projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Implement the Remove Advertising command
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
0381101f 39
2da9c55c 40#define MGMT_VERSION 1
beb1c21b 41#define MGMT_REVISION 9
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 50 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
4375f103 82 MGMT_OP_SET_ADVERTISING,
0663ca2a 83 MGMT_OP_SET_BREDR,
d13eafce 84 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 85 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 86 MGMT_OP_SET_SECURE_CONN,
4e39ac81 87 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 88 MGMT_OP_SET_PRIVACY,
41edf160 89 MGMT_OP_LOAD_IRKS,
dd983808 90 MGMT_OP_GET_CONN_INFO,
95868426 91 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 94 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 95 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 96 MGMT_OP_READ_CONFIG_INFO,
dbece37a 97 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 98 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 99 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 101 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 102 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 103 MGMT_OP_ADD_ADVERTISING,
da929335 104 MGMT_OP_REMOVE_ADVERTISING,
e70bb2e8
JH		 105};
106
107static const u16 mgmt_events[] = {
108 MGMT_EV_CONTROLLER_ERROR,
109 MGMT_EV_INDEX_ADDED,
110 MGMT_EV_INDEX_REMOVED,
111 MGMT_EV_NEW_SETTINGS,
112 MGMT_EV_CLASS_OF_DEV_CHANGED,
113 MGMT_EV_LOCAL_NAME_CHANGED,
114 MGMT_EV_NEW_LINK_KEY,
115 MGMT_EV_NEW_LONG_TERM_KEY,
116 MGMT_EV_DEVICE_CONNECTED,
117 MGMT_EV_DEVICE_DISCONNECTED,
118 MGMT_EV_CONNECT_FAILED,
119 MGMT_EV_PIN_CODE_REQUEST,
120 MGMT_EV_USER_CONFIRM_REQUEST,
121 MGMT_EV_USER_PASSKEY_REQUEST,
122 MGMT_EV_AUTH_FAILED,
123 MGMT_EV_DEVICE_FOUND,
124 MGMT_EV_DISCOVERING,
125 MGMT_EV_DEVICE_BLOCKED,
126 MGMT_EV_DEVICE_UNBLOCKED,
127 MGMT_EV_DEVICE_UNPAIRED,
92a25256 128 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 129 MGMT_EV_NEW_IRK,
7ee4ea36 130 MGMT_EV_NEW_CSRK,
8afef092
MH		 131 MGMT_EV_DEVICE_ADDED,
132 MGMT_EV_DEVICE_REMOVED,
ffb5a827 133 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 134 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 135 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 136 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 137 MGMT_EV_EXT_INDEX_ADDED,
138 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 139 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 140 MGMT_EV_ADVERTISING_ADDED,
141 MGMT_EV_ADVERTISING_REMOVED,
e70bb2e8
JH		 142};
143
17b02e62 144#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 145
d25b78e2
JH		 146#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
147 "\x00\x00\x00\x00\x00\x00\x00\x00"
148
ca69b795
JH		 149/* HCI to MGMT error code conversion table */
150static u8 mgmt_status_table[] = {
151 MGMT_STATUS_SUCCESS,
152 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
153 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
154 MGMT_STATUS_FAILED, /* Hardware Failure */
155 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
156 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 157 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 158 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
159 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
160 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
161 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
162 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
163 MGMT_STATUS_BUSY, /* Command Disallowed */
164 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
165 MGMT_STATUS_REJECTED, /* Rejected Security */
166 MGMT_STATUS_REJECTED, /* Rejected Personal */
167 MGMT_STATUS_TIMEOUT, /* Host Timeout */
168 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
169 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
170 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
171 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
172 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
173 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
174 MGMT_STATUS_BUSY, /* Repeated Attempts */
175 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
176 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
177 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
178 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
179 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
180 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
181 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
182 MGMT_STATUS_FAILED, /* Unspecified Error */
183 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
184 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
185 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
186 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
187 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
188 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
189 MGMT_STATUS_FAILED, /* Unit Link Key Used */
190 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
191 MGMT_STATUS_TIMEOUT, /* Instant Passed */
192 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
193 MGMT_STATUS_FAILED, /* Transaction Collision */
194 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
195 MGMT_STATUS_REJECTED, /* QoS Rejected */
196 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
197 MGMT_STATUS_REJECTED, /* Insufficient Security */
198 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
199 MGMT_STATUS_BUSY, /* Role Switch Pending */
200 MGMT_STATUS_FAILED, /* Slot Violation */
201 MGMT_STATUS_FAILED, /* Role Switch Failed */
202 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
203 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
204 MGMT_STATUS_BUSY, /* Host Busy Pairing */
205 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
206 MGMT_STATUS_BUSY, /* Controller Busy */
207 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
208 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
209 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
210 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
211 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
212};
213
214static u8 mgmt_status(u8 hci_status)
215{
216 if (hci_status < ARRAY_SIZE(mgmt_status_table))
217 return mgmt_status_table[hci_status];
218
219 return MGMT_STATUS_FAILED;
220}
221
c08b1a1d
MH		 222static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
223 u16 len, int flag)
f9207338 224{
c08b1a1d
MH		 225 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
226 flag, NULL);
f9207338
MH		 227}
228
72000df2
MH		 229static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
230 u16 len, int flag, struct sock *skip_sk)
231{
232 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
233 flag, skip_sk);
234}
235
f6b7712e
MH		 236static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
237 u16 len, struct sock *skip_sk)
238{
239 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
240 HCI_MGMT_GENERIC_EVENTS, skip_sk);
241}
242
7a00ff44
JH		 243static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
244 struct sock *skip_sk)
245{
246 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 247 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 248}
249
04124681
GP		 250static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
251 u16 data_len)
a38528f1
JH		 252{
253 struct mgmt_rp_read_version rp;
254
255 BT_DBG("sock %p", sk);
256
257 rp.version = MGMT_VERSION;
dcf4adbf 258 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 259
2a1afb5a
JH		 260 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
261 &rp, sizeof(rp));
a38528f1
JH		 262}
263
04124681
GP		 264static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
265 u16 data_len)
e70bb2e8
JH		 266{
267 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 268 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
269 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 270 __le16 *opcode;
e70bb2e8
JH		 271 size_t rp_size;
272 int i, err;
273
274 BT_DBG("sock %p", sk);
275
276 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
277
278 rp = kmalloc(rp_size, GFP_KERNEL);
279 if (!rp)
280 return -ENOMEM;
281
dcf4adbf
JP		 282 rp->num_commands = cpu_to_le16(num_commands);
283 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 284
285 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
286 put_unaligned_le16(mgmt_commands[i], opcode);
287
288 for (i = 0; i < num_events; i++, opcode++)
289 put_unaligned_le16(mgmt_events[i], opcode);
290
2a1afb5a
JH		 291 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
292 rp, rp_size);
e70bb2e8
JH		 293 kfree(rp);
294
295 return err;
296}
297
04124681
GP		 298static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
299 u16 data_len)
faba42eb 300{
faba42eb 301 struct mgmt_rp_read_index_list *rp;
8035ded4 302 struct hci_dev *d;
a38528f1 303 size_t rp_len;
faba42eb 304 u16 count;
476e44cb 305 int err;
faba42eb
JH		 306
307 BT_DBG("sock %p", sk);
308
309 read_lock(&hci_dev_list_lock);
310
311 count = 0;
bb4b2a9a 312 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 313 if (d->dev_type == HCI_BREDR &&
d7a5a11d 314 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 315 count++;
faba42eb
JH		 316 }
317
a38528f1
JH		 318 rp_len = sizeof(*rp) + (2 * count);
319 rp = kmalloc(rp_len, GFP_ATOMIC);
320 if (!rp) {
b2c60d42 321 read_unlock(&hci_dev_list_lock);
faba42eb 322 return -ENOMEM;
b2c60d42 323 }
faba42eb 324
476e44cb 325 count = 0;
8035ded4 326 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 327 if (hci_dev_test_flag(d, HCI_SETUP) ||
328 hci_dev_test_flag(d, HCI_CONFIG) ||
329 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 330 continue;
331
73d1df2a
MH		 332 /* Devices marked as raw-only are neither configured
333 * nor unconfigured controllers.
334 */
335 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 336 continue;
337
73d1df2a 338 if (d->dev_type == HCI_BREDR &&
d7a5a11d 339 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 340 rp->index[count++] = cpu_to_le16(d->id);
341 BT_DBG("Added hci%u", d->id);
342 }
faba42eb
JH		 343 }
344
476e44cb
JH		 345 rp->num_controllers = cpu_to_le16(count);
346 rp_len = sizeof(*rp) + (2 * count);
347
faba42eb
JH		 348 read_unlock(&hci_dev_list_lock);
349
2a1afb5a
JH		 350 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
351 0, rp, rp_len);
faba42eb 352
a38528f1
JH		 353 kfree(rp);
354
355 return err;
faba42eb
JH		 356}
357
73d1df2a
MH		 358static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
359 void *data, u16 data_len)
360{
361 struct mgmt_rp_read_unconf_index_list *rp;
362 struct hci_dev *d;
363 size_t rp_len;
364 u16 count;
365 int err;
366
367 BT_DBG("sock %p", sk);
368
369 read_lock(&hci_dev_list_lock);
370
371 count = 0;
372 list_for_each_entry(d, &hci_dev_list, list) {
373 if (d->dev_type == HCI_BREDR &&
d7a5a11d 374 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 375 count++;
376 }
377
378 rp_len = sizeof(*rp) + (2 * count);
379 rp = kmalloc(rp_len, GFP_ATOMIC);
380 if (!rp) {
381 read_unlock(&hci_dev_list_lock);
382 return -ENOMEM;
383 }
384
385 count = 0;
386 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 387 if (hci_dev_test_flag(d, HCI_SETUP) ||
388 hci_dev_test_flag(d, HCI_CONFIG) ||
389 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 390 continue;
391
392 /* Devices marked as raw-only are neither configured
393 * nor unconfigured controllers.
394 */
395 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
396 continue;
397
398 if (d->dev_type == HCI_BREDR &&
d7a5a11d 399 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 400 rp->index[count++] = cpu_to_le16(d->id);
401 BT_DBG("Added hci%u", d->id);
402 }
403 }
404
405 rp->num_controllers = cpu_to_le16(count);
406 rp_len = sizeof(*rp) + (2 * count);
407
408 read_unlock(&hci_dev_list_lock);
409
2a1afb5a
JH		 410 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
411 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 412
413 kfree(rp);
414
415 return err;
416}
417
96f1474a
MH		 418static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
419 void *data, u16 data_len)
420{
421 struct mgmt_rp_read_ext_index_list *rp;
422 struct hci_dev *d;
423 size_t rp_len;
424 u16 count;
425 int err;
426
427 BT_DBG("sock %p", sk);
428
429 read_lock(&hci_dev_list_lock);
430
431 count = 0;
432 list_for_each_entry(d, &hci_dev_list, list) {
433 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
434 count++;
435 }
436
437 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
438 rp = kmalloc(rp_len, GFP_ATOMIC);
439 if (!rp) {
440 read_unlock(&hci_dev_list_lock);
441 return -ENOMEM;
442 }
443
444 count = 0;
445 list_for_each_entry(d, &hci_dev_list, list) {
446 if (hci_dev_test_flag(d, HCI_SETUP) ||
447 hci_dev_test_flag(d, HCI_CONFIG) ||
448 hci_dev_test_flag(d, HCI_USER_CHANNEL))
449 continue;
450
451 /* Devices marked as raw-only are neither configured
452 * nor unconfigured controllers.
453 */
454 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
455 continue;
456
457 if (d->dev_type == HCI_BREDR) {
458 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
459 rp->entry[count].type = 0x01;
460 else
461 rp->entry[count].type = 0x00;
462 } else if (d->dev_type == HCI_AMP) {
463 rp->entry[count].type = 0x02;
464 } else {
465 continue;
466 }
467
468 rp->entry[count].bus = d->bus;
469 rp->entry[count++].index = cpu_to_le16(d->id);
470 BT_DBG("Added hci%u", d->id);
471 }
472
473 rp->num_controllers = cpu_to_le16(count);
474 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
475
476 read_unlock(&hci_dev_list_lock);
477
478 /* If this command is called at least once, then all the
479 * default index and unconfigured index events are disabled
480 * and from now on only extended index events are used.
481 */
482 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
483 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
484 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
485
486 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
487 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
488
489 kfree(rp);
490
491 return err;
492}
493
dbece37a
MH		 494static bool is_configured(struct hci_dev *hdev)
495{
496 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 497 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 498 return false;
499
500 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
501 !bacmp(&hdev->public_addr, BDADDR_ANY))
502 return false;
503
504 return true;
505}
506
89bc22d2
MH		 507static __le32 get_missing_options(struct hci_dev *hdev)
508{
509 u32 options = 0;
510
dbece37a 511 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 512 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 513 options |= MGMT_OPTION_EXTERNAL_CONFIG;
514
89bc22d2
MH		 515 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
516 !bacmp(&hdev->public_addr, BDADDR_ANY))
517 options |= MGMT_OPTION_PUBLIC_ADDRESS;
518
519 return cpu_to_le32(options);
520}
521
f4537c04
MH		 522static int new_options(struct hci_dev *hdev, struct sock *skip)
523{
524 __le32 options = get_missing_options(hdev);
525
f6b7712e
MH		 526 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
527 sizeof(options), skip);
f4537c04
MH		 528}
529
dbece37a
MH		 530static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
531{
532 __le32 options = get_missing_options(hdev);
533
2a1afb5a
JH		 534 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
535 sizeof(options));
dbece37a
MH		 536}
537
9fc3bfb6
MH		 538static int read_config_info(struct sock *sk, struct hci_dev *hdev,
539 void *data, u16 data_len)
540{
541 struct mgmt_rp_read_config_info rp;
89bc22d2 542 u32 options = 0;
9fc3bfb6
MH		 543
544 BT_DBG("sock %p %s", sk, hdev->name);
545
546 hci_dev_lock(hdev);
547
548 memset(&rp, 0, sizeof(rp));
549 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 550
eb1904f4
MH		 551 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
552 options |= MGMT_OPTION_EXTERNAL_CONFIG;
553
9fc3bfb6 554 if (hdev->set_bdaddr)
89bc22d2
MH		 555 options |= MGMT_OPTION_PUBLIC_ADDRESS;
556
557 rp.supported_options = cpu_to_le32(options);
558 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 559
560 hci_dev_unlock(hdev);
561
2a1afb5a
JH		 562 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
563 &rp, sizeof(rp));
9fc3bfb6
MH		 564}
565
69ab39ea
JH		 566static u32 get_supported_settings(struct hci_dev *hdev)
567{
568 u32 settings = 0;
569
570 settings |= MGMT_SETTING_POWERED;
b2939475 571 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 572 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 573 settings |= MGMT_SETTING_CONNECTABLE;
574 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 575
ed3fa31f 576 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 577 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
578 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 579 settings |= MGMT_SETTING_BREDR;
580 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 581
582 if (lmp_ssp_capable(hdev)) {
583 settings |= MGMT_SETTING_SSP;
584 settings |= MGMT_SETTING_HS;
585 }
e98d2ce2 586
05b3c3e7 587 if (lmp_sc_capable(hdev))
e98d2ce2 588 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 589 }
d7b7e796 590
eeca6f89 591 if (lmp_le_capable(hdev)) {
9d42820f 592 settings |= MGMT_SETTING_LE;
eeca6f89 593 settings |= MGMT_SETTING_ADVERTISING;
a3209694 594 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 595 settings |= MGMT_SETTING_PRIVACY;
93690c22 596 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 597 }
69ab39ea 598
eb1904f4
MH		 599 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
600 hdev->set_bdaddr)
9fc3bfb6
MH		 601 settings |= MGMT_SETTING_CONFIGURATION;
602
69ab39ea
JH		 603 return settings;
604}
605
606static u32 get_current_settings(struct hci_dev *hdev)
607{
608 u32 settings = 0;
609
f1f0eb02 610 if (hdev_is_powered(hdev))
f0d4b78a
MH		 611 settings |= MGMT_SETTING_POWERED;
612
d7a5a11d 613 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 614 settings |= MGMT_SETTING_CONNECTABLE;
615
d7a5a11d 616 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 617 settings |= MGMT_SETTING_FAST_CONNECTABLE;
618
d7a5a11d 619 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 620 settings |= MGMT_SETTING_DISCOVERABLE;
621
d7a5a11d 622 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 623 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 624
d7a5a11d 625 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 626 settings |= MGMT_SETTING_BREDR;
627
d7a5a11d 628 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 629 settings |= MGMT_SETTING_LE;
630
d7a5a11d 631 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 632 settings |= MGMT_SETTING_LINK_SECURITY;
633
d7a5a11d 634 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 635 settings |= MGMT_SETTING_SSP;
636
d7a5a11d 637 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 638 settings |= MGMT_SETTING_HS;
639
d7a5a11d 640 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 641 settings |= MGMT_SETTING_ADVERTISING;
642
d7a5a11d 643 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 644 settings |= MGMT_SETTING_SECURE_CONN;
645
d7a5a11d 646 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 647 settings |= MGMT_SETTING_DEBUG_KEYS;
648
d7a5a11d 649 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 650 settings |= MGMT_SETTING_PRIVACY;
651
93690c22
MH		 652 /* The current setting for static address has two purposes. The
653 * first is to indicate if the static address will be used and
654 * the second is to indicate if it is actually set.
655 *
656 * This means if the static address is not configured, this flag
657 * will never bet set. If the address is configured, then if the
658 * address is actually used decides if the flag is set or not.
659 *
660 * For single mode LE only controllers and dual-mode controllers
661 * with BR/EDR disabled, the existence of the static address will
662 * be evaluated.
663 */
b7cb93e5 664 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 665 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 666 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
667 if (bacmp(&hdev->static_addr, BDADDR_ANY))
668 settings |= MGMT_SETTING_STATIC_ADDRESS;
669 }
670
69ab39ea
JH		 671 return settings;
672}
673
ef580372
JH		 674#define PNP_INFO_SVCLASS_ID 0x1200
675
213202ed
JH		 676static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
677{
678 u8 *ptr = data, *uuids_start = NULL;
679 struct bt_uuid *uuid;
680
681 if (len < 4)
682 return ptr;
683
684 list_for_each_entry(uuid, &hdev->uuids, list) {
685 u16 uuid16;
686
687 if (uuid->size != 16)
688 continue;
689
690 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
691 if (uuid16 < 0x1100)
692 continue;
693
694 if (uuid16 == PNP_INFO_SVCLASS_ID)
695 continue;
696
697 if (!uuids_start) {
698 uuids_start = ptr;
699 uuids_start[0] = 1;
700 uuids_start[1] = EIR_UUID16_ALL;
701 ptr += 2;
702 }
703
704 /* Stop if not enough space to put next UUID */
705 if ((ptr - data) + sizeof(u16) > len) {
706 uuids_start[1] = EIR_UUID16_SOME;
707 break;
708 }
709
710 *ptr++ = (uuid16 & 0x00ff);
711 *ptr++ = (uuid16 & 0xff00) >> 8;
712 uuids_start[0] += sizeof(uuid16);
713 }
714
715 return ptr;
716}
717
cdf1963f
JH		 718static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
719{
720 u8 *ptr = data, *uuids_start = NULL;
721 struct bt_uuid *uuid;
722
723 if (len < 6)
724 return ptr;
725
726 list_for_each_entry(uuid, &hdev->uuids, list) {
727 if (uuid->size != 32)
728 continue;
729
730 if (!uuids_start) {
731 uuids_start = ptr;
732 uuids_start[0] = 1;
733 uuids_start[1] = EIR_UUID32_ALL;
734 ptr += 2;
735 }
736
737 /* Stop if not enough space to put next UUID */
738 if ((ptr - data) + sizeof(u32) > len) {
739 uuids_start[1] = EIR_UUID32_SOME;
740 break;
741 }
742
743 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
744 ptr += sizeof(u32);
745 uuids_start[0] += sizeof(u32);
746 }
747
748 return ptr;
749}
750
c00d575b
JH		 751static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
752{
753 u8 *ptr = data, *uuids_start = NULL;
754 struct bt_uuid *uuid;
755
756 if (len < 18)
757 return ptr;
758
759 list_for_each_entry(uuid, &hdev->uuids, list) {
760 if (uuid->size != 128)
761 continue;
762
763 if (!uuids_start) {
764 uuids_start = ptr;
765 uuids_start[0] = 1;
766 uuids_start[1] = EIR_UUID128_ALL;
767 ptr += 2;
768 }
769
770 /* Stop if not enough space to put next UUID */
771 if ((ptr - data) + 16 > len) {
772 uuids_start[1] = EIR_UUID128_SOME;
773 break;
774 }
775
776 memcpy(ptr, uuid->uuid, 16);
777 ptr += 16;
778 uuids_start[0] += 16;
779 }
780
781 return ptr;
782}
783
333ae95d
JH		 784static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
785{
786 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
787}
788
333ae95d
JH		 789static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
790 struct hci_dev *hdev,
791 const void *data)
792{
793 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
794}
795
f14d8f64
MH		 796static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
797{
7a5f4990
MH		 798 u8 ad_len = 0;
799 size_t name_len;
800
801 name_len = strlen(hdev->dev_name);
802 if (name_len > 0) {
803 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
804
805 if (name_len > max_len) {
806 name_len = max_len;
807 ptr[1] = EIR_NAME_SHORT;
808 } else
809 ptr[1] = EIR_NAME_COMPLETE;
810
811 ptr[0] = name_len + 1;
812
813 memcpy(ptr + 2, hdev->dev_name, name_len);
814
815 ad_len += (name_len + 2);
816 ptr += (name_len + 2);
817 }
818
819 return ad_len;
f14d8f64
MH		 820}
821
822static void update_scan_rsp_data(struct hci_request *req)
823{
824 struct hci_dev *hdev = req->hdev;
825 struct hci_cp_le_set_scan_rsp_data cp;
826 u8 len;
827
d7a5a11d 828 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
f14d8f64
MH		 829 return;
830
831 memset(&cp, 0, sizeof(cp));
832
833 len = create_scan_rsp_data(hdev, cp.data);
834
eb438b5f
JH		 835 if (hdev->scan_rsp_data_len == len &&
836 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 837 return;
838
eb438b5f
JH		 839 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
840 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 841
842 cp.length = len;
843
844 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
845}
846
9a43e25f
JH		 847static u8 get_adv_discov_flags(struct hci_dev *hdev)
848{
3b0602cd 849 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 850
851 /* If there's a pending mgmt command the flags will not yet have
852 * their final values, so check for this first.
853 */
333ae95d 854 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 855 if (cmd) {
856 struct mgmt_mode *cp = cmd->param;
857 if (cp->val == 0x01)
858 return LE_AD_GENERAL;
859 else if (cp->val == 0x02)
860 return LE_AD_LIMITED;
861 } else {
d7a5a11d 862 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 863 return LE_AD_LIMITED;
d7a5a11d 864 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 865 return LE_AD_GENERAL;
866 }
867
868 return 0;
869}
870
24b4f38f 871static u8 create_default_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 872{
873 u8 ad_len = 0, flags = 0;
441ad2d0 874
9a43e25f 875 flags |= get_adv_discov_flags(hdev);
441ad2d0 876
d7a5a11d 877 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
441ad2d0 878 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 879
880 if (flags) {
881 BT_DBG("adv flags 0x%02x", flags);
882
883 ptr[0] = 2;
884 ptr[1] = EIR_FLAGS;
885 ptr[2] = flags;
886
887 ad_len += 3;
888 ptr += 3;
889 }
890
891 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
892 ptr[0] = 2;
893 ptr[1] = EIR_TX_POWER;
894 ptr[2] = (u8) hdev->adv_tx_power;
895
896 ad_len += 3;
897 ptr += 3;
898 }
899
441ad2d0
MH		 900 return ad_len;
901}
902
24b4f38f
AU		 903static u8 create_instance_adv_data(struct hci_dev *hdev, u8 *ptr)
904{
905 /* TODO: Set the appropriate entries based on advertising instance flags
906 * here once flags other than 0 are supported.
907 */
908 memcpy(ptr, hdev->adv_instance.adv_data,
909 hdev->adv_instance.adv_data_len);
910
911 return hdev->adv_instance.adv_data_len;
912}
913
914static void update_adv_data_for_instance(struct hci_request *req, u8 instance)
441ad2d0
MH		 915{
916 struct hci_dev *hdev = req->hdev;
917 struct hci_cp_le_set_adv_data cp;
918 u8 len;
919
d7a5a11d 920 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
441ad2d0
MH		 921 return;
922
923 memset(&cp, 0, sizeof(cp));
924
24b4f38f
AU		 925 if (instance)
926 len = create_instance_adv_data(hdev, cp.data);
927 else
928 len = create_default_adv_data(hdev, cp.data);
441ad2d0 929
24b4f38f 930 /* There's nothing to do if the data hasn't changed */
441ad2d0
MH		 931 if (hdev->adv_data_len == len &&
932 memcmp(cp.data, hdev->adv_data, len) == 0)
933 return;
934
935 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
936 hdev->adv_data_len = len;
937
938 cp.length = len;
939
940 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
941}
942
24b4f38f
AU		 943static void update_adv_data(struct hci_request *req)
944{
945 struct hci_dev *hdev = req->hdev;
946 u8 instance;
947
948 /* The "Set Advertising" setting supersedes the "Add Advertising"
949 * setting. Here we set the advertising data based on which
950 * setting was set. When neither apply, default to the global settings,
951 * represented by instance "0".
952 */
953 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
954 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
955 instance = 0x01;
956 else
957 instance = 0x00;
958
959 update_adv_data_for_instance(req, instance);
960}
961
bc6d2d04
JH		 962int mgmt_update_adv_data(struct hci_dev *hdev)
963{
964 struct hci_request req;
965
966 hci_req_init(&req, hdev);
967 update_adv_data(&req);
968
969 return hci_req_run(&req, NULL);
970}
971
ef580372
JH		 972static void create_eir(struct hci_dev *hdev, u8 *data)
973{
974 u8 *ptr = data;
ef580372
JH		 975 size_t name_len;
976
977 name_len = strlen(hdev->dev_name);
978
979 if (name_len > 0) {
980 /* EIR Data type */
981 if (name_len > 48) {
982 name_len = 48;
983 ptr[1] = EIR_NAME_SHORT;
984 } else
985 ptr[1] = EIR_NAME_COMPLETE;
986
987 /* EIR Data length */
988 ptr[0] = name_len + 1;
989
990 memcpy(ptr + 2, hdev->dev_name, name_len);
991
ef580372
JH		 992 ptr += (name_len + 2);
993 }
994
bbaf444a 995 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 996 ptr[0] = 2;
997 ptr[1] = EIR_TX_POWER;
998 ptr[2] = (u8) hdev->inq_tx_power;
999
91c4e9b1
MH		 1000 ptr += 3;
1001 }
1002
2b9be137
MH		 1003 if (hdev->devid_source > 0) {
1004 ptr[0] = 9;
1005 ptr[1] = EIR_DEVICE_ID;
1006
1007 put_unaligned_le16(hdev->devid_source, ptr + 2);
1008 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1009 put_unaligned_le16(hdev->devid_product, ptr + 6);
1010 put_unaligned_le16(hdev->devid_version, ptr + 8);
1011
2b9be137
MH		 1012 ptr += 10;
1013 }
1014
213202ed 1015 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 1016 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 1017 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 1018}
1019
890ea898 1020static void update_eir(struct hci_request *req)
ef580372 1021{
890ea898 1022 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1023 struct hci_cp_write_eir cp;
1024
504c8dcd 1025 if (!hdev_is_powered(hdev))
890ea898 1026 return;
7770c4aa 1027
976eb20e 1028 if (!lmp_ext_inq_capable(hdev))
890ea898 1029 return;
ef580372 1030
d7a5a11d 1031 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
890ea898 1032 return;
ef580372 1033
d7a5a11d 1034 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1035 return;
ef580372
JH		 1036
1037 memset(&cp, 0, sizeof(cp));
1038
1039 create_eir(hdev, cp.data);
1040
1041 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 1042 return;
ef580372
JH		 1043
1044 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1045
890ea898 1046 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 1047}
1048
1049static u8 get_service_classes(struct hci_dev *hdev)
1050{
1051 struct bt_uuid *uuid;
1052 u8 val = 0;
1053
1054 list_for_each_entry(uuid, &hdev->uuids, list)
1055 val |= uuid->svc_hint;
1056
1057 return val;
1058}
1059
890ea898 1060static void update_class(struct hci_request *req)
ef580372 1061{
890ea898 1062 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1063 u8 cod[3];
1064
1065 BT_DBG("%s", hdev->name);
1066
504c8dcd 1067 if (!hdev_is_powered(hdev))
890ea898 1068 return;
7770c4aa 1069
d7a5a11d 1070 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
f87ea1da
JH		 1071 return;
1072
d7a5a11d 1073 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1074 return;
ef580372
JH		 1075
1076 cod[0] = hdev->minor_class;
1077 cod[1] = hdev->major_class;
1078 cod[2] = get_service_classes(hdev);
1079
d7a5a11d 1080 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
6acd7db4
MH		 1081 cod[1] |= 0x20;
1082
ef580372 1083 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1084 return;
ef580372 1085
890ea898 1086 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1087}
1088
a4858cb9 1089static bool get_connectable(struct hci_dev *hdev)
199a2fb1 1090{
3b0602cd 1091 struct mgmt_pending_cmd *cmd;
199a2fb1
JH		 1092
1093 /* If there's a pending mgmt command the flag will not yet have
1094 * it's final value, so check for this first.
