 0x00;
5450 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5451 sizeof(req_txp_cp), &req_txp_cp);
5452 }
dd983808 5453
eed5daf3
AK		 5454 /* Max TX power needs to be read only once per connection */
5455 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5456 req_txp_cp.handle = cpu_to_le16(conn->handle);
5457 req_txp_cp.type = 0x01;
5458 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5459 sizeof(req_txp_cp), &req_txp_cp);
5460 }
5461
dd983808
AK		 5462 err = hci_req_run(&req, conn_info_refresh_complete);
5463 if (err < 0)
5464 goto unlock;
5465
5466 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5467 data, len);
5468 if (!cmd) {
5469 err = -ENOMEM;
5470 goto unlock;
5471 }
5472
5473 hci_conn_hold(conn);
f8aaf9b6 5474 cmd->user_data = hci_conn_get(conn);
9981bdb0 5475 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5476
5477 conn->conn_info_timestamp = jiffies;
5478 } else {
5479 /* Cache is valid, just reply with values cached in hci_conn */
5480 rp.rssi = conn->rssi;
5481 rp.tx_power = conn->tx_power;
eed5daf3 5482 rp.max_tx_power = conn->max_tx_power;
dd983808 5483
2a1afb5a
JH		 5484 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5485 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5486 }
5487
5488unlock:
5489 hci_dev_unlock(hdev);
5490 return err;
5491}
5492
3b0602cd 5493static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5494{
69487371 5495 struct hci_conn *conn = cmd->user_data;
95868426 5496 struct mgmt_rp_get_clock_info rp;
69487371 5497 struct hci_dev *hdev;
9df74653 5498 int err;
69487371
JH		 5499
5500 memset(&rp, 0, sizeof(rp));
5501 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5502
5503 if (status)
5504 goto complete;
5505
5506 hdev = hci_dev_get(cmd->index);
5507 if (hdev) {
5508 rp.local_clock = cpu_to_le32(hdev->clock);
5509 hci_dev_put(hdev);
5510 }
5511
5512 if (conn) {
5513 rp.piconet_clock = cpu_to_le32(conn->clock);
5514 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5515 }
5516
5517complete:
2a1afb5a
JH		 5518 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5519 sizeof(rp));
69487371
JH		 5520
5521 if (conn) {
5522 hci_conn_drop(conn);
5523 hci_conn_put(conn);
5524 }
9df74653
JH		 5525
5526 return err;
69487371
JH		 5527}
5528
1904a853 5529static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5530{
95868426 5531 struct hci_cp_read_clock *hci_cp;
3b0602cd 5532 struct mgmt_pending_cmd *cmd;
95868426
JH		 5533 struct hci_conn *conn;
5534
5535 BT_DBG("%s status %u", hdev->name, status);
5536
5537 hci_dev_lock(hdev);
5538
5539 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5540 if (!hci_cp)
5541 goto unlock;
5542
5543 if (hci_cp->which) {
5544 u16 handle = __le16_to_cpu(hci_cp->handle);
5545 conn = hci_conn_hash_lookup_handle(hdev, handle);
5546 } else {
5547 conn = NULL;
5548 }
5549
5550 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5551 if (!cmd)
5552 goto unlock;
5553
69487371 5554 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5555 mgmt_pending_remove(cmd);
95868426
JH		 5556
5557unlock:
5558 hci_dev_unlock(hdev);
5559}
5560
5561static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5562 u16 len)
5563{
5564 struct mgmt_cp_get_clock_info *cp = data;
5565 struct mgmt_rp_get_clock_info rp;
5566 struct hci_cp_read_clock hci_cp;
3b0602cd 5567 struct mgmt_pending_cmd *cmd;
95868426
JH		 5568 struct hci_request req;
5569 struct hci_conn *conn;
5570 int err;
5571
5572 BT_DBG("%s", hdev->name);
5573
5574 memset(&rp, 0, sizeof(rp));
5575 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5576 rp.addr.type = cp->addr.type;
5577
5578 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5579 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5580 MGMT_STATUS_INVALID_PARAMS,
5581 &rp, sizeof(rp));
95868426
JH		 5582
5583 hci_dev_lock(hdev);
5584
5585 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5586 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5587 MGMT_STATUS_NOT_POWERED, &rp,
5588 sizeof(rp));
95868426
JH		 5589 goto unlock;
5590 }
5591
5592 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5593 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5594 &cp->addr.bdaddr);
5595 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5596 err = mgmt_cmd_complete(sk, hdev->id,
5597 MGMT_OP_GET_CLOCK_INFO,
5598 MGMT_STATUS_NOT_CONNECTED,
5599 &rp, sizeof(rp));
95868426
JH		 5600 goto unlock;
5601 }
5602 } else {
5603 conn = NULL;
5604 }
5605
5606 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5607 if (!cmd) {
5608 err = -ENOMEM;
5609 goto unlock;
5610 }
5611
69487371
JH		 5612 cmd->cmd_complete = clock_info_cmd_complete;
5613
95868426
JH		 5614 hci_req_init(&req, hdev);
5615
5616 memset(&hci_cp, 0, sizeof(hci_cp));
5617 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5618
5619 if (conn) {
5620 hci_conn_hold(conn);
f8aaf9b6 5621 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5622
5623 hci_cp.handle = cpu_to_le16(conn->handle);
5624 hci_cp.which = 0x01; /* Piconet clock */
5625 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5626 }
5627
5628 err = hci_req_run(&req, get_clock_info_complete);
5629 if (err < 0)
5630 mgmt_pending_remove(cmd);
5631
5632unlock:
5633 hci_dev_unlock(hdev);
5634 return err;
5635}
5636
5a154e6f
JH		 5637static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5638{
5639 struct hci_conn *conn;
5640
5641 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5642 if (!conn)
5643 return false;
5644
5645 if (conn->dst_type != type)
5646 return false;
5647
5648 if (conn->state != BT_CONNECTED)
5649 return false;
5650
5651 return true;
5652}
5653
5654/* This function requires the caller holds hdev->lock */
5655static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5656 u8 addr_type, u8 auto_connect)
5657{
5658 struct hci_dev *hdev = req->hdev;
5659 struct hci_conn_params *params;
5660
5661 params = hci_conn_params_add(hdev, addr, addr_type);
5662 if (!params)
5663 return -EIO;
5664
5665 if (params->auto_connect == auto_connect)
5666 return 0;
5667
5668 list_del_init(&params->action);
5669
5670 switch (auto_connect) {
5671 case HCI_AUTO_CONN_DISABLED:
5672 case HCI_AUTO_CONN_LINK_LOSS:
5673 __hci_update_background_scan(req);
5674 break;
5675 case HCI_AUTO_CONN_REPORT:
5676 list_add(&params->action, &hdev->pend_le_reports);
5677 __hci_update_background_scan(req);
5678 break;
5679 case HCI_AUTO_CONN_DIRECT:
5680 case HCI_AUTO_CONN_ALWAYS:
5681 if (!is_connected(hdev, addr, addr_type)) {
5682 list_add(&params->action, &hdev->pend_le_conns);
5683 __hci_update_background_scan(req);
5684 }
5685 break;
5686 }
5687
5688 params->auto_connect = auto_connect;
5689
5690 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5691 auto_connect);
5692
5693 return 0;
5694}
5695
8afef092
MH		 5696static void device_added(struct sock *sk, struct hci_dev *hdev,
5697 bdaddr_t *bdaddr, u8 type, u8 action)
5698{
5699 struct mgmt_ev_device_added ev;
5700
5701 bacpy(&ev.addr.bdaddr, bdaddr);
5702 ev.addr.type = type;
5703 ev.action = action;
5704
5705 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5706}
5707
1904a853 5708static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5a154e6f 5709{
3b0602cd 5710 struct mgmt_pending_cmd *cmd;
5a154e6f
JH		 5711
5712 BT_DBG("status 0x%02x", status);
5713
5714 hci_dev_lock(hdev);
5715
5716 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
5717 if (!cmd)
5718 goto unlock;
5719
5720 cmd->cmd_complete(cmd, mgmt_status(status));
5721 mgmt_pending_remove(cmd);
5722
5723unlock:
5724 hci_dev_unlock(hdev);
5725}
5726
2faade53
MH		 5727static int add_device(struct sock *sk, struct hci_dev *hdev,
5728 void *data, u16 len)
5729{
5730 struct mgmt_cp_add_device *cp = data;
3b0602cd 5731 struct mgmt_pending_cmd *cmd;
5a154e6f 5732 struct hci_request req;
2faade53
MH		 5733 u8 auto_conn, addr_type;
5734 int err;
5735
5736 BT_DBG("%s", hdev->name);
5737
6659358e 5738 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5739 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5740 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5741 MGMT_STATUS_INVALID_PARAMS,
5742 &cp->addr, sizeof(cp->addr));
2faade53 5743
4b9e7e75 5744 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5745 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5746 MGMT_STATUS_INVALID_PARAMS,
5747 &cp->addr, sizeof(cp->addr));
2faade53 5748
5a154e6f
JH		 5749 hci_req_init(&req, hdev);
5750
2faade53
MH		 5751 hci_dev_lock(hdev);
5752
5a154e6f
JH		 5753 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5754 if (!cmd) {
5755 err = -ENOMEM;
5756 goto unlock;
5757 }
5758
5759 cmd->cmd_complete = addr_cmd_complete;
5760
6659358e 5761 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5762 /* Only incoming connections action is supported for now */
6659358e 5763 if (cp->action != 0x01) {
9df74653
JH		 5764 err = cmd->cmd_complete(cmd,
5765 MGMT_STATUS_INVALID_PARAMS);
5a154e6f 5766 mgmt_pending_remove(cmd);
6659358e
JH		 5767 goto unlock;
5768 }
5769
5770 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5771 cp->addr.type);
5772 if (err)
5773 goto unlock;
a397407f 5774
5a154e6f 5775 __hci_update_page_scan(&req);
a397407f 5776
6659358e
JH		 5777 goto added;
5778 }
5779
2faade53
MH		 5780 if (cp->addr.type == BDADDR_LE_PUBLIC)
5781 addr_type = ADDR_LE_DEV_PUBLIC;
5782 else
5783 addr_type = ADDR_LE_DEV_RANDOM;
5784
4b9e7e75 5785 if (cp->action == 0x02)
2faade53 5786 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5787 else if (cp->action == 0x01)
5788 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5789 else
a3451d27 5790 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5791
bf5b3c8b
MH		 5792 /* If the connection parameters don't exist for this device,
5793 * they will be created and configured with defaults.
