projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Update background scan parameters
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
40456644 37#define MGMT_REVISION 5
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 82 MGMT_OP_SET_SECURE_CONN,
4e39ac81 83 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 84 MGMT_OP_SET_PRIVACY,
41edf160 85 MGMT_OP_LOAD_IRKS,
e70bb2e8
JH		 86};
87
88static const u16 mgmt_events[] = {
89 MGMT_EV_CONTROLLER_ERROR,
90 MGMT_EV_INDEX_ADDED,
91 MGMT_EV_INDEX_REMOVED,
92 MGMT_EV_NEW_SETTINGS,
93 MGMT_EV_CLASS_OF_DEV_CHANGED,
94 MGMT_EV_LOCAL_NAME_CHANGED,
95 MGMT_EV_NEW_LINK_KEY,
96 MGMT_EV_NEW_LONG_TERM_KEY,
97 MGMT_EV_DEVICE_CONNECTED,
98 MGMT_EV_DEVICE_DISCONNECTED,
99 MGMT_EV_CONNECT_FAILED,
100 MGMT_EV_PIN_CODE_REQUEST,
101 MGMT_EV_USER_CONFIRM_REQUEST,
102 MGMT_EV_USER_PASSKEY_REQUEST,
103 MGMT_EV_AUTH_FAILED,
104 MGMT_EV_DEVICE_FOUND,
105 MGMT_EV_DISCOVERING,
106 MGMT_EV_DEVICE_BLOCKED,
107 MGMT_EV_DEVICE_UNBLOCKED,
108 MGMT_EV_DEVICE_UNPAIRED,
92a25256 109 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 110 MGMT_EV_NEW_IRK,
e70bb2e8
JH		 111};
112
17b02e62 113#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 114
4b34ee78
JH		 115#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
116 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
117
eec8d2bc
JH		 118struct pending_cmd {
119 struct list_head list;
fc2f4b13 120 u16 opcode;
eec8d2bc 121 int index;
c68fb7ff 122 void *param;
eec8d2bc 123 struct sock *sk;
e9a416b5 124 void *user_data;
eec8d2bc
JH		 125};
126
ca69b795
JH		 127/* HCI to MGMT error code conversion table */
128static u8 mgmt_status_table[] = {
129 MGMT_STATUS_SUCCESS,
130 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
131 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
132 MGMT_STATUS_FAILED, /* Hardware Failure */
133 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
134 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 135 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 136 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
137 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
138 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
139 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
140 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
141 MGMT_STATUS_BUSY, /* Command Disallowed */
142 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
143 MGMT_STATUS_REJECTED, /* Rejected Security */
144 MGMT_STATUS_REJECTED, /* Rejected Personal */
145 MGMT_STATUS_TIMEOUT, /* Host Timeout */
146 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
147 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
148 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
149 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
150 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
151 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
152 MGMT_STATUS_BUSY, /* Repeated Attempts */
153 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
154 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
155 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
156 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
157 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
158 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
159 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
160 MGMT_STATUS_FAILED, /* Unspecified Error */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
162 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
163 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
164 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
165 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
166 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
167 MGMT_STATUS_FAILED, /* Unit Link Key Used */
168 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
169 MGMT_STATUS_TIMEOUT, /* Instant Passed */
170 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
171 MGMT_STATUS_FAILED, /* Transaction Collision */
172 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
173 MGMT_STATUS_REJECTED, /* QoS Rejected */
174 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
175 MGMT_STATUS_REJECTED, /* Insufficient Security */
176 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
177 MGMT_STATUS_BUSY, /* Role Switch Pending */
178 MGMT_STATUS_FAILED, /* Slot Violation */
179 MGMT_STATUS_FAILED, /* Role Switch Failed */
180 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
181 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
182 MGMT_STATUS_BUSY, /* Host Busy Pairing */
183 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
184 MGMT_STATUS_BUSY, /* Controller Busy */
185 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
186 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
187 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
188 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
189 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
190};
191
192static u8 mgmt_status(u8 hci_status)
193{
194 if (hci_status < ARRAY_SIZE(mgmt_status_table))
195 return mgmt_status_table[hci_status];
196
197 return MGMT_STATUS_FAILED;
198}
199
4e51eae9 200static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 201{
202 struct sk_buff *skb;
203 struct mgmt_hdr *hdr;
204 struct mgmt_ev_cmd_status *ev;
56b7d137 205 int err;
f7b64e69 206
34eb525c 207 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 208
790eff44 209 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 210 if (!skb)
211 return -ENOMEM;
212
213 hdr = (void *) skb_put(skb, sizeof(*hdr));
214
612dfce9 215 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 216 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 217 hdr->len = cpu_to_le16(sizeof(*ev));
218
219 ev = (void *) skb_put(skb, sizeof(*ev));
220 ev->status = status;
eb55ef07 221 ev->opcode = cpu_to_le16(cmd);
f7b64e69 222
56b7d137
GP		 223 err = sock_queue_rcv_skb(sk, skb);
224 if (err < 0)
f7b64e69
JH		 225 kfree_skb(skb);
226
56b7d137 227 return err;
f7b64e69
JH		 228}
229
aee9b218 230static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 231 void *rp, size_t rp_len)
02d98129
JH		 232{
233 struct sk_buff *skb;
234 struct mgmt_hdr *hdr;
235 struct mgmt_ev_cmd_complete *ev;
56b7d137 236 int err;
02d98129
JH		 237
238 BT_DBG("sock %p", sk);
239
790eff44 240 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 241 if (!skb)
242 return -ENOMEM;
243
244 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 245
612dfce9 246 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 247 hdr->index = cpu_to_le16(index);
a38528f1 248 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 249
a38528f1 250 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 251 ev->opcode = cpu_to_le16(cmd);
aee9b218 252 ev->status = status;
8020c16a
SJ		 253
254 if (rp)
255 memcpy(ev->data, rp, rp_len);
02d98129 256
56b7d137
GP		 257 err = sock_queue_rcv_skb(sk, skb);
258 if (err < 0)
02d98129
JH		 259 kfree_skb(skb);
260
e5f0e151 261 return err;
02d98129
JH		 262}
263
04124681
GP		 264static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
265 u16 data_len)
a38528f1
JH		 266{
267 struct mgmt_rp_read_version rp;
268
269 BT_DBG("sock %p", sk);
270
271 rp.version = MGMT_VERSION;
eb55ef07 272 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 273
aee9b218 274 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 275 sizeof(rp));
a38528f1
JH		 276}
277
04124681
GP		 278static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
279 u16 data_len)
e70bb2e8
JH		 280{
281 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 282 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
283 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 284 __le16 *opcode;
e70bb2e8
JH		 285 size_t rp_size;
286 int i, err;
287
288 BT_DBG("sock %p", sk);
289
290 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
291
292 rp = kmalloc(rp_size, GFP_KERNEL);
293 if (!rp)
294 return -ENOMEM;
295
eb55ef07
MH		 296 rp->num_commands = __constant_cpu_to_le16(num_commands);
297 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 298
299 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
300 put_unaligned_le16(mgmt_commands[i], opcode);
301
302 for (i = 0; i < num_events; i++, opcode++)
303 put_unaligned_le16(mgmt_events[i], opcode);
304
aee9b218 305 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 306 rp_size);
e70bb2e8
JH		 307 kfree(rp);
308
309 return err;
310}
311
04124681
GP		 312static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
313 u16 data_len)
faba42eb 314{
faba42eb 315 struct mgmt_rp_read_index_list *rp;
8035ded4 316 struct hci_dev *d;
a38528f1 317 size_t rp_len;
faba42eb 318 u16 count;
476e44cb 319 int err;
faba42eb
JH		 320
321 BT_DBG("sock %p", sk);
322
323 read_lock(&hci_dev_list_lock);
324
325 count = 0;
bb4b2a9a 326 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 327 if (d->dev_type == HCI_BREDR)
328 count++;
faba42eb
JH		 329 }
330
a38528f1
JH		 331 rp_len = sizeof(*rp) + (2 * count);
332 rp = kmalloc(rp_len, GFP_ATOMIC);
333 if (!rp) {
b2c60d42 334 read_unlock(&hci_dev_list_lock);
faba42eb 335 return -ENOMEM;
b2c60d42 336 }
faba42eb 337
476e44cb 338 count = 0;
8035ded4 339 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 340 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 341 continue;
342
0736cfa8
MH		 343 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
344 continue;
345
1514b892
MH		 346 if (d->dev_type == HCI_BREDR) {
347 rp->index[count++] = cpu_to_le16(d->id);
348 BT_DBG("Added hci%u", d->id);
349 }
faba42eb
JH		 350 }
351
476e44cb
JH		 352 rp->num_controllers = cpu_to_le16(count);
353 rp_len = sizeof(*rp) + (2 * count);
354
faba42eb
JH		 355 read_unlock(&hci_dev_list_lock);
356
aee9b218 357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 358 rp_len);
faba42eb 359
a38528f1
JH		 360 kfree(rp);
361
362 return err;
faba42eb
JH		 363}
364
69ab39ea
JH		 365static u32 get_supported_settings(struct hci_dev *hdev)
366{
367 u32 settings = 0;
368
369 settings |= MGMT_SETTING_POWERED;
69ab39ea 370 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 371 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 372
ed3fa31f 373 if (lmp_bredr_capable(hdev)) {
33c525c0 374 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 375 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
376 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 377 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 378 settings |= MGMT_SETTING_BREDR;
379 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 380
381 if (lmp_ssp_capable(hdev)) {
382 settings |= MGMT_SETTING_SSP;
383 settings |= MGMT_SETTING_HS;
384 }
e98d2ce2 385
5afeac14
MH		 386 if (lmp_sc_capable(hdev) ||
387 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
e98d2ce2 388 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 389 }
d7b7e796 390
eeca6f89 391 if (lmp_le_capable(hdev)) {
9d42820f 392 settings |= MGMT_SETTING_LE;
eeca6f89 393 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 394 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 395 }
69ab39ea
JH		 396
397 return settings;
398}
399
400static u32 get_current_settings(struct hci_dev *hdev)
401{
402 u32 settings = 0;
403
f1f0eb02 404 if (hdev_is_powered(hdev))
f0d4b78a
MH		 405 settings |= MGMT_SETTING_POWERED;
406
5e5282bb 407 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 408 settings |= MGMT_SETTING_CONNECTABLE;
409
1a4d3c4b
JH		 410 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
411 settings |= MGMT_SETTING_FAST_CONNECTABLE;
412
5e5282bb 413 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 414 settings |= MGMT_SETTING_DISCOVERABLE;
415
a8b2d5c2 416 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_PAIRABLE;
418
56f87901 419 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_BREDR;
421
06199cf8 422 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 423 settings |= MGMT_SETTING_LE;
424
47990ea0 425 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 426 settings |= MGMT_SETTING_LINK_SECURITY;
427
84bde9d6 428 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 429 settings |= MGMT_SETTING_SSP;
430
6d80dfd0
JH		 431 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
432 settings |= MGMT_SETTING_HS;
433
f3d3444a 434 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 435 settings |= MGMT_SETTING_ADVERTISING;
436
e98d2ce2
MH		 437 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
438 settings |= MGMT_SETTING_SECURE_CONN;
439
b1de97d8
MH		 440 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
441 settings |= MGMT_SETTING_DEBUG_KEYS;
442
0f4bd942
JH		 443 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
444 settings |= MGMT_SETTING_PRIVACY;
445
69ab39ea
JH		 446 return settings;
447}
448
ef580372
JH		 449#define PNP_INFO_SVCLASS_ID 0x1200
450
213202ed
JH		 451static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
452{
453 u8 *ptr = data, *uuids_start = NULL;
454 struct bt_uuid *uuid;
455
456 if (len < 4)
457 return ptr;
458
459 list_for_each_entry(uuid, &hdev->uuids, list) {
460 u16 uuid16;
461
462 if (uuid->size != 16)
463 continue;
464
465 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
466 if (uuid16 < 0x1100)
467 continue;
468
469 if (uuid16 == PNP_INFO_SVCLASS_ID)
470 continue;
471
472 if (!uuids_start) {
473 uuids_start = ptr;
474 uuids_start[0] = 1;
475 uuids_start[1] = EIR_UUID16_ALL;
476 ptr += 2;
477 }
478
479 /* Stop if not enough space to put next UUID */
480 if ((ptr - data) + sizeof(u16) > len) {
481 uuids_start[1] = EIR_UUID16_SOME;
482 break;
483 }
484
485 *ptr++ = (uuid16 & 0x00ff);
486 *ptr++ = (uuid16 & 0xff00) >> 8;
487 uuids_start[0] += sizeof(uuid16);
488 }
489
490 return ptr;
491}
492
cdf1963f
JH		 493static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
494{
495 u8 *ptr = data, *uuids_start = NULL;
496 struct bt_uuid *uuid;
497
498 if (len < 6)
499 return ptr;
500
501 list_for_each_entry(uuid, &hdev->uuids, list) {
502 if (uuid->size != 32)
503 continue;
504
505 if (!uuids_start) {
506 uuids_start = ptr;
507 uuids_start[0] = 1;
508 uuids_start[1] = EIR_UUID32_ALL;
509 ptr += 2;
510 }
511
512 /* Stop if not enough space to put next UUID */
513 if ((ptr - data) + sizeof(u32) > len) {
514 uuids_start[1] = EIR_UUID32_SOME;
515 break;
516 }
517
518 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
519 ptr += sizeof(u32);
520 uuids_start[0] += sizeof(u32);
521 }
522
523 return ptr;
524}
525
c00d575b
JH		 526static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
527{
528 u8 *ptr = data, *uuids_start = NULL;
529 struct bt_uuid *uuid;
530
531 if (len < 18)
532 return ptr;
533
534 list_for_each_entry(uuid, &hdev->uuids, list) {
535 if (uuid->size != 128)
536 continue;
537
538 if (!uuids_start) {
539 uuids_start = ptr;
540 uuids_start[0] = 1;
541 uuids_start[1] = EIR_UUID128_ALL;
542 ptr += 2;
543 }
544
545 /* Stop if not enough space to put next UUID */
546 if ((ptr - data) + 16 > len) {
547 uuids_start[1] = EIR_UUID128_SOME;
548 break;
549 }
550
551 memcpy(ptr, uuid->uuid, 16);
552 ptr += 16;
553 uuids_start[0] += 16;
554 }
555
556 return ptr;
557}
558
eb2a8d20
JH		 559static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
560{
561 struct pending_cmd *cmd;
562
563 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
564 if (cmd->opcode == opcode)
565 return cmd;
566 }
567
568 return NULL;
569}
570
f14d8f64
MH		 571static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
572{
7a5f4990
MH		 573 u8 ad_len = 0;
574 size_t name_len;
575
576 name_len = strlen(hdev->dev_name);
577 if (name_len > 0) {
578 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
579
580 if (name_len > max_len) {
581 name_len = max_len;
582 ptr[1] = EIR_NAME_SHORT;
583 } else
584 ptr[1] = EIR_NAME_COMPLETE;
585
586 ptr[0] = name_len + 1;
587
588 memcpy(ptr + 2, hdev->dev_name, name_len);
589
590 ad_len += (name_len + 2);
591 ptr += (name_len + 2);
592 }
593
594 return ad_len;
f14d8f64
MH		 595}
596
597static void update_scan_rsp_data(struct hci_request *req)
598{
599 struct hci_dev *hdev = req->hdev;
600 struct hci_cp_le_set_scan_rsp_data cp;
601 u8 len;
602
7751ef1b 603 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 604 return;
605
606 memset(&cp, 0, sizeof(cp));
607
608 len = create_scan_rsp_data(hdev, cp.data);
609
eb438b5f
JH		 610 if (hdev->scan_rsp_data_len == len &&
611 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 612 return;
613
eb438b5f
JH		 614 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
615 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 616
617 cp.length = len;
618
619 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
620}
621
9a43e25f
JH		 622static u8 get_adv_discov_flags(struct hci_dev *hdev)
623{
624 struct pending_cmd *cmd;
625
626 /* If there's a pending mgmt command the flags will not yet have
627 * their final values, so check for this first.
628 */
629 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
630 if (cmd) {
631 struct mgmt_mode *cp = cmd->param;
632 if (cp->val == 0x01)
633 return LE_AD_GENERAL;
634 else if (cp->val == 0x02)
635 return LE_AD_LIMITED;
636 } else {
637 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
638 return LE_AD_LIMITED;
639 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
640 return LE_AD_GENERAL;
641 }
642
643 return 0;
644}
645
46cad2ed 646static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 647{
648 u8 ad_len = 0, flags = 0;
441ad2d0 649
9a43e25f 650 flags |= get_adv_discov_flags(hdev);
441ad2d0 651
e834004b 652 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 653 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 654
655 if (flags) {
656 BT_DBG("adv flags 0x%02x", flags);
657
658 ptr[0] = 2;
659 ptr[1] = EIR_FLAGS;
660 ptr[2] = flags;
661
662 ad_len += 3;
663 ptr += 3;
664 }
665
666 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
667 ptr[0] = 2;
668 ptr[1] = EIR_TX_POWER;
669 ptr[2] = (u8) hdev->adv_tx_power;
670
671 ad_len += 3;
672 ptr += 3;
673 }
674
441ad2d0
MH		 675 return ad_len;
676}
677
5947f4bc 678static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 679{
680 struct hci_dev *hdev = req->hdev;
681 struct hci_cp_le_set_adv_data cp;
682 u8 len;
683
10994ce6 684 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 685 return;
686
687 memset(&cp, 0, sizeof(cp));
688
46cad2ed 689 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 690
691 if (hdev->adv_data_len == len &&
692 memcmp(cp.data, hdev->adv_data, len) == 0)
693 return;
694
695 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
696 hdev->adv_data_len = len;
697
698 cp.length = len;
699
700 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
701}
702
ef580372
JH		 703static void create_eir(struct hci_dev *hdev, u8 *data)
704{
705 u8 *ptr = data;
ef580372
JH		 706 size_t name_len;
707
708 name_len = strlen(hdev->dev_name);
709
710 if (name_len > 0) {
711 /* EIR Data type */
712 if (name_len > 48) {
713 name_len = 48;
714 ptr[1] = EIR_NAME_SHORT;
715 } else
716 ptr[1] = EIR_NAME_COMPLETE;
717
718 /* EIR Data length */
719 ptr[0] = name_len + 1;
720
721 memcpy(ptr + 2, hdev->dev_name, name_len);
722
ef580372
JH		 723 ptr += (name_len + 2);
724 }
725
bbaf444a 726 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 727 ptr[0] = 2;
728 ptr[1] = EIR_TX_POWER;
729 ptr[2] = (u8) hdev->inq_tx_power;
730
91c4e9b1
MH		 731 ptr += 3;
732 }
733
2b9be137
MH		 734 if (hdev->devid_source > 0) {
735 ptr[0] = 9;
736 ptr[1] = EIR_DEVICE_ID;
737
738 put_unaligned_le16(hdev->devid_source, ptr + 2);
739 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
740 put_unaligned_le16(hdev->devid_product, ptr + 6);
741 put_unaligned_le16(hdev->devid_version, ptr + 8);
742
2b9be137
MH		 743 ptr += 10;
744 }
745
213202ed 746 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 747 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 748 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 749}
750
890ea898 751static void update_eir(struct hci_request *req)
ef580372 752{
890ea898 753 struct hci_dev *hdev = req->hdev;
ef580372
JH		 754 struct hci_cp_write_eir cp;
755
504c8dcd 756 if (!hdev_is_powered(hdev))
890ea898 757 return;
7770c4aa 758
976eb20e 759 if (!lmp_ext_inq_capable(hdev))
890ea898 760 return;
ef580372 761
84bde9d6 762 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 763 return;
ef580372 764
a8b2d5c2 765 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 766 return;
ef580372
JH		 767
768 memset(&cp, 0, sizeof(cp));
769
770 create_eir(hdev, cp.data);
771
772 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 773 return;
ef580372
JH		 774
775 memcpy(hdev->eir, cp.data, sizeof(cp.data));
776
890ea898 777 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 778}
779
780static u8 get_service_classes(struct hci_dev *hdev)
781{
782 struct bt_uuid *uuid;
783 u8 val = 0;
784
785 list_for_each_entry(uuid, &hdev->uuids, list)
786 val |= uuid->svc_hint;
787
788 return val;
789}
790
890ea898 791static void update_class(struct hci_request *req)
ef580372 792{
890ea898 793 struct hci_dev *hdev = req->hdev;
ef580372
JH		 794 u8 cod[3];
795
796 BT_DBG("%s", hdev->name);
797
504c8dcd 798 if (!hdev_is_powered(hdev))
890ea898 799 return;
7770c4aa 800
f87ea1da
JH		 801 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
802 return;
803
a8b2d5c2 804 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 805 return;
ef580372
JH		 806
807 cod[0] = hdev->minor_class;
808 cod[1] = hdev->major_class;
809 cod[2] = get_service_classes(hdev);
810
6acd7db4
MH		 811 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
812 cod[1] |= 0x20;
813
ef580372 814 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 815 return;
ef580372 816
890ea898 817 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 818}
819
a4858cb9 820static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 821{
822 struct pending_cmd *cmd;
199a2fb1
JH		 823
824 /* If there's a pending mgmt command the flag will not yet have
825 * it's final value, so check for this first.
