projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Update hci_disconnect() to return an error value
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
730f091b 38#define MGMT_REVISION 7
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 47 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 89 MGMT_OP_ADD_DEVICE,
90 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 91 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 92 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 93 MGMT_OP_READ_CONFIG_INFO,
dbece37a 94 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 95 MGMT_OP_SET_PUBLIC_ADDRESS,
e70bb2e8
JH		 96};
97
98static const u16 mgmt_events[] = {
99 MGMT_EV_CONTROLLER_ERROR,
100 MGMT_EV_INDEX_ADDED,
101 MGMT_EV_INDEX_REMOVED,
102 MGMT_EV_NEW_SETTINGS,
103 MGMT_EV_CLASS_OF_DEV_CHANGED,
104 MGMT_EV_LOCAL_NAME_CHANGED,
105 MGMT_EV_NEW_LINK_KEY,
106 MGMT_EV_NEW_LONG_TERM_KEY,
107 MGMT_EV_DEVICE_CONNECTED,
108 MGMT_EV_DEVICE_DISCONNECTED,
109 MGMT_EV_CONNECT_FAILED,
110 MGMT_EV_PIN_CODE_REQUEST,
111 MGMT_EV_USER_CONFIRM_REQUEST,
112 MGMT_EV_USER_PASSKEY_REQUEST,
113 MGMT_EV_AUTH_FAILED,
114 MGMT_EV_DEVICE_FOUND,
115 MGMT_EV_DISCOVERING,
116 MGMT_EV_DEVICE_BLOCKED,
117 MGMT_EV_DEVICE_UNBLOCKED,
118 MGMT_EV_DEVICE_UNPAIRED,
92a25256 119 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 120 MGMT_EV_NEW_IRK,
7ee4ea36 121 MGMT_EV_NEW_CSRK,
8afef092
MH		 122 MGMT_EV_DEVICE_ADDED,
123 MGMT_EV_DEVICE_REMOVED,
ffb5a827 124 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 125 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 126 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 127 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 128};
129
17b02e62 130#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 131
eec8d2bc
JH		 132struct pending_cmd {
133 struct list_head list;
fc2f4b13 134 u16 opcode;
eec8d2bc 135 int index;
c68fb7ff 136 void *param;
eec8d2bc 137 struct sock *sk;
e9a416b5 138 void *user_data;
eec8d2bc
JH		 139};
140
ca69b795
JH		 141/* HCI to MGMT error code conversion table */
142static u8 mgmt_status_table[] = {
143 MGMT_STATUS_SUCCESS,
144 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
145 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
146 MGMT_STATUS_FAILED, /* Hardware Failure */
147 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
148 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 149 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 150 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
151 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
152 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
153 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
154 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
155 MGMT_STATUS_BUSY, /* Command Disallowed */
156 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
157 MGMT_STATUS_REJECTED, /* Rejected Security */
158 MGMT_STATUS_REJECTED, /* Rejected Personal */
159 MGMT_STATUS_TIMEOUT, /* Host Timeout */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
161 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
162 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
163 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
164 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
165 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
166 MGMT_STATUS_BUSY, /* Repeated Attempts */
167 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
168 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
169 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
170 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
171 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
172 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
173 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
174 MGMT_STATUS_FAILED, /* Unspecified Error */
175 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
176 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
177 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
178 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
179 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
180 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
181 MGMT_STATUS_FAILED, /* Unit Link Key Used */
182 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
183 MGMT_STATUS_TIMEOUT, /* Instant Passed */
184 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
185 MGMT_STATUS_FAILED, /* Transaction Collision */
186 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
187 MGMT_STATUS_REJECTED, /* QoS Rejected */
188 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
189 MGMT_STATUS_REJECTED, /* Insufficient Security */
190 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
191 MGMT_STATUS_BUSY, /* Role Switch Pending */
192 MGMT_STATUS_FAILED, /* Slot Violation */
193 MGMT_STATUS_FAILED, /* Role Switch Failed */
194 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
195 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
196 MGMT_STATUS_BUSY, /* Host Busy Pairing */
197 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
198 MGMT_STATUS_BUSY, /* Controller Busy */
199 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
200 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
201 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
202 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
203 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
204};
205
206static u8 mgmt_status(u8 hci_status)
207{
208 if (hci_status < ARRAY_SIZE(mgmt_status_table))
209 return mgmt_status_table[hci_status];
210
211 return MGMT_STATUS_FAILED;
212}
213
04c60f05
MH		 214static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
215 struct sock *skip_sk)
216{
217 struct sk_buff *skb;
218 struct mgmt_hdr *hdr;
219
220 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
221 if (!skb)
222 return -ENOMEM;
223
224 hdr = (void *) skb_put(skb, sizeof(*hdr));
225 hdr->opcode = cpu_to_le16(event);
226 if (hdev)
227 hdr->index = cpu_to_le16(hdev->id);
228 else
229 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
230 hdr->len = cpu_to_le16(data_len);
231
232 if (data)
233 memcpy(skb_put(skb, data_len), data, data_len);
234
235 /* Time stamp */
236 __net_timestamp(skb);
237
238 hci_send_to_control(skb, skip_sk);
239 kfree_skb(skb);
240
241 return 0;
242}
243
4e51eae9 244static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 245{
246 struct sk_buff *skb;
247 struct mgmt_hdr *hdr;
248 struct mgmt_ev_cmd_status *ev;
56b7d137 249 int err;
f7b64e69 250
34eb525c 251 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 252
790eff44 253 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 254 if (!skb)
255 return -ENOMEM;
256
257 hdr = (void *) skb_put(skb, sizeof(*hdr));
258
dcf4adbf 259 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 260 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 261 hdr->len = cpu_to_le16(sizeof(*ev));
262
263 ev = (void *) skb_put(skb, sizeof(*ev));
264 ev->status = status;
eb55ef07 265 ev->opcode = cpu_to_le16(cmd);
f7b64e69 266
56b7d137
GP		 267 err = sock_queue_rcv_skb(sk, skb);
268 if (err < 0)
f7b64e69
JH		 269 kfree_skb(skb);
270
56b7d137 271 return err;
f7b64e69
JH		 272}
273
aee9b218 274static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 275 void *rp, size_t rp_len)
02d98129
JH		 276{
277 struct sk_buff *skb;
278 struct mgmt_hdr *hdr;
279 struct mgmt_ev_cmd_complete *ev;
56b7d137 280 int err;
02d98129
JH		 281
282 BT_DBG("sock %p", sk);
283
790eff44 284 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 285 if (!skb)
286 return -ENOMEM;
287
288 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 289
dcf4adbf 290 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 291 hdr->index = cpu_to_le16(index);
a38528f1 292 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 293
a38528f1 294 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 295 ev->opcode = cpu_to_le16(cmd);
aee9b218 296 ev->status = status;
8020c16a
SJ		 297
298 if (rp)
299 memcpy(ev->data, rp, rp_len);
02d98129 300
56b7d137
GP		 301 err = sock_queue_rcv_skb(sk, skb);
302 if (err < 0)
02d98129
JH		 303 kfree_skb(skb);
304
e5f0e151 305 return err;
02d98129
JH		 306}
307
04124681
GP		 308static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
309 u16 data_len)
a38528f1
JH		 310{
311 struct mgmt_rp_read_version rp;
312
313 BT_DBG("sock %p", sk);
314
315 rp.version = MGMT_VERSION;
dcf4adbf 316 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 317
aee9b218 318 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 319 sizeof(rp));
a38528f1
JH		 320}
321
04124681
GP		 322static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
323 u16 data_len)
e70bb2e8
JH		 324{
325 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 326 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
327 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 328 __le16 *opcode;
e70bb2e8
JH		 329 size_t rp_size;
330 int i, err;
331
332 BT_DBG("sock %p", sk);
333
334 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
335
336 rp = kmalloc(rp_size, GFP_KERNEL);
337 if (!rp)
338 return -ENOMEM;
339
dcf4adbf
JP		 340 rp->num_commands = cpu_to_le16(num_commands);
341 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 342
343 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
344 put_unaligned_le16(mgmt_commands[i], opcode);
345
346 for (i = 0; i < num_events; i++, opcode++)
347 put_unaligned_le16(mgmt_events[i], opcode);
348
aee9b218 349 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 350 rp_size);
e70bb2e8
JH		 351 kfree(rp);
352
353 return err;
354}
355
04124681
GP		 356static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
357 u16 data_len)
faba42eb 358{
faba42eb 359 struct mgmt_rp_read_index_list *rp;
8035ded4 360 struct hci_dev *d;
a38528f1 361 size_t rp_len;
faba42eb 362 u16 count;
476e44cb 363 int err;
faba42eb
JH		 364
365 BT_DBG("sock %p", sk);
366
367 read_lock(&hci_dev_list_lock);
368
369 count = 0;
bb4b2a9a 370 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 371 if (d->dev_type == HCI_BREDR &&
372 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 373 count++;
faba42eb
JH		 374 }
375
a38528f1
JH		 376 rp_len = sizeof(*rp) + (2 * count);
377 rp = kmalloc(rp_len, GFP_ATOMIC);
378 if (!rp) {
b2c60d42 379 read_unlock(&hci_dev_list_lock);
faba42eb 380 return -ENOMEM;
b2c60d42 381 }
faba42eb 382
476e44cb 383 count = 0;
8035ded4 384 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 385 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 386 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 387 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 388 continue;
389
73d1df2a
MH		 390 /* Devices marked as raw-only are neither configured
391 * nor unconfigured controllers.
392 */
393 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 394 continue;
395
73d1df2a
MH		 396 if (d->dev_type == HCI_BREDR &&
397 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 398 rp->index[count++] = cpu_to_le16(d->id);
399 BT_DBG("Added hci%u", d->id);
400 }
faba42eb
JH		 401 }
402
476e44cb
JH		 403 rp->num_controllers = cpu_to_le16(count);
404 rp_len = sizeof(*rp) + (2 * count);
405
faba42eb
JH		 406 read_unlock(&hci_dev_list_lock);
407
aee9b218 408 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 409 rp_len);
faba42eb 410
a38528f1
JH		 411 kfree(rp);
412
413 return err;
faba42eb
JH		 414}
415
73d1df2a
MH		 416static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
417 void *data, u16 data_len)
418{
419 struct mgmt_rp_read_unconf_index_list *rp;
420 struct hci_dev *d;
421 size_t rp_len;
422 u16 count;
423 int err;
424
425 BT_DBG("sock %p", sk);
426
427 read_lock(&hci_dev_list_lock);
428
429 count = 0;
430 list_for_each_entry(d, &hci_dev_list, list) {
431 if (d->dev_type == HCI_BREDR &&
432 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
433 count++;
434 }
435
436 rp_len = sizeof(*rp) + (2 * count);
437 rp = kmalloc(rp_len, GFP_ATOMIC);
438 if (!rp) {
439 read_unlock(&hci_dev_list_lock);
440 return -ENOMEM;
441 }
442
443 count = 0;
444 list_for_each_entry(d, &hci_dev_list, list) {
445 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 446 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 447 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
448 continue;
449
450 /* Devices marked as raw-only are neither configured
451 * nor unconfigured controllers.
452 */
453 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
454 continue;
455
456 if (d->dev_type == HCI_BREDR &&
457 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
458 rp->index[count++] = cpu_to_le16(d->id);
459 BT_DBG("Added hci%u", d->id);
460 }
461 }
462
463 rp->num_controllers = cpu_to_le16(count);
464 rp_len = sizeof(*rp) + (2 * count);
465
466 read_unlock(&hci_dev_list_lock);
467
468 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
469 0, rp, rp_len);
470
471 kfree(rp);
472
473 return err;
474}
475
dbece37a
MH		 476static bool is_configured(struct hci_dev *hdev)
477{
478 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
479 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
480 return false;
481
482 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
483 !bacmp(&hdev->public_addr, BDADDR_ANY))
484 return false;
485
486 return true;
487}
488
89bc22d2
MH		 489static __le32 get_missing_options(struct hci_dev *hdev)
490{
491 u32 options = 0;
492
dbece37a
MH		 493 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
494 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 495 options |= MGMT_OPTION_EXTERNAL_CONFIG;
496
89bc22d2
MH		 497 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
498 !bacmp(&hdev->public_addr, BDADDR_ANY))
499 options |= MGMT_OPTION_PUBLIC_ADDRESS;
500
501 return cpu_to_le32(options);
502}
503
f4537c04
MH		 504static int new_options(struct hci_dev *hdev, struct sock *skip)
505{
506 __le32 options = get_missing_options(hdev);
507
508 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
509 sizeof(options), skip);
510}
511
dbece37a
MH		 512static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
513{
514 __le32 options = get_missing_options(hdev);
515
516 return cmd_complete(sk, hdev->id, opcode, 0, &options,
517 sizeof(options));
518}
519
9fc3bfb6
MH		 520static int read_config_info(struct sock *sk, struct hci_dev *hdev,
521 void *data, u16 data_len)
522{
523 struct mgmt_rp_read_config_info rp;
89bc22d2 524 u32 options = 0;
9fc3bfb6
MH		 525
526 BT_DBG("sock %p %s", sk, hdev->name);
527
528 hci_dev_lock(hdev);
529
530 memset(&rp, 0, sizeof(rp));
531 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 532
eb1904f4
MH		 533 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
534 options |= MGMT_OPTION_EXTERNAL_CONFIG;
535
9fc3bfb6 536 if (hdev->set_bdaddr)
89bc22d2
MH		 537 options |= MGMT_OPTION_PUBLIC_ADDRESS;
538
539 rp.supported_options = cpu_to_le32(options);
540 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 541
542 hci_dev_unlock(hdev);
543
544 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
545 sizeof(rp));
546}
547
69ab39ea
JH		 548static u32 get_supported_settings(struct hci_dev *hdev)
549{
550 u32 settings = 0;
551
552 settings |= MGMT_SETTING_POWERED;
b2939475 553 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 554 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 555 settings |= MGMT_SETTING_CONNECTABLE;
556 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 557
ed3fa31f 558 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 559 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
560 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 561 settings |= MGMT_SETTING_BREDR;
562 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 563
564 if (lmp_ssp_capable(hdev)) {
565 settings |= MGMT_SETTING_SSP;
566 settings |= MGMT_SETTING_HS;
567 }
e98d2ce2 568
5afeac14 569 if (lmp_sc_capable(hdev) ||
111902f7 570 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 571 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 572 }
d7b7e796 573
eeca6f89 574 if (lmp_le_capable(hdev)) {
9d42820f 575 settings |= MGMT_SETTING_LE;
eeca6f89 576 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 577 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 578 }
69ab39ea 579
eb1904f4
MH		 580 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
581 hdev->set_bdaddr)
9fc3bfb6
MH		 582 settings |= MGMT_SETTING_CONFIGURATION;
583
69ab39ea
JH		 584 return settings;
585}
586
587static u32 get_current_settings(struct hci_dev *hdev)
588{
589 u32 settings = 0;
590
f1f0eb02 591 if (hdev_is_powered(hdev))
f0d4b78a
MH		 592 settings |= MGMT_SETTING_POWERED;
593
5e5282bb 594 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 595 settings |= MGMT_SETTING_CONNECTABLE;
596
1a4d3c4b
JH		 597 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
598 settings |= MGMT_SETTING_FAST_CONNECTABLE;
599
5e5282bb 600 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 601 settings |= MGMT_SETTING_DISCOVERABLE;
602
b6ae8457 603 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
b2939475 604 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 605
56f87901 606 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 607 settings |= MGMT_SETTING_BREDR;
608
06199cf8 609 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 610 settings |= MGMT_SETTING_LE;
611
47990ea0 612 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 613 settings |= MGMT_SETTING_LINK_SECURITY;
614
84bde9d6 615 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 616 settings |= MGMT_SETTING_SSP;
617
6d80dfd0
JH		 618 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
619 settings |= MGMT_SETTING_HS;
620
f3d3444a 621 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 622 settings |= MGMT_SETTING_ADVERTISING;
623
e98d2ce2
MH		 624 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
625 settings |= MGMT_SETTING_SECURE_CONN;
626
0663b297 627 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 628 settings |= MGMT_SETTING_DEBUG_KEYS;
629
0f4bd942
JH		 630 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
631 settings |= MGMT_SETTING_PRIVACY;
632
69ab39ea
JH		 633 return settings;
634}
635
ef580372
JH		 636#define PNP_INFO_SVCLASS_ID 0x1200
637
213202ed
JH		 638static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
639{
640 u8 *ptr = data, *uuids_start = NULL;
641 struct bt_uuid *uuid;
642
643 if (len < 4)
644 return ptr;
645
646 list_for_each_entry(uuid, &hdev->uuids, list) {
647 u16 uuid16;
648
649 if (uuid->size != 16)
650 continue;
651
652 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
653 if (uuid16 < 0x1100)
654 continue;
655
656 if (uuid16 == PNP_INFO_SVCLASS_ID)
657 continue;
658
659 if (!uuids_start) {
660 uuids_start = ptr;
661 uuids_start[0] = 1;
662 uuids_start[1] = EIR_UUID16_ALL;
663 ptr += 2;
664 }
665
666 /* Stop if not enough space to put next UUID */
667 if ((ptr - data) + sizeof(u16) > len) {
668 uuids_start[1] = EIR_UUID16_SOME;
669 break;
670 }
671
672 *ptr++ = (uuid16 & 0x00ff);
673 *ptr++ = (uuid16 & 0xff00) >> 8;
674 uuids_start[0] += sizeof(uuid16);
675 }
676
677 return ptr;
678}
679
cdf1963f
JH		 680static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
681{
682 u8 *ptr = data, *uuids_start = NULL;
683 struct bt_uuid *uuid;
684
685 if (len < 6)
686 return ptr;
687
688 list_for_each_entry(uuid, &hdev->uuids, list) {
689 if (uuid->size != 32)
690 continue;
691
692 if (!uuids_start) {
693 uuids_start = ptr;
694 uuids_start[0] = 1;
695 uuids_start[1] = EIR_UUID32_ALL;
696 ptr += 2;
697 }
698
699 /* Stop if not enough space to put next UUID */
700 if ((ptr - data) + sizeof(u32) > len) {
701 uuids_start[1] = EIR_UUID32_SOME;
702 break;
703 }
704
705 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
706 ptr += sizeof(u32);
707 uuids_start[0] += sizeof(u32);
708 }
709
710 return ptr;
711}
712
c00d575b
JH		 713static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
714{
715 u8 *ptr = data, *uuids_start = NULL;
716 struct bt_uuid *uuid;
717
718 if (len < 18)
719 return ptr;
720
721 list_for_each_entry(uuid, &hdev->uuids, list) {
722 if (uuid->size != 128)
723 continue;
724
725 if (!uuids_start) {
726 uuids_start = ptr;
727 uuids_start[0] = 1;
728 uuids_start[1] = EIR_UUID128_ALL;
729 ptr += 2;
730 }
731
732 /* Stop if not enough space to put next UUID */
733 if ((ptr - data) + 16 > len) {
734 uuids_start[1] = EIR_UUID128_SOME;
735 break;
736 }
737
738 memcpy(ptr, uuid->uuid, 16);
739 ptr += 16;
740 uuids_start[0] += 16;
741 }
742
743 return ptr;
744}
745
eb2a8d20
JH		 746static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
747{
748 struct pending_cmd *cmd;
749
750 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
751 if (cmd->opcode == opcode)
752 return cmd;
753 }
754
755 return NULL;
756}
757
95868426
JH		 758static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
759 struct hci_dev *hdev,
760 const void *data)
761{
762 struct pending_cmd *cmd;
763
764 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
765 if (cmd->user_data != data)
766 continue;
767 if (cmd->opcode == opcode)
768 return cmd;
769 }
770
771 return NULL;
772}
773
f14d8f64
MH		 774static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
775{
7a5f4990
MH		 776 u8 ad_len = 0;
777 size_t name_len;
778
779 name_len = strlen(hdev->dev_name);
780 if (name_len > 0) {
781 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
782
783 if (name_len > max_len) {
784 name_len = max_len;
785 ptr[1] = EIR_NAME_SHORT;
786 } else
787 ptr[1] = EIR_NAME_COMPLETE;
788
789 ptr[0] = name_len + 1;
790
791 memcpy(ptr + 2, hdev->dev_name, name_len);
792
793 ad_len += (name_len + 2);
794 ptr += (name_len + 2);
795 }
796
797 return ad_len;
f14d8f64
MH		 798}
799
800static void update_scan_rsp_data(struct hci_request *req)
801{
802 struct hci_dev *hdev = req->hdev;
803 struct hci_cp_le_set_scan_rsp_data cp;
804 u8 len;
805
7751ef1b 806 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 807 return;
808
809 memset(&cp, 0, sizeof(cp));
810
811 len = create_scan_rsp_data(hdev, cp.data);
812
eb438b5f
JH		 813 if (hdev->scan_rsp_data_len == len &&
814 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 815 return;
816
eb438b5f
JH		 817 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
818 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 819
820 cp.length = len;
821
822 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
823}
824
9a43e25f
JH		 825static u8 get_adv_discov_flags(struct hci_dev *hdev)
826{
827 struct pending_cmd *cmd;
828
829 /* If there's a pending mgmt command the flags will not yet have
830 * their final values, so check for this first.