5794 */
5a154e6f 5795 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
d06b50ce 5796 auto_conn) < 0) {
9df74653 5797 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5a154e6f 5798 mgmt_pending_remove(cmd);
2faade53
MH		 5799 goto unlock;
5800 }
5801
6659358e 5802added:
8afef092
MH		 5803 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5804
5a154e6f
JH		 5805 err = hci_req_run(&req, add_device_complete);
5806 if (err < 0) {
5807 /* ENODATA means no HCI commands were needed (e.g. if
5808 * the adapter is powered off).
5809 */
9df74653
JH		 5810 if (err == -ENODATA)
5811 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5a154e6f
JH		 5812 mgmt_pending_remove(cmd);
5813 }
2faade53
MH		 5814
5815unlock:
5816 hci_dev_unlock(hdev);
5817 return err;
5818}
5819
8afef092
MH		 5820static void device_removed(struct sock *sk, struct hci_dev *hdev,
5821 bdaddr_t *bdaddr, u8 type)
5822{
5823 struct mgmt_ev_device_removed ev;
5824
5825 bacpy(&ev.addr.bdaddr, bdaddr);
5826 ev.addr.type = type;
5827
5828 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5829}
5830
1904a853 5831static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
51ef3ebe 5832{
3b0602cd 5833 struct mgmt_pending_cmd *cmd;
51ef3ebe
JH		 5834
5835 BT_DBG("status 0x%02x", status);
5836
5837 hci_dev_lock(hdev);
5838
5839 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
5840 if (!cmd)
5841 goto unlock;
5842
5843 cmd->cmd_complete(cmd, mgmt_status(status));
5844 mgmt_pending_remove(cmd);
5845
5846unlock:
5847 hci_dev_unlock(hdev);
5848}
5849
2faade53
MH		 5850static int remove_device(struct sock *sk, struct hci_dev *hdev,
5851 void *data, u16 len)
5852{
5853 struct mgmt_cp_remove_device *cp = data;
3b0602cd 5854 struct mgmt_pending_cmd *cmd;
51ef3ebe 5855 struct hci_request req;
2faade53
MH		 5856 int err;
5857
5858 BT_DBG("%s", hdev->name);
5859
51ef3ebe
JH		 5860 hci_req_init(&req, hdev);
5861
2faade53
MH		 5862 hci_dev_lock(hdev);
5863
51ef3ebe
JH		 5864 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5865 if (!cmd) {
5866 err = -ENOMEM;
5867 goto unlock;
5868 }
5869
5870 cmd->cmd_complete = addr_cmd_complete;
5871
2faade53 5872 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5873 struct hci_conn_params *params;
2faade53
MH		 5874 u8 addr_type;
5875
6659358e 5876 if (!bdaddr_type_is_valid(cp->addr.type)) {
9df74653
JH		 5877 err = cmd->cmd_complete(cmd,
5878 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5879 mgmt_pending_remove(cmd);
2faade53
MH		 5880 goto unlock;
5881 }
5882
6659358e
JH		 5883 if (cp->addr.type == BDADDR_BREDR) {
5884 err = hci_bdaddr_list_del(&hdev->whitelist,
5885 &cp->addr.bdaddr,
5886 cp->addr.type);
5887 if (err) {
9df74653
JH		 5888 err = cmd->cmd_complete(cmd,
5889 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5890 mgmt_pending_remove(cmd);
6659358e
JH		 5891 goto unlock;
5892 }
5893
51ef3ebe 5894 __hci_update_page_scan(&req);
a397407f 5895
6659358e
JH		 5896 device_removed(sk, hdev, &cp->addr.bdaddr,
5897 cp->addr.type);
5898 goto complete;
5899 }
5900
2faade53
MH		 5901 if (cp->addr.type == BDADDR_LE_PUBLIC)
5902 addr_type = ADDR_LE_DEV_PUBLIC;
5903 else
5904 addr_type = ADDR_LE_DEV_RANDOM;
5905
c71593dd
JH		 5906 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5907 addr_type);
5908 if (!params) {
9df74653
JH		 5909 err = cmd->cmd_complete(cmd,
5910 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5911 mgmt_pending_remove(cmd);
c71593dd
JH		 5912 goto unlock;
5913 }
5914
5915 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
9df74653
JH		 5916 err = cmd->cmd_complete(cmd,
5917 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5918 mgmt_pending_remove(cmd);
c71593dd
JH		 5919 goto unlock;
5920 }
5921
d1dbf12e 5922 list_del(&params->action);
c71593dd
JH		 5923 list_del(&params->list);
5924 kfree(params);
51ef3ebe 5925 __hci_update_background_scan(&req);
8afef092
MH		 5926
5927 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5928 } else {
19de0825 5929 struct hci_conn_params *p, *tmp;
6659358e 5930 struct bdaddr_list *b, *btmp;
19de0825 5931
2faade53 5932 if (cp->addr.type) {
9df74653
JH		 5933 err = cmd->cmd_complete(cmd,
5934 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5935 mgmt_pending_remove(cmd);
2faade53
MH		 5936 goto unlock;
5937 }
5938
6659358e
JH		 5939 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5940 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5941 list_del(&b->list);
5942 kfree(b);
5943 }
5944
51ef3ebe 5945 __hci_update_page_scan(&req);
a397407f 5946
19de0825
JH		 5947 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5948 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5949 continue;
5950 device_removed(sk, hdev, &p->addr, p->addr_type);
5951 list_del(&p->action);
5952 list_del(&p->list);
5953 kfree(p);
5954 }
5955
5956 BT_DBG("All LE connection parameters were removed");
5957
51ef3ebe 5958 __hci_update_background_scan(&req);
2faade53
MH		 5959 }
5960
6659358e 5961complete:
51ef3ebe
JH		 5962 err = hci_req_run(&req, remove_device_complete);
5963 if (err < 0) {
5964 /* ENODATA means no HCI commands were needed (e.g. if
5965 * the adapter is powered off).