826 */
827 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
828 if (cmd) {
829 struct mgmt_mode *cp = cmd->param;
a4858cb9 830 return cp->val;
199a2fb1
JH		 831 }
832
a4858cb9 833 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 834}
835
836static void enable_advertising(struct hci_request *req)
837{
838 struct hci_dev *hdev = req->hdev;
839 struct hci_cp_le_set_adv_param cp;
8f2a0601 840 u8 own_addr_type, enable = 0x01;
a4858cb9 841 bool connectable;
199a2fb1 842
a4858cb9 843 connectable = get_connectable(hdev);
8f2a0601 844
a4858cb9
JH		 845 /* Set require_privacy to true only when non-connectable
846 * advertising is used. In that case it is fine to use a
847 * non-resolvable private address.
848 */
849 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 850 return;
851
41c90c18 852 memset(&cp, 0, sizeof(cp));
199a2fb1
JH		 853 cp.min_interval = __constant_cpu_to_le16(0x0800);
854 cp.max_interval = __constant_cpu_to_le16(0x0800);
a4858cb9 855 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 856 cp.own_address_type = own_addr_type;
199a2fb1
JH		 857 cp.channel_map = hdev->le_adv_channel_map;
858
859 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
860
861 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
862}
863
864static void disable_advertising(struct hci_request *req)
865{
866 u8 enable = 0x00;
867
868 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
869}
870
7d78525d
JH		 871static void service_cache_off(struct work_struct *work)
872{
873 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 874 service_cache.work);
890ea898 875 struct hci_request req;
7d78525d 876
a8b2d5c2 877 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 878 return;
879
890ea898
JH		 880 hci_req_init(&req, hdev);
881
7d78525d
JH		 882 hci_dev_lock(hdev);
883
890ea898
JH		 884 update_eir(&req);
885 update_class(&req);
7d78525d
JH		 886
887 hci_dev_unlock(hdev);
890ea898
JH		 888
889 hci_req_run(&req, NULL);
7d78525d
JH		 890}
891
d6bfd59c
JH		 892static void rpa_expired(struct work_struct *work)
893{
894 struct hci_dev *hdev = container_of(work, struct hci_dev,
895 rpa_expired.work);
896 struct hci_request req;
897
898 BT_DBG("");
899
900 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
901
902 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
903 hci_conn_num(hdev, LE_LINK) > 0)
904 return;
905
906 /* The generation of a new RPA and programming it into the
907 * controller happens in the enable_advertising() function.
908 */
909
910 hci_req_init(&req, hdev);
911
912 disable_advertising(&req);
913 enable_advertising(&req);
914
915 hci_req_run(&req, NULL);
916}
917
6a919082 918static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 919{
4f87da80 920 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 921 return;
922
4f87da80 923 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 924 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 925
4f87da80
JH		 926 /* Non-mgmt controlled devices get this bit set
927 * implicitly so that pairing works for them, however
928 * for mgmt we require user-space to explicitly enable
929 * it
930 */
931 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 932}
933
0f4e68cf 934static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 935 void *data, u16 data_len)
0381101f 936{
a38528f1 937 struct mgmt_rp_read_info rp;
f7b64e69 938
bdb6d971 939 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 940
09fd0de5 941 hci_dev_lock(hdev);
f7b64e69 942
dc4fe30b
JH		 943 memset(&rp, 0, sizeof(rp));
944
69ab39ea 945 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 946
69ab39ea 947 rp.version = hdev->hci_ver;
eb55ef07 948 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 949
950 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
951 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 952
a38528f1 953 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 954
dc4fe30b 955 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 956 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 957
09fd0de5 958 hci_dev_unlock(hdev);
0381101f 959
bdb6d971 960 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 961 sizeof(rp));
0381101f
JH		 962}
963
eec8d2bc
JH		 964static void mgmt_pending_free(struct pending_cmd *cmd)
965{
966 sock_put(cmd->sk);
c68fb7ff 967 kfree(cmd->param);
eec8d2bc
JH		 968 kfree(cmd);
969}
970
366a0336 971static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 972 struct hci_dev *hdev, void *data,
973 u16 len)
eec8d2bc
JH		 974{
975 struct pending_cmd *cmd;
976
12b94565 977 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 978 if (!cmd)
366a0336 979 return NULL;
eec8d2bc
JH		 980
981 cmd->opcode = opcode;
2e58ef3e 982 cmd->index = hdev->id;
eec8d2bc 983
12b94565 984 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 985 if (!cmd->param) {
eec8d2bc 986 kfree(cmd);
366a0336 987 return NULL;
eec8d2bc
JH		 988 }
989
8fce6357
SJ		 990 if (data)
991 memcpy(cmd->param, data, len);
eec8d2bc
JH		 992
993 cmd->sk = sk;
994 sock_hold(sk);
995
2e58ef3e 996 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 997
366a0336 998 return cmd;
eec8d2bc
JH		 999}
1000
744cf19e 1001static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1002 void (*cb)(struct pending_cmd *cmd,
1003 void *data),
04124681 1004 void *data)
eec8d2bc 1005{
a3d09356 1006 struct pending_cmd *cmd, *tmp;
eec8d2bc 1007
a3d09356 1008 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1009 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1010 continue;
1011
eec8d2bc
JH		 1012 cb(cmd, data);
1013 }
1014}
1015
a664b5bc 1016static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1017{
73f22f62
JH		 1018 list_del(&cmd->list);
1019 mgmt_pending_free(cmd);
1020}
1021
69ab39ea 1022static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1023{
69ab39ea 1024 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1025
aee9b218 1026 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1027 sizeof(settings));
8680570b
JH		 1028}
1029
8b064a3a
JH		 1030static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1031{
1032 BT_DBG("%s status 0x%02x", hdev->name, status);
1033
1034 if (hci_conn_count(hdev) == 0)
1035 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1036}
1037
1038static int clean_up_hci_state(struct hci_dev *hdev)
1039{
1040 struct hci_request req;
1041 struct hci_conn *conn;
1042
1043 hci_req_init(&req, hdev);
1044
1045 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1046 test_bit(HCI_PSCAN, &hdev->flags)) {
1047 u8 scan = 0x00;
1048 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1049 }
1050
1051 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1052 disable_advertising(&req);
1053
1054 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
b1efcc28 1055 hci_req_add_le_scan_disable(&req);
8b064a3a
JH		 1056 }
1057
1058 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1059 struct hci_cp_disconnect dc;
1060
1061 dc.handle = cpu_to_le16(conn->handle);
1062 dc.reason = 0x15; /* Terminated due to Power Off */
1063 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1064 }
1065
1066 return hci_req_run(&req, clean_up_hci_complete);
1067}
1068
bdb6d971 1069static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1070 u16 len)
eec8d2bc 1071{
650f726d 1072 struct mgmt_mode *cp = data;
366a0336 1073 struct pending_cmd *cmd;
4b34ee78 1074 int err;
eec8d2bc 1075
bdb6d971 1076 BT_DBG("request for %s", hdev->name);
eec8d2bc 1077
a7e80f25
JH		 1078 if (cp->val != 0x00 && cp->val != 0x01)
1079 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1080 MGMT_STATUS_INVALID_PARAMS);
1081
09fd0de5 1082 hci_dev_lock(hdev);
eec8d2bc 1083
87b95ba6
JH		 1084 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1085 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1086 MGMT_STATUS_BUSY);
1087 goto failed;
1088 }
1089
f0d4b78a
MH		 1090 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1091 cancel_delayed_work(&hdev->power_off);
1092
1093 if (cp->val) {
a1d70450
JH		 1094 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1095 data, len);
1096 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1097 goto failed;
1098 }
1099 }
1100
4b34ee78 1101 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1102 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1103 goto failed;
1104 }
1105
2e58ef3e 1106 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1107 if (!cmd) {
1108 err = -ENOMEM;
eec8d2bc 1109 goto failed;
366a0336 1110 }
eec8d2bc 1111
8b064a3a 1112 if (cp->val) {
19202573 1113 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1114 err = 0;
1115 } else {
1116 /* Disconnect connections, stop scans, etc */
1117 err = clean_up_hci_state(hdev);
eec8d2bc 1118
8b064a3a
JH		 1119 /* ENODATA means there were no HCI commands queued */
1120 if (err == -ENODATA) {
1121 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1122 err = 0;
1123 }
1124 }
eec8d2bc
JH		 1125
1126failed:
09fd0de5 1127 hci_dev_unlock(hdev);
366a0336 1128 return err;
eec8d2bc
JH		 1129}
1130
04124681
GP		 1131static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1132 struct sock *skip_sk)
beadb2bd
JH		 1133{
1134 struct sk_buff *skb;
1135 struct mgmt_hdr *hdr;
1136
790eff44 1137 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1138 if (!skb)
1139 return -ENOMEM;
1140
1141 hdr = (void *) skb_put(skb, sizeof(*hdr));
1142 hdr->opcode = cpu_to_le16(event);
1143 if (hdev)
1144 hdr->index = cpu_to_le16(hdev->id);
1145 else
612dfce9 1146 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1147 hdr->len = cpu_to_le16(data_len);
1148
1149 if (data)
1150 memcpy(skb_put(skb, data_len), data, data_len);
1151
97e0bdeb
MH		 1152 /* Time stamp */
1153 __net_timestamp(skb);
1154
beadb2bd
JH		 1155 hci_send_to_control(skb, skip_sk);
1156 kfree_skb(skb);
1157
1158 return 0;
1159}
1160
1161static int new_settings(struct hci_dev *hdev, struct sock *skip)
1162{
1163 __le32 ev;
1164
1165 ev = cpu_to_le32(get_current_settings(hdev));
1166
1167 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1168}
1169
bd99abdd
JH		 1170struct cmd_lookup {
1171 struct sock *sk;
1172 struct hci_dev *hdev;
1173 u8 mgmt_status;
1174};
1175
1176static void settings_rsp(struct pending_cmd *cmd, void *data)
1177{
1178 struct cmd_lookup *match = data;
1179
1180 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1181
1182 list_del(&cmd->list);
1183
1184 if (match->sk == NULL) {
1185 match->sk = cmd->sk;
1186 sock_hold(match->sk);
1187 }
1188
1189 mgmt_pending_free(cmd);
1190}
1191
1192static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1193{
1194 u8 *status = data;
1195
1196 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1197 mgmt_pending_remove(cmd);
1198}
1199
e6fe7986
JH		 1200static u8 mgmt_bredr_support(struct hci_dev *hdev)
1201{
1202 if (!lmp_bredr_capable(hdev))
1203 return MGMT_STATUS_NOT_SUPPORTED;
1204 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1205 return MGMT_STATUS_REJECTED;
1206 else
1207 return MGMT_STATUS_SUCCESS;
1208}
1209
1210static u8 mgmt_le_support(struct hci_dev *hdev)
1211{
1212 if (!lmp_le_capable(hdev))
1213 return MGMT_STATUS_NOT_SUPPORTED;
1214 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1215 return MGMT_STATUS_REJECTED;
1216 else
1217 return MGMT_STATUS_SUCCESS;
1218}
1219
bfaf8c9f
JH		 1220static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1221{
1222 struct pending_cmd *cmd;
1223 struct mgmt_mode *cp;
970ba524 1224 struct hci_request req;
bfaf8c9f
JH		 1225 bool changed;
1226
1227 BT_DBG("status 0x%02x", status);
1228
1229 hci_dev_lock(hdev);
1230
1231 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1232 if (!cmd)
1233 goto unlock;
1234
1235 if (status) {
1236 u8 mgmt_err = mgmt_status(status);
1237 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1238 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1239 goto remove_cmd;
1240 }
1241
1242 cp = cmd->param;
d4462a07 1243 if (cp->val) {
bfaf8c9f
JH		 1244 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1245 &hdev->dev_flags);
d4462a07
MH		 1246
1247 if (hdev->discov_timeout > 0) {
1248 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1249 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1250 to);
1251 }
1252 } else {
bfaf8c9f
JH		 1253 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1254 &hdev->dev_flags);
d4462a07 1255 }
bfaf8c9f
JH		 1256
1257 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1258
1259 if (changed)
1260 new_settings(hdev, cmd->sk);
1261
970ba524
MH		 1262 /* When the discoverable mode gets changed, make sure
1263 * that class of device has the limited discoverable
1264 * bit correctly set.
1265 */
1266 hci_req_init(&req, hdev);
1267 update_class(&req);
1268 hci_req_run(&req, NULL);
1269
bfaf8c9f
JH		 1270remove_cmd:
1271 mgmt_pending_remove(cmd);
1272
1273unlock:
1274 hci_dev_unlock(hdev);
1275}
1276
bdb6d971 1277static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1278 u16 len)
73f22f62 1279{
650f726d 1280 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1281 struct pending_cmd *cmd;
bfaf8c9f 1282 struct hci_request req;
5e5282bb 1283 u16 timeout;
9a43e25f 1284 u8 scan;
73f22f62
JH		 1285 int err;
1286
bdb6d971 1287 BT_DBG("request for %s", hdev->name);
73f22f62 1288
9a43e25f
JH		 1289 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1290 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1291 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1292 MGMT_STATUS_REJECTED);
33c525c0 1293
310a3d48 1294 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1295 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1296 MGMT_STATUS_INVALID_PARAMS);
1297
1f350c87 1298 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1299
1300 /* Disabling discoverable requires that no timeout is set,
1301 * and enabling limited discoverable requires a timeout.
1302 */
1303 if ((cp->val == 0x00 && timeout > 0) ||
1304 (cp->val == 0x02 && timeout == 0))
bdb6d971 1305 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1306 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1307
09fd0de5 1308 hci_dev_lock(hdev);
73f22f62 1309
5e5282bb 1310 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1311 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1312 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1313 goto failed;
1314 }
1315
2e58ef3e 1316 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1317 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1318 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1319 MGMT_STATUS_BUSY);
73f22f62
JH		 1320 goto failed;
1321 }
1322
5e5282bb 1323 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1324 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1325 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1326 goto failed;
1327 }
1328
1329 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1330 bool changed = false;
1331
310a3d48
MH		 1332 /* Setting limited discoverable when powered off is
1333 * not a valid operation since it requires a timeout
1334 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1335 */
0224d2fa
JH		 1336 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1337 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1338 changed = true;
1339 }
1340
5e5282bb 1341 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1342 if (err < 0)
1343 goto failed;
1344
1345 if (changed)
1346 err = new_settings(hdev, sk);
1347
5e5282bb
JH		 1348 goto failed;
1349 }
1350
310a3d48
MH		 1351 /* If the current mode is the same, then just update the timeout
1352 * value with the new value. And if only the timeout gets updated,
1353 * then no need for any HCI transactions.
1354 */
1355 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1356 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1357 &hdev->dev_flags)) {
36261547
MH		 1358 cancel_delayed_work(&hdev->discov_off);
1359 hdev->discov_timeout = timeout;
955638ec 1360
36261547
MH		 1361 if (cp->val && hdev->discov_timeout > 0) {
1362 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1363 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1364 to);
955638ec
MH		 1365 }
1366
69ab39ea 1367 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1368 goto failed;
1369 }
1370
2e58ef3e 1371 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1372 if (!cmd) {
1373 err = -ENOMEM;
73f22f62 1374 goto failed;
366a0336 1375 }
73f22f62 1376
310a3d48
MH		 1377 /* Cancel any potential discoverable timeout that might be
1378 * still active and store new timeout value. The arming of
1379 * the timeout happens in the complete handler.
1380 */
1381 cancel_delayed_work(&hdev->discov_off);
1382 hdev->discov_timeout = timeout;
1383
b456f87c
JH		 1384 /* Limited discoverable mode */
1385 if (cp->val == 0x02)
1386 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1387 else
1388 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1389
bfaf8c9f
JH		 1390 hci_req_init(&req, hdev);
1391
9a43e25f
JH		 1392 /* The procedure for LE-only controllers is much simpler - just
1393 * update the advertising data.