1095 */
333ae95d 1096 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
199a2fb1
JH		 1097 if (cmd) {
1098 struct mgmt_mode *cp = cmd->param;
a4858cb9 1099 return cp->val;
199a2fb1
JH		 1100 }
1101
d7a5a11d 1102 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
199a2fb1
JH		 1103}
1104
0ec5ae84
JH		 1105static void disable_advertising(struct hci_request *req)
1106{
1107 u8 enable = 0x00;
1108
1109 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1110}
1111
199a2fb1
JH		 1112static void enable_advertising(struct hci_request *req)
1113{
1114 struct hci_dev *hdev = req->hdev;
1115 struct hci_cp_le_set_adv_param cp;
8f2a0601 1116 u8 own_addr_type, enable = 0x01;
a4858cb9 1117 bool connectable;
199a2fb1 1118
0ec5ae84
JH		 1119 if (hci_conn_num(hdev, LE_LINK) > 0)
1120 return;
1121
d7a5a11d 1122 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
0ec5ae84
JH		 1123 disable_advertising(req);
1124
5ce194c4 1125 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1126 * hci_update_random_address knows that it's safe to go ahead
1127 * and write a new random address. The flag will be set back on
1128 * as soon as the SET_ADV_ENABLE HCI command completes.
1129 */
a358dc11 1130 hci_dev_clear_flag(hdev, HCI_LE_ADV);
8d97250e 1131
d7a5a11d 1132 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
cc91cb04
MH		 1133 connectable = true;
1134 else
1135 connectable = get_connectable(hdev);
8f2a0601 1136
a4858cb9
JH		 1137 /* Set require_privacy to true only when non-connectable
1138 * advertising is used. In that case it is fine to use a
1139 * non-resolvable private address.
1140 */
1141 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1142 return;
1143
41c90c18 1144 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1145 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1146 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1147 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1148 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1149 cp.channel_map = hdev->le_adv_channel_map;
1150
1151 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1152
1153 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1154}
1155
7d78525d
JH		 1156static void service_cache_off(struct work_struct *work)
1157{
1158 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1159 service_cache.work);
890ea898 1160 struct hci_request req;
7d78525d 1161
a69d8927 1162 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 1163 return;
1164
890ea898
JH		 1165 hci_req_init(&req, hdev);
1166
7d78525d
JH		 1167 hci_dev_lock(hdev);
1168
890ea898
JH		 1169 update_eir(&req);
1170 update_class(&req);
7d78525d
JH		 1171
1172 hci_dev_unlock(hdev);
890ea898
JH		 1173
1174 hci_req_run(&req, NULL);
7d78525d
JH		 1175}
1176
d6bfd59c
JH		 1177static void rpa_expired(struct work_struct *work)
1178{
1179 struct hci_dev *hdev = container_of(work, struct hci_dev,
1180 rpa_expired.work);
1181 struct hci_request req;
1182
1183 BT_DBG("");
1184
a1536da2 1185 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 1186
d7a5a11d 1187 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 1188 return;
1189
1190 /* The generation of a new RPA and programming it into the
1191 * controller happens in the enable_advertising() function.
1192 */
d6bfd59c 1193 hci_req_init(&req, hdev);
d6bfd59c 1194 enable_advertising(&req);
d6bfd59c
JH		 1195 hci_req_run(&req, NULL);
1196}
1197
6a919082 1198static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1199{
238be788 1200 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 1201 return;
1202
4f87da80 1203 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1204 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1205
4f87da80
JH		 1206 /* Non-mgmt controlled devices get this bit set
1207 * implicitly so that pairing works for them, however
1208 * for mgmt we require user-space to explicitly enable
1209 * it
1210 */
a358dc11 1211 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 1212}
1213
0f4e68cf 1214static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1215 void *data, u16 data_len)
0381101f 1216{
a38528f1 1217 struct mgmt_rp_read_info rp;
f7b64e69 1218
bdb6d971 1219 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1220
09fd0de5 1221 hci_dev_lock(hdev);
f7b64e69 1222
dc4fe30b
JH		 1223 memset(&rp, 0, sizeof(rp));
1224
69ab39ea 1225 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1226
69ab39ea 1227 rp.version = hdev->hci_ver;
eb55ef07 1228 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1229
1230 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1231 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1232
a38528f1 1233 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1234
dc4fe30b 1235 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1236 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1237
09fd0de5 1238 hci_dev_unlock(hdev);
0381101f 1239
2a1afb5a
JH		 1240 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1241 sizeof(rp));
0381101f
JH		 1242}
1243
69ab39ea 1244static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1245{
69ab39ea 1246 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1247
2a1afb5a
JH		 1248 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1249 sizeof(settings));
8680570b
JH		 1250}
1251
1904a853 1252static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1253{
1254 BT_DBG("%s status 0x%02x", hdev->name, status);
1255
a3172b7e
JH		 1256 if (hci_conn_count(hdev) == 0) {
1257 cancel_delayed_work(&hdev->power_off);
8b064a3a 1258 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1259 }
8b064a3a
JH		 1260}
1261
23a48093 1262static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1263{
1264 struct hci_dev *hdev = req->hdev;
1265 struct hci_cp_remote_name_req_cancel cp;
1266 struct inquiry_entry *e;
1267
1268 switch (hdev->discovery.state) {
1269 case DISCOVERY_FINDING:
07d2334a 1270 if (test_bit(HCI_INQUIRY, &hdev->flags))
21a60d30 1271 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
07d2334a
JP		 1272
1273 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
21a60d30
JH		 1274 cancel_delayed_work(&hdev->le_scan_disable);
1275 hci_req_add_le_scan_disable(req);
1276 }
1277
23a48093 1278 return true;
21a60d30
JH		 1279
1280 case DISCOVERY_RESOLVING:
1281 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1282 NAME_PENDING);
1283 if (!e)
23a48093 1284 break;
21a60d30
JH		 1285
1286 bacpy(&cp.bdaddr, &e->data.bdaddr);
1287 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1288 &cp);
1289
23a48093 1290 return true;
21a60d30
JH		 1291
1292 default:
1293 /* Passive scanning */
d7a5a11d 1294 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
21a60d30 1295 hci_req_add_le_scan_disable(req);
23a48093
JH		 1296 return true;
1297 }
1298
21a60d30
JH		 1299 break;
1300 }
23a48093
JH		 1301
1302 return false;
21a60d30
JH		 1303}
1304
8b064a3a
JH		 1305static int clean_up_hci_state(struct hci_dev *hdev)
1306{
1307 struct hci_request req;
1308 struct hci_conn *conn;
23a48093
JH		 1309 bool discov_stopped;
1310 int err;
8b064a3a
JH		 1311
1312 hci_req_init(&req, hdev);
1313
1314 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1315 test_bit(HCI_PSCAN, &hdev->flags)) {
1316 u8 scan = 0x00;
1317 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1318 }
1319
d7a5a11d 1320 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
8b064a3a
JH		 1321 disable_advertising(&req);
1322
23a48093 1323 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1324
1325 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1326 struct hci_cp_disconnect dc;
c9910d0f
JH		 1327 struct hci_cp_reject_conn_req rej;
1328
1329 switch (conn->state) {
1330 case BT_CONNECTED:
1331 case BT_CONFIG:
1332 dc.handle = cpu_to_le16(conn->handle);
1333 dc.reason = 0x15; /* Terminated due to Power Off */
1334 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1335 break;
1336 case BT_CONNECT:
1337 if (conn->type == LE_LINK)
1338 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1339 0, NULL);
1340 else if (conn->type == ACL_LINK)
1341 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1342 6, &conn->dst);
1343 break;
1344 case BT_CONNECT2:
1345 bacpy(&rej.bdaddr, &conn->dst);
1346 rej.reason = 0x15; /* Terminated due to Power Off */
1347 if (conn->type == ACL_LINK)
1348 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1349 sizeof(rej), &rej);
1350 else if (conn->type == SCO_LINK)
1351 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1352 sizeof(rej), &rej);
1353 break;
1354 }
8b064a3a
JH		 1355 }
1356
23a48093
JH		 1357 err = hci_req_run(&req, clean_up_hci_complete);
1358 if (!err && discov_stopped)
1359 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1360
1361 return err;
8b064a3a
JH		 1362}
1363
bdb6d971 1364static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1365 u16 len)
eec8d2bc 1366{
650f726d 1367 struct mgmt_mode *cp = data;
3b0602cd 1368 struct mgmt_pending_cmd *cmd;
4b34ee78 1369 int err;
eec8d2bc 1370
bdb6d971 1371 BT_DBG("request for %s", hdev->name);
eec8d2bc 1372
a7e80f25 1373 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1374 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1375 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1376
09fd0de5 1377 hci_dev_lock(hdev);
eec8d2bc 1378
333ae95d 1379 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1380 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1381 MGMT_STATUS_BUSY);
87b95ba6
JH		 1382 goto failed;
1383 }
1384
a69d8927 1385 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
f0d4b78a
MH		 1386 cancel_delayed_work(&hdev->power_off);
1387
1388 if (cp->val) {
a1d70450
JH		 1389 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1390 data, len);
1391 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1392 goto failed;
1393 }
1394 }
1395
4b34ee78 1396 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1397 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1398 goto failed;
1399 }
1400
2e58ef3e 1401 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1402 if (!cmd) {
1403 err = -ENOMEM;
eec8d2bc 1404 goto failed;
366a0336 1405 }
eec8d2bc 1406
8b064a3a 1407 if (cp->val) {
19202573 1408 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1409 err = 0;
1410 } else {
1411 /* Disconnect connections, stop scans, etc */
1412 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1413 if (!err)
1414 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1415 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1416
8b064a3a
JH		 1417 /* ENODATA means there were no HCI commands queued */
1418 if (err == -ENODATA) {
a3172b7e 1419 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1420 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1421 err = 0;
1422 }
1423 }
eec8d2bc
JH		 1424
1425failed:
09fd0de5 1426 hci_dev_unlock(hdev);
366a0336 1427 return err;
eec8d2bc
JH		 1428}
1429
beadb2bd
JH		 1430static int new_settings(struct hci_dev *hdev, struct sock *skip)
1431{
f6b7712e 1432 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1433
f6b7712e
MH		 1434 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1435 sizeof(ev), skip);
beadb2bd
JH		 1436}
1437
91a668b0
JH		 1438int mgmt_new_settings(struct hci_dev *hdev)
1439{
1440 return new_settings(hdev, NULL);
1441}
1442
bd99abdd
JH		 1443struct cmd_lookup {
1444 struct sock *sk;
1445 struct hci_dev *hdev;
1446 u8 mgmt_status;
1447};
1448
3b0602cd 1449static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1450{
1451 struct cmd_lookup *match = data;
1452
1453 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1454
1455 list_del(&cmd->list);
1456
1457 if (match->sk == NULL) {
1458 match->sk = cmd->sk;
1459 sock_hold(match->sk);
1460 }
1461
1462 mgmt_pending_free(cmd);
1463}
1464
3b0602cd 1465static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1466{
1467 u8 *status = data;
1468
a69e8375 1469 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1470 mgmt_pending_remove(cmd);
1471}
1472
3b0602cd 1473static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1474{
1475 if (cmd->cmd_complete) {
1476 u8 *status = data;
1477
1478 cmd->cmd_complete(cmd, *status);
1479 mgmt_pending_remove(cmd);
1480
1481 return;
1482 }
1483
1484 cmd_status_rsp(cmd, data);
1485}
1486
3b0602cd 1487static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1488{
2a1afb5a
JH		 1489 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1490 cmd->param, cmd->param_len);
f5818c22
JH		 1491}
1492
3b0602cd 1493static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1494{
2a1afb5a
JH		 1495 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1496 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1497}
1498
e6fe7986
JH		 1499static u8 mgmt_bredr_support(struct hci_dev *hdev)
1500{
1501 if (!lmp_bredr_capable(hdev))
1502 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1503 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1504 return MGMT_STATUS_REJECTED;
1505 else
1506 return MGMT_STATUS_SUCCESS;
1507}
1508
1509static u8 mgmt_le_support(struct hci_dev *hdev)
1510{
1511 if (!lmp_le_capable(hdev))
1512 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1513 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1514 return MGMT_STATUS_REJECTED;
1515 else
1516 return MGMT_STATUS_SUCCESS;
1517}
1518
1904a853
MH		 1519static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1520 u16 opcode)
bfaf8c9f 1521{
3b0602cd 1522 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1523 struct mgmt_mode *cp;
970ba524 1524 struct hci_request req;
bfaf8c9f
JH		 1525 bool changed;
1526
1527 BT_DBG("status 0x%02x", status);
1528
1529 hci_dev_lock(hdev);
1530
333ae95d 1531 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1532 if (!cmd)
1533 goto unlock;
1534
1535 if (status) {
1536 u8 mgmt_err = mgmt_status(status);
a69e8375 1537 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1538 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1539 goto remove_cmd;
1540 }
1541
1542 cp = cmd->param;
d4462a07 1543 if (cp->val) {
238be788 1544 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
d4462a07
MH		 1545
1546 if (hdev->discov_timeout > 0) {
1547 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1548 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1549 to);
1550 }
1551 } else {
a69d8927 1552 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
d4462a07 1553 }
bfaf8c9f
JH		 1554
1555 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1556
1557 if (changed)
1558 new_settings(hdev, cmd->sk);
1559
970ba524
MH		 1560 /* When the discoverable mode gets changed, make sure
1561 * that class of device has the limited discoverable
432df05e
JH		 1562 * bit correctly set. Also update page scan based on whitelist
1563 * entries.
970ba524
MH		 1564 */
1565 hci_req_init(&req, hdev);
1d2dc5b7 1566 __hci_update_page_scan(&req);
970ba524
MH		 1567 update_class(&req);
1568 hci_req_run(&req, NULL);
1569
bfaf8c9f
JH		 1570remove_cmd:
1571 mgmt_pending_remove(cmd);
1572
1573unlock:
1574 hci_dev_unlock(hdev);
1575}
1576
bdb6d971 1577static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1578 u16 len)
73f22f62 1579{
650f726d 1580 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1581 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1582 struct hci_request req;
5e5282bb 1583 u16 timeout;
9a43e25f 1584 u8 scan;
73f22f62
JH		 1585 int err;
1586
bdb6d971 1587 BT_DBG("request for %s", hdev->name);
73f22f62 1588
d7a5a11d
MH		 1589 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1590 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1591 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1592 MGMT_STATUS_REJECTED);
33c525c0 1593
310a3d48 1594 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1595 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1596 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1597
1f350c87 1598 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1599
1600 /* Disabling discoverable requires that no timeout is set,
1601 * and enabling limited discoverable requires a timeout.
1602 */
1603 if ((cp->val == 0x00 && timeout > 0) ||
1604 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1605 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1606 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1607
09fd0de5 1608 hci_dev_lock(hdev);
73f22f62 1609
5e5282bb 1610 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1611 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1612 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1613 goto failed;
1614 }
1615
333ae95d
JH		 1616 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1617 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1618 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1619 MGMT_STATUS_BUSY);
73f22f62
JH		 1620 goto failed;
1621 }
1622
d7a5a11d 1623 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1624 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1625 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1626 goto failed;
1627 }
1628
1629 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1630 bool changed = false;
1631
310a3d48
MH		 1632 /* Setting limited discoverable when powered off is
1633 * not a valid operation since it requires a timeout
1634 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1635 */
d7a5a11d 1636 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1637 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1638 changed = true;
1639 }
1640
5e5282bb 1641 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1642 if (err < 0)
1643 goto failed;
1644
1645 if (changed)
1646 err = new_settings(hdev, sk);
1647
5e5282bb
JH		 1648 goto failed;
1649 }
1650
310a3d48
MH		 1651 /* If the current mode is the same, then just update the timeout
1652 * value with the new value. And if only the timeout gets updated,
1653 * then no need for any HCI transactions.
1654 */
d7a5a11d
MH		 1655 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1656 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1657 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1658 cancel_delayed_work(&hdev->discov_off);
1659 hdev->discov_timeout = timeout;
955638ec 1660
36261547
MH		 1661 if (cp->val && hdev->discov_timeout > 0) {
1662 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1663 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1664 to);
955638ec
MH		 1665 }
1666
69ab39ea 1667 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1668 goto failed;
1669 }
1670
2e58ef3e 1671 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1672 if (!cmd) {
1673 err = -ENOMEM;
73f22f62 1674 goto failed;
366a0336 1675 }
73f22f62 1676
310a3d48
MH		 1677 /* Cancel any potential discoverable timeout that might be
1678 * still active and store new timeout value. The arming of
1679 * the timeout happens in the complete handler.
1680 */
1681 cancel_delayed_work(&hdev->discov_off);
1682 hdev->discov_timeout = timeout;
1683
b456f87c
JH		 1684 /* Limited discoverable mode */
1685 if (cp->val == 0x02)
a1536da2 1686 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1687 else
a358dc11 1688 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1689
bfaf8c9f
JH		 1690 hci_req_init(&req, hdev);
1691
9a43e25f
JH		 1692 /* The procedure for LE-only controllers is much simpler - just
1693 * update the advertising data.
1694 */
d7a5a11d 1695 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
9a43e25f
JH		 1696 goto update_ad;
1697
73f22f62
JH		 1698 scan = SCAN_PAGE;
1699
310a3d48
MH		 1700 if (cp->val) {
1701 struct hci_cp_write_current_iac_lap hci_cp;
1702
1703 if (cp->val == 0x02) {
1704 /* Limited discoverable mode */
33337dcb 1705 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1706 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1707 hci_cp.iac_lap[1] = 0x8b;
1708 hci_cp.iac_lap[2] = 0x9e;
1709 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1710 hci_cp.iac_lap[4] = 0x8b;
1711 hci_cp.iac_lap[5] = 0x9e;
1712 } else {
1713 /* General discoverable mode */
310a3d48
MH		 1714 hci_cp.num_iac = 1;
1715 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1716 hci_cp.iac_lap[1] = 0x8b;
1717 hci_cp.iac_lap[2] = 0x9e;
1718 }
1719
1720 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1721 (hci_cp.num_iac * 3) + 1, &hci_cp);
1722
73f22f62 1723 scan |= SCAN_INQUIRY;
310a3d48 1724 } else {
a358dc11 1725 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
310a3d48 1726 }
73f22f62 1727
310a3d48 1728 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1729
9a43e25f
JH		 1730update_ad:
1731 update_adv_data(&req);
1732
bfaf8c9f 1733 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1734 if (err < 0)
a664b5bc 1735 mgmt_pending_remove(cmd);
73f22f62
JH		 1736
1737failed:
09fd0de5 1738 hci_dev_unlock(hdev);
73f22f62
JH		 1739 return err;
1740}
1741
406d7804
JH		 1742static void write_fast_connectable(struct hci_request *req, bool enable)
1743{
bd98b996 1744 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1745 struct hci_cp_write_page_scan_activity acp;
1746 u8 type;
1747
d7a5a11d 1748 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
547003b1
JH		 1749 return;
1750
4c01f8b8
JH		 1751 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1752 return;
1753
406d7804
JH		 1754 if (enable) {
1755 type = PAGE_SCAN_TYPE_INTERLACED;
1756
1757 /* 160 msec page scan interval */
dcf4adbf 1758 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1759 } else {
1760 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1761
1762 /* default 1.28 sec page scan */
dcf4adbf 1763 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1764 }
1765
dcf4adbf 1766 acp.window = cpu_to_le16(0x0012);
406d7804 1767
bd98b996
JH		 1768 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1769 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1770 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1771 sizeof(acp), &acp);
1772
1773 if (hdev->page_scan_type != type)
1774 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1775}
1776
1904a853
MH		 1777static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1778 u16 opcode)
2b76f453 1779{
3b0602cd 1780 struct mgmt_pending_cmd *cmd;
d7b856f9 1781 struct mgmt_mode *cp;
bc6d2d04 1782 bool conn_changed, discov_changed;
2b76f453
JH		 1783
1784 BT_DBG("status 0x%02x", status);
1785
1786 hci_dev_lock(hdev);
1787
333ae95d 1788 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 1789 if (!cmd)
1790 goto unlock;
1791
37438c1f
JH		 1792 if (status) {
1793 u8 mgmt_err = mgmt_status(status);
a69e8375 1794 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1795 goto remove_cmd;
1796 }
1797
d7b856f9 1798 cp = cmd->param;
bc6d2d04 1799 if (cp->val) {
238be788
MH		 1800 conn_changed = !hci_dev_test_and_set_flag(hdev,
1801 HCI_CONNECTABLE);
bc6d2d04
JH		 1802 discov_changed = false;
1803 } else {
a69d8927
MH		 1804 conn_changed = hci_dev_test_and_clear_flag(hdev,
1805 HCI_CONNECTABLE);
1806 discov_changed = hci_dev_test_and_clear_flag(hdev,
1807 HCI_DISCOVERABLE);
bc6d2d04 1808 }
d7b856f9 1809
2b76f453
JH		 1810 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1811
bc6d2d04 1812 if (conn_changed || discov_changed) {
d7b856f9 1813 new_settings(hdev, cmd->sk);
1d2dc5b7 1814 hci_update_page_scan(hdev);
bc6d2d04
JH		 1815 if (discov_changed)
1816 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1817 hci_update_background_scan(hdev);
1818 }
d7b856f9 1819
37438c1f 1820remove_cmd:
2b76f453
JH		 1821 mgmt_pending_remove(cmd);
1822
1823unlock:
1824 hci_dev_unlock(hdev);
1825}
1826
e8ba3a1f
JH		 1827static int set_connectable_update_settings(struct hci_dev *hdev,
1828 struct sock *sk, u8 val)
1829{
1830 bool changed = false;
1831 int err;
1832
d7a5a11d 1833 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1834 changed = true;
1835
1836 if (val) {
a1536da2 1837 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1838 } else {
a358dc11
MH		 1839 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1840 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1841 }
1842
1843 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1844 if (err < 0)
1845 return err;
1846
562064e6 1847 if (changed) {
1d2dc5b7 1848 hci_update_page_scan(hdev);
562064e6 1849 hci_update_background_scan(hdev);
e8ba3a1f 1850 return new_settings(hdev, sk);
562064e6 1851 }
e8ba3a1f
JH		 1852
1853 return 0;
1854}
1855
bdb6d971 1856static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1857 u16 len)
9fbcbb45 1858{
650f726d 1859 struct mgmt_mode *cp = data;
3b0602cd 1860 struct mgmt_pending_cmd *cmd;
2b76f453 1861 struct hci_request req;
1987fdc7 1862 u8 scan;
9fbcbb45
JH		 1863 int err;
1864
bdb6d971 1865 BT_DBG("request for %s", hdev->name);
9fbcbb45 1866
d7a5a11d
MH		 1867 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1868 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1869 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1870 MGMT_STATUS_REJECTED);
33c525c0 1871
a7e80f25 1872 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1873 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1874 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1875
09fd0de5 1876 hci_dev_lock(hdev);
9fbcbb45 1877
4b34ee78 1878 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1879 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1880 goto failed;
1881 }
1882
333ae95d
JH		 1883 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1884 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1885 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1886 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1887 goto failed;
1888 }
1889
2e58ef3e 1890 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1891 if (!cmd) {
1892 err = -ENOMEM;
9fbcbb45 1893 goto failed;
366a0336 1894 }
9fbcbb45 1895
9b74246f 1896 hci_req_init(&req, hdev);
9fbcbb45 1897
9a43e25f
JH		 1898 /* If BR/EDR is not enabled and we disable advertising as a
1899 * by-product of disabling connectable, we need to update the
1900 * advertising flags.
1901 */
d7a5a11d 1902 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
9a43e25f 1903 if (!cp->val) {
a358dc11
MH		 1904 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1905 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
9a43e25f
JH		 1906 }
1907 update_adv_data(&req);
1908 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1909 if (cp->val) {
1910 scan = SCAN_PAGE;
1911 } else {
3bd27240
JH		 1912 /* If we don't have any whitelist entries just
1913 * disable all scanning. If there are entries
1914 * and we had both page and inquiry scanning
1915 * enabled then fall back to only page scanning.
1916 * Otherwise no changes are needed.
1917 */
1918 if (list_empty(&hdev->whitelist))
1919 scan = SCAN_DISABLED;
1920 else if (test_bit(HCI_ISCAN, &hdev->flags))
1921 scan = SCAN_PAGE;
1922 else
1923 goto no_scan_update;
9b74246f
JH		 1924
1925 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1926 hdev->discov_timeout > 0)
9b74246f
JH		 1927 cancel_delayed_work(&hdev->discov_off);
1928 }
2b76f453 1929
9b74246f
JH		 1930 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1931 }
2b76f453 1932
3bd27240 1933no_scan_update:
e8b1202c 1934 /* Update the advertising parameters if necessary */
d7a5a11d 1935 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
1987fdc7 1936 enable_advertising(&req);
1987fdc7 1937
2b76f453 1938 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1939 if (err < 0) {
a664b5bc 1940 mgmt_pending_remove(cmd);
9b74246f 1941 if (err == -ENODATA)
a81070ba
JH		 1942 err = set_connectable_update_settings(hdev, sk,
1943 cp->val);
9b74246f
JH		 1944 goto failed;
1945 }
9fbcbb45
JH		 1946
1947failed:
09fd0de5 1948 hci_dev_unlock(hdev);
9fbcbb45
JH		 1949 return err;
1950}
1951
b2939475 1952static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1953 u16 len)
c542a06c 1954{
650f726d 1955 struct mgmt_mode *cp = data;
55594356 1956 bool changed;
c542a06c
JH		 1957 int err;
1958
bdb6d971 1959 BT_DBG("request for %s", hdev->name);
c542a06c 1960
a7e80f25 1961 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1962 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1963 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1964
09fd0de5 1965 hci_dev_lock(hdev);
c542a06c
JH		 1966
1967 if (cp->val)
238be788 1968 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 1969 else
a69d8927 1970 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 1971
b2939475 1972 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1973 if (err < 0)
55594356 1974 goto unlock;
c542a06c 1975
55594356
MH		 1976 if (changed)
1977 err = new_settings(hdev, sk);
c542a06c 1978
55594356 1979unlock:
09fd0de5 1980 hci_dev_unlock(hdev);
c542a06c
JH		 1981 return err;
1982}
1983
04124681
GP		 1984static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1985 u16 len)
33ef95ed
JH		 1986{
1987 struct mgmt_mode *cp = data;
3b0602cd 1988 struct mgmt_pending_cmd *cmd;
e6fe7986 1989 u8 val, status;
33ef95ed
JH		 1990 int err;
1991
bdb6d971 1992 BT_DBG("request for %s", hdev->name);
33ef95ed 1993
e6fe7986
JH		 1994 status = mgmt_bredr_support(hdev);
1995 if (status)
a69e8375
JH		 1996 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1997 status);
33c525c0 1998
a7e80f25 1999 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2000 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2001 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2002
33ef95ed
JH		 2003 hci_dev_lock(hdev);
2004
4b34ee78 2005 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2006 bool changed = false;
2007
d7a5a11d 2008 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 2009 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 2010 changed = true;
2011 }
2012
2013 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2014 if (err < 0)
2015 goto failed;
2016
2017 if (changed)
2018 err = new_settings(hdev, sk);
2019
33ef95ed
JH		 2020 goto failed;
2021 }
2022
333ae95d 2023 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 2024 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2025 MGMT_STATUS_BUSY);
33ef95ed
JH		 2026 goto failed;
2027 }
2028
2029 val = !!cp->val;
2030
2031 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2032 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2033 goto failed;
2034 }
2035
2036 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2037 if (!cmd) {
2038 err = -ENOMEM;
2039 goto failed;
2040 }
2041
2042 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2043 if (err < 0) {
2044 mgmt_pending_remove(cmd);
2045 goto failed;
2046 }
2047
2048failed:
2049 hci_dev_unlock(hdev);
33ef95ed
JH		 2050 return err;
2051}
2052
bdb6d971 2053static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2054{
2055 struct mgmt_mode *cp = data;
3b0602cd 2056 struct mgmt_pending_cmd *cmd;
72ef0c1a 2057 u8 status;
ed2c4ee3
JH		 2058 int err;
2059
bdb6d971 2060 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2061
cdba5281
MH		 2062 status = mgmt_bredr_support(hdev);
2063 if (status)
a69e8375 2064 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 2065
13ecd8b6 2066 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2067 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2068 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2069
a7e80f25 2070 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2071 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2072 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2073
13ecd8b6 2074 hci_dev_lock(hdev);
6c8f12c1 2075
4b34ee78 2076 if (!hdev_is_powered(hdev)) {
9ecb3e24 2077 bool changed;
c0ecddc2 2078
9ecb3e24 2079 if (cp->val) {
238be788
MH		 2080 changed = !hci_dev_test_and_set_flag(hdev,
2081 HCI_SSP_ENABLED);
9ecb3e24 2082 } else {
a69d8927
MH		 2083 changed = hci_dev_test_and_clear_flag(hdev,
2084 HCI_SSP_ENABLED);
9ecb3e24 2085 if (!changed)
a69d8927
MH		 2086 changed = hci_dev_test_and_clear_flag(hdev,
2087 HCI_HS_ENABLED);
9ecb3e24 2088 else
a358dc11 2089 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 2090 }
2091
2092 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2093 if (err < 0)
2094 goto failed;
2095
2096 if (changed)
2097 err = new_settings(hdev, sk);
2098
ed2c4ee3
JH		 2099 goto failed;
2100 }
2101
333ae95d 2102 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2103 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2104 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2105 goto failed;
2106 }
2107
d7a5a11d 2108 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 2109 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2110 goto failed;
2111 }
2112
2113 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2114 if (!cmd) {
2115 err = -ENOMEM;
2116 goto failed;
2117 }
2118
d7a5a11d 2119 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 2120 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2121 sizeof(cp->val), &cp->val);
2122
72ef0c1a 2123 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2124 if (err < 0) {
2125 mgmt_pending_remove(cmd);
2126 goto failed;
2127 }
2128
2129failed:
2130 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2131 return err;
2132}
2133
bdb6d971 2134static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2135{
2136 struct mgmt_mode *cp = data;
ee392693 2137 bool changed;
e6fe7986 2138 u8 status;
ee392693 2139 int err;
6d80dfd0 2140
bdb6d971 2141 BT_DBG("request for %s", hdev->name);
6d80dfd0 2142
e6fe7986
JH		 2143 status = mgmt_bredr_support(hdev);
2144 if (status)
a69e8375 2145 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2146
9ecb3e24 2147 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2148 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2149 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 2150
d7a5a11d 2151 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 2152 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2153 MGMT_STATUS_REJECTED);
9ecb3e24 2154
a7e80f25 2155 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2156 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2157 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2158
ee392693
MH		 2159 hci_dev_lock(hdev);
2160
333ae95d 2161 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2162 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2163 MGMT_STATUS_BUSY);
a2cb01de
JH		 2164 goto unlock;
2165 }
2166
a0cdf960 2167 if (cp->val) {
238be788 2168 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 2169 } else {
2170 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2171 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2172 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2173 goto unlock;
2174 }
2175
a69d8927 2176 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 2177 }
ee392693
MH		 2178
2179 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2180 if (err < 0)
2181 goto unlock;
2182
2183 if (changed)
2184 err = new_settings(hdev, sk);
6d80dfd0 2185
ee392693
MH		 2186unlock:
2187 hci_dev_unlock(hdev);
2188 return err;
6d80dfd0
JH		 2189}
2190
1904a853 2191static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2192{
2193 struct cmd_lookup match = { NULL, hdev };
2194
3ad67582
JK		 2195 hci_dev_lock(hdev);
2196
416a4ae5
JH		 2197 if (status) {
2198 u8 mgmt_err = mgmt_status(status);
2199
2200 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2201 &mgmt_err);
3ad67582 2202 goto unlock;
416a4ae5
JH		 2203 }
2204
2205 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2206
2207 new_settings(hdev, match.sk);
2208
2209 if (match.sk)
2210 sock_put(match.sk);
441ad2d0
MH		 2211
2212 /* Make sure the controller has a good default for
2213 * advertising data. Restrict the update to when LE
2214 * has actually been enabled. During power on, the
2215 * update in powered_update_hci will take care of it.