5966 */
9df74653
JH		 5967 if (err == -ENODATA)
5968 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
51ef3ebe
JH		 5969 mgmt_pending_remove(cmd);
5970 }
2faade53
MH		 5971
5972unlock:
5973 hci_dev_unlock(hdev);
5974 return err;
5975}
5976
a26f3dcf
JH		 5977static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5978 u16 len)
5979{
5980 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5981 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5982 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5983 u16 param_count, expected_len;
5984 int i;
5985
5986 if (!lmp_le_capable(hdev))
a69e8375
JH		 5987 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5988 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 5989
5990 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5991 if (param_count > max_param_count) {
5992 BT_ERR("load_conn_param: too big param_count value %u",
5993 param_count);
a69e8375
JH		 5994 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5995 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5996 }
a26f3dcf
JH		 5997
5998 expected_len = sizeof(*cp) + param_count *
5999 sizeof(struct mgmt_conn_param);
6000 if (expected_len != len) {
6001 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6002 expected_len, len);
a69e8375
JH		 6003 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6004 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 6005 }
6006
6007 BT_DBG("%s param_count %u", hdev->name, param_count);
6008
6009 hci_dev_lock(hdev);
6010
6011 hci_conn_params_clear_disabled(hdev);
6012
6013 for (i = 0; i < param_count; i++) {
6014 struct mgmt_conn_param *param = &cp->params[i];
6015 struct hci_conn_params *hci_param;
6016 u16 min, max, latency, timeout;
6017 u8 addr_type;
6018
6019 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
6020 param->addr.type);
6021
6022 if (param->addr.type == BDADDR_LE_PUBLIC) {
6023 addr_type = ADDR_LE_DEV_PUBLIC;
6024 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6025 addr_type = ADDR_LE_DEV_RANDOM;
6026 } else {
6027 BT_ERR("Ignoring invalid connection parameters");
6028 continue;
6029 }
6030
6031 min = le16_to_cpu(param->min_interval);
6032 max = le16_to_cpu(param->max_interval);
6033 latency = le16_to_cpu(param->latency);
6034 timeout = le16_to_cpu(param->timeout);
6035
6036 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6037 min, max, latency, timeout);
6038
6039 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6040 BT_ERR("Ignoring invalid connection parameters");
6041 continue;
6042 }
6043
6044 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
6045 addr_type);
6046 if (!hci_param) {
6047 BT_ERR("Failed to add connection parameters");
6048 continue;
6049 }
6050
6051 hci_param->conn_min_interval = min;
6052 hci_param->conn_max_interval = max;
6053 hci_param->conn_latency = latency;
6054 hci_param->supervision_timeout = timeout;
6055 }
6056
6057 hci_dev_unlock(hdev);
6058
2a1afb5a
JH		 6059 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6060 NULL, 0);
a26f3dcf
JH		 6061}
6062
dbece37a
MH		 6063static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6064 void *data, u16 len)
6065{
6066 struct mgmt_cp_set_external_config *cp = data;
6067 bool changed;
6068 int err;
6069
6070 BT_DBG("%s", hdev->name);
6071
6072 if (hdev_is_powered(hdev))
a69e8375
JH		 6073 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6074 MGMT_STATUS_REJECTED);
dbece37a
MH		 6075
6076 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 6077 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6078 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 6079
6080 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 6081 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6082 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 6083
6084 hci_dev_lock(hdev);
6085
6086 if (cp->config)
6087 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
6088 &hdev->dev_flags);
6089 else
6090 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
6091 &hdev->dev_flags);
6092
6093 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6094 if (err < 0)
6095 goto unlock;
6096
6097 if (!changed)
6098 goto unlock;
6099
f4537c04
MH		 6100 err = new_options(hdev, sk);
6101
d7a5a11d 6102 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 6103 mgmt_index_removed(hdev);
d603b76b
MH		 6104
6105 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
a1536da2
MH		 6106 hci_dev_set_flag(hdev, HCI_CONFIG);
6107 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 6108
6109 queue_work(hdev->req_workqueue, &hdev->power_on);
6110 } else {
5ea234d3 6111 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6112 mgmt_index_added(hdev);
6113 }
dbece37a
MH		 6114 }
6115
6116unlock:
6117 hci_dev_unlock(hdev);
6118 return err;
6119}
6120
9713c17b
MH		 6121static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6122 void *data, u16 len)
6123{
6124 struct mgmt_cp_set_public_address *cp = data;
6125 bool changed;
6126 int err;
6127
6128 BT_DBG("%s", hdev->name);
6129
6130 if (hdev_is_powered(hdev))
a69e8375
JH		 6131 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6132 MGMT_STATUS_REJECTED);
9713c17b
MH		 6133
6134 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 6135 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6136 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 6137
6138 if (!hdev->set_bdaddr)
a69e8375
JH		 6139 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6140 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 6141
6142 hci_dev_lock(hdev);
6143
6144 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6145 bacpy(&hdev->public_addr, &cp->bdaddr);
6146
6147 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6148 if (err < 0)
6149 goto unlock;
6150
6151 if (!changed)
6152 goto unlock;
6153
d7a5a11d 6154 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 6155 err = new_options(hdev, sk);
6156
6157 if (is_configured(hdev)) {
6158 mgmt_index_removed(hdev);
6159
a358dc11 6160 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 6161
a1536da2
MH		 6162 hci_dev_set_flag(hdev, HCI_CONFIG);
6163 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 6164
6165 queue_work(hdev->req_workqueue, &hdev->power_on);
6166 }
6167
6168unlock:
6169 hci_dev_unlock(hdev);
6170 return err;
6171}
6172
6d785aa3 6173static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6174 { NULL }, /* 0x0000 (no command) */
b9a245fb
JH		 6175 { read_version, MGMT_READ_VERSION_SIZE,
6176 HCI_MGMT_NO_HDEV },
6177 { read_commands, MGMT_READ_COMMANDS_SIZE,
6178 HCI_MGMT_NO_HDEV },
6179 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6180 HCI_MGMT_NO_HDEV },
6181 { read_controller_info, MGMT_READ_INFO_SIZE, 0 },
6182 { set_powered, MGMT_SETTING_SIZE, 0 },
6183 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE, 0 },
6184 { set_connectable, MGMT_SETTING_SIZE, 0 },
6185 { set_fast_connectable, MGMT_SETTING_SIZE, 0 },
6186 { set_bondable, MGMT_SETTING_SIZE, 0 },
6187 { set_link_security, MGMT_SETTING_SIZE, 0 },
6188 { set_ssp, MGMT_SETTING_SIZE, 0 },
6189 { set_hs, MGMT_SETTING_SIZE, 0 },
6190 { set_le, MGMT_SETTING_SIZE, 0 },
6191 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE, 0 },
6192 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE, 0 },
6193 { add_uuid, MGMT_ADD_UUID_SIZE, 0 },
6194 { remove_uuid, MGMT_REMOVE_UUID_SIZE, 0 },
6195 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6196 HCI_MGMT_VAR_LEN },
6197 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6198 HCI_MGMT_VAR_LEN },
6199 { disconnect, MGMT_DISCONNECT_SIZE, 0 },
6200 { get_connections, MGMT_GET_CONNECTIONS_SIZE, 0 },
6201 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE, 0 },
6202 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE, 0 },
6203 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE, 0 },
6204 { pair_device, MGMT_PAIR_DEVICE_SIZE, 0 },
6205 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE, 0 },
6206 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE, 0 },
6207 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE, 0 },
6208 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE, 0 },
6209 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE, 0 },
6210 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE, 0 },
6211 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6212 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6213 HCI_MGMT_VAR_LEN },
6214 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE, 0 },
6215 { start_discovery, MGMT_START_DISCOVERY_SIZE, 0 },
6216 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE, 0 },
6217 { confirm_name, MGMT_CONFIRM_NAME_SIZE, 0 },
6218 { block_device, MGMT_BLOCK_DEVICE_SIZE, 0 },