1394 */
1395 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1396 goto update_ad;
1397
73f22f62
JH		 1398 scan = SCAN_PAGE;
1399
310a3d48
MH		 1400 if (cp->val) {
1401 struct hci_cp_write_current_iac_lap hci_cp;
1402
1403 if (cp->val == 0x02) {
1404 /* Limited discoverable mode */
33337dcb 1405 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1406 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1407 hci_cp.iac_lap[1] = 0x8b;
1408 hci_cp.iac_lap[2] = 0x9e;
1409 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1410 hci_cp.iac_lap[4] = 0x8b;
1411 hci_cp.iac_lap[5] = 0x9e;
1412 } else {
1413 /* General discoverable mode */
310a3d48
MH		 1414 hci_cp.num_iac = 1;
1415 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1416 hci_cp.iac_lap[1] = 0x8b;
1417 hci_cp.iac_lap[2] = 0x9e;
1418 }
1419
1420 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1421 (hci_cp.num_iac * 3) + 1, &hci_cp);
1422
73f22f62 1423 scan |= SCAN_INQUIRY;
310a3d48
MH		 1424 } else {
1425 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1426 }
73f22f62 1427
310a3d48 1428 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1429
9a43e25f
JH		 1430update_ad:
1431 update_adv_data(&req);
1432
bfaf8c9f 1433 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1434 if (err < 0)
a664b5bc 1435 mgmt_pending_remove(cmd);
73f22f62
JH		 1436
1437failed:
09fd0de5 1438 hci_dev_unlock(hdev);
73f22f62
JH		 1439 return err;
1440}
1441
406d7804
JH		 1442static void write_fast_connectable(struct hci_request *req, bool enable)
1443{
bd98b996 1444 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1445 struct hci_cp_write_page_scan_activity acp;
1446 u8 type;
1447
547003b1
JH		 1448 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1449 return;
1450
4c01f8b8
JH		 1451 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1452 return;
1453
406d7804
JH		 1454 if (enable) {
1455 type = PAGE_SCAN_TYPE_INTERLACED;
1456
1457 /* 160 msec page scan interval */
1458 acp.interval = __constant_cpu_to_le16(0x0100);
1459 } else {
1460 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1461
1462 /* default 1.28 sec page scan */
1463 acp.interval = __constant_cpu_to_le16(0x0800);
1464 }
1465
1466 acp.window = __constant_cpu_to_le16(0x0012);
1467
bd98b996
JH		 1468 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1469 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1470 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1471 sizeof(acp), &acp);
1472
1473 if (hdev->page_scan_type != type)
1474 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1475}
1476
2b76f453
JH		 1477static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1478{
1479 struct pending_cmd *cmd;
d7b856f9
JH		 1480 struct mgmt_mode *cp;
1481 bool changed;
2b76f453
JH		 1482
1483 BT_DBG("status 0x%02x", status);
1484
1485 hci_dev_lock(hdev);
1486
1487 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1488 if (!cmd)
1489 goto unlock;
1490
37438c1f
JH		 1491 if (status) {
1492 u8 mgmt_err = mgmt_status(status);
1493 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1494 goto remove_cmd;
1495 }
1496
d7b856f9
JH		 1497 cp = cmd->param;
1498 if (cp->val)
1499 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1500 else
1501 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1502
2b76f453
JH		 1503 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1504
d7b856f9
JH		 1505 if (changed)
1506 new_settings(hdev, cmd->sk);
1507
37438c1f 1508remove_cmd:
2b76f453
JH		 1509 mgmt_pending_remove(cmd);
1510
1511unlock:
1512 hci_dev_unlock(hdev);
1513}
1514
e8ba3a1f
JH		 1515static int set_connectable_update_settings(struct hci_dev *hdev,
1516 struct sock *sk, u8 val)
1517{
1518 bool changed = false;
1519 int err;
1520
1521 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1522 changed = true;
1523
1524 if (val) {
1525 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1526 } else {
1527 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1528 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1529 }
1530
1531 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1532 if (err < 0)
1533 return err;
1534
1535 if (changed)
1536 return new_settings(hdev, sk);
1537
1538 return 0;
1539}
1540
bdb6d971 1541static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1542 u16 len)
9fbcbb45 1543{
650f726d 1544 struct mgmt_mode *cp = data;
366a0336 1545 struct pending_cmd *cmd;
2b76f453 1546 struct hci_request req;
1987fdc7 1547 u8 scan;
9fbcbb45
JH		 1548 int err;
1549
bdb6d971 1550 BT_DBG("request for %s", hdev->name);
9fbcbb45 1551
1987fdc7
JH		 1552 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1553 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1554 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1555 MGMT_STATUS_REJECTED);
33c525c0 1556
a7e80f25
JH		 1557 if (cp->val != 0x00 && cp->val != 0x01)
1558 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1559 MGMT_STATUS_INVALID_PARAMS);
1560
09fd0de5 1561 hci_dev_lock(hdev);
9fbcbb45 1562
4b34ee78 1563 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1564 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1565 goto failed;
1566 }
1567
2e58ef3e 1568 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1569 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1570 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1571 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1572 goto failed;
1573 }
1574
2e58ef3e 1575 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1576 if (!cmd) {
1577 err = -ENOMEM;
9fbcbb45 1578 goto failed;
366a0336 1579 }
9fbcbb45 1580
9b74246f 1581 hci_req_init(&req, hdev);
9fbcbb45 1582
9a43e25f
JH		 1583 /* If BR/EDR is not enabled and we disable advertising as a
1584 * by-product of disabling connectable, we need to update the
1585 * advertising flags.
1586 */
1587 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1588 if (!cp->val) {
1589 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1590 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1591 }
1592 update_adv_data(&req);
1593 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1594 if (cp->val) {
1595 scan = SCAN_PAGE;
1596 } else {
1597 scan = 0;
1598
1599 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1600 hdev->discov_timeout > 0)
9b74246f
JH		 1601 cancel_delayed_work(&hdev->discov_off);
1602 }
2b76f453 1603
9b74246f
JH		 1604 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1605 }
2b76f453 1606
4c01f8b8
JH		 1607 /* If we're going from non-connectable to connectable or
1608 * vice-versa when fast connectable is enabled ensure that fast
1609 * connectable gets disabled. write_fast_connectable won't do
1610 * anything if the page scan parameters are already what they
1611 * should be.
1612 */
1613 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1614 write_fast_connectable(&req, false);
1615
1987fdc7
JH		 1616 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1617 hci_conn_num(hdev, LE_LINK) == 0) {
1618 disable_advertising(&req);
1619 enable_advertising(&req);
1620 }
1621
2b76f453 1622 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1623 if (err < 0) {
a664b5bc 1624 mgmt_pending_remove(cmd);
9b74246f 1625 if (err == -ENODATA)
a81070ba
JH		 1626 err = set_connectable_update_settings(hdev, sk,
1627 cp->val);
9b74246f
JH		 1628 goto failed;
1629 }
9fbcbb45
JH		 1630
1631failed:
09fd0de5 1632 hci_dev_unlock(hdev);
9fbcbb45
JH		 1633 return err;
1634}
1635
bdb6d971 1636static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1637 u16 len)
c542a06c 1638{
650f726d 1639 struct mgmt_mode *cp = data;
55594356 1640 bool changed;
c542a06c
JH		 1641 int err;
1642
bdb6d971 1643 BT_DBG("request for %s", hdev->name);
c542a06c 1644
a7e80f25
JH		 1645 if (cp->val != 0x00 && cp->val != 0x01)
1646 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1647 MGMT_STATUS_INVALID_PARAMS);
1648
09fd0de5 1649 hci_dev_lock(hdev);
c542a06c
JH		 1650
1651 if (cp->val)
55594356 1652 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1653 else
55594356 1654 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1655
69ab39ea 1656 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1657 if (err < 0)
55594356 1658 goto unlock;
c542a06c 1659
55594356
MH		 1660 if (changed)
1661 err = new_settings(hdev, sk);
c542a06c 1662
55594356 1663unlock:
09fd0de5 1664 hci_dev_unlock(hdev);
c542a06c
JH		 1665 return err;
1666}
1667
04124681
GP		 1668static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1669 u16 len)
33ef95ed
JH		 1670{
1671 struct mgmt_mode *cp = data;
1672 struct pending_cmd *cmd;
e6fe7986 1673 u8 val, status;
33ef95ed
JH		 1674 int err;
1675
bdb6d971 1676 BT_DBG("request for %s", hdev->name);
33ef95ed 1677
e6fe7986
JH		 1678 status = mgmt_bredr_support(hdev);
1679 if (status)
33c525c0 1680 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1681 status);
33c525c0 1682
a7e80f25
JH		 1683 if (cp->val != 0x00 && cp->val != 0x01)
1684 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1685 MGMT_STATUS_INVALID_PARAMS);
1686
33ef95ed
JH		 1687 hci_dev_lock(hdev);
1688
4b34ee78 1689 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1690 bool changed = false;
1691
1692 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1693 &hdev->dev_flags)) {
47990ea0
JH		 1694 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1695 changed = true;
1696 }
1697
1698 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1699 if (err < 0)
1700 goto failed;
1701
1702 if (changed)
1703 err = new_settings(hdev, sk);
1704
33ef95ed
JH		 1705 goto failed;
1706 }
1707
1708 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1709 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1710 MGMT_STATUS_BUSY);
33ef95ed
JH		 1711 goto failed;
1712 }
1713
1714 val = !!cp->val;
1715
1716 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1717 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1718 goto failed;
1719 }
1720
1721 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1722 if (!cmd) {
1723 err = -ENOMEM;
1724 goto failed;
1725 }
1726
1727 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1728 if (err < 0) {
1729 mgmt_pending_remove(cmd);
1730 goto failed;
1731 }
1732
1733failed:
1734 hci_dev_unlock(hdev);
33ef95ed
JH		 1735 return err;
1736}
1737
bdb6d971 1738static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1739{
1740 struct mgmt_mode *cp = data;
1741 struct pending_cmd *cmd;
72ef0c1a 1742 u8 status;
ed2c4ee3
JH		 1743 int err;
1744
bdb6d971 1745 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1746
cdba5281
MH		 1747 status = mgmt_bredr_support(hdev);
1748 if (status)
1749 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1750
13ecd8b6
JH		 1751 if (!lmp_ssp_capable(hdev))
1752 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1753 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1754
a7e80f25
JH		 1755 if (cp->val != 0x00 && cp->val != 0x01)
1756 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1757 MGMT_STATUS_INVALID_PARAMS);
1758
13ecd8b6 1759 hci_dev_lock(hdev);
6c8f12c1 1760
4b34ee78 1761 if (!hdev_is_powered(hdev)) {
9ecb3e24 1762 bool changed;
c0ecddc2 1763
9ecb3e24
MH		 1764 if (cp->val) {
1765 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1766 &hdev->dev_flags);
1767 } else {
1768 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1769 &hdev->dev_flags);
1770 if (!changed)
1771 changed = test_and_clear_bit(HCI_HS_ENABLED,
1772 &hdev->dev_flags);
1773 else
1774 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1775 }
1776
1777 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1778 if (err < 0)
1779 goto failed;
1780
1781 if (changed)
1782 err = new_settings(hdev, sk);
1783
ed2c4ee3
JH		 1784 goto failed;
1785 }
1786
9ecb3e24
MH		 1787 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1788 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1789 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1790 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1791 goto failed;
1792 }
1793
72ef0c1a 1794 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1795 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1796 goto failed;
1797 }
1798
1799 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1800 if (!cmd) {
1801 err = -ENOMEM;
1802 goto failed;
1803 }
1804
72ef0c1a 1805 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1806 if (err < 0) {
1807 mgmt_pending_remove(cmd);
1808 goto failed;
1809 }
1810
1811failed:
1812 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1813 return err;
1814}
1815
bdb6d971 1816static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1817{
1818 struct mgmt_mode *cp = data;
ee392693 1819 bool changed;
e6fe7986 1820 u8 status;
ee392693 1821 int err;
6d80dfd0 1822
bdb6d971 1823 BT_DBG("request for %s", hdev->name);
6d80dfd0 1824
e6fe7986
JH		 1825 status = mgmt_bredr_support(hdev);
1826 if (status)
1827 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1828
9ecb3e24
MH		 1829 if (!lmp_ssp_capable(hdev))
1830 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1831 MGMT_STATUS_NOT_SUPPORTED);
1832
1833 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1834 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1835 MGMT_STATUS_REJECTED);
1836
a7e80f25
JH		 1837 if (cp->val != 0x00 && cp->val != 0x01)
1838 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1839 MGMT_STATUS_INVALID_PARAMS);
1840
ee392693
MH		 1841 hci_dev_lock(hdev);
1842
a0cdf960 1843 if (cp->val) {
ee392693 1844 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1845 } else {
1846 if (hdev_is_powered(hdev)) {
1847 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1848 MGMT_STATUS_REJECTED);
1849 goto unlock;
1850 }
1851
ee392693 1852 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1853 }
ee392693
MH		 1854
1855 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1856 if (err < 0)
1857 goto unlock;
1858
1859 if (changed)
1860 err = new_settings(hdev, sk);
6d80dfd0 1861
ee392693
MH		 1862unlock:
1863 hci_dev_unlock(hdev);
1864 return err;
6d80dfd0
JH		 1865}
1866
416a4ae5
JH		 1867static void le_enable_complete(struct hci_dev *hdev, u8 status)
1868{
1869 struct cmd_lookup match = { NULL, hdev };
1870
1871 if (status) {
1872 u8 mgmt_err = mgmt_status(status);
1873
1874 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1875 &mgmt_err);
1876 return;
1877 }
1878
1879 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1880
1881 new_settings(hdev, match.sk);
1882
1883 if (match.sk)
1884 sock_put(match.sk);
441ad2d0
MH		 1885
1886 /* Make sure the controller has a good default for
1887 * advertising data. Restrict the update to when LE
1888 * has actually been enabled. During power on, the
1889 * update in powered_update_hci will take care of it.
1890 */
1891 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1892 struct hci_request req;
1893
1894 hci_dev_lock(hdev);
1895
1896 hci_req_init(&req, hdev);
5947f4bc 1897 update_adv_data(&req);
f14d8f64 1898 update_scan_rsp_data(&req);
441ad2d0
MH		 1899 hci_req_run(&req, NULL);
1900
1901 hci_dev_unlock(hdev);
1902 }
416a4ae5
JH		 1903}
1904
bdb6d971 1905static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1906{
1907 struct mgmt_mode *cp = data;
1908 struct hci_cp_write_le_host_supported hci_cp;
1909 struct pending_cmd *cmd;
416a4ae5 1910 struct hci_request req;
06199cf8 1911 int err;
0b60eba1 1912 u8 val, enabled;
06199cf8 1913
bdb6d971 1914 BT_DBG("request for %s", hdev->name);
06199cf8 1915
13ecd8b6
JH		 1916 if (!lmp_le_capable(hdev))
1917 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1918 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1919
a7e80f25
JH		 1920 if (cp->val != 0x00 && cp->val != 0x01)
1921 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1922 MGMT_STATUS_INVALID_PARAMS);
1923
c73eee91 1924 /* LE-only devices do not allow toggling LE on/off */
56f87901 1925 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1926 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1927 MGMT_STATUS_REJECTED);
1928
13ecd8b6 1929 hci_dev_lock(hdev);
06199cf8
JH		 1930
1931 val = !!cp->val;
ffa88e02 1932 enabled = lmp_host_le_capable(hdev);
06199cf8 1933
0b60eba1 1934 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1935 bool changed = false;
1936
1937 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1938 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1939 changed = true;
1940 }
1941
f3d3444a
JH		 1942 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1943 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1944 changed = true;
1945 }
1946
06199cf8
JH		 1947 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1948 if (err < 0)
1de028ce 1949 goto unlock;
06199cf8
JH		 1950
1951 if (changed)
1952 err = new_settings(hdev, sk);
1953
1de028ce 1954 goto unlock;
06199cf8
JH		 1955 }
1956
4375f103
JH		 1957 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1958 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1959 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1960 MGMT_STATUS_BUSY);
1de028ce 1961 goto unlock;
06199cf8
JH		 1962 }
1963
1964 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1965 if (!cmd) {
1966 err = -ENOMEM;
1de028ce 1967 goto unlock;
06199cf8
JH		 1968 }
1969
441ad2d0
MH		 1970 hci_req_init(&req, hdev);
1971
06199cf8
JH		 1972 memset(&hci_cp, 0, sizeof(hci_cp));
1973
1974 if (val) {
1975 hci_cp.le = val;
ffa88e02 1976 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 1977 } else {
1978 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1979 disable_advertising(&req);
06199cf8
JH		 1980 }
1981
416a4ae5
JH		 1982 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1983 &hci_cp);
1984
1985 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1986 if (err < 0)
06199cf8 1987 mgmt_pending_remove(cmd);
06199cf8 1988
1de028ce
JH		 1989unlock:
1990 hci_dev_unlock(hdev);
06199cf8
JH		 1991 return err;
1992}
1993
0cab9c80
JH		 1994/* This is a helper function to test for pending mgmt commands that can
1995 * cause CoD or EIR HCI commands. We can only allow one such pending
1996 * mgmt command at a time since otherwise we cannot easily track what
1997 * the current values are, will be, and based on that calculate if a new
1998 * HCI command needs to be sent and if yes with what value.