831 */
832 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
833 if (cmd) {
834 struct mgmt_mode *cp = cmd->param;
835 if (cp->val == 0x01)
836 return LE_AD_GENERAL;
837 else if (cp->val == 0x02)
838 return LE_AD_LIMITED;
839 } else {
840 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
841 return LE_AD_LIMITED;
842 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
843 return LE_AD_GENERAL;
844 }
845
846 return 0;
847}
848
46cad2ed 849static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 850{
851 u8 ad_len = 0, flags = 0;
441ad2d0 852
9a43e25f 853 flags |= get_adv_discov_flags(hdev);
441ad2d0 854
e834004b 855 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 856 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 857
858 if (flags) {
859 BT_DBG("adv flags 0x%02x", flags);
860
861 ptr[0] = 2;
862 ptr[1] = EIR_FLAGS;
863 ptr[2] = flags;
864
865 ad_len += 3;
866 ptr += 3;
867 }
868
869 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
870 ptr[0] = 2;
871 ptr[1] = EIR_TX_POWER;
872 ptr[2] = (u8) hdev->adv_tx_power;
873
874 ad_len += 3;
875 ptr += 3;
876 }
877
441ad2d0
MH		 878 return ad_len;
879}
880
5947f4bc 881static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 882{
883 struct hci_dev *hdev = req->hdev;
884 struct hci_cp_le_set_adv_data cp;
885 u8 len;
886
10994ce6 887 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 888 return;
889
890 memset(&cp, 0, sizeof(cp));
891
46cad2ed 892 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 893
894 if (hdev->adv_data_len == len &&
895 memcmp(cp.data, hdev->adv_data, len) == 0)
896 return;
897
898 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
899 hdev->adv_data_len = len;
900
901 cp.length = len;
902
903 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
904}
905
bc6d2d04
JH		 906int mgmt_update_adv_data(struct hci_dev *hdev)
907{
908 struct hci_request req;
909
910 hci_req_init(&req, hdev);
911 update_adv_data(&req);
912
913 return hci_req_run(&req, NULL);
914}
915
ef580372
JH		 916static void create_eir(struct hci_dev *hdev, u8 *data)
917{
918 u8 *ptr = data;
ef580372
JH		 919 size_t name_len;
920
921 name_len = strlen(hdev->dev_name);
922
923 if (name_len > 0) {
924 /* EIR Data type */
925 if (name_len > 48) {
926 name_len = 48;
927 ptr[1] = EIR_NAME_SHORT;
928 } else
929 ptr[1] = EIR_NAME_COMPLETE;
930
931 /* EIR Data length */
932 ptr[0] = name_len + 1;
933
934 memcpy(ptr + 2, hdev->dev_name, name_len);
935
ef580372
JH		 936 ptr += (name_len + 2);
937 }
938
bbaf444a 939 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 940 ptr[0] = 2;
941 ptr[1] = EIR_TX_POWER;
942 ptr[2] = (u8) hdev->inq_tx_power;
943
91c4e9b1
MH		 944 ptr += 3;
945 }
946
2b9be137
MH		 947 if (hdev->devid_source > 0) {
948 ptr[0] = 9;
949 ptr[1] = EIR_DEVICE_ID;
950
951 put_unaligned_le16(hdev->devid_source, ptr + 2);
952 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
953 put_unaligned_le16(hdev->devid_product, ptr + 6);
954 put_unaligned_le16(hdev->devid_version, ptr + 8);
955
2b9be137
MH		 956 ptr += 10;
957 }
958
213202ed 959 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 960 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 961 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 962}
963
890ea898 964static void update_eir(struct hci_request *req)
ef580372 965{
890ea898 966 struct hci_dev *hdev = req->hdev;
ef580372
JH		 967 struct hci_cp_write_eir cp;
968
504c8dcd 969 if (!hdev_is_powered(hdev))
890ea898 970 return;
7770c4aa 971
976eb20e 972 if (!lmp_ext_inq_capable(hdev))
890ea898 973 return;
ef580372 974
84bde9d6 975 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 976 return;
ef580372 977
a8b2d5c2 978 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 979 return;
ef580372
JH		 980
981 memset(&cp, 0, sizeof(cp));
982
983 create_eir(hdev, cp.data);
984
985 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 986 return;
ef580372
JH		 987
988 memcpy(hdev->eir, cp.data, sizeof(cp.data));
989
890ea898 990 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 991}
992
993static u8 get_service_classes(struct hci_dev *hdev)
994{
995 struct bt_uuid *uuid;
996 u8 val = 0;
997
998 list_for_each_entry(uuid, &hdev->uuids, list)
999 val |= uuid->svc_hint;
1000
1001 return val;
1002}
1003
890ea898 1004static void update_class(struct hci_request *req)
ef580372 1005{
890ea898 1006 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1007 u8 cod[3];
1008
1009 BT_DBG("%s", hdev->name);
1010
504c8dcd 1011 if (!hdev_is_powered(hdev))
890ea898 1012 return;
7770c4aa 1013
f87ea1da
JH		 1014 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1015 return;
1016
a8b2d5c2 1017 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1018 return;
ef580372
JH		 1019
1020 cod[0] = hdev->minor_class;
1021 cod[1] = hdev->major_class;
1022 cod[2] = get_service_classes(hdev);
1023
6acd7db4
MH		 1024 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1025 cod[1] |= 0x20;
1026
ef580372 1027 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1028 return;
ef580372 1029
890ea898 1030 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1031}
1032
a4858cb9 1033static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 1034{
1035 struct pending_cmd *cmd;
199a2fb1
JH		 1036
1037 /* If there's a pending mgmt command the flag will not yet have
1038 * it's final value, so check for this first.
1039 */
1040 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1041 if (cmd) {
1042 struct mgmt_mode *cp = cmd->param;
a4858cb9 1043 return cp->val;
199a2fb1
JH		 1044 }
1045
a4858cb9 1046 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1047}
1048
0ec5ae84
JH		 1049static void disable_advertising(struct hci_request *req)
1050{
1051 u8 enable = 0x00;
1052
1053 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1054}
1055
199a2fb1
JH		 1056static void enable_advertising(struct hci_request *req)
1057{
1058 struct hci_dev *hdev = req->hdev;
1059 struct hci_cp_le_set_adv_param cp;
8f2a0601 1060 u8 own_addr_type, enable = 0x01;
a4858cb9 1061 bool connectable;
199a2fb1 1062
0ec5ae84
JH		 1063 if (hci_conn_num(hdev, LE_LINK) > 0)
1064 return;
1065
1066 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1067 disable_advertising(req);
1068
5ce194c4 1069 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1070 * hci_update_random_address knows that it's safe to go ahead
1071 * and write a new random address. The flag will be set back on
1072 * as soon as the SET_ADV_ENABLE HCI command completes.
1073 */
5ce194c4 1074 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
8d97250e 1075
a4858cb9 1076 connectable = get_connectable(hdev);
8f2a0601 1077
a4858cb9
JH		 1078 /* Set require_privacy to true only when non-connectable
1079 * advertising is used. In that case it is fine to use a
1080 * non-resolvable private address.
1081 */
1082 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1083 return;
1084
41c90c18 1085 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1086 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1087 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1088 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1089 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1090 cp.channel_map = hdev->le_adv_channel_map;
1091
1092 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1093
1094 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1095}
1096
7d78525d
JH		 1097static void service_cache_off(struct work_struct *work)
1098{
1099 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1100 service_cache.work);
890ea898 1101 struct hci_request req;
7d78525d 1102
a8b2d5c2 1103 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1104 return;
1105
890ea898
JH		 1106 hci_req_init(&req, hdev);
1107
7d78525d
JH		 1108 hci_dev_lock(hdev);
1109
890ea898
JH		 1110 update_eir(&req);
1111 update_class(&req);
7d78525d
JH		 1112
1113 hci_dev_unlock(hdev);
890ea898
JH		 1114
1115 hci_req_run(&req, NULL);
7d78525d
JH		 1116}
1117
d6bfd59c
JH		 1118static void rpa_expired(struct work_struct *work)
1119{
1120 struct hci_dev *hdev = container_of(work, struct hci_dev,
1121 rpa_expired.work);
1122 struct hci_request req;
1123
1124 BT_DBG("");
1125
1126 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1127
0ec5ae84 1128 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
d6bfd59c
JH		 1129 return;
1130
1131 /* The generation of a new RPA and programming it into the
1132 * controller happens in the enable_advertising() function.
1133 */
d6bfd59c 1134 hci_req_init(&req, hdev);
d6bfd59c 1135 enable_advertising(&req);
d6bfd59c
JH		 1136 hci_req_run(&req, NULL);
1137}
1138
6a919082 1139static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1140{
4f87da80 1141 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1142 return;
1143
4f87da80 1144 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1145 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1146
4f87da80
JH		 1147 /* Non-mgmt controlled devices get this bit set
1148 * implicitly so that pairing works for them, however
1149 * for mgmt we require user-space to explicitly enable
1150 * it
1151 */
b6ae8457 1152 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
7d78525d
JH		 1153}
1154
0f4e68cf 1155static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1156 void *data, u16 data_len)
0381101f 1157{
a38528f1 1158 struct mgmt_rp_read_info rp;
f7b64e69 1159
bdb6d971 1160 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1161
09fd0de5 1162 hci_dev_lock(hdev);
f7b64e69 1163
dc4fe30b
JH		 1164 memset(&rp, 0, sizeof(rp));
1165
69ab39ea 1166 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1167
69ab39ea 1168 rp.version = hdev->hci_ver;
eb55ef07 1169 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1170
1171 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1172 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1173
a38528f1 1174 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1175
dc4fe30b 1176 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1177 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1178
09fd0de5 1179 hci_dev_unlock(hdev);
0381101f 1180
bdb6d971 1181 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 1182 sizeof(rp));
0381101f
JH		 1183}
1184
eec8d2bc
JH		 1185static void mgmt_pending_free(struct pending_cmd *cmd)
1186{
1187 sock_put(cmd->sk);
c68fb7ff 1188 kfree(cmd->param);
eec8d2bc
JH		 1189 kfree(cmd);
1190}
1191
366a0336 1192static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1193 struct hci_dev *hdev, void *data,
1194 u16 len)
eec8d2bc
JH		 1195{
1196 struct pending_cmd *cmd;
1197
fca20018 1198 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1199 if (!cmd)
366a0336 1200 return NULL;
eec8d2bc
JH		 1201
1202 cmd->opcode = opcode;
2e58ef3e 1203 cmd->index = hdev->id;
eec8d2bc 1204
12b94565 1205 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 1206 if (!cmd->param) {
eec8d2bc 1207 kfree(cmd);
366a0336 1208 return NULL;
eec8d2bc
JH		 1209 }
1210
8fce6357
SJ		 1211 if (data)
1212 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1213
1214 cmd->sk = sk;
1215 sock_hold(sk);
1216
2e58ef3e 1217 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1218
366a0336 1219 return cmd;
eec8d2bc
JH		 1220}
1221
744cf19e 1222static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1223 void (*cb)(struct pending_cmd *cmd,
1224 void *data),
04124681 1225 void *data)
eec8d2bc 1226{
a3d09356 1227 struct pending_cmd *cmd, *tmp;
eec8d2bc 1228
a3d09356 1229 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1230 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1231 continue;
1232
eec8d2bc
JH		 1233 cb(cmd, data);
1234 }
1235}
1236
a664b5bc 1237static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1238{
73f22f62
JH		 1239 list_del(&cmd->list);
1240 mgmt_pending_free(cmd);
1241}
1242
69ab39ea 1243static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1244{
69ab39ea 1245 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1246
aee9b218 1247 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1248 sizeof(settings));
8680570b
JH		 1249}
1250
8b064a3a
JH		 1251static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1252{
1253 BT_DBG("%s status 0x%02x", hdev->name, status);
1254
a3172b7e
JH		 1255 if (hci_conn_count(hdev) == 0) {
1256 cancel_delayed_work(&hdev->power_off);
8b064a3a 1257 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1258 }
8b064a3a
JH		 1259}
1260
23a48093 1261static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1262{
1263 struct hci_dev *hdev = req->hdev;
1264 struct hci_cp_remote_name_req_cancel cp;
1265 struct inquiry_entry *e;
1266
1267 switch (hdev->discovery.state) {
1268 case DISCOVERY_FINDING:
1269 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1270 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1271 } else {
1272 cancel_delayed_work(&hdev->le_scan_disable);
1273 hci_req_add_le_scan_disable(req);
1274 }
1275
23a48093 1276 return true;
21a60d30
JH		 1277
1278 case DISCOVERY_RESOLVING:
1279 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1280 NAME_PENDING);
1281 if (!e)
23a48093 1282 break;
21a60d30
JH		 1283
1284 bacpy(&cp.bdaddr, &e->data.bdaddr);
1285 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1286 &cp);
1287
23a48093 1288 return true;
21a60d30
JH		 1289
1290 default:
1291 /* Passive scanning */
23a48093 1292 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
21a60d30 1293 hci_req_add_le_scan_disable(req);
23a48093
JH		 1294 return true;
1295 }
1296
21a60d30
JH		 1297 break;
1298 }
23a48093
JH		 1299
1300 return false;
21a60d30
JH		 1301}
1302
8b064a3a
JH		 1303static int clean_up_hci_state(struct hci_dev *hdev)
1304{
1305 struct hci_request req;
1306 struct hci_conn *conn;
23a48093
JH		 1307 bool discov_stopped;
1308 int err;
8b064a3a
JH		 1309
1310 hci_req_init(&req, hdev);
1311
1312 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1313 test_bit(HCI_PSCAN, &hdev->flags)) {
1314 u8 scan = 0x00;
1315 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1316 }
1317
73e082f8 1318 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
8b064a3a
JH		 1319 disable_advertising(&req);
1320
23a48093 1321 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1322
1323 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1324 struct hci_cp_disconnect dc;
c9910d0f
JH		 1325 struct hci_cp_reject_conn_req rej;
1326
1327 switch (conn->state) {
1328 case BT_CONNECTED:
1329 case BT_CONFIG:
1330 dc.handle = cpu_to_le16(conn->handle);
1331 dc.reason = 0x15; /* Terminated due to Power Off */
1332 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1333 break;
1334 case BT_CONNECT:
1335 if (conn->type == LE_LINK)
1336 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1337 0, NULL);
1338 else if (conn->type == ACL_LINK)
1339 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1340 6, &conn->dst);
1341 break;
1342 case BT_CONNECT2:
1343 bacpy(&rej.bdaddr, &conn->dst);
1344 rej.reason = 0x15; /* Terminated due to Power Off */
1345 if (conn->type == ACL_LINK)
1346 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1347 sizeof(rej), &rej);
1348 else if (conn->type == SCO_LINK)
1349 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1350 sizeof(rej), &rej);
1351 break;
1352 }
8b064a3a
JH		 1353 }
1354
23a48093
JH		 1355 err = hci_req_run(&req, clean_up_hci_complete);
1356 if (!err && discov_stopped)
1357 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1358
1359 return err;
8b064a3a
JH		 1360}
1361
bdb6d971 1362static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1363 u16 len)
eec8d2bc 1364{
650f726d 1365 struct mgmt_mode *cp = data;
366a0336 1366 struct pending_cmd *cmd;
4b34ee78 1367 int err;
eec8d2bc 1368
bdb6d971 1369 BT_DBG("request for %s", hdev->name);
eec8d2bc 1370
a7e80f25
JH		 1371 if (cp->val != 0x00 && cp->val != 0x01)
1372 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1373 MGMT_STATUS_INVALID_PARAMS);
1374
09fd0de5 1375 hci_dev_lock(hdev);
eec8d2bc 1376
87b95ba6
JH		 1377 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1378 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1379 MGMT_STATUS_BUSY);
1380 goto failed;
1381 }
1382
f0d4b78a
MH		 1383 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1384 cancel_delayed_work(&hdev->power_off);
1385
1386 if (cp->val) {
a1d70450
JH		 1387 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1388 data, len);
1389 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1390 goto failed;
1391 }
1392 }
1393
4b34ee78 1394 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1395 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1396 goto failed;
1397 }
1398
2e58ef3e 1399 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1400 if (!cmd) {
1401 err = -ENOMEM;
eec8d2bc 1402 goto failed;
366a0336 1403 }
eec8d2bc 1404
8b064a3a 1405 if (cp->val) {
19202573 1406 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1407 err = 0;
1408 } else {
1409 /* Disconnect connections, stop scans, etc */
1410 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1411 if (!err)
1412 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1413 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1414
8b064a3a
JH		 1415 /* ENODATA means there were no HCI commands queued */
1416 if (err == -ENODATA) {
a3172b7e 1417 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1418 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1419 err = 0;
1420 }
1421 }
eec8d2bc
JH		 1422
1423failed:
09fd0de5 1424 hci_dev_unlock(hdev);
366a0336 1425 return err;
eec8d2bc
JH		 1426}
1427
beadb2bd
JH		 1428static int new_settings(struct hci_dev *hdev, struct sock *skip)
1429{
1430 __le32 ev;
1431
1432 ev = cpu_to_le32(get_current_settings(hdev));
1433
1434 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1435}
1436
91a668b0
JH		 1437int mgmt_new_settings(struct hci_dev *hdev)
1438{
1439 return new_settings(hdev, NULL);
1440}
1441
bd99abdd
JH		 1442struct cmd_lookup {
1443 struct sock *sk;
1444 struct hci_dev *hdev;
1445 u8 mgmt_status;
1446};
1447
1448static void settings_rsp(struct pending_cmd *cmd, void *data)
1449{
1450 struct cmd_lookup *match = data;
1451
1452 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1453
1454 list_del(&cmd->list);
1455
1456 if (match->sk == NULL) {
1457 match->sk = cmd->sk;
1458 sock_hold(match->sk);
1459 }
1460
1461 mgmt_pending_free(cmd);
1462}
1463
1464static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1465{
1466 u8 *status = data;
1467
1468 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1469 mgmt_pending_remove(cmd);
1470}
1471
e6fe7986
JH		 1472static u8 mgmt_bredr_support(struct hci_dev *hdev)
1473{
1474 if (!lmp_bredr_capable(hdev))
1475 return MGMT_STATUS_NOT_SUPPORTED;
1476 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1477 return MGMT_STATUS_REJECTED;
1478 else
1479 return MGMT_STATUS_SUCCESS;
1480}
1481
1482static u8 mgmt_le_support(struct hci_dev *hdev)
1483{
1484 if (!lmp_le_capable(hdev))
1485 return MGMT_STATUS_NOT_SUPPORTED;
1486 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1487 return MGMT_STATUS_REJECTED;
1488 else
1489 return MGMT_STATUS_SUCCESS;
1490}
1491
bfaf8c9f
JH		 1492static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1493{
1494 struct pending_cmd *cmd;
1495 struct mgmt_mode *cp;
970ba524 1496 struct hci_request req;
bfaf8c9f
JH		 1497 bool changed;
1498
1499 BT_DBG("status 0x%02x", status);
1500
1501 hci_dev_lock(hdev);
1502
1503 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1504 if (!cmd)
1505 goto unlock;
1506
1507 if (status) {
1508 u8 mgmt_err = mgmt_status(status);
1509 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1510 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1511 goto remove_cmd;
1512 }
1513
1514 cp = cmd->param;
d4462a07 1515 if (cp->val) {
bfaf8c9f
JH		 1516 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1517 &hdev->dev_flags);
d4462a07
MH		 1518
1519 if (hdev->discov_timeout > 0) {
1520 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1521 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1522 to);
1523 }
1524 } else {
bfaf8c9f
JH		 1525 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1526 &hdev->dev_flags);
d4462a07 1527 }
bfaf8c9f
JH		 1528
1529 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1530
1531 if (changed)
1532 new_settings(hdev, cmd->sk);
1533
970ba524
MH		 1534 /* When the discoverable mode gets changed, make sure
1535 * that class of device has the limited discoverable
432df05e
JH		 1536 * bit correctly set. Also update page scan based on whitelist
1537 * entries.