6219 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE, 0 },
6220 { set_device_id, MGMT_SET_DEVICE_ID_SIZE, 0 },
6221 { set_advertising, MGMT_SETTING_SIZE, 0 },
6222 { set_bredr, MGMT_SETTING_SIZE, 0 },
6223 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE, 0 },
6224 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE, 0 },
6225 { set_secure_conn, MGMT_SETTING_SIZE, 0 },
6226 { set_debug_keys, MGMT_SETTING_SIZE, 0 },
6227 { set_privacy, MGMT_SET_PRIVACY_SIZE, 0 },
6228 { load_irks, MGMT_LOAD_IRKS_SIZE,
6229 HCI_MGMT_VAR_LEN },
6230 { get_conn_info, MGMT_GET_CONN_INFO_SIZE, 0 },
6231 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE, 0 },
6232 { add_device, MGMT_ADD_DEVICE_SIZE, 0 },
6233 { remove_device, MGMT_REMOVE_DEVICE_SIZE, 0 },
6234 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6235 HCI_MGMT_VAR_LEN },
6236 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6237 HCI_MGMT_NO_HDEV },
6238 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6239 HCI_MGMT_UNCONFIGURED },
6240 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6241 HCI_MGMT_UNCONFIGURED },
6242 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6243 HCI_MGMT_UNCONFIGURED },
6244 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6245 HCI_MGMT_VAR_LEN },
0f4e68cf
JH		 6246};
6247
6d785aa3
JH		 6248int mgmt_control(struct hci_mgmt_chan *chan, struct sock *sk,
6249 struct msghdr *msg, size_t msglen)
0381101f 6250{
650f726d
VCG		 6251 void *buf;
6252 u8 *cp;
0381101f 6253 struct mgmt_hdr *hdr;
4e51eae9 6254 u16 opcode, index, len;
bdb6d971 6255 struct hci_dev *hdev = NULL;
6d785aa3 6256 const struct hci_mgmt_handler *handler;
b9a245fb 6257 bool var_len, no_hdev;
0381101f
JH		 6258 int err;
6259
6260 BT_DBG("got %zu bytes", msglen);
6261
6262 if (msglen < sizeof(*hdr))
6263 return -EINVAL;
6264
e63a15ec 6265 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 6266 if (!buf)
6267 return -ENOMEM;
6268
6ce8e9ce 6269 if (memcpy_from_msg(buf, msg, msglen)) {
0381101f
JH		 6270 err = -EFAULT;
6271 goto done;
6272 }
6273
650f726d 6274 hdr = buf;
1f350c87
MH		 6275 opcode = __le16_to_cpu(hdr->opcode);
6276 index = __le16_to_cpu(hdr->index);
6277 len = __le16_to_cpu(hdr->len);
0381101f
JH		 6278
6279 if (len != msglen - sizeof(*hdr)) {
6280 err = -EINVAL;
6281 goto done;
6282 }
6283
b9a245fb
JH		 6284 if (opcode >= chan->handler_count ||
6285 chan->handlers[opcode].func == NULL) {
6286 BT_DBG("Unknown op %u", opcode);
a69e8375
JH		 6287 err = mgmt_cmd_status(sk, index, opcode,
6288 MGMT_STATUS_UNKNOWN_COMMAND);
b9a245fb
JH		 6289 goto done;
6290 }
6291
6292 handler = &chan->handlers[opcode];
6293
0f4e68cf 6294 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 6295 hdev = hci_dev_get(index);
6296 if (!hdev) {
a69e8375
JH		 6297 err = mgmt_cmd_status(sk, index, opcode,
6298 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 6299 goto done;
6300 }
0736cfa8 6301
d7a5a11d
MH		 6302 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
6303 hci_dev_test_flag(hdev, HCI_CONFIG) ||
6304 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
a69e8375
JH		 6305 err = mgmt_cmd_status(sk, index, opcode,
6306 MGMT_STATUS_INVALID_INDEX);
0736cfa8
MH		 6307 goto done;
6308 }
42a9bc14 6309
d7a5a11d 6310 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
b9a245fb 6311 !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
a69e8375
JH		 6312 err = mgmt_cmd_status(sk, index, opcode,
6313 MGMT_STATUS_INVALID_INDEX);
42a9bc14
MH		 6314 goto done;
6315 }
bdb6d971
JH		 6316 }
6317
b9a245fb
JH		 6318 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
6319 if (no_hdev != !hdev) {
a69e8375
JH		 6320 err = mgmt_cmd_status(sk, index, opcode,
6321 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 6322 goto done;
0381101f
JH		 6323 }
6324
b9a245fb
JH		 6325 var_len = (handler->flags & HCI_MGMT_VAR_LEN);
6326 if ((var_len && len < handler->data_len) ||
6327 (!var_len && len != handler->data_len)) {
a69e8375
JH		 6328 err = mgmt_cmd_status(sk, index, opcode,
6329 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 6330 goto done;
6331 }
6332
0f4e68cf
JH		 6333 if (hdev)
6334 mgmt_init_hdev(sk, hdev);
6335
6336 cp = buf + sizeof(*hdr);
6337
be22b54e 6338 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 6339 if (err < 0)
6340 goto done;
6341
0381101f
JH		 6342 err = msglen;
6343
6344done:
bdb6d971
JH		 6345 if (hdev)
6346 hci_dev_put(hdev);
6347
0381101f
JH		 6348 kfree(buf);
6349 return err;
6350}
c71e97bf 6351
bf6b56db 6352void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6353{
1514b892 6354 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6355 return;
bb4b2a9a 6356
0602a8ad
MH		 6357 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6358 return;
6359
d7a5a11d 6360 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
0602a8ad
MH		 6361 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
6362 else
6363 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 6364}
6365
bf6b56db 6366void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6367{
5f159032 6368 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6369
1514b892 6370 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6371 return;
bb4b2a9a 6372
0602a8ad
MH		 6373 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6374 return;
6375
1b9b5ee5 6376 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6377
d7a5a11d 6378 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
edd3896b
MH		 6379 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
6380 else
6381 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 6382}
6383
6046dc3e 6384/* This function requires the caller holds hdev->lock */
2cf22218 6385static void restart_le_actions(struct hci_request *req)
6046dc3e 6386{
2cf22218 6387 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 6388 struct hci_conn_params *p;
6389
6390 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6391 /* Needed for AUTO_OFF case where might not "really"
6392 * have been powered off.
6393 */
6394 list_del_init(&p->action);
6395
6396 switch (p->auto_connect) {
4b9e7e75 6397 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6398 case HCI_AUTO_CONN_ALWAYS:
6399 list_add(&p->action, &hdev->pend_le_conns);
6400 break;
6401 case HCI_AUTO_CONN_REPORT:
6402 list_add(&p->action, &hdev->pend_le_reports);
6403 break;
6404 default:
6405 break;
c83ed19d 6406 }
6046dc3e 6407 }
c83ed19d 6408
2cf22218 6409 __hci_update_background_scan(req);
6046dc3e
AG		 6410}
6411
1904a853 6412static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 6413{
6414 struct cmd_lookup match = { NULL, hdev };
6415
6416 BT_DBG("status 0x%02x", status);
6417
162a3bac
MH		 6418 if (!status) {
6419 /* Register the available SMP channels (BR/EDR and LE) only
6420 * when successfully powering on the controller. This late
6421 * registration is required so that LE SMP can clearly
6422 * decide if the public address or static address is used.
6423 */
6424 smp_register(hdev);
6425 }
6426
229ab39c
JH		 6427 hci_dev_lock(hdev);
6428
6429 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6430
6431 new_settings(hdev, match.sk);
6432
6433 hci_dev_unlock(hdev);
6434
6435 if (match.sk)
6436 sock_put(match.sk);
6437}
6438
70da6243 6439static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6440{
890ea898 6441 struct hci_request req;
70da6243 6442 u8 link_sec;
5add6af8 6443
890ea898
JH		 6444 hci_req_init(&req, hdev);
6445
d7a5a11d 6446 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
70da6243 6447 !lmp_host_ssp_capable(hdev)) {
574ea3c7 6448 u8 mode = 0x01;
5e5282bb 6449
574ea3c7
MH		 6450 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6451
6452 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6453 u8 support = 0x01;
5add6af8 6454
574ea3c7
MH		 6455 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6456 sizeof(support), &support);
6457 }
ec6f99b8
JH		 6458 }
6459
d7a5a11d 6460 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
c73eee91 6461 lmp_bredr_capable(hdev)) {
70da6243 6462 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6463
32226e4f
MH		 6464 cp.le = 0x01;
6465 cp.simul = 0x00;
3d1cbdd6 6466
70da6243
JH		 6467 /* Check first if we already have the right
6468 * host state (host features set)
6469 */
6470 if (cp.le != lmp_host_le_capable(hdev) ||
6471 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6472 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6473 sizeof(cp), &cp);
70da6243 6474 }
3d1cbdd6 6475
d13eafce 6476 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6477 /* Make sure the controller has a good default for
6478 * advertising data. This also applies to the case
6479 * where BR/EDR was toggled during the AUTO_OFF phase.