2216 */
d7a5a11d 2217 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 2218 struct hci_request req;
2219
441ad2d0 2220 hci_req_init(&req, hdev);
5947f4bc 2221 update_adv_data(&req);
f14d8f64 2222 update_scan_rsp_data(&req);
2cf22218 2223 __hci_update_background_scan(&req);
441ad2d0 2224 hci_req_run(&req, NULL);
441ad2d0 2225 }
3ad67582
JK		 2226
2227unlock:
2228 hci_dev_unlock(hdev);
416a4ae5
JH		 2229}
2230
bdb6d971 2231static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2232{
2233 struct mgmt_mode *cp = data;
2234 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 2235 struct mgmt_pending_cmd *cmd;
416a4ae5 2236 struct hci_request req;
06199cf8 2237 int err;
0b60eba1 2238 u8 val, enabled;
06199cf8 2239
bdb6d971 2240 BT_DBG("request for %s", hdev->name);
06199cf8 2241
13ecd8b6 2242 if (!lmp_le_capable(hdev))
a69e8375
JH		 2243 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2244 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2245
a7e80f25 2246 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2247 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2248 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2249
e7844ee5
MH		 2250 /* Bluetooth single mode LE only controllers or dual-mode
2251 * controllers configured as LE only devices, do not allow
2252 * switching LE off. These have either LE enabled explicitly
2253 * or BR/EDR has been previously switched off.
2254 *
2255 * When trying to enable an already enabled LE, then gracefully
2256 * send a positive response. Trying to disable it however will
2257 * result into rejection.
2258 */
2259 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2260 if (cp->val == 0x01)
2261 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2262
a69e8375
JH		 2263 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2264 MGMT_STATUS_REJECTED);
e7844ee5 2265 }
c73eee91 2266
13ecd8b6 2267 hci_dev_lock(hdev);
06199cf8
JH		 2268
2269 val = !!cp->val;
ffa88e02 2270 enabled = lmp_host_le_capable(hdev);
06199cf8 2271
0b60eba1 2272 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2273 bool changed = false;
2274
d7a5a11d 2275 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 2276 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 2277 changed = true;
2278 }
2279
d7a5a11d 2280 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 2281 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 2282 changed = true;
2283 }
2284
06199cf8
JH		 2285 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2286 if (err < 0)
1de028ce 2287 goto unlock;
06199cf8
JH		 2288
2289 if (changed)
2290 err = new_settings(hdev, sk);
2291
1de028ce 2292 goto unlock;
06199cf8
JH		 2293 }
2294
333ae95d
JH		 2295 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2296 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2297 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2298 MGMT_STATUS_BUSY);
1de028ce 2299 goto unlock;
06199cf8
JH		 2300 }
2301
2302 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2303 if (!cmd) {
2304 err = -ENOMEM;
1de028ce 2305 goto unlock;
06199cf8
JH		 2306 }
2307
441ad2d0
MH		 2308 hci_req_init(&req, hdev);
2309
06199cf8
JH		 2310 memset(&hci_cp, 0, sizeof(hci_cp));
2311
2312 if (val) {
2313 hci_cp.le = val;
32226e4f 2314 hci_cp.simul = 0x00;
441ad2d0 2315 } else {
d7a5a11d 2316 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
441ad2d0 2317 disable_advertising(&req);
06199cf8
JH		 2318 }
2319
416a4ae5
JH		 2320 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2321 &hci_cp);
2322
2323 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2324 if (err < 0)
06199cf8 2325 mgmt_pending_remove(cmd);
06199cf8 2326
1de028ce
JH		 2327unlock:
2328 hci_dev_unlock(hdev);
06199cf8
JH		 2329 return err;
2330}
2331
0cab9c80
JH		 2332/* This is a helper function to test for pending mgmt commands that can
2333 * cause CoD or EIR HCI commands. We can only allow one such pending
2334 * mgmt command at a time since otherwise we cannot easily track what
2335 * the current values are, will be, and based on that calculate if a new
2336 * HCI command needs to be sent and if yes with what value.
2337 */
2338static bool pending_eir_or_class(struct hci_dev *hdev)
2339{
3b0602cd 2340 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2341
2342 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2343 switch (cmd->opcode) {
2344 case MGMT_OP_ADD_UUID:
2345 case MGMT_OP_REMOVE_UUID:
2346 case MGMT_OP_SET_DEV_CLASS:
2347 case MGMT_OP_SET_POWERED:
2348 return true;
2349 }
2350 }
2351
2352 return false;
2353}
2354
83be8eca
JH		 2355static const u8 bluetooth_base_uuid[] = {
2356 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2357 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2358};
2359
2360static u8 get_uuid_size(const u8 *uuid)
2361{
2362 u32 val;
2363
2364 if (memcmp(uuid, bluetooth_base_uuid, 12))
2365 return 128;
2366
2367 val = get_unaligned_le32(&uuid[12]);
2368 if (val > 0xffff)
2369 return 32;
2370
2371 return 16;
2372}
2373
92da6097
JH		 2374static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2375{
3b0602cd 2376 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2377
2378 hci_dev_lock(hdev);
2379
333ae95d 2380 cmd = pending_find(mgmt_op, hdev);
92da6097
JH		 2381 if (!cmd)
2382 goto unlock;
2383
2a1afb5a
JH		 2384 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2385 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2386
2387 mgmt_pending_remove(cmd);
2388
2389unlock:
2390 hci_dev_unlock(hdev);
2391}
2392
1904a853 2393static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2394{
2395 BT_DBG("status 0x%02x", status);
2396
2397 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2398}
2399
bdb6d971 2400static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2401{
650f726d 2402 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2403 struct mgmt_pending_cmd *cmd;
890ea898 2404 struct hci_request req;
2aeb9a1a 2405 struct bt_uuid *uuid;
2aeb9a1a
JH		 2406 int err;
2407
bdb6d971 2408 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2409
09fd0de5 2410 hci_dev_lock(hdev);
2aeb9a1a 2411
0cab9c80 2412 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2413 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2414 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2415 goto failed;
2416 }
2417
92c4c204 2418 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2419 if (!uuid) {
2420 err = -ENOMEM;
2421 goto failed;
2422 }
2423
2424 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2425 uuid->svc_hint = cp->svc_hint;
83be8eca 2426 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2427
de66aa63 2428 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2429
890ea898 2430 hci_req_init(&req, hdev);
1aff6f09 2431
890ea898
JH		 2432 update_class(&req);
2433 update_eir(&req);
2434
92da6097
JH		 2435 err = hci_req_run(&req, add_uuid_complete);
2436 if (err < 0) {
2437 if (err != -ENODATA)
2438 goto failed;
80a1e1db 2439
2a1afb5a
JH		 2440 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2441 hdev->dev_class, 3);
90e70454
JH		 2442 goto failed;
2443 }
2444
2445 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2446 if (!cmd) {
90e70454 2447 err = -ENOMEM;
890ea898
JH		 2448 goto failed;
2449 }
2450
2451 err = 0;
2aeb9a1a
JH		 2452
2453failed:
09fd0de5 2454 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2455 return err;
2456}
2457
24b78d0f
JH		 2458static bool enable_service_cache(struct hci_dev *hdev)
2459{
2460 if (!hdev_is_powered(hdev))
2461 return false;
2462
238be788 2463 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2464 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2465 CACHE_TIMEOUT);
24b78d0f
JH		 2466 return true;
2467 }
2468
2469 return false;
2470}
2471
1904a853 2472static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2473{
2474 BT_DBG("status 0x%02x", status);
2475
2476 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2477}
2478
bdb6d971 2479static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2480 u16 len)
2aeb9a1a 2481{
650f726d 2482 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2483 struct mgmt_pending_cmd *cmd;
056341c8 2484 struct bt_uuid *match, *tmp;
2aeb9a1a 2485 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2486 struct hci_request req;
2aeb9a1a
JH		 2487 int err, found;
2488
bdb6d971 2489 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2490
09fd0de5 2491 hci_dev_lock(hdev);
2aeb9a1a 2492
0cab9c80 2493 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2494 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2495 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2496 goto unlock;
2497 }
2498
2aeb9a1a 2499 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2500 hci_uuids_clear(hdev);
4004b6d9 2501
24b78d0f 2502 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2503 err = mgmt_cmd_complete(sk, hdev->id,
2504 MGMT_OP_REMOVE_UUID,
2505 0, hdev->dev_class, 3);
24b78d0f
JH		 2506 goto unlock;
2507 }
4004b6d9 2508
9246a869 2509 goto update_class;
2aeb9a1a
JH		 2510 }
2511
2512 found = 0;
2513
056341c8 2514 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2515 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2516 continue;
2517
2518 list_del(&match->list);
482049f7 2519 kfree(match);
2aeb9a1a
JH		 2520 found++;
2521 }
2522
2523 if (found == 0) {
a69e8375
JH		 2524 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2525 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2526 goto unlock;
2527 }
2528
9246a869 2529update_class:
890ea898 2530 hci_req_init(&req, hdev);
1aff6f09 2531
890ea898
JH		 2532 update_class(&req);
2533 update_eir(&req);
2534
92da6097
JH		 2535 err = hci_req_run(&req, remove_uuid_complete);
2536 if (err < 0) {
2537 if (err != -ENODATA)
2538 goto unlock;
80a1e1db 2539
2a1afb5a
JH		 2540 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2541 hdev->dev_class, 3);
90e70454
JH		 2542 goto unlock;
2543 }
2544
2545 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2546 if (!cmd) {
90e70454 2547 err = -ENOMEM;
890ea898
JH		 2548 goto unlock;
2549 }
2550
2551 err = 0;
2aeb9a1a
JH		 2552
2553unlock:
09fd0de5 2554 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2555 return err;
2556}
2557
1904a853 2558static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2559{
2560 BT_DBG("status 0x%02x", status);
2561
2562 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2563}
2564
bdb6d971 2565static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2566 u16 len)
1aff6f09 2567{
650f726d 2568 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2569 struct mgmt_pending_cmd *cmd;
890ea898 2570 struct hci_request req;
1aff6f09
JH		 2571 int err;
2572
bdb6d971 2573 BT_DBG("request for %s", hdev->name);
1aff6f09 2574
6203fc98 2575 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2576 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2577 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2578
0cab9c80 2579 hci_dev_lock(hdev);
ee98f473 2580
0cab9c80 2581 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2582 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2583 MGMT_STATUS_BUSY);
0cab9c80
JH		 2584 goto unlock;
2585 }
c95f0ba7 2586
0cab9c80 2587 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2588 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2589 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2590 goto unlock;
2591 }
575b3a02 2592
932f5ff5
JH		 2593 hdev->major_class = cp->major;
2594 hdev->minor_class = cp->minor;
2595
b5235a65 2596 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2597 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2598 hdev->dev_class, 3);
b5235a65
JH		 2599 goto unlock;
2600 }
2601
890ea898
JH		 2602 hci_req_init(&req, hdev);
2603
a69d8927 2604 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2605 hci_dev_unlock(hdev);
2606 cancel_delayed_work_sync(&hdev->service_cache);
2607 hci_dev_lock(hdev);
890ea898 2608 update_eir(&req);
7d78525d 2609 }
14c0b608 2610
890ea898
JH		 2611 update_class(&req);
2612
92da6097
JH		 2613 err = hci_req_run(&req, set_class_complete);
2614 if (err < 0) {
2615 if (err != -ENODATA)
2616 goto unlock;
1aff6f09 2617
2a1afb5a
JH		 2618 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2619 hdev->dev_class, 3);
90e70454
JH		 2620 goto unlock;
2621 }
2622
2623 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2624 if (!cmd) {
90e70454 2625 err = -ENOMEM;
890ea898
JH		 2626 goto unlock;
2627 }
2628
2629 err = 0;
1aff6f09 2630
b5235a65 2631unlock:
09fd0de5 2632 hci_dev_unlock(hdev);
1aff6f09
JH		 2633 return err;
2634}
2635
bdb6d971 2636static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2637 u16 len)
55ed8ca1 2638{
650f726d 2639 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2640 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2641 sizeof(struct mgmt_link_key_info));
4e51eae9 2642 u16 key_count, expected_len;
b1de97d8 2643 bool changed;
a492cd52 2644 int i;
55ed8ca1 2645
9060d5cf
MH		 2646 BT_DBG("request for %s", hdev->name);
2647
2648 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2649 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2650 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2651
1f350c87 2652 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2653 if (key_count > max_key_count) {
2654 BT_ERR("load_link_keys: too big key_count value %u",
2655 key_count);
a69e8375
JH		 2656 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2657 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2658 }
55ed8ca1 2659
86742e1e
JH		 2660 expected_len = sizeof(*cp) + key_count *
2661 sizeof(struct mgmt_link_key_info);
a492cd52 2662 if (expected_len != len) {
86742e1e 2663 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2664 expected_len, len);
a69e8375
JH		 2665 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2666 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2667 }
2668
4ae14301 2669 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2670 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2671 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2672
bdb6d971 2673 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2674 key_count);
55ed8ca1 2675
4ee71b20
JH		 2676 for (i = 0; i < key_count; i++) {
2677 struct mgmt_link_key_info *key = &cp->keys[i];
2678
8e991132 2679 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2680 return mgmt_cmd_status(sk, hdev->id,
2681 MGMT_OP_LOAD_LINK_KEYS,
2682 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2683 }
2684
09fd0de5 2685 hci_dev_lock(hdev);
55ed8ca1
JH		 2686
2687 hci_link_keys_clear(hdev);
2688
55ed8ca1 2689 if (cp->debug_keys)
238be788 2690 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2691 else
a69d8927
MH		 2692 changed = hci_dev_test_and_clear_flag(hdev,
2693 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2694
2695 if (changed)
2696 new_settings(hdev, NULL);
55ed8ca1 2697
a492cd52 2698 for (i = 0; i < key_count; i++) {
86742e1e 2699 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2700
58e9293c
JH		 2701 /* Always ignore debug keys and require a new pairing if
2702 * the user wants to use them.
2703 */
2704 if (key->type == HCI_LK_DEBUG_COMBINATION)
2705 continue;
2706
7652ff6a
JH		 2707 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2708 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2709 }
2710
2a1afb5a 2711 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2712
09fd0de5 2713 hci_dev_unlock(hdev);
55ed8ca1 2714
a492cd52 2715 return 0;
55ed8ca1
JH		 2716}
2717
b1078ad0 2718static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2719 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2720{
2721 struct mgmt_ev_device_unpaired ev;
2722
2723 bacpy(&ev.addr.bdaddr, bdaddr);
2724 ev.addr.type = addr_type;
2725
2726 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2727 skip_sk);
b1078ad0
JH		 2728}
2729
bdb6d971 2730static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2731 u16 len)
55ed8ca1 2732{
124f6e35
JH		 2733 struct mgmt_cp_unpair_device *cp = data;
2734 struct mgmt_rp_unpair_device rp;
a8a1d19e 2735 struct hci_cp_disconnect dc;
3b0602cd 2736 struct mgmt_pending_cmd *cmd;
55ed8ca1 2737 struct hci_conn *conn;
55ed8ca1
JH		 2738 int err;
2739
a8a1d19e 2740 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2741 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2742 rp.addr.type = cp->addr.type;
a8a1d19e 2743
4ee71b20 2744 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2745 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2746 MGMT_STATUS_INVALID_PARAMS,
2747 &rp, sizeof(rp));
4ee71b20 2748
118da70b 2749 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2750 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2751 MGMT_STATUS_INVALID_PARAMS,
2752 &rp, sizeof(rp));
118da70b 2753
4ee71b20
JH		 2754 hci_dev_lock(hdev);
2755
86a8cfc6 2756 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2757 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2758 MGMT_STATUS_NOT_POWERED, &rp,
2759 sizeof(rp));
86a8cfc6
JH		 2760 goto unlock;
2761 }
2762
e0b2b27e 2763 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2764 /* If disconnection is requested, then look up the
2765 * connection. If the remote device is connected, it
2766 * will be later used to terminate the link.
2767 *
2768 * Setting it to NULL explicitly will cause no
2769 * termination of the link.
2770 */
2771 if (cp->disconnect)
2772 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2773 &cp->addr.bdaddr);
2774 else
2775 conn = NULL;
2776
124f6e35 2777 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2778 } else {
2779 u8 addr_type;
2780
89cbb063
AA		 2781 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2782 &cp->addr.bdaddr);
2783 if (conn) {
2784 /* Defer clearing up the connection parameters
2785 * until closing to give a chance of keeping
2786 * them if a repairing happens.
2787 */
2788 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2789
2790 /* If disconnection is not requested, then
2791 * clear the connection variable so that the
2792 * link is not terminated.
2793 */
2794 if (!cp->disconnect)
2795 conn = NULL;
2796 }
2797
e0b2b27e
JH		 2798 if (cp->addr.type == BDADDR_LE_PUBLIC)
2799 addr_type = ADDR_LE_DEV_PUBLIC;
2800 else
2801 addr_type = ADDR_LE_DEV_RANDOM;
2802
a7ec7338
JH		 2803 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2804
e0b2b27e
JH		 2805 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2806 }
b0dbfb46 2807
55ed8ca1 2808 if (err < 0) {
2a1afb5a
JH		 2809 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2810 MGMT_STATUS_NOT_PAIRED, &rp,
2811 sizeof(rp));
55ed8ca1
JH		 2812 goto unlock;
2813 }
2814
89cbb063
AA		 2815 /* If the connection variable is set, then termination of the
2816 * link is requested.
2817 */
a8a1d19e 2818 if (!conn) {
2a1afb5a
JH		 2819 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2820 &rp, sizeof(rp));
b1078ad0 2821 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2822 goto unlock;
2823 }
55ed8ca1 2824
124f6e35 2825 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2826 sizeof(*cp));
a8a1d19e
JH		 2827 if (!cmd) {
2828 err = -ENOMEM;
2829 goto unlock;
55ed8ca1
JH		 2830 }
2831
d8b7b1e4
JH		 2832 cmd->cmd_complete = addr_cmd_complete;
2833
eb55ef07 2834 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2835 dc.reason = 0x13; /* Remote User Terminated Connection */
2836 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2837 if (err < 0)
2838 mgmt_pending_remove(cmd);
2839
55ed8ca1 2840unlock:
09fd0de5 2841 hci_dev_unlock(hdev);
55ed8ca1
JH		 2842 return err;
2843}
2844
bdb6d971 2845static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2846 u16 len)
8962ee74 2847{
650f726d 2848 struct mgmt_cp_disconnect *cp = data;
06a63b19 2849 struct mgmt_rp_disconnect rp;
3b0602cd 2850 struct mgmt_pending_cmd *cmd;
8962ee74 2851 struct hci_conn *conn;
8962ee74
JH		 2852 int err;
2853
2854 BT_DBG("");
2855
06a63b19
JH		 2856 memset(&rp, 0, sizeof(rp));
2857 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2858 rp.addr.type = cp->addr.type;
2859
4ee71b20 2860 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2861 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2862 MGMT_STATUS_INVALID_PARAMS,
2863 &rp, sizeof(rp));
4ee71b20 2864
09fd0de5 2865 hci_dev_lock(hdev);
8962ee74
JH		 2866
2867 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2868 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2869 MGMT_STATUS_NOT_POWERED, &rp,
2870 sizeof(rp));
8962ee74
JH		 2871 goto failed;
2872 }
2873
333ae95d 2874 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2875 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2876 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2877 goto failed;
2878 }
2879
591f47f3 2880 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2881 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2882 &cp->addr.bdaddr);
88c3df13
JH		 2883 else
2884 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2885
f960727e 2886 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2887 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2888 MGMT_STATUS_NOT_CONNECTED, &rp,
2889 sizeof(rp));
8962ee74
JH		 2890 goto failed;
2891 }
2892
2e58ef3e 2893 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2894 if (!cmd) {
2895 err = -ENOMEM;
8962ee74 2896 goto failed;
366a0336 2897 }
8962ee74 2898
f5818c22
JH		 2899 cmd->cmd_complete = generic_cmd_complete;
2900
e3f2f92a 2901 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2902 if (err < 0)
a664b5bc 2903 mgmt_pending_remove(cmd);
8962ee74
JH		 2904
2905failed:
09fd0de5 2906 hci_dev_unlock(hdev);
8962ee74
JH		 2907 return err;
2908}
2909
57c1477c 2910static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2911{
2912 switch (link_type) {
2913 case LE_LINK:
48264f06
JH		 2914 switch (addr_type) {
2915 case ADDR_LE_DEV_PUBLIC:
591f47f3 2916 return BDADDR_LE_PUBLIC;
0ed09148 2917
48264f06 2918 default:
0ed09148 2919 /* Fallback to LE Random address type */
591f47f3 2920 return BDADDR_LE_RANDOM;
48264f06 2921 }
0ed09148 2922
4c659c39 2923 default:
0ed09148 2924 /* Fallback to BR/EDR type */
591f47f3 2925 return BDADDR_BREDR;
4c659c39
JH		 2926 }
2927}
2928
04124681
GP		 2929static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2930 u16 data_len)
2784eb41 2931{
2784eb41 2932 struct mgmt_rp_get_connections *rp;
8035ded4 2933 struct hci_conn *c;
a38528f1 2934 size_t rp_len;
60fc5fb6
JH		 2935 int err;
2936 u16 i;
2784eb41
JH		 2937
2938 BT_DBG("");
2939
09fd0de5 2940 hci_dev_lock(hdev);
2784eb41 2941
5f97c1df 2942 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2943 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2944 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2945 goto unlock;
2946 }
2947
60fc5fb6 2948 i = 0;
b644ba33
JH		 2949 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2950 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2951 i++;
2784eb41
JH		 2952 }
2953
60fc5fb6 2954 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2955 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2956 if (!rp) {
2784eb41
JH		 2957 err = -ENOMEM;
2958 goto unlock;
2959 }
2960
2784eb41 2961 i = 0;
4c659c39 2962 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2963 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2964 continue;
4c659c39 2965 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2966 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2967 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2968 continue;
2969 i++;
2970 }
2971
eb55ef07 2972 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2973
4c659c39
JH		 2974 /* Recalculate length in case of filtered SCO connections, etc */
2975 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2976
2a1afb5a
JH		 2977 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2978 rp_len);
2784eb41 2979
a38528f1 2980 kfree(rp);
5f97c1df
JH		 2981
2982unlock:
09fd0de5 2983 hci_dev_unlock(hdev);
2784eb41
JH		 2984 return err;
2985}
2986
bdb6d971 2987static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2988 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 2989{
3b0602cd 2990 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 2991 int err;
2992
2e58ef3e 2993 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2994 sizeof(*cp));
96d97a67
WR		 2995 if (!cmd)
2996 return -ENOMEM;
2997
d8457698 2998 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2999 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 3000 if (err < 0)
3001 mgmt_pending_remove(cmd);
3002
3003 return err;
3004}
3005
bdb6d971 3006static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3007 u16 len)
980e1a53 3008{
96d97a67 3009 struct hci_conn *conn;
650f726d 3010 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3011 struct hci_cp_pin_code_reply reply;
3b0602cd 3012 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3013 int err;
3014
3015 BT_DBG("");
3016
09fd0de5 3017 hci_dev_lock(hdev);
980e1a53 3018
4b34ee78 3019 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3020 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3021 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3022 goto failed;
3023 }
3024
d8457698 3025 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3026 if (!conn) {
a69e8375
JH		 3027 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3028 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3029 goto failed;
3030 }
3031
3032 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3033 struct mgmt_cp_pin_code_neg_reply ncp;
3034
3035 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3036
3037 BT_ERR("PIN code is not 16 bytes long");
3038
bdb6d971 3039 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3040 if (err >= 0)
a69e8375
JH		 3041 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3042 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3043
3044 goto failed;
3045 }
3046
00abfe44 3047 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3048 if (!cmd) {
3049 err = -ENOMEM;
980e1a53 3050 goto failed;
366a0336 3051 }
980e1a53 3052
7776d1d8
JH		 3053 cmd->cmd_complete = addr_cmd_complete;
3054
d8457698 3055 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3056 reply.pin_len = cp->pin_len;
24718ca5 3057 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3058
3059 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3060 if (err < 0)
a664b5bc 3061 mgmt_pending_remove(cmd);
980e1a53
JH		 3062
3063failed:
09fd0de5 3064 hci_dev_unlock(hdev);
980e1a53
JH		 3065 return err;
3066}
3067
04124681
GP		 3068static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3069 u16 len)
17fa4b9d 3070{
650f726d 3071 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3072
3073 BT_DBG("");
3074
4ec86d4c 3075 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3076 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3077 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 3078
09fd0de5 3079 hci_dev_lock(hdev);
17fa4b9d
JH		 3080
3081 hdev->io_capability = cp->io_capability;
3082
3083 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3084 hdev->io_capability);
17fa4b9d 3085
09fd0de5 3086 hci_dev_unlock(hdev);
17fa4b9d 3087
2a1afb5a
JH		 3088 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3089 NULL, 0);
17fa4b9d
JH		 3090}
3091
3b0602cd 3092static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3093{
3094 struct hci_dev *hdev = conn->hdev;
3b0602cd 3095 struct mgmt_pending_cmd *cmd;
e9a416b5 3096
2e58ef3e 3097 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3098 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3099 continue;
3100
e9a416b5
JH		 3101 if (cmd->user_data != conn)
3102 continue;
3103
3104 return cmd;
3105 }
3106
3107 return NULL;
3108}
3109
3b0602cd 3110static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3111{
3112 struct mgmt_rp_pair_device rp;
3113 struct hci_conn *conn = cmd->user_data;
9df74653 3114 int err;
e9a416b5 3115
61b1a7fb
JH		 3116 bacpy(&rp.addr.bdaddr, &conn->dst);
3117 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3118
2a1afb5a
JH		 3119 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3120 status, &rp, sizeof(rp));
e9a416b5
JH		 3121
3122 /* So we don't get further callbacks for this connection */
3123 conn->connect_cfm_cb = NULL;
3124 conn->security_cfm_cb = NULL;
3125 conn->disconn_cfm_cb = NULL;
3126
76a68ba0 3127 hci_conn_drop(conn);
89cbb063
AA		 3128
3129 /* The device is paired so there is no need to remove
3130 * its connection parameters anymore.