970ba524
MH		 1538 */
1539 hci_req_init(&req, hdev);
432df05e 1540 hci_update_page_scan(hdev, &req);
970ba524
MH		 1541 update_class(&req);
1542 hci_req_run(&req, NULL);
1543
bfaf8c9f
JH		 1544remove_cmd:
1545 mgmt_pending_remove(cmd);
1546
1547unlock:
1548 hci_dev_unlock(hdev);
1549}
1550
bdb6d971 1551static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1552 u16 len)
73f22f62 1553{
650f726d 1554 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1555 struct pending_cmd *cmd;
bfaf8c9f 1556 struct hci_request req;
5e5282bb 1557 u16 timeout;
9a43e25f 1558 u8 scan;
73f22f62
JH		 1559 int err;
1560
bdb6d971 1561 BT_DBG("request for %s", hdev->name);
73f22f62 1562
9a43e25f
JH		 1563 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1564 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1565 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1566 MGMT_STATUS_REJECTED);
33c525c0 1567
310a3d48 1568 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1569 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1570 MGMT_STATUS_INVALID_PARAMS);
1571
1f350c87 1572 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1573
1574 /* Disabling discoverable requires that no timeout is set,
1575 * and enabling limited discoverable requires a timeout.
1576 */
1577 if ((cp->val == 0x00 && timeout > 0) ||
1578 (cp->val == 0x02 && timeout == 0))
bdb6d971 1579 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1580 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1581
09fd0de5 1582 hci_dev_lock(hdev);
73f22f62 1583
5e5282bb 1584 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1585 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1586 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1587 goto failed;
1588 }
1589
2e58ef3e 1590 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1591 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1592 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1593 MGMT_STATUS_BUSY);
73f22f62
JH		 1594 goto failed;
1595 }
1596
5e5282bb 1597 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1598 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1599 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1600 goto failed;
1601 }
1602
1603 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1604 bool changed = false;
1605
310a3d48
MH		 1606 /* Setting limited discoverable when powered off is
1607 * not a valid operation since it requires a timeout
1608 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1609 */
0224d2fa
JH		 1610 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1611 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1612 changed = true;
1613 }
1614
5e5282bb 1615 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1616 if (err < 0)
1617 goto failed;
1618
1619 if (changed)
1620 err = new_settings(hdev, sk);
1621
5e5282bb
JH		 1622 goto failed;
1623 }
1624
310a3d48
MH		 1625 /* If the current mode is the same, then just update the timeout
1626 * value with the new value. And if only the timeout gets updated,
1627 * then no need for any HCI transactions.
1628 */
1629 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1630 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1631 &hdev->dev_flags)) {
36261547
MH		 1632 cancel_delayed_work(&hdev->discov_off);
1633 hdev->discov_timeout = timeout;
955638ec 1634
36261547
MH		 1635 if (cp->val && hdev->discov_timeout > 0) {
1636 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1637 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1638 to);
955638ec
MH		 1639 }
1640
69ab39ea 1641 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1642 goto failed;
1643 }
1644
2e58ef3e 1645 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1646 if (!cmd) {
1647 err = -ENOMEM;
73f22f62 1648 goto failed;
366a0336 1649 }
73f22f62 1650
310a3d48
MH		 1651 /* Cancel any potential discoverable timeout that might be
1652 * still active and store new timeout value. The arming of
1653 * the timeout happens in the complete handler.
1654 */
1655 cancel_delayed_work(&hdev->discov_off);
1656 hdev->discov_timeout = timeout;
1657
b456f87c
JH		 1658 /* Limited discoverable mode */
1659 if (cp->val == 0x02)
1660 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1661 else
1662 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1663
bfaf8c9f
JH		 1664 hci_req_init(&req, hdev);
1665
9a43e25f
JH		 1666 /* The procedure for LE-only controllers is much simpler - just
1667 * update the advertising data.
1668 */
1669 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1670 goto update_ad;
1671
73f22f62
JH		 1672 scan = SCAN_PAGE;
1673
310a3d48
MH		 1674 if (cp->val) {
1675 struct hci_cp_write_current_iac_lap hci_cp;
1676
1677 if (cp->val == 0x02) {
1678 /* Limited discoverable mode */
33337dcb 1679 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1680 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1681 hci_cp.iac_lap[1] = 0x8b;
1682 hci_cp.iac_lap[2] = 0x9e;
1683 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1684 hci_cp.iac_lap[4] = 0x8b;
1685 hci_cp.iac_lap[5] = 0x9e;
1686 } else {
1687 /* General discoverable mode */
310a3d48
MH		 1688 hci_cp.num_iac = 1;
1689 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1690 hci_cp.iac_lap[1] = 0x8b;
1691 hci_cp.iac_lap[2] = 0x9e;
1692 }
1693
1694 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1695 (hci_cp.num_iac * 3) + 1, &hci_cp);
1696
73f22f62 1697 scan |= SCAN_INQUIRY;
310a3d48
MH		 1698 } else {
1699 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1700 }
73f22f62 1701
310a3d48 1702 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1703
9a43e25f
JH		 1704update_ad:
1705 update_adv_data(&req);
1706
bfaf8c9f 1707 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1708 if (err < 0)
a664b5bc 1709 mgmt_pending_remove(cmd);
73f22f62
JH		 1710
1711failed:
09fd0de5 1712 hci_dev_unlock(hdev);
73f22f62
JH		 1713 return err;
1714}
1715
406d7804
JH		 1716static void write_fast_connectable(struct hci_request *req, bool enable)
1717{
bd98b996 1718 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1719 struct hci_cp_write_page_scan_activity acp;
1720 u8 type;
1721
547003b1
JH		 1722 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1723 return;
1724
4c01f8b8
JH		 1725 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1726 return;
1727
406d7804
JH		 1728 if (enable) {
1729 type = PAGE_SCAN_TYPE_INTERLACED;
1730
1731 /* 160 msec page scan interval */
dcf4adbf 1732 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1733 } else {
1734 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1735
1736 /* default 1.28 sec page scan */
dcf4adbf 1737 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1738 }
1739
dcf4adbf 1740 acp.window = cpu_to_le16(0x0012);
406d7804 1741
bd98b996
JH		 1742 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1743 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1744 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1745 sizeof(acp), &acp);
1746
1747 if (hdev->page_scan_type != type)
1748 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1749}
1750
2b76f453
JH		 1751static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1752{
1753 struct pending_cmd *cmd;
d7b856f9 1754 struct mgmt_mode *cp;
bc6d2d04 1755 bool conn_changed, discov_changed;
2b76f453
JH		 1756
1757 BT_DBG("status 0x%02x", status);
1758
1759 hci_dev_lock(hdev);
1760
1761 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1762 if (!cmd)
1763 goto unlock;
1764
37438c1f
JH		 1765 if (status) {
1766 u8 mgmt_err = mgmt_status(status);
1767 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1768 goto remove_cmd;
1769 }
1770
d7b856f9 1771 cp = cmd->param;
bc6d2d04
JH		 1772 if (cp->val) {
1773 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1774 &hdev->dev_flags);
1775 discov_changed = false;
1776 } else {
1777 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1778 &hdev->dev_flags);
1779 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1780 &hdev->dev_flags);
1781 }
d7b856f9 1782
2b76f453
JH		 1783 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1784
bc6d2d04 1785 if (conn_changed || discov_changed) {
d7b856f9 1786 new_settings(hdev, cmd->sk);
432df05e 1787 hci_update_page_scan(hdev, NULL);
bc6d2d04
JH		 1788 if (discov_changed)
1789 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1790 hci_update_background_scan(hdev);
1791 }
d7b856f9 1792
37438c1f 1793remove_cmd:
2b76f453
JH		 1794 mgmt_pending_remove(cmd);
1795
1796unlock:
1797 hci_dev_unlock(hdev);
1798}
1799
e8ba3a1f
JH		 1800static int set_connectable_update_settings(struct hci_dev *hdev,
1801 struct sock *sk, u8 val)
1802{
1803 bool changed = false;
1804 int err;
1805
1806 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1807 changed = true;
1808
1809 if (val) {
1810 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1811 } else {
1812 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1813 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1814 }
1815
1816 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1817 if (err < 0)
1818 return err;
1819
562064e6 1820 if (changed) {
432df05e 1821 hci_update_page_scan(hdev, NULL);
562064e6 1822 hci_update_background_scan(hdev);
e8ba3a1f 1823 return new_settings(hdev, sk);
562064e6 1824 }
e8ba3a1f
JH		 1825
1826 return 0;
1827}
1828
bdb6d971 1829static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1830 u16 len)
9fbcbb45 1831{
650f726d 1832 struct mgmt_mode *cp = data;
366a0336 1833 struct pending_cmd *cmd;
2b76f453 1834 struct hci_request req;
1987fdc7 1835 u8 scan;
9fbcbb45
JH		 1836 int err;
1837
bdb6d971 1838 BT_DBG("request for %s", hdev->name);
9fbcbb45 1839
1987fdc7
JH		 1840 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1841 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1842 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1843 MGMT_STATUS_REJECTED);
33c525c0 1844
a7e80f25
JH		 1845 if (cp->val != 0x00 && cp->val != 0x01)
1846 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1847 MGMT_STATUS_INVALID_PARAMS);
1848
09fd0de5 1849 hci_dev_lock(hdev);
9fbcbb45 1850
4b34ee78 1851 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1852 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1853 goto failed;
1854 }
1855
2e58ef3e 1856 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1857 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1858 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1859 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1860 goto failed;
1861 }
1862
2e58ef3e 1863 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1864 if (!cmd) {
1865 err = -ENOMEM;
9fbcbb45 1866 goto failed;
366a0336 1867 }
9fbcbb45 1868
9b74246f 1869 hci_req_init(&req, hdev);
9fbcbb45 1870
9a43e25f
JH		 1871 /* If BR/EDR is not enabled and we disable advertising as a
1872 * by-product of disabling connectable, we need to update the
1873 * advertising flags.
1874 */
1875 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1876 if (!cp->val) {
1877 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1878 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1879 }
1880 update_adv_data(&req);
1881 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1882 if (cp->val) {
1883 scan = SCAN_PAGE;
1884 } else {
3bd27240
JH		 1885 /* If we don't have any whitelist entries just
1886 * disable all scanning. If there are entries
1887 * and we had both page and inquiry scanning
1888 * enabled then fall back to only page scanning.
1889 * Otherwise no changes are needed.
1890 */
1891 if (list_empty(&hdev->whitelist))
1892 scan = SCAN_DISABLED;
1893 else if (test_bit(HCI_ISCAN, &hdev->flags))
1894 scan = SCAN_PAGE;
1895 else
1896 goto no_scan_update;
9b74246f
JH		 1897
1898 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1899 hdev->discov_timeout > 0)
9b74246f
JH		 1900 cancel_delayed_work(&hdev->discov_off);
1901 }
2b76f453 1902
9b74246f
JH		 1903 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1904 }
2b76f453 1905
3bd27240 1906no_scan_update:
4c01f8b8
JH		 1907 /* If we're going from non-connectable to connectable or
1908 * vice-versa when fast connectable is enabled ensure that fast
1909 * connectable gets disabled. write_fast_connectable won't do
1910 * anything if the page scan parameters are already what they
1911 * should be.
1912 */
1913 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1914 write_fast_connectable(&req, false);
1915
e8b1202c
JH		 1916 /* Update the advertising parameters if necessary */
1917 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1987fdc7 1918 enable_advertising(&req);
1987fdc7 1919
2b76f453 1920 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1921 if (err < 0) {
a664b5bc 1922 mgmt_pending_remove(cmd);
9b74246f 1923 if (err == -ENODATA)
a81070ba
JH		 1924 err = set_connectable_update_settings(hdev, sk,
1925 cp->val);
9b74246f
JH		 1926 goto failed;
1927 }
9fbcbb45
JH		 1928
1929failed:
09fd0de5 1930 hci_dev_unlock(hdev);
9fbcbb45
JH		 1931 return err;
1932}
1933
b2939475 1934static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1935 u16 len)
c542a06c 1936{
650f726d 1937 struct mgmt_mode *cp = data;
55594356 1938 bool changed;
c542a06c
JH		 1939 int err;
1940
bdb6d971 1941 BT_DBG("request for %s", hdev->name);
c542a06c 1942
a7e80f25 1943 if (cp->val != 0x00 && cp->val != 0x01)
b2939475 1944 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
a7e80f25
JH		 1945 MGMT_STATUS_INVALID_PARAMS);
1946
09fd0de5 1947 hci_dev_lock(hdev);
c542a06c
JH		 1948
1949 if (cp->val)
b6ae8457 1950 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1951 else
b6ae8457 1952 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1953
b2939475 1954 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1955 if (err < 0)
55594356 1956 goto unlock;
c542a06c 1957
55594356
MH		 1958 if (changed)
1959 err = new_settings(hdev, sk);
c542a06c 1960
55594356 1961unlock:
09fd0de5 1962 hci_dev_unlock(hdev);
c542a06c
JH		 1963 return err;
1964}
1965
04124681
GP		 1966static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1967 u16 len)
33ef95ed
JH		 1968{
1969 struct mgmt_mode *cp = data;
1970 struct pending_cmd *cmd;
e6fe7986 1971 u8 val, status;
33ef95ed
JH		 1972 int err;
1973
bdb6d971 1974 BT_DBG("request for %s", hdev->name);
33ef95ed 1975
e6fe7986
JH		 1976 status = mgmt_bredr_support(hdev);
1977 if (status)
33c525c0 1978 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1979 status);
33c525c0 1980
a7e80f25
JH		 1981 if (cp->val != 0x00 && cp->val != 0x01)
1982 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1983 MGMT_STATUS_INVALID_PARAMS);
1984
33ef95ed
JH		 1985 hci_dev_lock(hdev);
1986
4b34ee78 1987 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1988 bool changed = false;
1989
1990 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1991 &hdev->dev_flags)) {
47990ea0
JH		 1992 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1993 changed = true;
1994 }
1995
1996 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1997 if (err < 0)
1998 goto failed;
1999
2000 if (changed)
2001 err = new_settings(hdev, sk);
2002
33ef95ed
JH		 2003 goto failed;
2004 }
2005
2006 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 2007 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 2008 MGMT_STATUS_BUSY);
33ef95ed
JH		 2009 goto failed;
2010 }
2011
2012 val = !!cp->val;
2013
2014 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2015 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2016 goto failed;
2017 }
2018
2019 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2020 if (!cmd) {
2021 err = -ENOMEM;
2022 goto failed;
2023 }
2024
2025 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2026 if (err < 0) {
2027 mgmt_pending_remove(cmd);
2028 goto failed;
2029 }
2030
2031failed:
2032 hci_dev_unlock(hdev);
33ef95ed
JH		 2033 return err;
2034}
2035
bdb6d971 2036static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2037{
2038 struct mgmt_mode *cp = data;
2039 struct pending_cmd *cmd;
72ef0c1a 2040 u8 status;
ed2c4ee3
JH		 2041 int err;
2042
bdb6d971 2043 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2044
cdba5281
MH		 2045 status = mgmt_bredr_support(hdev);
2046 if (status)
2047 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2048
13ecd8b6
JH		 2049 if (!lmp_ssp_capable(hdev))
2050 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2051 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2052
a7e80f25
JH		 2053 if (cp->val != 0x00 && cp->val != 0x01)
2054 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2055 MGMT_STATUS_INVALID_PARAMS);
2056
13ecd8b6 2057 hci_dev_lock(hdev);
6c8f12c1 2058
4b34ee78 2059 if (!hdev_is_powered(hdev)) {
9ecb3e24 2060 bool changed;
c0ecddc2 2061
9ecb3e24
MH		 2062 if (cp->val) {
2063 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2064 &hdev->dev_flags);
2065 } else {
2066 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2067 &hdev->dev_flags);
2068 if (!changed)
2069 changed = test_and_clear_bit(HCI_HS_ENABLED,
2070 &hdev->dev_flags);
2071 else
2072 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2073 }
2074
2075 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2076 if (err < 0)
2077 goto failed;
2078
2079 if (changed)
2080 err = new_settings(hdev, sk);
2081
ed2c4ee3
JH		 2082 goto failed;
2083 }
2084
9ecb3e24
MH		 2085 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2086 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 2087 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2088 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2089 goto failed;
2090 }
2091
72ef0c1a 2092 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2093 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2094 goto failed;
2095 }
2096
2097 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2098 if (!cmd) {
2099 err = -ENOMEM;
2100 goto failed;
2101 }
2102
3769972b
JH		 2103 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2104 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2105 sizeof(cp->val), &cp->val);
2106
72ef0c1a 2107 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2108 if (err < 0) {
2109 mgmt_pending_remove(cmd);
2110 goto failed;
2111 }
2112
2113failed:
2114 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2115 return err;
2116}
2117
bdb6d971 2118static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2119{
2120 struct mgmt_mode *cp = data;
ee392693 2121 bool changed;
e6fe7986 2122 u8 status;
ee392693 2123 int err;
6d80dfd0 2124
bdb6d971 2125 BT_DBG("request for %s", hdev->name);
6d80dfd0 2126
e6fe7986
JH		 2127 status = mgmt_bredr_support(hdev);
2128 if (status)
2129 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2130
9ecb3e24
MH		 2131 if (!lmp_ssp_capable(hdev))
2132 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2133 MGMT_STATUS_NOT_SUPPORTED);
2134
2135 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2136 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2137 MGMT_STATUS_REJECTED);
2138
a7e80f25
JH		 2139 if (cp->val != 0x00 && cp->val != 0x01)
2140 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2141 MGMT_STATUS_INVALID_PARAMS);
2142
ee392693
MH		 2143 hci_dev_lock(hdev);
2144
a0cdf960 2145 if (cp->val) {
ee392693 2146 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2147 } else {
2148 if (hdev_is_powered(hdev)) {
2149 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2150 MGMT_STATUS_REJECTED);
2151 goto unlock;
2152 }
2153
ee392693 2154 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2155 }
ee392693
MH		 2156
2157 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2158 if (err < 0)
2159 goto unlock;
2160
2161 if (changed)
2162 err = new_settings(hdev, sk);
6d80dfd0 2163
ee392693
MH		 2164unlock:
2165 hci_dev_unlock(hdev);
2166 return err;
6d80dfd0
JH		 2167}
2168
416a4ae5
JH		 2169static void le_enable_complete(struct hci_dev *hdev, u8 status)
2170{
2171 struct cmd_lookup match = { NULL, hdev };
2172
2173 if (status) {
2174 u8 mgmt_err = mgmt_status(status);
2175
2176 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2177 &mgmt_err);
2178 return;
2179 }
2180
2181 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2182
2183 new_settings(hdev, match.sk);
2184
2185 if (match.sk)
2186 sock_put(match.sk);
441ad2d0
MH		 2187
2188 /* Make sure the controller has a good default for
2189 * advertising data. Restrict the update to when LE
2190 * has actually been enabled. During power on, the
2191 * update in powered_update_hci will take care of it.