6480 */
d7a5a11d 6481 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
5947f4bc 6482 update_adv_data(&req);
f14d8f64
MH		 6483 update_scan_rsp_data(&req);
6484 }
441ad2d0 6485
d7a5a11d 6486 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
bba3aa55 6487 enable_advertising(&req);
2cf22218
JH		 6488
6489 restart_le_actions(&req);
eeca6f89
JH		 6490 }
6491
d7a5a11d 6492 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
70da6243 6493 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6494 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6495 sizeof(link_sec), &link_sec);
562fcc24 6496
70da6243 6497 if (lmp_bredr_capable(hdev)) {
d7a5a11d 6498 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
406ef2a6
JH		 6499 write_fast_connectable(&req, true);
6500 else
6501 write_fast_connectable(&req, false);
1d2dc5b7 6502 __hci_update_page_scan(&req);
890ea898 6503 update_class(&req);
13928971 6504 update_name(&req);
890ea898 6505 update_eir(&req);
70da6243 6506 }
562fcc24 6507
229ab39c 6508 return hci_req_run(&req, powered_complete);
70da6243 6509}
562fcc24 6510
70da6243
JH		 6511int mgmt_powered(struct hci_dev *hdev, u8 powered)
6512{
6513 struct cmd_lookup match = { NULL, hdev };
9845904f 6514 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6515 int err;
f0ff92fb 6516
d7a5a11d 6517 if (!hci_dev_test_flag(hdev, HCI_MGMT))
70da6243
JH		 6518 return 0;
6519
70da6243 6520 if (powered) {
229ab39c
JH		 6521 if (powered_update_hci(hdev) == 0)
6522 return 0;
fe038884 6523
229ab39c
JH		 6524 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6525 &match);
6526 goto new_settings;
b24752fe
JH		 6527 }
6528
229ab39c 6529 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6530
6531 /* If the power off is because of hdev unregistration let
6532 * use the appropriate INVALID_INDEX status. Otherwise use
6533 * NOT_POWERED. We cover both scenarios here since later in
6534 * mgmt_index_removed() any hci_conn callbacks will have already
6535 * been triggered, potentially causing misleading DISCONNECTED
6536 * status responses.
6537 */
d7a5a11d 6538 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 6539 status = MGMT_STATUS_INVALID_INDEX;
6540 else
6541 status = MGMT_STATUS_NOT_POWERED;
6542
6543 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6544
6545 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6546 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6547 zero_cod, sizeof(zero_cod), NULL);
6548
6549new_settings:
beadb2bd 6550 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6551
6552 if (match.sk)
6553 sock_put(match.sk);
6554
7bb895d6 6555 return err;
5add6af8 6556}
73f22f62 6557
3eec705e 6558void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 6559{
3b0602cd 6560 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 6561 u8 status;
6562
6563 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6564 if (!cmd)
3eec705e 6565 return;
96570ffc
JH		 6566
6567 if (err == -ERFKILL)
6568 status = MGMT_STATUS_RFKILLED;
6569 else
6570 status = MGMT_STATUS_FAILED;
6571
a69e8375 6572 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6573
6574 mgmt_pending_remove(cmd);
96570ffc
JH		 6575}
6576
d1967ff8
MH		 6577void mgmt_discoverable_timeout(struct hci_dev *hdev)
6578{
6579 struct hci_request req;
d1967ff8
MH		 6580
6581 hci_dev_lock(hdev);
6582
6583 /* When discoverable timeout triggers, then just make sure
6584 * the limited discoverable flag is cleared. Even in the case
6585 * of a timeout triggered from general discoverable, it is
6586 * safe to unconditionally clear the flag.
6587 */
a358dc11
MH		 6588 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
6589 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
d1967ff8
MH		 6590
6591 hci_req_init(&req, hdev);
d7a5a11d 6592 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4b580614
JH		 6593 u8 scan = SCAN_PAGE;
6594 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6595 sizeof(scan), &scan);
6596 }
d1967ff8 6597 update_class(&req);
9a43e25f 6598 update_adv_data(&req);
d1967ff8
MH		 6599 hci_req_run(&req, NULL);
6600
6601 hdev->discov_timeout = 0;
6602
9a43e25f
JH		 6603 new_settings(hdev, NULL);
6604
d1967ff8
MH		 6605 hci_dev_unlock(hdev);
6606}
6607
dc4a5ee2
MH		 6608void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6609 bool persistent)
55ed8ca1 6610{
86742e1e 6611 struct mgmt_ev_new_link_key ev;
55ed8ca1 6612
a492cd52 6613 memset(&ev, 0, sizeof(ev));
55ed8ca1 6614
a492cd52 6615 ev.store_hint = persistent;
d753fdc4 6616 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6617 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6618 ev.key.type = key->type;
9b3b4460 6619 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6620 ev.key.pin_len = key->pin_len;
55ed8ca1 6621
dc4a5ee2 6622 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6623}
f7520543 6624
d7b25450
JH		 6625static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6626{
23fb8de3
JH		 6627 switch (ltk->type) {
6628 case SMP_LTK:
6629 case SMP_LTK_SLAVE:
6630 if (ltk->authenticated)
6631 return MGMT_LTK_AUTHENTICATED;
6632 return MGMT_LTK_UNAUTHENTICATED;
6633 case SMP_LTK_P256:
6634 if (ltk->authenticated)
6635 return MGMT_LTK_P256_AUTH;
6636 return MGMT_LTK_P256_UNAUTH;
6637 case SMP_LTK_P256_DEBUG:
6638 return MGMT_LTK_P256_DEBUG;
6639 }
d7b25450
JH		 6640
6641 return MGMT_LTK_UNAUTHENTICATED;
6642}
6643
53ac6ab6 6644void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6645{
6646 struct mgmt_ev_new_long_term_key ev;
6647
6648 memset(&ev, 0, sizeof(ev));
6649
5192d301
MH		 6650 /* Devices using resolvable or non-resolvable random addresses
6651 * without providing an indentity resolving key don't require
6652 * to store long term keys. Their addresses will change the
6653 * next time around.
6654 *
6655 * Only when a remote device provides an identity address
6656 * make sure the long term key is stored. If the remote
6657 * identity is known, the long term keys are internally
6658 * mapped to the identity address. So allow static random
6659 * and public addresses here.
6660 */
ba74b666
JH		 6661 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6662 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6663 ev.store_hint = 0x00;
6664 else
53ac6ab6 6665 ev.store_hint = persistent;
ba74b666 6666
346af67b 6667 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6668 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6669 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6670 ev.key.enc_size = key->enc_size;
6671 ev.key.ediv = key->ediv;
fe39c7b2 6672 ev.key.rand = key->rand;
346af67b 6673
2ceba539 6674 if (key->type == SMP_LTK)
346af67b
VCG		 6675 ev.key.master = 1;
6676
346af67b
VCG		 6677 memcpy(ev.key.val, key->val, sizeof(key->val));
6678
083368f7 6679 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6680}
6681
95fbac8a
JH		 6682void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6683{
6684 struct mgmt_ev_new_irk ev;
6685
6686 memset(&ev, 0, sizeof(ev));
6687
bab6d1e5
MH		 6688 /* For identity resolving keys from devices that are already
6689 * using a public address or static random address, do not
6690 * ask for storing this key. The identity resolving key really
6691 * is only mandatory for devices using resovlable random
6692 * addresses.
6693 *
6694 * Storing all identity resolving keys has the downside that
6695 * they will be also loaded on next boot of they system. More
6696 * identity resolving keys, means more time during scanning is
6697 * needed to actually resolve these addresses.