1999 */
2000static bool pending_eir_or_class(struct hci_dev *hdev)
2001{
2002 struct pending_cmd *cmd;
2003
2004 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2005 switch (cmd->opcode) {
2006 case MGMT_OP_ADD_UUID:
2007 case MGMT_OP_REMOVE_UUID:
2008 case MGMT_OP_SET_DEV_CLASS:
2009 case MGMT_OP_SET_POWERED:
2010 return true;
2011 }
2012 }
2013
2014 return false;
2015}
2016
83be8eca
JH		 2017static const u8 bluetooth_base_uuid[] = {
2018 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2019 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2020};
2021
2022static u8 get_uuid_size(const u8 *uuid)
2023{
2024 u32 val;
2025
2026 if (memcmp(uuid, bluetooth_base_uuid, 12))
2027 return 128;
2028
2029 val = get_unaligned_le32(&uuid[12]);
2030 if (val > 0xffff)
2031 return 32;
2032
2033 return 16;
2034}
2035
92da6097
JH		 2036static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2037{
2038 struct pending_cmd *cmd;
2039
2040 hci_dev_lock(hdev);
2041
2042 cmd = mgmt_pending_find(mgmt_op, hdev);
2043 if (!cmd)
2044 goto unlock;
2045
2046 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2047 hdev->dev_class, 3);
2048
2049 mgmt_pending_remove(cmd);
2050
2051unlock:
2052 hci_dev_unlock(hdev);
2053}
2054
2055static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2056{
2057 BT_DBG("status 0x%02x", status);
2058
2059 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2060}
2061
bdb6d971 2062static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2063{
650f726d 2064 struct mgmt_cp_add_uuid *cp = data;
90e70454 2065 struct pending_cmd *cmd;
890ea898 2066 struct hci_request req;
2aeb9a1a 2067 struct bt_uuid *uuid;
2aeb9a1a
JH		 2068 int err;
2069
bdb6d971 2070 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2071
09fd0de5 2072 hci_dev_lock(hdev);
2aeb9a1a 2073
0cab9c80 2074 if (pending_eir_or_class(hdev)) {
bdb6d971 2075 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2076 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2077 goto failed;
2078 }
2079
92c4c204 2080 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2081 if (!uuid) {
2082 err = -ENOMEM;
2083 goto failed;
2084 }
2085
2086 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2087 uuid->svc_hint = cp->svc_hint;
83be8eca 2088 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2089
de66aa63 2090 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2091
890ea898 2092 hci_req_init(&req, hdev);
1aff6f09 2093
890ea898
JH		 2094 update_class(&req);
2095 update_eir(&req);
2096
92da6097
JH		 2097 err = hci_req_run(&req, add_uuid_complete);
2098 if (err < 0) {
2099 if (err != -ENODATA)
2100 goto failed;
80a1e1db 2101
bdb6d971 2102 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2103 hdev->dev_class, 3);
90e70454
JH		 2104 goto failed;
2105 }
2106
2107 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2108 if (!cmd) {
90e70454 2109 err = -ENOMEM;
890ea898
JH		 2110 goto failed;
2111 }
2112
2113 err = 0;
2aeb9a1a
JH		 2114
2115failed:
09fd0de5 2116 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2117 return err;
2118}
2119
24b78d0f
JH		 2120static bool enable_service_cache(struct hci_dev *hdev)
2121{
2122 if (!hdev_is_powered(hdev))
2123 return false;
2124
2125 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2126 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2127 CACHE_TIMEOUT);
24b78d0f
JH		 2128 return true;
2129 }
2130
2131 return false;
2132}
2133
92da6097
JH		 2134static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2135{
2136 BT_DBG("status 0x%02x", status);
2137
2138 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2139}
2140
bdb6d971 2141static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2142 u16 len)
2aeb9a1a 2143{
650f726d 2144 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2145 struct pending_cmd *cmd;
056341c8 2146 struct bt_uuid *match, *tmp;
2aeb9a1a 2147 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2148 struct hci_request req;
2aeb9a1a
JH		 2149 int err, found;
2150
bdb6d971 2151 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2152
09fd0de5 2153 hci_dev_lock(hdev);
2aeb9a1a 2154
0cab9c80 2155 if (pending_eir_or_class(hdev)) {
bdb6d971 2156 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2157 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2158 goto unlock;
2159 }
2160
2aeb9a1a 2161 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2162 hci_uuids_clear(hdev);
4004b6d9 2163
24b78d0f 2164 if (enable_service_cache(hdev)) {
bdb6d971 2165 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2166 0, hdev->dev_class, 3);
24b78d0f
JH		 2167 goto unlock;
2168 }
4004b6d9 2169
9246a869 2170 goto update_class;
2aeb9a1a
JH		 2171 }
2172
2173 found = 0;
2174
056341c8 2175 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2176 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2177 continue;
2178
2179 list_del(&match->list);
482049f7 2180 kfree(match);
2aeb9a1a
JH		 2181 found++;
2182 }
2183
2184 if (found == 0) {
bdb6d971 2185 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2186 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2187 goto unlock;
2188 }
2189
9246a869 2190update_class:
890ea898 2191 hci_req_init(&req, hdev);
1aff6f09 2192
890ea898
JH		 2193 update_class(&req);
2194 update_eir(&req);
2195
92da6097
JH		 2196 err = hci_req_run(&req, remove_uuid_complete);
2197 if (err < 0) {
2198 if (err != -ENODATA)
2199 goto unlock;
80a1e1db 2200
bdb6d971 2201 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2202 hdev->dev_class, 3);
90e70454
JH		 2203 goto unlock;
2204 }
2205
2206 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2207 if (!cmd) {
90e70454 2208 err = -ENOMEM;
890ea898
JH		 2209 goto unlock;
2210 }
2211
2212 err = 0;
2aeb9a1a
JH		 2213
2214unlock:
09fd0de5 2215 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2216 return err;
2217}
2218
92da6097
JH		 2219static void set_class_complete(struct hci_dev *hdev, u8 status)
2220{
2221 BT_DBG("status 0x%02x", status);
2222
2223 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2224}
2225
bdb6d971 2226static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2227 u16 len)
1aff6f09 2228{
650f726d 2229 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2230 struct pending_cmd *cmd;
890ea898 2231 struct hci_request req;
1aff6f09
JH		 2232 int err;
2233
bdb6d971 2234 BT_DBG("request for %s", hdev->name);
1aff6f09 2235
6203fc98 2236 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2237 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2238 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2239
0cab9c80 2240 hci_dev_lock(hdev);
ee98f473 2241
0cab9c80
JH		 2242 if (pending_eir_or_class(hdev)) {
2243 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2244 MGMT_STATUS_BUSY);
2245 goto unlock;
2246 }
c95f0ba7 2247
0cab9c80
JH		 2248 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2249 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2250 MGMT_STATUS_INVALID_PARAMS);
2251 goto unlock;
2252 }
575b3a02 2253
932f5ff5
JH		 2254 hdev->major_class = cp->major;
2255 hdev->minor_class = cp->minor;
2256
b5235a65 2257 if (!hdev_is_powered(hdev)) {
bdb6d971 2258 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2259 hdev->dev_class, 3);
b5235a65
JH		 2260 goto unlock;
2261 }
2262
890ea898
JH		 2263 hci_req_init(&req, hdev);
2264
a8b2d5c2 2265 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2266 hci_dev_unlock(hdev);
2267 cancel_delayed_work_sync(&hdev->service_cache);
2268 hci_dev_lock(hdev);
890ea898 2269 update_eir(&req);
7d78525d 2270 }
14c0b608 2271
890ea898
JH		 2272 update_class(&req);
2273
92da6097
JH		 2274 err = hci_req_run(&req, set_class_complete);
2275 if (err < 0) {
2276 if (err != -ENODATA)
2277 goto unlock;
1aff6f09 2278
bdb6d971 2279 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2280 hdev->dev_class, 3);
90e70454
JH		 2281 goto unlock;
2282 }
2283
2284 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2285 if (!cmd) {
90e70454 2286 err = -ENOMEM;
890ea898
JH		 2287 goto unlock;
2288 }
2289
2290 err = 0;
1aff6f09 2291
b5235a65 2292unlock:
09fd0de5 2293 hci_dev_unlock(hdev);
1aff6f09
JH		 2294 return err;
2295}
2296
bdb6d971 2297static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2298 u16 len)
55ed8ca1 2299{
650f726d 2300 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2301 u16 key_count, expected_len;
b1de97d8 2302 bool changed;
a492cd52 2303 int i;
55ed8ca1 2304
9060d5cf
MH		 2305 BT_DBG("request for %s", hdev->name);
2306
2307 if (!lmp_bredr_capable(hdev))
2308 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2309 MGMT_STATUS_NOT_SUPPORTED);
2310
1f350c87 2311 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2312
86742e1e
JH		 2313 expected_len = sizeof(*cp) + key_count *
2314 sizeof(struct mgmt_link_key_info);
a492cd52 2315 if (expected_len != len) {
86742e1e 2316 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2317 len, expected_len);
bdb6d971 2318 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2319 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2320 }
2321
4ae14301
JH		 2322 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2323 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2324 MGMT_STATUS_INVALID_PARAMS);
2325
bdb6d971 2326 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2327 key_count);
55ed8ca1 2328
4ee71b20
JH		 2329 for (i = 0; i < key_count; i++) {
2330 struct mgmt_link_key_info *key = &cp->keys[i];
2331
8e991132 2332 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2333 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2334 MGMT_STATUS_INVALID_PARAMS);
2335 }
2336
09fd0de5 2337 hci_dev_lock(hdev);
55ed8ca1
JH		 2338
2339 hci_link_keys_clear(hdev);
2340
55ed8ca1 2341 if (cp->debug_keys)
b1de97d8 2342 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2343 else
b1de97d8
MH		 2344 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2345
2346 if (changed)
2347 new_settings(hdev, NULL);
55ed8ca1 2348
a492cd52 2349 for (i = 0; i < key_count; i++) {
86742e1e 2350 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2351
d753fdc4 2352 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2353 key->type, key->pin_len);
55ed8ca1
JH		 2354 }
2355
bdb6d971 2356 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2357
09fd0de5 2358 hci_dev_unlock(hdev);
55ed8ca1 2359
a492cd52 2360 return 0;
55ed8ca1
JH		 2361}
2362
b1078ad0 2363static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2364 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2365{
2366 struct mgmt_ev_device_unpaired ev;
2367
2368 bacpy(&ev.addr.bdaddr, bdaddr);
2369 ev.addr.type = addr_type;
2370
2371 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2372 skip_sk);
b1078ad0
JH		 2373}
2374
bdb6d971 2375static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2376 u16 len)
55ed8ca1 2377{
124f6e35
JH		 2378 struct mgmt_cp_unpair_device *cp = data;
2379 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2380 struct hci_cp_disconnect dc;
2381 struct pending_cmd *cmd;
55ed8ca1 2382 struct hci_conn *conn;
55ed8ca1
JH		 2383 int err;
2384
a8a1d19e 2385 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2386 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2387 rp.addr.type = cp->addr.type;
a8a1d19e 2388
4ee71b20
JH		 2389 if (!bdaddr_type_is_valid(cp->addr.type))
2390 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2391 MGMT_STATUS_INVALID_PARAMS,
2392 &rp, sizeof(rp));
2393
118da70b
JH		 2394 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2395 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2396 MGMT_STATUS_INVALID_PARAMS,
2397 &rp, sizeof(rp));
2398
4ee71b20
JH		 2399 hci_dev_lock(hdev);
2400
86a8cfc6 2401 if (!hdev_is_powered(hdev)) {
bdb6d971 2402 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2403 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2404 goto unlock;
2405 }
2406
e0b2b27e 2407 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2408 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2409 } else {
2410 u8 addr_type;
2411
2412 if (cp->addr.type == BDADDR_LE_PUBLIC)
2413 addr_type = ADDR_LE_DEV_PUBLIC;
2414 else
2415 addr_type = ADDR_LE_DEV_RANDOM;
2416
a7ec7338
JH		 2417 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2418
a9b0a04c
AG		 2419 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2420
e0b2b27e
JH		 2421 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2422 }
b0dbfb46 2423
55ed8ca1 2424 if (err < 0) {
bdb6d971 2425 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2426 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2427 goto unlock;
2428 }
2429
86a8cfc6 2430 if (cp->disconnect) {
591f47f3 2431 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2432 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2433 &cp->addr.bdaddr);
86a8cfc6
JH		 2434 else
2435 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2436 &cp->addr.bdaddr);
86a8cfc6
JH		 2437 } else {
2438 conn = NULL;
2439 }
124f6e35 2440
a8a1d19e 2441 if (!conn) {
bdb6d971 2442 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2443 &rp, sizeof(rp));
b1078ad0 2444 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2445 goto unlock;
2446 }
55ed8ca1 2447
124f6e35 2448 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2449 sizeof(*cp));
a8a1d19e
JH		 2450 if (!cmd) {
2451 err = -ENOMEM;
2452 goto unlock;
55ed8ca1
JH		 2453 }
2454
eb55ef07 2455 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2456 dc.reason = 0x13; /* Remote User Terminated Connection */
2457 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2458 if (err < 0)
2459 mgmt_pending_remove(cmd);
2460
55ed8ca1 2461unlock:
09fd0de5 2462 hci_dev_unlock(hdev);
55ed8ca1
JH		 2463 return err;
2464}
2465
bdb6d971 2466static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2467 u16 len)
8962ee74 2468{
650f726d 2469 struct mgmt_cp_disconnect *cp = data;
06a63b19 2470 struct mgmt_rp_disconnect rp;
8962ee74 2471 struct hci_cp_disconnect dc;
366a0336 2472 struct pending_cmd *cmd;
8962ee74 2473 struct hci_conn *conn;
8962ee74
JH		 2474 int err;
2475
2476 BT_DBG("");
2477
06a63b19
JH		 2478 memset(&rp, 0, sizeof(rp));
2479 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2480 rp.addr.type = cp->addr.type;
2481
4ee71b20 2482 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2483 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2484 MGMT_STATUS_INVALID_PARAMS,
2485 &rp, sizeof(rp));
4ee71b20 2486
09fd0de5 2487 hci_dev_lock(hdev);
8962ee74
JH		 2488
2489 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2490 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2491 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2492 goto failed;
2493 }
2494
2e58ef3e 2495 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2496 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2497 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2498 goto failed;
2499 }
2500
591f47f3 2501 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2502 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2503 &cp->addr.bdaddr);
88c3df13
JH		 2504 else
2505 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2506
f960727e 2507 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2508 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2509 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2510 goto failed;
2511 }
2512
2e58ef3e 2513 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2514 if (!cmd) {
2515 err = -ENOMEM;
8962ee74 2516 goto failed;
366a0336 2517 }
8962ee74 2518
eb55ef07 2519 dc.handle = cpu_to_le16(conn->handle);
3701f944 2520 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2521
2522 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2523 if (err < 0)
a664b5bc 2524 mgmt_pending_remove(cmd);
8962ee74
JH		 2525
2526failed:
09fd0de5 2527 hci_dev_unlock(hdev);
8962ee74
JH		 2528 return err;
2529}
2530
57c1477c 2531static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2532{
2533 switch (link_type) {
2534 case LE_LINK:
48264f06
JH		 2535 switch (addr_type) {
2536 case ADDR_LE_DEV_PUBLIC:
591f47f3 2537 return BDADDR_LE_PUBLIC;
0ed09148 2538
48264f06 2539 default:
0ed09148 2540 /* Fallback to LE Random address type */
591f47f3 2541 return BDADDR_LE_RANDOM;
48264f06 2542 }
0ed09148 2543
4c659c39 2544 default:
0ed09148 2545 /* Fallback to BR/EDR type */
591f47f3 2546 return BDADDR_BREDR;
4c659c39
JH		 2547 }
2548}
2549
04124681
GP		 2550static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2551 u16 data_len)
2784eb41 2552{
2784eb41 2553 struct mgmt_rp_get_connections *rp;
8035ded4 2554 struct hci_conn *c;
a38528f1 2555 size_t rp_len;
60fc5fb6
JH		 2556 int err;
2557 u16 i;
2784eb41
JH		 2558
2559 BT_DBG("");
2560
09fd0de5 2561 hci_dev_lock(hdev);
2784eb41 2562
5f97c1df 2563 if (!hdev_is_powered(hdev)) {
bdb6d971 2564 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2565 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2566 goto unlock;
2567 }
2568
60fc5fb6 2569 i = 0;
b644ba33
JH		 2570 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2571 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2572 i++;
2784eb41
JH		 2573 }
2574
60fc5fb6 2575 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2576 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2577 if (!rp) {
2784eb41
JH		 2578 err = -ENOMEM;
2579 goto unlock;
2580 }
2581
2784eb41 2582 i = 0;
4c659c39 2583 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2584 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2585 continue;
4c659c39 2586 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2587 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2588 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2589 continue;
2590 i++;
2591 }
2592
eb55ef07 2593 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2594
4c659c39
JH		 2595 /* Recalculate length in case of filtered SCO connections, etc */
2596 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2597
bdb6d971 2598 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2599 rp_len);
2784eb41 2600
a38528f1 2601 kfree(rp);
5f97c1df
JH		 2602
2603unlock:
09fd0de5 2604 hci_dev_unlock(hdev);
2784eb41
JH		 2605 return err;
2606}
2607
bdb6d971 2608static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2609 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2610{
2611 struct pending_cmd *cmd;
2612 int err;
2613
2e58ef3e 2614 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2615 sizeof(*cp));
96d97a67
WR		 2616 if (!cmd)
2617 return -ENOMEM;
2618
d8457698 2619 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2620 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2621 if (err < 0)
2622 mgmt_pending_remove(cmd);
2623
2624 return err;
2625}
2626
bdb6d971 2627static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2628 u16 len)
980e1a53 2629{
96d97a67 2630 struct hci_conn *conn;
650f726d 2631 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2632 struct hci_cp_pin_code_reply reply;
366a0336 2633 struct pending_cmd *cmd;
980e1a53
JH		 2634 int err;
2635
2636 BT_DBG("");
2637
09fd0de5 2638 hci_dev_lock(hdev);
980e1a53 2639
4b34ee78 2640 if (!hdev_is_powered(hdev)) {
bdb6d971 2641 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2642 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2643 goto failed;
2644 }
2645
d8457698 2646 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2647 if (!conn) {
bdb6d971 2648 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2649 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2650 goto failed;
2651 }
2652
2653 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2654 struct mgmt_cp_pin_code_neg_reply ncp;
2655
2656 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2657
2658 BT_ERR("PIN code is not 16 bytes long");
2659
bdb6d971 2660 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2661 if (err >= 0)
bdb6d971 2662 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2663 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2664
2665 goto failed;
2666 }
2667
00abfe44 2668 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2669 if (!cmd) {
2670 err = -ENOMEM;
980e1a53 2671 goto failed;
366a0336 2672 }
980e1a53 2673
d8457698 2674 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2675 reply.pin_len = cp->pin_len;
24718ca5 2676 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2677
2678 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2679 if (err < 0)
a664b5bc 2680 mgmt_pending_remove(cmd);
980e1a53
JH		 2681
2682failed:
09fd0de5 2683 hci_dev_unlock(hdev);
980e1a53
JH		 2684 return err;
2685}
2686
04124681
GP		 2687static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2688 u16 len)
17fa4b9d 2689{
650f726d 2690 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2691
2692 BT_DBG("");
2693
09fd0de5 2694 hci_dev_lock(hdev);
17fa4b9d
JH		 2695
2696 hdev->io_capability = cp->io_capability;
2697
2698 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2699 hdev->io_capability);
17fa4b9d 2700
09fd0de5 2701 hci_dev_unlock(hdev);
17fa4b9d 2702
04124681
GP		 2703 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2704 0);
17fa4b9d
JH		 2705}
2706
6039aa73 2707static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2708{
2709 struct hci_dev *hdev = conn->hdev;
8035ded4 2710 struct pending_cmd *cmd;
e9a416b5 2711
2e58ef3e 2712 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2713 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2714 continue;
2715
e9a416b5
JH		 2716 if (cmd->user_data != conn)
2717 continue;
2718
2719 return cmd;
2720 }
2721
2722 return NULL;
2723}
2724
2725static void pairing_complete(struct pending_cmd *cmd, u8 status)
2726{
2727 struct mgmt_rp_pair_device rp;
2728 struct hci_conn *conn = cmd->user_data;
2729
ba4e564f 2730 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2731 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2732