2192 */
2193 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2194 struct hci_request req;
2195
2196 hci_dev_lock(hdev);
2197
2198 hci_req_init(&req, hdev);
5947f4bc 2199 update_adv_data(&req);
f14d8f64 2200 update_scan_rsp_data(&req);
441ad2d0
MH		 2201 hci_req_run(&req, NULL);
2202
a70f4b5f
JH		 2203 hci_update_background_scan(hdev);
2204
441ad2d0
MH		 2205 hci_dev_unlock(hdev);
2206 }
416a4ae5
JH		 2207}
2208
bdb6d971 2209static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2210{
2211 struct mgmt_mode *cp = data;
2212 struct hci_cp_write_le_host_supported hci_cp;
2213 struct pending_cmd *cmd;
416a4ae5 2214 struct hci_request req;
06199cf8 2215 int err;
0b60eba1 2216 u8 val, enabled;
06199cf8 2217
bdb6d971 2218 BT_DBG("request for %s", hdev->name);
06199cf8 2219
13ecd8b6
JH		 2220 if (!lmp_le_capable(hdev))
2221 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2222 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2223
a7e80f25
JH		 2224 if (cp->val != 0x00 && cp->val != 0x01)
2225 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2226 MGMT_STATUS_INVALID_PARAMS);
2227
c73eee91 2228 /* LE-only devices do not allow toggling LE on/off */
56f87901 2229 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2230 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2231 MGMT_STATUS_REJECTED);
2232
13ecd8b6 2233 hci_dev_lock(hdev);
06199cf8
JH		 2234
2235 val = !!cp->val;
ffa88e02 2236 enabled = lmp_host_le_capable(hdev);
06199cf8 2237
0b60eba1 2238 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2239 bool changed = false;
2240
2241 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2242 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2243 changed = true;
2244 }
2245
f3d3444a
JH		 2246 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2247 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2248 changed = true;
2249 }
2250
06199cf8
JH		 2251 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2252 if (err < 0)
1de028ce 2253 goto unlock;
06199cf8
JH		 2254
2255 if (changed)
2256 err = new_settings(hdev, sk);
2257
1de028ce 2258 goto unlock;
06199cf8
JH		 2259 }
2260
4375f103
JH		 2261 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2262 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2263 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2264 MGMT_STATUS_BUSY);
1de028ce 2265 goto unlock;
06199cf8
JH		 2266 }
2267
2268 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2269 if (!cmd) {
2270 err = -ENOMEM;
1de028ce 2271 goto unlock;
06199cf8
JH		 2272 }
2273
441ad2d0
MH		 2274 hci_req_init(&req, hdev);
2275
06199cf8
JH		 2276 memset(&hci_cp, 0, sizeof(hci_cp));
2277
2278 if (val) {
2279 hci_cp.le = val;
32226e4f 2280 hci_cp.simul = 0x00;
441ad2d0 2281 } else {
73e082f8 2282 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
441ad2d0 2283 disable_advertising(&req);
06199cf8
JH		 2284 }
2285
416a4ae5
JH		 2286 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2287 &hci_cp);
2288
2289 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2290 if (err < 0)
06199cf8 2291 mgmt_pending_remove(cmd);
06199cf8 2292
1de028ce
JH		 2293unlock:
2294 hci_dev_unlock(hdev);
06199cf8
JH		 2295 return err;
2296}
2297
0cab9c80
JH		 2298/* This is a helper function to test for pending mgmt commands that can
2299 * cause CoD or EIR HCI commands. We can only allow one such pending
2300 * mgmt command at a time since otherwise we cannot easily track what
2301 * the current values are, will be, and based on that calculate if a new
2302 * HCI command needs to be sent and if yes with what value.
2303 */
2304static bool pending_eir_or_class(struct hci_dev *hdev)
2305{
2306 struct pending_cmd *cmd;
2307
2308 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2309 switch (cmd->opcode) {
2310 case MGMT_OP_ADD_UUID:
2311 case MGMT_OP_REMOVE_UUID:
2312 case MGMT_OP_SET_DEV_CLASS:
2313 case MGMT_OP_SET_POWERED:
2314 return true;
2315 }
2316 }
2317
2318 return false;
2319}
2320
83be8eca
JH		 2321static const u8 bluetooth_base_uuid[] = {
2322 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2323 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2324};
2325
2326static u8 get_uuid_size(const u8 *uuid)
2327{
2328 u32 val;
2329
2330 if (memcmp(uuid, bluetooth_base_uuid, 12))
2331 return 128;
2332
2333 val = get_unaligned_le32(&uuid[12]);
2334 if (val > 0xffff)
2335 return 32;
2336
2337 return 16;
2338}
2339
92da6097
JH		 2340static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2341{
2342 struct pending_cmd *cmd;
2343
2344 hci_dev_lock(hdev);
2345
2346 cmd = mgmt_pending_find(mgmt_op, hdev);
2347 if (!cmd)
2348 goto unlock;
2349
2350 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2351 hdev->dev_class, 3);
2352
2353 mgmt_pending_remove(cmd);
2354
2355unlock:
2356 hci_dev_unlock(hdev);
2357}
2358
2359static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2360{
2361 BT_DBG("status 0x%02x", status);
2362
2363 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2364}
2365
bdb6d971 2366static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2367{
650f726d 2368 struct mgmt_cp_add_uuid *cp = data;
90e70454 2369 struct pending_cmd *cmd;
890ea898 2370 struct hci_request req;
2aeb9a1a 2371 struct bt_uuid *uuid;
2aeb9a1a
JH		 2372 int err;
2373
bdb6d971 2374 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2375
09fd0de5 2376 hci_dev_lock(hdev);
2aeb9a1a 2377
0cab9c80 2378 if (pending_eir_or_class(hdev)) {
bdb6d971 2379 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2380 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2381 goto failed;
2382 }
2383
92c4c204 2384 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2385 if (!uuid) {
2386 err = -ENOMEM;
2387 goto failed;
2388 }
2389
2390 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2391 uuid->svc_hint = cp->svc_hint;
83be8eca 2392 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2393
de66aa63 2394 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2395
890ea898 2396 hci_req_init(&req, hdev);
1aff6f09 2397
890ea898
JH		 2398 update_class(&req);
2399 update_eir(&req);
2400
92da6097
JH		 2401 err = hci_req_run(&req, add_uuid_complete);
2402 if (err < 0) {
2403 if (err != -ENODATA)
2404 goto failed;
80a1e1db 2405
bdb6d971 2406 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2407 hdev->dev_class, 3);
90e70454
JH		 2408 goto failed;
2409 }
2410
2411 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2412 if (!cmd) {
90e70454 2413 err = -ENOMEM;
890ea898
JH		 2414 goto failed;
2415 }
2416
2417 err = 0;
2aeb9a1a
JH		 2418
2419failed:
09fd0de5 2420 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2421 return err;
2422}
2423
24b78d0f
JH		 2424static bool enable_service_cache(struct hci_dev *hdev)
2425{
2426 if (!hdev_is_powered(hdev))
2427 return false;
2428
2429 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2430 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2431 CACHE_TIMEOUT);
24b78d0f
JH		 2432 return true;
2433 }
2434
2435 return false;
2436}
2437
92da6097
JH		 2438static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2439{
2440 BT_DBG("status 0x%02x", status);
2441
2442 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2443}
2444
bdb6d971 2445static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2446 u16 len)
2aeb9a1a 2447{
650f726d 2448 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2449 struct pending_cmd *cmd;
056341c8 2450 struct bt_uuid *match, *tmp;
2aeb9a1a 2451 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2452 struct hci_request req;
2aeb9a1a
JH		 2453 int err, found;
2454
bdb6d971 2455 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2456
09fd0de5 2457 hci_dev_lock(hdev);
2aeb9a1a 2458
0cab9c80 2459 if (pending_eir_or_class(hdev)) {
bdb6d971 2460 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2461 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2462 goto unlock;
2463 }
2464
2aeb9a1a 2465 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2466 hci_uuids_clear(hdev);
4004b6d9 2467
24b78d0f 2468 if (enable_service_cache(hdev)) {
bdb6d971 2469 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2470 0, hdev->dev_class, 3);
24b78d0f
JH		 2471 goto unlock;
2472 }
4004b6d9 2473
9246a869 2474 goto update_class;
2aeb9a1a
JH		 2475 }
2476
2477 found = 0;
2478
056341c8 2479 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2480 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2481 continue;
2482
2483 list_del(&match->list);
482049f7 2484 kfree(match);
2aeb9a1a
JH		 2485 found++;
2486 }
2487
2488 if (found == 0) {
bdb6d971 2489 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2490 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2491 goto unlock;
2492 }
2493
9246a869 2494update_class:
890ea898 2495 hci_req_init(&req, hdev);
1aff6f09 2496
890ea898
JH		 2497 update_class(&req);
2498 update_eir(&req);
2499
92da6097
JH		 2500 err = hci_req_run(&req, remove_uuid_complete);
2501 if (err < 0) {
2502 if (err != -ENODATA)
2503 goto unlock;
80a1e1db 2504
bdb6d971 2505 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2506 hdev->dev_class, 3);
90e70454
JH		 2507 goto unlock;
2508 }
2509
2510 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2511 if (!cmd) {
90e70454 2512 err = -ENOMEM;
890ea898
JH		 2513 goto unlock;
2514 }
2515
2516 err = 0;
2aeb9a1a
JH		 2517
2518unlock:
09fd0de5 2519 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2520 return err;
2521}
2522
92da6097
JH		 2523static void set_class_complete(struct hci_dev *hdev, u8 status)
2524{
2525 BT_DBG("status 0x%02x", status);
2526
2527 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2528}
2529
bdb6d971 2530static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2531 u16 len)
1aff6f09 2532{
650f726d 2533 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2534 struct pending_cmd *cmd;
890ea898 2535 struct hci_request req;
1aff6f09
JH		 2536 int err;
2537
bdb6d971 2538 BT_DBG("request for %s", hdev->name);
1aff6f09 2539
6203fc98 2540 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2541 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2542 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2543
0cab9c80 2544 hci_dev_lock(hdev);
ee98f473 2545
0cab9c80
JH		 2546 if (pending_eir_or_class(hdev)) {
2547 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2548 MGMT_STATUS_BUSY);
2549 goto unlock;
2550 }
c95f0ba7 2551
0cab9c80
JH		 2552 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2553 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2554 MGMT_STATUS_INVALID_PARAMS);
2555 goto unlock;
2556 }
575b3a02 2557
932f5ff5
JH		 2558 hdev->major_class = cp->major;
2559 hdev->minor_class = cp->minor;
2560
b5235a65 2561 if (!hdev_is_powered(hdev)) {
bdb6d971 2562 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2563 hdev->dev_class, 3);
b5235a65
JH		 2564 goto unlock;
2565 }
2566
890ea898
JH		 2567 hci_req_init(&req, hdev);
2568
a8b2d5c2 2569 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2570 hci_dev_unlock(hdev);
2571 cancel_delayed_work_sync(&hdev->service_cache);
2572 hci_dev_lock(hdev);
890ea898 2573 update_eir(&req);
7d78525d 2574 }
14c0b608 2575
890ea898
JH		 2576 update_class(&req);
2577
92da6097
JH		 2578 err = hci_req_run(&req, set_class_complete);
2579 if (err < 0) {
2580 if (err != -ENODATA)
2581 goto unlock;
1aff6f09 2582
bdb6d971 2583 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2584 hdev->dev_class, 3);
90e70454
JH		 2585 goto unlock;
2586 }
2587
2588 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2589 if (!cmd) {
90e70454 2590 err = -ENOMEM;
890ea898
JH		 2591 goto unlock;
2592 }
2593
2594 err = 0;
1aff6f09 2595
b5235a65 2596unlock:
09fd0de5 2597 hci_dev_unlock(hdev);
1aff6f09
JH		 2598 return err;
2599}
2600
bdb6d971 2601static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2602 u16 len)
55ed8ca1 2603{
650f726d 2604 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2605 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2606 sizeof(struct mgmt_link_key_info));
4e51eae9 2607 u16 key_count, expected_len;
b1de97d8 2608 bool changed;
a492cd52 2609 int i;
55ed8ca1 2610
9060d5cf
MH		 2611 BT_DBG("request for %s", hdev->name);
2612
2613 if (!lmp_bredr_capable(hdev))
2614 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2615 MGMT_STATUS_NOT_SUPPORTED);
2616
1f350c87 2617 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2618 if (key_count > max_key_count) {
2619 BT_ERR("load_link_keys: too big key_count value %u",
2620 key_count);
2621 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2622 MGMT_STATUS_INVALID_PARAMS);
2623 }
55ed8ca1 2624
86742e1e
JH		 2625 expected_len = sizeof(*cp) + key_count *
2626 sizeof(struct mgmt_link_key_info);
a492cd52 2627 if (expected_len != len) {
86742e1e 2628 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2629 expected_len, len);
bdb6d971 2630 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2631 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2632 }
2633
4ae14301
JH		 2634 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2635 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2636 MGMT_STATUS_INVALID_PARAMS);
2637
bdb6d971 2638 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2639 key_count);
55ed8ca1 2640
4ee71b20
JH		 2641 for (i = 0; i < key_count; i++) {
2642 struct mgmt_link_key_info *key = &cp->keys[i];
2643
8e991132 2644 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2645 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2646 MGMT_STATUS_INVALID_PARAMS);
2647 }
2648
09fd0de5 2649 hci_dev_lock(hdev);
55ed8ca1
JH		 2650
2651 hci_link_keys_clear(hdev);
2652
55ed8ca1 2653 if (cp->debug_keys)
0663b297
JH		 2654 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2655 &hdev->dev_flags);
55ed8ca1 2656 else
0663b297
JH		 2657 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2658 &hdev->dev_flags);
b1de97d8
MH		 2659
2660 if (changed)
2661 new_settings(hdev, NULL);
55ed8ca1 2662
a492cd52 2663 for (i = 0; i < key_count; i++) {
86742e1e 2664 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2665
58e9293c
JH		 2666 /* Always ignore debug keys and require a new pairing if
2667 * the user wants to use them.