6698 */
6699 if (bacmp(&irk->rpa, BDADDR_ANY))
6700 ev.store_hint = 0x01;
6701 else
6702 ev.store_hint = 0x00;
6703
95fbac8a
JH		 6704 bacpy(&ev.rpa, &irk->rpa);
6705 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6706 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6707 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6708
6709 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6710}
6711
53ac6ab6
MH		 6712void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6713 bool persistent)
7ee4ea36
MH		 6714{
6715 struct mgmt_ev_new_csrk ev;
6716
6717 memset(&ev, 0, sizeof(ev));
6718
6719 /* Devices using resolvable or non-resolvable random addresses
6720 * without providing an indentity resolving key don't require
6721 * to store signature resolving keys. Their addresses will change
6722 * the next time around.
6723 *
6724 * Only when a remote device provides an identity address
6725 * make sure the signature resolving key is stored. So allow
6726 * static random and public addresses here.
6727 */
6728 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6729 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6730 ev.store_hint = 0x00;
6731 else
53ac6ab6 6732 ev.store_hint = persistent;
7ee4ea36
MH		 6733
6734 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6735 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 6736 ev.key.type = csrk->type;
7ee4ea36
MH		 6737 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6738
6739 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6740}
6741
ffb5a827 6742void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6743 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6744 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6745{
6746 struct mgmt_ev_new_conn_param ev;
6747
c103aea6
JH		 6748 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6749 return;
6750
ffb5a827
AG		 6751 memset(&ev, 0, sizeof(ev));
6752 bacpy(&ev.addr.bdaddr, bdaddr);
6753 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6754 ev.store_hint = store_hint;
ffb5a827
AG		 6755 ev.min_interval = cpu_to_le16(min_interval);
6756 ev.max_interval = cpu_to_le16(max_interval);
6757 ev.latency = cpu_to_le16(latency);
6758 ev.timeout = cpu_to_le16(timeout);
6759
6760 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6761}
6762
94933991
MH		 6763static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6764 u8 data_len)
6765{
6766 eir[eir_len++] = sizeof(type) + data_len;
6767 eir[eir_len++] = type;
6768 memcpy(&eir[eir_len], data, data_len);
6769 eir_len += data_len;
6770
6771 return eir_len;
6772}
6773
48ec92fa
AA		 6774void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6775 u32 flags, u8 *name, u8 name_len)
f7520543 6776{
b644ba33
JH		 6777 char buf[512];
6778 struct mgmt_ev_device_connected *ev = (void *) buf;
6779 u16 eir_len = 0;
f7520543 6780
48ec92fa
AA		 6781 bacpy(&ev->addr.bdaddr, &conn->dst);
6782 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6783
c95f0ba7 6784 ev->flags = __cpu_to_le32(flags);
08c79b61 6785
fd45ada9
AA		 6786 /* We must ensure that the EIR Data fields are ordered and
6787 * unique. Keep it simple for now and avoid the problem by not
6788 * adding any BR/EDR data to the LE adv.
6789 */
6790 if (conn->le_adv_data_len > 0) {
6791 memcpy(&ev->eir[eir_len],
6792 conn->le_adv_data, conn->le_adv_data_len);
6793 eir_len = conn->le_adv_data_len;
6794 } else {
6795 if (name_len > 0)
6796 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6797 name, name_len);
b644ba33 6798
ddbea5cf 6799 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6800 eir_len = eir_append_data(ev->eir, eir_len,
6801 EIR_CLASS_OF_DEV,
6802 conn->dev_class, 3);
6803 }
b644ba33 6804
eb55ef07 6805 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6806
ecd90ae7
MH		 6807 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6808 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6809}
6810
3b0602cd 6811static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 6812{
8962ee74 6813 struct sock **sk = data;
8962ee74 6814
f5818c22 6815 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6816
6817 *sk = cmd->sk;
6818 sock_hold(*sk);
6819
a664b5bc 6820 mgmt_pending_remove(cmd);
8962ee74
JH		 6821}
6822
3b0602cd 6823static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 6824{
b1078ad0 6825 struct hci_dev *hdev = data;
124f6e35 6826 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6827
b1078ad0
JH		 6828 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6829
d8b7b1e4 6830 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6831 mgmt_pending_remove(cmd);
6832}
6833
84c61d92
JH		 6834bool mgmt_powering_down(struct hci_dev *hdev)
6835{
3b0602cd 6836 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 6837 struct mgmt_mode *cp;
6838
6839 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6840 if (!cmd)
6841 return false;
6842
6843 cp = cmd->param;
6844 if (!cp->val)
6845 return true;
6846
6847 return false;
6848}
6849
9b80ec5e 6850void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6851 u8 link_type, u8 addr_type, u8 reason,
6852 bool mgmt_connected)
f7520543 6853{
f0d6a0ea 6854 struct mgmt_ev_device_disconnected ev;
8962ee74 6855 struct sock *sk = NULL;
8962ee74 6856
84c61d92
JH		 6857 /* The connection is still in hci_conn_hash so test for 1
6858 * instead of 0 to know if this is the last one.
6859 */
6860 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6861 cancel_delayed_work(&hdev->power_off);
6862 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6863 }
6864
12d4a3b2
JH		 6865 if (!mgmt_connected)
6866 return;
6867
57eb776f
AG		 6868 if (link_type != ACL_LINK && link_type != LE_LINK)
6869 return;
6870
744cf19e 6871 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6872
f0d6a0ea
MA		 6873 bacpy(&ev.addr.bdaddr, bdaddr);
6874 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6875 ev.reason = reason;
f7520543 6876
9b80ec5e 6877 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6878
6879 if (sk)
d97dcb66 6880 sock_put(sk);
8962ee74 6881
124f6e35 6882 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6883 hdev);
8962ee74
JH		 6884}
6885
7892924c
MH		 6886void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6887 u8 link_type, u8 addr_type, u8 status)
8962ee74 6888{
3655bba8
AG		 6889 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6890 struct mgmt_cp_disconnect *cp;
3b0602cd 6891 struct mgmt_pending_cmd *cmd;
8962ee74 6892
36a75f1b
JD		 6893 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6894 hdev);
6895
2e58ef3e 6896 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6897 if (!cmd)
7892924c 6898 return;
8962ee74 6899
3655bba8
AG		 6900 cp = cmd->param;
6901
6902 if (bacmp(bdaddr, &cp->addr.bdaddr))
6903 return;
6904
6905 if (cp->addr.type != bdaddr_type)
6906 return;
6907
f5818c22 6908 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6909 mgmt_pending_remove(cmd);
f7520543 6910}
17d5c04c 6911
445608d0
MH		 6912void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6913 u8 addr_type, u8 status)
17d5c04c
JH		 6914{
6915 struct mgmt_ev_connect_failed ev;
c9910d0f 6916
84c61d92
JH		 6917 /* The connection is still in hci_conn_hash so test for 1
6918 * instead of 0 to know if this is the last one.
