projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Connection parameters and auto connection
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
40456644 37#define MGMT_REVISION 5
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 82 MGMT_OP_SET_SECURE_CONN,
4e39ac81 83 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 84 MGMT_OP_SET_PRIVACY,
41edf160 85 MGMT_OP_LOAD_IRKS,
e70bb2e8
JH		 86};
87
88static const u16 mgmt_events[] = {
89 MGMT_EV_CONTROLLER_ERROR,
90 MGMT_EV_INDEX_ADDED,
91 MGMT_EV_INDEX_REMOVED,
92 MGMT_EV_NEW_SETTINGS,
93 MGMT_EV_CLASS_OF_DEV_CHANGED,
94 MGMT_EV_LOCAL_NAME_CHANGED,
95 MGMT_EV_NEW_LINK_KEY,
96 MGMT_EV_NEW_LONG_TERM_KEY,
97 MGMT_EV_DEVICE_CONNECTED,
98 MGMT_EV_DEVICE_DISCONNECTED,
99 MGMT_EV_CONNECT_FAILED,
100 MGMT_EV_PIN_CODE_REQUEST,
101 MGMT_EV_USER_CONFIRM_REQUEST,
102 MGMT_EV_USER_PASSKEY_REQUEST,
103 MGMT_EV_AUTH_FAILED,
104 MGMT_EV_DEVICE_FOUND,
105 MGMT_EV_DISCOVERING,
106 MGMT_EV_DEVICE_BLOCKED,
107 MGMT_EV_DEVICE_UNBLOCKED,
108 MGMT_EV_DEVICE_UNPAIRED,
92a25256 109 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 110 MGMT_EV_NEW_IRK,
e70bb2e8
JH		 111};
112
17b02e62 113#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 114
4b34ee78
JH		 115#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
116 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
117
eec8d2bc
JH		 118struct pending_cmd {
119 struct list_head list;
fc2f4b13 120 u16 opcode;
eec8d2bc 121 int index;
c68fb7ff 122 void *param;
eec8d2bc 123 struct sock *sk;
e9a416b5 124 void *user_data;
eec8d2bc
JH		 125};
126
ca69b795
JH		 127/* HCI to MGMT error code conversion table */
128static u8 mgmt_status_table[] = {
129 MGMT_STATUS_SUCCESS,
130 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
131 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
132 MGMT_STATUS_FAILED, /* Hardware Failure */
133 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
134 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 135 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 136 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
137 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
138 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
139 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
140 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
141 MGMT_STATUS_BUSY, /* Command Disallowed */
142 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
143 MGMT_STATUS_REJECTED, /* Rejected Security */
144 MGMT_STATUS_REJECTED, /* Rejected Personal */
145 MGMT_STATUS_TIMEOUT, /* Host Timeout */
146 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
147 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
148 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
149 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
150 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
151 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
152 MGMT_STATUS_BUSY, /* Repeated Attempts */
153 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
154 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
155 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
156 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
157 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
158 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
159 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
160 MGMT_STATUS_FAILED, /* Unspecified Error */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
162 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
163 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
164 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
165 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
166 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
167 MGMT_STATUS_FAILED, /* Unit Link Key Used */
168 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
169 MGMT_STATUS_TIMEOUT, /* Instant Passed */
170 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
171 MGMT_STATUS_FAILED, /* Transaction Collision */
172 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
173 MGMT_STATUS_REJECTED, /* QoS Rejected */
174 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
175 MGMT_STATUS_REJECTED, /* Insufficient Security */
176 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
177 MGMT_STATUS_BUSY, /* Role Switch Pending */
178 MGMT_STATUS_FAILED, /* Slot Violation */
179 MGMT_STATUS_FAILED, /* Role Switch Failed */
180 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
181 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
182 MGMT_STATUS_BUSY, /* Host Busy Pairing */
183 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
184 MGMT_STATUS_BUSY, /* Controller Busy */
185 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
186 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
187 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
188 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
189 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
190};
191
192static u8 mgmt_status(u8 hci_status)
193{
194 if (hci_status < ARRAY_SIZE(mgmt_status_table))
195 return mgmt_status_table[hci_status];
196
197 return MGMT_STATUS_FAILED;
198}
199
4e51eae9 200static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 201{
202 struct sk_buff *skb;
203 struct mgmt_hdr *hdr;
204 struct mgmt_ev_cmd_status *ev;
56b7d137 205 int err;
f7b64e69 206
34eb525c 207 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 208
790eff44 209 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 210 if (!skb)
211 return -ENOMEM;
212
213 hdr = (void *) skb_put(skb, sizeof(*hdr));
214
612dfce9 215 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 216 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 217 hdr->len = cpu_to_le16(sizeof(*ev));
218
219 ev = (void *) skb_put(skb, sizeof(*ev));
220 ev->status = status;
eb55ef07 221 ev->opcode = cpu_to_le16(cmd);
f7b64e69 222
56b7d137
GP		 223 err = sock_queue_rcv_skb(sk, skb);
224 if (err < 0)
f7b64e69
JH		 225 kfree_skb(skb);
226
56b7d137 227 return err;
f7b64e69
JH		 228}
229
aee9b218 230static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 231 void *rp, size_t rp_len)
02d98129
JH		 232{
233 struct sk_buff *skb;
234 struct mgmt_hdr *hdr;
235 struct mgmt_ev_cmd_complete *ev;
56b7d137 236 int err;
02d98129
JH		 237
238 BT_DBG("sock %p", sk);
239
790eff44 240 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 241 if (!skb)
242 return -ENOMEM;
243
244 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 245
612dfce9 246 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 247 hdr->index = cpu_to_le16(index);
a38528f1 248 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 249
a38528f1 250 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 251 ev->opcode = cpu_to_le16(cmd);
aee9b218 252 ev->status = status;
8020c16a
SJ		 253
254 if (rp)
255 memcpy(ev->data, rp, rp_len);
02d98129 256
56b7d137
GP		 257 err = sock_queue_rcv_skb(sk, skb);
258 if (err < 0)
02d98129
JH		 259 kfree_skb(skb);
260
e5f0e151 261 return err;
02d98129
JH		 262}
263
04124681
GP		 264static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
265 u16 data_len)
a38528f1
JH		 266{
267 struct mgmt_rp_read_version rp;
268
269 BT_DBG("sock %p", sk);
270
271 rp.version = MGMT_VERSION;
eb55ef07 272 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 273
aee9b218 274 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 275 sizeof(rp));
a38528f1
JH		 276}
277
04124681
GP		 278static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
279 u16 data_len)
e70bb2e8
JH		 280{
281 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 282 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
283 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 284 __le16 *opcode;
e70bb2e8
JH		 285 size_t rp_size;
286 int i, err;
287
288 BT_DBG("sock %p", sk);
289
290 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
291
292 rp = kmalloc(rp_size, GFP_KERNEL);
293 if (!rp)
294 return -ENOMEM;
295
eb55ef07
MH		 296 rp->num_commands = __constant_cpu_to_le16(num_commands);
297 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 298
299 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
300 put_unaligned_le16(mgmt_commands[i], opcode);
301
302 for (i = 0; i < num_events; i++, opcode++)
303 put_unaligned_le16(mgmt_events[i], opcode);
304
aee9b218 305 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 306 rp_size);
e70bb2e8
JH		 307 kfree(rp);
308
309 return err;
310}
311
04124681
GP		 312static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
313 u16 data_len)
faba42eb 314{
faba42eb 315 struct mgmt_rp_read_index_list *rp;
8035ded4 316 struct hci_dev *d;
a38528f1 317 size_t rp_len;
faba42eb 318 u16 count;
476e44cb 319 int err;
faba42eb
JH		 320
321 BT_DBG("sock %p", sk);
322
323 read_lock(&hci_dev_list_lock);
324
325 count = 0;
bb4b2a9a 326 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 327 if (d->dev_type == HCI_BREDR)
328 count++;
faba42eb
JH		 329 }
330
a38528f1
JH		 331 rp_len = sizeof(*rp) + (2 * count);
332 rp = kmalloc(rp_len, GFP_ATOMIC);
333 if (!rp) {
b2c60d42 334 read_unlock(&hci_dev_list_lock);
faba42eb 335 return -ENOMEM;
b2c60d42 336 }
faba42eb 337
476e44cb 338 count = 0;
8035ded4 339 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 340 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 341 continue;
342
0736cfa8
MH		 343 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
344 continue;
345
1514b892
MH		 346 if (d->dev_type == HCI_BREDR) {
347 rp->index[count++] = cpu_to_le16(d->id);
348 BT_DBG("Added hci%u", d->id);
349 }
faba42eb
JH		 350 }
351
476e44cb
JH		 352 rp->num_controllers = cpu_to_le16(count);
353 rp_len = sizeof(*rp) + (2 * count);
354
faba42eb
JH		 355 read_unlock(&hci_dev_list_lock);
356
aee9b218 357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 358 rp_len);
faba42eb 359
a38528f1
JH		 360 kfree(rp);
361
362 return err;
faba42eb
JH		 363}
364
69ab39ea
JH		 365static u32 get_supported_settings(struct hci_dev *hdev)
366{
367 u32 settings = 0;
368
369 settings |= MGMT_SETTING_POWERED;
69ab39ea 370 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 371 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 372
ed3fa31f 373 if (lmp_bredr_capable(hdev)) {
33c525c0 374 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 375 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
376 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 377 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 378 settings |= MGMT_SETTING_BREDR;
379 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 380
381 if (lmp_ssp_capable(hdev)) {
382 settings |= MGMT_SETTING_SSP;
383 settings |= MGMT_SETTING_HS;
384 }
e98d2ce2 385
5afeac14
MH		 386 if (lmp_sc_capable(hdev) ||
387 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
e98d2ce2 388 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 389 }
d7b7e796 390
eeca6f89 391 if (lmp_le_capable(hdev)) {
9d42820f 392 settings |= MGMT_SETTING_LE;
eeca6f89 393 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 394 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 395 }
69ab39ea
JH		 396
397 return settings;
398}
399
400static u32 get_current_settings(struct hci_dev *hdev)
401{
402 u32 settings = 0;
403
f1f0eb02 404 if (hdev_is_powered(hdev))
f0d4b78a
MH		 405 settings |= MGMT_SETTING_POWERED;
406
5e5282bb 407 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 408 settings |= MGMT_SETTING_CONNECTABLE;
409
1a4d3c4b
JH		 410 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
411 settings |= MGMT_SETTING_FAST_CONNECTABLE;
412
5e5282bb 413 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 414 settings |= MGMT_SETTING_DISCOVERABLE;
415
a8b2d5c2 416 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_PAIRABLE;
418
56f87901 419 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_BREDR;
421
06199cf8 422 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 423 settings |= MGMT_SETTING_LE;
424
47990ea0 425 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 426 settings |= MGMT_SETTING_LINK_SECURITY;
427
84bde9d6 428 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 429 settings |= MGMT_SETTING_SSP;
430
6d80dfd0
JH		 431 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
432 settings |= MGMT_SETTING_HS;
433
f3d3444a 434 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 435 settings |= MGMT_SETTING_ADVERTISING;
436
e98d2ce2
MH		 437 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
438 settings |= MGMT_SETTING_SECURE_CONN;
439
b1de97d8
MH		 440 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
441 settings |= MGMT_SETTING_DEBUG_KEYS;
442
0f4bd942
JH		 443 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
444 settings |= MGMT_SETTING_PRIVACY;
445
69ab39ea
JH		 446 return settings;
447}
448
ef580372
JH		 449#define PNP_INFO_SVCLASS_ID 0x1200
450
213202ed
JH		 451static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
452{
453 u8 *ptr = data, *uuids_start = NULL;
454 struct bt_uuid *uuid;
455
456 if (len < 4)
457 return ptr;
458
459 list_for_each_entry(uuid, &hdev->uuids, list) {
460 u16 uuid16;
461
462 if (uuid->size != 16)
463 continue;
464
465 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
466 if (uuid16 < 0x1100)
467 continue;
468
469 if (uuid16 == PNP_INFO_SVCLASS_ID)
470 continue;
471
472 if (!uuids_start) {
473 uuids_start = ptr;
474 uuids_start[0] = 1;
475 uuids_start[1] = EIR_UUID16_ALL;
476 ptr += 2;
477 }
478
479 /* Stop if not enough space to put next UUID */
480 if ((ptr - data) + sizeof(u16) > len) {
481 uuids_start[1] = EIR_UUID16_SOME;
482 break;
483 }
484
485 *ptr++ = (uuid16 & 0x00ff);
486 *ptr++ = (uuid16 & 0xff00) >> 8;
487 uuids_start[0] += sizeof(uuid16);
488 }
489
490 return ptr;
491}
492
cdf1963f
JH		 493static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
494{
495 u8 *ptr = data, *uuids_start = NULL;
496 struct bt_uuid *uuid;
497
498 if (len < 6)
499 return ptr;
500
501 list_for_each_entry(uuid, &hdev->uuids, list) {
502 if (uuid->size != 32)
503 continue;
504
505 if (!uuids_start) {
506 uuids_start = ptr;
507 uuids_start[0] = 1;
508 uuids_start[1] = EIR_UUID32_ALL;
509 ptr += 2;
510 }
511
512 /* Stop if not enough space to put next UUID */
513 if ((ptr - data) + sizeof(u32) > len) {
514 uuids_start[1] = EIR_UUID32_SOME;
515 break;
516 }
517
518 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
519 ptr += sizeof(u32);
520 uuids_start[0] += sizeof(u32);
521 }
522
523 return ptr;
524}
525
c00d575b
JH		 526static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
527{
528 u8 *ptr = data, *uuids_start = NULL;
529 struct bt_uuid *uuid;
530
531 if (len < 18)
532 return ptr;
533
534 list_for_each_entry(uuid, &hdev->uuids, list) {
535 if (uuid->size != 128)
536 continue;
537
538 if (!uuids_start) {
539 uuids_start = ptr;
540 uuids_start[0] = 1;
541 uuids_start[1] = EIR_UUID128_ALL;
542 ptr += 2;
543 }
544
545 /* Stop if not enough space to put next UUID */
546 if ((ptr - data) + 16 > len) {
547 uuids_start[1] = EIR_UUID128_SOME;
548 break;
549 }
550
551 memcpy(ptr, uuid->uuid, 16);
552 ptr += 16;
553 uuids_start[0] += 16;
554 }
555
556 return ptr;
557}
558
eb2a8d20
JH		 559static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
560{
561 struct pending_cmd *cmd;
562
563 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
564 if (cmd->opcode == opcode)
565 return cmd;
566 }
567
568 return NULL;
569}
570
f14d8f64
MH		 571static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
572{
7a5f4990
MH		 573 u8 ad_len = 0;
574 size_t name_len;
575
576 name_len = strlen(hdev->dev_name);
577 if (name_len > 0) {
578 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
579
580 if (name_len > max_len) {
581 name_len = max_len;
582 ptr[1] = EIR_NAME_SHORT;
583 } else
584 ptr[1] = EIR_NAME_COMPLETE;
585
586 ptr[0] = name_len + 1;
587
588 memcpy(ptr + 2, hdev->dev_name, name_len);
589
590 ad_len += (name_len + 2);
591 ptr += (name_len + 2);
592 }
593
594 return ad_len;
f14d8f64
MH		 595}
596
597static void update_scan_rsp_data(struct hci_request *req)
598{
599 struct hci_dev *hdev = req->hdev;
600 struct hci_cp_le_set_scan_rsp_data cp;
601 u8 len;
602
7751ef1b 603 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 604 return;
605
606 memset(&cp, 0, sizeof(cp));
607
608 len = create_scan_rsp_data(hdev, cp.data);
609
eb438b5f
JH		 610 if (hdev->scan_rsp_data_len == len &&
611 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 612 return;
613
eb438b5f
JH		 614 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
615 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 616
617 cp.length = len;
618
619 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
620}
621
9a43e25f
JH		 622static u8 get_adv_discov_flags(struct hci_dev *hdev)
623{
624 struct pending_cmd *cmd;
625
626 /* If there's a pending mgmt command the flags will not yet have
627 * their final values, so check for this first.
628 */
629 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
630 if (cmd) {
631 struct mgmt_mode *cp = cmd->param;
632 if (cp->val == 0x01)
633 return LE_AD_GENERAL;
634 else if (cp->val == 0x02)
635 return LE_AD_LIMITED;
636 } else {
637 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
638 return LE_AD_LIMITED;
639 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
640 return LE_AD_GENERAL;
641 }
642
643 return 0;
644}
645
46cad2ed 646static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 647{
648 u8 ad_len = 0, flags = 0;
441ad2d0 649
9a43e25f 650 flags |= get_adv_discov_flags(hdev);
441ad2d0 651
e834004b 652 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 653 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 654
655 if (flags) {
656 BT_DBG("adv flags 0x%02x", flags);
657
658 ptr[0] = 2;
659 ptr[1] = EIR_FLAGS;
660 ptr[2] = flags;
661
662 ad_len += 3;
663 ptr += 3;
664 }
665
666 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
667 ptr[0] = 2;
668 ptr[1] = EIR_TX_POWER;
669 ptr[2] = (u8) hdev->adv_tx_power;
670
671 ad_len += 3;
672 ptr += 3;
673 }
674
441ad2d0
MH		 675 return ad_len;
676}
677
5947f4bc 678static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 679{
680 struct hci_dev *hdev = req->hdev;
681 struct hci_cp_le_set_adv_data cp;
682 u8 len;
683
10994ce6 684 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 685 return;
686
687 memset(&cp, 0, sizeof(cp));
688
46cad2ed 689 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 690
691 if (hdev->adv_data_len == len &&
692 memcmp(cp.data, hdev->adv_data, len) == 0)
693 return;
694
695 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
696 hdev->adv_data_len = len;
697
698 cp.length = len;
699
700 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
701}
702
ef580372
JH		 703static void create_eir(struct hci_dev *hdev, u8 *data)
704{
705 u8 *ptr = data;
ef580372
JH		 706 size_t name_len;
707
708 name_len = strlen(hdev->dev_name);
709
710 if (name_len > 0) {
711 /* EIR Data type */
712 if (name_len > 48) {
713 name_len = 48;
714 ptr[1] = EIR_NAME_SHORT;
715 } else
716 ptr[1] = EIR_NAME_COMPLETE;
717
718 /* EIR Data length */
719 ptr[0] = name_len + 1;
720
721 memcpy(ptr + 2, hdev->dev_name, name_len);
722
ef580372
JH		 723 ptr += (name_len + 2);
724 }
725
bbaf444a 726 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 727 ptr[0] = 2;
728 ptr[1] = EIR_TX_POWER;
729 ptr[2] = (u8) hdev->inq_tx_power;
730
91c4e9b1
MH		 731 ptr += 3;
732 }
733
2b9be137
MH		 734 if (hdev->devid_source > 0) {
735 ptr[0] = 9;
736 ptr[1] = EIR_DEVICE_ID;
737
738 put_unaligned_le16(hdev->devid_source, ptr + 2);
739 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
740 put_unaligned_le16(hdev->devid_product, ptr + 6);
741 put_unaligned_le16(hdev->devid_version, ptr + 8);
742
2b9be137
MH		 743 ptr += 10;
744 }
745
213202ed 746 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 747 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 748 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 749}
750
890ea898 751static void update_eir(struct hci_request *req)
ef580372 752{
890ea898 753 struct hci_dev *hdev = req->hdev;
ef580372
JH		 754 struct hci_cp_write_eir cp;
755
504c8dcd 756 if (!hdev_is_powered(hdev))
890ea898 757 return;
7770c4aa 758
976eb20e 759 if (!lmp_ext_inq_capable(hdev))
890ea898 760 return;
ef580372 761
84bde9d6 762 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 763 return;
ef580372 764
a8b2d5c2 765 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 766 return;
ef580372
JH		 767
768 memset(&cp, 0, sizeof(cp));
769
770 create_eir(hdev, cp.data);
771
772 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 773 return;
ef580372
JH		 774
775 memcpy(hdev->eir, cp.data, sizeof(cp.data));
776
890ea898 777 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 778}
779
780static u8 get_service_classes(struct hci_dev *hdev)
781{
782 struct bt_uuid *uuid;
783 u8 val = 0;
784
785 list_for_each_entry(uuid, &hdev->uuids, list)
786 val |= uuid->svc_hint;
787
788 return val;
789}
790
890ea898 791static void update_class(struct hci_request *req)
ef580372 792{
890ea898 793 struct hci_dev *hdev = req->hdev;
ef580372
JH		 794 u8 cod[3];
795
796 BT_DBG("%s", hdev->name);
797
504c8dcd 798 if (!hdev_is_powered(hdev))
890ea898 799 return;
7770c4aa 800
f87ea1da
JH		 801 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
802 return;
803
a8b2d5c2 804 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 805 return;
ef580372
JH		 806
807 cod[0] = hdev->minor_class;
808 cod[1] = hdev->major_class;
809 cod[2] = get_service_classes(hdev);
810
6acd7db4
MH		 811 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
812 cod[1] |= 0x20;
813
ef580372 814 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 815 return;
ef580372 816
890ea898 817 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 818}
819
a4858cb9 820static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 821{
822 struct pending_cmd *cmd;
199a2fb1
JH		 823
824 /* If there's a pending mgmt command the flag will not yet have
825 * it's final value, so check for this first.