2668 */
2669 if (key->type == HCI_LK_DEBUG_COMBINATION)
2670 continue;
2671
7652ff6a
JH		 2672 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2673 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2674 }
2675
bdb6d971 2676 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2677
09fd0de5 2678 hci_dev_unlock(hdev);
55ed8ca1 2679
a492cd52 2680 return 0;
55ed8ca1
JH		 2681}
2682
b1078ad0 2683static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2684 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2685{
2686 struct mgmt_ev_device_unpaired ev;
2687
2688 bacpy(&ev.addr.bdaddr, bdaddr);
2689 ev.addr.type = addr_type;
2690
2691 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2692 skip_sk);
b1078ad0
JH		 2693}
2694
bdb6d971 2695static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2696 u16 len)
55ed8ca1 2697{
124f6e35
JH		 2698 struct mgmt_cp_unpair_device *cp = data;
2699 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2700 struct hci_cp_disconnect dc;
2701 struct pending_cmd *cmd;
55ed8ca1 2702 struct hci_conn *conn;
55ed8ca1
JH		 2703 int err;
2704
a8a1d19e 2705 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2706 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2707 rp.addr.type = cp->addr.type;
a8a1d19e 2708
4ee71b20
JH		 2709 if (!bdaddr_type_is_valid(cp->addr.type))
2710 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2711 MGMT_STATUS_INVALID_PARAMS,
2712 &rp, sizeof(rp));
2713
118da70b
JH		 2714 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2715 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2716 MGMT_STATUS_INVALID_PARAMS,
2717 &rp, sizeof(rp));
2718
4ee71b20
JH		 2719 hci_dev_lock(hdev);
2720
86a8cfc6 2721 if (!hdev_is_powered(hdev)) {
bdb6d971 2722 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2723 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2724 goto unlock;
2725 }
2726
e0b2b27e 2727 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2728 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2729 } else {
2730 u8 addr_type;
2731
2732 if (cp->addr.type == BDADDR_LE_PUBLIC)
2733 addr_type = ADDR_LE_DEV_PUBLIC;
2734 else
2735 addr_type = ADDR_LE_DEV_RANDOM;
2736
a7ec7338
JH		 2737 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2738
a9b0a04c
AG		 2739 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2740
e0b2b27e
JH		 2741 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2742 }
b0dbfb46 2743
55ed8ca1 2744 if (err < 0) {
bdb6d971 2745 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2746 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2747 goto unlock;
2748 }
2749
86a8cfc6 2750 if (cp->disconnect) {
591f47f3 2751 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2752 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2753 &cp->addr.bdaddr);
86a8cfc6
JH		 2754 else
2755 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2756 &cp->addr.bdaddr);
86a8cfc6
JH		 2757 } else {
2758 conn = NULL;
2759 }
124f6e35 2760
a8a1d19e 2761 if (!conn) {
bdb6d971 2762 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2763 &rp, sizeof(rp));
b1078ad0 2764 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2765 goto unlock;
2766 }
55ed8ca1 2767
124f6e35 2768 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2769 sizeof(*cp));
a8a1d19e
JH		 2770 if (!cmd) {
2771 err = -ENOMEM;
2772 goto unlock;
55ed8ca1
JH		 2773 }
2774
eb55ef07 2775 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2776 dc.reason = 0x13; /* Remote User Terminated Connection */
2777 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2778 if (err < 0)
2779 mgmt_pending_remove(cmd);
2780
55ed8ca1 2781unlock:
09fd0de5 2782 hci_dev_unlock(hdev);
55ed8ca1
JH		 2783 return err;
2784}
2785
bdb6d971 2786static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2787 u16 len)
8962ee74 2788{
650f726d 2789 struct mgmt_cp_disconnect *cp = data;
06a63b19 2790 struct mgmt_rp_disconnect rp;
8962ee74 2791 struct hci_cp_disconnect dc;
366a0336 2792 struct pending_cmd *cmd;
8962ee74 2793 struct hci_conn *conn;
8962ee74
JH		 2794 int err;
2795
2796 BT_DBG("");
2797
06a63b19
JH		 2798 memset(&rp, 0, sizeof(rp));
2799 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2800 rp.addr.type = cp->addr.type;
2801
4ee71b20 2802 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2803 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2804 MGMT_STATUS_INVALID_PARAMS,
2805 &rp, sizeof(rp));
4ee71b20 2806
09fd0de5 2807 hci_dev_lock(hdev);
8962ee74
JH		 2808
2809 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2810 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2811 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2812 goto failed;
2813 }
2814
2e58ef3e 2815 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2816 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2817 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2818 goto failed;
2819 }
2820
591f47f3 2821 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2822 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2823 &cp->addr.bdaddr);
88c3df13
JH		 2824 else
2825 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2826
f960727e 2827 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2828 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2829 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2830 goto failed;
2831 }
2832
2e58ef3e 2833 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2834 if (!cmd) {
2835 err = -ENOMEM;
8962ee74 2836 goto failed;
366a0336 2837 }
8962ee74 2838
eb55ef07 2839 dc.handle = cpu_to_le16(conn->handle);
3701f944 2840 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2841
2842 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2843 if (err < 0)
a664b5bc 2844 mgmt_pending_remove(cmd);
8962ee74
JH		 2845
2846failed:
09fd0de5 2847 hci_dev_unlock(hdev);
8962ee74
JH		 2848 return err;
2849}
2850
57c1477c 2851static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2852{
2853 switch (link_type) {
2854 case LE_LINK:
48264f06
JH		 2855 switch (addr_type) {
2856 case ADDR_LE_DEV_PUBLIC:
591f47f3 2857 return BDADDR_LE_PUBLIC;
0ed09148 2858
48264f06 2859 default:
0ed09148 2860 /* Fallback to LE Random address type */
591f47f3 2861 return BDADDR_LE_RANDOM;
48264f06 2862 }
0ed09148 2863
4c659c39 2864 default:
0ed09148 2865 /* Fallback to BR/EDR type */
591f47f3 2866 return BDADDR_BREDR;
4c659c39
JH		 2867 }
2868}
2869
04124681
GP		 2870static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2871 u16 data_len)
2784eb41 2872{
2784eb41 2873 struct mgmt_rp_get_connections *rp;
8035ded4 2874 struct hci_conn *c;
a38528f1 2875 size_t rp_len;
60fc5fb6
JH		 2876 int err;
2877 u16 i;
2784eb41
JH		 2878
2879 BT_DBG("");
2880
09fd0de5 2881 hci_dev_lock(hdev);
2784eb41 2882
5f97c1df 2883 if (!hdev_is_powered(hdev)) {
bdb6d971 2884 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2885 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2886 goto unlock;
2887 }
2888
60fc5fb6 2889 i = 0;
b644ba33
JH		 2890 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2891 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2892 i++;
2784eb41
JH		 2893 }
2894
60fc5fb6 2895 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2896 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2897 if (!rp) {
2784eb41
JH		 2898 err = -ENOMEM;
2899 goto unlock;
2900 }
2901
2784eb41 2902 i = 0;
4c659c39 2903 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2904 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2905 continue;
4c659c39 2906 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2907 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2908 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2909 continue;
2910 i++;
2911 }
2912
eb55ef07 2913 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2914
4c659c39
JH		 2915 /* Recalculate length in case of filtered SCO connections, etc */
2916 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2917
bdb6d971 2918 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2919 rp_len);
2784eb41 2920
a38528f1 2921 kfree(rp);
5f97c1df
JH		 2922
2923unlock:
09fd0de5 2924 hci_dev_unlock(hdev);
2784eb41
JH		 2925 return err;
2926}
2927
bdb6d971 2928static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2929 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2930{
2931 struct pending_cmd *cmd;
2932 int err;
2933
2e58ef3e 2934 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2935 sizeof(*cp));
96d97a67
WR		 2936 if (!cmd)
2937 return -ENOMEM;
2938
d8457698 2939 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2940 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2941 if (err < 0)
2942 mgmt_pending_remove(cmd);
2943
2944 return err;
2945}
2946
bdb6d971 2947static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2948 u16 len)
980e1a53 2949{
96d97a67 2950 struct hci_conn *conn;
650f726d 2951 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2952 struct hci_cp_pin_code_reply reply;
366a0336 2953 struct pending_cmd *cmd;
980e1a53
JH		 2954 int err;
2955
2956 BT_DBG("");
2957
09fd0de5 2958 hci_dev_lock(hdev);
980e1a53 2959
4b34ee78 2960 if (!hdev_is_powered(hdev)) {
bdb6d971 2961 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2962 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2963 goto failed;
2964 }
2965
d8457698 2966 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2967 if (!conn) {
bdb6d971 2968 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2969 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2970 goto failed;
2971 }
2972
2973 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2974 struct mgmt_cp_pin_code_neg_reply ncp;
2975
2976 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2977
2978 BT_ERR("PIN code is not 16 bytes long");
2979
bdb6d971 2980 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2981 if (err >= 0)
bdb6d971 2982 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2983 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2984
2985 goto failed;
2986 }
2987
00abfe44 2988 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2989 if (!cmd) {
2990 err = -ENOMEM;
980e1a53 2991 goto failed;
366a0336 2992 }
980e1a53 2993
d8457698 2994 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2995 reply.pin_len = cp->pin_len;
24718ca5 2996 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2997
2998 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2999 if (err < 0)
a664b5bc 3000 mgmt_pending_remove(cmd);
980e1a53
JH		 3001
3002failed:
09fd0de5 3003 hci_dev_unlock(hdev);
980e1a53
JH		 3004 return err;
3005}
3006
04124681
GP		 3007static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3008 u16 len)
17fa4b9d 3009{
650f726d 3010 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3011
3012 BT_DBG("");
3013
4ec86d4c
JH		 3014 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3015 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3016 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3017
09fd0de5 3018 hci_dev_lock(hdev);
17fa4b9d
JH		 3019
3020 hdev->io_capability = cp->io_capability;
3021
3022 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3023 hdev->io_capability);
17fa4b9d 3024
09fd0de5 3025 hci_dev_unlock(hdev);
17fa4b9d 3026
04124681
GP		 3027 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3028 0);
17fa4b9d
JH		 3029}
3030
6039aa73 3031static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3032{
3033 struct hci_dev *hdev = conn->hdev;
8035ded4 3034 struct pending_cmd *cmd;
e9a416b5 3035
2e58ef3e 3036 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3037 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3038 continue;
3039
e9a416b5
JH		 3040 if (cmd->user_data != conn)
3041 continue;
3042
3043 return cmd;
3044 }
3045
3046 return NULL;
3047}
3048
3049static void pairing_complete(struct pending_cmd *cmd, u8 status)
3050{
3051 struct mgmt_rp_pair_device rp;
3052 struct hci_conn *conn = cmd->user_data;
3053
61b1a7fb
JH		 3054 bacpy(&rp.addr.bdaddr, &conn->dst);
3055 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3056
aee9b218 3057 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 3058 &rp, sizeof(rp));
e9a416b5
JH		 3059
3060 /* So we don't get further callbacks for this connection */
3061 conn->connect_cfm_cb = NULL;
3062 conn->security_cfm_cb = NULL;
3063 conn->disconn_cfm_cb = NULL;
3064
76a68ba0 3065 hci_conn_drop(conn);
f8aaf9b6 3066 hci_conn_put(conn);
e9a416b5 3067
a664b5bc 3068 mgmt_pending_remove(cmd);
e9a416b5
JH		 3069}
3070
f4a407be
JH		 3071void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3072{
3073 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3074 struct pending_cmd *cmd;
3075
3076 cmd = find_pairing(conn);
3077 if (cmd)
3078 pairing_complete(cmd, status);
3079}
3080
e9a416b5
JH		 3081static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3082{
3083 struct pending_cmd *cmd;
3084
3085 BT_DBG("status %u", status);
3086
3087 cmd = find_pairing(conn);
56e5cb86 3088 if (!cmd)
e9a416b5 3089 BT_DBG("Unable to find a pending command");
56e5cb86 3090 else
e211326c 3091 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 3092}
3093
f4a407be 3094static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 3095{
3096 struct pending_cmd *cmd;
3097
3098 BT_DBG("status %u", status);
3099
3100 if (!status)
3101 return;
3102
3103 cmd = find_pairing(conn);
3104 if (!cmd)
3105 BT_DBG("Unable to find a pending command");
3106 else
3107 pairing_complete(cmd, mgmt_status(status));
3108}
3109
bdb6d971 3110static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3111 u16 len)
e9a416b5 3112{
650f726d 3113 struct mgmt_cp_pair_device *cp = data;
1425acb7 3114 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 3115 struct pending_cmd *cmd;
3116 u8 sec_level, auth_type;
3117 struct hci_conn *conn;
e9a416b5
JH		 3118 int err;
3119
3120 BT_DBG("");
3121
f950a30e
SJ		 3122 memset(&rp, 0, sizeof(rp));
3123 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3124 rp.addr.type = cp->addr.type;
3125
4ee71b20
JH		 3126 if (!bdaddr_type_is_valid(cp->addr.type))
3127 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3128 MGMT_STATUS_INVALID_PARAMS,
3129 &rp, sizeof(rp));
3130
4ec86d4c
JH		 3131 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3132 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3133 MGMT_STATUS_INVALID_PARAMS,
3134 &rp, sizeof(rp));
3135
09fd0de5 3136 hci_dev_lock(hdev);
e9a416b5 3137
5f97c1df 3138 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 3139 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3140 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 3141 goto unlock;
3142 }
3143
c908df36 3144 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3145 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3146
6f77d8c7 3147 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3148 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3149 auth_type);
6f77d8c7
AG		 3150 } else {
3151 u8 addr_type;
3152
3153 /* Convert from L2CAP channel address type to HCI address type
3154 */
3155 if (cp->addr.type == BDADDR_LE_PUBLIC)
3156 addr_type = ADDR_LE_DEV_PUBLIC;
3157 else
3158 addr_type = ADDR_LE_DEV_RANDOM;
3159
7c264b10
MH		 3160 /* When pairing a new device, it is expected to remember
3161 * this device for future connections. Adding the connection
3162 * parameter information ahead of time allows tracking
3163 * of the slave preferred values and will speed up any
3164 * further connection establishment.
3165 *
3166 * If connection parameters already exist, then they
3167 * will be kept and this function does nothing.
3168 */
3169 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3170
6f77d8c7 3171 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3172 sec_level, HCI_LE_CONN_TIMEOUT,
3173 HCI_ROLE_MASTER);
6f77d8c7 3174 }
7a512d01 3175
30e76272 3176 if (IS_ERR(conn)) {
489dc48e
AK		 3177 int status;
3178
3179 if (PTR_ERR(conn) == -EBUSY)
3180 status = MGMT_STATUS_BUSY;
3181 else
3182 status = MGMT_STATUS_CONNECT_FAILED;
3183
bdb6d971 3184 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 3185 status, &rp,
04124681 3186 sizeof(rp));
e9a416b5
JH		 3187 goto unlock;
3188 }
3189
3190 if (conn->connect_cfm_cb) {
76a68ba0 3191 hci_conn_drop(conn);
bdb6d971 3192 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 3193 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3194 goto unlock;
3195 }
3196
2e58ef3e 3197 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3198 if (!cmd) {
3199 err = -ENOMEM;
76a68ba0 3200 hci_conn_drop(conn);
e9a416b5
JH		 3201 goto unlock;
3202 }
3203
7a512d01 3204 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3205 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3206 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3207 conn->security_cfm_cb = pairing_complete_cb;
3208 conn->disconn_cfm_cb = pairing_complete_cb;
3209 } else {
3210 conn->connect_cfm_cb = le_pairing_complete_cb;
3211 conn->security_cfm_cb = le_pairing_complete_cb;
3212 conn->disconn_cfm_cb = le_pairing_complete_cb;
3213 }
7a512d01 3214
e9a416b5 3215 conn->io_capability = cp->io_cap;
f8aaf9b6 3216 cmd->user_data = hci_conn_get(conn);
e9a416b5 3217
6f78fd4b 3218 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
e7cafc45 3219 hci_conn_security(conn, sec_level, auth_type, true))
e9a416b5
JH		 3220 pairing_complete(cmd, 0);
3221
3222 err = 0;
3223
3224unlock:
09fd0de5 3225 hci_dev_unlock(hdev);
e9a416b5
JH		 3226 return err;
3227}
3228
04124681
GP		 3229static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3230 u16 len)
28424707 3231{
0f4e68cf 3232 struct mgmt_addr_info *addr = data;
28424707
JH		 3233 struct pending_cmd *cmd;
3234 struct hci_conn *conn;
3235 int err;
3236
3237 BT_DBG("");
3238
28424707
JH		 3239 hci_dev_lock(hdev);
3240
5f97c1df 3241 if (!hdev_is_powered(hdev)) {
bdb6d971 3242 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3243 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3244 goto unlock;
3245 }
3246
28424707
JH		 3247 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3248 if (!cmd) {
bdb6d971 3249 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3250 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3251 goto unlock;
3252 }
3253
3254 conn = cmd->user_data;
3255
3256 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3257 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3258 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3259 goto unlock;
3260 }
3261
3262 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3263
bdb6d971 3264 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3265 addr, sizeof(*addr));
28424707
JH		 3266unlock:
3267 hci_dev_unlock(hdev);
28424707
JH		 3268 return err;
3269}
3270
bdb6d971 3271static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3272 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3273 u16 hci_op, __le32 passkey)
a5c29683 3274{
a5c29683 3275 struct pending_cmd *cmd;
0df4c185 3276 struct hci_conn *conn;
a5c29683
JH		 3277 int err;
3278
09fd0de5 3279 hci_dev_lock(hdev);
08ba5382 3280
4b34ee78 3281 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3282 err = cmd_complete(sk, hdev->id, mgmt_op,
3283 MGMT_STATUS_NOT_POWERED, addr,
3284 sizeof(*addr));
0df4c185 3285 goto done;
a5c29683
JH		 3286 }
3287
1707c60e
JH		 3288 if (addr->type == BDADDR_BREDR)
3289 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3290 else
1707c60e 3291 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3292
3293 if (!conn) {
feb94d3d
JH		 3294 err = cmd_complete(sk, hdev->id, mgmt_op,
3295 MGMT_STATUS_NOT_CONNECTED, addr,
3296 sizeof(*addr));
272d90df
JH		 3297 goto done;
3298 }
47c15e2b 3299
1707c60e 3300 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3301 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3302 if (!err)
feb94d3d
JH		 3303 err = cmd_complete(sk, hdev->id, mgmt_op,
3304 MGMT_STATUS_SUCCESS, addr,
3305 sizeof(*addr));
5fe57d9e 3306 else
feb94d3d
JH		 3307 err = cmd_complete(sk, hdev->id, mgmt_op,
3308 MGMT_STATUS_FAILED, addr,
3309 sizeof(*addr));
47c15e2b 3310
47c15e2b
BG		 3311 goto done;
3312 }
3313
1707c60e 3314 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3315 if (!cmd) {
3316 err = -ENOMEM;
0df4c185 3317 goto done;
a5c29683
JH		 3318 }
3319
0df4c185 3320 /* Continue with pairing via HCI */
604086b7
BG		 3321 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3322 struct hci_cp_user_passkey_reply cp;
3323
1707c60e 3324 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3325 cp.passkey = passkey;
3326 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3327 } else
1707c60e
JH		 3328 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3329 &addr->bdaddr);
604086b7 3330
a664b5bc
JH		 3331 if (err < 0)
3332 mgmt_pending_remove(cmd);
a5c29683 3333
0df4c185 3334done:
09fd0de5 3335 hci_dev_unlock(hdev);
a5c29683
JH		 3336 return err;
3337}
3338
afeb019d
JK		 3339static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3340 void *data, u16 len)
3341{
3342 struct mgmt_cp_pin_code_neg_reply *cp = data;
3343
3344 BT_DBG("");
3345
1707c60e 3346 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3347 MGMT_OP_PIN_CODE_NEG_REPLY,
3348 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3349}
3350
04124681
GP		 3351static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3352 u16 len)
0df4c185 3353{
650f726d 3354 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3355
3356 BT_DBG("");
3357
3358 if (len != sizeof(*cp))
bdb6d971 3359 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3360 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3361
1707c60e 3362 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3363 MGMT_OP_USER_CONFIRM_REPLY,
3364 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3365}
3366
bdb6d971 3367static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3368 void *data, u16 len)
0df4c185 3369{
c9c2659f 3370 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3371
3372 BT_DBG("");
3373
1707c60e 3374 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3375 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3376 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3377}
3378
04124681
GP		 3379static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3380 u16 len)
604086b7 3381{
650f726d 3382 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3383
3384 BT_DBG("");
3385
1707c60e 3386 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3387 MGMT_OP_USER_PASSKEY_REPLY,
3388 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3389}
3390
bdb6d971 3391static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3392 void *data, u16 len)
604086b7 3393{
650f726d 3394 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3395
3396 BT_DBG("");
3397
1707c60e 3398 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3399 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3400 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3401}
3402
13928971 3403static void update_name(struct hci_request *req)
2b4bf397 3404{
13928971 3405 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3406 struct hci_cp_write_local_name cp;
3407
13928971 3408 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3409
890ea898 3410 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3411}
3412
13928971
JH		 3413static void set_name_complete(struct hci_dev *hdev, u8 status)
3414{
3415 struct mgmt_cp_set_local_name *cp;
3416 struct pending_cmd *cmd;
3417
3418 BT_DBG("status 0x%02x", status);
3419
3420 hci_dev_lock(hdev);
3421
3422 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3423 if (!cmd)
3424 goto unlock;
3425
3426 cp = cmd->param;
3427
3428 if (status)
3429 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3430 mgmt_status(status));
3431 else
3432 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3433 cp, sizeof(*cp));
3434
3435 mgmt_pending_remove(cmd);
3436
3437unlock:
3438 hci_dev_unlock(hdev);
3439}
3440
bdb6d971 3441static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3442 u16 len)
b312b161 3443{
2b4bf397 3444 struct mgmt_cp_set_local_name *cp = data;
b312b161 3445 struct pending_cmd *cmd;
890ea898 3446 struct hci_request req;
b312b161
JH		 3447 int err;
3448
3449 BT_DBG("");
3450
09fd0de5 3451 hci_dev_lock(hdev);
b312b161 3452
b3f2ca94
JH		 3453 /* If the old values are the same as the new ones just return a
3454 * direct command complete event.
3455 */
3456 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3457 !memcmp(hdev->short_name, cp->short_name,
3458 sizeof(hdev->short_name))) {
3459 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3460 data, len);
3461 goto failed;
3462 }
3463
2b4bf397 3464 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3465
b5235a65 3466 if (!hdev_is_powered(hdev)) {
2b4bf397 3467 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3468
3469 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3470 data, len);
28cc7bde
JH		 3471 if (err < 0)
3472 goto failed;
3473
3474 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3475 sk);
28cc7bde 3476
b5235a65
JH		 3477 goto failed;
3478 }
3479
28cc7bde 3480 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3481 if (!cmd) {
3482 err = -ENOMEM;
3483 goto failed;
3484 }
3485
13928971
JH		 3486 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3487
890ea898 3488 hci_req_init(&req, hdev);
3f985050
JH		 3489
3490 if (lmp_bredr_capable(hdev)) {
3491 update_name(&req);
3492 update_eir(&req);
3493 }
3494
7a5f4990
MH		 3495 /* The name is stored in the scan response data and so
3496 * no need to udpate the advertising data here.