3131 */
3132 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3133
3134 hci_conn_put(conn);
9df74653
JH		 3135
3136 return err;
e9a416b5
JH		 3137}
3138
f4a407be
JH		 3139void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3140{
3141 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3142 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3143
3144 cmd = find_pairing(conn);
a511b35b 3145 if (cmd) {
04ab2749 3146 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3147 mgmt_pending_remove(cmd);
3148 }
f4a407be
JH		 3149}
3150
e9a416b5
JH		 3151static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3152{
3b0602cd 3153 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3154
3155 BT_DBG("status %u", status);
3156
3157 cmd = find_pairing(conn);
a511b35b 3158 if (!cmd) {
e9a416b5 3159 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3160 return;
3161 }
3162
3163 cmd->cmd_complete(cmd, mgmt_status(status));
3164 mgmt_pending_remove(cmd);
e9a416b5
JH		 3165}
3166
f4a407be 3167static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3168{
3b0602cd 3169 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3170
3171 BT_DBG("status %u", status);
3172
3173 if (!status)
3174 return;
3175
3176 cmd = find_pairing(conn);
a511b35b 3177 if (!cmd) {
4c47d739 3178 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3179 return;
3180 }
3181
3182 cmd->cmd_complete(cmd, mgmt_status(status));
3183 mgmt_pending_remove(cmd);
4c47d739
VA		 3184}
3185
bdb6d971 3186static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3187 u16 len)
e9a416b5 3188{
650f726d 3189 struct mgmt_cp_pair_device *cp = data;
1425acb7 3190 struct mgmt_rp_pair_device rp;
3b0602cd 3191 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3192 u8 sec_level, auth_type;
3193 struct hci_conn *conn;
e9a416b5
JH		 3194 int err;
3195
3196 BT_DBG("");
3197
f950a30e
SJ		 3198 memset(&rp, 0, sizeof(rp));
3199 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3200 rp.addr.type = cp->addr.type;
3201
4ee71b20 3202 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3203 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3204 MGMT_STATUS_INVALID_PARAMS,
3205 &rp, sizeof(rp));
4ee71b20 3206
4ec86d4c 3207 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3208 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3209 MGMT_STATUS_INVALID_PARAMS,
3210 &rp, sizeof(rp));
4ec86d4c 3211
09fd0de5 3212 hci_dev_lock(hdev);
e9a416b5 3213
5f97c1df 3214 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3215 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3216 MGMT_STATUS_NOT_POWERED, &rp,
3217 sizeof(rp));
5f97c1df
JH		 3218 goto unlock;
3219 }
3220
55e76b38
JH		 3221 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3222 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3223 MGMT_STATUS_ALREADY_PAIRED, &rp,
3224 sizeof(rp));
3225 goto unlock;
3226 }
3227
c908df36 3228 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3229 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3230
6f77d8c7 3231 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3232 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3233 auth_type);
6f77d8c7
AG		 3234 } else {
3235 u8 addr_type;
3236
3237 /* Convert from L2CAP channel address type to HCI address type
3238 */
3239 if (cp->addr.type == BDADDR_LE_PUBLIC)
3240 addr_type = ADDR_LE_DEV_PUBLIC;
3241 else
3242 addr_type = ADDR_LE_DEV_RANDOM;
3243
7c264b10
MH		 3244 /* When pairing a new device, it is expected to remember
3245 * this device for future connections. Adding the connection
3246 * parameter information ahead of time allows tracking
3247 * of the slave preferred values and will speed up any
3248 * further connection establishment.
3249 *
3250 * If connection parameters already exist, then they
3251 * will be kept and this function does nothing.
3252 */
3253 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3254
6f77d8c7 3255 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3256 sec_level, HCI_LE_CONN_TIMEOUT,
3257 HCI_ROLE_MASTER);
6f77d8c7 3258 }
7a512d01 3259
30e76272 3260 if (IS_ERR(conn)) {
489dc48e
AK		 3261 int status;
3262
3263 if (PTR_ERR(conn) == -EBUSY)
3264 status = MGMT_STATUS_BUSY;
faa81030
LR		 3265 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3266 status = MGMT_STATUS_NOT_SUPPORTED;
3267 else if (PTR_ERR(conn) == -ECONNREFUSED)
3268 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3269 else
3270 status = MGMT_STATUS_CONNECT_FAILED;
3271
2a1afb5a
JH		 3272 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3273 status, &rp, sizeof(rp));
e9a416b5
JH		 3274 goto unlock;
3275 }
3276
3277 if (conn->connect_cfm_cb) {
76a68ba0 3278 hci_conn_drop(conn);
2a1afb5a
JH		 3279 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3280 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3281 goto unlock;
3282 }
3283
2e58ef3e 3284 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3285 if (!cmd) {
3286 err = -ENOMEM;
76a68ba0 3287 hci_conn_drop(conn);
e9a416b5
JH		 3288 goto unlock;
3289 }
3290
04ab2749
JH		 3291 cmd->cmd_complete = pairing_complete;
3292
7a512d01 3293 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3294 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3295 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3296 conn->security_cfm_cb = pairing_complete_cb;
3297 conn->disconn_cfm_cb = pairing_complete_cb;
3298 } else {
3299 conn->connect_cfm_cb = le_pairing_complete_cb;
3300 conn->security_cfm_cb = le_pairing_complete_cb;
3301 conn->disconn_cfm_cb = le_pairing_complete_cb;
3302 }
7a512d01 3303
e9a416b5 3304 conn->io_capability = cp->io_cap;
f8aaf9b6 3305 cmd->user_data = hci_conn_get(conn);
e9a416b5 3306
6f78fd4b 3307 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3308 hci_conn_security(conn, sec_level, auth_type, true)) {
3309 cmd->cmd_complete(cmd, 0);
3310 mgmt_pending_remove(cmd);
3311 }
e9a416b5
JH		 3312
3313 err = 0;
3314
3315unlock:
09fd0de5 3316 hci_dev_unlock(hdev);
e9a416b5
JH		 3317 return err;
3318}
3319
04124681
GP		 3320static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3321 u16 len)
28424707 3322{
0f4e68cf 3323 struct mgmt_addr_info *addr = data;
3b0602cd 3324 struct mgmt_pending_cmd *cmd;
28424707
JH		 3325 struct hci_conn *conn;
3326 int err;
3327
3328 BT_DBG("");
3329
28424707
JH		 3330 hci_dev_lock(hdev);
3331
5f97c1df 3332 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3333 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3334 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3335 goto unlock;
3336 }
3337
333ae95d 3338 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 3339 if (!cmd) {
a69e8375
JH		 3340 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3341 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3342 goto unlock;
3343 }
3344
3345 conn = cmd->user_data;
3346
3347 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3348 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3349 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3350 goto unlock;
3351 }
3352
a511b35b
JH		 3353 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3354 mgmt_pending_remove(cmd);
28424707 3355
2a1afb5a
JH		 3356 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3357 addr, sizeof(*addr));
28424707
JH		 3358unlock:
3359 hci_dev_unlock(hdev);
28424707
JH		 3360 return err;
3361}
3362
bdb6d971 3363static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3364 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3365 u16 hci_op, __le32 passkey)
a5c29683 3366{
3b0602cd 3367 struct mgmt_pending_cmd *cmd;
0df4c185 3368 struct hci_conn *conn;
a5c29683
JH		 3369 int err;
3370
09fd0de5 3371 hci_dev_lock(hdev);
08ba5382 3372
4b34ee78 3373 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3374 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3375 MGMT_STATUS_NOT_POWERED, addr,
3376 sizeof(*addr));
0df4c185 3377 goto done;
a5c29683
JH		 3378 }
3379
1707c60e
JH		 3380 if (addr->type == BDADDR_BREDR)
3381 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3382 else
1707c60e 3383 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3384
3385 if (!conn) {
2a1afb5a
JH		 3386 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3387 MGMT_STATUS_NOT_CONNECTED, addr,
3388 sizeof(*addr));
272d90df
JH		 3389 goto done;
3390 }
47c15e2b 3391
1707c60e 3392 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3393 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3394 if (!err)
2a1afb5a
JH		 3395 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3396 MGMT_STATUS_SUCCESS, addr,
3397 sizeof(*addr));
5fe57d9e 3398 else
2a1afb5a
JH		 3399 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3400 MGMT_STATUS_FAILED, addr,
3401 sizeof(*addr));
47c15e2b 3402
47c15e2b
BG		 3403 goto done;
3404 }
3405
1707c60e 3406 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3407 if (!cmd) {
3408 err = -ENOMEM;
0df4c185 3409 goto done;
a5c29683
JH		 3410 }
3411
7776d1d8
JH		 3412 cmd->cmd_complete = addr_cmd_complete;
3413
0df4c185 3414 /* Continue with pairing via HCI */
604086b7
BG		 3415 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3416 struct hci_cp_user_passkey_reply cp;
3417
1707c60e 3418 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3419 cp.passkey = passkey;
3420 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3421 } else
1707c60e
JH		 3422 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3423 &addr->bdaddr);
604086b7 3424
a664b5bc
JH		 3425 if (err < 0)
3426 mgmt_pending_remove(cmd);
a5c29683 3427
0df4c185 3428done:
09fd0de5 3429 hci_dev_unlock(hdev);
a5c29683
JH		 3430 return err;
3431}
3432
afeb019d
JK		 3433static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3434 void *data, u16 len)
3435{
3436 struct mgmt_cp_pin_code_neg_reply *cp = data;
3437
3438 BT_DBG("");
3439
1707c60e 3440 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3441 MGMT_OP_PIN_CODE_NEG_REPLY,
3442 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3443}
3444
04124681
GP		 3445static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3446 u16 len)
0df4c185 3447{
650f726d 3448 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3449
3450 BT_DBG("");
3451
3452 if (len != sizeof(*cp))
a69e8375
JH		 3453 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3454 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3455
1707c60e 3456 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3457 MGMT_OP_USER_CONFIRM_REPLY,
3458 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3459}
3460
bdb6d971 3461static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3462 void *data, u16 len)
0df4c185 3463{
c9c2659f 3464 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3465
3466 BT_DBG("");
3467
1707c60e 3468 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3469 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3470 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3471}
3472
04124681
GP		 3473static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3474 u16 len)
604086b7 3475{
650f726d 3476 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3477
3478 BT_DBG("");
3479
1707c60e 3480 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3481 MGMT_OP_USER_PASSKEY_REPLY,
3482 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3483}
3484
bdb6d971 3485static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3486 void *data, u16 len)
604086b7 3487{
650f726d 3488 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3489
3490 BT_DBG("");
3491
1707c60e 3492 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3493 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3494 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3495}
3496
13928971 3497static void update_name(struct hci_request *req)
2b4bf397 3498{
13928971 3499 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3500 struct hci_cp_write_local_name cp;
3501
13928971 3502 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3503
890ea898 3504 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3505}
3506
1904a853 3507static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3508{
3509 struct mgmt_cp_set_local_name *cp;
3b0602cd 3510 struct mgmt_pending_cmd *cmd;
13928971
JH		 3511
3512 BT_DBG("status 0x%02x", status);
3513
3514 hci_dev_lock(hdev);
3515
333ae95d 3516 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 3517 if (!cmd)
3518 goto unlock;
3519
3520 cp = cmd->param;
3521
3522 if (status)
a69e8375
JH		 3523 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3524 mgmt_status(status));
13928971 3525 else
2a1afb5a
JH		 3526 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3527 cp, sizeof(*cp));
13928971
JH		 3528
3529 mgmt_pending_remove(cmd);
3530
3531unlock:
3532 hci_dev_unlock(hdev);
3533}
3534
bdb6d971 3535static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3536 u16 len)
b312b161 3537{
2b4bf397 3538 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3539 struct mgmt_pending_cmd *cmd;
890ea898 3540 struct hci_request req;
b312b161
JH		 3541 int err;
3542
3543 BT_DBG("");
3544
09fd0de5 3545 hci_dev_lock(hdev);
b312b161 3546
b3f2ca94
JH		 3547 /* If the old values are the same as the new ones just return a
3548 * direct command complete event.
3549 */
3550 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3551 !memcmp(hdev->short_name, cp->short_name,
3552 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3553 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3554 data, len);
b3f2ca94
JH		 3555 goto failed;
3556 }
3557
2b4bf397 3558 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3559
b5235a65 3560 if (!hdev_is_powered(hdev)) {
2b4bf397 3561 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3562
2a1afb5a
JH		 3563 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3564 data, len);
28cc7bde
JH		 3565 if (err < 0)
3566 goto failed;
3567
f6b7712e
MH		 3568 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3569 data, len, sk);
28cc7bde 3570
b5235a65
JH		 3571 goto failed;
3572 }
3573
28cc7bde 3574 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3575 if (!cmd) {
3576 err = -ENOMEM;
3577 goto failed;
3578 }
3579
13928971
JH		 3580 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3581
890ea898 3582 hci_req_init(&req, hdev);
3f985050
JH		 3583
3584 if (lmp_bredr_capable(hdev)) {
3585 update_name(&req);
3586 update_eir(&req);
3587 }
3588
7a5f4990
MH		 3589 /* The name is stored in the scan response data and so
3590 * no need to udpate the advertising data here.
3591 */
3f985050 3592 if (lmp_le_capable(hdev))
7a5f4990 3593 update_scan_rsp_data(&req);
3f985050 3594
13928971 3595 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3596 if (err < 0)
3597 mgmt_pending_remove(cmd);
3598
3599failed:
09fd0de5 3600 hci_dev_unlock(hdev);
b312b161
JH		 3601 return err;
3602}
3603
0f4e68cf 3604static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3605 void *data, u16 data_len)
c35938b2 3606{
3b0602cd 3607 struct mgmt_pending_cmd *cmd;
c35938b2
SJ		 3608 int err;
3609
bdb6d971 3610 BT_DBG("%s", hdev->name);
c35938b2 3611
09fd0de5 3612 hci_dev_lock(hdev);
c35938b2 3613
4b34ee78 3614 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3615 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3616 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3617 goto unlock;
3618 }
3619
9a1a1996 3620 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3621 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3622 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3623 goto unlock;
3624 }
3625
333ae95d 3626 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3627 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3628 MGMT_STATUS_BUSY);
c35938b2
SJ		 3629 goto unlock;
3630 }
3631
2e58ef3e 3632 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3633 if (!cmd) {
3634 err = -ENOMEM;
3635 goto unlock;
3636 }
3637
710f11c0 3638 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3639 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3640 0, NULL);
3641 else
3642 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3643
c35938b2
SJ		 3644 if (err < 0)
3645 mgmt_pending_remove(cmd);
3646
3647unlock:
09fd0de5 3648 hci_dev_unlock(hdev);
c35938b2
SJ		 3649 return err;
3650}
3651
bdb6d971 3652static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3653 void *data, u16 len)
2763eda6 3654{
5d57e796 3655 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3656 int err;
3657
bdb6d971 3658 BT_DBG("%s ", hdev->name);
2763eda6 3659
5d57e796 3660 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3661 return mgmt_cmd_complete(sk, hdev->id,
3662 MGMT_OP_ADD_REMOTE_OOB_DATA,
3663 MGMT_STATUS_INVALID_PARAMS,
3664 addr, sizeof(*addr));
5d57e796 3665
09fd0de5 3666 hci_dev_lock(hdev);
2763eda6 3667
ec109113
MH		 3668 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3669 struct mgmt_cp_add_remote_oob_data *cp = data;
3670 u8 status;
bf1e3541 3671
c19a495c 3672 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3673 err = mgmt_cmd_complete(sk, hdev->id,
3674 MGMT_OP_ADD_REMOTE_OOB_DATA,
3675 MGMT_STATUS_INVALID_PARAMS,
3676 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3677 goto unlock;
3678 }
3679
ec109113 3680 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3681 cp->addr.type, cp->hash,
3682 cp->rand, NULL, NULL);
ec109113
MH		 3683 if (err < 0)
3684 status = MGMT_STATUS_FAILED;
3685 else
3686 status = MGMT_STATUS_SUCCESS;
3687
2a1afb5a
JH		 3688 err = mgmt_cmd_complete(sk, hdev->id,
3689 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3690 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3691 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3692 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3693 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3694 u8 status;
3695
86df9200 3696 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3697 /* Enforce zero-valued 192-bit parameters as
3698 * long as legacy SMP OOB isn't implemented.
3699 */
3700 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3701 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3702 err = mgmt_cmd_complete(sk, hdev->id,
3703 MGMT_OP_ADD_REMOTE_OOB_DATA,
3704 MGMT_STATUS_INVALID_PARAMS,
3705 addr, sizeof(*addr));
d25b78e2
JH		 3706 goto unlock;
3707 }
3708
86df9200
JH		 3709 rand192 = NULL;
3710 hash192 = NULL;
3711 } else {
41bcfd50
MH		 3712 /* In case one of the P-192 values is set to zero,
3713 * then just disable OOB data for P-192.
3714 */
3715 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3716 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3717 rand192 = NULL;
3718 hash192 = NULL;
3719 } else {
3720 rand192 = cp->rand192;
3721 hash192 = cp->hash192;
3722 }
3723 }
3724
3725 /* In case one of the P-256 values is set to zero, then just
3726 * disable OOB data for P-256.
3727 */
3728 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3729 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3730 rand256 = NULL;
3731 hash256 = NULL;
3732 } else {
3733 rand256 = cp->rand256;
3734 hash256 = cp->hash256;
86df9200
JH		 3735 }
3736
81328d5c 3737 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3738 cp->addr.type, hash192, rand192,
41bcfd50 3739 hash256, rand256);
ec109113
MH		 3740 if (err < 0)
3741 status = MGMT_STATUS_FAILED;
3742 else
3743 status = MGMT_STATUS_SUCCESS;
3744
2a1afb5a
JH		 3745 err = mgmt_cmd_complete(sk, hdev->id,
3746 MGMT_OP_ADD_REMOTE_OOB_DATA,
3747 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3748 } else {
3749 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3750 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3751 MGMT_STATUS_INVALID_PARAMS);
ec109113 3752 }
2763eda6 3753
c19a495c 3754unlock:
09fd0de5 3755 hci_dev_unlock(hdev);
2763eda6
SJ		 3756 return err;
3757}
3758
bdb6d971 3759static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3760 void *data, u16 len)
2763eda6 3761{
650f726d 3762 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3763 u8 status;
2763eda6
SJ		 3764 int err;
3765
bdb6d971 3766 BT_DBG("%s", hdev->name);
2763eda6 3767
c19a495c 3768 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3769 return mgmt_cmd_complete(sk, hdev->id,
3770 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3771 MGMT_STATUS_INVALID_PARAMS,
3772 &cp->addr, sizeof(cp->addr));
c19a495c 3773
09fd0de5 3774 hci_dev_lock(hdev);
2763eda6 3775
eedbd581
JH		 3776 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3777 hci_remote_oob_data_clear(hdev);
3778 status = MGMT_STATUS_SUCCESS;
3779 goto done;
3780 }
3781
6928a924 3782 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3783 if (err < 0)
bf1e3541 3784 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3785 else
a6785be2 3786 status = MGMT_STATUS_SUCCESS;
bf1e3541 3787
eedbd581 3788done:
2a1afb5a
JH		 3789 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3790 status, &cp->addr, sizeof(cp->addr));
2763eda6 3791
09fd0de5 3792 hci_dev_unlock(hdev);
2763eda6
SJ		 3793 return err;
3794}
3795
812abb13 3796static bool trigger_bredr_inquiry(struct hci_request *req, u8 *status)
41dc2bd6 3797{
8019044d 3798 struct hci_dev *hdev = req->hdev;
812abb13 3799 struct hci_cp_inquiry cp;
8019044d
MH		 3800 /* General inquiry access code (GIAC) */
3801 u8 lap[3] = { 0x33, 0x8b, 0x9e };
812abb13
JP		 3802
3803 *status = mgmt_bredr_support(hdev);
3804 if (*status)
3805 return false;
3806
3807 if (hci_dev_test_flag(hdev, HCI_INQUIRY)) {
3808 *status = MGMT_STATUS_BUSY;
3809 return false;
3810 }
3811
3812 hci_inquiry_cache_flush(hdev);
3813
3814 memset(&cp, 0, sizeof(cp));
3815 memcpy(&cp.lap, lap, sizeof(cp.lap));
3816 cp.length = DISCOV_BREDR_INQUIRY_LEN;
3817
3818 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
3819
3820 return true;
3821}
3822
3823static bool trigger_le_scan(struct hci_request *req, u16 interval, u8 *status)
3824{
3825 struct hci_dev *hdev = req->hdev;
3826 struct hci_cp_le_set_scan_param param_cp;
3827 struct hci_cp_le_set_scan_enable enable_cp;
8019044d 3828 u8 own_addr_type;
41dc2bd6
AG		 3829 int err;
3830
812abb13
JP		 3831 *status = mgmt_le_support(hdev);
3832 if (*status)
3833 return false;
41dc2bd6 3834
812abb13
JP		 3835 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
3836 /* Don't let discovery abort an outgoing connection attempt
3837 * that's using directed advertising.
3838 */
3839 if (hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) {
3840 *status = MGMT_STATUS_REJECTED;
8019044d
MH		 3841 return false;
3842 }
41dc2bd6 3843
812abb13
JP		 3844 disable_advertising(req);
3845 }
41dc2bd6 3846
812abb13
JP		 3847 /* If controller is scanning, it means the background scanning is
3848 * running. Thus, we should temporarily stop it in order to set the
3849 * discovery scanning parameters.
3850 */
3851 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
3852 hci_req_add_le_scan_disable(req);
41dc2bd6 3853
812abb13
JP		 3854 /* All active scans will be done with either a resolvable private
3855 * address (when privacy feature has been enabled) or non-resolvable
3856 * private address.
3857 */
3858 err = hci_update_random_address(req, true, &own_addr_type);
3859 if (err < 0) {
3860 *status = MGMT_STATUS_FAILED;
3861 return false;
3862 }
8019044d 3863
812abb13
JP		 3864 memset(&param_cp, 0, sizeof(param_cp));
3865 param_cp.type = LE_SCAN_ACTIVE;
3866 param_cp.interval = cpu_to_le16(interval);
3867 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3868 param_cp.own_address_type = own_addr_type;
8019044d 3869
812abb13
JP		 3870 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3871 &param_cp);
8019044d 3872
812abb13
JP		 3873 memset(&enable_cp, 0, sizeof(enable_cp));
3874 enable_cp.enable = LE_SCAN_ENABLE;
3875 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
8019044d 3876
812abb13
JP		 3877 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3878 &enable_cp);
3879
3880 return true;
3881}
8019044d 3882
812abb13
JP		 3883static bool trigger_discovery(struct hci_request *req, u8 *status)
3884{
3885 struct hci_dev *hdev = req->hdev;
8019044d 3886
812abb13
JP		 3887 switch (hdev->discovery.type) {
3888 case DISCOV_TYPE_BREDR:
3889 if (!trigger_bredr_inquiry(req, status))
3890 return false;
3891 break;
3892
3893 case DISCOV_TYPE_INTERLEAVED:
07d2334a
JP		 3894 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
3895 &hdev->quirks)) {
3896 /* During simultaneous discovery, we double LE scan
3897 * interval. We must leave some time for the controller
3898 * to do BR/EDR inquiry.
3899 */
3900 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT * 2,
3901 status))
3902 return false;
3903
3904 if (!trigger_bredr_inquiry(req, status))
3905 return false;
3906
3907 return true;
3908 }
3909
812abb13
JP		 3910 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
3911 *status = MGMT_STATUS_NOT_SUPPORTED;
8019044d
MH		 3912 return false;
3913 }
812abb13 3914 /* fall through */
8019044d 3915
812abb13
JP		 3916 case DISCOV_TYPE_LE:
3917 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT, status))
3918 return false;
8019044d
MH		 3919 break;
3920
3921 default:
3922 *status = MGMT_STATUS_INVALID_PARAMS;
3923 return false;
3924 }
3925
3926 return true;
41dc2bd6
AG		 3927}
3928
1904a853
MH		 3929static void start_discovery_complete(struct hci_dev *hdev, u8 status,
3930 u16 opcode)
7c307720 3931{
3b0602cd 3932 struct mgmt_pending_cmd *cmd;
11e6e25d 3933 unsigned long timeout;
ae55f598 3934
7c307720
AG		 3935 BT_DBG("status %d", status);
3936
11e6e25d 3937 hci_dev_lock(hdev);
41dc2bd6 3938
333ae95d 3939 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 3940 if (!cmd)
333ae95d 3941 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 3942
11e6e25d 3943 if (cmd) {
2922a94f 3944 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3945 mgmt_pending_remove(cmd);
3946 }
7c307720
AG		 3947
3948 if (status) {
11e6e25d
MH		 3949 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3950 goto unlock;
7c307720
AG		 3951 }
3952
7c307720 3953 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720 3954
2d28cfe7
JP		 3955 /* If the scan involves LE scan, pick proper timeout to schedule
3956 * hdev->le_scan_disable that will stop it.
3957 */
7c307720
AG		 3958 switch (hdev->discovery.type) {
3959 case DISCOV_TYPE_LE:
3d5a76f0 3960 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 3961 break;
7c307720 3962 case DISCOV_TYPE_INTERLEAVED:
07d2334a
JP		 3963 /* When running simultaneous discovery, the LE scanning time
3964 * should occupy the whole discovery time sine BR/EDR inquiry
3965 * and LE scanning are scheduled by the controller.
3966 *
3967 * For interleaving discovery in comparison, BR/EDR inquiry
3968 * and LE scanning are done sequentially with separate
3969 * timeouts.
3970 */
3971 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
3972 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3973 else
3974 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 3975 break;
7c307720 3976 case DISCOV_TYPE_BREDR:
11e6e25d 3977 timeout = 0;
7c307720 3978 break;
7c307720
AG		 3979 default:
3980 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 3981 timeout = 0;
3982 break;
7c307720 3983 }
ae55f598 3984
2d28cfe7
JP		 3985 if (timeout) {
3986 /* When service discovery is used and the controller has
3987 * a strict duplicate filter, it is important to remember
3988 * the start and duration of the scan. This is required
3989 * for restarting scanning during the discovery phase.
3990 */
3991 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
3992 &hdev->quirks) &&
82f8b651 3993 hdev->discovery.result_filtering) {
2d28cfe7
JP		 3994 hdev->discovery.scan_start = jiffies;
3995 hdev->discovery.scan_duration = timeout;
3996 }
3997
11e6e25d
MH		 3998 queue_delayed_work(hdev->workqueue,
3999 &hdev->le_scan_disable, timeout);
2d28cfe7 4000 }
ae55f598 4001
11e6e25d
MH		 4002unlock:
4003 hci_dev_unlock(hdev);
7c307720
AG		 4004}
4005
bdb6d971 4006static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 4007 void *data, u16 len)
14a53664 4008{
650f726d 4009 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 4010 struct mgmt_pending_cmd *cmd;
7c307720 4011 struct hci_request req;
8019044d 4012 u8 status;
14a53664
JH		 4013 int err;
4014
bdb6d971 4015 BT_DBG("%s", hdev->name);
14a53664 4016
09fd0de5 4017 hci_dev_lock(hdev);
14a53664 4018
4b34ee78 4019 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4020 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4021 MGMT_STATUS_NOT_POWERED,
4022 &cp->type, sizeof(cp->type));
bd2d1334
JH		 4023 goto failed;
4024 }
4025
f5a969f2 4026 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4027 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4028 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4029 MGMT_STATUS_BUSY, &cp->type,
4030 sizeof(cp->type));
642be6c7
AG		 4031 goto failed;
4032 }
4033
2922a94f 4034 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 4035 if (!cmd) {
4036 err = -ENOMEM;
4037 goto failed;
4038 }
4039
2922a94f
JH		 4040 cmd->cmd_complete = generic_cmd_complete;
4041
22078800
MH		 4042 /* Clear the discovery filter first to free any previously
4043 * allocated memory for the UUID list.