826 */
827 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
828 if (cmd) {
829 struct mgmt_mode *cp = cmd->param;
a4858cb9 830 return cp->val;
199a2fb1
JH		 831 }
832
a4858cb9 833 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 834}
835
836static void enable_advertising(struct hci_request *req)
837{
838 struct hci_dev *hdev = req->hdev;
839 struct hci_cp_le_set_adv_param cp;
8f2a0601 840 u8 own_addr_type, enable = 0x01;
a4858cb9 841 bool connectable;
199a2fb1 842
a4858cb9 843 connectable = get_connectable(hdev);
8f2a0601 844
a4858cb9
JH		 845 /* Set require_privacy to true only when non-connectable
846 * advertising is used. In that case it is fine to use a
847 * non-resolvable private address.
848 */
849 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 850 return;
851
41c90c18 852 memset(&cp, 0, sizeof(cp));
199a2fb1
JH		 853 cp.min_interval = __constant_cpu_to_le16(0x0800);
854 cp.max_interval = __constant_cpu_to_le16(0x0800);
a4858cb9 855 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 856 cp.own_address_type = own_addr_type;
199a2fb1
JH		 857 cp.channel_map = hdev->le_adv_channel_map;
858
859 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
860
861 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
862}
863
864static void disable_advertising(struct hci_request *req)
865{
866 u8 enable = 0x00;
867
868 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
869}
870
7d78525d
JH		 871static void service_cache_off(struct work_struct *work)
872{
873 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 874 service_cache.work);
890ea898 875 struct hci_request req;
7d78525d 876
a8b2d5c2 877 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 878 return;
879
890ea898
JH		 880 hci_req_init(&req, hdev);
881
7d78525d
JH		 882 hci_dev_lock(hdev);
883
890ea898
JH		 884 update_eir(&req);
885 update_class(&req);
7d78525d
JH		 886
887 hci_dev_unlock(hdev);
890ea898
JH		 888
889 hci_req_run(&req, NULL);
7d78525d
JH		 890}
891
d6bfd59c
JH		 892static void rpa_expired(struct work_struct *work)
893{
894 struct hci_dev *hdev = container_of(work, struct hci_dev,
895 rpa_expired.work);
896 struct hci_request req;
897
898 BT_DBG("");
899
900 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
901
902 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
903 hci_conn_num(hdev, LE_LINK) > 0)
904 return;
905
906 /* The generation of a new RPA and programming it into the
907 * controller happens in the enable_advertising() function.
908 */
909
910 hci_req_init(&req, hdev);
911
912 disable_advertising(&req);
913 enable_advertising(&req);
914
915 hci_req_run(&req, NULL);
916}
917
6a919082 918static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 919{
4f87da80 920 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 921 return;
922
4f87da80 923 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 924 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 925
4f87da80
JH		 926 /* Non-mgmt controlled devices get this bit set
927 * implicitly so that pairing works for them, however
928 * for mgmt we require user-space to explicitly enable
929 * it
930 */
931 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 932}
933
0f4e68cf 934static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 935 void *data, u16 data_len)
0381101f 936{
a38528f1 937 struct mgmt_rp_read_info rp;
f7b64e69 938
bdb6d971 939 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 940
09fd0de5 941 hci_dev_lock(hdev);
f7b64e69 942
dc4fe30b
JH		 943 memset(&rp, 0, sizeof(rp));
944
69ab39ea 945 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 946
69ab39ea 947 rp.version = hdev->hci_ver;
eb55ef07 948 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 949
950 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
951 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 952
a38528f1 953 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 954
dc4fe30b 955 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 956 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 957
09fd0de5 958 hci_dev_unlock(hdev);
0381101f 959
bdb6d971 960 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 961 sizeof(rp));
0381101f
JH		 962}
963
eec8d2bc
JH		 964static void mgmt_pending_free(struct pending_cmd *cmd)
965{
966 sock_put(cmd->sk);
c68fb7ff 967 kfree(cmd->param);
eec8d2bc
JH		 968 kfree(cmd);
969}
970
366a0336 971static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 972 struct hci_dev *hdev, void *data,
973 u16 len)
eec8d2bc
JH		 974{
975 struct pending_cmd *cmd;
976
12b94565 977 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 978 if (!cmd)
366a0336 979 return NULL;
eec8d2bc
JH		 980
981 cmd->opcode = opcode;
2e58ef3e 982 cmd->index = hdev->id;
eec8d2bc 983
12b94565 984 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 985 if (!cmd->param) {
eec8d2bc 986 kfree(cmd);
366a0336 987 return NULL;
eec8d2bc
JH		 988 }
989
8fce6357
SJ		 990 if (data)
991 memcpy(cmd->param, data, len);
eec8d2bc
JH		 992
993 cmd->sk = sk;
994 sock_hold(sk);
995
2e58ef3e 996 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 997
366a0336 998 return cmd;
eec8d2bc
JH		 999}
1000
744cf19e 1001static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1002 void (*cb)(struct pending_cmd *cmd,
1003 void *data),
04124681 1004 void *data)
eec8d2bc 1005{
a3d09356 1006 struct pending_cmd *cmd, *tmp;
eec8d2bc 1007
a3d09356 1008 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1009 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1010 continue;
1011
eec8d2bc
JH		 1012 cb(cmd, data);
1013 }
1014}
1015
a664b5bc 1016static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1017{
73f22f62
JH		 1018 list_del(&cmd->list);
1019 mgmt_pending_free(cmd);
1020}
1021
69ab39ea 1022static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1023{
69ab39ea 1024 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1025
aee9b218 1026 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1027 sizeof(settings));
8680570b
JH		 1028}
1029
8b064a3a
JH		 1030static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1031{
1032 BT_DBG("%s status 0x%02x", hdev->name, status);
1033
1034 if (hci_conn_count(hdev) == 0)
1035 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1036}
1037
1038static int clean_up_hci_state(struct hci_dev *hdev)
1039{
1040 struct hci_request req;
1041 struct hci_conn *conn;
1042
1043 hci_req_init(&req, hdev);
1044
1045 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1046 test_bit(HCI_PSCAN, &hdev->flags)) {
1047 u8 scan = 0x00;
1048 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1049 }
1050
1051 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1052 disable_advertising(&req);
1053
1054 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
b1efcc28 1055 hci_req_add_le_scan_disable(&req);
8b064a3a
JH		 1056 }
1057
1058 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1059 struct hci_cp_disconnect dc;
1060
1061 dc.handle = cpu_to_le16(conn->handle);
1062 dc.reason = 0x15; /* Terminated due to Power Off */
1063 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1064 }
1065
1066 return hci_req_run(&req, clean_up_hci_complete);
1067}
1068
bdb6d971 1069static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1070 u16 len)
eec8d2bc 1071{
650f726d 1072 struct mgmt_mode *cp = data;
366a0336 1073 struct pending_cmd *cmd;
4b34ee78 1074 int err;
eec8d2bc 1075
bdb6d971 1076 BT_DBG("request for %s", hdev->name);
eec8d2bc 1077
a7e80f25
JH		 1078 if (cp->val != 0x00 && cp->val != 0x01)
1079 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1080 MGMT_STATUS_INVALID_PARAMS);
1081
09fd0de5 1082 hci_dev_lock(hdev);
eec8d2bc 1083
87b95ba6
JH		 1084 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1085 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1086 MGMT_STATUS_BUSY);
1087 goto failed;
1088 }
1089
f0d4b78a
MH		 1090 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1091 cancel_delayed_work(&hdev->power_off);
1092
1093 if (cp->val) {
a1d70450
JH		 1094 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1095 data, len);
1096 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1097 goto failed;
1098 }
1099 }
1100
4b34ee78 1101 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1102 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1103 goto failed;
1104 }
1105
2e58ef3e 1106 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1107 if (!cmd) {
1108 err = -ENOMEM;
eec8d2bc 1109 goto failed;
366a0336 1110 }
eec8d2bc 1111
8b064a3a 1112 if (cp->val) {
19202573 1113 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1114 err = 0;
1115 } else {
1116 /* Disconnect connections, stop scans, etc */
1117 err = clean_up_hci_state(hdev);
eec8d2bc 1118
8b064a3a
JH		 1119 /* ENODATA means there were no HCI commands queued */
1120 if (err == -ENODATA) {
1121 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1122 err = 0;
1123 }
1124 }
eec8d2bc
JH		 1125
1126failed:
09fd0de5 1127 hci_dev_unlock(hdev);
366a0336 1128 return err;
eec8d2bc
JH		 1129}
1130
04124681
GP		 1131static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1132 struct sock *skip_sk)
beadb2bd
JH		 1133{
1134 struct sk_buff *skb;
1135 struct mgmt_hdr *hdr;
1136
790eff44 1137 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1138 if (!skb)
1139 return -ENOMEM;
1140
1141 hdr = (void *) skb_put(skb, sizeof(*hdr));
1142 hdr->opcode = cpu_to_le16(event);
1143 if (hdev)
1144 hdr->index = cpu_to_le16(hdev->id);
1145 else
612dfce9 1146 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1147 hdr->len = cpu_to_le16(data_len);
1148
1149 if (data)
1150 memcpy(skb_put(skb, data_len), data, data_len);
1151
97e0bdeb
MH		 1152 /* Time stamp */
1153 __net_timestamp(skb);
1154
beadb2bd
JH		 1155 hci_send_to_control(skb, skip_sk);
1156 kfree_skb(skb);
1157
1158 return 0;
1159}
1160
1161static int new_settings(struct hci_dev *hdev, struct sock *skip)
1162{
1163 __le32 ev;
1164
1165 ev = cpu_to_le32(get_current_settings(hdev));
1166
1167 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1168}
1169
bd99abdd
JH		 1170struct cmd_lookup {
1171 struct sock *sk;
1172 struct hci_dev *hdev;
1173 u8 mgmt_status;
1174};
1175
1176static void settings_rsp(struct pending_cmd *cmd, void *data)
1177{
1178 struct cmd_lookup *match = data;
1179
1180 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1181
1182 list_del(&cmd->list);
1183
1184 if (match->sk == NULL) {
1185 match->sk = cmd->sk;
1186 sock_hold(match->sk);
1187 }
1188
1189 mgmt_pending_free(cmd);
1190}
1191
1192static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1193{
1194 u8 *status = data;
1195
1196 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1197 mgmt_pending_remove(cmd);
1198}
1199
e6fe7986
JH		 1200static u8 mgmt_bredr_support(struct hci_dev *hdev)
1201{
1202 if (!lmp_bredr_capable(hdev))
1203 return MGMT_STATUS_NOT_SUPPORTED;
1204 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1205 return MGMT_STATUS_REJECTED;
1206 else
1207 return MGMT_STATUS_SUCCESS;
1208}
1209
1210static u8 mgmt_le_support(struct hci_dev *hdev)
1211{
1212 if (!lmp_le_capable(hdev))
1213 return MGMT_STATUS_NOT_SUPPORTED;
1214 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1215 return MGMT_STATUS_REJECTED;
1216 else
1217 return MGMT_STATUS_SUCCESS;
1218}
1219
bfaf8c9f
JH		 1220static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1221{
1222 struct pending_cmd *cmd;
1223 struct mgmt_mode *cp;
970ba524 1224 struct hci_request req;
bfaf8c9f
JH		 1225 bool changed;
1226
1227 BT_DBG("status 0x%02x", status);
1228
1229 hci_dev_lock(hdev);
1230
1231 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1232 if (!cmd)
1233 goto unlock;
1234
1235 if (status) {
1236 u8 mgmt_err = mgmt_status(status);
1237 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1238 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1239 goto remove_cmd;
1240 }
1241
1242 cp = cmd->param;
d4462a07 1243 if (cp->val) {
bfaf8c9f
JH		 1244 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1245 &hdev->dev_flags);
d4462a07
MH		 1246
1247 if (hdev->discov_timeout > 0) {
1248 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1249 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1250 to);
1251 }
1252 } else {
bfaf8c9f
JH		 1253 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1254 &hdev->dev_flags);
d4462a07 1255 }
bfaf8c9f
JH		 1256
1257 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1258
1259 if (changed)
1260 new_settings(hdev, cmd->sk);
1261
970ba524
MH		 1262 /* When the discoverable mode gets changed, make sure
1263 * that class of device has the limited discoverable
1264 * bit correctly set.
1265 */
1266 hci_req_init(&req, hdev);
1267 update_class(&req);
1268 hci_req_run(&req, NULL);
1269
bfaf8c9f
JH		 1270remove_cmd:
1271 mgmt_pending_remove(cmd);
1272
1273unlock:
1274 hci_dev_unlock(hdev);
1275}
1276
bdb6d971 1277static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1278 u16 len)
73f22f62 1279{
650f726d 1280 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1281 struct pending_cmd *cmd;
bfaf8c9f 1282 struct hci_request req;
5e5282bb 1283 u16 timeout;
9a43e25f 1284 u8 scan;
73f22f62
JH		 1285 int err;
1286
bdb6d971 1287 BT_DBG("request for %s", hdev->name);
73f22f62 1288
9a43e25f
JH		 1289 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1290 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1291 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1292 MGMT_STATUS_REJECTED);
33c525c0 1293
310a3d48 1294 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1295 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1296 MGMT_STATUS_INVALID_PARAMS);
1297
1f350c87 1298 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1299
1300 /* Disabling discoverable requires that no timeout is set,
1301 * and enabling limited discoverable requires a timeout.
1302 */
1303 if ((cp->val == 0x00 && timeout > 0) ||
1304 (cp->val == 0x02 && timeout == 0))
bdb6d971 1305 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1306 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1307
09fd0de5 1308 hci_dev_lock(hdev);
73f22f62 1309
5e5282bb 1310 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1311 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1312 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1313 goto failed;
1314 }
1315
2e58ef3e 1316 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1317 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1318 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1319 MGMT_STATUS_BUSY);
73f22f62
JH		 1320 goto failed;
1321 }
1322
5e5282bb 1323 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1324 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1325 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1326 goto failed;
1327 }
1328
1329 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1330 bool changed = false;
1331
310a3d48
MH		 1332 /* Setting limited discoverable when powered off is
1333 * not a valid operation since it requires a timeout
1334 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1335 */
0224d2fa
JH		 1336 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1337 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1338 changed = true;
1339 }
1340
5e5282bb 1341 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1342 if (err < 0)
1343 goto failed;
1344
1345 if (changed)
1346 err = new_settings(hdev, sk);
1347
5e5282bb
JH		 1348 goto failed;
1349 }
1350
310a3d48
MH		 1351 /* If the current mode is the same, then just update the timeout
1352 * value with the new value. And if only the timeout gets updated,
1353 * then no need for any HCI transactions.
1354 */
1355 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1356 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1357 &hdev->dev_flags)) {
36261547
MH		 1358 cancel_delayed_work(&hdev->discov_off);
1359 hdev->discov_timeout = timeout;
955638ec 1360
36261547
MH		 1361 if (cp->val && hdev->discov_timeout > 0) {
1362 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1363 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1364 to);
955638ec
MH		 1365 }
1366
69ab39ea 1367 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1368 goto failed;
1369 }
1370
2e58ef3e 1371 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1372 if (!cmd) {
1373 err = -ENOMEM;
73f22f62 1374 goto failed;
366a0336 1375 }
73f22f62 1376
310a3d48
MH		 1377 /* Cancel any potential discoverable timeout that might be
1378 * still active and store new timeout value. The arming of
1379 * the timeout happens in the complete handler.
1380 */
1381 cancel_delayed_work(&hdev->discov_off);
1382 hdev->discov_timeout = timeout;
1383
b456f87c
JH		 1384 /* Limited discoverable mode */
1385 if (cp->val == 0x02)
1386 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1387 else
1388 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1389
bfaf8c9f
JH		 1390 hci_req_init(&req, hdev);
1391
9a43e25f
JH		 1392 /* The procedure for LE-only controllers is much simpler - just
1393 * update the advertising data.