3497 */
3f985050 3498 if (lmp_le_capable(hdev))
7a5f4990 3499 update_scan_rsp_data(&req);
3f985050 3500
13928971 3501 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3502 if (err < 0)
3503 mgmt_pending_remove(cmd);
3504
3505failed:
09fd0de5 3506 hci_dev_unlock(hdev);
b312b161
JH		 3507 return err;
3508}
3509
0f4e68cf 3510static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3511 void *data, u16 data_len)
c35938b2 3512{
c35938b2
SJ		 3513 struct pending_cmd *cmd;
3514 int err;
3515
bdb6d971 3516 BT_DBG("%s", hdev->name);
c35938b2 3517
09fd0de5 3518 hci_dev_lock(hdev);
c35938b2 3519
4b34ee78 3520 if (!hdev_is_powered(hdev)) {
bdb6d971 3521 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3522 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3523 goto unlock;
3524 }
3525
9a1a1996 3526 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3527 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3528 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3529 goto unlock;
3530 }
3531
2e58ef3e 3532 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3533 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3534 MGMT_STATUS_BUSY);
c35938b2
SJ		 3535 goto unlock;
3536 }
3537
2e58ef3e 3538 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3539 if (!cmd) {
3540 err = -ENOMEM;
3541 goto unlock;
3542 }
3543
4d2d2796
MH		 3544 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3545 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3546 0, NULL);
3547 else
3548 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3549
c35938b2
SJ		 3550 if (err < 0)
3551 mgmt_pending_remove(cmd);
3552
3553unlock:
09fd0de5 3554 hci_dev_unlock(hdev);
c35938b2
SJ		 3555 return err;
3556}
3557
bdb6d971 3558static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3559 void *data, u16 len)
2763eda6 3560{
2763eda6
SJ		 3561 int err;
3562
bdb6d971 3563 BT_DBG("%s ", hdev->name);
2763eda6 3564
09fd0de5 3565 hci_dev_lock(hdev);
2763eda6 3566
ec109113
MH		 3567 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3568 struct mgmt_cp_add_remote_oob_data *cp = data;
3569 u8 status;
bf1e3541 3570
ec109113
MH		 3571 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3572 cp->hash, cp->randomizer);
3573 if (err < 0)
3574 status = MGMT_STATUS_FAILED;
3575 else
3576 status = MGMT_STATUS_SUCCESS;
3577
3578 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3579 status, &cp->addr, sizeof(cp->addr));
3580 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3581 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3582 u8 status;
3583
3584 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3585 cp->hash192,
3586 cp->randomizer192,
3587 cp->hash256,
3588 cp->randomizer256);
3589 if (err < 0)
3590 status = MGMT_STATUS_FAILED;
3591 else
3592 status = MGMT_STATUS_SUCCESS;
3593
3594 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3595 status, &cp->addr, sizeof(cp->addr));
3596 } else {
3597 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3598 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3599 MGMT_STATUS_INVALID_PARAMS);
3600 }
2763eda6 3601
09fd0de5 3602 hci_dev_unlock(hdev);
2763eda6
SJ		 3603 return err;
3604}
3605
bdb6d971 3606static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3607 void *data, u16 len)
2763eda6 3608{
650f726d 3609 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3610 u8 status;
2763eda6
SJ		 3611 int err;
3612
bdb6d971 3613 BT_DBG("%s", hdev->name);
2763eda6 3614
09fd0de5 3615 hci_dev_lock(hdev);
2763eda6 3616
664ce4cc 3617 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3618 if (err < 0)
bf1e3541 3619 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3620 else
a6785be2 3621 status = MGMT_STATUS_SUCCESS;
bf1e3541 3622
bdb6d971 3623 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3624 status, &cp->addr, sizeof(cp->addr));
2763eda6 3625
09fd0de5 3626 hci_dev_unlock(hdev);
2763eda6
SJ		 3627 return err;
3628}
3629
41dc2bd6
AG		 3630static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3631{
3632 struct pending_cmd *cmd;
3633 u8 type;
3634 int err;
3635
3636 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3637
3638 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3639 if (!cmd)
3640 return -ENOENT;
3641
3642 type = hdev->discovery.type;
3643
3644 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3645 &type, sizeof(type));
3646 mgmt_pending_remove(cmd);
3647
3648 return err;
3649}
3650
7c307720
AG		 3651static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3652{
ae55f598
LR		 3653 unsigned long timeout = 0;
3654
7c307720
AG		 3655 BT_DBG("status %d", status);
3656
3657 if (status) {
3658 hci_dev_lock(hdev);
3659 mgmt_start_discovery_failed(hdev, status);
3660 hci_dev_unlock(hdev);
3661 return;
3662 }
3663
3664 hci_dev_lock(hdev);
3665 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3666 hci_dev_unlock(hdev);
3667
3668 switch (hdev->discovery.type) {
3669 case DISCOV_TYPE_LE:
3d5a76f0 3670 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3671 break;
3672
3673 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3674 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3675 break;
3676
3677 case DISCOV_TYPE_BREDR:
3678 break;
3679
3680 default:
3681 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3682 }
ae55f598
LR		 3683
3684 if (!timeout)
3685 return;
3686
3687 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3688}
3689
bdb6d971 3690static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3691 void *data, u16 len)
14a53664 3692{
650f726d 3693 struct mgmt_cp_start_discovery *cp = data;
14a53664 3694 struct pending_cmd *cmd;
7c307720
AG		 3695 struct hci_cp_le_set_scan_param param_cp;
3696 struct hci_cp_le_set_scan_enable enable_cp;
3697 struct hci_cp_inquiry inq_cp;
3698 struct hci_request req;
3699 /* General inquiry access code (GIAC) */
3700 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3701 u8 status, own_addr_type;
14a53664
JH		 3702 int err;
3703
bdb6d971 3704 BT_DBG("%s", hdev->name);
14a53664 3705
09fd0de5 3706 hci_dev_lock(hdev);
14a53664 3707
4b34ee78 3708 if (!hdev_is_powered(hdev)) {
bdb6d971 3709 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3710 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3711 goto failed;
3712 }
3713
642be6c7
AG		 3714 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3715 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3716 MGMT_STATUS_BUSY);
3717 goto failed;
3718 }
3719
ff9ef578 3720 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3721 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3722 MGMT_STATUS_BUSY);
ff9ef578
JH		 3723 goto failed;
3724 }
3725
2e58ef3e 3726 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3727 if (!cmd) {
3728 err = -ENOMEM;
3729 goto failed;
3730 }
3731
4aab14e5
AG		 3732 hdev->discovery.type = cp->type;
3733
7c307720
AG		 3734 hci_req_init(&req, hdev);
3735
4aab14e5 3736 switch (hdev->discovery.type) {
f39799f5 3737 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3738 status = mgmt_bredr_support(hdev);
3739 if (status) {
04106755 3740 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3741 status);
04106755
JH		 3742 mgmt_pending_remove(cmd);
3743 goto failed;
3744 }
3745
7c307720
AG		 3746 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3747 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3748 MGMT_STATUS_BUSY);
3749 mgmt_pending_remove(cmd);
3750 goto failed;
3751 }
3752
3753 hci_inquiry_cache_flush(hdev);
3754
3755 memset(&inq_cp, 0, sizeof(inq_cp));
3756 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3757 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3758 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3759 break;
3760
3761 case DISCOV_TYPE_LE:
7c307720 3762 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3763 status = mgmt_le_support(hdev);
3764 if (status) {
04106755 3765 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3766 status);
04106755
JH		 3767 mgmt_pending_remove(cmd);
3768 goto failed;
3769 }
3770
7c307720 3771 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3772 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3773 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3774 MGMT_STATUS_NOT_SUPPORTED);
3775 mgmt_pending_remove(cmd);
3776 goto failed;
3777 }
3778
e8bb6b97
JH		 3779 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3780 /* Don't let discovery abort an outgoing
3781 * connection attempt that's using directed
3782 * advertising.
3783 */
3784 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3785 BT_CONNECT)) {
3786 err = cmd_status(sk, hdev->id,
3787 MGMT_OP_START_DISCOVERY,
3788 MGMT_STATUS_REJECTED);
3789 mgmt_pending_remove(cmd);
3790 goto failed;
3791 }
3792
3793 disable_advertising(&req);
7c307720
AG		 3794 }
3795
c54c3860
AG		 3796 /* If controller is scanning, it means the background scanning
3797 * is running. Thus, we should temporarily stop it in order to
3798 * set the discovery scanning parameters.
3799 */
3800 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3801 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3802
3803 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3804
94b1fc92
MH		 3805 /* All active scans will be done with either a resolvable
3806 * private address (when privacy feature has been enabled)
3807 * or unresolvable private address.
3808 */
3809 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3810 if (err < 0) {
3811 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3812 MGMT_STATUS_FAILED);
3813 mgmt_pending_remove(cmd);
3814 goto failed;
3815 }
3816
7c307720 3817 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3818 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3819 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3820 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3821 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3822 &param_cp);
3823
3824 memset(&enable_cp, 0, sizeof(enable_cp));
3825 enable_cp.enable = LE_SCAN_ENABLE;
3826 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3827 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3828 &enable_cp);
5e0452c0
AG		 3829 break;
3830
f39799f5 3831 default:
04106755
JH		 3832 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3833 MGMT_STATUS_INVALID_PARAMS);
3834 mgmt_pending_remove(cmd);
3835 goto failed;
f39799f5 3836 }
3fd24153 3837
7c307720 3838 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3839 if (err < 0)
3840 mgmt_pending_remove(cmd);
ff9ef578
JH		 3841 else
3842 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3843
3844failed:
09fd0de5 3845 hci_dev_unlock(hdev);
14a53664
JH		 3846 return err;
3847}
3848
1183fdca
AG		 3849static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3850{
3851 struct pending_cmd *cmd;
3852 int err;
3853
3854 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3855 if (!cmd)
3856 return -ENOENT;
3857
3858 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3859 &hdev->discovery.type, sizeof(hdev->discovery.type));
3860 mgmt_pending_remove(cmd);
3861
3862 return err;
3863}
3864
0e05bba6
AG		 3865static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3866{
3867 BT_DBG("status %d", status);
3868
3869 hci_dev_lock(hdev);
3870
3871 if (status) {
3872 mgmt_stop_discovery_failed(hdev, status);
3873 goto unlock;
3874 }
3875
3876 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3877
3878unlock:
3879 hci_dev_unlock(hdev);
3880}
3881
bdb6d971 3882static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3883 u16 len)
14a53664 3884{
d930650b 3885 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3886 struct pending_cmd *cmd;
0e05bba6 3887 struct hci_request req;
14a53664
JH		 3888 int err;
3889
bdb6d971 3890 BT_DBG("%s", hdev->name);
14a53664 3891
09fd0de5 3892 hci_dev_lock(hdev);
14a53664 3893
30dc78e1 3894 if (!hci_discovery_active(hdev)) {
bdb6d971 3895 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3896 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3897 sizeof(mgmt_cp->type));
d930650b
JH		 3898 goto unlock;
3899 }
3900
3901 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3902 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3903 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3904 sizeof(mgmt_cp->type));
30dc78e1 3905 goto unlock;
ff9ef578
JH		 3906 }
3907
2e58ef3e 3908 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3909 if (!cmd) {
3910 err = -ENOMEM;
30dc78e1
JH		 3911 goto unlock;
3912 }
3913
0e05bba6
AG		 3914 hci_req_init(&req, hdev);
3915
21a60d30 3916 hci_stop_discovery(&req);
e0d9727e 3917
21a60d30
JH		 3918 err = hci_req_run(&req, stop_discovery_complete);
3919 if (!err) {
3920 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3921 goto unlock;
14a53664
JH		 3922 }
3923
21a60d30
JH		 3924 mgmt_pending_remove(cmd);
3925
3926 /* If no HCI commands were sent we're done */
3927 if (err == -ENODATA) {
3928 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3929 &mgmt_cp->type, sizeof(mgmt_cp->type));
3930 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3931 }
14a53664 3932
30dc78e1 3933unlock:
09fd0de5 3934 hci_dev_unlock(hdev);
14a53664
JH		 3935 return err;
3936}
3937
bdb6d971 3938static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3939 u16 len)
561aafbc 3940{
650f726d 3941 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3942 struct inquiry_entry *e;
561aafbc
JH		 3943 int err;
3944
bdb6d971 3945 BT_DBG("%s", hdev->name);
561aafbc 3946
561aafbc
JH		 3947 hci_dev_lock(hdev);
3948
30dc78e1 3949 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3950 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3951 MGMT_STATUS_FAILED, &cp->addr,
3952 sizeof(cp->addr));
30dc78e1
JH		 3953 goto failed;
3954 }
3955
a198e7b1 3956 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3957 if (!e) {
d3a2541d
LR		 3958 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3959 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3960 sizeof(cp->addr));
561aafbc
JH		 3961 goto failed;
3962 }
3963
3964 if (cp->name_known) {
3965 e->name_state = NAME_KNOWN;
3966 list_del(&e->list);
3967 } else {
3968 e->name_state = NAME_NEEDED;
a3d4e20a 3969 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3970 }
3971
e384662b
JH		 3972 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3973 sizeof(cp->addr));
561aafbc
JH		 3974
3975failed:
3976 hci_dev_unlock(hdev);
561aafbc
JH		 3977 return err;
3978}
3979
bdb6d971 3980static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3981 u16 len)
7fbec224 3982{
650f726d 3983 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3984 u8 status;
7fbec224
AJ		 3985 int err;
3986
bdb6d971 3987 BT_DBG("%s", hdev->name);
7fbec224 3988
4ee71b20 3989 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3990 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3991 MGMT_STATUS_INVALID_PARAMS,
3992 &cp->addr, sizeof(cp->addr));
4ee71b20 3993
09fd0de5 3994 hci_dev_lock(hdev);
5e762444 3995
dcc36c16
JH		 3996 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3997 cp->addr.type);
2a8357f2 3998 if (err < 0) {
f0eeea8b 3999 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4000 goto done;
4001 }
4002
4003 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4004 sk);
4005 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4006
2a8357f2 4007done:
bdb6d971 4008 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 4009 &cp->addr, sizeof(cp->addr));
5e762444 4010
09fd0de5 4011 hci_dev_unlock(hdev);
7fbec224
AJ		 4012
4013 return err;
4014}
4015
bdb6d971 4016static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4017 u16 len)
7fbec224 4018{
650f726d 4019 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4020 u8 status;
7fbec224
AJ		 4021 int err;
4022
bdb6d971 4023 BT_DBG("%s", hdev->name);
7fbec224 4024
4ee71b20 4025 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4026 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4027 MGMT_STATUS_INVALID_PARAMS,
4028 &cp->addr, sizeof(cp->addr));
4ee71b20 4029
09fd0de5 4030 hci_dev_lock(hdev);
5e762444 4031
dcc36c16
JH		 4032 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4033 cp->addr.type);
2a8357f2 4034 if (err < 0) {
f0eeea8b 4035 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4036 goto done;
4037 }
4038
4039 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4040 sk);
4041 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4042
2a8357f2 4043done:
bdb6d971 4044 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 4045 &cp->addr, sizeof(cp->addr));
5e762444 4046
09fd0de5 4047 hci_dev_unlock(hdev);
7fbec224
AJ		 4048
4049 return err;
4050}
4051
cdbaccca
MH		 4052static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4053 u16 len)
4054{
4055 struct mgmt_cp_set_device_id *cp = data;
890ea898 4056 struct hci_request req;
cdbaccca 4057 int err;
c72d4b8a 4058 __u16 source;
cdbaccca
MH		 4059
4060 BT_DBG("%s", hdev->name);
4061
c72d4b8a
SJ		 4062 source = __le16_to_cpu(cp->source);
4063
4064 if (source > 0x0002)
4065 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4066 MGMT_STATUS_INVALID_PARAMS);
4067
cdbaccca
MH		 4068 hci_dev_lock(hdev);
4069
c72d4b8a 4070 hdev->devid_source = source;
cdbaccca
MH		 4071 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4072 hdev->devid_product = __le16_to_cpu(cp->product);
4073 hdev->devid_version = __le16_to_cpu(cp->version);
4074
4075 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4076
890ea898
JH		 4077 hci_req_init(&req, hdev);
4078 update_eir(&req);
4079 hci_req_run(&req, NULL);
cdbaccca
MH		 4080
4081 hci_dev_unlock(hdev);
4082
4083 return err;
4084}
4085
4375f103
JH		 4086static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4087{
4088 struct cmd_lookup match = { NULL, hdev };
4089
4090 if (status) {
4091 u8 mgmt_err = mgmt_status(status);
4092
4093 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4094 cmd_status_rsp, &mgmt_err);
4095 return;
4096 }
4097
c93bd150
JH		 4098 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4099 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4100 else
4101 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4102
4375f103
JH		 4103 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4104 &match);
4105
4106 new_settings(hdev, match.sk);
4107
4108 if (match.sk)
4109 sock_put(match.sk);
4110}
4111
21b5187f
MH		 4112static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4113 u16 len)
4375f103
JH		 4114{
4115 struct mgmt_mode *cp = data;
4116 struct pending_cmd *cmd;
4117 struct hci_request req;
e6fe7986 4118 u8 val, enabled, status;
4375f103
JH		 4119 int err;
4120
4121 BT_DBG("request for %s", hdev->name);
4122
e6fe7986
JH		 4123 status = mgmt_le_support(hdev);
4124 if (status)
4375f103 4125 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 4126 status);
4375f103
JH		 4127
4128 if (cp->val != 0x00 && cp->val != 0x01)
4129 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4130 MGMT_STATUS_INVALID_PARAMS);
4131
4132 hci_dev_lock(hdev);
4133
4134 val = !!cp->val;
f3d3444a 4135 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4136
f74ca9b8
JH		 4137 /* The following conditions are ones which mean that we should
4138 * not do any HCI communication but directly send a mgmt
4139 * response to user space (after toggling the flag if
4140 * necessary).
4141 */
4142 if (!hdev_is_powered(hdev) || val == enabled ||
e8bb6b97
JH		 4143 hci_conn_num(hdev, LE_LINK) > 0 ||
4144 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4145 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4375f103
JH		 4146 bool changed = false;
4147
f3d3444a
JH		 4148 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4149 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4150 changed = true;
4151 }
4152
4153 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4154 if (err < 0)
4155 goto unlock;
4156
4157 if (changed)
4158 err = new_settings(hdev, sk);
4159
4160 goto unlock;
4161 }
4162
4163 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4164 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4165 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4166 MGMT_STATUS_BUSY);
4167 goto unlock;
4168 }
4169
4170 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4171 if (!cmd) {
4172 err = -ENOMEM;
4173 goto unlock;
4174 }
4175
4176 hci_req_init(&req, hdev);
4177
bba3aa55
MH		 4178 if (val)
4179 enable_advertising(&req);
4180 else
4181 disable_advertising(&req);
4375f103
JH		 4182
4183 err = hci_req_run(&req, set_advertising_complete);
4184 if (err < 0)
4185 mgmt_pending_remove(cmd);
4186
4187unlock:
4188 hci_dev_unlock(hdev);
4189 return err;
4190}
4191
d13eafce
MH		 4192static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4193 void *data, u16 len)
4194{
4195 struct mgmt_cp_set_static_address *cp = data;
4196 int err;
4197
4198 BT_DBG("%s", hdev->name);
4199
62af4443 4200 if (!lmp_le_capable(hdev))
d13eafce 4201 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 4202 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4203
4204 if (hdev_is_powered(hdev))
4205 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4206 MGMT_STATUS_REJECTED);
4207
4208 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4209 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4210 return cmd_status(sk, hdev->id,
4211 MGMT_OP_SET_STATIC_ADDRESS,
4212 MGMT_STATUS_INVALID_PARAMS);
4213
4214 /* Two most significant bits shall be set */
4215 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4216 return cmd_status(sk, hdev->id,
4217 MGMT_OP_SET_STATIC_ADDRESS,
4218 MGMT_STATUS_INVALID_PARAMS);
4219 }
4220
4221 hci_dev_lock(hdev);
4222
4223 bacpy(&hdev->static_addr, &cp->bdaddr);
4224
4225 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4226
4227 hci_dev_unlock(hdev);
4228
4229 return err;
4230}
4231
14b49b9a
MH		 4232static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4233 void *data, u16 len)
4234{
4235 struct mgmt_cp_set_scan_params *cp = data;
4236 __u16 interval, window;
4237 int err;
4238
4239 BT_DBG("%s", hdev->name);
4240
4241 if (!lmp_le_capable(hdev))
4242 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4243 MGMT_STATUS_NOT_SUPPORTED);
4244
4245 interval = __le16_to_cpu(cp->interval);
4246
4247 if (interval < 0x0004 || interval > 0x4000)
4248 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4249 MGMT_STATUS_INVALID_PARAMS);
4250
4251 window = __le16_to_cpu(cp->window);
4252
4253 if (window < 0x0004 || window > 0x4000)
4254 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4255 MGMT_STATUS_INVALID_PARAMS);
4256
899e1075
MH		 4257 if (window > interval)
4258 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4259 MGMT_STATUS_INVALID_PARAMS);
4260
14b49b9a
MH		 4261 hci_dev_lock(hdev);
4262
4263 hdev->le_scan_interval = interval;
4264 hdev->le_scan_window = window;
4265
4266 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4267
dd2ef8e2
AG		 4268 /* If background scan is running, restart it so new parameters are
4269 * loaded.