4044 */
4045 hci_discovery_filter_clear(hdev);
4046
4aab14e5 4047 hdev->discovery.type = cp->type;
da25cf6a 4048 hdev->discovery.report_invalid_rssi = false;
4aab14e5 4049
7c307720
AG		 4050 hci_req_init(&req, hdev);
4051
8019044d 4052 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4053 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4054 status, &cp->type, sizeof(cp->type));
04106755
JH		 4055 mgmt_pending_remove(cmd);
4056 goto failed;
f39799f5 4057 }
04106755 4058
7c307720 4059 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 4060 if (err < 0) {
14a53664 4061 mgmt_pending_remove(cmd);
f5a969f2
MH		 4062 goto failed;
4063 }
7c307720 4064
f5a969f2 4065 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 4066
14a53664 4067failed:
09fd0de5 4068 hci_dev_unlock(hdev);
14a53664
JH		 4069 return err;
4070}
f39799f5 4071
3b0602cd
JH		 4072static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4073 u8 status)
2922a94f 4074{
2a1afb5a
JH		 4075 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4076 cmd->param, 1);
2922a94f 4077}
04106755 4078
66ea9427
JP		 4079static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4080 void *data, u16 len)
4081{
4082 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 4083 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 4084 struct hci_request req;
4085 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4086 u16 uuid_count, expected_len;
4087 u8 status;
4088 int err;
04106755 4089
66ea9427 4090 BT_DBG("%s", hdev->name);
e8bb6b97 4091
66ea9427 4092 hci_dev_lock(hdev);
7c307720 4093
66ea9427 4094 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4095 err = mgmt_cmd_complete(sk, hdev->id,
4096 MGMT_OP_START_SERVICE_DISCOVERY,
4097 MGMT_STATUS_NOT_POWERED,
4098 &cp->type, sizeof(cp->type));
66ea9427
JP		 4099 goto failed;
4100 }
7c307720 4101
66ea9427 4102 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4103 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4104 err = mgmt_cmd_complete(sk, hdev->id,
4105 MGMT_OP_START_SERVICE_DISCOVERY,
4106 MGMT_STATUS_BUSY, &cp->type,
4107 sizeof(cp->type));
66ea9427
JP		 4108 goto failed;
4109 }
d9483943 4110
66ea9427
JP		 4111 uuid_count = __le16_to_cpu(cp->uuid_count);
4112 if (uuid_count > max_uuid_count) {
4113 BT_ERR("service_discovery: too big uuid_count value %u",
4114 uuid_count);
2a1afb5a
JH		 4115 err = mgmt_cmd_complete(sk, hdev->id,
4116 MGMT_OP_START_SERVICE_DISCOVERY,
4117 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4118 sizeof(cp->type));
66ea9427
JP		 4119 goto failed;
4120 }
4121
4122 expected_len = sizeof(*cp) + uuid_count * 16;
4123 if (expected_len != len) {
4124 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4125 expected_len, len);
2a1afb5a
JH		 4126 err = mgmt_cmd_complete(sk, hdev->id,
4127 MGMT_OP_START_SERVICE_DISCOVERY,
4128 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4129 sizeof(cp->type));
66ea9427
JP		 4130 goto failed;
4131 }
4132
4133 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4134 hdev, data, len);
66ea9427
JP		 4135 if (!cmd) {
4136 err = -ENOMEM;
4137 goto failed;
4138 }
4139
2922a94f
JH		 4140 cmd->cmd_complete = service_discovery_cmd_complete;
4141
22078800
MH		 4142 /* Clear the discovery filter first to free any previously
4143 * allocated memory for the UUID list.
4144 */
4145 hci_discovery_filter_clear(hdev);
4146
82f8b651 4147 hdev->discovery.result_filtering = true;
66ea9427
JP		 4148 hdev->discovery.type = cp->type;
4149 hdev->discovery.rssi = cp->rssi;
4150 hdev->discovery.uuid_count = uuid_count;
4151
4152 if (uuid_count > 0) {
4153 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4154 GFP_KERNEL);
4155 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4156 err = mgmt_cmd_complete(sk, hdev->id,
4157 MGMT_OP_START_SERVICE_DISCOVERY,
4158 MGMT_STATUS_FAILED,
4159 &cp->type, sizeof(cp->type));
d9483943
JH		 4160 mgmt_pending_remove(cmd);
4161 goto failed;
4162 }
66ea9427 4163 }
d9483943 4164
66ea9427 4165 hci_req_init(&req, hdev);
5e0452c0 4166
66ea9427 4167 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4168 err = mgmt_cmd_complete(sk, hdev->id,
4169 MGMT_OP_START_SERVICE_DISCOVERY,
4170 status, &cp->type, sizeof(cp->type));
04106755
JH		 4171 mgmt_pending_remove(cmd);
4172 goto failed;
f39799f5 4173 }
3fd24153 4174
7c307720 4175 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4176 if (err < 0) {
14a53664 4177 mgmt_pending_remove(cmd);
66ea9427
JP		 4178 goto failed;
4179 }
4180
4181 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4182
4183failed:
09fd0de5 4184 hci_dev_unlock(hdev);
14a53664
JH		 4185 return err;
4186}
4187
1904a853 4188static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1183fdca 4189{
3b0602cd 4190 struct mgmt_pending_cmd *cmd;
1183fdca 4191
0e05bba6
AG		 4192 BT_DBG("status %d", status);
4193
4194 hci_dev_lock(hdev);
4195
333ae95d 4196 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 4197 if (cmd) {
2922a94f 4198 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4199 mgmt_pending_remove(cmd);
0e05bba6
AG		 4200 }
4201
11e6e25d
MH		 4202 if (!status)
4203 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4204
0e05bba6
AG		 4205 hci_dev_unlock(hdev);
4206}
4207
bdb6d971 4208static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4209 u16 len)
14a53664 4210{
d930650b 4211 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4212 struct mgmt_pending_cmd *cmd;
0e05bba6 4213 struct hci_request req;
14a53664
JH		 4214 int err;
4215
bdb6d971 4216 BT_DBG("%s", hdev->name);
14a53664 4217
09fd0de5 4218 hci_dev_lock(hdev);
14a53664 4219
30dc78e1 4220 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4221 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4222 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4223 sizeof(mgmt_cp->type));
d930650b
JH		 4224 goto unlock;
4225 }
4226
4227 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4228 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4229 MGMT_STATUS_INVALID_PARAMS,
4230 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4231 goto unlock;
ff9ef578
JH		 4232 }
4233
2922a94f 4234 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4235 if (!cmd) {
4236 err = -ENOMEM;
30dc78e1
JH		 4237 goto unlock;
4238 }
4239
2922a94f
JH		 4240 cmd->cmd_complete = generic_cmd_complete;
4241
0e05bba6
AG		 4242 hci_req_init(&req, hdev);
4243
21a60d30 4244 hci_stop_discovery(&req);
e0d9727e 4245
21a60d30
JH		 4246 err = hci_req_run(&req, stop_discovery_complete);
4247 if (!err) {
4248 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4249 goto unlock;
14a53664
JH		 4250 }
4251
21a60d30
JH		 4252 mgmt_pending_remove(cmd);
4253
4254 /* If no HCI commands were sent we're done */
4255 if (err == -ENODATA) {
2a1afb5a
JH		 4256 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4257 &mgmt_cp->type, sizeof(mgmt_cp->type));
21a60d30
JH		 4258 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4259 }
14a53664 4260
30dc78e1 4261unlock:
09fd0de5 4262 hci_dev_unlock(hdev);
14a53664
JH		 4263 return err;
4264}
4265
bdb6d971 4266static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4267 u16 len)
561aafbc 4268{
650f726d 4269 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4270 struct inquiry_entry *e;
561aafbc
JH		 4271 int err;
4272
bdb6d971 4273 BT_DBG("%s", hdev->name);
561aafbc 4274
561aafbc
JH		 4275 hci_dev_lock(hdev);
4276
30dc78e1 4277 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4278 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4279 MGMT_STATUS_FAILED, &cp->addr,
4280 sizeof(cp->addr));
30dc78e1
JH		 4281 goto failed;
4282 }
4283
a198e7b1 4284 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4285 if (!e) {
2a1afb5a
JH		 4286 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4287 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4288 sizeof(cp->addr));
561aafbc
JH		 4289 goto failed;
4290 }
4291
4292 if (cp->name_known) {
4293 e->name_state = NAME_KNOWN;
4294 list_del(&e->list);
4295 } else {
4296 e->name_state = NAME_NEEDED;
a3d4e20a 4297 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4298 }
4299
2a1afb5a
JH		 4300 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4301 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4302
4303failed:
4304 hci_dev_unlock(hdev);
561aafbc
JH		 4305 return err;
4306}
4307
bdb6d971 4308static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4309 u16 len)
7fbec224 4310{
650f726d 4311 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4312 u8 status;
7fbec224
AJ		 4313 int err;
4314
bdb6d971 4315 BT_DBG("%s", hdev->name);
7fbec224 4316
4ee71b20 4317 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4318 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4319 MGMT_STATUS_INVALID_PARAMS,
4320 &cp->addr, sizeof(cp->addr));
4ee71b20 4321
09fd0de5 4322 hci_dev_lock(hdev);
5e762444 4323
dcc36c16
JH		 4324 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4325 cp->addr.type);
2a8357f2 4326 if (err < 0) {
f0eeea8b 4327 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4328 goto done;
4329 }
4330
4331 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4332 sk);
4333 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4334
2a8357f2 4335done:
2a1afb5a
JH		 4336 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4337 &cp->addr, sizeof(cp->addr));
5e762444 4338
09fd0de5 4339 hci_dev_unlock(hdev);
7fbec224
AJ		 4340
4341 return err;
4342}
4343
bdb6d971 4344static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4345 u16 len)
7fbec224 4346{
650f726d 4347 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4348 u8 status;
7fbec224
AJ		 4349 int err;
4350
bdb6d971 4351 BT_DBG("%s", hdev->name);
7fbec224 4352
4ee71b20 4353 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4354 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4355 MGMT_STATUS_INVALID_PARAMS,
4356 &cp->addr, sizeof(cp->addr));
4ee71b20 4357
09fd0de5 4358 hci_dev_lock(hdev);
5e762444 4359
dcc36c16
JH		 4360 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4361 cp->addr.type);
2a8357f2 4362 if (err < 0) {
f0eeea8b 4363 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4364 goto done;
4365 }
4366
4367 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4368 sk);
4369 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4370
2a8357f2 4371done:
2a1afb5a
JH		 4372 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4373 &cp->addr, sizeof(cp->addr));
5e762444 4374
09fd0de5 4375 hci_dev_unlock(hdev);
7fbec224
AJ		 4376
4377 return err;
4378}
4379
cdbaccca
MH		 4380static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4381 u16 len)
4382{
4383 struct mgmt_cp_set_device_id *cp = data;
890ea898 4384 struct hci_request req;
cdbaccca 4385 int err;
c72d4b8a 4386 __u16 source;
cdbaccca
MH		 4387
4388 BT_DBG("%s", hdev->name);
4389
c72d4b8a
SJ		 4390 source = __le16_to_cpu(cp->source);
4391
4392 if (source > 0x0002)
a69e8375
JH		 4393 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4394 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4395
cdbaccca
MH		 4396 hci_dev_lock(hdev);
4397
c72d4b8a 4398 hdev->devid_source = source;
cdbaccca
MH		 4399 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4400 hdev->devid_product = __le16_to_cpu(cp->product);
4401 hdev->devid_version = __le16_to_cpu(cp->version);
4402
2a1afb5a
JH		 4403 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4404 NULL, 0);
cdbaccca 4405
890ea898
JH		 4406 hci_req_init(&req, hdev);
4407 update_eir(&req);
4408 hci_req_run(&req, NULL);
cdbaccca
MH		 4409
4410 hci_dev_unlock(hdev);
4411
4412 return err;
4413}
4414
24b4f38f
AU		 4415static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4416 u16 opcode)
4417{
4418 BT_DBG("status %d", status);
4419}
4420
1904a853
MH		 4421static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4422 u16 opcode)
4375f103
JH		 4423{
4424 struct cmd_lookup match = { NULL, hdev };
24b4f38f 4425 struct hci_request req;
4375f103 4426
3ad67582
JK		 4427 hci_dev_lock(hdev);
4428
4375f103
JH		 4429 if (status) {
4430 u8 mgmt_err = mgmt_status(status);
4431
4432 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4433 cmd_status_rsp, &mgmt_err);
3ad67582 4434 goto unlock;
4375f103
JH		 4435 }
4436
d7a5a11d 4437 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 4438 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 4439 else
a358dc11 4440 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 4441
4375f103
JH		 4442 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4443 &match);
4444
4445 new_settings(hdev, match.sk);
4446
4447 if (match.sk)
4448 sock_put(match.sk);
3ad67582 4449
24b4f38f
AU		 4450 /* If "Set Advertising" was just disabled and instance advertising was
4451 * set up earlier, then enable the advertising instance.
4452 */
4453 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4454 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
4455 goto unlock;
4456
4457 hci_req_init(&req, hdev);
4458
4459 update_adv_data(&req);
4460 enable_advertising(&req);
4461
4462 if (hci_req_run(&req, enable_advertising_instance) < 0)
4463 BT_ERR("Failed to re-configure advertising");
4464
3ad67582
JK		 4465unlock:
4466 hci_dev_unlock(hdev);
4375f103
JH		 4467}
4468
21b5187f
MH		 4469static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4470 u16 len)
4375f103
JH		 4471{
4472 struct mgmt_mode *cp = data;
3b0602cd 4473 struct mgmt_pending_cmd *cmd;
4375f103 4474 struct hci_request req;
cc91cb04 4475 u8 val, status;
4375f103
JH		 4476 int err;
4477
4478 BT_DBG("request for %s", hdev->name);
4479
e6fe7986
JH		 4480 status = mgmt_le_support(hdev);
4481 if (status)
a69e8375
JH		 4482 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4483 status);
4375f103 4484
cc91cb04 4485 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4486 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4487 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4488
4489 hci_dev_lock(hdev);
4490
4491 val = !!cp->val;
4375f103 4492
f74ca9b8
JH		 4493 /* The following conditions are ones which mean that we should
4494 * not do any HCI communication but directly send a mgmt
4495 * response to user space (after toggling the flag if
4496 * necessary).
4497 */
cc91cb04 4498 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 4499 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4500 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 4501 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 4502 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 4503 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 4504 bool changed;
4375f103 4505
cc91cb04 4506 if (cp->val) {
238be788 4507 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 4508 if (cp->val == 0x02)
a1536da2 4509 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4510 else
a358dc11 4511 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4512 } else {
a69d8927 4513 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 4514 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 4515 }
4516
4517 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4518 if (err < 0)
4519 goto unlock;
4520
4521 if (changed)
4522 err = new_settings(hdev, sk);
4523
4524 goto unlock;
4525 }
4526
333ae95d
JH		 4527 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4528 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4529 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4530 MGMT_STATUS_BUSY);
4375f103
JH		 4531 goto unlock;
4532 }
4533
4534 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4535 if (!cmd) {
4536 err = -ENOMEM;
4537 goto unlock;
4538 }
4539
4540 hci_req_init(&req, hdev);
4541
cc91cb04 4542 if (cp->val == 0x02)
a1536da2 4543 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4544 else
a358dc11 4545 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4546
24b4f38f
AU		 4547 if (val) {
4548 /* Switch to instance "0" for the Set Advertising setting. */
4549 update_adv_data_for_instance(&req, 0);
bba3aa55 4550 enable_advertising(&req);
24b4f38f 4551 } else {
bba3aa55 4552 disable_advertising(&req);
24b4f38f 4553 }
4375f103
JH		 4554
4555 err = hci_req_run(&req, set_advertising_complete);
4556 if (err < 0)
4557 mgmt_pending_remove(cmd);
4558
4559unlock:
4560 hci_dev_unlock(hdev);
4561 return err;
4562}
4563
d13eafce
MH		 4564static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4565 void *data, u16 len)
4566{
4567 struct mgmt_cp_set_static_address *cp = data;
4568 int err;
4569
4570 BT_DBG("%s", hdev->name);
4571
62af4443 4572 if (!lmp_le_capable(hdev))
a69e8375
JH		 4573 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4574 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4575
4576 if (hdev_is_powered(hdev))
a69e8375
JH		 4577 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4578 MGMT_STATUS_REJECTED);
d13eafce
MH		 4579
4580 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4581 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4582 return mgmt_cmd_status(sk, hdev->id,
4583 MGMT_OP_SET_STATIC_ADDRESS,
4584 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4585
4586 /* Two most significant bits shall be set */
4587 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4588 return mgmt_cmd_status(sk, hdev->id,
4589 MGMT_OP_SET_STATIC_ADDRESS,
4590 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4591 }
4592
4593 hci_dev_lock(hdev);
4594
4595 bacpy(&hdev->static_addr, &cp->bdaddr);
4596
93690c22
MH		 4597 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4598 if (err < 0)
4599 goto unlock;
4600
4601 err = new_settings(hdev, sk);
d13eafce 4602
93690c22 4603unlock:
d13eafce 4604 hci_dev_unlock(hdev);
d13eafce
MH		 4605 return err;
4606}
4607
14b49b9a
MH		 4608static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4609 void *data, u16 len)
4610{
4611 struct mgmt_cp_set_scan_params *cp = data;
4612 __u16 interval, window;
4613 int err;
4614
4615 BT_DBG("%s", hdev->name);
4616
4617 if (!lmp_le_capable(hdev))
a69e8375
JH		 4618 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4619 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4620
4621 interval = __le16_to_cpu(cp->interval);
4622
4623 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4624 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4625 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4626
4627 window = __le16_to_cpu(cp->window);
4628
4629 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4630 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4631 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4632
899e1075 4633 if (window > interval)
a69e8375
JH		 4634 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4635 MGMT_STATUS_INVALID_PARAMS);
899e1075 4636
14b49b9a
MH		 4637 hci_dev_lock(hdev);
4638
4639 hdev->le_scan_interval = interval;
4640 hdev->le_scan_window = window;
4641
2a1afb5a
JH		 4642 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4643 NULL, 0);
14b49b9a 4644
dd2ef8e2
AG		 4645 /* If background scan is running, restart it so new parameters are
4646 * loaded.
4647 */
d7a5a11d 4648 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4649 hdev->discovery.state == DISCOVERY_STOPPED) {
4650 struct hci_request req;
4651
4652 hci_req_init(&req, hdev);
4653
4654 hci_req_add_le_scan_disable(&req);
4655 hci_req_add_le_passive_scan(&req);
4656
4657 hci_req_run(&req, NULL);
4658 }
4659
14b49b9a
MH		 4660 hci_dev_unlock(hdev);
4661
4662 return err;
4663}
4664
1904a853
MH		 4665static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4666 u16 opcode)
33e38b3e 4667{
3b0602cd 4668 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4669
4670 BT_DBG("status 0x%02x", status);
4671
4672 hci_dev_lock(hdev);
4673
333ae95d 4674 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
33e38b3e
JH		 4675 if (!cmd)
4676 goto unlock;
4677
4678 if (status) {
a69e8375
JH		 4679 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4680 mgmt_status(status));
33e38b3e 4681 } else {
1a4d3c4b
JH		 4682 struct mgmt_mode *cp = cmd->param;
4683
4684 if (cp->val)
a1536da2 4685 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4686 else
a358dc11 4687 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4688
33e38b3e
JH		 4689 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4690 new_settings(hdev, cmd->sk);
4691 }
4692
4693 mgmt_pending_remove(cmd);
4694
4695unlock:
4696 hci_dev_unlock(hdev);
4697}
4698
bdb6d971 4699static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4700 void *data, u16 len)
f6422ec6 4701{
650f726d 4702 struct mgmt_mode *cp = data;
3b0602cd 4703 struct mgmt_pending_cmd *cmd;
33e38b3e 4704 struct hci_request req;
f6422ec6
AJ		 4705 int err;
4706
bdb6d971 4707 BT_DBG("%s", hdev->name);
f6422ec6 4708
d7a5a11d 4709 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4710 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4711 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4712 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4713
a7e80f25 4714 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4715 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4716 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4717
f6422ec6
AJ		 4718 hci_dev_lock(hdev);
4719
333ae95d 4720 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4721 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4722 MGMT_STATUS_BUSY);
05cbf29f
JH		 4723 goto unlock;
4724 }
4725
d7a5a11d 4726 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4727 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4728 hdev);
4729 goto unlock;
4730 }
4731
406ef2a6 4732 if (!hdev_is_powered(hdev)) {
ce05d603 4733 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4734 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4735 hdev);
4736 new_settings(hdev, sk);
4737 goto unlock;
4738 }
4739
33e38b3e
JH		 4740 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4741 data, len);
4742 if (!cmd) {
4743 err = -ENOMEM;
4744 goto unlock;
f6422ec6
AJ		 4745 }
4746
33e38b3e
JH		 4747 hci_req_init(&req, hdev);
4748
406d7804 4749 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4750
4751 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4752 if (err < 0) {
a69e8375
JH		 4753 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4754 MGMT_STATUS_FAILED);
33e38b3e 4755 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4756 }
4757
33e38b3e 4758unlock:
f6422ec6 4759 hci_dev_unlock(hdev);
33e38b3e 4760
f6422ec6
AJ		 4761 return err;
4762}
4763
1904a853 4764static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4765{
3b0602cd 4766 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4767
4768 BT_DBG("status 0x%02x", status);
4769
4770 hci_dev_lock(hdev);
4771
333ae95d 4772 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
0663ca2a
JH		 4773 if (!cmd)
4774 goto unlock;
4775
4776 if (status) {
4777 u8 mgmt_err = mgmt_status(status);
4778
4779 /* We need to restore the flag if related HCI commands
4780 * failed.
4781 */
a358dc11 4782 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4783
a69e8375 4784 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4785 } else {
4786 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4787 new_settings(hdev, cmd->sk);
4788 }
4789
4790 mgmt_pending_remove(cmd);
4791
4792unlock:
4793 hci_dev_unlock(hdev);
4794}
4795
4796static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4797{
4798 struct mgmt_mode *cp = data;
3b0602cd 4799 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4800 struct hci_request req;
4801 int err;
4802
4803 BT_DBG("request for %s", hdev->name);
4804
4805 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4806 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4807 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4808
d7a5a11d 4809 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4810 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4811 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4812
4813 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4814 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4815 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4816
4817 hci_dev_lock(hdev);
4818
d7a5a11d 4819 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4820 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4821 goto unlock;
4822 }
4823
4824 if (!hdev_is_powered(hdev)) {
4825 if (!cp->val) {
a358dc11
MH		 4826 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4827 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4828 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4829 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4830 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4831 }
4832
ce05d603 4833 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4834
4835 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4836 if (err < 0)
4837 goto unlock;
4838
4839 err = new_settings(hdev, sk);
4840 goto unlock;
4841 }
4842
4843 /* Reject disabling when powered on */
4844 if (!cp->val) {
a69e8375
JH		 4845 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4846 MGMT_STATUS_REJECTED);
0663ca2a 4847 goto unlock;
111e4bcc
MH		 4848 } else {
4849 /* When configuring a dual-mode controller to operate
4850 * with LE only and using a static address, then switching
4851 * BR/EDR back on is not allowed.
4852 *
4853 * Dual-mode controllers shall operate with the public
4854 * address as its identity address for BR/EDR and LE. So
4855 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4856 *
4857 * The same restrictions applies when secure connections
4858 * has been enabled. For BR/EDR this is a controller feature
4859 * while for LE it is a host stack feature. This means that
4860 * switching BR/EDR back on when secure connections has been
4861 * enabled is not a supported transaction.
111e4bcc 4862 */
d7a5a11d 4863 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 4864 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 4865 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 4866 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4867 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4868 goto unlock;
4869 }
0663ca2a
JH		 4870 }
4871
333ae95d 4872 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4873 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4874 MGMT_STATUS_BUSY);
0663ca2a
JH		 4875 goto unlock;
4876 }
4877
4878 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4879 if (!cmd) {
4880 err = -ENOMEM;
4881 goto unlock;
4882 }
4883
5947f4bc 4884 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4885 * generates the correct flags.
4886 */
a1536da2 4887 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4888
4889 hci_req_init(&req, hdev);
aa8af46e 4890
432df05e 4891 write_fast_connectable(&req, false);
1d2dc5b7 4892 __hci_update_page_scan(&req);
aa8af46e 4893
f14d8f64
MH		 4894 /* Since only the advertising data flags will change, there
4895 * is no need to update the scan response data.