1394 */
1395 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1396 goto update_ad;
1397
73f22f62
JH		 1398 scan = SCAN_PAGE;
1399
310a3d48
MH		 1400 if (cp->val) {
1401 struct hci_cp_write_current_iac_lap hci_cp;
1402
1403 if (cp->val == 0x02) {
1404 /* Limited discoverable mode */
33337dcb 1405 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1406 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1407 hci_cp.iac_lap[1] = 0x8b;
1408 hci_cp.iac_lap[2] = 0x9e;
1409 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1410 hci_cp.iac_lap[4] = 0x8b;
1411 hci_cp.iac_lap[5] = 0x9e;
1412 } else {
1413 /* General discoverable mode */
310a3d48
MH		 1414 hci_cp.num_iac = 1;
1415 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1416 hci_cp.iac_lap[1] = 0x8b;
1417 hci_cp.iac_lap[2] = 0x9e;
1418 }
1419
1420 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1421 (hci_cp.num_iac * 3) + 1, &hci_cp);
1422
73f22f62 1423 scan |= SCAN_INQUIRY;
310a3d48
MH		 1424 } else {
1425 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1426 }
73f22f62 1427
310a3d48 1428 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1429
9a43e25f
JH		 1430update_ad:
1431 update_adv_data(&req);
1432
bfaf8c9f 1433 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1434 if (err < 0)
a664b5bc 1435 mgmt_pending_remove(cmd);
73f22f62
JH		 1436
1437failed:
09fd0de5 1438 hci_dev_unlock(hdev);
73f22f62
JH		 1439 return err;
1440}
1441
406d7804
JH		 1442static void write_fast_connectable(struct hci_request *req, bool enable)
1443{
bd98b996 1444 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1445 struct hci_cp_write_page_scan_activity acp;
1446 u8 type;
1447
547003b1
JH		 1448 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1449 return;
1450
4c01f8b8
JH		 1451 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1452 return;
1453
406d7804
JH		 1454 if (enable) {
1455 type = PAGE_SCAN_TYPE_INTERLACED;
1456
1457 /* 160 msec page scan interval */
1458 acp.interval = __constant_cpu_to_le16(0x0100);
1459 } else {
1460 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1461
1462 /* default 1.28 sec page scan */
1463 acp.interval = __constant_cpu_to_le16(0x0800);
1464 }
1465
1466 acp.window = __constant_cpu_to_le16(0x0012);
1467
bd98b996
JH		 1468 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1469 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1470 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1471 sizeof(acp), &acp);
1472
1473 if (hdev->page_scan_type != type)
1474 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1475}
1476
2b76f453
JH		 1477static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1478{
1479 struct pending_cmd *cmd;
d7b856f9
JH		 1480 struct mgmt_mode *cp;
1481 bool changed;
2b76f453
JH		 1482
1483 BT_DBG("status 0x%02x", status);
1484
1485 hci_dev_lock(hdev);
1486
1487 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1488 if (!cmd)
1489 goto unlock;
1490
37438c1f
JH		 1491 if (status) {
1492 u8 mgmt_err = mgmt_status(status);
1493 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1494 goto remove_cmd;
1495 }
1496
d7b856f9
JH		 1497 cp = cmd->param;
1498 if (cp->val)
1499 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1500 else
1501 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1502
2b76f453
JH		 1503 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1504
d7b856f9
JH		 1505 if (changed)
1506 new_settings(hdev, cmd->sk);
1507
37438c1f 1508remove_cmd:
2b76f453
JH		 1509 mgmt_pending_remove(cmd);
1510
1511unlock:
1512 hci_dev_unlock(hdev);
1513}
1514
e8ba3a1f
JH		 1515static int set_connectable_update_settings(struct hci_dev *hdev,
1516 struct sock *sk, u8 val)
1517{
1518 bool changed = false;
1519 int err;
1520
1521 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1522 changed = true;
1523
1524 if (val) {
1525 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1526 } else {
1527 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1528 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1529 }
1530
1531 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1532 if (err < 0)
1533 return err;
1534
1535 if (changed)
1536 return new_settings(hdev, sk);
1537
1538 return 0;
1539}
1540
bdb6d971 1541static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1542 u16 len)
9fbcbb45 1543{
650f726d 1544 struct mgmt_mode *cp = data;
366a0336 1545 struct pending_cmd *cmd;
2b76f453 1546 struct hci_request req;
1987fdc7 1547 u8 scan;
9fbcbb45
JH		 1548 int err;
1549
bdb6d971 1550 BT_DBG("request for %s", hdev->name);
9fbcbb45 1551
1987fdc7
JH		 1552 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1553 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1554 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1555 MGMT_STATUS_REJECTED);
33c525c0 1556
a7e80f25
JH		 1557 if (cp->val != 0x00 && cp->val != 0x01)
1558 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1559 MGMT_STATUS_INVALID_PARAMS);
1560
09fd0de5 1561 hci_dev_lock(hdev);
9fbcbb45 1562
4b34ee78 1563 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1564 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1565 goto failed;
1566 }
1567
2e58ef3e 1568 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1569 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1570 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1571 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1572 goto failed;
1573 }
1574
2e58ef3e 1575 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1576 if (!cmd) {
1577 err = -ENOMEM;
9fbcbb45 1578 goto failed;
366a0336 1579 }
9fbcbb45 1580
9b74246f 1581 hci_req_init(&req, hdev);
9fbcbb45 1582
9a43e25f
JH		 1583 /* If BR/EDR is not enabled and we disable advertising as a
1584 * by-product of disabling connectable, we need to update the
1585 * advertising flags.
1586 */
1587 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1588 if (!cp->val) {
1589 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1590 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1591 }
1592 update_adv_data(&req);
1593 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1594 if (cp->val) {
1595 scan = SCAN_PAGE;
1596 } else {
1597 scan = 0;
1598
1599 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1600 hdev->discov_timeout > 0)
9b74246f
JH		 1601 cancel_delayed_work(&hdev->discov_off);
1602 }
2b76f453 1603
9b74246f
JH		 1604 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1605 }
2b76f453 1606
4c01f8b8
JH		 1607 /* If we're going from non-connectable to connectable or
1608 * vice-versa when fast connectable is enabled ensure that fast
1609 * connectable gets disabled. write_fast_connectable won't do
1610 * anything if the page scan parameters are already what they
1611 * should be.
1612 */
1613 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1614 write_fast_connectable(&req, false);
1615
1987fdc7
JH		 1616 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1617 hci_conn_num(hdev, LE_LINK) == 0) {
1618 disable_advertising(&req);
1619 enable_advertising(&req);
1620 }
1621
2b76f453 1622 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1623 if (err < 0) {
a664b5bc 1624 mgmt_pending_remove(cmd);
9b74246f 1625 if (err == -ENODATA)
a81070ba
JH		 1626 err = set_connectable_update_settings(hdev, sk,
1627 cp->val);
9b74246f
JH		 1628 goto failed;
1629 }
9fbcbb45
JH		 1630
1631failed:
09fd0de5 1632 hci_dev_unlock(hdev);
9fbcbb45
JH		 1633 return err;
1634}
1635
bdb6d971 1636static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1637 u16 len)
c542a06c 1638{
650f726d 1639 struct mgmt_mode *cp = data;
55594356 1640 bool changed;
c542a06c
JH		 1641 int err;
1642
bdb6d971 1643 BT_DBG("request for %s", hdev->name);
c542a06c 1644
a7e80f25
JH		 1645 if (cp->val != 0x00 && cp->val != 0x01)
1646 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1647 MGMT_STATUS_INVALID_PARAMS);
1648
09fd0de5 1649 hci_dev_lock(hdev);
c542a06c
JH		 1650
1651 if (cp->val)
55594356 1652 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1653 else
55594356 1654 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1655
69ab39ea 1656 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1657 if (err < 0)
55594356 1658 goto unlock;
c542a06c 1659
55594356
MH		 1660 if (changed)
1661 err = new_settings(hdev, sk);
c542a06c 1662
55594356 1663unlock:
09fd0de5 1664 hci_dev_unlock(hdev);
c542a06c
JH		 1665 return err;
1666}
1667
04124681
GP		 1668static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1669 u16 len)
33ef95ed
JH		 1670{
1671 struct mgmt_mode *cp = data;
1672 struct pending_cmd *cmd;
e6fe7986 1673 u8 val, status;
33ef95ed
JH		 1674 int err;
1675
bdb6d971 1676 BT_DBG("request for %s", hdev->name);
33ef95ed 1677
e6fe7986
JH		 1678 status = mgmt_bredr_support(hdev);
1679 if (status)
33c525c0 1680 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1681 status);
33c525c0 1682
a7e80f25
JH		 1683 if (cp->val != 0x00 && cp->val != 0x01)
1684 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1685 MGMT_STATUS_INVALID_PARAMS);
1686
33ef95ed
JH		 1687 hci_dev_lock(hdev);
1688
4b34ee78 1689 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1690 bool changed = false;
1691
1692 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1693 &hdev->dev_flags)) {
47990ea0
JH		 1694 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1695 changed = true;
1696 }
1697
1698 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1699 if (err < 0)
1700 goto failed;
1701
1702 if (changed)
1703 err = new_settings(hdev, sk);
1704
33ef95ed
JH		 1705 goto failed;
1706 }
1707
1708 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1709 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1710 MGMT_STATUS_BUSY);
33ef95ed
JH		 1711 goto failed;
1712 }
1713
1714 val = !!cp->val;
1715
1716 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1717 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1718 goto failed;
1719 }
1720
1721 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1722 if (!cmd) {
1723 err = -ENOMEM;
1724 goto failed;
1725 }
1726
1727 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1728 if (err < 0) {
1729 mgmt_pending_remove(cmd);
1730 goto failed;
1731 }
1732
1733failed:
1734 hci_dev_unlock(hdev);
33ef95ed
JH		 1735 return err;
1736}
1737
bdb6d971 1738static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1739{
1740 struct mgmt_mode *cp = data;
1741 struct pending_cmd *cmd;
72ef0c1a 1742 u8 status;
ed2c4ee3
JH		 1743 int err;
1744
bdb6d971 1745 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1746
cdba5281
MH		 1747 status = mgmt_bredr_support(hdev);
1748 if (status)
1749 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1750
13ecd8b6
JH		 1751 if (!lmp_ssp_capable(hdev))
1752 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1753 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1754
a7e80f25
JH		 1755 if (cp->val != 0x00 && cp->val != 0x01)
1756 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1757 MGMT_STATUS_INVALID_PARAMS);
1758
13ecd8b6 1759 hci_dev_lock(hdev);
6c8f12c1 1760
4b34ee78 1761 if (!hdev_is_powered(hdev)) {
9ecb3e24 1762 bool changed;
c0ecddc2 1763
9ecb3e24
MH		 1764 if (cp->val) {
1765 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1766 &hdev->dev_flags);
1767 } else {
1768 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1769 &hdev->dev_flags);
1770 if (!changed)
1771 changed = test_and_clear_bit(HCI_HS_ENABLED,
1772 &hdev->dev_flags);
1773 else
1774 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1775 }
1776
1777 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1778 if (err < 0)
1779 goto failed;
1780
1781 if (changed)
1782 err = new_settings(hdev, sk);
1783
ed2c4ee3
JH		 1784 goto failed;
1785 }
1786
9ecb3e24
MH		 1787 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1788 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1789 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1790 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1791 goto failed;
1792 }
1793
72ef0c1a 1794 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1795 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1796 goto failed;
1797 }
1798
1799 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1800 if (!cmd) {
1801 err = -ENOMEM;
1802 goto failed;
1803 }
1804
72ef0c1a 1805 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1806 if (err < 0) {
1807 mgmt_pending_remove(cmd);
1808 goto failed;
1809 }
1810
1811failed:
1812 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1813 return err;
1814}
1815
bdb6d971 1816static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1817{
1818 struct mgmt_mode *cp = data;
ee392693 1819 bool changed;
e6fe7986 1820 u8 status;
ee392693 1821 int err;
6d80dfd0 1822
bdb6d971 1823 BT_DBG("request for %s", hdev->name);
6d80dfd0 1824
e6fe7986
JH		 1825 status = mgmt_bredr_support(hdev);
1826 if (status)
1827 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1828
9ecb3e24
MH		 1829 if (!lmp_ssp_capable(hdev))
1830 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1831 MGMT_STATUS_NOT_SUPPORTED);
1832
1833 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1834 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1835 MGMT_STATUS_REJECTED);
1836
a7e80f25
JH		 1837 if (cp->val != 0x00 && cp->val != 0x01)
1838 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1839 MGMT_STATUS_INVALID_PARAMS);
1840
ee392693
MH		 1841 hci_dev_lock(hdev);
1842
a0cdf960 1843 if (cp->val) {
ee392693 1844 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1845 } else {
1846 if (hdev_is_powered(hdev)) {
1847 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1848 MGMT_STATUS_REJECTED);
1849 goto unlock;
1850 }
1851
ee392693 1852 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1853 }
ee392693
MH		 1854
1855 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1856 if (err < 0)
1857 goto unlock;
1858
1859 if (changed)
1860 err = new_settings(hdev, sk);
6d80dfd0 1861
ee392693
MH		 1862unlock:
1863 hci_dev_unlock(hdev);
1864 return err;
6d80dfd0
JH		 1865}
1866
416a4ae5
JH		 1867static void le_enable_complete(struct hci_dev *hdev, u8 status)
1868{
1869 struct cmd_lookup match = { NULL, hdev };
1870
1871 if (status) {
1872 u8 mgmt_err = mgmt_status(status);
1873
1874 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1875 &mgmt_err);
1876 return;
1877 }
1878
1879 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1880
1881 new_settings(hdev, match.sk);
1882
1883 if (match.sk)
1884 sock_put(match.sk);
441ad2d0
MH		 1885
1886 /* Make sure the controller has a good default for
1887 * advertising data. Restrict the update to when LE
1888 * has actually been enabled. During power on, the
1889 * update in powered_update_hci will take care of it.
1890 */
1891 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1892 struct hci_request req;
1893
1894 hci_dev_lock(hdev);
1895
1896 hci_req_init(&req, hdev);
5947f4bc 1897 update_adv_data(&req);
f14d8f64 1898 update_scan_rsp_data(&req);
441ad2d0
MH		 1899 hci_req_run(&req, NULL);
1900
1901 hci_dev_unlock(hdev);
1902 }
416a4ae5
JH		 1903}
1904
bdb6d971 1905static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1906{
1907 struct mgmt_mode *cp = data;
1908 struct hci_cp_write_le_host_supported hci_cp;
1909 struct pending_cmd *cmd;
416a4ae5 1910 struct hci_request req;
06199cf8 1911 int err;
0b60eba1 1912 u8 val, enabled;
06199cf8 1913
bdb6d971 1914 BT_DBG("request for %s", hdev->name);
06199cf8 1915
13ecd8b6
JH		 1916 if (!lmp_le_capable(hdev))
1917 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1918 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1919
a7e80f25
JH		 1920 if (cp->val != 0x00 && cp->val != 0x01)
1921 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1922 MGMT_STATUS_INVALID_PARAMS);
1923
c73eee91 1924 /* LE-only devices do not allow toggling LE on/off */
56f87901 1925 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1926 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1927 MGMT_STATUS_REJECTED);
1928
13ecd8b6 1929 hci_dev_lock(hdev);
06199cf8
JH		 1930
1931 val = !!cp->val;
ffa88e02 1932 enabled = lmp_host_le_capable(hdev);
06199cf8 1933
0b60eba1 1934 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1935 bool changed = false;
1936
1937 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1938 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1939 changed = true;
1940 }
1941
f3d3444a
JH		 1942 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1943 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1944 changed = true;
1945 }
1946
06199cf8
JH		 1947 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1948 if (err < 0)
1de028ce 1949 goto unlock;
06199cf8
JH		 1950
1951 if (changed)
1952 err = new_settings(hdev, sk);
1953
1de028ce 1954 goto unlock;
06199cf8
JH		 1955 }
1956
4375f103
JH		 1957 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1958 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1959 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1960 MGMT_STATUS_BUSY);
1de028ce 1961 goto unlock;
06199cf8
JH		 1962 }
1963
1964 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1965 if (!cmd) {
1966 err = -ENOMEM;
1de028ce 1967 goto unlock;
06199cf8
JH		 1968 }
1969
441ad2d0
MH		 1970 hci_req_init(&req, hdev);
1971
06199cf8
JH		 1972 memset(&hci_cp, 0, sizeof(hci_cp));
1973
1974 if (val) {
1975 hci_cp.le = val;
ffa88e02 1976 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 1977 } else {
1978 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1979 disable_advertising(&req);
06199cf8
JH		 1980 }
1981
416a4ae5
JH		 1982 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1983 &hci_cp);
1984
1985 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1986 if (err < 0)
06199cf8 1987 mgmt_pending_remove(cmd);
06199cf8 1988
1de028ce
JH		 1989unlock:
1990 hci_dev_unlock(hdev);
06199cf8
JH		 1991 return err;
1992}
1993
0cab9c80
JH		 1994/* This is a helper function to test for pending mgmt commands that can
1995 * cause CoD or EIR HCI commands. We can only allow one such pending
1996 * mgmt command at a time since otherwise we cannot easily track what
1997 * the current values are, will be, and based on that calculate if a new
1998 * HCI command needs to be sent and if yes with what value.