6919 */
6920 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6921 cancel_delayed_work(&hdev->power_off);
6922 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6923 }
17d5c04c 6924
4c659c39 6925 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6926 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6927 ev.status = mgmt_status(status);
17d5c04c 6928
445608d0 6929 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6930}
980e1a53 6931
ce0e4a0d 6932void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6933{
6934 struct mgmt_ev_pin_code_request ev;
6935
d8457698 6936 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6937 ev.addr.type = BDADDR_BREDR;
a770bb5a 6938 ev.secure = secure;
980e1a53 6939
ce0e4a0d 6940 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6941}
6942
e669cf80
MH		 6943void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6944 u8 status)
980e1a53 6945{
3b0602cd 6946 struct mgmt_pending_cmd *cmd;
980e1a53 6947
2e58ef3e 6948 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6949 if (!cmd)
e669cf80 6950 return;
980e1a53 6951
7776d1d8 6952 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6953 mgmt_pending_remove(cmd);
980e1a53
JH		 6954}
6955
3eb38528
MH		 6956void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6957 u8 status)
980e1a53 6958{
3b0602cd 6959 struct mgmt_pending_cmd *cmd;
980e1a53 6960
2e58ef3e 6961 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6962 if (!cmd)
3eb38528 6963 return;
980e1a53 6964
7776d1d8 6965 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6966 mgmt_pending_remove(cmd);
980e1a53 6967}
a5c29683 6968
744cf19e 6969int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6970 u8 link_type, u8 addr_type, u32 value,
04124681 6971 u8 confirm_hint)
a5c29683
JH		 6972{
6973 struct mgmt_ev_user_confirm_request ev;
6974
744cf19e 6975 BT_DBG("%s", hdev->name);
a5c29683 6976
272d90df 6977 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6978 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6979 ev.confirm_hint = confirm_hint;
39adbffe 6980 ev.value = cpu_to_le32(value);
a5c29683 6981
744cf19e 6982 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6983 NULL);
a5c29683
JH		 6984}
6985
272d90df 6986int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6987 u8 link_type, u8 addr_type)
604086b7
BG		 6988{
6989 struct mgmt_ev_user_passkey_request ev;
6990
6991 BT_DBG("%s", hdev->name);
6992
272d90df 6993 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6994 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6995
6996 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6997 NULL);
604086b7
BG		 6998}
6999
0df4c185 7000static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7001 u8 link_type, u8 addr_type, u8 status,
7002 u8 opcode)
a5c29683 7003{
3b0602cd 7004 struct mgmt_pending_cmd *cmd;
a5c29683 7005
2e58ef3e 7006 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 7007 if (!cmd)
7008 return -ENOENT;
7009
7776d1d8 7010 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7011 mgmt_pending_remove(cmd);
a5c29683 7012
7776d1d8 7013 return 0;
a5c29683
JH		 7014}
7015
744cf19e 7016int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7017 u8 link_type, u8 addr_type, u8 status)
a5c29683 7018{
272d90df 7019 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7020 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7021}
7022
272d90df 7023int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7024 u8 link_type, u8 addr_type, u8 status)
a5c29683 7025{
272d90df 7026 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7027 status,
7028 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7029}
2a611692 7030
604086b7 7031int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7032 u8 link_type, u8 addr_type, u8 status)
604086b7 7033{
272d90df 7034 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7035 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7036}
7037
272d90df 7038int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7039 u8 link_type, u8 addr_type, u8 status)
604086b7 7040{
272d90df 7041 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7042 status,
7043 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7044}
7045
92a25256
JH		 7046int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7047 u8 link_type, u8 addr_type, u32 passkey,
7048 u8 entered)
7049{
7050 struct mgmt_ev_passkey_notify ev;
7051
7052 BT_DBG("%s", hdev->name);
7053
7054 bacpy(&ev.addr.bdaddr, bdaddr);
7055 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7056 ev.passkey = __cpu_to_le32(passkey);
7057 ev.entered = entered;
7058
7059 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7060}
7061
e1e930f5 7062void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7063{
7064 struct mgmt_ev_auth_failed ev;
3b0602cd 7065 struct mgmt_pending_cmd *cmd;
e1e930f5 7066 u8 status = mgmt_status(hci_status);
2a611692 7067
e1e930f5
JH		 7068 bacpy(&ev.addr.bdaddr, &conn->dst);
7069 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7070 ev.status = status;
2a611692 7071
e1e930f5
JH		 7072 cmd = find_pairing(conn);
7073
7074 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7075 cmd ? cmd->sk : NULL);
7076
a511b35b
JH		 7077 if (cmd) {
7078 cmd->cmd_complete(cmd, status);
7079 mgmt_pending_remove(cmd);
7080 }
2a611692 7081}
b312b161 7082
464996ae 7083void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7084{
7085 struct cmd_lookup match = { NULL, hdev };
464996ae 7086 bool changed;
33ef95ed
JH		 7087
7088 if (status) {
7089 u8 mgmt_err = mgmt_status(status);
7090 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7091 cmd_status_rsp, &mgmt_err);
464996ae 7092 return;
33ef95ed
JH		 7093 }
7094
464996ae
MH		 7095 if (test_bit(HCI_AUTH, &hdev->flags))
7096 changed = !test_and_set_bit(HCI_LINK_SECURITY,
7097 &hdev->dev_flags);
7098 else
7099 changed = test_and_clear_bit(HCI_LINK_SECURITY,
7100 &hdev->dev_flags);
47990ea0 7101
33ef95ed 7102 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7103 &match);
33ef95ed 7104
47990ea0 7105 if (changed)
464996ae 7106 new_settings(hdev, match.sk);
33ef95ed
JH		 7107
7108 if (match.sk)
7109 sock_put(match.sk);
33ef95ed
JH		 7110}
7111
890ea898 7112static void clear_eir(struct hci_request *req)
cacaf52f 7113{
890ea898 7114 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7115 struct hci_cp_write_eir cp;
7116
976eb20e 7117 if (!lmp_ext_inq_capable(hdev))
890ea898 7118 return;
cacaf52f 7119
c80da27e
JH		 7120 memset(hdev->eir, 0, sizeof(hdev->eir));
7121
cacaf52f
JH		 7122 memset(&cp, 0, sizeof(cp));
7123
890ea898 7124 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7125}
7126
3e248560 7127void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7128{
7129 struct cmd_lookup match = { NULL, hdev };
890ea898 7130 struct hci_request req;
c0ecddc2 7131 bool changed = false;
ed2c4ee3
JH		 7132
7133 if (status) {
7134 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 7135
7136 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24 7137 &hdev->dev_flags)) {
a358dc11 7138 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 7139 new_settings(hdev, NULL);
9ecb3e24 7140 }
c0ecddc2 7141
04124681
GP		 7142 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7143 &mgmt_err);
3e248560 7144 return;
c0ecddc2
JH		 7145 }
7146
7147 if (enable) {
9ecb3e24 7148 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 7149 } else {
9ecb3e24
MH		 7150 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
7151 if (!changed)
7152 changed = test_and_clear_bit(HCI_HS_ENABLED,
7153 &hdev->dev_flags);
7154 else
a358dc11 7155 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7156 }
7157
7158 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7159
c0ecddc2 7160 if (changed)
3e248560 7161 new_settings(hdev, match.sk);
ed2c4ee3 7162
5fc6ebb1 7163 if (match.sk)
ed2c4ee3
JH		 7164 sock_put(match.sk);
7165
890ea898
JH		 7166 hci_req_init(&req, hdev);
7167
d7a5a11d
MH		 7168 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7169 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7170 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7171 sizeof(enable), &enable);
890ea898 7172 update_eir(&req);
3769972b 7173 } else {
890ea898 7174 clear_eir(&req);
3769972b 7175 }
890ea898
JH		 7176
7177 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7178}
7179
3b0602cd 7180static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7181{
7182 struct cmd_lookup *match = data;
7183
90e70454
JH		 7184 if (match->sk == NULL) {
7185 match->sk = cmd->sk;
7186 sock_hold(match->sk);
7187 }
90e70454
JH		 7188}
7189
4e1b0245
MH		 7190void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7191 u8 status)
7f9a903c 7192{
90e70454 7193 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7194
92da6097
JH		 7195 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7196 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7197 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7198
7199 if (!status)
4e1b0245
MH		 7200 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
7201 NULL);
90e70454
JH		 7202
7203 if (match.sk)
7204 sock_put(match.sk);
7f9a903c
MH		 7205}
7206
7667da34 7207void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7208{
b312b161 7209 struct mgmt_cp_set_local_name ev;
3b0602cd 7210 struct mgmt_pending_cmd *cmd;
28cc7bde 7211
13928971 7212 if (status)
7667da34 7213 return;
b312b161
JH		 7214
7215 memset(&ev, 0, sizeof(ev));
7216 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7217 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7218
2e58ef3e 7219 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7220 if (!cmd) {
7221 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7222
13928971
JH		 7223 /* If this is a HCI command related to powering on the
7224 * HCI dev don't send any mgmt signals.