4896 */
5947f4bc 4897 update_adv_data(&req);
aa8af46e 4898
0663ca2a
JH		 4899 err = hci_req_run(&req, set_bredr_complete);
4900 if (err < 0)
4901 mgmt_pending_remove(cmd);
4902
4903unlock:
4904 hci_dev_unlock(hdev);
4905 return err;
4906}
4907
a1443f5a
JH		 4908static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4909{
3b0602cd 4910 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4911 struct mgmt_mode *cp;
4912
4913 BT_DBG("%s status %u", hdev->name, status);
4914
4915 hci_dev_lock(hdev);
4916
333ae95d 4917 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
a1443f5a
JH		 4918 if (!cmd)
4919 goto unlock;
4920
4921 if (status) {
a69e8375
JH		 4922 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4923 mgmt_status(status));
a1443f5a
JH		 4924 goto remove;
4925 }
4926
4927 cp = cmd->param;
4928
4929 switch (cp->val) {
4930 case 0x00:
a358dc11
MH		 4931 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4932 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4933 break;
4934 case 0x01:
a1536da2 4935 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 4936 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4937 break;
4938 case 0x02:
a1536da2
MH		 4939 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4940 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4941 break;
4942 }
4943
4944 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4945 new_settings(hdev, cmd->sk);
4946
4947remove:
4948 mgmt_pending_remove(cmd);
4949unlock:
4950 hci_dev_unlock(hdev);
4951}
4952
eac83dc6
MH		 4953static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4954 void *data, u16 len)
4955{
4956 struct mgmt_mode *cp = data;
3b0602cd 4957 struct mgmt_pending_cmd *cmd;
a1443f5a 4958 struct hci_request req;
a3209694 4959 u8 val;
eac83dc6
MH		 4960 int err;
4961
4962 BT_DBG("request for %s", hdev->name);
4963
05b3c3e7 4964 if (!lmp_sc_capable(hdev) &&
d7a5a11d 4965 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4966 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4967 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 4968
d7a5a11d 4969 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 4970 lmp_sc_capable(hdev) &&
d7a5a11d 4971 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 4972 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4973 MGMT_STATUS_REJECTED);
ed93ec69 4974
0ab04a9c 4975 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 4976 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 4977 MGMT_STATUS_INVALID_PARAMS);
4978
4979 hci_dev_lock(hdev);
4980
05b3c3e7 4981 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 4982 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 4983 bool changed;
4984
0ab04a9c 4985 if (cp->val) {
238be788
MH		 4986 changed = !hci_dev_test_and_set_flag(hdev,
4987 HCI_SC_ENABLED);
0ab04a9c 4988 if (cp->val == 0x02)
a1536da2 4989 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4990 else
a358dc11 4991 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4992 } else {
a69d8927
MH		 4993 changed = hci_dev_test_and_clear_flag(hdev,
4994 HCI_SC_ENABLED);
a358dc11 4995 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4996 }
eac83dc6
MH		 4997
4998 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4999 if (err < 0)
5000 goto failed;
5001
5002 if (changed)
5003 err = new_settings(hdev, sk);
5004
5005 goto failed;
5006 }
5007
333ae95d 5008 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 5009 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5010 MGMT_STATUS_BUSY);
eac83dc6
MH		 5011 goto failed;
5012 }
5013
0ab04a9c
MH		 5014 val = !!cp->val;
5015
d7a5a11d
MH		 5016 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5017 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 5018 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5019 goto failed;
5020 }
5021
5022 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5023 if (!cmd) {
5024 err = -ENOMEM;
5025 goto failed;
5026 }
5027
a1443f5a
JH		 5028 hci_req_init(&req, hdev);
5029 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5030 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 5031 if (err < 0) {
5032 mgmt_pending_remove(cmd);
5033 goto failed;
5034 }
5035
5036failed:
5037 hci_dev_unlock(hdev);
5038 return err;
5039}
5040
4e39ac81
MH		 5041static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5042 void *data, u16 len)
5043{
5044 struct mgmt_mode *cp = data;
b9710979 5045 bool changed, use_changed;
4e39ac81
MH		 5046 int err;
5047
5048 BT_DBG("request for %s", hdev->name);
5049
b9710979 5050 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 5051 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5052 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 5053
5054 hci_dev_lock(hdev);
5055
5056 if (cp->val)
238be788 5057 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 5058 else
a69d8927
MH		 5059 changed = hci_dev_test_and_clear_flag(hdev,
5060 HCI_KEEP_DEBUG_KEYS);
4e39ac81 5061
b9710979 5062 if (cp->val == 0x02)
238be788
MH		 5063 use_changed = !hci_dev_test_and_set_flag(hdev,
5064 HCI_USE_DEBUG_KEYS);
b9710979 5065 else
a69d8927
MH		 5066 use_changed = hci_dev_test_and_clear_flag(hdev,
5067 HCI_USE_DEBUG_KEYS);
b9710979
JH		 5068
5069 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 5070 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 5071 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5072 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5073 sizeof(mode), &mode);
5074 }
5075
4e39ac81
MH		 5076 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5077 if (err < 0)
5078 goto unlock;
5079
5080 if (changed)
5081 err = new_settings(hdev, sk);
5082
5083unlock:
5084 hci_dev_unlock(hdev);
5085 return err;
5086}
5087
62b04cd1
JH		 5088static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5089 u16 len)
5090{
5091 struct mgmt_cp_set_privacy *cp = cp_data;
5092 bool changed;
5093 int err;
5094
5095 BT_DBG("request for %s", hdev->name);
5096
5097 if (!lmp_le_capable(hdev))
a69e8375
JH		 5098 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5099 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 5100
5101 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 5102 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5103 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 5104
5105 if (hdev_is_powered(hdev))
a69e8375
JH		 5106 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5107 MGMT_STATUS_REJECTED);
62b04cd1
JH		 5108
5109 hci_dev_lock(hdev);
5110
c21c0ea0
JH		 5111 /* If user space supports this command it is also expected to
5112 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5113 */
a1536da2 5114 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 5115
62b04cd1 5116 if (cp->privacy) {
238be788 5117 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 5118 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 5119 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1 5120 } else {
a69d8927 5121 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 5122 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 5123 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 5124 }
5125
5126 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5127 if (err < 0)
5128 goto unlock;
5129
5130 if (changed)
5131 err = new_settings(hdev, sk);
5132
5133unlock:
5134 hci_dev_unlock(hdev);
5135 return err;
5136}
5137
41edf160
JH		 5138static bool irk_is_valid(struct mgmt_irk_info *irk)
5139{
5140 switch (irk->addr.type) {
5141 case BDADDR_LE_PUBLIC:
5142 return true;
5143
5144 case BDADDR_LE_RANDOM:
5145 /* Two most significant bits shall be set */
5146 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5147 return false;
5148 return true;
5149 }
5150
5151 return false;
5152}
5153
5154static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5155 u16 len)
5156{
5157 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5158 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5159 sizeof(struct mgmt_irk_info));
41edf160
JH		 5160 u16 irk_count, expected_len;
5161 int i, err;
5162
5163 BT_DBG("request for %s", hdev->name);
5164
5165 if (!lmp_le_capable(hdev))
a69e8375
JH		 5166 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5167 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5168
5169 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 5170 if (irk_count > max_irk_count) {
5171 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 5172 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5173 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5174 }
41edf160
JH		 5175
5176 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5177 if (expected_len != len) {
5178 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 5179 expected_len, len);
a69e8375
JH		 5180 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5181 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5182 }
5183
5184 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5185
5186 for (i = 0; i < irk_count; i++) {
5187 struct mgmt_irk_info *key = &cp->irks[i];
5188
5189 if (!irk_is_valid(key))
a69e8375
JH		 5190 return mgmt_cmd_status(sk, hdev->id,
5191 MGMT_OP_LOAD_IRKS,
5192 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5193 }
5194
5195 hci_dev_lock(hdev);
5196
5197 hci_smp_irks_clear(hdev);
5198
5199 for (i = 0; i < irk_count; i++) {
5200 struct mgmt_irk_info *irk = &cp->irks[i];
5201 u8 addr_type;
5202
5203 if (irk->addr.type == BDADDR_LE_PUBLIC)
5204 addr_type = ADDR_LE_DEV_PUBLIC;
5205 else
5206 addr_type = ADDR_LE_DEV_RANDOM;
5207
5208 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5209 BDADDR_ANY);
5210 }
5211
a1536da2 5212 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 5213
2a1afb5a 5214 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5215
5216 hci_dev_unlock(hdev);
5217
5218 return err;
5219}
5220
3f706b72
JH		 5221static bool ltk_is_valid(struct mgmt_ltk_info *key)
5222{
5223 if (key->master != 0x00 && key->master != 0x01)
5224 return false;
490cb0b3
MH		 5225
5226 switch (key->addr.type) {
5227 case BDADDR_LE_PUBLIC:
5228 return true;
5229
5230 case BDADDR_LE_RANDOM:
5231 /* Two most significant bits shall be set */
5232 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5233 return false;
5234 return true;
5235 }
5236
5237 return false;
3f706b72
JH		 5238}
5239
bdb6d971 5240static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5241 void *cp_data, u16 len)
346af67b 5242{
346af67b 5243 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5244 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5245 sizeof(struct mgmt_ltk_info));
346af67b 5246 u16 key_count, expected_len;
715a5bf2 5247 int i, err;
346af67b 5248
cf99ba13
MH		 5249 BT_DBG("request for %s", hdev->name);
5250
5251 if (!lmp_le_capable(hdev))
a69e8375
JH		 5252 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5253 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5254
1f350c87 5255 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5256 if (key_count > max_key_count) {
5257 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 5258 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5259 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5260 }
346af67b
VCG		 5261
5262 expected_len = sizeof(*cp) + key_count *
5263 sizeof(struct mgmt_ltk_info);
5264 if (expected_len != len) {
5265 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5266 expected_len, len);
a69e8375
JH		 5267 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5268 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5269 }
5270
bdb6d971 5271 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5272
54ad6d8a
JH		 5273 for (i = 0; i < key_count; i++) {
5274 struct mgmt_ltk_info *key = &cp->keys[i];
5275
3f706b72 5276 if (!ltk_is_valid(key))
a69e8375
JH		 5277 return mgmt_cmd_status(sk, hdev->id,
5278 MGMT_OP_LOAD_LONG_TERM_KEYS,
5279 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5280 }
5281
346af67b
VCG		 5282 hci_dev_lock(hdev);
5283
5284 hci_smp_ltks_clear(hdev);
5285
5286 for (i = 0; i < key_count; i++) {
5287 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5288 u8 type, addr_type, authenticated;
79d95a19
MH		 5289
5290 if (key->addr.type == BDADDR_LE_PUBLIC)
5291 addr_type = ADDR_LE_DEV_PUBLIC;
5292 else
5293 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5294
61b43357
JH		 5295 switch (key->type) {
5296 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5297 authenticated = 0x00;
23fb8de3 5298 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5299 break;
5300 case MGMT_LTK_AUTHENTICATED:
d7b25450 5301 authenticated = 0x01;
23fb8de3
JH		 5302 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5303 break;
5304 case MGMT_LTK_P256_UNAUTH:
5305 authenticated = 0x00;
5306 type = SMP_LTK_P256;
61b43357 5307 break;
23fb8de3
JH		 5308 case MGMT_LTK_P256_AUTH:
5309 authenticated = 0x01;
5310 type = SMP_LTK_P256;
61b43357 5311 break;
23fb8de3
JH		 5312 case MGMT_LTK_P256_DEBUG:
5313 authenticated = 0x00;
5314 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5315 default:
5316 continue;
5317 }
d7b25450 5318
35d70271 5319 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5320 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5321 key->rand);
346af67b
VCG		 5322 }
5323
2a1afb5a 5324 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5325 NULL, 0);
5326
346af67b 5327 hci_dev_unlock(hdev);
346af67b 5328
715a5bf2 5329 return err;
346af67b
VCG		 5330}
5331
3b0602cd 5332static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5333{
dd983808 5334 struct hci_conn *conn = cmd->user_data;
9981bdb0 5335 struct mgmt_rp_get_conn_info rp;
9df74653 5336 int err;
dd983808 5337
9981bdb0 5338 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5339
9981bdb0 5340 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5341 rp.rssi = conn->rssi;
9981bdb0
JH		 5342 rp.tx_power = conn->tx_power;
5343 rp.max_tx_power = conn->max_tx_power;
5344 } else {
5345 rp.rssi = HCI_RSSI_INVALID;
5346 rp.tx_power = HCI_TX_POWER_INVALID;
5347 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5348 }
5349
2a1afb5a
JH		 5350 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5351 status, &rp, sizeof(rp));
dd983808
AK		 5352
5353 hci_conn_drop(conn);
f8aaf9b6 5354 hci_conn_put(conn);
9df74653
JH		 5355
5356 return err;
dd983808
AK		 5357}
5358
1904a853
MH		 5359static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5360 u16 opcode)
dd983808
AK		 5361{
5362 struct hci_cp_read_rssi *cp;
3b0602cd 5363 struct mgmt_pending_cmd *cmd;
dd983808 5364 struct hci_conn *conn;
dd983808 5365 u16 handle;
9981bdb0 5366 u8 status;
dd983808 5367
9981bdb0 5368 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5369
5370 hci_dev_lock(hdev);
5371
dd983808
AK		 5372 /* Commands sent in request are either Read RSSI or Read Transmit Power
5373 * Level so we check which one was last sent to retrieve connection
5374 * handle. Both commands have handle as first parameter so it's safe to
5375 * cast data on the same command struct.
5376 *
5377 * First command sent is always Read RSSI and we fail only if it fails.
5378 * In other case we simply override error to indicate success as we
5379 * already remembered if TX power value is actually valid.
5380 */
5381 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5382 if (!cp) {
5383 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5384 status = MGMT_STATUS_SUCCESS;
5385 } else {
5386 status = mgmt_status(hci_status);
dd983808
AK		 5387 }
5388
5389 if (!cp) {
9981bdb0 5390 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5391 goto unlock;
5392 }
5393
5394 handle = __le16_to_cpu(cp->handle);
5395 conn = hci_conn_hash_lookup_handle(hdev, handle);
5396 if (!conn) {
9981bdb0 5397 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5398 goto unlock;
5399 }
5400
333ae95d 5401 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
9981bdb0
JH		 5402 if (!cmd)
5403 goto unlock;
dd983808 5404
9981bdb0
JH		 5405 cmd->cmd_complete(cmd, status);
5406 mgmt_pending_remove(cmd);
dd983808
AK		 5407
5408unlock:
5409 hci_dev_unlock(hdev);
5410}
5411
5412static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5413 u16 len)
5414{
5415 struct mgmt_cp_get_conn_info *cp = data;
5416 struct mgmt_rp_get_conn_info rp;
5417 struct hci_conn *conn;
5418 unsigned long conn_info_age;
5419 int err = 0;
5420
5421 BT_DBG("%s", hdev->name);
5422
5423 memset(&rp, 0, sizeof(rp));
5424 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5425 rp.addr.type = cp->addr.type;
5426
5427 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5428 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5429 MGMT_STATUS_INVALID_PARAMS,
5430 &rp, sizeof(rp));
dd983808
AK		 5431
5432 hci_dev_lock(hdev);
5433
5434 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5435 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5436 MGMT_STATUS_NOT_POWERED, &rp,
5437 sizeof(rp));
dd983808
AK		 5438 goto unlock;
5439 }
5440
5441 if (cp->addr.type == BDADDR_BREDR)
5442 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5443 &cp->addr.bdaddr);
5444 else
5445 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5446
5447 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5448 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5449 MGMT_STATUS_NOT_CONNECTED, &rp,
5450 sizeof(rp));
dd983808
AK		 5451 goto unlock;
5452 }
5453
333ae95d 5454 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5455 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5456 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5457 goto unlock;
5458 }
5459
dd983808
AK		 5460 /* To avoid client trying to guess when to poll again for information we
5461 * calculate conn info age as random value between min/max set in hdev.
5462 */
5463 conn_info_age = hdev->conn_info_min_age +
5464 prandom_u32_max(hdev->conn_info_max_age -
5465 hdev->conn_info_min_age);
5466
5467 /* Query controller to refresh cached values if they are too old or were
5468 * never read.
5469 */
f4e2dd53
AK		 5470 if (time_after(jiffies, conn->conn_info_timestamp +
5471 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5472 !conn->conn_info_timestamp) {
5473 struct hci_request req;
5474 struct hci_cp_read_tx_power req_txp_cp;
5475 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5476 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5477
5478 hci_req_init(&req, hdev);
5479 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5480 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5481 &req_rssi_cp);
5482
f7faab0c
AK		 5483 /* For LE links TX power does not change thus we don't need to
5484 * query for it once value is known.
5485 */
5486 if (!bdaddr_type_is_le(cp->addr.type) ||
5487 conn->tx_power == HCI_TX_POWER_INVALID) {
5488 req_txp_cp.handle = cpu_to_le16(conn->handle);
5489 req_txp_cp.type = 0x00;
5490 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5491 sizeof(req_txp_cp), &req_txp_cp);
5492 }
dd983808 5493
eed5daf3
AK		 5494 /* Max TX power needs to be read only once per connection */
5495 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5496 req_txp_cp.handle = cpu_to_le16(conn->handle);
5497 req_txp_cp.type = 0x01;
5498 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5499 sizeof(req_txp_cp), &req_txp_cp);
5500 }
5501
dd983808
AK		 5502 err = hci_req_run(&req, conn_info_refresh_complete);
5503 if (err < 0)
5504 goto unlock;
5505
5506 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5507 data, len);
5508 if (!cmd) {
5509 err = -ENOMEM;
5510 goto unlock;
5511 }
5512
5513 hci_conn_hold(conn);
f8aaf9b6 5514 cmd->user_data = hci_conn_get(conn);
9981bdb0 5515 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5516
5517 conn->conn_info_timestamp = jiffies;
5518 } else {
5519 /* Cache is valid, just reply with values cached in hci_conn */
5520 rp.rssi = conn->rssi;
5521 rp.tx_power = conn->tx_power;
eed5daf3 5522 rp.max_tx_power = conn->max_tx_power;
dd983808 5523
2a1afb5a
JH		 5524 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5525 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5526 }
5527
5528unlock:
5529 hci_dev_unlock(hdev);
5530 return err;
5531}
5532
3b0602cd 5533static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5534{
69487371 5535 struct hci_conn *conn = cmd->user_data;
95868426 5536 struct mgmt_rp_get_clock_info rp;
69487371 5537 struct hci_dev *hdev;
9df74653 5538 int err;
69487371
JH		 5539
5540 memset(&rp, 0, sizeof(rp));
5541 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5542
5543 if (status)
5544 goto complete;
5545
5546 hdev = hci_dev_get(cmd->index);
5547 if (hdev) {
5548 rp.local_clock = cpu_to_le32(hdev->clock);
5549 hci_dev_put(hdev);
5550 }
5551
5552 if (conn) {
5553 rp.piconet_clock = cpu_to_le32(conn->clock);
5554 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5555 }
5556
5557complete:
2a1afb5a
JH		 5558 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5559 sizeof(rp));
69487371
JH		 5560
5561 if (conn) {
5562 hci_conn_drop(conn);
5563 hci_conn_put(conn);
5564 }
9df74653
JH		 5565
5566 return err;
69487371
JH		 5567}
5568
1904a853 5569static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5570{
95868426 5571 struct hci_cp_read_clock *hci_cp;
3b0602cd 5572 struct mgmt_pending_cmd *cmd;
95868426
JH		 5573 struct hci_conn *conn;
5574
5575 BT_DBG("%s status %u", hdev->name, status);
5576
5577 hci_dev_lock(hdev);
5578
5579 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5580 if (!hci_cp)
5581 goto unlock;
5582
5583 if (hci_cp->which) {
5584 u16 handle = __le16_to_cpu(hci_cp->handle);
5585 conn = hci_conn_hash_lookup_handle(hdev, handle);
5586 } else {
5587 conn = NULL;
5588 }
5589
333ae95d 5590 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
95868426
JH		 5591 if (!cmd)
5592 goto unlock;
5593
69487371 5594 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5595 mgmt_pending_remove(cmd);
95868426
JH		 5596
5597unlock:
5598 hci_dev_unlock(hdev);
5599}
5600
5601static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5602 u16 len)
5603{
5604 struct mgmt_cp_get_clock_info *cp = data;
5605 struct mgmt_rp_get_clock_info rp;
5606 struct hci_cp_read_clock hci_cp;
3b0602cd 5607 struct mgmt_pending_cmd *cmd;
95868426
JH		 5608 struct hci_request req;
5609 struct hci_conn *conn;
5610 int err;
5611
5612 BT_DBG("%s", hdev->name);
5613
5614 memset(&rp, 0, sizeof(rp));
5615 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5616 rp.addr.type = cp->addr.type;
5617
5618 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5619 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5620 MGMT_STATUS_INVALID_PARAMS,
5621 &rp, sizeof(rp));
95868426
JH		 5622
5623 hci_dev_lock(hdev);
5624
5625 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5626 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5627 MGMT_STATUS_NOT_POWERED, &rp,
5628 sizeof(rp));
95868426
JH		 5629 goto unlock;
5630 }
5631
5632 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5633 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5634 &cp->addr.bdaddr);
5635 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5636 err = mgmt_cmd_complete(sk, hdev->id,
5637 MGMT_OP_GET_CLOCK_INFO,
5638 MGMT_STATUS_NOT_CONNECTED,
5639 &rp, sizeof(rp));
95868426
JH		 5640 goto unlock;
5641 }
5642 } else {
5643 conn = NULL;
5644 }
5645
5646 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5647 if (!cmd) {
5648 err = -ENOMEM;
5649 goto unlock;
5650 }
5651
69487371
JH		 5652 cmd->cmd_complete = clock_info_cmd_complete;
5653
95868426
JH		 5654 hci_req_init(&req, hdev);
5655
5656 memset(&hci_cp, 0, sizeof(hci_cp));
5657 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5658
5659 if (conn) {
5660 hci_conn_hold(conn);
f8aaf9b6 5661 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5662
5663 hci_cp.handle = cpu_to_le16(conn->handle);
5664 hci_cp.which = 0x01; /* Piconet clock */
5665 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5666 }
5667
5668 err = hci_req_run(&req, get_clock_info_complete);
5669 if (err < 0)
5670 mgmt_pending_remove(cmd);
5671
5672unlock:
5673 hci_dev_unlock(hdev);
5674 return err;
5675}
5676
5a154e6f
JH		 5677static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5678{
5679 struct hci_conn *conn;
5680
5681 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5682 if (!conn)
5683 return false;
5684
5685 if (conn->dst_type != type)
5686 return false;
5687
5688 if (conn->state != BT_CONNECTED)
5689 return false;
5690
5691 return true;
5692}
5693
5694/* This function requires the caller holds hdev->lock */
5695static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5696 u8 addr_type, u8 auto_connect)
5697{
5698 struct hci_dev *hdev = req->hdev;
5699 struct hci_conn_params *params;
5700
5701 params = hci_conn_params_add(hdev, addr, addr_type);
5702 if (!params)
5703 return -EIO;
5704
5705 if (params->auto_connect == auto_connect)
5706 return 0;
5707
5708 list_del_init(&params->action);
5709
5710 switch (auto_connect) {
5711 case HCI_AUTO_CONN_DISABLED:
5712 case HCI_AUTO_CONN_LINK_LOSS:
5713 __hci_update_background_scan(req);
5714 break;
5715 case HCI_AUTO_CONN_REPORT:
5716 list_add(&params->action, &hdev->pend_le_reports);
5717 __hci_update_background_scan(req);
5718 break;
5719 case HCI_AUTO_CONN_DIRECT:
5720 case HCI_AUTO_CONN_ALWAYS:
5721 if (!is_connected(hdev, addr, addr_type)) {
5722 list_add(&params->action, &hdev->pend_le_conns);
5723 __hci_update_background_scan(req);
5724 }
5725 break;
5726 }
5727
5728 params->auto_connect = auto_connect;
5729
5730 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5731 auto_connect);
5732
5733 return 0;
5734}
5735
8afef092
MH		 5736static void device_added(struct sock *sk, struct hci_dev *hdev,
5737 bdaddr_t *bdaddr, u8 type, u8 action)
5738{
5739 struct mgmt_ev_device_added ev;
5740
5741 bacpy(&ev.addr.bdaddr, bdaddr);
5742 ev.addr.type = type;
5743 ev.action = action;
5744
5745 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5746}
5747
1904a853 5748static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5a154e6f 5749{
3b0602cd 5750 struct mgmt_pending_cmd *cmd;
5a154e6f
JH		 5751
5752 BT_DBG("status 0x%02x", status);
5753
5754 hci_dev_lock(hdev);
5755
333ae95d 5756 cmd = pending_find(MGMT_OP_ADD_DEVICE, hdev);
5a154e6f
JH		 5757 if (!cmd)
5758 goto unlock;
5759
5760 cmd->cmd_complete(cmd, mgmt_status(status));
5761 mgmt_pending_remove(cmd);
5762
5763unlock:
5764 hci_dev_unlock(hdev);
5765}
5766
2faade53
MH		 5767static int add_device(struct sock *sk, struct hci_dev *hdev,
5768 void *data, u16 len)
5769{
5770 struct mgmt_cp_add_device *cp = data;
3b0602cd 5771 struct mgmt_pending_cmd *cmd;
5a154e6f 5772 struct hci_request req;
2faade53
MH		 5773 u8 auto_conn, addr_type;
5774 int err;
5775
5776 BT_DBG("%s", hdev->name);
5777
6659358e 5778 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5779 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5780 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5781 MGMT_STATUS_INVALID_PARAMS,
5782 &cp->addr, sizeof(cp->addr));
2faade53 5783
4b9e7e75 5784 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5785 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5786 MGMT_STATUS_INVALID_PARAMS,
5787 &cp->addr, sizeof(cp->addr));
2faade53 5788
5a154e6f
JH		 5789 hci_req_init(&req, hdev);
5790
2faade53
MH		 5791 hci_dev_lock(hdev);
5792
5a154e6f
JH		 5793 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5794 if (!cmd) {
5795 err = -ENOMEM;
5796 goto unlock;
5797 }
5798
5799 cmd->cmd_complete = addr_cmd_complete;
5800
6659358e 5801 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5802 /* Only incoming connections action is supported for now */
6659358e 5803 if (cp->action != 0x01) {
9df74653
JH		 5804 err = cmd->cmd_complete(cmd,
5805 MGMT_STATUS_INVALID_PARAMS);
5a154e6f 5806 mgmt_pending_remove(cmd);
6659358e
JH		 5807 goto unlock;
5808 }
5809
5810 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5811 cp->addr.type);
5812 if (err)
5813 goto unlock;
a397407f 5814
5a154e6f 5815 __hci_update_page_scan(&req);
a397407f 5816
6659358e
JH		 5817 goto added;
5818 }
5819
2faade53
MH		 5820 if (cp->addr.type == BDADDR_LE_PUBLIC)
5821 addr_type = ADDR_LE_DEV_PUBLIC;
5822 else
5823 addr_type = ADDR_LE_DEV_RANDOM;
5824
4b9e7e75 5825 if (cp->action == 0x02)
2faade53 5826 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5827 else if (cp->action == 0x01)
5828 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5829 else
a3451d27 5830 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5831
bf5b3c8b
MH		 5832 /* If the connection parameters don't exist for this device,
5833 * they will be created and configured with defaults.
5834 */
5a154e6f 5835 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
d06b50ce 5836 auto_conn) < 0) {
9df74653 5837 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5a154e6f 5838 mgmt_pending_remove(cmd);
2faade53
MH		 5839 goto unlock;
5840 }
5841
6659358e 5842added:
8afef092
MH		 5843 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5844
5a154e6f
JH		 5845 err = hci_req_run(&req, add_device_complete);
5846 if (err < 0) {
5847 /* ENODATA means no HCI commands were needed (e.g. if
5848 * the adapter is powered off).
5849 */
9df74653
JH		 5850 if (err == -ENODATA)
5851 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5a154e6f
JH		 5852 mgmt_pending_remove(cmd);
5853 }
2faade53
MH		 5854
5855unlock:
5856 hci_dev_unlock(hdev);
5857 return err;
5858}
5859
8afef092
MH		 5860static void device_removed(struct sock *sk, struct hci_dev *hdev,
5861 bdaddr_t *bdaddr, u8 type)
5862{
5863 struct mgmt_ev_device_removed ev;
5864
5865 bacpy(&ev.addr.bdaddr, bdaddr);
5866 ev.addr.type = type;
5867
5868 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5869}
5870
1904a853 5871static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
51ef3ebe 5872{
3b0602cd 5873 struct mgmt_pending_cmd *cmd;
51ef3ebe
JH		 5874
5875 BT_DBG("status 0x%02x", status);
5876
5877 hci_dev_lock(hdev);
5878
333ae95d 5879 cmd = pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
51ef3ebe
JH		 5880 if (!cmd)
5881 goto unlock;
5882
5883 cmd->cmd_complete(cmd, mgmt_status(status));
5884 mgmt_pending_remove(cmd);
5885
5886unlock:
5887 hci_dev_unlock(hdev);
5888}
5889
2faade53
MH		 5890static int remove_device(struct sock *sk, struct hci_dev *hdev,
5891 void *data, u16 len)
5892{
5893 struct mgmt_cp_remove_device *cp = data;
3b0602cd 5894 struct mgmt_pending_cmd *cmd;
51ef3ebe 5895 struct hci_request req;
2faade53
MH		 5896 int err;
5897
5898 BT_DBG("%s", hdev->name);
5899
51ef3ebe
JH		 5900 hci_req_init(&req, hdev);
5901
2faade53
MH		 5902 hci_dev_lock(hdev);
5903
51ef3ebe
JH		 5904 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5905 if (!cmd) {
5906 err = -ENOMEM;
5907 goto unlock;
5908 }
5909
5910 cmd->cmd_complete = addr_cmd_complete;
5911
2faade53 5912 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5913 struct hci_conn_params *params;
2faade53
MH		 5914 u8 addr_type;
5915
6659358e 5916 if (!bdaddr_type_is_valid(cp->addr.type)) {
9df74653
JH		 5917 err = cmd->cmd_complete(cmd,
5918 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5919 mgmt_pending_remove(cmd);
2faade53
MH		 5920 goto unlock;
5921 }
5922
6659358e
JH		 5923 if (cp->addr.type == BDADDR_BREDR) {
5924 err = hci_bdaddr_list_del(&hdev->whitelist,
5925 &cp->addr.bdaddr,
5926 cp->addr.type);
5927 if (err) {
9df74653
JH		 5928 err = cmd->cmd_complete(cmd,
5929 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5930 mgmt_pending_remove(cmd);
6659358e
JH		 5931 goto unlock;
5932 }
5933
51ef3ebe 5934 __hci_update_page_scan(&req);
a397407f 5935
6659358e
JH		 5936 device_removed(sk, hdev, &cp->addr.bdaddr,
5937 cp->addr.type);
5938 goto complete;
5939 }
5940
2faade53
MH		 5941 if (cp->addr.type == BDADDR_LE_PUBLIC)
5942 addr_type = ADDR_LE_DEV_PUBLIC;
5943 else
5944 addr_type = ADDR_LE_DEV_RANDOM;
5945
c71593dd
JH		 5946 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5947 addr_type);
5948 if (!params) {
9df74653
JH		 5949 err = cmd->cmd_complete(cmd,
5950 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5951 mgmt_pending_remove(cmd);
c71593dd
JH		 5952 goto unlock;
5953 }
5954
5955 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
9df74653
JH		 5956 err = cmd->cmd_complete(cmd,
5957 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5958 mgmt_pending_remove(cmd);
c71593dd
JH		 5959 goto unlock;
5960 }
5961
d1dbf12e 5962 list_del(&params->action);
c71593dd
JH		 5963 list_del(&params->list);
5964 kfree(params);
51ef3ebe 5965 __hci_update_background_scan(&req);
8afef092
MH		 5966
5967 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5968 } else {
19de0825 5969 struct hci_conn_params *p, *tmp;
6659358e 5970 struct bdaddr_list *b, *btmp;
19de0825 5971
2faade53 5972 if (cp->addr.type) {
9df74653
JH		 5973 err = cmd->cmd_complete(cmd,
5974 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5975 mgmt_pending_remove(cmd);
2faade53
MH		 5976 goto unlock;
5977 }
5978
6659358e
JH		 5979 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5980 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5981 list_del(&b->list);
5982 kfree(b);
5983 }
5984
51ef3ebe 5985 __hci_update_page_scan(&req);
a397407f 5986
19de0825
JH		 5987 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5988 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5989 continue;
5990 device_removed(sk, hdev, &p->addr, p->addr_type);
5991 list_del(&p->action);
5992 list_del(&p->list);
5993 kfree(p);
5994 }
5995
5996 BT_DBG("All LE connection parameters were removed");
5997
51ef3ebe 5998 __hci_update_background_scan(&req);
2faade53
MH		 5999 }
6000
6659358e 6001complete:
51ef3ebe
JH		 6002 err = hci_req_run(&req, remove_device_complete);
6003 if (err < 0) {
6004 /* ENODATA means no HCI commands were needed (e.g. if
6005 * the adapter is powered off).