1999 */
2000static bool pending_eir_or_class(struct hci_dev *hdev)
2001{
2002 struct pending_cmd *cmd;
2003
2004 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2005 switch (cmd->opcode) {
2006 case MGMT_OP_ADD_UUID:
2007 case MGMT_OP_REMOVE_UUID:
2008 case MGMT_OP_SET_DEV_CLASS:
2009 case MGMT_OP_SET_POWERED:
2010 return true;
2011 }
2012 }
2013
2014 return false;
2015}
2016
83be8eca
JH		 2017static const u8 bluetooth_base_uuid[] = {
2018 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2019 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2020};
2021
2022static u8 get_uuid_size(const u8 *uuid)
2023{
2024 u32 val;
2025
2026 if (memcmp(uuid, bluetooth_base_uuid, 12))
2027 return 128;
2028
2029 val = get_unaligned_le32(&uuid[12]);
2030 if (val > 0xffff)
2031 return 32;
2032
2033 return 16;
2034}
2035
92da6097
JH		 2036static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2037{
2038 struct pending_cmd *cmd;
2039
2040 hci_dev_lock(hdev);
2041
2042 cmd = mgmt_pending_find(mgmt_op, hdev);
2043 if (!cmd)
2044 goto unlock;
2045
2046 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2047 hdev->dev_class, 3);
2048
2049 mgmt_pending_remove(cmd);
2050
2051unlock:
2052 hci_dev_unlock(hdev);
2053}
2054
2055static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2056{
2057 BT_DBG("status 0x%02x", status);
2058
2059 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2060}
2061
bdb6d971 2062static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2063{
650f726d 2064 struct mgmt_cp_add_uuid *cp = data;
90e70454 2065 struct pending_cmd *cmd;
890ea898 2066 struct hci_request req;
2aeb9a1a 2067 struct bt_uuid *uuid;
2aeb9a1a
JH		 2068 int err;
2069
bdb6d971 2070 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2071
09fd0de5 2072 hci_dev_lock(hdev);
2aeb9a1a 2073
0cab9c80 2074 if (pending_eir_or_class(hdev)) {
bdb6d971 2075 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2076 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2077 goto failed;
2078 }
2079
92c4c204 2080 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2081 if (!uuid) {
2082 err = -ENOMEM;
2083 goto failed;
2084 }
2085
2086 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2087 uuid->svc_hint = cp->svc_hint;
83be8eca 2088 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2089
de66aa63 2090 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2091
890ea898 2092 hci_req_init(&req, hdev);
1aff6f09 2093
890ea898
JH		 2094 update_class(&req);
2095 update_eir(&req);
2096
92da6097
JH		 2097 err = hci_req_run(&req, add_uuid_complete);
2098 if (err < 0) {
2099 if (err != -ENODATA)
2100 goto failed;
80a1e1db 2101
bdb6d971 2102 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2103 hdev->dev_class, 3);
90e70454
JH		 2104 goto failed;
2105 }
2106
2107 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2108 if (!cmd) {
90e70454 2109 err = -ENOMEM;
890ea898
JH		 2110 goto failed;
2111 }
2112
2113 err = 0;
2aeb9a1a
JH		 2114
2115failed:
09fd0de5 2116 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2117 return err;
2118}
2119
24b78d0f
JH		 2120static bool enable_service_cache(struct hci_dev *hdev)
2121{
2122 if (!hdev_is_powered(hdev))
2123 return false;
2124
2125 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2126 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2127 CACHE_TIMEOUT);
24b78d0f
JH		 2128 return true;
2129 }
2130
2131 return false;
2132}
2133
92da6097
JH		 2134static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2135{
2136 BT_DBG("status 0x%02x", status);
2137
2138 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2139}
2140
bdb6d971 2141static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2142 u16 len)
2aeb9a1a 2143{
650f726d 2144 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2145 struct pending_cmd *cmd;
056341c8 2146 struct bt_uuid *match, *tmp;
2aeb9a1a 2147 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2148 struct hci_request req;
2aeb9a1a
JH		 2149 int err, found;
2150
bdb6d971 2151 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2152
09fd0de5 2153 hci_dev_lock(hdev);
2aeb9a1a 2154
0cab9c80 2155 if (pending_eir_or_class(hdev)) {
bdb6d971 2156 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2157 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2158 goto unlock;
2159 }
2160
2aeb9a1a 2161 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2162 hci_uuids_clear(hdev);
4004b6d9 2163
24b78d0f 2164 if (enable_service_cache(hdev)) {
bdb6d971 2165 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2166 0, hdev->dev_class, 3);
24b78d0f
JH		 2167 goto unlock;
2168 }
4004b6d9 2169
9246a869 2170 goto update_class;
2aeb9a1a
JH		 2171 }
2172
2173 found = 0;
2174
056341c8 2175 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2176 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2177 continue;
2178
2179 list_del(&match->list);
482049f7 2180 kfree(match);
2aeb9a1a
JH		 2181 found++;
2182 }
2183
2184 if (found == 0) {
bdb6d971 2185 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2186 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2187 goto unlock;
2188 }
2189
9246a869 2190update_class:
890ea898 2191 hci_req_init(&req, hdev);
1aff6f09 2192
890ea898
JH		 2193 update_class(&req);
2194 update_eir(&req);
2195
92da6097
JH		 2196 err = hci_req_run(&req, remove_uuid_complete);
2197 if (err < 0) {
2198 if (err != -ENODATA)
2199 goto unlock;
80a1e1db 2200
bdb6d971 2201 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2202 hdev->dev_class, 3);
90e70454
JH		 2203 goto unlock;
2204 }
2205
2206 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2207 if (!cmd) {
90e70454 2208 err = -ENOMEM;
890ea898
JH		 2209 goto unlock;
2210 }
2211
2212 err = 0;
2aeb9a1a
JH		 2213
2214unlock:
09fd0de5 2215 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2216 return err;
2217}
2218
92da6097
JH		 2219static void set_class_complete(struct hci_dev *hdev, u8 status)
2220{
2221 BT_DBG("status 0x%02x", status);
2222
2223 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2224}
2225
bdb6d971 2226static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2227 u16 len)
1aff6f09 2228{
650f726d 2229 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2230 struct pending_cmd *cmd;
890ea898 2231 struct hci_request req;
1aff6f09
JH		 2232 int err;
2233
bdb6d971 2234 BT_DBG("request for %s", hdev->name);
1aff6f09 2235
6203fc98 2236 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2237 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2238 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2239
0cab9c80 2240 hci_dev_lock(hdev);
ee98f473 2241
0cab9c80
JH		 2242 if (pending_eir_or_class(hdev)) {
2243 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2244 MGMT_STATUS_BUSY);
2245 goto unlock;
2246 }
c95f0ba7 2247
0cab9c80
JH		 2248 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2249 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2250 MGMT_STATUS_INVALID_PARAMS);
2251 goto unlock;
2252 }
575b3a02 2253
932f5ff5
JH		 2254 hdev->major_class = cp->major;
2255 hdev->minor_class = cp->minor;
2256
b5235a65 2257 if (!hdev_is_powered(hdev)) {
bdb6d971 2258 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2259 hdev->dev_class, 3);
b5235a65
JH		 2260 goto unlock;
2261 }
2262
890ea898
JH		 2263 hci_req_init(&req, hdev);
2264
a8b2d5c2 2265 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2266 hci_dev_unlock(hdev);
2267 cancel_delayed_work_sync(&hdev->service_cache);
2268 hci_dev_lock(hdev);
890ea898 2269 update_eir(&req);
7d78525d 2270 }
14c0b608 2271
890ea898
JH		 2272 update_class(&req);
2273
92da6097
JH		 2274 err = hci_req_run(&req, set_class_complete);
2275 if (err < 0) {
2276 if (err != -ENODATA)
2277 goto unlock;
1aff6f09 2278
bdb6d971 2279 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2280 hdev->dev_class, 3);
90e70454
JH		 2281 goto unlock;
2282 }
2283
2284 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2285 if (!cmd) {
90e70454 2286 err = -ENOMEM;
890ea898
JH		 2287 goto unlock;
2288 }
2289
2290 err = 0;
1aff6f09 2291
b5235a65 2292unlock:
09fd0de5 2293 hci_dev_unlock(hdev);
1aff6f09
JH		 2294 return err;
2295}
2296
bdb6d971 2297static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2298 u16 len)
55ed8ca1 2299{
650f726d 2300 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2301 u16 key_count, expected_len;
b1de97d8 2302 bool changed;
a492cd52 2303 int i;
55ed8ca1 2304
9060d5cf
MH		 2305 BT_DBG("request for %s", hdev->name);
2306
2307 if (!lmp_bredr_capable(hdev))
2308 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2309 MGMT_STATUS_NOT_SUPPORTED);
2310
1f350c87 2311 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2312
86742e1e
JH		 2313 expected_len = sizeof(*cp) + key_count *
2314 sizeof(struct mgmt_link_key_info);
a492cd52 2315 if (expected_len != len) {
86742e1e 2316 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2317 len, expected_len);
bdb6d971 2318 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2319 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2320 }
2321
4ae14301
JH		 2322 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2323 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2324 MGMT_STATUS_INVALID_PARAMS);
2325
bdb6d971 2326 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2327 key_count);
55ed8ca1 2328
4ee71b20
JH		 2329 for (i = 0; i < key_count; i++) {
2330 struct mgmt_link_key_info *key = &cp->keys[i];
2331
8e991132 2332 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2333 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2334 MGMT_STATUS_INVALID_PARAMS);
2335 }
2336
09fd0de5 2337 hci_dev_lock(hdev);
55ed8ca1
JH		 2338
2339 hci_link_keys_clear(hdev);
2340
55ed8ca1 2341 if (cp->debug_keys)
b1de97d8 2342 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2343 else
b1de97d8
MH		 2344 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2345
2346 if (changed)
2347 new_settings(hdev, NULL);
55ed8ca1 2348
a492cd52 2349 for (i = 0; i < key_count; i++) {
86742e1e 2350 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2351
d753fdc4 2352 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2353 key->type, key->pin_len);
55ed8ca1
JH		 2354 }
2355
bdb6d971 2356 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2357
09fd0de5 2358 hci_dev_unlock(hdev);
55ed8ca1 2359
a492cd52 2360 return 0;
55ed8ca1
JH		 2361}
2362
b1078ad0 2363static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2364 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2365{
2366 struct mgmt_ev_device_unpaired ev;
2367
2368 bacpy(&ev.addr.bdaddr, bdaddr);
2369 ev.addr.type = addr_type;
2370
2371 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2372 skip_sk);
b1078ad0
JH		 2373}
2374
bdb6d971 2375static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2376 u16 len)
55ed8ca1 2377{
124f6e35
JH		 2378 struct mgmt_cp_unpair_device *cp = data;
2379 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2380 struct hci_cp_disconnect dc;
2381 struct pending_cmd *cmd;
55ed8ca1 2382 struct hci_conn *conn;
55ed8ca1
JH		 2383 int err;
2384
a8a1d19e 2385 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2386 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2387 rp.addr.type = cp->addr.type;
a8a1d19e 2388
4ee71b20
JH		 2389 if (!bdaddr_type_is_valid(cp->addr.type))
2390 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2391 MGMT_STATUS_INVALID_PARAMS,
2392 &rp, sizeof(rp));
2393
118da70b
JH		 2394 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2395 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2396 MGMT_STATUS_INVALID_PARAMS,
2397 &rp, sizeof(rp));
2398
4ee71b20
JH		 2399 hci_dev_lock(hdev);
2400
86a8cfc6 2401 if (!hdev_is_powered(hdev)) {
bdb6d971 2402 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2403 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2404 goto unlock;
2405 }
2406
e0b2b27e 2407 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2408 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2409 } else {
2410 u8 addr_type;
2411
2412 if (cp->addr.type == BDADDR_LE_PUBLIC)
2413 addr_type = ADDR_LE_DEV_PUBLIC;
2414 else
2415 addr_type = ADDR_LE_DEV_RANDOM;
2416
a7ec7338
JH		 2417 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2418
e0b2b27e
JH		 2419 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2420 }
b0dbfb46 2421
55ed8ca1 2422 if (err < 0) {
bdb6d971 2423 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2424 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2425 goto unlock;
2426 }
2427
86a8cfc6 2428 if (cp->disconnect) {
591f47f3 2429 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2430 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2431 &cp->addr.bdaddr);
86a8cfc6
JH		 2432 else
2433 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2434 &cp->addr.bdaddr);
86a8cfc6
JH		 2435 } else {
2436 conn = NULL;
2437 }
124f6e35 2438
a8a1d19e 2439 if (!conn) {
bdb6d971 2440 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2441 &rp, sizeof(rp));
b1078ad0 2442 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2443 goto unlock;
2444 }
55ed8ca1 2445
124f6e35 2446 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2447 sizeof(*cp));
a8a1d19e
JH		 2448 if (!cmd) {
2449 err = -ENOMEM;
2450 goto unlock;
55ed8ca1
JH		 2451 }
2452
eb55ef07 2453 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2454 dc.reason = 0x13; /* Remote User Terminated Connection */
2455 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2456 if (err < 0)
2457 mgmt_pending_remove(cmd);
2458
55ed8ca1 2459unlock:
09fd0de5 2460 hci_dev_unlock(hdev);
55ed8ca1
JH		 2461 return err;
2462}
2463
bdb6d971 2464static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2465 u16 len)
8962ee74 2466{
650f726d 2467 struct mgmt_cp_disconnect *cp = data;
06a63b19 2468 struct mgmt_rp_disconnect rp;
8962ee74 2469 struct hci_cp_disconnect dc;
366a0336 2470 struct pending_cmd *cmd;
8962ee74 2471 struct hci_conn *conn;
8962ee74
JH		 2472 int err;
2473
2474 BT_DBG("");
2475
06a63b19
JH		 2476 memset(&rp, 0, sizeof(rp));
2477 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2478 rp.addr.type = cp->addr.type;
2479
4ee71b20 2480 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2481 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2482 MGMT_STATUS_INVALID_PARAMS,
2483 &rp, sizeof(rp));
4ee71b20 2484
09fd0de5 2485 hci_dev_lock(hdev);
8962ee74
JH		 2486
2487 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2488 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2489 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2490 goto failed;
2491 }
2492
2e58ef3e 2493 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2494 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2495 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2496 goto failed;
2497 }
2498
591f47f3 2499 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2500 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2501 &cp->addr.bdaddr);
88c3df13
JH		 2502 else
2503 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2504
f960727e 2505 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2506 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2507 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2508 goto failed;
2509 }
2510
2e58ef3e 2511 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2512 if (!cmd) {
2513 err = -ENOMEM;
8962ee74 2514 goto failed;
366a0336 2515 }
8962ee74 2516
eb55ef07 2517 dc.handle = cpu_to_le16(conn->handle);
3701f944 2518 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2519
2520 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2521 if (err < 0)
a664b5bc 2522 mgmt_pending_remove(cmd);
8962ee74
JH		 2523
2524failed:
09fd0de5 2525 hci_dev_unlock(hdev);
8962ee74
JH		 2526 return err;
2527}
2528
57c1477c 2529static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2530{
2531 switch (link_type) {
2532 case LE_LINK:
48264f06
JH		 2533 switch (addr_type) {
2534 case ADDR_LE_DEV_PUBLIC:
591f47f3 2535 return BDADDR_LE_PUBLIC;
0ed09148 2536
48264f06 2537 default:
0ed09148 2538 /* Fallback to LE Random address type */
591f47f3 2539 return BDADDR_LE_RANDOM;
48264f06 2540 }
0ed09148 2541
4c659c39 2542 default:
0ed09148 2543 /* Fallback to BR/EDR type */
591f47f3 2544 return BDADDR_BREDR;
4c659c39
JH		 2545 }
2546}
2547
04124681
GP		 2548static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2549 u16 data_len)
2784eb41 2550{
2784eb41 2551 struct mgmt_rp_get_connections *rp;
8035ded4 2552 struct hci_conn *c;
a38528f1 2553 size_t rp_len;
60fc5fb6
JH		 2554 int err;
2555 u16 i;
2784eb41
JH		 2556
2557 BT_DBG("");
2558
09fd0de5 2559 hci_dev_lock(hdev);
2784eb41 2560
5f97c1df 2561 if (!hdev_is_powered(hdev)) {
bdb6d971 2562 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2563 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2564 goto unlock;
2565 }
2566
60fc5fb6 2567 i = 0;
b644ba33
JH		 2568 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2569 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2570 i++;
2784eb41
JH		 2571 }
2572
60fc5fb6 2573 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2574 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2575 if (!rp) {
2784eb41
JH		 2576 err = -ENOMEM;
2577 goto unlock;
2578 }
2579
2784eb41 2580 i = 0;
4c659c39 2581 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2582 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2583 continue;
4c659c39 2584 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2585 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2586 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2587 continue;
2588 i++;
2589 }
2590
eb55ef07 2591 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2592
4c659c39
JH		 2593 /* Recalculate length in case of filtered SCO connections, etc */
2594 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2595
bdb6d971 2596 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2597 rp_len);
2784eb41 2598
a38528f1 2599 kfree(rp);
5f97c1df
JH		 2600
2601unlock:
09fd0de5 2602 hci_dev_unlock(hdev);
2784eb41
JH		 2603 return err;
2604}
2605
bdb6d971 2606static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2607 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2608{
2609 struct pending_cmd *cmd;
2610 int err;
2611
2e58ef3e 2612 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2613 sizeof(*cp));
96d97a67
WR		 2614 if (!cmd)
2615 return -ENOMEM;
2616
d8457698 2617 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2618 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2619 if (err < 0)
2620 mgmt_pending_remove(cmd);
2621
2622 return err;
2623}
2624
bdb6d971 2625static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2626 u16 len)
980e1a53 2627{
96d97a67 2628 struct hci_conn *conn;
650f726d 2629 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2630 struct hci_cp_pin_code_reply reply;
366a0336 2631 struct pending_cmd *cmd;
980e1a53
JH		 2632 int err;
2633
2634 BT_DBG("");
2635
09fd0de5 2636 hci_dev_lock(hdev);
980e1a53 2637
4b34ee78 2638 if (!hdev_is_powered(hdev)) {
bdb6d971 2639 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2640 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2641 goto failed;
2642 }
2643
d8457698 2644 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2645 if (!conn) {
bdb6d971 2646 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2647 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2648 goto failed;
2649 }
2650
2651 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2652 struct mgmt_cp_pin_code_neg_reply ncp;
2653
2654 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2655
2656 BT_ERR("PIN code is not 16 bytes long");
2657
bdb6d971 2658 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2659 if (err >= 0)
bdb6d971 2660 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2661 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2662
2663 goto failed;
2664 }
2665
00abfe44 2666 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2667 if (!cmd) {
2668 err = -ENOMEM;
980e1a53 2669 goto failed;
366a0336 2670 }
980e1a53 2671
d8457698 2672 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2673 reply.pin_len = cp->pin_len;
24718ca5 2674 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2675
2676 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2677 if (err < 0)
a664b5bc 2678 mgmt_pending_remove(cmd);
980e1a53
JH		 2679
2680failed:
09fd0de5 2681 hci_dev_unlock(hdev);
980e1a53
JH		 2682 return err;
2683}
2684
04124681
GP		 2685static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2686 u16 len)
17fa4b9d 2687{
650f726d 2688 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2689
2690 BT_DBG("");
2691
09fd0de5 2692 hci_dev_lock(hdev);
17fa4b9d
JH		 2693
2694 hdev->io_capability = cp->io_capability;
2695
2696 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2697 hdev->io_capability);
17fa4b9d 2698
09fd0de5 2699 hci_dev_unlock(hdev);
17fa4b9d 2700
04124681
GP		 2701 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2702 0);
17fa4b9d
JH		 2703}
2704
6039aa73 2705static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2706{
2707 struct hci_dev *hdev = conn->hdev;
8035ded4 2708 struct pending_cmd *cmd;
e9a416b5 2709
2e58ef3e 2710 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2711 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2712 continue;
2713
e9a416b5
JH		 2714 if (cmd->user_data != conn)
2715 continue;
2716
2717 return cmd;
2718 }
2719
2720 return NULL;
2721}
2722
2723static void pairing_complete(struct pending_cmd *cmd, u8 status)
2724{
2725 struct mgmt_rp_pair_device rp;
2726 struct hci_conn *conn = cmd->user_data;
2727
ba4e564f 2728 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2729 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2730