aee9b218 2733 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2734 &rp, sizeof(rp));
e9a416b5
JH		 2735
2736 /* So we don't get further callbacks for this connection */
2737 conn->connect_cfm_cb = NULL;
2738 conn->security_cfm_cb = NULL;
2739 conn->disconn_cfm_cb = NULL;
2740
76a68ba0 2741 hci_conn_drop(conn);
e9a416b5 2742
a664b5bc 2743 mgmt_pending_remove(cmd);
e9a416b5
JH		 2744}
2745
f4a407be
JH		 2746void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2747{
2748 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2749 struct pending_cmd *cmd;
2750
2751 cmd = find_pairing(conn);
2752 if (cmd)
2753 pairing_complete(cmd, status);
2754}
2755
e9a416b5
JH		 2756static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2757{
2758 struct pending_cmd *cmd;
2759
2760 BT_DBG("status %u", status);
2761
2762 cmd = find_pairing(conn);
56e5cb86 2763 if (!cmd)
e9a416b5 2764 BT_DBG("Unable to find a pending command");
56e5cb86 2765 else
e211326c 2766 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2767}
2768
f4a407be 2769static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2770{
2771 struct pending_cmd *cmd;
2772
2773 BT_DBG("status %u", status);
2774
2775 if (!status)
2776 return;
2777
2778 cmd = find_pairing(conn);
2779 if (!cmd)
2780 BT_DBG("Unable to find a pending command");
2781 else
2782 pairing_complete(cmd, mgmt_status(status));
2783}
2784
bdb6d971 2785static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2786 u16 len)
e9a416b5 2787{
650f726d 2788 struct mgmt_cp_pair_device *cp = data;
1425acb7 2789 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2790 struct pending_cmd *cmd;
2791 u8 sec_level, auth_type;
2792 struct hci_conn *conn;
e9a416b5
JH		 2793 int err;
2794
2795 BT_DBG("");
2796
f950a30e
SJ		 2797 memset(&rp, 0, sizeof(rp));
2798 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2799 rp.addr.type = cp->addr.type;
2800
4ee71b20
JH		 2801 if (!bdaddr_type_is_valid(cp->addr.type))
2802 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2803 MGMT_STATUS_INVALID_PARAMS,
2804 &rp, sizeof(rp));
2805
09fd0de5 2806 hci_dev_lock(hdev);
e9a416b5 2807
5f97c1df 2808 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2809 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2810 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2811 goto unlock;
2812 }
2813
c908df36
VCG		 2814 sec_level = BT_SECURITY_MEDIUM;
2815 if (cp->io_cap == 0x03)
e9a416b5 2816 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2817 else
e9a416b5 2818 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2819
6f77d8c7 2820 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2821 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2822 auth_type);
6f77d8c7
AG		 2823 } else {
2824 u8 addr_type;
2825
2826 /* Convert from L2CAP channel address type to HCI address type
2827 */
2828 if (cp->addr.type == BDADDR_LE_PUBLIC)
2829 addr_type = ADDR_LE_DEV_PUBLIC;
2830 else
2831 addr_type = ADDR_LE_DEV_RANDOM;
2832
2833 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 2834 sec_level, auth_type);
6f77d8c7 2835 }
7a512d01 2836
30e76272 2837 if (IS_ERR(conn)) {
489dc48e
AK		 2838 int status;
2839
2840 if (PTR_ERR(conn) == -EBUSY)
2841 status = MGMT_STATUS_BUSY;
2842 else
2843 status = MGMT_STATUS_CONNECT_FAILED;
2844
bdb6d971 2845 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2846 status, &rp,
04124681 2847 sizeof(rp));
e9a416b5
JH		 2848 goto unlock;
2849 }
2850
2851 if (conn->connect_cfm_cb) {
76a68ba0 2852 hci_conn_drop(conn);
bdb6d971 2853 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2854 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2855 goto unlock;
2856 }
2857
2e58ef3e 2858 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2859 if (!cmd) {
2860 err = -ENOMEM;
76a68ba0 2861 hci_conn_drop(conn);
e9a416b5
JH		 2862 goto unlock;
2863 }
2864
7a512d01 2865 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2866 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2867 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2868 conn->security_cfm_cb = pairing_complete_cb;
2869 conn->disconn_cfm_cb = pairing_complete_cb;
2870 } else {
2871 conn->connect_cfm_cb = le_pairing_complete_cb;
2872 conn->security_cfm_cb = le_pairing_complete_cb;
2873 conn->disconn_cfm_cb = le_pairing_complete_cb;
2874 }
7a512d01 2875
e9a416b5
JH		 2876 conn->io_capability = cp->io_cap;
2877 cmd->user_data = conn;
2878
2879 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2880 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2881 pairing_complete(cmd, 0);
2882
2883 err = 0;
2884
2885unlock:
09fd0de5 2886 hci_dev_unlock(hdev);
e9a416b5
JH		 2887 return err;
2888}
2889
04124681
GP		 2890static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2891 u16 len)
28424707 2892{
0f4e68cf 2893 struct mgmt_addr_info *addr = data;
28424707
JH		 2894 struct pending_cmd *cmd;
2895 struct hci_conn *conn;
2896 int err;
2897
2898 BT_DBG("");
2899
28424707
JH		 2900 hci_dev_lock(hdev);
2901
5f97c1df 2902 if (!hdev_is_powered(hdev)) {
bdb6d971 2903 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2904 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2905 goto unlock;
2906 }
2907
28424707
JH		 2908 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2909 if (!cmd) {
bdb6d971 2910 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2911 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2912 goto unlock;
2913 }
2914
2915 conn = cmd->user_data;
2916
2917 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2918 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2919 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2920 goto unlock;
2921 }
2922
2923 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2924
bdb6d971 2925 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2926 addr, sizeof(*addr));
28424707
JH		 2927unlock:
2928 hci_dev_unlock(hdev);
28424707
JH		 2929 return err;
2930}
2931
bdb6d971 2932static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2933 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2934 u16 hci_op, __le32 passkey)
a5c29683 2935{
a5c29683 2936 struct pending_cmd *cmd;
0df4c185 2937 struct hci_conn *conn;
a5c29683
JH		 2938 int err;
2939
09fd0de5 2940 hci_dev_lock(hdev);
08ba5382 2941
4b34ee78 2942 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2943 err = cmd_complete(sk, hdev->id, mgmt_op,
2944 MGMT_STATUS_NOT_POWERED, addr,
2945 sizeof(*addr));
0df4c185 2946 goto done;
a5c29683
JH		 2947 }
2948
1707c60e
JH		 2949 if (addr->type == BDADDR_BREDR)
2950 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2951 else
1707c60e 2952 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2953
2954 if (!conn) {
feb94d3d
JH		 2955 err = cmd_complete(sk, hdev->id, mgmt_op,
2956 MGMT_STATUS_NOT_CONNECTED, addr,
2957 sizeof(*addr));
272d90df
JH		 2958 goto done;
2959 }
47c15e2b 2960
1707c60e 2961 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2962 /* Continue with pairing via SMP */
5fe57d9e
BG		 2963 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2964
2965 if (!err)
feb94d3d
JH		 2966 err = cmd_complete(sk, hdev->id, mgmt_op,
2967 MGMT_STATUS_SUCCESS, addr,
2968 sizeof(*addr));
5fe57d9e 2969 else
feb94d3d
JH		 2970 err = cmd_complete(sk, hdev->id, mgmt_op,
2971 MGMT_STATUS_FAILED, addr,
2972 sizeof(*addr));
47c15e2b 2973
47c15e2b
BG		 2974 goto done;
2975 }
2976
1707c60e 2977 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2978 if (!cmd) {
2979 err = -ENOMEM;
0df4c185 2980 goto done;
a5c29683
JH		 2981 }
2982
0df4c185 2983 /* Continue with pairing via HCI */
604086b7
BG		 2984 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2985 struct hci_cp_user_passkey_reply cp;
2986
1707c60e 2987 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2988 cp.passkey = passkey;
2989 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2990 } else
1707c60e
JH		 2991 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2992 &addr->bdaddr);
604086b7 2993
a664b5bc
JH		 2994 if (err < 0)
2995 mgmt_pending_remove(cmd);
a5c29683 2996
0df4c185 2997done:
09fd0de5 2998 hci_dev_unlock(hdev);
a5c29683
JH		 2999 return err;
3000}
3001
afeb019d
JK		 3002static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3003 void *data, u16 len)
3004{
3005 struct mgmt_cp_pin_code_neg_reply *cp = data;
3006
3007 BT_DBG("");
3008
1707c60e 3009 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3010 MGMT_OP_PIN_CODE_NEG_REPLY,
3011 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3012}
3013
04124681
GP		 3014static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3015 u16 len)
0df4c185 3016{
650f726d 3017 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3018
3019 BT_DBG("");
3020
3021 if (len != sizeof(*cp))
bdb6d971 3022 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3023 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3024
1707c60e 3025 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3026 MGMT_OP_USER_CONFIRM_REPLY,
3027 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3028}
3029
bdb6d971 3030static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3031 void *data, u16 len)
0df4c185 3032{
c9c2659f 3033 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3034
3035 BT_DBG("");
3036
1707c60e 3037 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3038 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3039 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3040}
3041
04124681
GP		 3042static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3043 u16 len)
604086b7 3044{
650f726d 3045 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3046
3047 BT_DBG("");
3048
1707c60e 3049 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3050 MGMT_OP_USER_PASSKEY_REPLY,
3051 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3052}
3053
bdb6d971 3054static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3055 void *data, u16 len)
604086b7 3056{
650f726d 3057 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3058
3059 BT_DBG("");
3060
1707c60e 3061 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3062 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3063 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3064}
3065
13928971 3066static void update_name(struct hci_request *req)
2b4bf397 3067{
13928971 3068 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3069 struct hci_cp_write_local_name cp;
3070
13928971 3071 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3072
890ea898 3073 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3074}
3075
13928971
JH		 3076static void set_name_complete(struct hci_dev *hdev, u8 status)
3077{
3078 struct mgmt_cp_set_local_name *cp;
3079 struct pending_cmd *cmd;
3080
3081 BT_DBG("status 0x%02x", status);
3082
3083 hci_dev_lock(hdev);
3084
3085 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3086 if (!cmd)
3087 goto unlock;
3088
3089 cp = cmd->param;
3090
3091 if (status)
3092 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3093 mgmt_status(status));
3094 else
3095 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3096 cp, sizeof(*cp));
3097
3098 mgmt_pending_remove(cmd);
3099
3100unlock:
3101 hci_dev_unlock(hdev);
3102}
3103
bdb6d971 3104static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3105 u16 len)
b312b161 3106{
2b4bf397 3107 struct mgmt_cp_set_local_name *cp = data;
b312b161 3108 struct pending_cmd *cmd;
890ea898 3109 struct hci_request req;
b312b161
JH		 3110 int err;
3111
3112 BT_DBG("");
3113
09fd0de5 3114 hci_dev_lock(hdev);
b312b161 3115
b3f2ca94
JH		 3116 /* If the old values are the same as the new ones just return a
3117 * direct command complete event.
3118 */
3119 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3120 !memcmp(hdev->short_name, cp->short_name,
3121 sizeof(hdev->short_name))) {
3122 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3123 data, len);
3124 goto failed;
3125 }
3126
2b4bf397 3127 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3128
b5235a65 3129 if (!hdev_is_powered(hdev)) {
2b4bf397 3130 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3131
3132 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3133 data, len);
28cc7bde
JH		 3134 if (err < 0)
3135 goto failed;
3136
3137 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3138 sk);
28cc7bde 3139
b5235a65
JH		 3140 goto failed;
3141 }
3142
28cc7bde 3143 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3144 if (!cmd) {
3145 err = -ENOMEM;
3146 goto failed;
3147 }
3148
13928971
JH		 3149 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3150
890ea898 3151 hci_req_init(&req, hdev);
3f985050
JH		 3152
3153 if (lmp_bredr_capable(hdev)) {
3154 update_name(&req);
3155 update_eir(&req);
3156 }
3157
7a5f4990
MH		 3158 /* The name is stored in the scan response data and so
3159 * no need to udpate the advertising data here.
3160 */
3f985050 3161 if (lmp_le_capable(hdev))
7a5f4990 3162 update_scan_rsp_data(&req);
3f985050 3163
13928971 3164 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3165 if (err < 0)
3166 mgmt_pending_remove(cmd);
3167
3168failed:
09fd0de5 3169 hci_dev_unlock(hdev);
b312b161
JH		 3170 return err;
3171}
3172
0f4e68cf 3173static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3174 void *data, u16 data_len)
c35938b2 3175{
c35938b2
SJ		 3176 struct pending_cmd *cmd;
3177 int err;
3178
bdb6d971 3179 BT_DBG("%s", hdev->name);
c35938b2 3180
09fd0de5 3181 hci_dev_lock(hdev);
c35938b2 3182
4b34ee78 3183 if (!hdev_is_powered(hdev)) {
bdb6d971 3184 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3185 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3186 goto unlock;
3187 }
3188
9a1a1996 3189 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3190 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3191 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3192 goto unlock;
3193 }
3194
2e58ef3e 3195 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3196 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3197 MGMT_STATUS_BUSY);
c35938b2
SJ		 3198 goto unlock;
3199 }
3200
2e58ef3e 3201 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3202 if (!cmd) {
3203 err = -ENOMEM;
3204 goto unlock;
3205 }
3206
4d2d2796
MH		 3207 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3208 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3209 0, NULL);
3210 else
3211 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3212
c35938b2
SJ		 3213 if (err < 0)
3214 mgmt_pending_remove(cmd);
3215
3216unlock:
09fd0de5 3217 hci_dev_unlock(hdev);
c35938b2
SJ		 3218 return err;
3219}
3220
bdb6d971 3221static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3222 void *data, u16 len)
2763eda6 3223{
2763eda6
SJ		 3224 int err;
3225
bdb6d971 3226 BT_DBG("%s ", hdev->name);
2763eda6 3227
09fd0de5 3228 hci_dev_lock(hdev);
2763eda6 3229
ec109113
MH		 3230 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3231 struct mgmt_cp_add_remote_oob_data *cp = data;
3232 u8 status;
bf1e3541 3233
ec109113
MH		 3234 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3235 cp->hash, cp->randomizer);
3236 if (err < 0)
3237 status = MGMT_STATUS_FAILED;
3238 else
3239 status = MGMT_STATUS_SUCCESS;
3240
3241 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3242 status, &cp->addr, sizeof(cp->addr));
3243 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3244 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3245 u8 status;
3246
3247 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3248 cp->hash192,
3249 cp->randomizer192,
3250 cp->hash256,
3251 cp->randomizer256);
3252 if (err < 0)
3253 status = MGMT_STATUS_FAILED;
3254 else
3255 status = MGMT_STATUS_SUCCESS;
3256
3257 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3258 status, &cp->addr, sizeof(cp->addr));
3259 } else {
3260 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3261 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3262 MGMT_STATUS_INVALID_PARAMS);
3263 }
2763eda6 3264
09fd0de5 3265 hci_dev_unlock(hdev);
2763eda6
SJ		 3266 return err;
3267}
3268
bdb6d971 3269static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3270 void *data, u16 len)
2763eda6 3271{
650f726d 3272 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3273 u8 status;
2763eda6
SJ		 3274 int err;
3275
bdb6d971 3276 BT_DBG("%s", hdev->name);
2763eda6 3277
09fd0de5 3278 hci_dev_lock(hdev);
2763eda6 3279
664ce4cc 3280 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3281 if (err < 0)
bf1e3541 3282 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3283 else
a6785be2 3284 status = MGMT_STATUS_SUCCESS;
bf1e3541 3285
bdb6d971 3286 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3287 status, &cp->addr, sizeof(cp->addr));
2763eda6 3288
09fd0de5 3289 hci_dev_unlock(hdev);
2763eda6
SJ		 3290 return err;
3291}
3292
41dc2bd6
AG		 3293static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3294{
3295 struct pending_cmd *cmd;
3296 u8 type;
3297 int err;
3298
3299 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3300
3301 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3302 if (!cmd)
3303 return -ENOENT;
3304
3305 type = hdev->discovery.type;
3306
3307 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3308 &type, sizeof(type));
3309 mgmt_pending_remove(cmd);
3310
3311 return err;
3312}
3313
7c307720
AG		 3314static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3315{
3316 BT_DBG("status %d", status);
3317
3318 if (status) {
3319 hci_dev_lock(hdev);
3320 mgmt_start_discovery_failed(hdev, status);
3321 hci_dev_unlock(hdev);
3322 return;
3323 }
3324
3325 hci_dev_lock(hdev);
3326 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3327 hci_dev_unlock(hdev);
3328
3329 switch (hdev->discovery.type) {
3330 case DISCOV_TYPE_LE:
3331 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3332 DISCOV_LE_TIMEOUT);
7c307720
AG		 3333 break;
3334
3335 case DISCOV_TYPE_INTERLEAVED:
3336 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3337 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 3338 break;
3339
3340 case DISCOV_TYPE_BREDR:
3341 break;
3342
3343 default:
3344 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3345 }
3346}
3347
bdb6d971 3348static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3349 void *data, u16 len)
14a53664 3350{
650f726d 3351 struct mgmt_cp_start_discovery *cp = data;
14a53664 3352 struct pending_cmd *cmd;
7c307720
AG		 3353 struct hci_cp_le_set_scan_param param_cp;
3354 struct hci_cp_le_set_scan_enable enable_cp;
3355 struct hci_cp_inquiry inq_cp;
3356 struct hci_request req;
3357 /* General inquiry access code (GIAC) */
3358 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3359 u8 status, own_addr_type;
14a53664
JH		 3360 int err;
3361
bdb6d971 3362 BT_DBG("%s", hdev->name);
14a53664 3363
09fd0de5 3364 hci_dev_lock(hdev);
14a53664 3365
4b34ee78 3366 if (!hdev_is_powered(hdev)) {
bdb6d971 3367 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3368 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3369 goto failed;
3370 }
3371
642be6c7
AG		 3372 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3373 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3374 MGMT_STATUS_BUSY);
3375 goto failed;
3376 }
3377
ff9ef578 3378 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3379 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3380 MGMT_STATUS_BUSY);
ff9ef578
JH		 3381 goto failed;
3382 }
3383
2e58ef3e 3384 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3385 if (!cmd) {
3386 err = -ENOMEM;
3387 goto failed;
3388 }
3389
4aab14e5
AG		 3390 hdev->discovery.type = cp->type;
3391
7c307720
AG		 3392 hci_req_init(&req, hdev);
3393
4aab14e5 3394 switch (hdev->discovery.type) {
f39799f5 3395 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3396 status = mgmt_bredr_support(hdev);
3397 if (status) {
04106755 3398 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3399 status);
04106755
JH		 3400 mgmt_pending_remove(cmd);
3401 goto failed;
3402 }
3403
7c307720
AG		 3404 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3405 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3406 MGMT_STATUS_BUSY);
3407 mgmt_pending_remove(cmd);
3408 goto failed;
3409 }
3410
3411 hci_inquiry_cache_flush(hdev);
3412
3413 memset(&inq_cp, 0, sizeof(inq_cp));
3414 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3415 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3416 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3417 break;
3418
3419 case DISCOV_TYPE_LE:
7c307720 3420 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3421 status = mgmt_le_support(hdev);
3422 if (status) {
04106755 3423 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3424 status);
04106755
JH		 3425 mgmt_pending_remove(cmd);
3426 goto failed;
3427 }
3428
7c307720 3429 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3430 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3431 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3432 MGMT_STATUS_NOT_SUPPORTED);
3433 mgmt_pending_remove(cmd);
3434 goto failed;
3435 }
3436
f3d3444a 3437 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3438 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3439 MGMT_STATUS_REJECTED);
3440 mgmt_pending_remove(cmd);
3441 goto failed;
3442 }
3443
c54c3860
AG		 3444 /* If controller is scanning, it means the background scanning
3445 * is running. Thus, we should temporarily stop it in order to
3446 * set the discovery scanning parameters.
3447 */
3448 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3449 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3450
3451 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3452
94b1fc92
MH		 3453 /* All active scans will be done with either a resolvable
3454 * private address (when privacy feature has been enabled)
3455 * or unresolvable private address.