7225 */
7226 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7227 return;
890ea898 7228 }
b312b161 7229
7667da34
MH		 7230 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7231 cmd ? cmd->sk : NULL);
b312b161 7232}
c35938b2 7233
4d2d2796 7234void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 7235 u8 *rand192, u8 *hash256, u8 *rand256,
7236 u8 status)
c35938b2 7237{
3b0602cd 7238 struct mgmt_pending_cmd *cmd;
c35938b2 7239
744cf19e 7240 BT_DBG("%s status %u", hdev->name, status);
c35938b2 7241
2e58ef3e 7242 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 7243 if (!cmd)
3edaf092 7244 return;
c35938b2
SJ		 7245
7246 if (status) {
a69e8375
JH		 7247 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7248 mgmt_status(status));
c35938b2 7249 } else {
66f096f7
JH		 7250 struct mgmt_rp_read_local_oob_data rp;
7251 size_t rp_size = sizeof(rp);
4d2d2796 7252
66f096f7
JH		 7253 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7254 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 7255
66f096f7 7256 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796 7257 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 7258 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
4d2d2796 7259 } else {
66f096f7 7260 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
4d2d2796 7261 }
66f096f7 7262
2a1afb5a
JH		 7263 mgmt_cmd_complete(cmd->sk, hdev->id,
7264 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7265 &rp, rp_size);
c35938b2
SJ		 7266 }
7267
7268 mgmt_pending_remove(cmd);
c35938b2 7269}
e17acd40 7270
799ce93d
JP		 7271static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7272{
7273 int i;
7274
7275 for (i = 0; i < uuid_count; i++) {
7276 if (!memcmp(uuid, uuids[i], 16))
7277 return true;
7278 }
7279
7280 return false;
7281}
7282
b487b9ce
MH		 7283static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7284{
799ce93d
JP		 7285 u16 parsed = 0;
7286
7287 while (parsed < eir_len) {
7288 u8 field_len = eir[0];
7289 u8 uuid[16];
7290 int i;
7291
7292 if (field_len == 0)
7293 break;
7294
7295 if (eir_len - parsed < field_len + 1)
7296 break;
7297
7298 switch (eir[1]) {
7299 case EIR_UUID16_ALL:
7300 case EIR_UUID16_SOME:
7301 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7302 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7303 uuid[13] = eir[i + 3];
7304 uuid[12] = eir[i + 2];
7305 if (has_uuid(uuid, uuid_count, uuids))
7306 return true;
7307 }
7308 break;
7309 case EIR_UUID32_ALL:
7310 case EIR_UUID32_SOME:
7311 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7312 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7313 uuid[15] = eir[i + 5];
7314 uuid[14] = eir[i + 4];
7315 uuid[13] = eir[i + 3];
7316 uuid[12] = eir[i + 2];
7317 if (has_uuid(uuid, uuid_count, uuids))
7318 return true;
7319 }
7320 break;
7321 case EIR_UUID128_ALL:
7322 case EIR_UUID128_SOME:
7323 for (i = 0; i + 17 <= field_len; i += 16) {
7324 memcpy(uuid, eir + i + 2, 16);
7325 if (has_uuid(uuid, uuid_count, uuids))
7326 return true;
7327 }
7328 break;
7329 }
7330
7331 parsed += field_len + 1;
7332 eir += field_len + 1;
7333 }
7334
b487b9ce
MH		 7335 return false;
7336}
7337
4b0e0ced
JP		 7338static void restart_le_scan(struct hci_dev *hdev)
7339{
7340 /* If controller is not scanning we are done. */
d7a5a11d 7341 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 7342 return;
7343
7344 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7345 hdev->discovery.scan_start +
7346 hdev->discovery.scan_duration))
7347 return;
7348
7349 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
7350 DISCOV_LE_RESTART_DELAY);
7351}
7352
48f86b7f
JP		 7353static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7354 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7355{
48f86b7f
JP		 7356 /* If a RSSI threshold has been specified, and
7357 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7358 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7359 * is set, let it through for further processing, as we might need to
7360 * restart the scan.
efb2513f
MH		 7361 *
7362 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7363 * the results are also dropped.
bda157a4
MH		 7364 */
7365 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7366 (rssi == HCI_RSSI_INVALID ||
7367 (rssi < hdev->discovery.rssi &&
7368 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7369 return false;
efb2513f 7370
2976cdeb
JP		 7371 if (hdev->discovery.uuid_count != 0) {
7372 /* If a list of UUIDs is provided in filter, results with no
7373 * matching UUID should be dropped.
b487b9ce 7374 */
2976cdeb
JP		 7375 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7376 hdev->discovery.uuids) &&
7377 !eir_has_uuids(scan_rsp, scan_rsp_len,
7378 hdev->discovery.uuid_count,
7379 hdev->discovery.uuids))
7380 return false;
b487b9ce 7381 }
5d2e9fad 7382
2976cdeb
JP		 7383 /* If duplicate filtering does not report RSSI changes, then restart
7384 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7385 */
2976cdeb
JP		 7386 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7387 restart_le_scan(hdev);
7388
7389 /* Validate RSSI value against the RSSI threshold once more. */
7390 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7391 rssi < hdev->discovery.rssi)
7392 return false;
7393 }
48f86b7f
JP		 7394
7395 return true;
7396}
7397
7398void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7399 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7400 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7401{
7402 char buf[512];
7403 struct mgmt_ev_device_found *ev = (void *)buf;
7404 size_t ev_size;
7405
7406 /* Don't send events for a non-kernel initiated discovery. With
7407 * LE one exception is if we have pend_le_reports > 0 in which
7408 * case we're doing passive scanning and want these events.
7409 */
7410 if (!hci_discovery_active(hdev)) {
7411 if (link_type == ACL_LINK)
7412 return;
7413 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7414 return;
7415 }
7416
82f8b651 7417 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7418 /* We are using service discovery */
7419 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7420 scan_rsp_len))
7421 return;
7422 }
7423
7424 /* Make sure that the buffer is big enough. The 5 extra bytes
7425 * are for the potential CoD field.
7426 */
7427 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7428 return;
7429
48f86b7f
JP		 7430 memset(buf, 0, sizeof(buf));
7431
7432 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7433 * RSSI value was reported as 0 when not available. This behavior
7434 * is kept when using device discovery. This is required for full
7435 * backwards compatibility with the API.
7436 *
7437 * However when using service discovery, the value 127 will be
7438 * returned when the RSSI is not available.
7439 */
7440 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7441 link_type == ACL_LINK)
7442 rssi = 0;
7443
7444 bacpy(&ev->addr.bdaddr, bdaddr);
7445 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7446 ev->rssi = rssi;
7447 ev->flags = cpu_to_le32(flags);
7448
7449 if (eir_len > 0)
7450 /* Copy EIR or advertising data into event */
7451 memcpy(ev->eir, eir, eir_len);
7452
7453 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7454 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7455 dev_class, 3);
7456
7457 if (scan_rsp_len > 0)
7458 /* Append scan response data to event */
7459 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7460
5d2e9fad
JH		 7461 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7462 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7463
901801b9 7464 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7465}
a88a9652 7466
9cf12aee
MH		 7467void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7468 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7469{
b644ba33
JH		 7470 struct mgmt_ev_device_found *ev;
7471 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7472 u16 eir_len;
a88a9652 7473
b644ba33 7474 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7475
b644ba33
JH		 7476 memset(buf, 0, sizeof(buf));
7477
7478 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7479 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7480 ev->rssi = rssi;
7481
7482 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7483 name_len);
b644ba33 7484
eb55ef07 7485 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7486
9cf12aee 7487 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7488}
314b2381 7489
2f1e063b 7490void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7491{
f963e8e9 7492 struct mgmt_ev_discovering ev;
164a6e78 7493
343fb145
AG		 7494 BT_DBG("%s discovering %u", hdev->name, discovering);
7495
f963e8e9
JH		 7496 memset(&ev, 0, sizeof(ev));
7497 ev.type = hdev->discovery.type;
7498 ev.discovering = discovering;
7499
2f1e063b 7500 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7501}
5e762444 7502
1904a853 7503static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 7504{
7505 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 7506}
7507
7508void mgmt_reenable_advertising(struct hci_dev *hdev)
7509{
7510 struct hci_request req;
7511
d7a5a11d 7512 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
5976e608
MH		 7513 return;
7514
7515 hci_req_init(&req, hdev);
7516 enable_advertising(&req);
0ec5ae84 7517 hci_req_run(&req, adv_enable_complete);
5976e608 7518}
6d785aa3
JH		 7519
7520static struct hci_mgmt_chan chan = {
7521 .channel = HCI_CHANNEL_CONTROL,
7522 .handler_count = ARRAY_SIZE(mgmt_handlers),
7523 .handlers = mgmt_handlers,
7524};
7525
7526int mgmt_init(void)
7527{
7528 return hci_mgmt_chan_register(&chan);
7529}
7530
7531void mgmt_exit(void)
7532{
7533 hci_mgmt_chan_unregister(&chan);
7534}
Linux kernel - Deliverables
This page took 1.357673 seconds and 5 git commands to generate.