6006 */
9df74653
JH		 6007 if (err == -ENODATA)
6008 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
51ef3ebe
JH		 6009 mgmt_pending_remove(cmd);
6010 }
2faade53
MH		 6011
6012unlock:
6013 hci_dev_unlock(hdev);
6014 return err;
6015}
6016
a26f3dcf
JH		 6017static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6018 u16 len)
6019{
6020 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 6021 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6022 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 6023 u16 param_count, expected_len;
6024 int i;
6025
6026 if (!lmp_le_capable(hdev))
a69e8375
JH		 6027 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6028 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 6029
6030 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 6031 if (param_count > max_param_count) {
6032 BT_ERR("load_conn_param: too big param_count value %u",
6033 param_count);
a69e8375
JH		 6034 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6035 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 6036 }
a26f3dcf
JH		 6037
6038 expected_len = sizeof(*cp) + param_count *
6039 sizeof(struct mgmt_conn_param);
6040 if (expected_len != len) {
6041 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6042 expected_len, len);
a69e8375
JH		 6043 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6044 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 6045 }
6046
6047 BT_DBG("%s param_count %u", hdev->name, param_count);
6048
6049 hci_dev_lock(hdev);
6050
6051 hci_conn_params_clear_disabled(hdev);
6052
6053 for (i = 0; i < param_count; i++) {
6054 struct mgmt_conn_param *param = &cp->params[i];
6055 struct hci_conn_params *hci_param;
6056 u16 min, max, latency, timeout;
6057 u8 addr_type;
6058
6059 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
6060 param->addr.type);
6061
6062 if (param->addr.type == BDADDR_LE_PUBLIC) {
6063 addr_type = ADDR_LE_DEV_PUBLIC;
6064 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6065 addr_type = ADDR_LE_DEV_RANDOM;
6066 } else {
6067 BT_ERR("Ignoring invalid connection parameters");
6068 continue;
6069 }
6070
6071 min = le16_to_cpu(param->min_interval);
6072 max = le16_to_cpu(param->max_interval);
6073 latency = le16_to_cpu(param->latency);
6074 timeout = le16_to_cpu(param->timeout);
6075
6076 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6077 min, max, latency, timeout);
6078
6079 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6080 BT_ERR("Ignoring invalid connection parameters");
6081 continue;
6082 }
6083
6084 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
6085 addr_type);
6086 if (!hci_param) {
6087 BT_ERR("Failed to add connection parameters");
6088 continue;
6089 }
6090
6091 hci_param->conn_min_interval = min;
6092 hci_param->conn_max_interval = max;
6093 hci_param->conn_latency = latency;
6094 hci_param->supervision_timeout = timeout;
6095 }
6096
6097 hci_dev_unlock(hdev);
6098
2a1afb5a
JH		 6099 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6100 NULL, 0);
a26f3dcf
JH		 6101}
6102
dbece37a
MH		 6103static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6104 void *data, u16 len)
6105{
6106 struct mgmt_cp_set_external_config *cp = data;
6107 bool changed;
6108 int err;
6109
6110 BT_DBG("%s", hdev->name);
6111
6112 if (hdev_is_powered(hdev))
a69e8375
JH		 6113 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6114 MGMT_STATUS_REJECTED);
dbece37a
MH		 6115
6116 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 6117 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6118 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 6119
6120 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 6121 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6122 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 6123
6124 hci_dev_lock(hdev);
6125
6126 if (cp->config)
238be788 6127 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 6128 else
a69d8927 6129 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 6130
6131 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6132 if (err < 0)
6133 goto unlock;
6134
6135 if (!changed)
6136 goto unlock;
6137
f4537c04
MH		 6138 err = new_options(hdev, sk);
6139
d7a5a11d 6140 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 6141 mgmt_index_removed(hdev);
d603b76b 6142
516018a9 6143 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 6144 hci_dev_set_flag(hdev, HCI_CONFIG);
6145 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 6146
6147 queue_work(hdev->req_workqueue, &hdev->power_on);
6148 } else {
5ea234d3 6149 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6150 mgmt_index_added(hdev);
6151 }
dbece37a
MH		 6152 }
6153
6154unlock:
6155 hci_dev_unlock(hdev);
6156 return err;
6157}
6158
9713c17b
MH		 6159static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6160 void *data, u16 len)
6161{
6162 struct mgmt_cp_set_public_address *cp = data;
6163 bool changed;
6164 int err;
6165
6166 BT_DBG("%s", hdev->name);
6167
6168 if (hdev_is_powered(hdev))
a69e8375
JH		 6169 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6170 MGMT_STATUS_REJECTED);
9713c17b
MH		 6171
6172 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 6173 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6174 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 6175
6176 if (!hdev->set_bdaddr)
a69e8375
JH		 6177 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6178 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 6179
6180 hci_dev_lock(hdev);
6181
6182 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6183 bacpy(&hdev->public_addr, &cp->bdaddr);
6184
6185 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6186 if (err < 0)
6187 goto unlock;
6188
6189 if (!changed)
6190 goto unlock;
6191
d7a5a11d 6192 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 6193 err = new_options(hdev, sk);
6194
6195 if (is_configured(hdev)) {
6196 mgmt_index_removed(hdev);
6197
a358dc11 6198 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 6199
a1536da2
MH		 6200 hci_dev_set_flag(hdev, HCI_CONFIG);
6201 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 6202
6203 queue_work(hdev->req_workqueue, &hdev->power_on);
6204 }
6205
6206unlock:
6207 hci_dev_unlock(hdev);
6208 return err;
6209}
6210
bea41609
MH		 6211static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6212 u8 data_len)
6213{
6214 eir[eir_len++] = sizeof(type) + data_len;
6215 eir[eir_len++] = type;
6216 memcpy(&eir[eir_len], data, data_len);
6217 eir_len += data_len;
6218
6219 return eir_len;
6220}
6221
4f0f155c
MH		 6222static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6223 void *data, u16 data_len)
6224{
6225 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6226 struct mgmt_rp_read_local_oob_ext_data *rp;
6227 size_t rp_len;
6228 u16 eir_len;
0821a2c5 6229 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 6230 int err;
6231
6232 BT_DBG("%s", hdev->name);
6233
6234 if (!hdev_is_powered(hdev))
6235 return mgmt_cmd_complete(sk, hdev->id,
6236 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6237 MGMT_STATUS_NOT_POWERED,
6238 &cp->type, sizeof(cp->type));
6239
6240 switch (cp->type) {
6241 case BIT(BDADDR_BREDR):
6242 status = mgmt_bredr_support(hdev);
6243 if (status)
6244 return mgmt_cmd_complete(sk, hdev->id,
6245 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6246 status, &cp->type,
6247 sizeof(cp->type));
6248 eir_len = 5;
6249 break;
6250 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6251 status = mgmt_le_support(hdev);
6252 if (status)
6253 return mgmt_cmd_complete(sk, hdev->id,
6254 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6255 status, &cp->type,
6256 sizeof(cp->type));
0821a2c5 6257 eir_len = 9 + 3 + 18 + 18 + 3;
4f0f155c
MH		 6258 break;
6259 default:
6260 return mgmt_cmd_complete(sk, hdev->id,
6261 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6262 MGMT_STATUS_INVALID_PARAMS,
6263 &cp->type, sizeof(cp->type));
6264 }
6265
6266 hci_dev_lock(hdev);
6267
6268 rp_len = sizeof(*rp) + eir_len;
6269 rp = kmalloc(rp_len, GFP_ATOMIC);
6270 if (!rp) {
6271 hci_dev_unlock(hdev);
6272 return -ENOMEM;
6273 }
6274
6275 eir_len = 0;
6276 switch (cp->type) {
6277 case BIT(BDADDR_BREDR):
6278 eir_len = eir_append_data(rp->eir, eir_len, EIR_CLASS_OF_DEV,
6279 hdev->dev_class, 3);
6280 break;
6281 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 6282 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6283 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5
MH		 6284 hci_dev_unlock(hdev);
6285 err = mgmt_cmd_complete(sk, hdev->id,
5082a599
MH		 6286 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6287 MGMT_STATUS_FAILED,
6288 &cp->type, sizeof(cp->type));
0821a2c5
MH		 6289 goto done;
6290 }
6291
4f0f155c
MH		 6292 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6293 memcpy(addr, &hdev->rpa, 6);
6294 addr[6] = 0x01;
6295 } else if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6296 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6297 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6298 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6299 memcpy(addr, &hdev->static_addr, 6);
6300 addr[6] = 0x01;
6301 } else {
6302 memcpy(addr, &hdev->bdaddr, 6);
6303 addr[6] = 0x00;
6304 }
6305
6306 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6307 addr, sizeof(addr));
6308
6309 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6310 role = 0x02;
6311 else
6312 role = 0x01;
6313
6314 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6315 &role, sizeof(role));
6316
5082a599
MH		 6317 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6318 eir_len = eir_append_data(rp->eir, eir_len,
6319 EIR_LE_SC_CONFIRM,
6320 hash, sizeof(hash));
0821a2c5 6321
5082a599
MH		 6322 eir_len = eir_append_data(rp->eir, eir_len,
6323 EIR_LE_SC_RANDOM,
6324 rand, sizeof(rand));
6325 }
0821a2c5 6326
4f0f155c
MH		 6327 flags = get_adv_discov_flags(hdev);
6328
6329 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6330 flags |= LE_AD_NO_BREDR;
6331
6332 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6333 &flags, sizeof(flags));
6334 break;
6335 }
6336
6337 rp->type = cp->type;
6338 rp->eir_len = cpu_to_le16(eir_len);
6339
6340 hci_dev_unlock(hdev);
6341
72000df2
MH		 6342 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6343
4f0f155c 6344 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
5425f98e 6345 MGMT_STATUS_SUCCESS, rp, sizeof(*rp) + eir_len);
72000df2
MH		 6346 if (err < 0)
6347 goto done;
6348
6349 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6350 rp, sizeof(*rp) + eir_len,
6351 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 6352
0821a2c5 6353done:
4f0f155c
MH		 6354 kfree(rp);
6355
6356 return err;
6357}
6358
d3d5305b
MH		 6359static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6360 void *data, u16 data_len)
6361{
6362 struct mgmt_rp_read_adv_features *rp;
6363 size_t rp_len;
6364 int err;
24b4f38f 6365 bool instance;
d3d5305b
MH		 6366
6367 BT_DBG("%s", hdev->name);
6368
6369 hci_dev_lock(hdev);
6370
6371 rp_len = sizeof(*rp);
24b4f38f
AU		 6372
6373 /* Currently only one instance is supported, so just add 1 to the
6374 * response length.
6375 */
6376 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
6377 if (instance)
6378 rp_len++;
6379
d3d5305b
MH		 6380 rp = kmalloc(rp_len, GFP_ATOMIC);
6381 if (!rp) {
6382 hci_dev_unlock(hdev);
6383 return -ENOMEM;
6384 }
6385
6386 rp->supported_flags = cpu_to_le32(0);
dc5d82a9
MH		 6387 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6388 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
24b4f38f
AU		 6389 rp->max_instances = 1;
6390
6391 /* Currently only one instance is supported, so simply return the
6392 * current instance number.
6393 */
6394 if (instance) {
6395 rp->num_instances = 1;
6396 rp->instance[0] = 1;
6397 } else {
6398 rp->num_instances = 0;
6399 }
d3d5305b
MH		 6400
6401 hci_dev_unlock(hdev);
6402
6403 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6404 MGMT_STATUS_SUCCESS, rp, rp_len);
6405
6406 kfree(rp);
6407
6408 return err;
6409}
6410
24b4f38f
AU		 6411static bool adv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *adv_data,
6412 u8 adv_data_len)
6413{
6414 u8 max_adv_len = HCI_MAX_AD_LENGTH;
6415 int i, cur_len;
6416
6417 /* TODO: Correctly reduce adv_len based on adv_flags. */
6418
6419 if (adv_data_len > max_adv_len)
6420 return false;
6421
6422 /* Make sure that adv_data is correctly formatted. */
6423 for (i = 0, cur_len = 0; i < adv_data_len; i += (cur_len + 1)) {
6424 cur_len = adv_data[i];
6425
6426 /* If the current field length would exceed the total data
6427 * length, then it's invalid.
6428 */
6429 if (i + cur_len >= adv_data_len)
6430 return false;
6431 }
6432
6433 return true;
6434}
6435
6436static void advertising_added(struct sock *sk, struct hci_dev *hdev,
6437 u8 instance)
6438{
6439 struct mgmt_ev_advertising_added ev;
6440
6441 ev.instance = instance;
6442
6443 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
6444}
6445
6446static void advertising_removed(struct sock *sk, struct hci_dev *hdev,
6447 u8 instance)
6448{
6449 struct mgmt_ev_advertising_removed ev;
6450
6451 ev.instance = instance;
6452
6453 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
6454}
6455
6456static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6457 u16 opcode)
6458{
6459 struct mgmt_pending_cmd *cmd;
6460 struct mgmt_rp_add_advertising rp;
6461
6462 BT_DBG("status %d", status);
6463
6464 hci_dev_lock(hdev);
6465
6466 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6467
6468 if (status) {
6469 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
6470 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
6471 advertising_removed(cmd ? cmd->sk : NULL, hdev, 1);
6472 }
6473
6474 if (!cmd)
6475 goto unlock;
6476
6477 rp.instance = 0x01;
6478
6479 if (status)
6480 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6481 mgmt_status(status));
6482 else
6483 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6484 mgmt_status(status), &rp, sizeof(rp));
6485
6486 mgmt_pending_remove(cmd);
6487
6488unlock:
6489 hci_dev_unlock(hdev);
6490}
6491
6492static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6493 void *data, u16 data_len)
6494{
6495 struct mgmt_cp_add_advertising *cp = data;
6496 struct mgmt_rp_add_advertising rp;
6497 u32 flags;
6498 u8 status;
6499 int err;
6500 struct mgmt_pending_cmd *cmd;
6501 struct hci_request req;
6502
6503 BT_DBG("%s", hdev->name);
6504
6505 status = mgmt_le_support(hdev);
6506 if (status)
6507 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6508 status);
6509
6510 flags = __le32_to_cpu(cp->flags);
6511
6512 /* The current implementation only supports adding one instance and
6513 * doesn't support flags.
6514 */
6515 if (cp->instance != 0x01 || flags)
6516 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6517 MGMT_STATUS_INVALID_PARAMS);
6518
6519 hci_dev_lock(hdev);
6520
6521 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
da929335 6522 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
24b4f38f
AU		 6523 pending_find(MGMT_OP_SET_LE, hdev)) {
6524 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6525 MGMT_STATUS_BUSY);
6526 goto unlock;
6527 }
6528
6529 if (!adv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len)) {
6530 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6531 MGMT_STATUS_INVALID_PARAMS);
6532 goto unlock;
6533 }
6534
6535 hdev->adv_instance.flags = flags;
6536 hdev->adv_instance.adv_data_len = cp->adv_data_len;
6537 hdev->adv_instance.scan_rsp_len = cp->scan_rsp_len;
6538
6539 if (cp->adv_data_len)
6540 memcpy(hdev->adv_instance.adv_data, cp->data, cp->adv_data_len);
6541
6542 if (cp->scan_rsp_len)
6543 memcpy(hdev->adv_instance.scan_rsp_data,
6544 cp->data + cp->adv_data_len, cp->scan_rsp_len);
6545
6546 if (!hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING_INSTANCE))
6547 advertising_added(sk, hdev, 1);
6548
6549 /* If the HCI_ADVERTISING flag is set or the device isn't powered then
6550 * we have no HCI communication to make. Simply return.
6551 */
6552 if (!hdev_is_powered(hdev) ||
6553 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6554 rp.instance = 0x01;
6555 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6556 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6557 goto unlock;
6558 }
6559
6560 /* We're good to go, update advertising data, parameters, and start
6561 * advertising.
6562 */
6563 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6564 data_len);
6565 if (!cmd) {
6566 err = -ENOMEM;
6567 goto unlock;
6568 }
6569
6570 hci_req_init(&req, hdev);
6571
6572 update_adv_data(&req);
6573 enable_advertising(&req);
6574
6575 err = hci_req_run(&req, add_advertising_complete);
6576 if (err < 0)
6577 mgmt_pending_remove(cmd);
6578
6579unlock:
6580 hci_dev_unlock(hdev);
6581
6582 return err;
6583}
6584
da929335
AU		 6585static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6586 u16 opcode)
6587{
6588 struct mgmt_pending_cmd *cmd;
6589 struct mgmt_rp_remove_advertising rp;
6590
6591 BT_DBG("status %d", status);
6592
6593 hci_dev_lock(hdev);
6594
6595 /* A failure status here only means that we failed to disable
6596 * advertising. Otherwise, the advertising instance has been removed,
6597 * so report success.
6598 */
6599 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6600 if (!cmd)
6601 goto unlock;
6602
6603 rp.instance = 1;
6604
6605 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6606 &rp, sizeof(rp));
6607 mgmt_pending_remove(cmd);
6608
6609unlock:
6610 hci_dev_unlock(hdev);
6611}
6612
6613static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6614 void *data, u16 data_len)
6615{
6616 struct mgmt_cp_remove_advertising *cp = data;
6617 struct mgmt_rp_remove_advertising rp;
6618 int err;
6619 struct mgmt_pending_cmd *cmd;
6620 struct hci_request req;
6621
6622 BT_DBG("%s", hdev->name);
6623
6624 /* The current implementation only allows modifying instance no 1. A
6625 * value of 0 indicates that all instances should be cleared.
6626 */
6627 if (cp->instance > 1)
6628 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6629 MGMT_STATUS_INVALID_PARAMS);
6630
6631 hci_dev_lock(hdev);
6632
6633 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6634 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6635 pending_find(MGMT_OP_SET_LE, hdev)) {
6636 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6637 MGMT_STATUS_BUSY);
6638 goto unlock;
6639 }
6640
6641 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
6642 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6643 MGMT_STATUS_INVALID_PARAMS);
6644 goto unlock;
6645 }
6646
6647 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
6648
6649 advertising_removed(sk, hdev, 1);
6650
6651 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
6652
6653 /* If the HCI_ADVERTISING flag is set or the device isn't powered then
6654 * we have no HCI communication to make. Simply return.
6655 */
6656 if (!hdev_is_powered(hdev) ||
6657 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6658 rp.instance = 1;
6659 err = mgmt_cmd_complete(sk, hdev->id,
6660 MGMT_OP_REMOVE_ADVERTISING,
6661 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6662 goto unlock;
6663 }
6664
6665 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6666 data_len);
6667 if (!cmd) {
6668 err = -ENOMEM;
6669 goto unlock;
6670 }
6671
6672 hci_req_init(&req, hdev);
6673 disable_advertising(&req);
6674
6675 err = hci_req_run(&req, remove_advertising_complete);
6676 if (err < 0)
6677 mgmt_pending_remove(cmd);
6678
6679unlock:
6680 hci_dev_unlock(hdev);
6681
6682 return err;
6683}
6684
6d785aa3 6685static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6686 { NULL }, /* 0x0000 (no command) */
b9a245fb 6687 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 6688 HCI_MGMT_NO_HDEV |
6689 HCI_MGMT_UNTRUSTED },
b9a245fb 6690 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 6691 HCI_MGMT_NO_HDEV |
6692 HCI_MGMT_UNTRUSTED },
b9a245fb 6693 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 6694 HCI_MGMT_NO_HDEV |
6695 HCI_MGMT_UNTRUSTED },
6696 { read_controller_info, MGMT_READ_INFO_SIZE,
6697 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 6698 { set_powered, MGMT_SETTING_SIZE },
6699 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6700 { set_connectable, MGMT_SETTING_SIZE },
6701 { set_fast_connectable, MGMT_SETTING_SIZE },
6702 { set_bondable, MGMT_SETTING_SIZE },
6703 { set_link_security, MGMT_SETTING_SIZE },
6704 { set_ssp, MGMT_SETTING_SIZE },
6705 { set_hs, MGMT_SETTING_SIZE },
6706 { set_le, MGMT_SETTING_SIZE },
6707 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6708 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6709 { add_uuid, MGMT_ADD_UUID_SIZE },
6710 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 6711 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6712 HCI_MGMT_VAR_LEN },
6713 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6714 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6715 { disconnect, MGMT_DISCONNECT_SIZE },
6716 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6717 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6718 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6719 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6720 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6721 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6722 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6723 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6724 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6725 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6726 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 6727 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6728 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6729 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6730 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6731 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6732 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6733 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6734 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6735 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6736 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6737 { set_advertising, MGMT_SETTING_SIZE },
6738 { set_bredr, MGMT_SETTING_SIZE },
6739 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6740 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6741 { set_secure_conn, MGMT_SETTING_SIZE },
6742 { set_debug_keys, MGMT_SETTING_SIZE },
6743 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 6744 { load_irks, MGMT_LOAD_IRKS_SIZE,
6745 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6746 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6747 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6748 { add_device, MGMT_ADD_DEVICE_SIZE },
6749 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 6750 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6751 HCI_MGMT_VAR_LEN },
6752 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 6753 HCI_MGMT_NO_HDEV |
6754 HCI_MGMT_UNTRUSTED },
b9a245fb 6755 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 6756 HCI_MGMT_UNCONFIGURED |
6757 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 6758 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6759 HCI_MGMT_UNCONFIGURED },
6760 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6761 HCI_MGMT_UNCONFIGURED },
6762 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6763 HCI_MGMT_VAR_LEN },
4f0f155c 6764 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 6765 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 6766 HCI_MGMT_NO_HDEV |
6767 HCI_MGMT_UNTRUSTED },
d3d5305b 6768 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 6769 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6770 HCI_MGMT_VAR_LEN },
da929335 6771 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
0f4e68cf
JH		 6772};
6773
bf6b56db 6774void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6775{
ced85549 6776 struct mgmt_ev_ext_index ev;
bb4b2a9a 6777
0602a8ad
MH		 6778 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6779 return;
6780
f9207338
MH		 6781 switch (hdev->dev_type) {
6782 case HCI_BREDR:
6783 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6784 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6785 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6786 ev.type = 0x01;
f9207338
MH		 6787 } else {
6788 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6789 HCI_MGMT_INDEX_EVENTS);
ced85549 6790 ev.type = 0x00;
f9207338
MH		 6791 }
6792 break;
ced85549
MH		 6793 case HCI_AMP:
6794 ev.type = 0x02;
6795 break;
6796 default:
6797 return;
f9207338 6798 }
ced85549
MH		 6799
6800 ev.bus = hdev->bus;
6801
6802 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6803 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 6804}
6805
bf6b56db 6806void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6807{
ced85549 6808 struct mgmt_ev_ext_index ev;
5f159032 6809 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6810
0602a8ad
MH		 6811 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6812 return;
6813
f9207338
MH		 6814 switch (hdev->dev_type) {
6815 case HCI_BREDR:
6816 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6817
f9207338
MH		 6818 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6819 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6820 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6821 ev.type = 0x01;
f9207338
MH		 6822 } else {
6823 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6824 HCI_MGMT_INDEX_EVENTS);
ced85549 6825 ev.type = 0x00;
f9207338
MH		 6826 }
6827 break;
ced85549
MH		 6828 case HCI_AMP:
6829 ev.type = 0x02;
6830 break;
6831 default:
6832 return;
f9207338 6833 }
ced85549
MH		 6834
6835 ev.bus = hdev->bus;
6836
6837 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6838 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 6839}
6840
6046dc3e 6841/* This function requires the caller holds hdev->lock */
2cf22218 6842static void restart_le_actions(struct hci_request *req)
6046dc3e 6843{
2cf22218 6844 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 6845 struct hci_conn_params *p;
6846
6847 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6848 /* Needed for AUTO_OFF case where might not "really"
6849 * have been powered off.
6850 */
6851 list_del_init(&p->action);
6852
6853 switch (p->auto_connect) {
4b9e7e75 6854 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6855 case HCI_AUTO_CONN_ALWAYS:
6856 list_add(&p->action, &hdev->pend_le_conns);
6857 break;
6858 case HCI_AUTO_CONN_REPORT:
6859 list_add(&p->action, &hdev->pend_le_reports);
6860 break;
6861 default:
6862 break;
c83ed19d 6863 }
6046dc3e 6864 }
c83ed19d 6865
2cf22218 6866 __hci_update_background_scan(req);
6046dc3e
AG		 6867}
6868
1904a853 6869static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 6870{
6871 struct cmd_lookup match = { NULL, hdev };
6872
6873 BT_DBG("status 0x%02x", status);
6874
162a3bac
MH		 6875 if (!status) {
6876 /* Register the available SMP channels (BR/EDR and LE) only
6877 * when successfully powering on the controller. This late
6878 * registration is required so that LE SMP can clearly
6879 * decide if the public address or static address is used.
6880 */
6881 smp_register(hdev);
6882 }
6883
229ab39c
JH		 6884 hci_dev_lock(hdev);
6885
6886 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6887
6888 new_settings(hdev, match.sk);
6889
6890 hci_dev_unlock(hdev);
6891
6892 if (match.sk)
6893 sock_put(match.sk);
6894}
6895
70da6243 6896static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6897{
890ea898 6898 struct hci_request req;
70da6243 6899 u8 link_sec;
5add6af8 6900
890ea898
JH		 6901 hci_req_init(&req, hdev);
6902
d7a5a11d 6903 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
70da6243 6904 !lmp_host_ssp_capable(hdev)) {
574ea3c7 6905 u8 mode = 0x01;
5e5282bb 6906
574ea3c7
MH		 6907 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6908
6909 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6910 u8 support = 0x01;
5add6af8 6911
574ea3c7
MH		 6912 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6913 sizeof(support), &support);
6914 }
ec6f99b8
JH		 6915 }
6916
d7a5a11d 6917 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
c73eee91 6918 lmp_bredr_capable(hdev)) {
70da6243 6919 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6920
32226e4f
MH		 6921 cp.le = 0x01;
6922 cp.simul = 0x00;
3d1cbdd6 6923
70da6243
JH		 6924 /* Check first if we already have the right
6925 * host state (host features set)
6926 */
6927 if (cp.le != lmp_host_le_capable(hdev) ||
6928 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6929 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6930 sizeof(cp), &cp);
70da6243 6931 }
3d1cbdd6 6932
d13eafce 6933 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6934 /* Make sure the controller has a good default for
6935 * advertising data. This also applies to the case
6936 * where BR/EDR was toggled during the AUTO_OFF phase.
6937 */
d7a5a11d 6938 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
5947f4bc 6939 update_adv_data(&req);
f14d8f64
MH		 6940 update_scan_rsp_data(&req);
6941 }
441ad2d0 6942
24b4f38f
AU		 6943 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6944 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
bba3aa55 6945 enable_advertising(&req);
2cf22218
JH		 6946
6947 restart_le_actions(&req);
eeca6f89
JH		 6948 }
6949
d7a5a11d 6950 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
70da6243 6951 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6952 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6953 sizeof(link_sec), &link_sec);
562fcc24 6954
70da6243 6955 if (lmp_bredr_capable(hdev)) {
d7a5a11d 6956 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
406ef2a6
JH		 6957 write_fast_connectable(&req, true);
6958 else
6959 write_fast_connectable(&req, false);
1d2dc5b7 6960 __hci_update_page_scan(&req);
890ea898 6961 update_class(&req);
13928971 6962 update_name(&req);
890ea898 6963 update_eir(&req);
70da6243 6964 }
562fcc24 6965
229ab39c 6966 return hci_req_run(&req, powered_complete);
70da6243 6967}
562fcc24 6968
70da6243
JH		 6969int mgmt_powered(struct hci_dev *hdev, u8 powered)
6970{
6971 struct cmd_lookup match = { NULL, hdev };
9845904f 6972 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6973 int err;
f0ff92fb 6974
d7a5a11d 6975 if (!hci_dev_test_flag(hdev, HCI_MGMT))
70da6243
JH		 6976 return 0;
6977
70da6243 6978 if (powered) {
229ab39c
JH		 6979 if (powered_update_hci(hdev) == 0)
6980 return 0;
fe038884 6981
229ab39c
JH		 6982 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6983 &match);
6984 goto new_settings;
b24752fe
JH		 6985 }
6986
229ab39c 6987 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6988
6989 /* If the power off is because of hdev unregistration let
6990 * use the appropriate INVALID_INDEX status. Otherwise use
6991 * NOT_POWERED. We cover both scenarios here since later in
6992 * mgmt_index_removed() any hci_conn callbacks will have already
6993 * been triggered, potentially causing misleading DISCONNECTED
6994 * status responses.
6995 */
d7a5a11d 6996 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 6997 status = MGMT_STATUS_INVALID_INDEX;
6998 else
6999 status = MGMT_STATUS_NOT_POWERED;
7000
7001 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 7002
7003 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
f6b7712e
MH		 7004 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7005 zero_cod, sizeof(zero_cod), NULL);
229ab39c
JH		 7006
7007new_settings:
beadb2bd 7008 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 7009
7010 if (match.sk)
7011 sock_put(match.sk);
7012
7bb895d6 7013 return err;
5add6af8 7014}
73f22f62 7015
3eec705e 7016void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 7017{
3b0602cd 7018 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 7019 u8 status;
7020
333ae95d 7021 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 7022 if (!cmd)
3eec705e 7023 return;
96570ffc
JH		 7024
7025 if (err == -ERFKILL)
7026 status = MGMT_STATUS_RFKILLED;
7027 else
7028 status = MGMT_STATUS_FAILED;
7029
a69e8375 7030 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 7031
7032 mgmt_pending_remove(cmd);
96570ffc
JH		 7033}
7034
d1967ff8
MH		 7035void mgmt_discoverable_timeout(struct hci_dev *hdev)
7036{
7037 struct hci_request req;
d1967ff8
MH		 7038
7039 hci_dev_lock(hdev);
7040
7041 /* When discoverable timeout triggers, then just make sure
7042 * the limited discoverable flag is cleared. Even in the case
7043 * of a timeout triggered from general discoverable, it is
7044 * safe to unconditionally clear the flag.