4270 */
4271 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4272 hdev->discovery.state == DISCOVERY_STOPPED) {
4273 struct hci_request req;
4274
4275 hci_req_init(&req, hdev);
4276
4277 hci_req_add_le_scan_disable(&req);
4278 hci_req_add_le_passive_scan(&req);
4279
4280 hci_req_run(&req, NULL);
4281 }
4282
14b49b9a
MH		 4283 hci_dev_unlock(hdev);
4284
4285 return err;
4286}
4287
33e38b3e
JH		 4288static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4289{
4290 struct pending_cmd *cmd;
4291
4292 BT_DBG("status 0x%02x", status);
4293
4294 hci_dev_lock(hdev);
4295
4296 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4297 if (!cmd)
4298 goto unlock;
4299
4300 if (status) {
4301 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4302 mgmt_status(status));
4303 } else {
1a4d3c4b
JH		 4304 struct mgmt_mode *cp = cmd->param;
4305
4306 if (cp->val)
4307 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4308 else
4309 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4310
33e38b3e
JH		 4311 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4312 new_settings(hdev, cmd->sk);
4313 }
4314
4315 mgmt_pending_remove(cmd);
4316
4317unlock:
4318 hci_dev_unlock(hdev);
4319}
4320
bdb6d971 4321static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4322 void *data, u16 len)
f6422ec6 4323{
650f726d 4324 struct mgmt_mode *cp = data;
33e38b3e
JH		 4325 struct pending_cmd *cmd;
4326 struct hci_request req;
f6422ec6
AJ		 4327 int err;
4328
bdb6d971 4329 BT_DBG("%s", hdev->name);
f6422ec6 4330
56f87901
JH		 4331 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4332 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4333 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4334 MGMT_STATUS_NOT_SUPPORTED);
4335
a7e80f25
JH		 4336 if (cp->val != 0x00 && cp->val != 0x01)
4337 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4338 MGMT_STATUS_INVALID_PARAMS);
4339
5400c044 4340 if (!hdev_is_powered(hdev))
bdb6d971 4341 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4342 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4343
4344 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4345 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4346 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4347
4348 hci_dev_lock(hdev);
4349
05cbf29f
JH		 4350 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4351 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4352 MGMT_STATUS_BUSY);
4353 goto unlock;
4354 }
4355
1a4d3c4b
JH		 4356 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4357 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4358 hdev);
4359 goto unlock;
4360 }
4361
33e38b3e
JH		 4362 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4363 data, len);
4364 if (!cmd) {
4365 err = -ENOMEM;
4366 goto unlock;
f6422ec6
AJ		 4367 }
4368
33e38b3e
JH		 4369 hci_req_init(&req, hdev);
4370
406d7804 4371 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4372
4373 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4374 if (err < 0) {
bdb6d971 4375 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4376 MGMT_STATUS_FAILED);
33e38b3e 4377 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4378 }
4379
33e38b3e 4380unlock:
f6422ec6 4381 hci_dev_unlock(hdev);
33e38b3e 4382
f6422ec6
AJ		 4383 return err;
4384}
4385
0663ca2a
JH		 4386static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4387{
4388 struct pending_cmd *cmd;
4389
4390 BT_DBG("status 0x%02x", status);
4391
4392 hci_dev_lock(hdev);
4393
4394 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4395 if (!cmd)
4396 goto unlock;
4397
4398 if (status) {
4399 u8 mgmt_err = mgmt_status(status);
4400
4401 /* We need to restore the flag if related HCI commands
4402 * failed.
4403 */
4404 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4405
4406 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4407 } else {
4408 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4409 new_settings(hdev, cmd->sk);
4410 }
4411
4412 mgmt_pending_remove(cmd);
4413
4414unlock:
4415 hci_dev_unlock(hdev);
4416}
4417
4418static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4419{
4420 struct mgmt_mode *cp = data;
4421 struct pending_cmd *cmd;
4422 struct hci_request req;
4423 int err;
4424
4425 BT_DBG("request for %s", hdev->name);
4426
4427 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4428 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4429 MGMT_STATUS_NOT_SUPPORTED);
4430
4431 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4432 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4433 MGMT_STATUS_REJECTED);
4434
4435 if (cp->val != 0x00 && cp->val != 0x01)
4436 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4437 MGMT_STATUS_INVALID_PARAMS);
4438
4439 hci_dev_lock(hdev);
4440
4441 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4442 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4443 goto unlock;
4444 }
4445
4446 if (!hdev_is_powered(hdev)) {
4447 if (!cp->val) {
0663ca2a
JH		 4448 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4449 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4450 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4451 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4452 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4453 }
4454
4455 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4456
4457 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4458 if (err < 0)
4459 goto unlock;
4460
4461 err = new_settings(hdev, sk);
4462 goto unlock;
4463 }
4464
4465 /* Reject disabling when powered on */
4466 if (!cp->val) {
4467 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4468 MGMT_STATUS_REJECTED);
4469 goto unlock;
4470 }
4471
4472 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4473 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4474 MGMT_STATUS_BUSY);
4475 goto unlock;
4476 }
4477
4478 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4479 if (!cmd) {
4480 err = -ENOMEM;
4481 goto unlock;
4482 }
4483
5947f4bc 4484 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4485 * generates the correct flags.
4486 */
4487 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4488
4489 hci_req_init(&req, hdev);
aa8af46e 4490
432df05e
JH		 4491 write_fast_connectable(&req, false);
4492 hci_update_page_scan(hdev, &req);
aa8af46e 4493
f14d8f64
MH		 4494 /* Since only the advertising data flags will change, there
4495 * is no need to update the scan response data.
4496 */
5947f4bc 4497 update_adv_data(&req);
aa8af46e 4498
0663ca2a
JH		 4499 err = hci_req_run(&req, set_bredr_complete);
4500 if (err < 0)
4501 mgmt_pending_remove(cmd);
4502
4503unlock:
4504 hci_dev_unlock(hdev);
4505 return err;
4506}
4507
eac83dc6
MH		 4508static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4509 void *data, u16 len)
4510{
4511 struct mgmt_mode *cp = data;
4512 struct pending_cmd *cmd;
0ab04a9c 4513 u8 val, status;
eac83dc6
MH		 4514 int err;
4515
4516 BT_DBG("request for %s", hdev->name);
4517
4518 status = mgmt_bredr_support(hdev);
4519 if (status)
4520 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4521 status);
4522
5afeac14 4523 if (!lmp_sc_capable(hdev) &&
111902f7 4524 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4525 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4526 MGMT_STATUS_NOT_SUPPORTED);
4527
0ab04a9c 4528 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4529 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4530 MGMT_STATUS_INVALID_PARAMS);
4531
4532 hci_dev_lock(hdev);
4533
4534 if (!hdev_is_powered(hdev)) {
4535 bool changed;
4536
0ab04a9c 4537 if (cp->val) {
eac83dc6
MH		 4538 changed = !test_and_set_bit(HCI_SC_ENABLED,
4539 &hdev->dev_flags);
0ab04a9c
MH		 4540 if (cp->val == 0x02)
4541 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4542 else
4543 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4544 } else {
eac83dc6
MH		 4545 changed = test_and_clear_bit(HCI_SC_ENABLED,
4546 &hdev->dev_flags);
0ab04a9c
MH		 4547 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4548 }
eac83dc6
MH		 4549
4550 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4551 if (err < 0)
4552 goto failed;
4553
4554 if (changed)
4555 err = new_settings(hdev, sk);
4556
4557 goto failed;
4558 }
4559
4560 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4561 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4562 MGMT_STATUS_BUSY);
4563 goto failed;
4564 }
4565
0ab04a9c
MH		 4566 val = !!cp->val;
4567
4568 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4569 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4570 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4571 goto failed;
4572 }
4573
4574 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4575 if (!cmd) {
4576 err = -ENOMEM;
4577 goto failed;
4578 }
4579
0ab04a9c 4580 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4581 if (err < 0) {
4582 mgmt_pending_remove(cmd);
4583 goto failed;
4584 }
4585
0ab04a9c
MH		 4586 if (cp->val == 0x02)
4587 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4588 else
4589 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4590
eac83dc6
MH		 4591failed:
4592 hci_dev_unlock(hdev);
4593 return err;
4594}
4595
4e39ac81
MH		 4596static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4597 void *data, u16 len)
4598{
4599 struct mgmt_mode *cp = data;
b9710979 4600 bool changed, use_changed;
4e39ac81
MH		 4601 int err;
4602
4603 BT_DBG("request for %s", hdev->name);
4604
b9710979 4605 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4606 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4607 MGMT_STATUS_INVALID_PARAMS);
4608
4609 hci_dev_lock(hdev);
4610
4611 if (cp->val)
0663b297
JH		 4612 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4613 &hdev->dev_flags);
4e39ac81 4614 else
0663b297
JH		 4615 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4616 &hdev->dev_flags);
4e39ac81 4617
b9710979
JH		 4618 if (cp->val == 0x02)
4619 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4620 &hdev->dev_flags);
4621 else
4622 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4623 &hdev->dev_flags);
4624
4625 if (hdev_is_powered(hdev) && use_changed &&
4626 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4627 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4628 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4629 sizeof(mode), &mode);
4630 }
4631
4e39ac81
MH		 4632 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4633 if (err < 0)
4634 goto unlock;
4635
4636 if (changed)
4637 err = new_settings(hdev, sk);
4638
4639unlock:
4640 hci_dev_unlock(hdev);
4641 return err;
4642}
4643
62b04cd1
JH		 4644static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4645 u16 len)
4646{
4647 struct mgmt_cp_set_privacy *cp = cp_data;
4648 bool changed;
4649 int err;
4650
4651 BT_DBG("request for %s", hdev->name);
4652
4653 if (!lmp_le_capable(hdev))
4654 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4655 MGMT_STATUS_NOT_SUPPORTED);
4656
4657 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4658 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4659 MGMT_STATUS_INVALID_PARAMS);
4660
4661 if (hdev_is_powered(hdev))
4662 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4663 MGMT_STATUS_REJECTED);
4664
4665 hci_dev_lock(hdev);
4666
c21c0ea0
JH		 4667 /* If user space supports this command it is also expected to
4668 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4669 */
4670 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4671
62b04cd1
JH		 4672 if (cp->privacy) {
4673 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4674 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4675 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4676 } else {
4677 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4678 memset(hdev->irk, 0, sizeof(hdev->irk));
4679 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4680 }
4681
4682 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4683 if (err < 0)
4684 goto unlock;
4685
4686 if (changed)
4687 err = new_settings(hdev, sk);
4688
4689unlock:
4690 hci_dev_unlock(hdev);
4691 return err;
4692}
4693
41edf160
JH		 4694static bool irk_is_valid(struct mgmt_irk_info *irk)
4695{
4696 switch (irk->addr.type) {
4697 case BDADDR_LE_PUBLIC:
4698 return true;
4699
4700 case BDADDR_LE_RANDOM:
4701 /* Two most significant bits shall be set */
4702 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4703 return false;
4704 return true;
4705 }
4706
4707 return false;
4708}
4709
4710static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4711 u16 len)
4712{
4713 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4714 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4715 sizeof(struct mgmt_irk_info));
41edf160
JH		 4716 u16 irk_count, expected_len;
4717 int i, err;
4718
4719 BT_DBG("request for %s", hdev->name);
4720
4721 if (!lmp_le_capable(hdev))
4722 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4723 MGMT_STATUS_NOT_SUPPORTED);
4724
4725 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4726 if (irk_count > max_irk_count) {
4727 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4728 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4729 MGMT_STATUS_INVALID_PARAMS);
4730 }
41edf160
JH		 4731
4732 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4733 if (expected_len != len) {
4734 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4735 expected_len, len);
41edf160
JH		 4736 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4737 MGMT_STATUS_INVALID_PARAMS);
4738 }
4739
4740 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4741
4742 for (i = 0; i < irk_count; i++) {
4743 struct mgmt_irk_info *key = &cp->irks[i];
4744
4745 if (!irk_is_valid(key))
4746 return cmd_status(sk, hdev->id,
4747 MGMT_OP_LOAD_IRKS,
4748 MGMT_STATUS_INVALID_PARAMS);
4749 }
4750
4751 hci_dev_lock(hdev);
4752
4753 hci_smp_irks_clear(hdev);
4754
4755 for (i = 0; i < irk_count; i++) {
4756 struct mgmt_irk_info *irk = &cp->irks[i];
4757 u8 addr_type;
4758
4759 if (irk->addr.type == BDADDR_LE_PUBLIC)
4760 addr_type = ADDR_LE_DEV_PUBLIC;
4761 else
4762 addr_type = ADDR_LE_DEV_RANDOM;
4763
4764 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4765 BDADDR_ANY);
4766 }
4767
4768 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4769
4770 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4771
4772 hci_dev_unlock(hdev);
4773
4774 return err;
4775}
4776
3f706b72
JH		 4777static bool ltk_is_valid(struct mgmt_ltk_info *key)
4778{
4779 if (key->master != 0x00 && key->master != 0x01)
4780 return false;
490cb0b3
MH		 4781
4782 switch (key->addr.type) {
4783 case BDADDR_LE_PUBLIC:
4784 return true;
4785
4786 case BDADDR_LE_RANDOM:
4787 /* Two most significant bits shall be set */
4788 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4789 return false;
4790 return true;
4791 }
4792
4793 return false;
3f706b72
JH		 4794}
4795
bdb6d971 4796static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4797 void *cp_data, u16 len)
346af67b 4798{
346af67b 4799 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4800 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4801 sizeof(struct mgmt_ltk_info));
346af67b 4802 u16 key_count, expected_len;
715a5bf2 4803 int i, err;
346af67b 4804
cf99ba13
MH		 4805 BT_DBG("request for %s", hdev->name);
4806
4807 if (!lmp_le_capable(hdev))
4808 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4809 MGMT_STATUS_NOT_SUPPORTED);
4810
1f350c87 4811 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4812 if (key_count > max_key_count) {
4813 BT_ERR("load_ltks: too big key_count value %u", key_count);
4814 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4815 MGMT_STATUS_INVALID_PARAMS);
4816 }
346af67b
VCG		 4817
4818 expected_len = sizeof(*cp) + key_count *
4819 sizeof(struct mgmt_ltk_info);
4820 if (expected_len != len) {
4821 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4822 expected_len, len);
bdb6d971 4823 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4824 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4825 }
4826
bdb6d971 4827 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4828
54ad6d8a
JH		 4829 for (i = 0; i < key_count; i++) {
4830 struct mgmt_ltk_info *key = &cp->keys[i];
4831
3f706b72 4832 if (!ltk_is_valid(key))
54ad6d8a
JH		 4833 return cmd_status(sk, hdev->id,
4834 MGMT_OP_LOAD_LONG_TERM_KEYS,
4835 MGMT_STATUS_INVALID_PARAMS);
4836 }
4837
346af67b
VCG		 4838 hci_dev_lock(hdev);
4839
4840 hci_smp_ltks_clear(hdev);
4841
4842 for (i = 0; i < key_count; i++) {
4843 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4844 u8 type, addr_type, authenticated;
79d95a19
MH		 4845
4846 if (key->addr.type == BDADDR_LE_PUBLIC)
4847 addr_type = ADDR_LE_DEV_PUBLIC;
4848 else
4849 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4850
4851 if (key->master)
2ceba539 4852 type = SMP_LTK;
346af67b 4853 else
2ceba539 4854 type = SMP_LTK_SLAVE;
346af67b 4855
61b43357
JH		 4856 switch (key->type) {
4857 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4858 authenticated = 0x00;
61b43357
JH		 4859 break;
4860 case MGMT_LTK_AUTHENTICATED:
d7b25450 4861 authenticated = 0x01;
61b43357
JH		 4862 break;
4863 default:
4864 continue;
4865 }
d7b25450 4866
35d70271 4867 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4868 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4869 key->rand);
346af67b
VCG		 4870 }
4871
715a5bf2
JH		 4872 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4873 NULL, 0);
4874
346af67b 4875 hci_dev_unlock(hdev);
346af67b 4876
715a5bf2 4877 return err;
346af67b
VCG		 4878}
4879
dd983808
AK		 4880struct cmd_conn_lookup {
4881 struct hci_conn *conn;
4882 bool valid_tx_power;
4883 u8 mgmt_status;
4884};
4885
4886static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4887{
4888 struct cmd_conn_lookup *match = data;
4889 struct mgmt_cp_get_conn_info *cp;
4890 struct mgmt_rp_get_conn_info rp;
4891 struct hci_conn *conn = cmd->user_data;
4892
4893 if (conn != match->conn)
4894 return;
4895
4896 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4897
4898 memset(&rp, 0, sizeof(rp));
4899 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4900 rp.addr.type = cp->addr.type;
4901
4902 if (!match->mgmt_status) {
4903 rp.rssi = conn->rssi;
4904
eed5daf3 4905 if (match->valid_tx_power) {
dd983808 4906 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4907 rp.max_tx_power = conn->max_tx_power;
4908 } else {
dd983808 4909 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4910 rp.max_tx_power = HCI_TX_POWER_INVALID;
4911 }
dd983808
AK		 4912 }
4913
4914 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4915 match->mgmt_status, &rp, sizeof(rp));
4916
4917 hci_conn_drop(conn);
f8aaf9b6 4918 hci_conn_put(conn);
dd983808
AK		 4919
4920 mgmt_pending_remove(cmd);
4921}
4922
4923static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4924{
4925 struct hci_cp_read_rssi *cp;
4926 struct hci_conn *conn;
4927 struct cmd_conn_lookup match;
4928 u16 handle;
4929
4930 BT_DBG("status 0x%02x", status);
4931
4932 hci_dev_lock(hdev);
4933
4934 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4935 * otherwise we assume it's not valid. At the moment we assume that
4936 * either both or none of current and max values are valid to keep code
4937 * simple.
dd983808
AK		 4938 */
4939 match.valid_tx_power = !status;
4940
4941 /* Commands sent in request are either Read RSSI or Read Transmit Power
4942 * Level so we check which one was last sent to retrieve connection
4943 * handle. Both commands have handle as first parameter so it's safe to
4944 * cast data on the same command struct.