3456 */
3457 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3458 if (err < 0) {
3459 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3460 MGMT_STATUS_FAILED);
3461 mgmt_pending_remove(cmd);
3462 goto failed;
3463 }
3464
7c307720 3465 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3466 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3467 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3468 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3469 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3470 &param_cp);
3471
3472 memset(&enable_cp, 0, sizeof(enable_cp));
3473 enable_cp.enable = LE_SCAN_ENABLE;
3474 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3475 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3476 &enable_cp);
5e0452c0
AG		 3477 break;
3478
f39799f5 3479 default:
04106755
JH		 3480 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3481 MGMT_STATUS_INVALID_PARAMS);
3482 mgmt_pending_remove(cmd);
3483 goto failed;
f39799f5 3484 }
3fd24153 3485
7c307720 3486 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3487 if (err < 0)
3488 mgmt_pending_remove(cmd);
ff9ef578
JH		 3489 else
3490 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3491
3492failed:
09fd0de5 3493 hci_dev_unlock(hdev);
14a53664
JH		 3494 return err;
3495}
3496
1183fdca
AG		 3497static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3498{
3499 struct pending_cmd *cmd;
3500 int err;
3501
3502 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3503 if (!cmd)
3504 return -ENOENT;
3505
3506 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3507 &hdev->discovery.type, sizeof(hdev->discovery.type));
3508 mgmt_pending_remove(cmd);
3509
3510 return err;
3511}
3512
0e05bba6
AG		 3513static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3514{
3515 BT_DBG("status %d", status);
3516
3517 hci_dev_lock(hdev);
3518
3519 if (status) {
3520 mgmt_stop_discovery_failed(hdev, status);
3521 goto unlock;
3522 }
3523
3524 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3525
3526unlock:
3527 hci_dev_unlock(hdev);
3528}
3529
bdb6d971 3530static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3531 u16 len)
14a53664 3532{
d930650b 3533 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3534 struct pending_cmd *cmd;
30dc78e1
JH		 3535 struct hci_cp_remote_name_req_cancel cp;
3536 struct inquiry_entry *e;
0e05bba6 3537 struct hci_request req;
14a53664
JH		 3538 int err;
3539
bdb6d971 3540 BT_DBG("%s", hdev->name);
14a53664 3541
09fd0de5 3542 hci_dev_lock(hdev);
14a53664 3543
30dc78e1 3544 if (!hci_discovery_active(hdev)) {
bdb6d971 3545 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3546 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3547 sizeof(mgmt_cp->type));
d930650b
JH		 3548 goto unlock;
3549 }
3550
3551 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3552 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3553 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3554 sizeof(mgmt_cp->type));
30dc78e1 3555 goto unlock;
ff9ef578
JH		 3556 }
3557
2e58ef3e 3558 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3559 if (!cmd) {
3560 err = -ENOMEM;
30dc78e1
JH		 3561 goto unlock;
3562 }
3563
0e05bba6
AG		 3564 hci_req_init(&req, hdev);
3565
e0d9727e
AG		 3566 switch (hdev->discovery.state) {
3567 case DISCOVERY_FINDING:
0e05bba6
AG		 3568 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3569 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3570 } else {
3571 cancel_delayed_work(&hdev->le_scan_disable);
3572
b1efcc28 3573 hci_req_add_le_scan_disable(&req);
0e05bba6 3574 }
c9ecc48e 3575
e0d9727e
AG		 3576 break;
3577
3578 case DISCOVERY_RESOLVING:
3579 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3580 NAME_PENDING);
e0d9727e 3581 if (!e) {
30dc78e1 3582 mgmt_pending_remove(cmd);
e0d9727e
AG		 3583 err = cmd_complete(sk, hdev->id,
3584 MGMT_OP_STOP_DISCOVERY, 0,
3585 &mgmt_cp->type,
3586 sizeof(mgmt_cp->type));
3587 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3588 goto unlock;
3589 }
30dc78e1 3590
e0d9727e 3591 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3592 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3593 &cp);
e0d9727e
AG		 3594
3595 break;
3596
3597 default:
3598 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3599
3600 mgmt_pending_remove(cmd);
3601 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3602 MGMT_STATUS_FAILED, &mgmt_cp->type,
3603 sizeof(mgmt_cp->type));
3604 goto unlock;
14a53664
JH		 3605 }
3606
0e05bba6 3607 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3608 if (err < 0)
3609 mgmt_pending_remove(cmd);
ff9ef578
JH		 3610 else
3611 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3612
30dc78e1 3613unlock:
09fd0de5 3614 hci_dev_unlock(hdev);
14a53664
JH		 3615 return err;
3616}
3617
bdb6d971 3618static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3619 u16 len)
561aafbc 3620{
650f726d 3621 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3622 struct inquiry_entry *e;
561aafbc
JH		 3623 int err;
3624
bdb6d971 3625 BT_DBG("%s", hdev->name);
561aafbc 3626
561aafbc
JH		 3627 hci_dev_lock(hdev);
3628
30dc78e1 3629 if (!hci_discovery_active(hdev)) {
bdb6d971 3630 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3631 MGMT_STATUS_FAILED);
30dc78e1
JH		 3632 goto failed;
3633 }
3634
a198e7b1 3635 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3636 if (!e) {
bdb6d971 3637 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3638 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3639 goto failed;
3640 }
3641
3642 if (cp->name_known) {
3643 e->name_state = NAME_KNOWN;
3644 list_del(&e->list);
3645 } else {
3646 e->name_state = NAME_NEEDED;
a3d4e20a 3647 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3648 }
3649
e384662b
JH		 3650 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3651 sizeof(cp->addr));
561aafbc
JH		 3652
3653failed:
3654 hci_dev_unlock(hdev);
561aafbc
JH		 3655 return err;
3656}
3657
bdb6d971 3658static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3659 u16 len)
7fbec224 3660{
650f726d 3661 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3662 u8 status;
7fbec224
AJ		 3663 int err;
3664
bdb6d971 3665 BT_DBG("%s", hdev->name);
7fbec224 3666
4ee71b20 3667 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3668 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3669 MGMT_STATUS_INVALID_PARAMS,
3670 &cp->addr, sizeof(cp->addr));
4ee71b20 3671
09fd0de5 3672 hci_dev_lock(hdev);
5e762444 3673
88c1fe4b 3674 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3675 if (err < 0)
f0eeea8b 3676 status = MGMT_STATUS_FAILED;
7fbec224 3677 else
a6785be2 3678 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3679
bdb6d971 3680 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3681 &cp->addr, sizeof(cp->addr));
5e762444 3682
09fd0de5 3683 hci_dev_unlock(hdev);
7fbec224
AJ		 3684
3685 return err;
3686}
3687
bdb6d971 3688static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3689 u16 len)
7fbec224 3690{
650f726d 3691 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3692 u8 status;
7fbec224
AJ		 3693 int err;
3694
bdb6d971 3695 BT_DBG("%s", hdev->name);
7fbec224 3696
4ee71b20 3697 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3698 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3699 MGMT_STATUS_INVALID_PARAMS,
3700 &cp->addr, sizeof(cp->addr));
4ee71b20 3701
09fd0de5 3702 hci_dev_lock(hdev);
5e762444 3703
88c1fe4b 3704 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3705 if (err < 0)
f0eeea8b 3706 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3707 else
a6785be2 3708 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3709
bdb6d971 3710 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3711 &cp->addr, sizeof(cp->addr));
5e762444 3712
09fd0de5 3713 hci_dev_unlock(hdev);
7fbec224
AJ		 3714
3715 return err;
3716}
3717
cdbaccca
MH		 3718static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3719 u16 len)
3720{
3721 struct mgmt_cp_set_device_id *cp = data;
890ea898 3722 struct hci_request req;
cdbaccca 3723 int err;
c72d4b8a 3724 __u16 source;
cdbaccca
MH		 3725
3726 BT_DBG("%s", hdev->name);
3727
c72d4b8a
SJ		 3728 source = __le16_to_cpu(cp->source);
3729
3730 if (source > 0x0002)
3731 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3732 MGMT_STATUS_INVALID_PARAMS);
3733
cdbaccca
MH		 3734 hci_dev_lock(hdev);
3735
c72d4b8a 3736 hdev->devid_source = source;
cdbaccca
MH		 3737 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3738 hdev->devid_product = __le16_to_cpu(cp->product);
3739 hdev->devid_version = __le16_to_cpu(cp->version);
3740
3741 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3742
890ea898
JH		 3743 hci_req_init(&req, hdev);
3744 update_eir(&req);
3745 hci_req_run(&req, NULL);
cdbaccca
MH		 3746
3747 hci_dev_unlock(hdev);
3748
3749 return err;
3750}
3751
4375f103
JH		 3752static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3753{
3754 struct cmd_lookup match = { NULL, hdev };
3755
3756 if (status) {
3757 u8 mgmt_err = mgmt_status(status);
3758
3759 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3760 cmd_status_rsp, &mgmt_err);
3761 return;
3762 }
3763
3764 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3765 &match);
3766
3767 new_settings(hdev, match.sk);
3768
3769 if (match.sk)
3770 sock_put(match.sk);
3771}
3772
21b5187f
MH		 3773static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3774 u16 len)
4375f103
JH		 3775{
3776 struct mgmt_mode *cp = data;
3777 struct pending_cmd *cmd;
3778 struct hci_request req;
e6fe7986 3779 u8 val, enabled, status;
4375f103
JH		 3780 int err;
3781
3782 BT_DBG("request for %s", hdev->name);
3783
e6fe7986
JH		 3784 status = mgmt_le_support(hdev);
3785 if (status)
4375f103 3786 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3787 status);
4375f103
JH		 3788
3789 if (cp->val != 0x00 && cp->val != 0x01)
3790 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3791 MGMT_STATUS_INVALID_PARAMS);
3792
3793 hci_dev_lock(hdev);
3794
3795 val = !!cp->val;
f3d3444a 3796 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3797
f74ca9b8
JH		 3798 /* The following conditions are ones which mean that we should
3799 * not do any HCI communication but directly send a mgmt
3800 * response to user space (after toggling the flag if
3801 * necessary).
3802 */
3803 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3804 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3805 bool changed = false;
3806
f3d3444a
JH		 3807 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3808 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3809 changed = true;
3810 }
3811
3812 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3813 if (err < 0)
3814 goto unlock;
3815
3816 if (changed)
3817 err = new_settings(hdev, sk);
3818
3819 goto unlock;
3820 }
3821
3822 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3823 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3824 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3825 MGMT_STATUS_BUSY);
3826 goto unlock;
3827 }
3828
3829 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3830 if (!cmd) {
3831 err = -ENOMEM;
3832 goto unlock;
3833 }
3834
3835 hci_req_init(&req, hdev);
3836
bba3aa55
MH		 3837 if (val)
3838 enable_advertising(&req);
3839 else
3840 disable_advertising(&req);
4375f103
JH		 3841
3842 err = hci_req_run(&req, set_advertising_complete);
3843 if (err < 0)
3844 mgmt_pending_remove(cmd);
3845
3846unlock:
3847 hci_dev_unlock(hdev);
3848 return err;
3849}
3850
d13eafce
MH		 3851static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3852 void *data, u16 len)
3853{
3854 struct mgmt_cp_set_static_address *cp = data;
3855 int err;
3856
3857 BT_DBG("%s", hdev->name);
3858
62af4443 3859 if (!lmp_le_capable(hdev))
d13eafce 3860 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3861 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3862
3863 if (hdev_is_powered(hdev))
3864 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3865 MGMT_STATUS_REJECTED);
3866
3867 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3868 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3869 return cmd_status(sk, hdev->id,
3870 MGMT_OP_SET_STATIC_ADDRESS,
3871 MGMT_STATUS_INVALID_PARAMS);
3872
3873 /* Two most significant bits shall be set */
3874 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3875 return cmd_status(sk, hdev->id,
3876 MGMT_OP_SET_STATIC_ADDRESS,
3877 MGMT_STATUS_INVALID_PARAMS);
3878 }
3879
3880 hci_dev_lock(hdev);
3881
3882 bacpy(&hdev->static_addr, &cp->bdaddr);
3883
3884 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3885
3886 hci_dev_unlock(hdev);
3887
3888 return err;
3889}
3890
14b49b9a
MH		 3891static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3892 void *data, u16 len)
3893{
3894 struct mgmt_cp_set_scan_params *cp = data;
3895 __u16 interval, window;
3896 int err;
3897
3898 BT_DBG("%s", hdev->name);
3899
3900 if (!lmp_le_capable(hdev))
3901 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3902 MGMT_STATUS_NOT_SUPPORTED);
3903
3904 interval = __le16_to_cpu(cp->interval);
3905
3906 if (interval < 0x0004 || interval > 0x4000)
3907 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3908 MGMT_STATUS_INVALID_PARAMS);
3909
3910 window = __le16_to_cpu(cp->window);
3911
3912 if (window < 0x0004 || window > 0x4000)
3913 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3914 MGMT_STATUS_INVALID_PARAMS);
3915
899e1075
MH		 3916 if (window > interval)
3917 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3918 MGMT_STATUS_INVALID_PARAMS);
3919
14b49b9a
MH		 3920 hci_dev_lock(hdev);
3921
3922 hdev->le_scan_interval = interval;
3923 hdev->le_scan_window = window;
3924
3925 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3926
dd2ef8e2
AG		 3927 /* If background scan is running, restart it so new parameters are
3928 * loaded.
3929 */
3930 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
3931 hdev->discovery.state == DISCOVERY_STOPPED) {
3932 struct hci_request req;
3933
3934 hci_req_init(&req, hdev);
3935
3936 hci_req_add_le_scan_disable(&req);
3937 hci_req_add_le_passive_scan(&req);
3938
3939 hci_req_run(&req, NULL);
3940 }
3941
14b49b9a
MH		 3942 hci_dev_unlock(hdev);
3943
3944 return err;
3945}
3946
33e38b3e
JH		 3947static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3948{
3949 struct pending_cmd *cmd;
3950
3951 BT_DBG("status 0x%02x", status);
3952
3953 hci_dev_lock(hdev);
3954
3955 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3956 if (!cmd)
3957 goto unlock;
3958
3959 if (status) {
3960 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3961 mgmt_status(status));
3962 } else {
1a4d3c4b
JH		 3963 struct mgmt_mode *cp = cmd->param;
3964
3965 if (cp->val)
3966 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3967 else
3968 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3969
33e38b3e
JH		 3970 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3971 new_settings(hdev, cmd->sk);
3972 }
3973
3974 mgmt_pending_remove(cmd);
3975
3976unlock:
3977 hci_dev_unlock(hdev);
3978}
3979
bdb6d971 3980static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3981 void *data, u16 len)
f6422ec6 3982{
650f726d 3983 struct mgmt_mode *cp = data;
33e38b3e
JH		 3984 struct pending_cmd *cmd;
3985 struct hci_request req;
f6422ec6
AJ		 3986 int err;
3987
bdb6d971 3988 BT_DBG("%s", hdev->name);
f6422ec6 3989
56f87901
JH		 3990 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3991 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3992 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3993 MGMT_STATUS_NOT_SUPPORTED);
3994
a7e80f25
JH		 3995 if (cp->val != 0x00 && cp->val != 0x01)
3996 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3997 MGMT_STATUS_INVALID_PARAMS);
3998
5400c044 3999 if (!hdev_is_powered(hdev))
bdb6d971 4000 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4001 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4002
4003 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4004 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4005 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4006
4007 hci_dev_lock(hdev);
4008
05cbf29f
JH		 4009 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4010 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4011 MGMT_STATUS_BUSY);
4012 goto unlock;
4013 }
4014
1a4d3c4b
JH		 4015 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4016 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4017 hdev);
4018 goto unlock;
4019 }
4020
33e38b3e
JH		 4021 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4022 data, len);
4023 if (!cmd) {
4024 err = -ENOMEM;
4025 goto unlock;
f6422ec6
AJ		 4026 }
4027
33e38b3e
JH		 4028 hci_req_init(&req, hdev);
4029
406d7804 4030 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4031
4032 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4033 if (err < 0) {
bdb6d971 4034 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4035 MGMT_STATUS_FAILED);
33e38b3e 4036 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4037 }
4038
33e38b3e 4039unlock:
f6422ec6 4040 hci_dev_unlock(hdev);
33e38b3e 4041
f6422ec6
AJ		 4042 return err;
4043}
4044
67e5a7a3
JH		 4045static void set_bredr_scan(struct hci_request *req)
4046{
4047 struct hci_dev *hdev = req->hdev;
4048 u8 scan = 0;
4049
4050 /* Ensure that fast connectable is disabled. This function will
4051 * not do anything if the page scan parameters are already what
4052 * they should be.
4053 */
4054 write_fast_connectable(req, false);
4055
4056 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4057 scan |= SCAN_PAGE;
4058 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4059 scan |= SCAN_INQUIRY;
4060
4061 if (scan)
4062 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4063}
4064
0663ca2a
JH		 4065static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4066{
4067 struct pending_cmd *cmd;
4068
4069 BT_DBG("status 0x%02x", status);
4070
4071 hci_dev_lock(hdev);
4072
4073 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4074 if (!cmd)
4075 goto unlock;
4076
4077 if (status) {
4078 u8 mgmt_err = mgmt_status(status);
4079
4080 /* We need to restore the flag if related HCI commands
4081 * failed.
4082 */
4083 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4084
4085 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4086 } else {
4087 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4088 new_settings(hdev, cmd->sk);
4089 }
4090
4091 mgmt_pending_remove(cmd);
4092
4093unlock:
4094 hci_dev_unlock(hdev);
4095}
4096
4097static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4098{
4099 struct mgmt_mode *cp = data;
4100 struct pending_cmd *cmd;
4101 struct hci_request req;
4102 int err;
4103
4104 BT_DBG("request for %s", hdev->name);
4105
4106 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4107 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4108 MGMT_STATUS_NOT_SUPPORTED);
4109
4110 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4111 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4112 MGMT_STATUS_REJECTED);
4113
4114 if (cp->val != 0x00 && cp->val != 0x01)
4115 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4116 MGMT_STATUS_INVALID_PARAMS);
4117
4118 hci_dev_lock(hdev);
4119
4120 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4121 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4122 goto unlock;
4123 }
4124
4125 if (!hdev_is_powered(hdev)) {
4126 if (!cp->val) {
0663ca2a
JH		 4127 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4128 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4129 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4130 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4131 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4132 }
4133
4134 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4135
4136 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4137 if (err < 0)
4138 goto unlock;
4139
4140 err = new_settings(hdev, sk);
4141 goto unlock;
4142 }
4143
4144 /* Reject disabling when powered on */
4145 if (!cp->val) {
4146 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4147 MGMT_STATUS_REJECTED);
4148 goto unlock;
4149 }
4150
4151 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4152 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4153 MGMT_STATUS_BUSY);
4154 goto unlock;
4155 }
4156
4157 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4158 if (!cmd) {
4159 err = -ENOMEM;
4160 goto unlock;
4161 }
4162
5947f4bc 4163 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4164 * generates the correct flags.
4165 */
4166 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4167
4168 hci_req_init(&req, hdev);
aa8af46e
JH		 4169
4170 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4171 set_bredr_scan(&req);
4172
f14d8f64
MH		 4173 /* Since only the advertising data flags will change, there
4174 * is no need to update the scan response data.