7045 */
a358dc11
MH		 7046 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
7047 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
d1967ff8
MH		 7048
7049 hci_req_init(&req, hdev);
d7a5a11d 7050 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4b580614
JH		 7051 u8 scan = SCAN_PAGE;
7052 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
7053 sizeof(scan), &scan);
7054 }
d1967ff8 7055 update_class(&req);
24b4f38f
AU		 7056
7057 /* Advertising instances don't use the global discoverable setting, so
7058 * only update AD if advertising was enabled using Set Advertising.
7059 */
7060 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7061 update_adv_data(&req);
7062
d1967ff8
MH		 7063 hci_req_run(&req, NULL);
7064
7065 hdev->discov_timeout = 0;
7066
9a43e25f
JH		 7067 new_settings(hdev, NULL);
7068
d1967ff8
MH		 7069 hci_dev_unlock(hdev);
7070}
7071
dc4a5ee2
MH		 7072void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7073 bool persistent)
55ed8ca1 7074{
86742e1e 7075 struct mgmt_ev_new_link_key ev;
55ed8ca1 7076
a492cd52 7077 memset(&ev, 0, sizeof(ev));
55ed8ca1 7078
a492cd52 7079 ev.store_hint = persistent;
d753fdc4 7080 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 7081 ev.key.addr.type = BDADDR_BREDR;
a492cd52 7082 ev.key.type = key->type;
9b3b4460 7083 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 7084 ev.key.pin_len = key->pin_len;
55ed8ca1 7085
dc4a5ee2 7086 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 7087}
f7520543 7088
d7b25450
JH		 7089static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7090{
23fb8de3
JH		 7091 switch (ltk->type) {
7092 case SMP_LTK:
7093 case SMP_LTK_SLAVE:
7094 if (ltk->authenticated)
7095 return MGMT_LTK_AUTHENTICATED;
7096 return MGMT_LTK_UNAUTHENTICATED;
7097 case SMP_LTK_P256:
7098 if (ltk->authenticated)
7099 return MGMT_LTK_P256_AUTH;
7100 return MGMT_LTK_P256_UNAUTH;
7101 case SMP_LTK_P256_DEBUG:
7102 return MGMT_LTK_P256_DEBUG;
7103 }
d7b25450
JH		 7104
7105 return MGMT_LTK_UNAUTHENTICATED;
7106}
7107
53ac6ab6 7108void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 7109{
7110 struct mgmt_ev_new_long_term_key ev;
7111
7112 memset(&ev, 0, sizeof(ev));
7113
5192d301
MH		 7114 /* Devices using resolvable or non-resolvable random addresses
7115 * without providing an indentity resolving key don't require
7116 * to store long term keys. Their addresses will change the
7117 * next time around.
7118 *
7119 * Only when a remote device provides an identity address
7120 * make sure the long term key is stored. If the remote
7121 * identity is known, the long term keys are internally
7122 * mapped to the identity address. So allow static random
7123 * and public addresses here.
7124 */
ba74b666
JH		 7125 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7126 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7127 ev.store_hint = 0x00;
7128 else
53ac6ab6 7129 ev.store_hint = persistent;
ba74b666 7130
346af67b 7131 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 7132 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 7133 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 7134 ev.key.enc_size = key->enc_size;
7135 ev.key.ediv = key->ediv;
fe39c7b2 7136 ev.key.rand = key->rand;
346af67b 7137
2ceba539 7138 if (key->type == SMP_LTK)
346af67b
VCG		 7139 ev.key.master = 1;
7140
346af67b
VCG		 7141 memcpy(ev.key.val, key->val, sizeof(key->val));
7142
083368f7 7143 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 7144}
7145
95fbac8a
JH		 7146void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
7147{
7148 struct mgmt_ev_new_irk ev;
7149
7150 memset(&ev, 0, sizeof(ev));
7151
bab6d1e5
MH		 7152 /* For identity resolving keys from devices that are already
7153 * using a public address or static random address, do not
7154 * ask for storing this key. The identity resolving key really
7155 * is only mandatory for devices using resovlable random
7156 * addresses.
7157 *
7158 * Storing all identity resolving keys has the downside that
7159 * they will be also loaded on next boot of they system. More
7160 * identity resolving keys, means more time during scanning is
7161 * needed to actually resolve these addresses.
7162 */
7163 if (bacmp(&irk->rpa, BDADDR_ANY))
7164 ev.store_hint = 0x01;
7165 else
7166 ev.store_hint = 0x00;
7167
95fbac8a
JH		 7168 bacpy(&ev.rpa, &irk->rpa);
7169 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7170 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7171 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7172
7173 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7174}
7175
53ac6ab6
MH		 7176void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7177 bool persistent)
7ee4ea36
MH		 7178{
7179 struct mgmt_ev_new_csrk ev;
7180
7181 memset(&ev, 0, sizeof(ev));
7182
7183 /* Devices using resolvable or non-resolvable random addresses
7184 * without providing an indentity resolving key don't require
7185 * to store signature resolving keys. Their addresses will change
7186 * the next time around.
7187 *
7188 * Only when a remote device provides an identity address
7189 * make sure the signature resolving key is stored. So allow
7190 * static random and public addresses here.
7191 */
7192 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7193 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7194 ev.store_hint = 0x00;
7195 else
53ac6ab6 7196 ev.store_hint = persistent;
7ee4ea36
MH		 7197
7198 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7199 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 7200 ev.key.type = csrk->type;
7ee4ea36
MH		 7201 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7202
7203 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7204}
7205
ffb5a827 7206void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 7207 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7208 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 7209{
7210 struct mgmt_ev_new_conn_param ev;
7211
c103aea6
JH		 7212 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7213 return;
7214
ffb5a827
AG		 7215 memset(&ev, 0, sizeof(ev));
7216 bacpy(&ev.addr.bdaddr, bdaddr);
7217 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 7218 ev.store_hint = store_hint;
ffb5a827
AG		 7219 ev.min_interval = cpu_to_le16(min_interval);
7220 ev.max_interval = cpu_to_le16(max_interval);
7221 ev.latency = cpu_to_le16(latency);
7222 ev.timeout = cpu_to_le16(timeout);
7223
7224 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7225}
7226
48ec92fa
AA		 7227void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7228 u32 flags, u8 *name, u8 name_len)
f7520543 7229{
b644ba33
JH		 7230 char buf[512];
7231 struct mgmt_ev_device_connected *ev = (void *) buf;
7232 u16 eir_len = 0;
f7520543 7233
48ec92fa
AA		 7234 bacpy(&ev->addr.bdaddr, &conn->dst);
7235 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 7236
c95f0ba7 7237 ev->flags = __cpu_to_le32(flags);
08c79b61 7238
fd45ada9
AA		 7239 /* We must ensure that the EIR Data fields are ordered and
7240 * unique. Keep it simple for now and avoid the problem by not
7241 * adding any BR/EDR data to the LE adv.
7242 */
7243 if (conn->le_adv_data_len > 0) {
7244 memcpy(&ev->eir[eir_len],
7245 conn->le_adv_data, conn->le_adv_data_len);
7246 eir_len = conn->le_adv_data_len;
7247 } else {
7248 if (name_len > 0)
7249 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7250 name, name_len);
b644ba33 7251
ddbea5cf 7252 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 7253 eir_len = eir_append_data(ev->eir, eir_len,
7254 EIR_CLASS_OF_DEV,
7255 conn->dev_class, 3);
7256 }
b644ba33 7257
eb55ef07 7258 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 7259
ecd90ae7
MH		 7260 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7261 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 7262}
7263
3b0602cd 7264static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 7265{
8962ee74 7266 struct sock **sk = data;
8962ee74 7267
f5818c22 7268 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 7269
7270 *sk = cmd->sk;
7271 sock_hold(*sk);
7272
a664b5bc 7273 mgmt_pending_remove(cmd);
8962ee74
JH		 7274}
7275
3b0602cd 7276static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 7277{
b1078ad0 7278 struct hci_dev *hdev = data;
124f6e35 7279 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 7280
b1078ad0
JH		 7281 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7282
d8b7b1e4 7283 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 7284 mgmt_pending_remove(cmd);
7285}
7286
84c61d92
JH		 7287bool mgmt_powering_down(struct hci_dev *hdev)
7288{
3b0602cd 7289 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 7290 struct mgmt_mode *cp;
7291
333ae95d 7292 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 7293 if (!cmd)
7294 return false;
7295
7296 cp = cmd->param;
7297 if (!cp->val)
7298 return true;
7299
7300 return false;
7301}
7302
9b80ec5e 7303void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 7304 u8 link_type, u8 addr_type, u8 reason,
7305 bool mgmt_connected)
f7520543 7306{
f0d6a0ea 7307 struct mgmt_ev_device_disconnected ev;
8962ee74 7308 struct sock *sk = NULL;
8962ee74 7309
84c61d92
JH		 7310 /* The connection is still in hci_conn_hash so test for 1
7311 * instead of 0 to know if this is the last one.
7312 */
7313 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7314 cancel_delayed_work(&hdev->power_off);
7315 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 7316 }
7317
12d4a3b2
JH		 7318 if (!mgmt_connected)
7319 return;
7320
57eb776f
AG		 7321 if (link_type != ACL_LINK && link_type != LE_LINK)
7322 return;
7323
744cf19e 7324 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 7325
f0d6a0ea
MA		 7326 bacpy(&ev.addr.bdaddr, bdaddr);
7327 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7328 ev.reason = reason;
f7520543 7329
9b80ec5e 7330 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 7331
7332 if (sk)
d97dcb66 7333 sock_put(sk);
8962ee74 7334
124f6e35 7335 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 7336 hdev);
8962ee74
JH		 7337}
7338
7892924c
MH		 7339void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7340 u8 link_type, u8 addr_type, u8 status)
8962ee74 7341{
3655bba8
AG		 7342 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7343 struct mgmt_cp_disconnect *cp;
3b0602cd 7344 struct mgmt_pending_cmd *cmd;
8962ee74 7345
36a75f1b
JD		 7346 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7347 hdev);
7348
333ae95d 7349 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 7350 if (!cmd)
7892924c 7351 return;
8962ee74 7352
3655bba8
AG		 7353 cp = cmd->param;
7354
7355 if (bacmp(bdaddr, &cp->addr.bdaddr))
7356 return;
7357
7358 if (cp->addr.type != bdaddr_type)
7359 return;
7360
f5818c22 7361 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7362 mgmt_pending_remove(cmd);
f7520543 7363}
17d5c04c 7364
445608d0
MH		 7365void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7366 u8 addr_type, u8 status)
17d5c04c
JH		 7367{
7368 struct mgmt_ev_connect_failed ev;
c9910d0f 7369
84c61d92
JH		 7370 /* The connection is still in hci_conn_hash so test for 1
7371 * instead of 0 to know if this is the last one.
7372 */
7373 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7374 cancel_delayed_work(&hdev->power_off);
7375 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 7376 }
17d5c04c 7377
4c659c39 7378 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7379 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 7380 ev.status = mgmt_status(status);
17d5c04c 7381
445608d0 7382 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 7383}
980e1a53 7384
ce0e4a0d 7385void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 7386{
7387 struct mgmt_ev_pin_code_request ev;
7388
d8457698 7389 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 7390 ev.addr.type = BDADDR_BREDR;
a770bb5a 7391 ev.secure = secure;
980e1a53 7392
ce0e4a0d 7393 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 7394}
7395
e669cf80
MH		 7396void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7397 u8 status)
980e1a53 7398{
3b0602cd 7399 struct mgmt_pending_cmd *cmd;
980e1a53 7400
333ae95d 7401 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 7402 if (!cmd)
e669cf80 7403 return;
980e1a53 7404
7776d1d8 7405 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7406 mgmt_pending_remove(cmd);
980e1a53
JH		 7407}
7408
3eb38528
MH		 7409void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7410 u8 status)
980e1a53 7411{
3b0602cd 7412 struct mgmt_pending_cmd *cmd;
980e1a53 7413
333ae95d 7414 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 7415 if (!cmd)
3eb38528 7416 return;
980e1a53 7417
7776d1d8 7418 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7419 mgmt_pending_remove(cmd);
980e1a53 7420}
a5c29683 7421
744cf19e 7422int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 7423 u8 link_type, u8 addr_type, u32 value,
04124681 7424 u8 confirm_hint)
a5c29683
JH		 7425{
7426 struct mgmt_ev_user_confirm_request ev;
7427
744cf19e 7428 BT_DBG("%s", hdev->name);
a5c29683 7429
272d90df 7430 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7431 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 7432 ev.confirm_hint = confirm_hint;
39adbffe 7433 ev.value = cpu_to_le32(value);
a5c29683 7434
744cf19e 7435 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 7436 NULL);
a5c29683
JH		 7437}
7438
272d90df 7439int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7440 u8 link_type, u8 addr_type)
604086b7
BG		 7441{
7442 struct mgmt_ev_user_passkey_request ev;
7443
7444 BT_DBG("%s", hdev->name);
7445
272d90df 7446 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7447 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7448
7449 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7450 NULL);
604086b7
BG		 7451}
7452
0df4c185 7453static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7454 u8 link_type, u8 addr_type, u8 status,
7455 u8 opcode)
a5c29683 7456{
3b0602cd 7457 struct mgmt_pending_cmd *cmd;
a5c29683 7458
333ae95d 7459 cmd = pending_find(opcode, hdev);
a5c29683
JH		 7460 if (!cmd)
7461 return -ENOENT;
7462
7776d1d8 7463 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7464 mgmt_pending_remove(cmd);
a5c29683 7465
7776d1d8 7466 return 0;
a5c29683
JH		 7467}
7468
744cf19e 7469int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7470 u8 link_type, u8 addr_type, u8 status)
a5c29683 7471{
272d90df 7472 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7473 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7474}
7475
272d90df 7476int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7477 u8 link_type, u8 addr_type, u8 status)
a5c29683 7478{
272d90df 7479 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7480 status,
7481 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7482}
2a611692 7483
604086b7 7484int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7485 u8 link_type, u8 addr_type, u8 status)
604086b7 7486{
272d90df 7487 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7488 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7489}
7490
272d90df 7491int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7492 u8 link_type, u8 addr_type, u8 status)
604086b7 7493{
272d90df 7494 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7495 status,
7496 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7497}
7498
92a25256
JH		 7499int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7500 u8 link_type, u8 addr_type, u32 passkey,
7501 u8 entered)
7502{
7503 struct mgmt_ev_passkey_notify ev;
7504
7505 BT_DBG("%s", hdev->name);
7506
7507 bacpy(&ev.addr.bdaddr, bdaddr);
7508 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7509 ev.passkey = __cpu_to_le32(passkey);
7510 ev.entered = entered;
7511
7512 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7513}
7514
e1e930f5 7515void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7516{
7517 struct mgmt_ev_auth_failed ev;
3b0602cd 7518 struct mgmt_pending_cmd *cmd;
e1e930f5 7519 u8 status = mgmt_status(hci_status);
2a611692 7520
e1e930f5
JH		 7521 bacpy(&ev.addr.bdaddr, &conn->dst);
7522 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7523 ev.status = status;
2a611692 7524
e1e930f5
JH		 7525 cmd = find_pairing(conn);
7526
7527 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7528 cmd ? cmd->sk : NULL);
7529
a511b35b
JH		 7530 if (cmd) {
7531 cmd->cmd_complete(cmd, status);
7532 mgmt_pending_remove(cmd);
7533 }
2a611692 7534}
b312b161 7535
464996ae 7536void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7537{
7538 struct cmd_lookup match = { NULL, hdev };
464996ae 7539 bool changed;
33ef95ed
JH		 7540
7541 if (status) {
7542 u8 mgmt_err = mgmt_status(status);
7543 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7544 cmd_status_rsp, &mgmt_err);
464996ae 7545 return;
33ef95ed
JH		 7546 }
7547
464996ae 7548 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7549 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7550 else
a69d8927 7551 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 7552
33ef95ed 7553 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7554 &match);
33ef95ed 7555
47990ea0 7556 if (changed)
464996ae 7557 new_settings(hdev, match.sk);
33ef95ed
JH		 7558
7559 if (match.sk)
7560 sock_put(match.sk);
33ef95ed
JH		 7561}
7562
890ea898 7563static void clear_eir(struct hci_request *req)
cacaf52f 7564{
890ea898 7565 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7566 struct hci_cp_write_eir cp;
7567
976eb20e 7568 if (!lmp_ext_inq_capable(hdev))
890ea898 7569 return;
cacaf52f 7570
c80da27e
JH		 7571 memset(hdev->eir, 0, sizeof(hdev->eir));
7572
cacaf52f
JH		 7573 memset(&cp, 0, sizeof(cp));
7574
890ea898 7575 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7576}
7577
3e248560 7578void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7579{
7580 struct cmd_lookup match = { NULL, hdev };
890ea898 7581 struct hci_request req;
c0ecddc2 7582 bool changed = false;
ed2c4ee3
JH		 7583
7584 if (status) {
7585 u8 mgmt_err = mgmt_status(status);
c0ecddc2 7586
a69d8927
MH		 7587 if (enable && hci_dev_test_and_clear_flag(hdev,
7588 HCI_SSP_ENABLED)) {
a358dc11 7589 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 7590 new_settings(hdev, NULL);
9ecb3e24 7591 }
c0ecddc2 7592
04124681
GP		 7593 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7594 &mgmt_err);
3e248560 7595 return;
c0ecddc2
JH		 7596 }
7597
7598 if (enable) {
238be788 7599 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7600 } else {
a69d8927 7601 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7602 if (!changed)
a69d8927
MH		 7603 changed = hci_dev_test_and_clear_flag(hdev,
7604 HCI_HS_ENABLED);
9ecb3e24 7605 else
a358dc11 7606 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7607 }
7608
7609 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7610
c0ecddc2 7611 if (changed)
3e248560 7612 new_settings(hdev, match.sk);
ed2c4ee3 7613
5fc6ebb1 7614 if (match.sk)
ed2c4ee3
JH		 7615 sock_put(match.sk);
7616
890ea898
JH		 7617 hci_req_init(&req, hdev);
7618
d7a5a11d
MH		 7619 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7620 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7621 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7622 sizeof(enable), &enable);
890ea898 7623 update_eir(&req);
3769972b 7624 } else {
890ea898 7625 clear_eir(&req);
3769972b 7626 }
890ea898
JH		 7627
7628 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7629}
7630
3b0602cd 7631static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7632{
7633 struct cmd_lookup *match = data;
7634
90e70454
JH		 7635 if (match->sk == NULL) {
7636 match->sk = cmd->sk;
7637 sock_hold(match->sk);
7638 }
90e70454
JH		 7639}
7640
4e1b0245
MH		 7641void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7642 u8 status)
7f9a903c 7643{
90e70454 7644 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7645
92da6097
JH		 7646 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7647 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7648 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7649
7650 if (!status)
f6b7712e
MH		 7651 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7652 dev_class, 3, NULL);
90e70454
JH		 7653
7654 if (match.sk)
7655 sock_put(match.sk);
7f9a903c
MH		 7656}
7657
7667da34 7658void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7659{
b312b161 7660 struct mgmt_cp_set_local_name ev;
3b0602cd 7661 struct mgmt_pending_cmd *cmd;
28cc7bde 7662
13928971 7663 if (status)
7667da34 7664 return;
b312b161
JH		 7665
7666 memset(&ev, 0, sizeof(ev));
7667 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7668 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7669
333ae95d 7670 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7671 if (!cmd) {
7672 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7673
13928971
JH		 7674 /* If this is a HCI command related to powering on the
7675 * HCI dev don't send any mgmt signals.
7676 */
333ae95d 7677 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7678 return;
890ea898 7679 }
b312b161 7680
f6b7712e
MH		 7681 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7682 cmd ? cmd->sk : NULL);
b312b161 7683}
c35938b2 7684
4d2d2796 7685void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 7686 u8 *rand192, u8 *hash256, u8 *rand256,
7687 u8 status)
c35938b2 7688{
3b0602cd 7689 struct mgmt_pending_cmd *cmd;
c35938b2 7690
744cf19e 7691 BT_DBG("%s status %u", hdev->name, status);
c35938b2 7692
333ae95d 7693 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 7694 if (!cmd)
3edaf092 7695 return;
c35938b2
SJ		 7696
7697 if (status) {
a69e8375
JH		 7698 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7699 mgmt_status(status));
c35938b2 7700 } else {
66f096f7
JH		 7701 struct mgmt_rp_read_local_oob_data rp;
7702 size_t rp_size = sizeof(rp);
4d2d2796 7703
66f096f7
JH		 7704 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7705 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 7706
66f096f7 7707 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796 7708 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 7709 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
4d2d2796 7710 } else {
66f096f7 7711 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
4d2d2796 7712 }
66f096f7 7713
2a1afb5a
JH		 7714 mgmt_cmd_complete(cmd->sk, hdev->id,
7715 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7716 &rp, rp_size);
c35938b2
SJ		 7717 }
7718
7719 mgmt_pending_remove(cmd);
c35938b2 7720}
e17acd40 7721
799ce93d
JP		 7722static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7723{
7724 int i;
7725
7726 for (i = 0; i < uuid_count; i++) {
7727 if (!memcmp(uuid, uuids[i], 16))
7728 return true;
7729 }
7730
7731 return false;
7732}
7733
b487b9ce
MH		 7734static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7735{
799ce93d
JP		 7736 u16 parsed = 0;
7737
7738 while (parsed < eir_len) {
7739 u8 field_len = eir[0];
7740 u8 uuid[16];
7741 int i;
7742
7743 if (field_len == 0)
7744 break;
7745
7746 if (eir_len - parsed < field_len + 1)
7747 break;
7748
7749 switch (eir[1]) {
7750 case EIR_UUID16_ALL:
7751 case EIR_UUID16_SOME:
7752 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7753 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7754 uuid[13] = eir[i + 3];
7755 uuid[12] = eir[i + 2];
7756 if (has_uuid(uuid, uuid_count, uuids))
7757 return true;
7758 }
7759 break;
7760 case EIR_UUID32_ALL:
7761 case EIR_UUID32_SOME:
7762 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7763 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7764 uuid[15] = eir[i + 5];
7765 uuid[14] = eir[i + 4];
7766 uuid[13] = eir[i + 3];
7767 uuid[12] = eir[i + 2];
7768 if (has_uuid(uuid, uuid_count, uuids))
7769 return true;
7770 }
7771 break;
7772 case EIR_UUID128_ALL:
7773 case EIR_UUID128_SOME:
7774 for (i = 0; i + 17 <= field_len; i += 16) {
7775 memcpy(uuid, eir + i + 2, 16);
7776 if (has_uuid(uuid, uuid_count, uuids))
7777 return true;
7778 }
7779 break;
7780 }
7781
7782 parsed += field_len + 1;
7783 eir += field_len + 1;
7784 }
7785
b487b9ce
MH		 7786 return false;
7787}
7788
4b0e0ced
JP		 7789static void restart_le_scan(struct hci_dev *hdev)
7790{
7791 /* If controller is not scanning we are done. */
d7a5a11d 7792 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 7793 return;
7794
7795 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7796 hdev->discovery.scan_start +
7797 hdev->discovery.scan_duration))
7798 return;
7799
7800 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
7801 DISCOV_LE_RESTART_DELAY);
7802}
7803
48f86b7f
JP		 7804static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7805 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7806{
48f86b7f
JP		 7807 /* If a RSSI threshold has been specified, and
7808 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7809 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7810 * is set, let it through for further processing, as we might need to
7811 * restart the scan.
efb2513f
MH		 7812 *
7813 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7814 * the results are also dropped.
bda157a4
MH		 7815 */
7816 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7817 (rssi == HCI_RSSI_INVALID ||
7818 (rssi < hdev->discovery.rssi &&
7819 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7820 return false;
efb2513f 7821
2976cdeb
JP		 7822 if (hdev->discovery.uuid_count != 0) {
7823 /* If a list of UUIDs is provided in filter, results with no
7824 * matching UUID should be dropped.
b487b9ce 7825 */
2976cdeb
JP		 7826 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7827 hdev->discovery.uuids) &&
7828 !eir_has_uuids(scan_rsp, scan_rsp_len,
7829 hdev->discovery.uuid_count,
7830 hdev->discovery.uuids))
7831 return false;
b487b9ce 7832 }
5d2e9fad 7833
2976cdeb
JP		 7834 /* If duplicate filtering does not report RSSI changes, then restart
7835 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7836 */
2976cdeb
JP		 7837 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7838 restart_le_scan(hdev);
7839
7840 /* Validate RSSI value against the RSSI threshold once more. */
7841 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7842 rssi < hdev->discovery.rssi)
7843 return false;
7844 }
48f86b7f
JP		 7845
7846 return true;
7847}
7848
7849void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7850 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7851 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7852{
7853 char buf[512];
7854 struct mgmt_ev_device_found *ev = (void *)buf;
7855 size_t ev_size;
7856
7857 /* Don't send events for a non-kernel initiated discovery. With
7858 * LE one exception is if we have pend_le_reports > 0 in which
7859 * case we're doing passive scanning and want these events.
7860 */
7861 if (!hci_discovery_active(hdev)) {
7862 if (link_type == ACL_LINK)
7863 return;
7864 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7865 return;
7866 }
7867
82f8b651 7868 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7869 /* We are using service discovery */
7870 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7871 scan_rsp_len))
7872 return;
7873 }
7874
7875 /* Make sure that the buffer is big enough. The 5 extra bytes
7876 * are for the potential CoD field.
7877 */
7878 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7879 return;
7880
48f86b7f
JP		 7881 memset(buf, 0, sizeof(buf));
7882
7883 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7884 * RSSI value was reported as 0 when not available. This behavior
7885 * is kept when using device discovery. This is required for full
7886 * backwards compatibility with the API.
7887 *
7888 * However when using service discovery, the value 127 will be
7889 * returned when the RSSI is not available.
7890 */
7891 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7892 link_type == ACL_LINK)
7893 rssi = 0;
7894
7895 bacpy(&ev->addr.bdaddr, bdaddr);
7896 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7897 ev->rssi = rssi;
7898 ev->flags = cpu_to_le32(flags);
7899
7900 if (eir_len > 0)
7901 /* Copy EIR or advertising data into event */
7902 memcpy(ev->eir, eir, eir_len);
7903
7904 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7905 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7906 dev_class, 3);
7907
7908 if (scan_rsp_len > 0)
7909 /* Append scan response data to event */
7910 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7911
5d2e9fad
JH		 7912 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7913 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7914
901801b9 7915 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7916}
a88a9652 7917
9cf12aee
MH		 7918void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7919 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7920{
b644ba33
JH		 7921 struct mgmt_ev_device_found *ev;
7922 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7923 u16 eir_len;
a88a9652 7924
b644ba33 7925 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7926
b644ba33
JH		 7927 memset(buf, 0, sizeof(buf));
7928
7929 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7930 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7931 ev->rssi = rssi;
7932
7933 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7934 name_len);
b644ba33 7935
eb55ef07 7936 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7937
9cf12aee 7938 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7939}
314b2381 7940
2f1e063b 7941void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7942{
f963e8e9 7943 struct mgmt_ev_discovering ev;
164a6e78 7944
343fb145
AG		 7945 BT_DBG("%s discovering %u", hdev->name, discovering);
7946
f963e8e9
JH		 7947 memset(&ev, 0, sizeof(ev));
7948 ev.type = hdev->discovery.type;
7949 ev.discovering = discovering;
7950
2f1e063b 7951 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7952}
5e762444 7953
1904a853 7954static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 7955{
7956 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 7957}
7958
7959void mgmt_reenable_advertising(struct hci_dev *hdev)
7960{
7961 struct hci_request req;
7962
24b4f38f
AU		 7963 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
7964 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
5976e608
MH		 7965 return;
7966
7967 hci_req_init(&req, hdev);
7968 enable_advertising(&req);
0ec5ae84 7969 hci_req_run(&req, adv_enable_complete);
5976e608 7970}
6d785aa3
JH		 7971
7972static struct hci_mgmt_chan chan = {
7973 .channel = HCI_CHANNEL_CONTROL,
7974 .handler_count = ARRAY_SIZE(mgmt_handlers),
7975 .handlers = mgmt_handlers,
88b94ce9 7976 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 7977};
7978
7979int mgmt_init(void)
7980{
7981 return hci_mgmt_chan_register(&chan);
7982}
7983
7984void mgmt_exit(void)
7985{
7986 hci_mgmt_chan_unregister(&chan);
7987}
Linux kernel - Deliverables
This page took 1.29182 seconds and 5 git commands to generate.