aee9b218 2731 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2732 &rp, sizeof(rp));
e9a416b5
JH		 2733
2734 /* So we don't get further callbacks for this connection */
2735 conn->connect_cfm_cb = NULL;
2736 conn->security_cfm_cb = NULL;
2737 conn->disconn_cfm_cb = NULL;
2738
76a68ba0 2739 hci_conn_drop(conn);
e9a416b5 2740
a664b5bc 2741 mgmt_pending_remove(cmd);
e9a416b5
JH		 2742}
2743
f4a407be
JH		 2744void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2745{
2746 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2747 struct pending_cmd *cmd;
2748
2749 cmd = find_pairing(conn);
2750 if (cmd)
2751 pairing_complete(cmd, status);
2752}
2753
e9a416b5
JH		 2754static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2755{
2756 struct pending_cmd *cmd;
2757
2758 BT_DBG("status %u", status);
2759
2760 cmd = find_pairing(conn);
56e5cb86 2761 if (!cmd)
e9a416b5 2762 BT_DBG("Unable to find a pending command");
56e5cb86 2763 else
e211326c 2764 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2765}
2766
f4a407be 2767static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2768{
2769 struct pending_cmd *cmd;
2770
2771 BT_DBG("status %u", status);
2772
2773 if (!status)
2774 return;
2775
2776 cmd = find_pairing(conn);
2777 if (!cmd)
2778 BT_DBG("Unable to find a pending command");
2779 else
2780 pairing_complete(cmd, mgmt_status(status));
2781}
2782
bdb6d971 2783static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2784 u16 len)
e9a416b5 2785{
650f726d 2786 struct mgmt_cp_pair_device *cp = data;
1425acb7 2787 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2788 struct pending_cmd *cmd;
2789 u8 sec_level, auth_type;
2790 struct hci_conn *conn;
e9a416b5
JH		 2791 int err;
2792
2793 BT_DBG("");
2794
f950a30e
SJ		 2795 memset(&rp, 0, sizeof(rp));
2796 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2797 rp.addr.type = cp->addr.type;
2798
4ee71b20
JH		 2799 if (!bdaddr_type_is_valid(cp->addr.type))
2800 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2801 MGMT_STATUS_INVALID_PARAMS,
2802 &rp, sizeof(rp));
2803
09fd0de5 2804 hci_dev_lock(hdev);
e9a416b5 2805
5f97c1df 2806 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2807 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2808 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2809 goto unlock;
2810 }
2811
c908df36
VCG		 2812 sec_level = BT_SECURITY_MEDIUM;
2813 if (cp->io_cap == 0x03)
e9a416b5 2814 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2815 else
e9a416b5 2816 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2817
6f77d8c7 2818 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2819 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2820 auth_type);
6f77d8c7
AG		 2821 } else {
2822 u8 addr_type;
2823
2824 /* Convert from L2CAP channel address type to HCI address type
2825 */
2826 if (cp->addr.type == BDADDR_LE_PUBLIC)
2827 addr_type = ADDR_LE_DEV_PUBLIC;
2828 else
2829 addr_type = ADDR_LE_DEV_RANDOM;
2830
2831 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 2832 sec_level, auth_type);
6f77d8c7 2833 }
7a512d01 2834
30e76272 2835 if (IS_ERR(conn)) {
489dc48e
AK		 2836 int status;
2837
2838 if (PTR_ERR(conn) == -EBUSY)
2839 status = MGMT_STATUS_BUSY;
2840 else
2841 status = MGMT_STATUS_CONNECT_FAILED;
2842
bdb6d971 2843 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2844 status, &rp,
04124681 2845 sizeof(rp));
e9a416b5
JH		 2846 goto unlock;
2847 }
2848
2849 if (conn->connect_cfm_cb) {
76a68ba0 2850 hci_conn_drop(conn);
bdb6d971 2851 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2852 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2853 goto unlock;
2854 }
2855
2e58ef3e 2856 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2857 if (!cmd) {
2858 err = -ENOMEM;
76a68ba0 2859 hci_conn_drop(conn);
e9a416b5
JH		 2860 goto unlock;
2861 }
2862
7a512d01 2863 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2864 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2865 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2866 conn->security_cfm_cb = pairing_complete_cb;
2867 conn->disconn_cfm_cb = pairing_complete_cb;
2868 } else {
2869 conn->connect_cfm_cb = le_pairing_complete_cb;
2870 conn->security_cfm_cb = le_pairing_complete_cb;
2871 conn->disconn_cfm_cb = le_pairing_complete_cb;
2872 }
7a512d01 2873
e9a416b5
JH		 2874 conn->io_capability = cp->io_cap;
2875 cmd->user_data = conn;
2876
2877 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2878 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2879 pairing_complete(cmd, 0);
2880
2881 err = 0;
2882
2883unlock:
09fd0de5 2884 hci_dev_unlock(hdev);
e9a416b5
JH		 2885 return err;
2886}
2887
04124681
GP		 2888static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2889 u16 len)
28424707 2890{
0f4e68cf 2891 struct mgmt_addr_info *addr = data;
28424707
JH		 2892 struct pending_cmd *cmd;
2893 struct hci_conn *conn;
2894 int err;
2895
2896 BT_DBG("");
2897
28424707
JH		 2898 hci_dev_lock(hdev);
2899
5f97c1df 2900 if (!hdev_is_powered(hdev)) {
bdb6d971 2901 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2902 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2903 goto unlock;
2904 }
2905
28424707
JH		 2906 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2907 if (!cmd) {
bdb6d971 2908 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2909 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2910 goto unlock;
2911 }
2912
2913 conn = cmd->user_data;
2914
2915 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2916 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2917 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2918 goto unlock;
2919 }
2920
2921 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2922
bdb6d971 2923 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2924 addr, sizeof(*addr));
28424707
JH		 2925unlock:
2926 hci_dev_unlock(hdev);
28424707
JH		 2927 return err;
2928}
2929
bdb6d971 2930static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2931 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2932 u16 hci_op, __le32 passkey)
a5c29683 2933{
a5c29683 2934 struct pending_cmd *cmd;
0df4c185 2935 struct hci_conn *conn;
a5c29683
JH		 2936 int err;
2937
09fd0de5 2938 hci_dev_lock(hdev);
08ba5382 2939
4b34ee78 2940 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2941 err = cmd_complete(sk, hdev->id, mgmt_op,
2942 MGMT_STATUS_NOT_POWERED, addr,
2943 sizeof(*addr));
0df4c185 2944 goto done;
a5c29683
JH		 2945 }
2946
1707c60e
JH		 2947 if (addr->type == BDADDR_BREDR)
2948 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2949 else
1707c60e 2950 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2951
2952 if (!conn) {
feb94d3d
JH		 2953 err = cmd_complete(sk, hdev->id, mgmt_op,
2954 MGMT_STATUS_NOT_CONNECTED, addr,
2955 sizeof(*addr));
272d90df
JH		 2956 goto done;
2957 }
47c15e2b 2958
1707c60e 2959 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2960 /* Continue with pairing via SMP */
5fe57d9e
BG		 2961 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2962
2963 if (!err)
feb94d3d
JH		 2964 err = cmd_complete(sk, hdev->id, mgmt_op,
2965 MGMT_STATUS_SUCCESS, addr,
2966 sizeof(*addr));
5fe57d9e 2967 else
feb94d3d
JH		 2968 err = cmd_complete(sk, hdev->id, mgmt_op,
2969 MGMT_STATUS_FAILED, addr,
2970 sizeof(*addr));
47c15e2b 2971
47c15e2b
BG		 2972 goto done;
2973 }
2974
1707c60e 2975 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2976 if (!cmd) {
2977 err = -ENOMEM;
0df4c185 2978 goto done;
a5c29683
JH		 2979 }
2980
0df4c185 2981 /* Continue with pairing via HCI */
604086b7
BG		 2982 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2983 struct hci_cp_user_passkey_reply cp;
2984
1707c60e 2985 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2986 cp.passkey = passkey;
2987 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2988 } else
1707c60e
JH		 2989 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2990 &addr->bdaddr);
604086b7 2991
a664b5bc
JH		 2992 if (err < 0)
2993 mgmt_pending_remove(cmd);
a5c29683 2994
0df4c185 2995done:
09fd0de5 2996 hci_dev_unlock(hdev);
a5c29683
JH		 2997 return err;
2998}
2999
afeb019d
JK		 3000static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3001 void *data, u16 len)
3002{
3003 struct mgmt_cp_pin_code_neg_reply *cp = data;
3004
3005 BT_DBG("");
3006
1707c60e 3007 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3008 MGMT_OP_PIN_CODE_NEG_REPLY,
3009 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3010}
3011
04124681
GP		 3012static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3013 u16 len)
0df4c185 3014{
650f726d 3015 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3016
3017 BT_DBG("");
3018
3019 if (len != sizeof(*cp))
bdb6d971 3020 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3021 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3022
1707c60e 3023 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3024 MGMT_OP_USER_CONFIRM_REPLY,
3025 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3026}
3027
bdb6d971 3028static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3029 void *data, u16 len)
0df4c185 3030{
c9c2659f 3031 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3032
3033 BT_DBG("");
3034
1707c60e 3035 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3036 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3037 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3038}
3039
04124681
GP		 3040static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3041 u16 len)
604086b7 3042{
650f726d 3043 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3044
3045 BT_DBG("");
3046
1707c60e 3047 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3048 MGMT_OP_USER_PASSKEY_REPLY,
3049 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3050}
3051
bdb6d971 3052static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3053 void *data, u16 len)
604086b7 3054{
650f726d 3055 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3056
3057 BT_DBG("");
3058
1707c60e 3059 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3060 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3061 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3062}
3063
13928971 3064static void update_name(struct hci_request *req)
2b4bf397 3065{
13928971 3066 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3067 struct hci_cp_write_local_name cp;
3068
13928971 3069 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3070
890ea898 3071 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3072}
3073
13928971
JH		 3074static void set_name_complete(struct hci_dev *hdev, u8 status)
3075{
3076 struct mgmt_cp_set_local_name *cp;
3077 struct pending_cmd *cmd;
3078
3079 BT_DBG("status 0x%02x", status);
3080
3081 hci_dev_lock(hdev);
3082
3083 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3084 if (!cmd)
3085 goto unlock;
3086
3087 cp = cmd->param;
3088
3089 if (status)
3090 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3091 mgmt_status(status));
3092 else
3093 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3094 cp, sizeof(*cp));
3095
3096 mgmt_pending_remove(cmd);
3097
3098unlock:
3099 hci_dev_unlock(hdev);
3100}
3101
bdb6d971 3102static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3103 u16 len)
b312b161 3104{
2b4bf397 3105 struct mgmt_cp_set_local_name *cp = data;
b312b161 3106 struct pending_cmd *cmd;
890ea898 3107 struct hci_request req;
b312b161
JH		 3108 int err;
3109
3110 BT_DBG("");
3111
09fd0de5 3112 hci_dev_lock(hdev);
b312b161 3113
b3f2ca94
JH		 3114 /* If the old values are the same as the new ones just return a
3115 * direct command complete event.
3116 */
3117 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3118 !memcmp(hdev->short_name, cp->short_name,
3119 sizeof(hdev->short_name))) {
3120 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3121 data, len);
3122 goto failed;
3123 }
3124
2b4bf397 3125 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3126
b5235a65 3127 if (!hdev_is_powered(hdev)) {
2b4bf397 3128 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3129
3130 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3131 data, len);
28cc7bde
JH		 3132 if (err < 0)
3133 goto failed;
3134
3135 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3136 sk);
28cc7bde 3137
b5235a65
JH		 3138 goto failed;
3139 }
3140
28cc7bde 3141 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3142 if (!cmd) {
3143 err = -ENOMEM;
3144 goto failed;
3145 }
3146
13928971
JH		 3147 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3148
890ea898 3149 hci_req_init(&req, hdev);
3f985050
JH		 3150
3151 if (lmp_bredr_capable(hdev)) {
3152 update_name(&req);
3153 update_eir(&req);
3154 }
3155
7a5f4990
MH		 3156 /* The name is stored in the scan response data and so
3157 * no need to udpate the advertising data here.
3158 */
3f985050 3159 if (lmp_le_capable(hdev))
7a5f4990 3160 update_scan_rsp_data(&req);
3f985050 3161
13928971 3162 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3163 if (err < 0)
3164 mgmt_pending_remove(cmd);
3165
3166failed:
09fd0de5 3167 hci_dev_unlock(hdev);
b312b161
JH		 3168 return err;
3169}
3170
0f4e68cf 3171static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3172 void *data, u16 data_len)
c35938b2 3173{
c35938b2
SJ		 3174 struct pending_cmd *cmd;
3175 int err;
3176
bdb6d971 3177 BT_DBG("%s", hdev->name);
c35938b2 3178
09fd0de5 3179 hci_dev_lock(hdev);
c35938b2 3180
4b34ee78 3181 if (!hdev_is_powered(hdev)) {
bdb6d971 3182 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3183 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3184 goto unlock;
3185 }
3186
9a1a1996 3187 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3188 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3189 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3190 goto unlock;
3191 }
3192
2e58ef3e 3193 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3194 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3195 MGMT_STATUS_BUSY);
c35938b2
SJ		 3196 goto unlock;
3197 }
3198
2e58ef3e 3199 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3200 if (!cmd) {
3201 err = -ENOMEM;
3202 goto unlock;
3203 }
3204
4d2d2796
MH		 3205 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3206 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3207 0, NULL);
3208 else
3209 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3210
c35938b2
SJ		 3211 if (err < 0)
3212 mgmt_pending_remove(cmd);
3213
3214unlock:
09fd0de5 3215 hci_dev_unlock(hdev);
c35938b2
SJ		 3216 return err;
3217}
3218
bdb6d971 3219static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3220 void *data, u16 len)
2763eda6 3221{
2763eda6
SJ		 3222 int err;
3223
bdb6d971 3224 BT_DBG("%s ", hdev->name);
2763eda6 3225
09fd0de5 3226 hci_dev_lock(hdev);
2763eda6 3227
ec109113
MH		 3228 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3229 struct mgmt_cp_add_remote_oob_data *cp = data;
3230 u8 status;
bf1e3541 3231
ec109113
MH		 3232 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3233 cp->hash, cp->randomizer);
3234 if (err < 0)
3235 status = MGMT_STATUS_FAILED;
3236 else
3237 status = MGMT_STATUS_SUCCESS;
3238
3239 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3240 status, &cp->addr, sizeof(cp->addr));
3241 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3242 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3243 u8 status;
3244
3245 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3246 cp->hash192,
3247 cp->randomizer192,
3248 cp->hash256,
3249 cp->randomizer256);
3250 if (err < 0)
3251 status = MGMT_STATUS_FAILED;
3252 else
3253 status = MGMT_STATUS_SUCCESS;
3254
3255 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3256 status, &cp->addr, sizeof(cp->addr));
3257 } else {
3258 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3259 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3260 MGMT_STATUS_INVALID_PARAMS);
3261 }
2763eda6 3262
09fd0de5 3263 hci_dev_unlock(hdev);
2763eda6
SJ		 3264 return err;
3265}
3266
bdb6d971 3267static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3268 void *data, u16 len)
2763eda6 3269{
650f726d 3270 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3271 u8 status;
2763eda6
SJ		 3272 int err;
3273
bdb6d971 3274 BT_DBG("%s", hdev->name);
2763eda6 3275
09fd0de5 3276 hci_dev_lock(hdev);
2763eda6 3277
664ce4cc 3278 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3279 if (err < 0)
bf1e3541 3280 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3281 else
a6785be2 3282 status = MGMT_STATUS_SUCCESS;
bf1e3541 3283
bdb6d971 3284 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3285 status, &cp->addr, sizeof(cp->addr));
2763eda6 3286
09fd0de5 3287 hci_dev_unlock(hdev);
2763eda6
SJ		 3288 return err;
3289}
3290
41dc2bd6
AG		 3291static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3292{
3293 struct pending_cmd *cmd;
3294 u8 type;
3295 int err;
3296
3297 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3298
3299 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3300 if (!cmd)
3301 return -ENOENT;
3302
3303 type = hdev->discovery.type;
3304
3305 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3306 &type, sizeof(type));
3307 mgmt_pending_remove(cmd);
3308
3309 return err;
3310}
3311
7c307720
AG		 3312static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3313{
3314 BT_DBG("status %d", status);
3315
3316 if (status) {
3317 hci_dev_lock(hdev);
3318 mgmt_start_discovery_failed(hdev, status);
3319 hci_dev_unlock(hdev);
3320 return;
3321 }
3322
3323 hci_dev_lock(hdev);
3324 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3325 hci_dev_unlock(hdev);
3326
3327 switch (hdev->discovery.type) {
3328 case DISCOV_TYPE_LE:
3329 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3330 DISCOV_LE_TIMEOUT);
7c307720
AG		 3331 break;
3332
3333 case DISCOV_TYPE_INTERLEAVED:
3334 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3335 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 3336 break;
3337
3338 case DISCOV_TYPE_BREDR:
3339 break;
3340
3341 default:
3342 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3343 }
3344}
3345
bdb6d971 3346static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3347 void *data, u16 len)
14a53664 3348{
650f726d 3349 struct mgmt_cp_start_discovery *cp = data;
14a53664 3350 struct pending_cmd *cmd;
7c307720
AG		 3351 struct hci_cp_le_set_scan_param param_cp;
3352 struct hci_cp_le_set_scan_enable enable_cp;
3353 struct hci_cp_inquiry inq_cp;
3354 struct hci_request req;
3355 /* General inquiry access code (GIAC) */
3356 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3357 u8 status, own_addr_type;
14a53664
JH		 3358 int err;
3359
bdb6d971 3360 BT_DBG("%s", hdev->name);
14a53664 3361
09fd0de5 3362 hci_dev_lock(hdev);
14a53664 3363
4b34ee78 3364 if (!hdev_is_powered(hdev)) {
bdb6d971 3365 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3366 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3367 goto failed;
3368 }
3369
642be6c7
AG		 3370 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3371 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3372 MGMT_STATUS_BUSY);
3373 goto failed;
3374 }
3375
ff9ef578 3376 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3377 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3378 MGMT_STATUS_BUSY);
ff9ef578
JH		 3379 goto failed;
3380 }
3381
2e58ef3e 3382 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3383 if (!cmd) {
3384 err = -ENOMEM;
3385 goto failed;
3386 }
3387
4aab14e5
AG		 3388 hdev->discovery.type = cp->type;
3389
7c307720
AG		 3390 hci_req_init(&req, hdev);
3391
4aab14e5 3392 switch (hdev->discovery.type) {
f39799f5 3393 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3394 status = mgmt_bredr_support(hdev);
3395 if (status) {
04106755 3396 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3397 status);
04106755
JH		 3398 mgmt_pending_remove(cmd);
3399 goto failed;
3400 }
3401
7c307720
AG		 3402 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3403 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3404 MGMT_STATUS_BUSY);
3405 mgmt_pending_remove(cmd);
3406 goto failed;
3407 }
3408
3409 hci_inquiry_cache_flush(hdev);
3410
3411 memset(&inq_cp, 0, sizeof(inq_cp));
3412 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3413 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3414 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3415 break;
3416
3417 case DISCOV_TYPE_LE:
7c307720 3418 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3419 status = mgmt_le_support(hdev);
3420 if (status) {
04106755 3421 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3422 status);
04106755
JH		 3423 mgmt_pending_remove(cmd);
3424 goto failed;
3425 }
3426
7c307720 3427 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3428 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3429 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3430 MGMT_STATUS_NOT_SUPPORTED);
3431 mgmt_pending_remove(cmd);
3432 goto failed;
3433 }
3434
f3d3444a 3435 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3436 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3437 MGMT_STATUS_REJECTED);
3438 mgmt_pending_remove(cmd);
3439 goto failed;
3440 }
3441
3442 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3443 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3444 MGMT_STATUS_BUSY);
3445 mgmt_pending_remove(cmd);
3446 goto failed;
3447 }
3448
3449 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3450
94b1fc92
MH		 3451 /* All active scans will be done with either a resolvable
3452 * private address (when privacy feature has been enabled)
3453 * or unresolvable private address.