4175 */
5947f4bc 4176 update_adv_data(&req);
aa8af46e 4177
0663ca2a
JH		 4178 err = hci_req_run(&req, set_bredr_complete);
4179 if (err < 0)
4180 mgmt_pending_remove(cmd);
4181
4182unlock:
4183 hci_dev_unlock(hdev);
4184 return err;
4185}
4186
eac83dc6
MH		 4187static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4188 void *data, u16 len)
4189{
4190 struct mgmt_mode *cp = data;
4191 struct pending_cmd *cmd;
0ab04a9c 4192 u8 val, status;
eac83dc6
MH		 4193 int err;
4194
4195 BT_DBG("request for %s", hdev->name);
4196
4197 status = mgmt_bredr_support(hdev);
4198 if (status)
4199 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4200 status);
4201
5afeac14
MH		 4202 if (!lmp_sc_capable(hdev) &&
4203 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
eac83dc6
MH		 4204 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4205 MGMT_STATUS_NOT_SUPPORTED);
4206
0ab04a9c 4207 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4208 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4209 MGMT_STATUS_INVALID_PARAMS);
4210
4211 hci_dev_lock(hdev);
4212
4213 if (!hdev_is_powered(hdev)) {
4214 bool changed;
4215
0ab04a9c 4216 if (cp->val) {
eac83dc6
MH		 4217 changed = !test_and_set_bit(HCI_SC_ENABLED,
4218 &hdev->dev_flags);
0ab04a9c
MH		 4219 if (cp->val == 0x02)
4220 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4221 else
4222 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4223 } else {
eac83dc6
MH		 4224 changed = test_and_clear_bit(HCI_SC_ENABLED,
4225 &hdev->dev_flags);
0ab04a9c
MH		 4226 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4227 }
eac83dc6
MH		 4228
4229 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4230 if (err < 0)
4231 goto failed;
4232
4233 if (changed)
4234 err = new_settings(hdev, sk);
4235
4236 goto failed;
4237 }
4238
4239 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4240 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4241 MGMT_STATUS_BUSY);
4242 goto failed;
4243 }
4244
0ab04a9c
MH		 4245 val = !!cp->val;
4246
4247 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4248 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4249 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4250 goto failed;
4251 }
4252
4253 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4254 if (!cmd) {
4255 err = -ENOMEM;
4256 goto failed;
4257 }
4258
0ab04a9c 4259 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4260 if (err < 0) {
4261 mgmt_pending_remove(cmd);
4262 goto failed;
4263 }
4264
0ab04a9c
MH		 4265 if (cp->val == 0x02)
4266 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4267 else
4268 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4269
eac83dc6
MH		 4270failed:
4271 hci_dev_unlock(hdev);
4272 return err;
4273}
4274
4e39ac81
MH		 4275static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4276 void *data, u16 len)
4277{
4278 struct mgmt_mode *cp = data;
4279 bool changed;
4280 int err;
4281
4282 BT_DBG("request for %s", hdev->name);
4283
4284 if (cp->val != 0x00 && cp->val != 0x01)
4285 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4286 MGMT_STATUS_INVALID_PARAMS);
4287
4288 hci_dev_lock(hdev);
4289
4290 if (cp->val)
4291 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4292 else
4293 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4294
4295 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4296 if (err < 0)
4297 goto unlock;
4298
4299 if (changed)
4300 err = new_settings(hdev, sk);
4301
4302unlock:
4303 hci_dev_unlock(hdev);
4304 return err;
4305}
4306
62b04cd1
JH		 4307static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4308 u16 len)
4309{
4310 struct mgmt_cp_set_privacy *cp = cp_data;
4311 bool changed;
4312 int err;
4313
4314 BT_DBG("request for %s", hdev->name);
4315
4316 if (!lmp_le_capable(hdev))
4317 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4318 MGMT_STATUS_NOT_SUPPORTED);
4319
4320 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4321 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4322 MGMT_STATUS_INVALID_PARAMS);
4323
4324 if (hdev_is_powered(hdev))
4325 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4326 MGMT_STATUS_REJECTED);
4327
4328 hci_dev_lock(hdev);
4329
c21c0ea0
JH		 4330 /* If user space supports this command it is also expected to
4331 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4332 */
4333 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4334
62b04cd1
JH		 4335 if (cp->privacy) {
4336 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4337 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4338 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4339 } else {
4340 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4341 memset(hdev->irk, 0, sizeof(hdev->irk));
4342 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4343 }
4344
4345 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4346 if (err < 0)
4347 goto unlock;
4348
4349 if (changed)
4350 err = new_settings(hdev, sk);
4351
4352unlock:
4353 hci_dev_unlock(hdev);
4354 return err;
4355}
4356
41edf160
JH		 4357static bool irk_is_valid(struct mgmt_irk_info *irk)
4358{
4359 switch (irk->addr.type) {
4360 case BDADDR_LE_PUBLIC:
4361 return true;
4362
4363 case BDADDR_LE_RANDOM:
4364 /* Two most significant bits shall be set */
4365 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4366 return false;
4367 return true;
4368 }
4369
4370 return false;
4371}
4372
4373static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4374 u16 len)
4375{
4376 struct mgmt_cp_load_irks *cp = cp_data;
4377 u16 irk_count, expected_len;
4378 int i, err;
4379
4380 BT_DBG("request for %s", hdev->name);
4381
4382 if (!lmp_le_capable(hdev))
4383 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4384 MGMT_STATUS_NOT_SUPPORTED);
4385
4386 irk_count = __le16_to_cpu(cp->irk_count);
4387
4388 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4389 if (expected_len != len) {
4390 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4391 len, expected_len);
4392 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4393 MGMT_STATUS_INVALID_PARAMS);
4394 }
4395
4396 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4397
4398 for (i = 0; i < irk_count; i++) {
4399 struct mgmt_irk_info *key = &cp->irks[i];
4400
4401 if (!irk_is_valid(key))
4402 return cmd_status(sk, hdev->id,
4403 MGMT_OP_LOAD_IRKS,
4404 MGMT_STATUS_INVALID_PARAMS);
4405 }
4406
4407 hci_dev_lock(hdev);
4408
4409 hci_smp_irks_clear(hdev);
4410
4411 for (i = 0; i < irk_count; i++) {
4412 struct mgmt_irk_info *irk = &cp->irks[i];
4413 u8 addr_type;
4414
4415 if (irk->addr.type == BDADDR_LE_PUBLIC)
4416 addr_type = ADDR_LE_DEV_PUBLIC;
4417 else
4418 addr_type = ADDR_LE_DEV_RANDOM;
4419
4420 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4421 BDADDR_ANY);
4422 }
4423
4424 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4425
4426 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4427
4428 hci_dev_unlock(hdev);
4429
4430 return err;
4431}
4432
3f706b72
JH		 4433static bool ltk_is_valid(struct mgmt_ltk_info *key)
4434{
4435 if (key->master != 0x00 && key->master != 0x01)
4436 return false;
490cb0b3
MH		 4437
4438 switch (key->addr.type) {
4439 case BDADDR_LE_PUBLIC:
4440 return true;
4441
4442 case BDADDR_LE_RANDOM:
4443 /* Two most significant bits shall be set */
4444 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4445 return false;
4446 return true;
4447 }
4448
4449 return false;
3f706b72
JH		 4450}
4451
bdb6d971 4452static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4453 void *cp_data, u16 len)
346af67b 4454{
346af67b
VCG		 4455 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4456 u16 key_count, expected_len;
715a5bf2 4457 int i, err;
346af67b 4458
cf99ba13
MH		 4459 BT_DBG("request for %s", hdev->name);
4460
4461 if (!lmp_le_capable(hdev))
4462 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4463 MGMT_STATUS_NOT_SUPPORTED);
4464
1f350c87 4465 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4466
4467 expected_len = sizeof(*cp) + key_count *
4468 sizeof(struct mgmt_ltk_info);
4469 if (expected_len != len) {
4470 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 4471 len, expected_len);
bdb6d971 4472 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4473 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4474 }
4475
bdb6d971 4476 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4477
54ad6d8a
JH		 4478 for (i = 0; i < key_count; i++) {
4479 struct mgmt_ltk_info *key = &cp->keys[i];
4480
3f706b72 4481 if (!ltk_is_valid(key))
54ad6d8a
JH		 4482 return cmd_status(sk, hdev->id,
4483 MGMT_OP_LOAD_LONG_TERM_KEYS,
4484 MGMT_STATUS_INVALID_PARAMS);
4485 }
4486
346af67b
VCG		 4487 hci_dev_lock(hdev);
4488
4489 hci_smp_ltks_clear(hdev);
4490
4491 for (i = 0; i < key_count; i++) {
4492 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 4493 u8 type, addr_type;
4494
4495 if (key->addr.type == BDADDR_LE_PUBLIC)
4496 addr_type = ADDR_LE_DEV_PUBLIC;
4497 else
4498 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4499
4500 if (key->master)
4501 type = HCI_SMP_LTK;
4502 else
4503 type = HCI_SMP_LTK_SLAVE;
4504
35d70271
JH		 4505 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4506 key->type, key->val, key->enc_size, key->ediv,
4507 key->rand);
346af67b
VCG		 4508 }
4509
715a5bf2
JH		 4510 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4511 NULL, 0);
4512
346af67b 4513 hci_dev_unlock(hdev);
346af67b 4514
715a5bf2 4515 return err;
346af67b
VCG		 4516}
4517
2e3c35ea 4518static const struct mgmt_handler {
04124681
GP		 4519 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4520 u16 data_len);
be22b54e
JH		 4521 bool var_len;
4522 size_t data_len;
0f4e68cf
JH		 4523} mgmt_handlers[] = {
4524 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4525 { read_version, false, MGMT_READ_VERSION_SIZE },
4526 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4527 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4528 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4529 { set_powered, false, MGMT_SETTING_SIZE },
4530 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4531 { set_connectable, false, MGMT_SETTING_SIZE },
4532 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4533 { set_pairable, false, MGMT_SETTING_SIZE },
4534 { set_link_security, false, MGMT_SETTING_SIZE },
4535 { set_ssp, false, MGMT_SETTING_SIZE },
4536 { set_hs, false, MGMT_SETTING_SIZE },
4537 { set_le, false, MGMT_SETTING_SIZE },
4538 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4539 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4540 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4541 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4542 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4543 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4544 { disconnect, false, MGMT_DISCONNECT_SIZE },
4545 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4546 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4547 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4548 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4549 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4550 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4551 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4552 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4553 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4554 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4555 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4556 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 4557 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 4558 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4559 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4560 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4561 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4562 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4563 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4564 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4565 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4566 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4567 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4568 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 4569 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 4570 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 4571 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 4572 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
0f4e68cf
JH		 4573};
4574
4575
0381101f
JH		 4576int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4577{
650f726d
VCG		 4578 void *buf;
4579 u8 *cp;
0381101f 4580 struct mgmt_hdr *hdr;
4e51eae9 4581 u16 opcode, index, len;
bdb6d971 4582 struct hci_dev *hdev = NULL;
2e3c35ea 4583 const struct mgmt_handler *handler;
0381101f
JH		 4584 int err;
4585
4586 BT_DBG("got %zu bytes", msglen);
4587
4588 if (msglen < sizeof(*hdr))
4589 return -EINVAL;
4590
e63a15ec 4591 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4592 if (!buf)
4593 return -ENOMEM;
4594
4595 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4596 err = -EFAULT;
4597 goto done;
4598 }
4599
650f726d 4600 hdr = buf;
1f350c87
MH		 4601 opcode = __le16_to_cpu(hdr->opcode);
4602 index = __le16_to_cpu(hdr->index);
4603 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4604
4605 if (len != msglen - sizeof(*hdr)) {
4606 err = -EINVAL;
4607 goto done;
4608 }
4609
0f4e68cf 4610 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4611 hdev = hci_dev_get(index);
4612 if (!hdev) {
4613 err = cmd_status(sk, index, opcode,
04124681 4614 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4615 goto done;
4616 }
0736cfa8 4617
cebf4cfd
JH		 4618 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4619 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4620 err = cmd_status(sk, index, opcode,
4621 MGMT_STATUS_INVALID_INDEX);
4622 goto done;
4623 }
bdb6d971
JH		 4624 }
4625
0f4e68cf 4626 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4627 mgmt_handlers[opcode].func == NULL) {
0381101f 4628 BT_DBG("Unknown op %u", opcode);
ca69b795 4629 err = cmd_status(sk, index, opcode,
04124681 4630 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4631 goto done;
4632 }
4633
4634 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4635 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4636 err = cmd_status(sk, index, opcode,
04124681 4637 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4638 goto done;
0381101f
JH		 4639 }
4640
be22b54e
JH		 4641 handler = &mgmt_handlers[opcode];
4642
4643 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4644 (!handler->var_len && len != handler->data_len)) {
be22b54e 4645 err = cmd_status(sk, index, opcode,
04124681 4646 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4647 goto done;
4648 }
4649
0f4e68cf
JH		 4650 if (hdev)
4651 mgmt_init_hdev(sk, hdev);
4652
4653 cp = buf + sizeof(*hdr);
4654
be22b54e 4655 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4656 if (err < 0)
4657 goto done;
4658
0381101f
JH		 4659 err = msglen;
4660
4661done:
bdb6d971
JH		 4662 if (hdev)
4663 hci_dev_put(hdev);
4664
0381101f
JH		 4665 kfree(buf);
4666 return err;
4667}
c71e97bf 4668
bf6b56db 4669void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4670{
1514b892 4671 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4672 return;
bb4b2a9a 4673
bf6b56db 4674 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4675}
4676
bf6b56db 4677void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4678{
5f159032 4679 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4680
1514b892 4681 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4682 return;
bb4b2a9a 4683
744cf19e 4684 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4685
bf6b56db 4686 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4687}
4688
6046dc3e
AG		 4689/* This function requires the caller holds hdev->lock */
4690static void restart_le_auto_conns(struct hci_dev *hdev)
4691{
4692 struct hci_conn_params *p;
4693
4694 list_for_each_entry(p, &hdev->le_conn_params, list) {
4695 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS)
4696 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
4697 }
4698}
4699
229ab39c
JH		 4700static void powered_complete(struct hci_dev *hdev, u8 status)
4701{
4702 struct cmd_lookup match = { NULL, hdev };
4703
4704 BT_DBG("status 0x%02x", status);
4705
4706 hci_dev_lock(hdev);
4707
6046dc3e
AG		 4708 restart_le_auto_conns(hdev);
4709
229ab39c
JH		 4710 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4711
4712 new_settings(hdev, match.sk);
4713
4714 hci_dev_unlock(hdev);
4715
4716 if (match.sk)
4717 sock_put(match.sk);
4718}
4719
70da6243 4720static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4721{
890ea898 4722 struct hci_request req;
70da6243 4723 u8 link_sec;
5add6af8 4724
890ea898
JH		 4725 hci_req_init(&req, hdev);
4726
70da6243
JH		 4727 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4728 !lmp_host_ssp_capable(hdev)) {
4729 u8 ssp = 1;
5e5282bb 4730
890ea898 4731 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4732 }
5add6af8 4733
c73eee91
JH		 4734 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4735 lmp_bredr_capable(hdev)) {
70da6243 4736 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4737
70da6243
JH		 4738 cp.le = 1;
4739 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4740
70da6243
JH		 4741 /* Check first if we already have the right
4742 * host state (host features set)
4743 */
4744 if (cp.le != lmp_host_le_capable(hdev) ||
4745 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4746 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4747 sizeof(cp), &cp);
70da6243 4748 }
3d1cbdd6 4749
d13eafce 4750 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 4751 /* Make sure the controller has a good default for
4752 * advertising data. This also applies to the case
4753 * where BR/EDR was toggled during the AUTO_OFF phase.
4754 */
f14d8f64 4755 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 4756 update_adv_data(&req);
f14d8f64
MH		 4757 update_scan_rsp_data(&req);
4758 }
441ad2d0 4759
bba3aa55
MH		 4760 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4761 enable_advertising(&req);
eeca6f89
JH		 4762 }
4763
70da6243
JH		 4764 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4765 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4766 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4767 sizeof(link_sec), &link_sec);
562fcc24 4768
70da6243 4769 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4770 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4771 set_bredr_scan(&req);
890ea898 4772 update_class(&req);
13928971 4773 update_name(&req);
890ea898 4774 update_eir(&req);
70da6243 4775 }
562fcc24 4776
229ab39c 4777 return hci_req_run(&req, powered_complete);
70da6243 4778}
562fcc24 4779
70da6243
JH		 4780int mgmt_powered(struct hci_dev *hdev, u8 powered)
4781{
4782 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4783 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4784 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4785 int err;
f0ff92fb 4786
70da6243
JH		 4787 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4788 return 0;
4789
70da6243 4790 if (powered) {
229ab39c
JH		 4791 if (powered_update_hci(hdev) == 0)
4792 return 0;
fe038884 4793
229ab39c
JH		 4794 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4795 &match);
4796 goto new_settings;
b24752fe
JH		 4797 }
4798
229ab39c
JH		 4799 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4800 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4801
4802 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4803 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4804 zero_cod, sizeof(zero_cod), NULL);
4805
4806new_settings:
beadb2bd 4807 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4808
4809 if (match.sk)
4810 sock_put(match.sk);
4811
7bb895d6 4812 return err;
5add6af8 4813}
73f22f62 4814
3eec705e 4815void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4816{
4817 struct pending_cmd *cmd;
4818 u8 status;
4819
4820 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4821 if (!cmd)
3eec705e 4822 return;
96570ffc
JH		 4823
4824 if (err == -ERFKILL)
4825 status = MGMT_STATUS_RFKILLED;
4826 else
4827 status = MGMT_STATUS_FAILED;
4828
3eec705e 4829 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4830
4831 mgmt_pending_remove(cmd);
96570ffc
JH		 4832}
4833
d1967ff8
MH		 4834void mgmt_discoverable_timeout(struct hci_dev *hdev)
4835{
4836 struct hci_request req;
d1967ff8
MH		 4837
4838 hci_dev_lock(hdev);
4839
4840 /* When discoverable timeout triggers, then just make sure
4841 * the limited discoverable flag is cleared. Even in the case
4842 * of a timeout triggered from general discoverable, it is
4843 * safe to unconditionally clear the flag.
4844 */
4845 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 4846 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 4847
4848 hci_req_init(&req, hdev);
4b580614
JH		 4849 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4850 u8 scan = SCAN_PAGE;
4851 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4852 sizeof(scan), &scan);
4853 }
d1967ff8 4854 update_class(&req);
9a43e25f 4855 update_adv_data(&req);
d1967ff8
MH		 4856 hci_req_run(&req, NULL);
4857
4858 hdev->discov_timeout = 0;
4859
9a43e25f
JH		 4860 new_settings(hdev, NULL);
4861
d1967ff8
MH		 4862 hci_dev_unlock(hdev);
4863}
4864
86a75645 4865void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4866{
86a75645 4867 bool changed;
73f22f62 4868
bfaf8c9f
JH		 4869 /* Nothing needed here if there's a pending command since that
4870 * commands request completion callback takes care of everything
4871 * necessary.
4872 */
4873 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 4874 return;
bfaf8c9f 4875
bd107999
JH		 4876 /* Powering off may clear the scan mode - don't let that interfere */
4877 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4878 return;
4879
9a43e25f 4880 if (discoverable) {
86a75645 4881 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4882 } else {
4883 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 4884 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4885 }
4886
4887 if (changed) {
4888 struct hci_request req;
4889
4890 /* In case this change in discoverable was triggered by
4891 * a disabling of connectable there could be a need to
4892 * update the advertising flags.
4893 */
4894 hci_req_init(&req, hdev);
4895 update_adv_data(&req);
4896 hci_req_run(&req, NULL);
73f22f62 4897
86a75645 4898 new_settings(hdev, NULL);
9a43e25f 4899 }
73f22f62 4900}
9fbcbb45 4901
a330916c 4902void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4903{
a330916c 4904 bool changed;
9fbcbb45 4905
d7b856f9
JH		 4906 /* Nothing needed here if there's a pending command since that
4907 * commands request completion callback takes care of everything
4908 * necessary.
4909 */
4910 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 4911 return;
d7b856f9 4912
ce3f24cf
JH		 4913 /* Powering off may clear the scan mode - don't let that interfere */
4914 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4915 return;
4916
a330916c
MH		 4917 if (connectable)
4918 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4919 else
4920 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 4921
beadb2bd 4922 if (changed)
a330916c 4923 new_settings(hdev, NULL);
9fbcbb45 4924}
55ed8ca1 4925
778b235a
JH		 4926void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
4927{
7c4cfab8
JH		 4928 /* Powering off may stop advertising - don't let that interfere */
4929 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4930 return;
4931
778b235a
JH		 4932 if (advertising)
4933 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4934 else
4935 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4936}
4937
4796e8af 4938void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4939{
ca69b795
JH		 4940 u8 mgmt_err = mgmt_status(status);
4941
2d7cee58 4942 if (scan & SCAN_PAGE)
744cf19e 4943 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4944 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4945
4946 if (scan & SCAN_INQUIRY)
744cf19e 4947 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4948 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4949}
4950
dc4a5ee2
MH		 4951void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4952 bool persistent)
55ed8ca1 4953{
86742e1e 4954 struct mgmt_ev_new_link_key ev;
55ed8ca1 4955
a492cd52 4956 memset(&ev, 0, sizeof(ev));
55ed8ca1 4957
a492cd52 4958 ev.store_hint = persistent;
d753fdc4 4959 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4960 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4961 ev.key.type = key->type;
9b3b4460 4962 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4963 ev.key.pin_len = key->pin_len;
55ed8ca1 4964
dc4a5ee2 4965 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4966}
f7520543 4967
ba74b666 4968void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key)
346af67b
VCG		 4969{
4970 struct mgmt_ev_new_long_term_key ev;
4971
4972 memset(&ev, 0, sizeof(ev));
4973
5192d301
MH		 4974 /* Devices using resolvable or non-resolvable random addresses
4975 * without providing an indentity resolving key don't require
4976 * to store long term keys. Their addresses will change the
4977 * next time around.
4978 *
4979 * Only when a remote device provides an identity address
4980 * make sure the long term key is stored. If the remote
4981 * identity is known, the long term keys are internally
4982 * mapped to the identity address. So allow static random
4983 * and public addresses here.
4984 */
ba74b666
JH		 4985 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
4986 (key->bdaddr.b[5] & 0xc0) != 0xc0)
4987 ev.store_hint = 0x00;
4988 else
4989 ev.store_hint = 0x01;
4990
346af67b 4991 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4992 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d40f3eef 4993 ev.key.type = key->authenticated;
346af67b
VCG		 4994 ev.key.enc_size = key->enc_size;
4995 ev.key.ediv = key->ediv;
4996
4997 if (key->type == HCI_SMP_LTK)
4998 ev.key.master = 1;
4999
5000 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
5001 memcpy(ev.key.val, key->val, sizeof(key->val));
5002
083368f7 5003 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 5004}
5005
95fbac8a
JH		 5006void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5007{
5008 struct mgmt_ev_new_irk ev;
5009
5010 memset(&ev, 0, sizeof(ev));
5011
bab6d1e5
MH		 5012 /* For identity resolving keys from devices that are already
5013 * using a public address or static random address, do not
5014 * ask for storing this key. The identity resolving key really
5015 * is only mandatory for devices using resovlable random
5016 * addresses.
5017 *
5018 * Storing all identity resolving keys has the downside that
5019 * they will be also loaded on next boot of they system. More
5020 * identity resolving keys, means more time during scanning is
5021 * needed to actually resolve these addresses.
5022 */
5023 if (bacmp(&irk->rpa, BDADDR_ANY))
5024 ev.store_hint = 0x01;
5025 else
5026 ev.store_hint = 0x00;
5027
95fbac8a
JH		 5028 bacpy(&ev.rpa, &irk->rpa);
5029 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5030 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5031 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5032
5033 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5034}
5035
94933991
MH		 5036static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5037 u8 data_len)
5038{
5039 eir[eir_len++] = sizeof(type) + data_len;
5040 eir[eir_len++] = type;
5041 memcpy(&eir[eir_len], data, data_len);
5042 eir_len += data_len;
5043
5044 return eir_len;
5045}
5046
ecd90ae7
MH		 5047void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5048 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5049 u8 *dev_class)
f7520543 5050{
b644ba33
JH		 5051 char buf[512];
5052 struct mgmt_ev_device_connected *ev = (void *) buf;
5053 u16 eir_len = 0;
f7520543 5054
b644ba33 5055 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5056 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 5057
c95f0ba7 5058 ev->flags = __cpu_to_le32(flags);
08c79b61 5059
b644ba33
JH		 5060 if (name_len > 0)
5061 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 5062 name, name_len);
b644ba33
JH		 5063
5064 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 5065 eir_len = eir_append_data(ev->eir, eir_len,
04124681 5066 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 5067
eb55ef07 5068 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 5069
ecd90ae7
MH		 5070 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5071 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 5072}
5073
8962ee74
JH		 5074static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5075{
c68fb7ff 5076 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 5077 struct sock **sk = data;
a38528f1 5078 struct mgmt_rp_disconnect rp;
8962ee74 5079
88c3df13
JH		 5080 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5081 rp.addr.type = cp->addr.type;
8962ee74 5082
aee9b218 5083 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 5084 sizeof(rp));
8962ee74
JH		 5085
5086 *sk = cmd->sk;
5087 sock_hold(*sk);
5088
a664b5bc 5089 mgmt_pending_remove(cmd);
8962ee74
JH		 5090}
5091
124f6e35 5092static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 5093{
b1078ad0 5094 struct hci_dev *hdev = data;
124f6e35
JH		 5095 struct mgmt_cp_unpair_device *cp = cmd->param;
5096 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 5097
5098 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 5099 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5100 rp.addr.type = cp->addr.type;
a8a1d19e 5101
b1078ad0
JH		 5102 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5103
aee9b218 5104 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 5105
5106 mgmt_pending_remove(cmd);
5107}
5108
9b80ec5e 5109void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 5110 u8 link_type, u8 addr_type, u8 reason,
5111 bool mgmt_connected)
f7520543 5112{
f0d6a0ea 5113 struct mgmt_ev_device_disconnected ev;
8b064a3a 5114 struct pending_cmd *power_off;
8962ee74 5115 struct sock *sk = NULL;
8962ee74 5116
8b064a3a
JH		 5117 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5118 if (power_off) {
5119 struct mgmt_mode *cp = power_off->param;
5120
5121 /* The connection is still in hci_conn_hash so test for 1
5122 * instead of 0 to know if this is the last one.
5123 */
5124 if (!cp->val && hci_conn_count(hdev) == 1)
5125 queue_work(hdev->req_workqueue, &hdev->power_off.work);
5126 }
5127
12d4a3b2
JH		 5128 if (!mgmt_connected)
5129 return;
5130
57eb776f
AG		 5131 if (link_type != ACL_LINK && link_type != LE_LINK)
5132 return;
5133
744cf19e 5134 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5135
f0d6a0ea
MA		 5136 bacpy(&ev.addr.bdaddr, bdaddr);
5137 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5138 ev.reason = reason;
f7520543 5139
9b80ec5e 5140 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5141
5142 if (sk)
d97dcb66 5143 sock_put(sk);
8962ee74 5144
124f6e35 5145 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5146 hdev);
8962ee74
JH		 5147}
5148
7892924c
MH		 5149void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5150 u8 link_type, u8 addr_type, u8 status)
8962ee74 5151{
3655bba8
AG		 5152 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5153 struct mgmt_cp_disconnect *cp;
88c3df13 5154 struct mgmt_rp_disconnect rp;
8962ee74 5155 struct pending_cmd *cmd;
8962ee74 5156
36a75f1b
JD		 5157 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5158 hdev);
5159
2e58ef3e 5160 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5161 if (!cmd)
7892924c 5162 return;
8962ee74 5163
3655bba8
AG		 5164 cp = cmd->param;
5165
5166 if (bacmp(bdaddr, &cp->addr.bdaddr))
5167 return;
5168
5169 if (cp->addr.type != bdaddr_type)
5170 return;
5171
88c3df13 5172 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5173 rp.addr.type = bdaddr_type;
37d9ef76 5174
7892924c
MH		 5175 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5176 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5177
a664b5bc 5178 mgmt_pending_remove(cmd);
f7520543 5179}
17d5c04c 5180
445608d0
MH		 5181void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5182 u8 addr_type, u8 status)
17d5c04c
JH		 5183{
5184 struct mgmt_ev_connect_failed ev;
5185
4c659c39 5186 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5187 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5188 ev.status = mgmt_status(status);
17d5c04c 5189
445608d0 5190 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5191}
980e1a53 5192
ce0e4a0d 5193void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 5194{
5195 struct mgmt_ev_pin_code_request ev;
5196
d8457698 5197 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 5198 ev.addr.type = BDADDR_BREDR;
a770bb5a 5199 ev.secure = secure;
980e1a53 5200
ce0e4a0d 5201 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 5202}
5203
e669cf80
MH		 5204void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5205 u8 status)
980e1a53
JH		 5206{
5207 struct pending_cmd *cmd;
ac56fb13 5208 struct mgmt_rp_pin_code_reply rp;
980e1a53 5209
2e58ef3e 5210 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 5211 if (!cmd)
e669cf80 5212 return;
980e1a53 5213
d8457698 5214 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5215 rp.addr.type = BDADDR_BREDR;
ac56fb13 5216
e669cf80
MH		 5217 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5218 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5219
a664b5bc 5220 mgmt_pending_remove(cmd);
980e1a53
JH		 5221}
5222
3eb38528
MH		 5223void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5224 u8 status)
980e1a53
JH		 5225{
5226 struct pending_cmd *cmd;
ac56fb13 5227 struct mgmt_rp_pin_code_reply rp;
980e1a53 5228
2e58ef3e 5229 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 5230 if (!cmd)
3eb38528 5231 return;
980e1a53 5232
d8457698 5233 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5234 rp.addr.type = BDADDR_BREDR;
ac56fb13 5235
3eb38528
MH		 5236 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5237 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5238
a664b5bc 5239 mgmt_pending_remove(cmd);
980e1a53 5240}
a5c29683 5241
744cf19e 5242int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 5243 u8 link_type, u8 addr_type, __le32 value,
5244 u8 confirm_hint)
a5c29683
JH		 5245{
5246 struct mgmt_ev_user_confirm_request ev;
5247
744cf19e 5248 BT_DBG("%s", hdev->name);
a5c29683 5249
272d90df 5250 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5251 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 5252 ev.confirm_hint = confirm_hint;
78e8098e 5253 ev.value = value;
a5c29683 5254
744cf19e 5255 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 5256 NULL);
a5c29683
JH		 5257}
5258
272d90df 5259int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 5260 u8 link_type, u8 addr_type)
604086b7
BG		 5261{
5262 struct mgmt_ev_user_passkey_request ev;
5263
5264 BT_DBG("%s", hdev->name);
5265
272d90df 5266 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5267 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 5268
5269 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 5270 NULL);
604086b7
BG		 5271}
5272
0df4c185 5273static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 5274 u8 link_type, u8 addr_type, u8 status,
5275 u8 opcode)
a5c29683
JH		 5276{
5277 struct pending_cmd *cmd;
5278 struct mgmt_rp_user_confirm_reply rp;
5279 int err;
5280
2e58ef3e 5281 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 5282 if (!cmd)
5283 return -ENOENT;
5284
272d90df 5285 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 5286 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 5287 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 5288 &rp, sizeof(rp));
a5c29683 5289
a664b5bc 5290 mgmt_pending_remove(cmd);
a5c29683
JH		 5291
5292 return err;
5293}
5294
744cf19e 5295int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5296 u8 link_type, u8 addr_type, u8 status)
a5c29683 5297{
272d90df 5298 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5299 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 5300}
5301
272d90df 5302int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5303 u8 link_type, u8 addr_type, u8 status)
a5c29683 5304{
272d90df 5305 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5306 status,
5307 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 5308}
2a611692 5309
604086b7 5310int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5311 u8 link_type, u8 addr_type, u8 status)
604086b7 5312{
272d90df 5313 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5314 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 5315}
5316
272d90df 5317int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5318 u8 link_type, u8 addr_type, u8 status)
604086b7 5319{
272d90df 5320 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5321 status,
5322 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 5323}
5324
92a25256
JH		 5325int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5326 u8 link_type, u8 addr_type, u32 passkey,
5327 u8 entered)
5328{
5329 struct mgmt_ev_passkey_notify ev;
5330
5331 BT_DBG("%s", hdev->name);
5332
5333 bacpy(&ev.addr.bdaddr, bdaddr);
5334 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5335 ev.passkey = __cpu_to_le32(passkey);
5336 ev.entered = entered;
5337
5338 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5339}
5340
e546099c
MH		 5341void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5342 u8 addr_type, u8 status)
2a611692
JH		 5343{
5344 struct mgmt_ev_auth_failed ev;
5345
bab73cb6 5346 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5347 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5348 ev.status = mgmt_status(status);
2a611692 5349
e546099c 5350 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 5351}
b312b161 5352
464996ae 5353void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 5354{
5355 struct cmd_lookup match = { NULL, hdev };
464996ae 5356 bool changed;
33ef95ed
JH		 5357
5358 if (status) {
5359 u8 mgmt_err = mgmt_status(status);
5360 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 5361 cmd_status_rsp, &mgmt_err);
464996ae 5362 return;
33ef95ed
JH		 5363 }
5364
464996ae
MH		 5365 if (test_bit(HCI_AUTH, &hdev->flags))
5366 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5367 &hdev->dev_flags);
5368 else
5369 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5370 &hdev->dev_flags);
47990ea0 5371
33ef95ed 5372 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 5373 &match);
33ef95ed 5374
47990ea0 5375 if (changed)
464996ae 5376 new_settings(hdev, match.sk);
33ef95ed
JH		 5377
5378 if (match.sk)
5379 sock_put(match.sk);
33ef95ed
JH		 5380}
5381
890ea898 5382static void clear_eir(struct hci_request *req)
cacaf52f 5383{
890ea898 5384 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 5385 struct hci_cp_write_eir cp;
5386
976eb20e 5387 if (!lmp_ext_inq_capable(hdev))
890ea898 5388 return;
cacaf52f 5389
c80da27e
JH		 5390 memset(hdev->eir, 0, sizeof(hdev->eir));
5391
cacaf52f
JH		 5392 memset(&cp, 0, sizeof(cp));
5393
890ea898 5394 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 5395}
5396
3e248560 5397void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 5398{
5399 struct cmd_lookup match = { NULL, hdev };
890ea898 5400 struct hci_request req;
c0ecddc2 5401 bool changed = false;
ed2c4ee3
JH		 5402
5403 if (status) {
5404 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 5405
5406 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 5407 &hdev->dev_flags)) {
5408 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 5409 new_settings(hdev, NULL);
9ecb3e24 5410 }
c0ecddc2 5411
04124681
GP		 5412 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5413 &mgmt_err);
3e248560 5414 return;
c0ecddc2
JH		 5415 }
5416
5417 if (enable) {
9ecb3e24 5418 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 5419 } else {
9ecb3e24
MH		 5420 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5421 if (!changed)
5422 changed = test_and_clear_bit(HCI_HS_ENABLED,
5423 &hdev->dev_flags);
5424 else
5425 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 5426 }
5427
5428 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5429
c0ecddc2 5430 if (changed)
3e248560 5431 new_settings(hdev, match.sk);
ed2c4ee3 5432
5fc6ebb1 5433 if (match.sk)
ed2c4ee3
JH		 5434 sock_put(match.sk);
5435
890ea898
JH		 5436 hci_req_init(&req, hdev);
5437
5fc6ebb1 5438 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 5439 update_eir(&req);
5fc6ebb1 5440 else
890ea898
JH		 5441 clear_eir(&req);
5442
5443 hci_req_run(&req, NULL);
ed2c4ee3
JH		 5444}
5445
eac83dc6
MH		 5446void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5447{
5448 struct cmd_lookup match = { NULL, hdev };
5449 bool changed = false;
5450
5451 if (status) {
5452 u8 mgmt_err = mgmt_status(status);
5453
0ab04a9c
MH		 5454 if (enable) {
5455 if (test_and_clear_bit(HCI_SC_ENABLED,
5456 &hdev->dev_flags))
5457 new_settings(hdev, NULL);
5458 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5459 }
eac83dc6
MH		 5460
5461 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5462 cmd_status_rsp, &mgmt_err);
5463 return;
5464 }
5465
0ab04a9c 5466 if (enable) {
eac83dc6 5467 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 5468 } else {
eac83dc6 5469 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 5470 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5471 }
eac83dc6
MH		 5472
5473 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5474 settings_rsp, &match);
5475
5476 if (changed)
5477 new_settings(hdev, match.sk);
5478
5479 if (match.sk)
5480 sock_put(match.sk);
5481}
5482
92da6097 5483static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 5484{
5485 struct cmd_lookup *match = data;
5486
90e70454
JH		 5487 if (match->sk == NULL) {
5488 match->sk = cmd->sk;
5489 sock_hold(match->sk);
5490 }
90e70454
JH		 5491}
5492
4e1b0245
MH		 5493void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5494 u8 status)
7f9a903c 5495{
90e70454 5496 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 5497
92da6097
JH		 5498 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5499 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5500 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 5501
5502 if (!status)
4e1b0245
MH		 5503 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5504 NULL);
90e70454
JH		 5505
5506 if (match.sk)
5507 sock_put(match.sk);
7f9a903c
MH		 5508}
5509
7667da34 5510void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 5511{
b312b161 5512 struct mgmt_cp_set_local_name ev;
13928971 5513 struct pending_cmd *cmd;
28cc7bde 5514
13928971 5515 if (status)
7667da34 5516 return;
b312b161
JH		 5517
5518 memset(&ev, 0, sizeof(ev));
5519 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 5520 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 5521
2e58ef3e 5522 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 5523 if (!cmd) {
5524 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 5525
13928971
JH		 5526 /* If this is a HCI command related to powering on the
5527 * HCI dev don't send any mgmt signals.
5528 */
5529 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 5530 return;
890ea898 5531 }
b312b161 5532
7667da34
MH		 5533 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5534 cmd ? cmd->sk : NULL);
b312b161 5535}
c35938b2 5536
4d2d2796
MH		 5537void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5538 u8 *randomizer192, u8 *hash256,
5539 u8 *randomizer256, u8 status)
c35938b2
SJ		 5540{
5541 struct pending_cmd *cmd;
c35938b2 5542
744cf19e 5543 BT_DBG("%s status %u", hdev->name, status);
c35938b2 5544
2e58ef3e 5545 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 5546 if (!cmd)
3edaf092 5547 return;
c35938b2
SJ		 5548
5549 if (status) {
3edaf092
MH		 5550 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5551 mgmt_status(status));
c35938b2 5552 } else {
4d2d2796
MH		 5553 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5554 hash256 && randomizer256) {
5555 struct mgmt_rp_read_local_oob_ext_data rp;
5556
5557 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5558 memcpy(rp.randomizer192, randomizer192,
5559 sizeof(rp.randomizer192));
c35938b2 5560
4d2d2796
MH		 5561 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5562 memcpy(rp.randomizer256, randomizer256,
5563 sizeof(rp.randomizer256));
c35938b2 5564
4d2d2796
MH		 5565 cmd_complete(cmd->sk, hdev->id,
5566 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5567 &rp, sizeof(rp));
5568 } else {
5569 struct mgmt_rp_read_local_oob_data rp;
5570
5571 memcpy(rp.hash, hash192, sizeof(rp.hash));
5572 memcpy(rp.randomizer, randomizer192,
5573 sizeof(rp.randomizer));
5574
5575 cmd_complete(cmd->sk, hdev->id,
5576 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5577 &rp, sizeof(rp));
5578 }
c35938b2
SJ		 5579 }
5580
5581 mgmt_pending_remove(cmd);
c35938b2 5582}
e17acd40 5583
901801b9
MH		 5584void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5585 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
5586 ssp, u8 *eir, u16 eir_len)
e17acd40 5587{
e319d2e7
JH		 5588 char buf[512];
5589 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 5590 struct smp_irk *irk;
1dc06093 5591 size_t ev_size;
e17acd40 5592
12602d0c 5593 if (!hci_discovery_active(hdev))
901801b9 5594 return;
12602d0c 5595
1dc06093
JH		 5596 /* Leave 5 bytes for a potential CoD field */
5597 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 5598 return;
7d262f86 5599
1dc06093
JH		 5600 memset(buf, 0, sizeof(buf));
5601
5cedbb8d
JH		 5602 irk = hci_get_irk(hdev, bdaddr, addr_type);
5603 if (irk) {
5604 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5605 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5606 } else {
5607 bacpy(&ev->addr.bdaddr, bdaddr);
5608 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5609 }
5610
e319d2e7 5611 ev->rssi = rssi;
9a395a80 5612 if (cfm_name)
612dfce9 5613 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 5614 if (!ssp)
612dfce9 5615 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 5616
1dc06093 5617 if (eir_len > 0)
e319d2e7 5618 memcpy(ev->eir, eir, eir_len);
e17acd40 5619
1dc06093
JH		 5620 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5621 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 5622 dev_class, 3);
1dc06093 5623
eb55ef07 5624 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 5625 ev_size = sizeof(*ev) + eir_len;
f8523598 5626
901801b9 5627 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 5628}
a88a9652 5629
9cf12aee
MH		 5630void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5631 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 5632{
b644ba33
JH		 5633 struct mgmt_ev_device_found *ev;
5634 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5635 u16 eir_len;
a88a9652 5636
b644ba33 5637 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 5638
b644ba33
JH		 5639 memset(buf, 0, sizeof(buf));
5640
5641 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5642 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 5643 ev->rssi = rssi;
5644
5645 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 5646 name_len);
b644ba33 5647
eb55ef07 5648 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 5649
9cf12aee 5650 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 5651}
314b2381 5652
2f1e063b 5653void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 5654{
f963e8e9 5655 struct mgmt_ev_discovering ev;
164a6e78
JH		 5656 struct pending_cmd *cmd;
5657
343fb145
AG		 5658 BT_DBG("%s discovering %u", hdev->name, discovering);
5659
164a6e78 5660 if (discovering)
2e58ef3e 5661 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 5662 else
2e58ef3e 5663 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 5664
5665 if (cmd != NULL) {
f808e166
JH		 5666 u8 type = hdev->discovery.type;
5667
04124681
GP		 5668 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5669 sizeof(type));
164a6e78
JH		 5670 mgmt_pending_remove(cmd);
5671 }
5672
f963e8e9
JH		 5673 memset(&ev, 0, sizeof(ev));
5674 ev.type = hdev->discovery.type;
5675 ev.discovering = discovering;
5676
2f1e063b 5677 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 5678}
5e762444 5679
88c1fe4b 5680int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5681{
5682 struct pending_cmd *cmd;
5683 struct mgmt_ev_device_blocked ev;
5684
2e58ef3e 5685 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 5686
88c1fe4b
JH		 5687 bacpy(&ev.addr.bdaddr, bdaddr);
5688 ev.addr.type = type;
5e762444 5689
744cf19e 5690 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 5691 cmd ? cmd->sk : NULL);
5e762444
AJ		 5692}
5693
88c1fe4b 5694int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5695{
5696 struct pending_cmd *cmd;
5697 struct mgmt_ev_device_unblocked ev;
5698
2e58ef3e 5699 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 5700
88c1fe4b
JH		 5701 bacpy(&ev.addr.bdaddr, bdaddr);
5702 ev.addr.type = type;
5e762444 5703
744cf19e 5704 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 5705 cmd ? cmd->sk : NULL);
5e762444 5706}
5976e608
MH		 5707
5708static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5709{
5710 BT_DBG("%s status %u", hdev->name, status);
5711
5712 /* Clear the advertising mgmt setting if we failed to re-enable it */
5713 if (status) {
5714 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5715 new_settings(hdev, NULL);
5976e608
MH		 5716 }
5717}
5718
5719void mgmt_reenable_advertising(struct hci_dev *hdev)
5720{
5721 struct hci_request req;
5722
b145edcd 5723 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 5724 return;
5725
5726 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5727 return;
5728
5729 hci_req_init(&req, hdev);
5730 enable_advertising(&req);
5731
5732 /* If this fails we have no option but to let user space know
5733 * that we've disabled advertising.
5734 */
5735 if (hci_req_run(&req, adv_enable_complete) < 0) {
5736 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5737 new_settings(hdev, NULL);
5976e608
MH		 5738 }
5739}
Linux kernel - Deliverables
This page took 0.621245 seconds and 5 git commands to generate.