3454 */
3455 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3456 if (err < 0) {
3457 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3458 MGMT_STATUS_FAILED);
3459 mgmt_pending_remove(cmd);
3460 goto failed;
3461 }
3462
7c307720 3463 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3464 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3465 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3466 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3467 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3468 &param_cp);
3469
3470 memset(&enable_cp, 0, sizeof(enable_cp));
3471 enable_cp.enable = LE_SCAN_ENABLE;
3472 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3473 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3474 &enable_cp);
5e0452c0
AG		 3475 break;
3476
f39799f5 3477 default:
04106755
JH		 3478 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3479 MGMT_STATUS_INVALID_PARAMS);
3480 mgmt_pending_remove(cmd);
3481 goto failed;
f39799f5 3482 }
3fd24153 3483
7c307720 3484 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3485 if (err < 0)
3486 mgmt_pending_remove(cmd);
ff9ef578
JH		 3487 else
3488 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3489
3490failed:
09fd0de5 3491 hci_dev_unlock(hdev);
14a53664
JH		 3492 return err;
3493}
3494
1183fdca
AG		 3495static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3496{
3497 struct pending_cmd *cmd;
3498 int err;
3499
3500 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3501 if (!cmd)
3502 return -ENOENT;
3503
3504 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3505 &hdev->discovery.type, sizeof(hdev->discovery.type));
3506 mgmt_pending_remove(cmd);
3507
3508 return err;
3509}
3510
0e05bba6
AG		 3511static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3512{
3513 BT_DBG("status %d", status);
3514
3515 hci_dev_lock(hdev);
3516
3517 if (status) {
3518 mgmt_stop_discovery_failed(hdev, status);
3519 goto unlock;
3520 }
3521
3522 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3523
3524unlock:
3525 hci_dev_unlock(hdev);
3526}
3527
bdb6d971 3528static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3529 u16 len)
14a53664 3530{
d930650b 3531 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3532 struct pending_cmd *cmd;
30dc78e1
JH		 3533 struct hci_cp_remote_name_req_cancel cp;
3534 struct inquiry_entry *e;
0e05bba6 3535 struct hci_request req;
14a53664
JH		 3536 int err;
3537
bdb6d971 3538 BT_DBG("%s", hdev->name);
14a53664 3539
09fd0de5 3540 hci_dev_lock(hdev);
14a53664 3541
30dc78e1 3542 if (!hci_discovery_active(hdev)) {
bdb6d971 3543 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3544 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3545 sizeof(mgmt_cp->type));
d930650b
JH		 3546 goto unlock;
3547 }
3548
3549 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3550 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3551 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3552 sizeof(mgmt_cp->type));
30dc78e1 3553 goto unlock;
ff9ef578
JH		 3554 }
3555
2e58ef3e 3556 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3557 if (!cmd) {
3558 err = -ENOMEM;
30dc78e1
JH		 3559 goto unlock;
3560 }
3561
0e05bba6
AG		 3562 hci_req_init(&req, hdev);
3563
e0d9727e
AG		 3564 switch (hdev->discovery.state) {
3565 case DISCOVERY_FINDING:
0e05bba6
AG		 3566 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3567 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3568 } else {
3569 cancel_delayed_work(&hdev->le_scan_disable);
3570
b1efcc28 3571 hci_req_add_le_scan_disable(&req);
0e05bba6 3572 }
c9ecc48e 3573
e0d9727e
AG		 3574 break;
3575
3576 case DISCOVERY_RESOLVING:
3577 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3578 NAME_PENDING);
e0d9727e 3579 if (!e) {
30dc78e1 3580 mgmt_pending_remove(cmd);
e0d9727e
AG		 3581 err = cmd_complete(sk, hdev->id,
3582 MGMT_OP_STOP_DISCOVERY, 0,
3583 &mgmt_cp->type,
3584 sizeof(mgmt_cp->type));
3585 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3586 goto unlock;
3587 }
30dc78e1 3588
e0d9727e 3589 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3590 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3591 &cp);
e0d9727e
AG		 3592
3593 break;
3594
3595 default:
3596 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3597
3598 mgmt_pending_remove(cmd);
3599 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3600 MGMT_STATUS_FAILED, &mgmt_cp->type,
3601 sizeof(mgmt_cp->type));
3602 goto unlock;
14a53664
JH		 3603 }
3604
0e05bba6 3605 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3606 if (err < 0)
3607 mgmt_pending_remove(cmd);
ff9ef578
JH		 3608 else
3609 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3610
30dc78e1 3611unlock:
09fd0de5 3612 hci_dev_unlock(hdev);
14a53664
JH		 3613 return err;
3614}
3615
bdb6d971 3616static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3617 u16 len)
561aafbc 3618{
650f726d 3619 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3620 struct inquiry_entry *e;
561aafbc
JH		 3621 int err;
3622
bdb6d971 3623 BT_DBG("%s", hdev->name);
561aafbc 3624
561aafbc
JH		 3625 hci_dev_lock(hdev);
3626
30dc78e1 3627 if (!hci_discovery_active(hdev)) {
bdb6d971 3628 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3629 MGMT_STATUS_FAILED);
30dc78e1
JH		 3630 goto failed;
3631 }
3632
a198e7b1 3633 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3634 if (!e) {
bdb6d971 3635 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3636 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3637 goto failed;
3638 }
3639
3640 if (cp->name_known) {
3641 e->name_state = NAME_KNOWN;
3642 list_del(&e->list);
3643 } else {
3644 e->name_state = NAME_NEEDED;
a3d4e20a 3645 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3646 }
3647
e384662b
JH		 3648 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3649 sizeof(cp->addr));
561aafbc
JH		 3650
3651failed:
3652 hci_dev_unlock(hdev);
561aafbc
JH		 3653 return err;
3654}
3655
bdb6d971 3656static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3657 u16 len)
7fbec224 3658{
650f726d 3659 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3660 u8 status;
7fbec224
AJ		 3661 int err;
3662
bdb6d971 3663 BT_DBG("%s", hdev->name);
7fbec224 3664
4ee71b20 3665 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3666 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3667 MGMT_STATUS_INVALID_PARAMS,
3668 &cp->addr, sizeof(cp->addr));
4ee71b20 3669
09fd0de5 3670 hci_dev_lock(hdev);
5e762444 3671
88c1fe4b 3672 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3673 if (err < 0)
f0eeea8b 3674 status = MGMT_STATUS_FAILED;
7fbec224 3675 else
a6785be2 3676 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3677
bdb6d971 3678 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3679 &cp->addr, sizeof(cp->addr));
5e762444 3680
09fd0de5 3681 hci_dev_unlock(hdev);
7fbec224
AJ		 3682
3683 return err;
3684}
3685
bdb6d971 3686static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3687 u16 len)
7fbec224 3688{
650f726d 3689 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3690 u8 status;
7fbec224
AJ		 3691 int err;
3692
bdb6d971 3693 BT_DBG("%s", hdev->name);
7fbec224 3694
4ee71b20 3695 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3696 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3697 MGMT_STATUS_INVALID_PARAMS,
3698 &cp->addr, sizeof(cp->addr));
4ee71b20 3699
09fd0de5 3700 hci_dev_lock(hdev);
5e762444 3701
88c1fe4b 3702 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3703 if (err < 0)
f0eeea8b 3704 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3705 else
a6785be2 3706 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3707
bdb6d971 3708 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3709 &cp->addr, sizeof(cp->addr));
5e762444 3710
09fd0de5 3711 hci_dev_unlock(hdev);
7fbec224
AJ		 3712
3713 return err;
3714}
3715
cdbaccca
MH		 3716static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3717 u16 len)
3718{
3719 struct mgmt_cp_set_device_id *cp = data;
890ea898 3720 struct hci_request req;
cdbaccca 3721 int err;
c72d4b8a 3722 __u16 source;
cdbaccca
MH		 3723
3724 BT_DBG("%s", hdev->name);
3725
c72d4b8a
SJ		 3726 source = __le16_to_cpu(cp->source);
3727
3728 if (source > 0x0002)
3729 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3730 MGMT_STATUS_INVALID_PARAMS);
3731
cdbaccca
MH		 3732 hci_dev_lock(hdev);
3733
c72d4b8a 3734 hdev->devid_source = source;
cdbaccca
MH		 3735 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3736 hdev->devid_product = __le16_to_cpu(cp->product);
3737 hdev->devid_version = __le16_to_cpu(cp->version);
3738
3739 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3740
890ea898
JH		 3741 hci_req_init(&req, hdev);
3742 update_eir(&req);
3743 hci_req_run(&req, NULL);
cdbaccca
MH		 3744
3745 hci_dev_unlock(hdev);
3746
3747 return err;
3748}
3749
4375f103
JH		 3750static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3751{
3752 struct cmd_lookup match = { NULL, hdev };
3753
3754 if (status) {
3755 u8 mgmt_err = mgmt_status(status);
3756
3757 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3758 cmd_status_rsp, &mgmt_err);
3759 return;
3760 }
3761
3762 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3763 &match);
3764
3765 new_settings(hdev, match.sk);
3766
3767 if (match.sk)
3768 sock_put(match.sk);
3769}
3770
21b5187f
MH		 3771static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3772 u16 len)
4375f103
JH		 3773{
3774 struct mgmt_mode *cp = data;
3775 struct pending_cmd *cmd;
3776 struct hci_request req;
e6fe7986 3777 u8 val, enabled, status;
4375f103
JH		 3778 int err;
3779
3780 BT_DBG("request for %s", hdev->name);
3781
e6fe7986
JH		 3782 status = mgmt_le_support(hdev);
3783 if (status)
4375f103 3784 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3785 status);
4375f103
JH		 3786
3787 if (cp->val != 0x00 && cp->val != 0x01)
3788 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3789 MGMT_STATUS_INVALID_PARAMS);
3790
3791 hci_dev_lock(hdev);
3792
3793 val = !!cp->val;
f3d3444a 3794 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3795
f74ca9b8
JH		 3796 /* The following conditions are ones which mean that we should
3797 * not do any HCI communication but directly send a mgmt
3798 * response to user space (after toggling the flag if
3799 * necessary).
3800 */
3801 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3802 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3803 bool changed = false;
3804
f3d3444a
JH		 3805 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3806 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3807 changed = true;
3808 }
3809
3810 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3811 if (err < 0)
3812 goto unlock;
3813
3814 if (changed)
3815 err = new_settings(hdev, sk);
3816
3817 goto unlock;
3818 }
3819
3820 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3821 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3822 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3823 MGMT_STATUS_BUSY);
3824 goto unlock;
3825 }
3826
3827 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3828 if (!cmd) {
3829 err = -ENOMEM;
3830 goto unlock;
3831 }
3832
3833 hci_req_init(&req, hdev);
3834
bba3aa55
MH		 3835 if (val)
3836 enable_advertising(&req);
3837 else
3838 disable_advertising(&req);
4375f103
JH		 3839
3840 err = hci_req_run(&req, set_advertising_complete);
3841 if (err < 0)
3842 mgmt_pending_remove(cmd);
3843
3844unlock:
3845 hci_dev_unlock(hdev);
3846 return err;
3847}
3848
d13eafce
MH		 3849static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3850 void *data, u16 len)
3851{
3852 struct mgmt_cp_set_static_address *cp = data;
3853 int err;
3854
3855 BT_DBG("%s", hdev->name);
3856
62af4443 3857 if (!lmp_le_capable(hdev))
d13eafce 3858 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3859 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3860
3861 if (hdev_is_powered(hdev))
3862 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3863 MGMT_STATUS_REJECTED);
3864
3865 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3866 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3867 return cmd_status(sk, hdev->id,
3868 MGMT_OP_SET_STATIC_ADDRESS,
3869 MGMT_STATUS_INVALID_PARAMS);
3870
3871 /* Two most significant bits shall be set */
3872 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3873 return cmd_status(sk, hdev->id,
3874 MGMT_OP_SET_STATIC_ADDRESS,
3875 MGMT_STATUS_INVALID_PARAMS);
3876 }
3877
3878 hci_dev_lock(hdev);
3879
3880 bacpy(&hdev->static_addr, &cp->bdaddr);
3881
3882 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3883
3884 hci_dev_unlock(hdev);
3885
3886 return err;
3887}
3888
14b49b9a
MH		 3889static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3890 void *data, u16 len)
3891{
3892 struct mgmt_cp_set_scan_params *cp = data;
3893 __u16 interval, window;
3894 int err;
3895
3896 BT_DBG("%s", hdev->name);
3897
3898 if (!lmp_le_capable(hdev))
3899 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3900 MGMT_STATUS_NOT_SUPPORTED);
3901
3902 interval = __le16_to_cpu(cp->interval);
3903
3904 if (interval < 0x0004 || interval > 0x4000)
3905 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3906 MGMT_STATUS_INVALID_PARAMS);
3907
3908 window = __le16_to_cpu(cp->window);
3909
3910 if (window < 0x0004 || window > 0x4000)
3911 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3912 MGMT_STATUS_INVALID_PARAMS);
3913
899e1075
MH		 3914 if (window > interval)
3915 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3916 MGMT_STATUS_INVALID_PARAMS);
3917
14b49b9a
MH		 3918 hci_dev_lock(hdev);
3919
3920 hdev->le_scan_interval = interval;
3921 hdev->le_scan_window = window;
3922
3923 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3924
3925 hci_dev_unlock(hdev);
3926
3927 return err;
3928}
3929
33e38b3e
JH		 3930static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3931{
3932 struct pending_cmd *cmd;
3933
3934 BT_DBG("status 0x%02x", status);
3935
3936 hci_dev_lock(hdev);
3937
3938 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3939 if (!cmd)
3940 goto unlock;
3941
3942 if (status) {
3943 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3944 mgmt_status(status));
3945 } else {
1a4d3c4b
JH		 3946 struct mgmt_mode *cp = cmd->param;
3947
3948 if (cp->val)
3949 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3950 else
3951 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3952
33e38b3e
JH		 3953 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3954 new_settings(hdev, cmd->sk);
3955 }
3956
3957 mgmt_pending_remove(cmd);
3958
3959unlock:
3960 hci_dev_unlock(hdev);
3961}
3962
bdb6d971 3963static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3964 void *data, u16 len)
f6422ec6 3965{
650f726d 3966 struct mgmt_mode *cp = data;
33e38b3e
JH		 3967 struct pending_cmd *cmd;
3968 struct hci_request req;
f6422ec6
AJ		 3969 int err;
3970
bdb6d971 3971 BT_DBG("%s", hdev->name);
f6422ec6 3972
56f87901
JH		 3973 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3974 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3975 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3976 MGMT_STATUS_NOT_SUPPORTED);
3977
a7e80f25
JH		 3978 if (cp->val != 0x00 && cp->val != 0x01)
3979 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3980 MGMT_STATUS_INVALID_PARAMS);
3981
5400c044 3982 if (!hdev_is_powered(hdev))
bdb6d971 3983 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3984 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3985
3986 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3987 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3988 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3989
3990 hci_dev_lock(hdev);
3991
05cbf29f
JH		 3992 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3993 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3994 MGMT_STATUS_BUSY);
3995 goto unlock;
3996 }
3997
1a4d3c4b
JH		 3998 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3999 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4000 hdev);
4001 goto unlock;
4002 }
4003
33e38b3e
JH		 4004 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4005 data, len);
4006 if (!cmd) {
4007 err = -ENOMEM;
4008 goto unlock;
f6422ec6
AJ		 4009 }
4010
33e38b3e
JH		 4011 hci_req_init(&req, hdev);
4012
406d7804 4013 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4014
4015 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4016 if (err < 0) {
bdb6d971 4017 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4018 MGMT_STATUS_FAILED);
33e38b3e 4019 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4020 }
4021
33e38b3e 4022unlock:
f6422ec6 4023 hci_dev_unlock(hdev);
33e38b3e 4024
f6422ec6
AJ		 4025 return err;
4026}
4027
67e5a7a3
JH		 4028static void set_bredr_scan(struct hci_request *req)
4029{
4030 struct hci_dev *hdev = req->hdev;
4031 u8 scan = 0;
4032
4033 /* Ensure that fast connectable is disabled. This function will
4034 * not do anything if the page scan parameters are already what
4035 * they should be.
4036 */
4037 write_fast_connectable(req, false);
4038
4039 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4040 scan |= SCAN_PAGE;
4041 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4042 scan |= SCAN_INQUIRY;
4043
4044 if (scan)
4045 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4046}
4047
0663ca2a
JH		 4048static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4049{
4050 struct pending_cmd *cmd;
4051
4052 BT_DBG("status 0x%02x", status);
4053
4054 hci_dev_lock(hdev);
4055
4056 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4057 if (!cmd)
4058 goto unlock;
4059
4060 if (status) {
4061 u8 mgmt_err = mgmt_status(status);
4062
4063 /* We need to restore the flag if related HCI commands
4064 * failed.
4065 */
4066 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4067
4068 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4069 } else {
4070 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4071 new_settings(hdev, cmd->sk);
4072 }
4073
4074 mgmt_pending_remove(cmd);
4075
4076unlock:
4077 hci_dev_unlock(hdev);
4078}
4079
4080static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4081{
4082 struct mgmt_mode *cp = data;
4083 struct pending_cmd *cmd;
4084 struct hci_request req;
4085 int err;
4086
4087 BT_DBG("request for %s", hdev->name);
4088
4089 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4090 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4091 MGMT_STATUS_NOT_SUPPORTED);
4092
4093 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4094 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4095 MGMT_STATUS_REJECTED);
4096
4097 if (cp->val != 0x00 && cp->val != 0x01)
4098 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4099 MGMT_STATUS_INVALID_PARAMS);
4100
4101 hci_dev_lock(hdev);
4102
4103 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4104 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4105 goto unlock;
4106 }
4107
4108 if (!hdev_is_powered(hdev)) {
4109 if (!cp->val) {
0663ca2a
JH		 4110 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4111 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4112 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4113 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4114 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4115 }
4116
4117 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4118
4119 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4120 if (err < 0)
4121 goto unlock;
4122
4123 err = new_settings(hdev, sk);
4124 goto unlock;
4125 }
4126
4127 /* Reject disabling when powered on */
4128 if (!cp->val) {
4129 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4130 MGMT_STATUS_REJECTED);
4131 goto unlock;
4132 }
4133
4134 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4135 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4136 MGMT_STATUS_BUSY);
4137 goto unlock;
4138 }
4139
4140 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4141 if (!cmd) {
4142 err = -ENOMEM;
4143 goto unlock;
4144 }
4145
5947f4bc 4146 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4147 * generates the correct flags.
4148 */
4149 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4150
4151 hci_req_init(&req, hdev);
aa8af46e
JH		 4152
4153 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4154 set_bredr_scan(&req);
4155
f14d8f64
MH		 4156 /* Since only the advertising data flags will change, there
4157 * is no need to update the scan response data.
4158 */
5947f4bc 4159 update_adv_data(&req);
aa8af46e 4160
0663ca2a
JH		 4161 err = hci_req_run(&req, set_bredr_complete);
4162 if (err < 0)
4163 mgmt_pending_remove(cmd);
4164
4165unlock:
4166 hci_dev_unlock(hdev);
4167 return err;
4168}
4169
eac83dc6
MH		 4170static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4171 void *data, u16 len)
4172{
4173 struct mgmt_mode *cp = data;
4174 struct pending_cmd *cmd;
0ab04a9c 4175 u8 val, status;
eac83dc6
MH		 4176 int err;
4177
4178 BT_DBG("request for %s", hdev->name);
4179
4180 status = mgmt_bredr_support(hdev);
4181 if (status)
4182 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4183 status);
4184
5afeac14
MH		 4185 if (!lmp_sc_capable(hdev) &&
4186 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
eac83dc6
MH		 4187 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4188 MGMT_STATUS_NOT_SUPPORTED);
4189
0ab04a9c 4190 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4191 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4192 MGMT_STATUS_INVALID_PARAMS);
4193
4194 hci_dev_lock(hdev);
4195
4196 if (!hdev_is_powered(hdev)) {
4197 bool changed;
4198
0ab04a9c 4199 if (cp->val) {
eac83dc6
MH		 4200 changed = !test_and_set_bit(HCI_SC_ENABLED,
4201 &hdev->dev_flags);
0ab04a9c
MH		 4202 if (cp->val == 0x02)
4203 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4204 else
4205 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4206 } else {
eac83dc6
MH		 4207 changed = test_and_clear_bit(HCI_SC_ENABLED,
4208 &hdev->dev_flags);
0ab04a9c
MH		 4209 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4210 }
eac83dc6
MH		 4211
4212 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4213 if (err < 0)
4214 goto failed;
4215
4216 if (changed)
4217 err = new_settings(hdev, sk);
4218
4219 goto failed;
4220 }
4221
4222 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4223 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4224 MGMT_STATUS_BUSY);
4225 goto failed;
4226 }
4227
0ab04a9c
MH		 4228 val = !!cp->val;
4229
4230 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4231 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4232 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4233 goto failed;
4234 }
4235
4236 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4237 if (!cmd) {
4238 err = -ENOMEM;
4239 goto failed;
4240 }
4241
0ab04a9c 4242 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4243 if (err < 0) {
4244 mgmt_pending_remove(cmd);
4245 goto failed;
4246 }
4247
0ab04a9c
MH		 4248 if (cp->val == 0x02)
4249 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4250 else
4251 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4252
eac83dc6
MH		 4253failed:
4254 hci_dev_unlock(hdev);
4255 return err;
4256}
4257
4e39ac81
MH		 4258static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4259 void *data, u16 len)
4260{
4261 struct mgmt_mode *cp = data;
4262 bool changed;
4263 int err;
4264
4265 BT_DBG("request for %s", hdev->name);
4266
4267 if (cp->val != 0x00 && cp->val != 0x01)
4268 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4269 MGMT_STATUS_INVALID_PARAMS);
4270
4271 hci_dev_lock(hdev);
4272
4273 if (cp->val)
4274 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4275 else
4276 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4277
4278 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4279 if (err < 0)
4280 goto unlock;
4281
4282 if (changed)
4283 err = new_settings(hdev, sk);
4284
4285unlock:
4286 hci_dev_unlock(hdev);
4287 return err;
4288}
4289
62b04cd1
JH		 4290static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4291 u16 len)
4292{
4293 struct mgmt_cp_set_privacy *cp = cp_data;
4294 bool changed;
4295 int err;
4296
4297 BT_DBG("request for %s", hdev->name);
4298
4299 if (!lmp_le_capable(hdev))
4300 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4301 MGMT_STATUS_NOT_SUPPORTED);
4302
4303 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4304 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4305 MGMT_STATUS_INVALID_PARAMS);
4306
4307 if (hdev_is_powered(hdev))
4308 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4309 MGMT_STATUS_REJECTED);
4310
4311 hci_dev_lock(hdev);
4312
c21c0ea0
JH		 4313 /* If user space supports this command it is also expected to
4314 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4315 */
4316 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4317
62b04cd1
JH		 4318 if (cp->privacy) {
4319 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4320 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4321 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4322 } else {
4323 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4324 memset(hdev->irk, 0, sizeof(hdev->irk));
4325 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4326 }
4327
4328 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4329 if (err < 0)
4330 goto unlock;
4331
4332 if (changed)
4333 err = new_settings(hdev, sk);
4334
4335unlock:
4336 hci_dev_unlock(hdev);
4337 return err;
4338}
4339
41edf160
JH		 4340static bool irk_is_valid(struct mgmt_irk_info *irk)
4341{
4342 switch (irk->addr.type) {
4343 case BDADDR_LE_PUBLIC:
4344 return true;
4345
4346 case BDADDR_LE_RANDOM:
4347 /* Two most significant bits shall be set */
4348 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4349 return false;
4350 return true;
4351 }
4352
4353 return false;
4354}
4355
4356static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4357 u16 len)
4358{
4359 struct mgmt_cp_load_irks *cp = cp_data;
4360 u16 irk_count, expected_len;
4361 int i, err;
4362
4363 BT_DBG("request for %s", hdev->name);
4364
4365 if (!lmp_le_capable(hdev))
4366 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4367 MGMT_STATUS_NOT_SUPPORTED);
4368
4369 irk_count = __le16_to_cpu(cp->irk_count);
4370
4371 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4372 if (expected_len != len) {
4373 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4374 len, expected_len);
4375 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4376 MGMT_STATUS_INVALID_PARAMS);
4377 }
4378
4379 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4380
4381 for (i = 0; i < irk_count; i++) {
4382 struct mgmt_irk_info *key = &cp->irks[i];
4383
4384 if (!irk_is_valid(key))
4385 return cmd_status(sk, hdev->id,
4386 MGMT_OP_LOAD_IRKS,
4387 MGMT_STATUS_INVALID_PARAMS);
4388 }
4389
4390 hci_dev_lock(hdev);
4391
4392 hci_smp_irks_clear(hdev);
4393
4394 for (i = 0; i < irk_count; i++) {
4395 struct mgmt_irk_info *irk = &cp->irks[i];
4396 u8 addr_type;
4397
4398 if (irk->addr.type == BDADDR_LE_PUBLIC)
4399 addr_type = ADDR_LE_DEV_PUBLIC;
4400 else
4401 addr_type = ADDR_LE_DEV_RANDOM;
4402
4403 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4404 BDADDR_ANY);
4405 }
4406
4407 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4408
4409 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4410
4411 hci_dev_unlock(hdev);
4412
4413 return err;
4414}
4415
3f706b72
JH		 4416static bool ltk_is_valid(struct mgmt_ltk_info *key)
4417{
4418 if (key->master != 0x00 && key->master != 0x01)
4419 return false;
490cb0b3
MH		 4420
4421 switch (key->addr.type) {
4422 case BDADDR_LE_PUBLIC:
4423 return true;
4424
4425 case BDADDR_LE_RANDOM:
4426 /* Two most significant bits shall be set */
4427 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4428 return false;
4429 return true;
4430 }
4431
4432 return false;
3f706b72
JH		 4433}
4434
bdb6d971 4435static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4436 void *cp_data, u16 len)
346af67b 4437{
346af67b
VCG		 4438 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4439 u16 key_count, expected_len;
715a5bf2 4440 int i, err;
346af67b 4441
cf99ba13
MH		 4442 BT_DBG("request for %s", hdev->name);
4443
4444 if (!lmp_le_capable(hdev))
4445 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4446 MGMT_STATUS_NOT_SUPPORTED);
4447
1f350c87 4448 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4449
4450 expected_len = sizeof(*cp) + key_count *
4451 sizeof(struct mgmt_ltk_info);
4452 if (expected_len != len) {
4453 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 4454 len, expected_len);
bdb6d971 4455 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4456 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4457 }
4458
bdb6d971 4459 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4460
54ad6d8a
JH		 4461 for (i = 0; i < key_count; i++) {
4462 struct mgmt_ltk_info *key = &cp->keys[i];
4463
3f706b72 4464 if (!ltk_is_valid(key))
54ad6d8a
JH		 4465 return cmd_status(sk, hdev->id,
4466 MGMT_OP_LOAD_LONG_TERM_KEYS,
4467 MGMT_STATUS_INVALID_PARAMS);
4468 }
4469
346af67b
VCG		 4470 hci_dev_lock(hdev);
4471
4472 hci_smp_ltks_clear(hdev);
4473
4474 for (i = 0; i < key_count; i++) {
4475 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 4476 u8 type, addr_type;
4477
4478 if (key->addr.type == BDADDR_LE_PUBLIC)
4479 addr_type = ADDR_LE_DEV_PUBLIC;
4480 else
4481 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4482
4483 if (key->master)
4484 type = HCI_SMP_LTK;
4485 else
4486 type = HCI_SMP_LTK_SLAVE;
4487
35d70271
JH		 4488 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4489 key->type, key->val, key->enc_size, key->ediv,
4490 key->rand);
346af67b
VCG		 4491 }
4492
715a5bf2
JH		 4493 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4494 NULL, 0);
4495
346af67b 4496 hci_dev_unlock(hdev);
346af67b 4497
715a5bf2 4498 return err;
346af67b
VCG		 4499}
4500
2e3c35ea 4501static const struct mgmt_handler {
04124681
GP		 4502 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4503 u16 data_len);
be22b54e
JH		 4504 bool var_len;
4505 size_t data_len;
0f4e68cf
JH		 4506} mgmt_handlers[] = {
4507 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4508 { read_version, false, MGMT_READ_VERSION_SIZE },
4509 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4510 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4511 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4512 { set_powered, false, MGMT_SETTING_SIZE },
4513 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4514 { set_connectable, false, MGMT_SETTING_SIZE },
4515 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4516 { set_pairable, false, MGMT_SETTING_SIZE },
4517 { set_link_security, false, MGMT_SETTING_SIZE },
4518 { set_ssp, false, MGMT_SETTING_SIZE },
4519 { set_hs, false, MGMT_SETTING_SIZE },
4520 { set_le, false, MGMT_SETTING_SIZE },
4521 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4522 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4523 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4524 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4525 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4526 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4527 { disconnect, false, MGMT_DISCONNECT_SIZE },
4528 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4529 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4530 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4531 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4532 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4533 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4534 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4535 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4536 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4537 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4538 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4539 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 4540 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 4541 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4542 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4543 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4544 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4545 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4546 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4547 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4548 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4549 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4550 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4551 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 4552 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 4553 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 4554 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 4555 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
0f4e68cf
JH		 4556};
4557
4558
0381101f
JH		 4559int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4560{
650f726d
VCG		 4561 void *buf;
4562 u8 *cp;
0381101f 4563 struct mgmt_hdr *hdr;
4e51eae9 4564 u16 opcode, index, len;
bdb6d971 4565 struct hci_dev *hdev = NULL;
2e3c35ea 4566 const struct mgmt_handler *handler;
0381101f
JH		 4567 int err;
4568
4569 BT_DBG("got %zu bytes", msglen);
4570
4571 if (msglen < sizeof(*hdr))
4572 return -EINVAL;
4573
e63a15ec 4574 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4575 if (!buf)
4576 return -ENOMEM;
4577
4578 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4579 err = -EFAULT;
4580 goto done;
4581 }
4582
650f726d 4583 hdr = buf;
1f350c87
MH		 4584 opcode = __le16_to_cpu(hdr->opcode);
4585 index = __le16_to_cpu(hdr->index);
4586 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4587
4588 if (len != msglen - sizeof(*hdr)) {
4589 err = -EINVAL;
4590 goto done;
4591 }
4592
0f4e68cf 4593 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4594 hdev = hci_dev_get(index);
4595 if (!hdev) {
4596 err = cmd_status(sk, index, opcode,
04124681 4597 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4598 goto done;
4599 }
0736cfa8 4600
cebf4cfd
JH		 4601 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4602 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4603 err = cmd_status(sk, index, opcode,
4604 MGMT_STATUS_INVALID_INDEX);
4605 goto done;
4606 }
bdb6d971
JH		 4607 }
4608
0f4e68cf 4609 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4610 mgmt_handlers[opcode].func == NULL) {
0381101f 4611 BT_DBG("Unknown op %u", opcode);
ca69b795 4612 err = cmd_status(sk, index, opcode,
04124681 4613 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4614 goto done;
4615 }
4616
4617 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4618 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4619 err = cmd_status(sk, index, opcode,
04124681 4620 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4621 goto done;
0381101f
JH		 4622 }
4623
be22b54e
JH		 4624 handler = &mgmt_handlers[opcode];
4625
4626 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4627 (!handler->var_len && len != handler->data_len)) {
be22b54e 4628 err = cmd_status(sk, index, opcode,
04124681 4629 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4630 goto done;
4631 }
4632
0f4e68cf
JH		 4633 if (hdev)
4634 mgmt_init_hdev(sk, hdev);
4635
4636 cp = buf + sizeof(*hdr);
4637
be22b54e 4638 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4639 if (err < 0)
4640 goto done;
4641
0381101f
JH		 4642 err = msglen;
4643
4644done:
bdb6d971
JH		 4645 if (hdev)
4646 hci_dev_put(hdev);
4647
0381101f
JH		 4648 kfree(buf);
4649 return err;
4650}
c71e97bf 4651
bf6b56db 4652void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4653{
1514b892 4654 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4655 return;
bb4b2a9a 4656
bf6b56db 4657 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4658}
4659
bf6b56db 4660void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4661{
5f159032 4662 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4663
1514b892 4664 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4665 return;
bb4b2a9a 4666
744cf19e 4667 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4668
bf6b56db 4669 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4670}
4671
229ab39c
JH		 4672static void powered_complete(struct hci_dev *hdev, u8 status)
4673{
4674 struct cmd_lookup match = { NULL, hdev };
4675
4676 BT_DBG("status 0x%02x", status);
4677
4678 hci_dev_lock(hdev);
4679
4680 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4681
4682 new_settings(hdev, match.sk);
4683
4684 hci_dev_unlock(hdev);
4685
4686 if (match.sk)
4687 sock_put(match.sk);
4688}
4689
70da6243 4690static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4691{
890ea898 4692 struct hci_request req;
70da6243 4693 u8 link_sec;
5add6af8 4694
890ea898
JH		 4695 hci_req_init(&req, hdev);
4696
70da6243
JH		 4697 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4698 !lmp_host_ssp_capable(hdev)) {
4699 u8 ssp = 1;
5e5282bb 4700
890ea898 4701 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4702 }
5add6af8 4703
c73eee91
JH		 4704 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4705 lmp_bredr_capable(hdev)) {
70da6243 4706 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4707
70da6243
JH		 4708 cp.le = 1;
4709 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4710
70da6243
JH		 4711 /* Check first if we already have the right
4712 * host state (host features set)
4713 */
4714 if (cp.le != lmp_host_le_capable(hdev) ||
4715 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4716 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4717 sizeof(cp), &cp);
70da6243 4718 }
3d1cbdd6 4719
d13eafce 4720 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 4721 /* Make sure the controller has a good default for
4722 * advertising data. This also applies to the case
4723 * where BR/EDR was toggled during the AUTO_OFF phase.
4724 */
f14d8f64 4725 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 4726 update_adv_data(&req);
f14d8f64
MH		 4727 update_scan_rsp_data(&req);
4728 }
441ad2d0 4729
bba3aa55
MH		 4730 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4731 enable_advertising(&req);
eeca6f89
JH		 4732 }
4733
70da6243
JH		 4734 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4735 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4736 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4737 sizeof(link_sec), &link_sec);
562fcc24 4738
70da6243 4739 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4740 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4741 set_bredr_scan(&req);
890ea898 4742 update_class(&req);
13928971 4743 update_name(&req);
890ea898 4744 update_eir(&req);
70da6243 4745 }
562fcc24 4746
229ab39c 4747 return hci_req_run(&req, powered_complete);
70da6243 4748}
562fcc24 4749
70da6243
JH		 4750int mgmt_powered(struct hci_dev *hdev, u8 powered)
4751{
4752 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4753 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4754 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4755 int err;
f0ff92fb 4756
70da6243
JH		 4757 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4758 return 0;
4759
70da6243 4760 if (powered) {
229ab39c
JH		 4761 if (powered_update_hci(hdev) == 0)
4762 return 0;
fe038884 4763
229ab39c
JH		 4764 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4765 &match);
4766 goto new_settings;
b24752fe
JH		 4767 }
4768
229ab39c
JH		 4769 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4770 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4771
4772 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4773 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4774 zero_cod, sizeof(zero_cod), NULL);
4775
4776new_settings:
beadb2bd 4777 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4778
4779 if (match.sk)
4780 sock_put(match.sk);
4781
7bb895d6 4782 return err;
5add6af8 4783}
73f22f62 4784
3eec705e 4785void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4786{
4787 struct pending_cmd *cmd;
4788 u8 status;
4789
4790 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4791 if (!cmd)
3eec705e 4792 return;
96570ffc
JH		 4793
4794 if (err == -ERFKILL)
4795 status = MGMT_STATUS_RFKILLED;
4796 else
4797 status = MGMT_STATUS_FAILED;
4798
3eec705e 4799 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4800
4801 mgmt_pending_remove(cmd);
96570ffc
JH		 4802}
4803
d1967ff8
MH		 4804void mgmt_discoverable_timeout(struct hci_dev *hdev)
4805{
4806 struct hci_request req;
d1967ff8
MH		 4807
4808 hci_dev_lock(hdev);
4809
4810 /* When discoverable timeout triggers, then just make sure
4811 * the limited discoverable flag is cleared. Even in the case
4812 * of a timeout triggered from general discoverable, it is
4813 * safe to unconditionally clear the flag.
4814 */
4815 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 4816 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 4817
4818 hci_req_init(&req, hdev);
4b580614
JH		 4819 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4820 u8 scan = SCAN_PAGE;
4821 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4822 sizeof(scan), &scan);
4823 }
d1967ff8 4824 update_class(&req);
9a43e25f 4825 update_adv_data(&req);
d1967ff8
MH		 4826 hci_req_run(&req, NULL);
4827
4828 hdev->discov_timeout = 0;
4829
9a43e25f
JH		 4830 new_settings(hdev, NULL);
4831
d1967ff8
MH		 4832 hci_dev_unlock(hdev);
4833}
4834
86a75645 4835void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4836{
86a75645 4837 bool changed;
73f22f62 4838
bfaf8c9f
JH		 4839 /* Nothing needed here if there's a pending command since that
4840 * commands request completion callback takes care of everything
4841 * necessary.
4842 */
4843 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 4844 return;
bfaf8c9f 4845
bd107999
JH		 4846 /* Powering off may clear the scan mode - don't let that interfere */
4847 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4848 return;
4849
9a43e25f 4850 if (discoverable) {
86a75645 4851 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4852 } else {
4853 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 4854 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4855 }
4856
4857 if (changed) {
4858 struct hci_request req;
4859
4860 /* In case this change in discoverable was triggered by
4861 * a disabling of connectable there could be a need to
4862 * update the advertising flags.
4863 */
4864 hci_req_init(&req, hdev);
4865 update_adv_data(&req);
4866 hci_req_run(&req, NULL);
73f22f62 4867
86a75645 4868 new_settings(hdev, NULL);
9a43e25f 4869 }
73f22f62 4870}
9fbcbb45 4871
a330916c 4872void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4873{
a330916c 4874 bool changed;
9fbcbb45 4875
d7b856f9
JH		 4876 /* Nothing needed here if there's a pending command since that
4877 * commands request completion callback takes care of everything
4878 * necessary.
4879 */
4880 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 4881 return;
d7b856f9 4882
ce3f24cf
JH		 4883 /* Powering off may clear the scan mode - don't let that interfere */
4884 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4885 return;
4886
a330916c
MH		 4887 if (connectable)
4888 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4889 else
4890 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 4891
beadb2bd 4892 if (changed)
a330916c 4893 new_settings(hdev, NULL);
9fbcbb45 4894}
55ed8ca1 4895
778b235a
JH		 4896void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
4897{
7c4cfab8
JH		 4898 /* Powering off may stop advertising - don't let that interfere */
4899 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4900 return;
4901
778b235a
JH		 4902 if (advertising)
4903 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4904 else
4905 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4906}
4907
4796e8af 4908void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4909{
ca69b795
JH		 4910 u8 mgmt_err = mgmt_status(status);
4911
2d7cee58 4912 if (scan & SCAN_PAGE)
744cf19e 4913 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4914 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4915
4916 if (scan & SCAN_INQUIRY)
744cf19e 4917 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4918 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4919}
4920
dc4a5ee2
MH		 4921void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4922 bool persistent)
55ed8ca1 4923{
86742e1e 4924 struct mgmt_ev_new_link_key ev;
55ed8ca1 4925
a492cd52 4926 memset(&ev, 0, sizeof(ev));
55ed8ca1 4927
a492cd52 4928 ev.store_hint = persistent;
d753fdc4 4929 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4930 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4931 ev.key.type = key->type;
9b3b4460 4932 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4933 ev.key.pin_len = key->pin_len;
55ed8ca1 4934
dc4a5ee2 4935 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4936}
f7520543 4937
ba74b666 4938void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key)
346af67b
VCG		 4939{
4940 struct mgmt_ev_new_long_term_key ev;
4941
4942 memset(&ev, 0, sizeof(ev));
4943
5192d301
MH		 4944 /* Devices using resolvable or non-resolvable random addresses
4945 * without providing an indentity resolving key don't require
4946 * to store long term keys. Their addresses will change the
4947 * next time around.
4948 *
4949 * Only when a remote device provides an identity address
4950 * make sure the long term key is stored. If the remote
4951 * identity is known, the long term keys are internally
4952 * mapped to the identity address. So allow static random
4953 * and public addresses here.
4954 */
ba74b666
JH		 4955 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
4956 (key->bdaddr.b[5] & 0xc0) != 0xc0)
4957 ev.store_hint = 0x00;
4958 else
4959 ev.store_hint = 0x01;
4960
346af67b 4961 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4962 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d40f3eef 4963 ev.key.type = key->authenticated;
346af67b
VCG		 4964 ev.key.enc_size = key->enc_size;
4965 ev.key.ediv = key->ediv;
4966
4967 if (key->type == HCI_SMP_LTK)
4968 ev.key.master = 1;
4969
4970 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4971 memcpy(ev.key.val, key->val, sizeof(key->val));
4972
083368f7 4973 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 4974}
4975
95fbac8a
JH		 4976void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
4977{
4978 struct mgmt_ev_new_irk ev;
4979
4980 memset(&ev, 0, sizeof(ev));
4981
bab6d1e5
MH		 4982 /* For identity resolving keys from devices that are already
4983 * using a public address or static random address, do not
4984 * ask for storing this key. The identity resolving key really
4985 * is only mandatory for devices using resovlable random
4986 * addresses.
4987 *
4988 * Storing all identity resolving keys has the downside that
4989 * they will be also loaded on next boot of they system. More
4990 * identity resolving keys, means more time during scanning is
4991 * needed to actually resolve these addresses.
4992 */
4993 if (bacmp(&irk->rpa, BDADDR_ANY))
4994 ev.store_hint = 0x01;
4995 else
4996 ev.store_hint = 0x00;
4997
95fbac8a
JH		 4998 bacpy(&ev.rpa, &irk->rpa);
4999 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5000 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5001 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5002
5003 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5004}
5005
94933991
MH		 5006static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5007 u8 data_len)
5008{
5009 eir[eir_len++] = sizeof(type) + data_len;
5010 eir[eir_len++] = type;
5011 memcpy(&eir[eir_len], data, data_len);
5012 eir_len += data_len;
5013
5014 return eir_len;
5015}
5016
ecd90ae7
MH		 5017void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5018 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5019 u8 *dev_class)
f7520543 5020{
b644ba33
JH		 5021 char buf[512];
5022 struct mgmt_ev_device_connected *ev = (void *) buf;
5023 u16 eir_len = 0;
f7520543 5024
b644ba33 5025 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5026 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 5027
c95f0ba7 5028 ev->flags = __cpu_to_le32(flags);
08c79b61 5029
b644ba33
JH		 5030 if (name_len > 0)
5031 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 5032 name, name_len);
b644ba33
JH		 5033
5034 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 5035 eir_len = eir_append_data(ev->eir, eir_len,
04124681 5036 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 5037
eb55ef07 5038 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 5039
ecd90ae7
MH		 5040 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5041 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 5042}
5043
8962ee74
JH		 5044static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5045{
c68fb7ff 5046 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 5047 struct sock **sk = data;
a38528f1 5048 struct mgmt_rp_disconnect rp;
8962ee74 5049
88c3df13
JH		 5050 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5051 rp.addr.type = cp->addr.type;
8962ee74 5052
aee9b218 5053 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 5054 sizeof(rp));
8962ee74
JH		 5055
5056 *sk = cmd->sk;
5057 sock_hold(*sk);
5058
a664b5bc 5059 mgmt_pending_remove(cmd);
8962ee74
JH		 5060}
5061
124f6e35 5062static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 5063{
b1078ad0 5064 struct hci_dev *hdev = data;
124f6e35
JH		 5065 struct mgmt_cp_unpair_device *cp = cmd->param;
5066 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 5067
5068 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 5069 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5070 rp.addr.type = cp->addr.type;
a8a1d19e 5071
b1078ad0
JH		 5072 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5073
aee9b218 5074 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 5075
5076 mgmt_pending_remove(cmd);
5077}
5078
9b80ec5e 5079void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 5080 u8 link_type, u8 addr_type, u8 reason,
5081 bool mgmt_connected)
f7520543 5082{
f0d6a0ea 5083 struct mgmt_ev_device_disconnected ev;
8b064a3a 5084 struct pending_cmd *power_off;
8962ee74 5085 struct sock *sk = NULL;
8962ee74 5086
8b064a3a
JH		 5087 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5088 if (power_off) {
5089 struct mgmt_mode *cp = power_off->param;
5090
5091 /* The connection is still in hci_conn_hash so test for 1
5092 * instead of 0 to know if this is the last one.
5093 */
5094 if (!cp->val && hci_conn_count(hdev) == 1)
5095 queue_work(hdev->req_workqueue, &hdev->power_off.work);
5096 }
5097
12d4a3b2
JH		 5098 if (!mgmt_connected)
5099 return;
5100
57eb776f
AG		 5101 if (link_type != ACL_LINK && link_type != LE_LINK)
5102 return;
5103
744cf19e 5104 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5105
f0d6a0ea
MA		 5106 bacpy(&ev.addr.bdaddr, bdaddr);
5107 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5108 ev.reason = reason;
f7520543 5109
9b80ec5e 5110 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5111
5112 if (sk)
d97dcb66 5113 sock_put(sk);
8962ee74 5114
124f6e35 5115 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5116 hdev);
8962ee74
JH		 5117}
5118
7892924c
MH		 5119void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5120 u8 link_type, u8 addr_type, u8 status)
8962ee74 5121{
3655bba8
AG		 5122 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5123 struct mgmt_cp_disconnect *cp;
88c3df13 5124 struct mgmt_rp_disconnect rp;
8962ee74 5125 struct pending_cmd *cmd;
8962ee74 5126
36a75f1b
JD		 5127 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5128 hdev);
5129
2e58ef3e 5130 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5131 if (!cmd)
7892924c 5132 return;
8962ee74 5133
3655bba8
AG		 5134 cp = cmd->param;
5135
5136 if (bacmp(bdaddr, &cp->addr.bdaddr))
5137 return;
5138
5139 if (cp->addr.type != bdaddr_type)
5140 return;
5141
88c3df13 5142 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5143 rp.addr.type = bdaddr_type;
37d9ef76 5144
7892924c
MH		 5145 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5146 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5147
a664b5bc 5148 mgmt_pending_remove(cmd);
f7520543 5149}
17d5c04c 5150
445608d0
MH		 5151void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5152 u8 addr_type, u8 status)
17d5c04c
JH		 5153{
5154 struct mgmt_ev_connect_failed ev;
5155
4c659c39 5156 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5157 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5158 ev.status = mgmt_status(status);
17d5c04c 5159
445608d0 5160 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5161}
980e1a53 5162
ce0e4a0d 5163void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 5164{
5165 struct mgmt_ev_pin_code_request ev;
5166
d8457698 5167 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 5168 ev.addr.type = BDADDR_BREDR;
a770bb5a 5169 ev.secure = secure;
980e1a53 5170
ce0e4a0d 5171 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 5172}
5173
e669cf80
MH		 5174void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5175 u8 status)
980e1a53
JH		 5176{
5177 struct pending_cmd *cmd;
ac56fb13 5178 struct mgmt_rp_pin_code_reply rp;
980e1a53 5179
2e58ef3e 5180 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 5181 if (!cmd)
e669cf80 5182 return;
980e1a53 5183
d8457698 5184 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5185 rp.addr.type = BDADDR_BREDR;
ac56fb13 5186
e669cf80
MH		 5187 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5188 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5189
a664b5bc 5190 mgmt_pending_remove(cmd);
980e1a53
JH		 5191}
5192
3eb38528
MH		 5193void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5194 u8 status)
980e1a53
JH		 5195{
5196 struct pending_cmd *cmd;
ac56fb13 5197 struct mgmt_rp_pin_code_reply rp;
980e1a53 5198
2e58ef3e 5199 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 5200 if (!cmd)
3eb38528 5201 return;
980e1a53 5202
d8457698 5203 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5204 rp.addr.type = BDADDR_BREDR;
ac56fb13 5205
3eb38528
MH		 5206 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5207 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5208
a664b5bc 5209 mgmt_pending_remove(cmd);
980e1a53 5210}
a5c29683 5211
744cf19e 5212int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 5213 u8 link_type, u8 addr_type, __le32 value,
5214 u8 confirm_hint)
a5c29683
JH		 5215{
5216 struct mgmt_ev_user_confirm_request ev;
5217
744cf19e 5218 BT_DBG("%s", hdev->name);
a5c29683 5219
272d90df 5220 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5221 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 5222 ev.confirm_hint = confirm_hint;
78e8098e 5223 ev.value = value;
a5c29683 5224
744cf19e 5225 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 5226 NULL);
a5c29683
JH		 5227}
5228
272d90df 5229int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 5230 u8 link_type, u8 addr_type)
604086b7
BG		 5231{
5232 struct mgmt_ev_user_passkey_request ev;
5233
5234 BT_DBG("%s", hdev->name);
5235
272d90df 5236 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5237 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 5238
5239 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 5240 NULL);
604086b7
BG		 5241}
5242
0df4c185 5243static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 5244 u8 link_type, u8 addr_type, u8 status,
5245 u8 opcode)
a5c29683
JH		 5246{
5247 struct pending_cmd *cmd;
5248 struct mgmt_rp_user_confirm_reply rp;
5249 int err;
5250
2e58ef3e 5251 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 5252 if (!cmd)
5253 return -ENOENT;
5254
272d90df 5255 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 5256 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 5257 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 5258 &rp, sizeof(rp));
a5c29683 5259
a664b5bc 5260 mgmt_pending_remove(cmd);
a5c29683
JH		 5261
5262 return err;
5263}
5264
744cf19e 5265int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5266 u8 link_type, u8 addr_type, u8 status)
a5c29683 5267{
272d90df 5268 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5269 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 5270}
5271
272d90df 5272int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5273 u8 link_type, u8 addr_type, u8 status)
a5c29683 5274{
272d90df 5275 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5276 status,
5277 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 5278}
2a611692 5279
604086b7 5280int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5281 u8 link_type, u8 addr_type, u8 status)
604086b7 5282{
272d90df 5283 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5284 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 5285}
5286
272d90df 5287int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5288 u8 link_type, u8 addr_type, u8 status)
604086b7 5289{
272d90df 5290 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5291 status,
5292 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 5293}
5294
92a25256
JH		 5295int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5296 u8 link_type, u8 addr_type, u32 passkey,
5297 u8 entered)
5298{
5299 struct mgmt_ev_passkey_notify ev;
5300
5301 BT_DBG("%s", hdev->name);
5302
5303 bacpy(&ev.addr.bdaddr, bdaddr);
5304 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5305 ev.passkey = __cpu_to_le32(passkey);
5306 ev.entered = entered;
5307
5308 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5309}
5310
e546099c
MH		 5311void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5312 u8 addr_type, u8 status)
2a611692
JH		 5313{
5314 struct mgmt_ev_auth_failed ev;
5315
bab73cb6 5316 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5317 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5318 ev.status = mgmt_status(status);
2a611692 5319
e546099c 5320 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 5321}
b312b161 5322
464996ae 5323void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 5324{
5325 struct cmd_lookup match = { NULL, hdev };
464996ae 5326 bool changed;
33ef95ed
JH		 5327
5328 if (status) {
5329 u8 mgmt_err = mgmt_status(status);
5330 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 5331 cmd_status_rsp, &mgmt_err);
464996ae 5332 return;
33ef95ed
JH		 5333 }
5334
464996ae
MH		 5335 if (test_bit(HCI_AUTH, &hdev->flags))
5336 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5337 &hdev->dev_flags);
5338 else
5339 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5340 &hdev->dev_flags);
47990ea0 5341
33ef95ed 5342 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 5343 &match);
33ef95ed 5344
47990ea0 5345 if (changed)
464996ae 5346 new_settings(hdev, match.sk);
33ef95ed
JH		 5347
5348 if (match.sk)
5349 sock_put(match.sk);
33ef95ed
JH		 5350}
5351
890ea898 5352static void clear_eir(struct hci_request *req)
cacaf52f 5353{
890ea898 5354 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 5355 struct hci_cp_write_eir cp;
5356
976eb20e 5357 if (!lmp_ext_inq_capable(hdev))
890ea898 5358 return;
cacaf52f 5359
c80da27e
JH		 5360 memset(hdev->eir, 0, sizeof(hdev->eir));
5361
cacaf52f
JH		 5362 memset(&cp, 0, sizeof(cp));
5363
890ea898 5364 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 5365}
5366
3e248560 5367void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 5368{
5369 struct cmd_lookup match = { NULL, hdev };
890ea898 5370 struct hci_request req;
c0ecddc2 5371 bool changed = false;
ed2c4ee3
JH		 5372
5373 if (status) {
5374 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 5375
5376 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 5377 &hdev->dev_flags)) {
5378 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 5379 new_settings(hdev, NULL);
9ecb3e24 5380 }
c0ecddc2 5381
04124681
GP		 5382 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5383 &mgmt_err);
3e248560 5384 return;
c0ecddc2
JH		 5385 }
5386
5387 if (enable) {
9ecb3e24 5388 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 5389 } else {
9ecb3e24
MH		 5390 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5391 if (!changed)
5392 changed = test_and_clear_bit(HCI_HS_ENABLED,
5393 &hdev->dev_flags);
5394 else
5395 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 5396 }
5397
5398 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5399
c0ecddc2 5400 if (changed)
3e248560 5401 new_settings(hdev, match.sk);
ed2c4ee3 5402
5fc6ebb1 5403 if (match.sk)
ed2c4ee3
JH		 5404 sock_put(match.sk);
5405
890ea898
JH		 5406 hci_req_init(&req, hdev);
5407
5fc6ebb1 5408 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 5409 update_eir(&req);
5fc6ebb1 5410 else
890ea898
JH		 5411 clear_eir(&req);
5412
5413 hci_req_run(&req, NULL);
ed2c4ee3
JH		 5414}
5415
eac83dc6
MH		 5416void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5417{
5418 struct cmd_lookup match = { NULL, hdev };
5419 bool changed = false;
5420
5421 if (status) {
5422 u8 mgmt_err = mgmt_status(status);
5423
0ab04a9c
MH		 5424 if (enable) {
5425 if (test_and_clear_bit(HCI_SC_ENABLED,
5426 &hdev->dev_flags))
5427 new_settings(hdev, NULL);
5428 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5429 }
eac83dc6
MH		 5430
5431 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5432 cmd_status_rsp, &mgmt_err);
5433 return;
5434 }
5435
0ab04a9c 5436 if (enable) {
eac83dc6 5437 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 5438 } else {
eac83dc6 5439 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 5440 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5441 }
eac83dc6
MH		 5442
5443 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5444 settings_rsp, &match);
5445
5446 if (changed)
5447 new_settings(hdev, match.sk);
5448
5449 if (match.sk)
5450 sock_put(match.sk);
5451}
5452
92da6097 5453static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 5454{
5455 struct cmd_lookup *match = data;
5456
90e70454
JH		 5457 if (match->sk == NULL) {
5458 match->sk = cmd->sk;
5459 sock_hold(match->sk);
5460 }
90e70454
JH		 5461}
5462
4e1b0245
MH		 5463void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5464 u8 status)
7f9a903c 5465{
90e70454 5466 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 5467
92da6097
JH		 5468 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5469 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5470 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 5471
5472 if (!status)
4e1b0245
MH		 5473 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5474 NULL);
90e70454
JH		 5475
5476 if (match.sk)
5477 sock_put(match.sk);
7f9a903c
MH		 5478}
5479
7667da34 5480void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 5481{
b312b161 5482 struct mgmt_cp_set_local_name ev;
13928971 5483 struct pending_cmd *cmd;
28cc7bde 5484
13928971 5485 if (status)
7667da34 5486 return;
b312b161
JH		 5487
5488 memset(&ev, 0, sizeof(ev));
5489 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 5490 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 5491
2e58ef3e 5492 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 5493 if (!cmd) {
5494 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 5495
13928971
JH		 5496 /* If this is a HCI command related to powering on the
5497 * HCI dev don't send any mgmt signals.
5498 */
5499 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 5500 return;
890ea898 5501 }
b312b161 5502
7667da34
MH		 5503 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5504 cmd ? cmd->sk : NULL);
b312b161 5505}
c35938b2 5506
4d2d2796
MH		 5507void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5508 u8 *randomizer192, u8 *hash256,
5509 u8 *randomizer256, u8 status)
c35938b2
SJ		 5510{
5511 struct pending_cmd *cmd;
c35938b2 5512
744cf19e 5513 BT_DBG("%s status %u", hdev->name, status);
c35938b2 5514
2e58ef3e 5515 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 5516 if (!cmd)
3edaf092 5517 return;
c35938b2
SJ		 5518
5519 if (status) {
3edaf092
MH		 5520 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5521 mgmt_status(status));
c35938b2 5522 } else {
4d2d2796
MH		 5523 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5524 hash256 && randomizer256) {
5525 struct mgmt_rp_read_local_oob_ext_data rp;
5526
5527 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5528 memcpy(rp.randomizer192, randomizer192,
5529 sizeof(rp.randomizer192));
c35938b2 5530
4d2d2796
MH		 5531 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5532 memcpy(rp.randomizer256, randomizer256,
5533 sizeof(rp.randomizer256));
c35938b2 5534
4d2d2796
MH		 5535 cmd_complete(cmd->sk, hdev->id,
5536 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5537 &rp, sizeof(rp));
5538 } else {
5539 struct mgmt_rp_read_local_oob_data rp;
5540
5541 memcpy(rp.hash, hash192, sizeof(rp.hash));
5542 memcpy(rp.randomizer, randomizer192,
5543 sizeof(rp.randomizer));
5544
5545 cmd_complete(cmd->sk, hdev->id,
5546 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5547 &rp, sizeof(rp));
5548 }
c35938b2
SJ		 5549 }
5550
5551 mgmt_pending_remove(cmd);
c35938b2 5552}
e17acd40 5553
901801b9
MH		 5554void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5555 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
5556 ssp, u8 *eir, u16 eir_len)
e17acd40 5557{
e319d2e7
JH		 5558 char buf[512];
5559 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 5560 struct smp_irk *irk;
1dc06093 5561 size_t ev_size;
e17acd40 5562
12602d0c 5563 if (!hci_discovery_active(hdev))
901801b9 5564 return;
12602d0c 5565
1dc06093
JH		 5566 /* Leave 5 bytes for a potential CoD field */
5567 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 5568 return;
7d262f86 5569
1dc06093
JH		 5570 memset(buf, 0, sizeof(buf));
5571
5cedbb8d
JH		 5572 irk = hci_get_irk(hdev, bdaddr, addr_type);
5573 if (irk) {
5574 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5575 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5576 } else {
5577 bacpy(&ev->addr.bdaddr, bdaddr);
5578 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5579 }
5580
e319d2e7 5581 ev->rssi = rssi;
9a395a80 5582 if (cfm_name)
612dfce9 5583 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 5584 if (!ssp)
612dfce9 5585 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 5586
1dc06093 5587 if (eir_len > 0)
e319d2e7 5588 memcpy(ev->eir, eir, eir_len);
e17acd40 5589
1dc06093
JH		 5590 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5591 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 5592 dev_class, 3);
1dc06093 5593
eb55ef07 5594 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 5595 ev_size = sizeof(*ev) + eir_len;
f8523598 5596
901801b9 5597 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 5598}
a88a9652 5599
9cf12aee
MH		 5600void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5601 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 5602{
b644ba33
JH		 5603 struct mgmt_ev_device_found *ev;
5604 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5605 u16 eir_len;
a88a9652 5606
b644ba33 5607 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 5608
b644ba33
JH		 5609 memset(buf, 0, sizeof(buf));
5610
5611 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5612 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 5613 ev->rssi = rssi;
5614
5615 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 5616 name_len);
b644ba33 5617
eb55ef07 5618 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 5619
9cf12aee 5620 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 5621}
314b2381 5622
2f1e063b 5623void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 5624{
f963e8e9 5625 struct mgmt_ev_discovering ev;
164a6e78
JH		 5626 struct pending_cmd *cmd;
5627
343fb145
AG		 5628 BT_DBG("%s discovering %u", hdev->name, discovering);
5629
164a6e78 5630 if (discovering)
2e58ef3e 5631 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 5632 else
2e58ef3e 5633 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 5634
5635 if (cmd != NULL) {
f808e166
JH		 5636 u8 type = hdev->discovery.type;
5637
04124681
GP		 5638 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5639 sizeof(type));
164a6e78
JH		 5640 mgmt_pending_remove(cmd);
5641 }
5642
f963e8e9
JH		 5643 memset(&ev, 0, sizeof(ev));
5644 ev.type = hdev->discovery.type;
5645 ev.discovering = discovering;
5646
2f1e063b 5647 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 5648}
5e762444 5649
88c1fe4b 5650int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5651{
5652 struct pending_cmd *cmd;
5653 struct mgmt_ev_device_blocked ev;
5654
2e58ef3e 5655 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 5656
88c1fe4b
JH		 5657 bacpy(&ev.addr.bdaddr, bdaddr);
5658 ev.addr.type = type;
5e762444 5659
744cf19e 5660 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 5661 cmd ? cmd->sk : NULL);
5e762444
AJ		 5662}
5663
88c1fe4b 5664int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5665{
5666 struct pending_cmd *cmd;
5667 struct mgmt_ev_device_unblocked ev;
5668
2e58ef3e 5669 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 5670
88c1fe4b
JH		 5671 bacpy(&ev.addr.bdaddr, bdaddr);
5672 ev.addr.type = type;
5e762444 5673
744cf19e 5674 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 5675 cmd ? cmd->sk : NULL);
5e762444 5676}
5976e608
MH		 5677
5678static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5679{
5680 BT_DBG("%s status %u", hdev->name, status);
5681
5682 /* Clear the advertising mgmt setting if we failed to re-enable it */
5683 if (status) {
5684 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5685 new_settings(hdev, NULL);
5976e608
MH		 5686 }
5687}
5688
5689void mgmt_reenable_advertising(struct hci_dev *hdev)
5690{
5691 struct hci_request req;
5692
b145edcd 5693 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 5694 return;
5695
5696 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5697 return;
5698
5699 hci_req_init(&req, hdev);
5700 enable_advertising(&req);
5701
5702 /* If this fails we have no option but to let user space know
5703 * that we've disabled advertising.
5704 */
5705 if (hci_req_run(&req, adv_enable_complete) < 0) {
5706 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5707 new_settings(hdev, NULL);
5976e608
MH		 5708 }
5709}
Linux kernel - Deliverables
This page took 0.745315 seconds and 5 git commands to generate.