4945 *
4946 * First command sent is always Read RSSI and we fail only if it fails.
4947 * In other case we simply override error to indicate success as we
4948 * already remembered if TX power value is actually valid.
4949 */
4950 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4951 if (!cp) {
4952 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4953 status = 0;
4954 }
4955
4956 if (!cp) {
4957 BT_ERR("invalid sent_cmd in response");
4958 goto unlock;
4959 }
4960
4961 handle = __le16_to_cpu(cp->handle);
4962 conn = hci_conn_hash_lookup_handle(hdev, handle);
4963 if (!conn) {
4964 BT_ERR("unknown handle (%d) in response", handle);
4965 goto unlock;
4966 }
4967
4968 match.conn = conn;
4969 match.mgmt_status = mgmt_status(status);
4970
4971 /* Cache refresh is complete, now reply for mgmt request for given
4972 * connection only.
4973 */
4974 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4975 get_conn_info_complete, &match);
4976
4977unlock:
4978 hci_dev_unlock(hdev);
4979}
4980
4981static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4982 u16 len)
4983{
4984 struct mgmt_cp_get_conn_info *cp = data;
4985 struct mgmt_rp_get_conn_info rp;
4986 struct hci_conn *conn;
4987 unsigned long conn_info_age;
4988 int err = 0;
4989
4990 BT_DBG("%s", hdev->name);
4991
4992 memset(&rp, 0, sizeof(rp));
4993 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4994 rp.addr.type = cp->addr.type;
4995
4996 if (!bdaddr_type_is_valid(cp->addr.type))
4997 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4998 MGMT_STATUS_INVALID_PARAMS,
4999 &rp, sizeof(rp));
5000
5001 hci_dev_lock(hdev);
5002
5003 if (!hdev_is_powered(hdev)) {
5004 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5005 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5006 goto unlock;
5007 }
5008
5009 if (cp->addr.type == BDADDR_BREDR)
5010 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5011 &cp->addr.bdaddr);
5012 else
5013 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5014
5015 if (!conn || conn->state != BT_CONNECTED) {
5016 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5017 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
5018 goto unlock;
5019 }
5020
5021 /* To avoid client trying to guess when to poll again for information we
5022 * calculate conn info age as random value between min/max set in hdev.
5023 */
5024 conn_info_age = hdev->conn_info_min_age +
5025 prandom_u32_max(hdev->conn_info_max_age -
5026 hdev->conn_info_min_age);
5027
5028 /* Query controller to refresh cached values if they are too old or were
5029 * never read.
5030 */
f4e2dd53
AK		 5031 if (time_after(jiffies, conn->conn_info_timestamp +
5032 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5033 !conn->conn_info_timestamp) {
5034 struct hci_request req;
5035 struct hci_cp_read_tx_power req_txp_cp;
5036 struct hci_cp_read_rssi req_rssi_cp;
5037 struct pending_cmd *cmd;
5038
5039 hci_req_init(&req, hdev);
5040 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5041 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5042 &req_rssi_cp);
5043
f7faab0c
AK		 5044 /* For LE links TX power does not change thus we don't need to
5045 * query for it once value is known.
5046 */
5047 if (!bdaddr_type_is_le(cp->addr.type) ||
5048 conn->tx_power == HCI_TX_POWER_INVALID) {
5049 req_txp_cp.handle = cpu_to_le16(conn->handle);
5050 req_txp_cp.type = 0x00;
5051 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5052 sizeof(req_txp_cp), &req_txp_cp);
5053 }
dd983808 5054
eed5daf3
AK		 5055 /* Max TX power needs to be read only once per connection */
5056 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5057 req_txp_cp.handle = cpu_to_le16(conn->handle);
5058 req_txp_cp.type = 0x01;
5059 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5060 sizeof(req_txp_cp), &req_txp_cp);
5061 }
5062
dd983808
AK		 5063 err = hci_req_run(&req, conn_info_refresh_complete);
5064 if (err < 0)
5065 goto unlock;
5066
5067 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5068 data, len);
5069 if (!cmd) {
5070 err = -ENOMEM;
5071 goto unlock;
5072 }
5073
5074 hci_conn_hold(conn);
f8aaf9b6 5075 cmd->user_data = hci_conn_get(conn);
dd983808
AK		 5076
5077 conn->conn_info_timestamp = jiffies;
5078 } else {
5079 /* Cache is valid, just reply with values cached in hci_conn */
5080 rp.rssi = conn->rssi;
5081 rp.tx_power = conn->tx_power;
eed5daf3 5082 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 5083
5084 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5085 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5086 }
5087
5088unlock:
5089 hci_dev_unlock(hdev);
5090 return err;
5091}
5092
95868426
JH		 5093static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5094{
5095 struct mgmt_cp_get_clock_info *cp;
5096 struct mgmt_rp_get_clock_info rp;
5097 struct hci_cp_read_clock *hci_cp;
5098 struct pending_cmd *cmd;
5099 struct hci_conn *conn;
5100
5101 BT_DBG("%s status %u", hdev->name, status);
5102
5103 hci_dev_lock(hdev);
5104
5105 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5106 if (!hci_cp)
5107 goto unlock;
5108
5109 if (hci_cp->which) {
5110 u16 handle = __le16_to_cpu(hci_cp->handle);
5111 conn = hci_conn_hash_lookup_handle(hdev, handle);
5112 } else {
5113 conn = NULL;
5114 }
5115
5116 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5117 if (!cmd)
5118 goto unlock;
5119
5120 cp = cmd->param;
5121
5122 memset(&rp, 0, sizeof(rp));
5123 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
5124
5125 if (status)
5126 goto send_rsp;
5127
5128 rp.local_clock = cpu_to_le32(hdev->clock);
5129
5130 if (conn) {
5131 rp.piconet_clock = cpu_to_le32(conn->clock);
5132 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5133 }
5134
5135send_rsp:
5136 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
5137 &rp, sizeof(rp));
5138 mgmt_pending_remove(cmd);
f8aaf9b6 5139 if (conn) {
95868426 5140 hci_conn_drop(conn);
f8aaf9b6
JH		 5141 hci_conn_put(conn);
5142 }
95868426
JH		 5143
5144unlock:
5145 hci_dev_unlock(hdev);
5146}
5147
5148static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5149 u16 len)
5150{
5151 struct mgmt_cp_get_clock_info *cp = data;
5152 struct mgmt_rp_get_clock_info rp;
5153 struct hci_cp_read_clock hci_cp;
5154 struct pending_cmd *cmd;
5155 struct hci_request req;
5156 struct hci_conn *conn;
5157 int err;
5158
5159 BT_DBG("%s", hdev->name);
5160
5161 memset(&rp, 0, sizeof(rp));
5162 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5163 rp.addr.type = cp->addr.type;
5164
5165 if (cp->addr.type != BDADDR_BREDR)
5166 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5167 MGMT_STATUS_INVALID_PARAMS,
5168 &rp, sizeof(rp));
5169
5170 hci_dev_lock(hdev);
5171
5172 if (!hdev_is_powered(hdev)) {
5173 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5174 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5175 goto unlock;
5176 }
5177
5178 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5179 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5180 &cp->addr.bdaddr);
5181 if (!conn || conn->state != BT_CONNECTED) {
5182 err = cmd_complete(sk, hdev->id,
5183 MGMT_OP_GET_CLOCK_INFO,
5184 MGMT_STATUS_NOT_CONNECTED,
5185 &rp, sizeof(rp));
5186 goto unlock;
5187 }
5188 } else {
5189 conn = NULL;
5190 }
5191
5192 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5193 if (!cmd) {
5194 err = -ENOMEM;
5195 goto unlock;
5196 }
5197
5198 hci_req_init(&req, hdev);
5199
5200 memset(&hci_cp, 0, sizeof(hci_cp));
5201 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5202
5203 if (conn) {
5204 hci_conn_hold(conn);
f8aaf9b6 5205 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5206
5207 hci_cp.handle = cpu_to_le16(conn->handle);
5208 hci_cp.which = 0x01; /* Piconet clock */
5209 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5210 }
5211
5212 err = hci_req_run(&req, get_clock_info_complete);
5213 if (err < 0)
5214 mgmt_pending_remove(cmd);
5215
5216unlock:
5217 hci_dev_unlock(hdev);
5218 return err;
5219}
5220
8afef092
MH		 5221static void device_added(struct sock *sk, struct hci_dev *hdev,
5222 bdaddr_t *bdaddr, u8 type, u8 action)
5223{
5224 struct mgmt_ev_device_added ev;
5225
5226 bacpy(&ev.addr.bdaddr, bdaddr);
5227 ev.addr.type = type;
5228 ev.action = action;
5229
5230 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5231}
5232
2faade53
MH		 5233static int add_device(struct sock *sk, struct hci_dev *hdev,
5234 void *data, u16 len)
5235{
5236 struct mgmt_cp_add_device *cp = data;
5237 u8 auto_conn, addr_type;
5238 int err;
5239
5240 BT_DBG("%s", hdev->name);
5241
6659358e 5242 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53
MH		 5243 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5244 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5245 MGMT_STATUS_INVALID_PARAMS,
5246 &cp->addr, sizeof(cp->addr));
5247
4b9e7e75 5248 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2faade53
MH		 5249 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5250 MGMT_STATUS_INVALID_PARAMS,
5251 &cp->addr, sizeof(cp->addr));
5252
5253 hci_dev_lock(hdev);
5254
6659358e 5255 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5256 /* Only incoming connections action is supported for now */
6659358e
JH		 5257 if (cp->action != 0x01) {
5258 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5259 MGMT_STATUS_INVALID_PARAMS,
5260 &cp->addr, sizeof(cp->addr));
5261 goto unlock;
5262 }
5263
5264 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5265 cp->addr.type);
5266 if (err)
5267 goto unlock;
a397407f 5268
432df05e 5269 hci_update_page_scan(hdev, NULL);
a397407f 5270
6659358e
JH		 5271 goto added;
5272 }
5273
2faade53
MH		 5274 if (cp->addr.type == BDADDR_LE_PUBLIC)
5275 addr_type = ADDR_LE_DEV_PUBLIC;
5276 else
5277 addr_type = ADDR_LE_DEV_RANDOM;
5278
4b9e7e75 5279 if (cp->action == 0x02)
2faade53 5280 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5281 else if (cp->action == 0x01)
5282 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5283 else
a3451d27 5284 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5285
bf5b3c8b
MH		 5286 /* If the connection parameters don't exist for this device,
5287 * they will be created and configured with defaults.
5288 */
d06b50ce
MH		 5289 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5290 auto_conn) < 0) {
2faade53
MH		 5291 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5292 MGMT_STATUS_FAILED,
5293 &cp->addr, sizeof(cp->addr));
5294 goto unlock;
5295 }
5296
6659358e 5297added:
8afef092
MH		 5298 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5299
2faade53
MH		 5300 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5301 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5302
5303unlock:
5304 hci_dev_unlock(hdev);
5305 return err;
5306}
5307
8afef092
MH		 5308static void device_removed(struct sock *sk, struct hci_dev *hdev,
5309 bdaddr_t *bdaddr, u8 type)
5310{
5311 struct mgmt_ev_device_removed ev;
5312
5313 bacpy(&ev.addr.bdaddr, bdaddr);
5314 ev.addr.type = type;
5315
5316 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5317}
5318
2faade53
MH		 5319static int remove_device(struct sock *sk, struct hci_dev *hdev,
5320 void *data, u16 len)
5321{
5322 struct mgmt_cp_remove_device *cp = data;
5323 int err;
5324
5325 BT_DBG("%s", hdev->name);
5326
5327 hci_dev_lock(hdev);
5328
5329 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5330 struct hci_conn_params *params;
2faade53
MH		 5331 u8 addr_type;
5332
6659358e 5333 if (!bdaddr_type_is_valid(cp->addr.type)) {
2faade53
MH		 5334 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5335 MGMT_STATUS_INVALID_PARAMS,
5336 &cp->addr, sizeof(cp->addr));
5337 goto unlock;
5338 }
5339
6659358e
JH		 5340 if (cp->addr.type == BDADDR_BREDR) {
5341 err = hci_bdaddr_list_del(&hdev->whitelist,
5342 &cp->addr.bdaddr,
5343 cp->addr.type);
5344 if (err) {
5345 err = cmd_complete(sk, hdev->id,
5346 MGMT_OP_REMOVE_DEVICE,
5347 MGMT_STATUS_INVALID_PARAMS,
5348 &cp->addr, sizeof(cp->addr));
5349 goto unlock;
5350 }
5351
432df05e 5352 hci_update_page_scan(hdev, NULL);
a397407f 5353
6659358e
JH		 5354 device_removed(sk, hdev, &cp->addr.bdaddr,
5355 cp->addr.type);
5356 goto complete;
5357 }
5358
2faade53
MH		 5359 if (cp->addr.type == BDADDR_LE_PUBLIC)
5360 addr_type = ADDR_LE_DEV_PUBLIC;
5361 else
5362 addr_type = ADDR_LE_DEV_RANDOM;
5363
c71593dd
JH		 5364 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5365 addr_type);
5366 if (!params) {
5367 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5368 MGMT_STATUS_INVALID_PARAMS,
5369 &cp->addr, sizeof(cp->addr));
5370 goto unlock;
5371 }
5372
5373 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5374 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5375 MGMT_STATUS_INVALID_PARAMS,
5376 &cp->addr, sizeof(cp->addr));
5377 goto unlock;
5378 }
5379
d1dbf12e 5380 list_del(&params->action);
c71593dd
JH		 5381 list_del(&params->list);
5382 kfree(params);
95305baa 5383 hci_update_background_scan(hdev);
8afef092
MH		 5384
5385 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5386 } else {
19de0825 5387 struct hci_conn_params *p, *tmp;
6659358e 5388 struct bdaddr_list *b, *btmp;
19de0825 5389
2faade53
MH		 5390 if (cp->addr.type) {
5391 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5392 MGMT_STATUS_INVALID_PARAMS,
5393 &cp->addr, sizeof(cp->addr));
5394 goto unlock;
5395 }
5396
6659358e
JH		 5397 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5398 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5399 list_del(&b->list);
5400 kfree(b);
5401 }
5402
432df05e 5403 hci_update_page_scan(hdev, NULL);
a397407f 5404
19de0825
JH		 5405 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5406 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5407 continue;
5408 device_removed(sk, hdev, &p->addr, p->addr_type);
5409 list_del(&p->action);
5410 list_del(&p->list);
5411 kfree(p);
5412 }
5413
5414 BT_DBG("All LE connection parameters were removed");
5415
5416 hci_update_background_scan(hdev);
2faade53
MH		 5417 }
5418
6659358e 5419complete:
2faade53
MH		 5420 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5421 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5422
5423unlock:
5424 hci_dev_unlock(hdev);
5425 return err;
5426}
5427
a26f3dcf
JH		 5428static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5429 u16 len)
5430{
5431 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5432 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5433 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5434 u16 param_count, expected_len;
5435 int i;
5436
5437 if (!lmp_le_capable(hdev))
5438 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5439 MGMT_STATUS_NOT_SUPPORTED);
5440
5441 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5442 if (param_count > max_param_count) {
5443 BT_ERR("load_conn_param: too big param_count value %u",
5444 param_count);
5445 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5446 MGMT_STATUS_INVALID_PARAMS);
5447 }
a26f3dcf
JH		 5448
5449 expected_len = sizeof(*cp) + param_count *
5450 sizeof(struct mgmt_conn_param);
5451 if (expected_len != len) {
5452 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5453 expected_len, len);
5454 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5455 MGMT_STATUS_INVALID_PARAMS);
5456 }
5457
5458 BT_DBG("%s param_count %u", hdev->name, param_count);
5459
5460 hci_dev_lock(hdev);
5461
5462 hci_conn_params_clear_disabled(hdev);
5463
5464 for (i = 0; i < param_count; i++) {
5465 struct mgmt_conn_param *param = &cp->params[i];
5466 struct hci_conn_params *hci_param;
5467 u16 min, max, latency, timeout;
5468 u8 addr_type;
5469
5470 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5471 param->addr.type);
5472
5473 if (param->addr.type == BDADDR_LE_PUBLIC) {
5474 addr_type = ADDR_LE_DEV_PUBLIC;
5475 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5476 addr_type = ADDR_LE_DEV_RANDOM;
5477 } else {
5478 BT_ERR("Ignoring invalid connection parameters");
5479 continue;
5480 }
5481
5482 min = le16_to_cpu(param->min_interval);
5483 max = le16_to_cpu(param->max_interval);
5484 latency = le16_to_cpu(param->latency);
5485 timeout = le16_to_cpu(param->timeout);
5486
5487 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5488 min, max, latency, timeout);
5489
5490 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5491 BT_ERR("Ignoring invalid connection parameters");
5492 continue;
5493 }
5494
5495 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5496 addr_type);
5497 if (!hci_param) {
5498 BT_ERR("Failed to add connection parameters");
5499 continue;
5500 }
5501
5502 hci_param->conn_min_interval = min;
5503 hci_param->conn_max_interval = max;
5504 hci_param->conn_latency = latency;
5505 hci_param->supervision_timeout = timeout;
5506 }
5507
5508 hci_dev_unlock(hdev);
5509
5510 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5511}
5512
dbece37a
MH		 5513static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5514 void *data, u16 len)
5515{
5516 struct mgmt_cp_set_external_config *cp = data;
5517 bool changed;
5518 int err;
5519
5520 BT_DBG("%s", hdev->name);
5521
5522 if (hdev_is_powered(hdev))
5523 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5524 MGMT_STATUS_REJECTED);
5525
5526 if (cp->config != 0x00 && cp->config != 0x01)
5527 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5528 MGMT_STATUS_INVALID_PARAMS);
5529
5530 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5531 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5532 MGMT_STATUS_NOT_SUPPORTED);
5533
5534 hci_dev_lock(hdev);
5535
5536 if (cp->config)
5537 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5538 &hdev->dev_flags);
5539 else
5540 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5541 &hdev->dev_flags);
5542
5543 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5544 if (err < 0)
5545 goto unlock;
5546
5547 if (!changed)
5548 goto unlock;
5549
f4537c04
MH		 5550 err = new_options(hdev, sk);
5551
dbece37a
MH		 5552 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5553 mgmt_index_removed(hdev);
d603b76b
MH		 5554
5555 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5556 set_bit(HCI_CONFIG, &hdev->dev_flags);
5557 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5558
5559 queue_work(hdev->req_workqueue, &hdev->power_on);
5560 } else {
5ea234d3 5561 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5562 mgmt_index_added(hdev);
5563 }
dbece37a
MH		 5564 }
5565
5566unlock:
5567 hci_dev_unlock(hdev);
5568 return err;
5569}
5570
9713c17b
MH		 5571static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5572 void *data, u16 len)
5573{
5574 struct mgmt_cp_set_public_address *cp = data;
5575 bool changed;
5576 int err;
5577
5578 BT_DBG("%s", hdev->name);
5579
5580 if (hdev_is_powered(hdev))
5581 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5582 MGMT_STATUS_REJECTED);
5583
5584 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5585 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5586 MGMT_STATUS_INVALID_PARAMS);
5587
5588 if (!hdev->set_bdaddr)
5589 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5590 MGMT_STATUS_NOT_SUPPORTED);
5591
5592 hci_dev_lock(hdev);
5593
5594 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5595 bacpy(&hdev->public_addr, &cp->bdaddr);
5596
5597 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5598 if (err < 0)
5599 goto unlock;
5600
5601 if (!changed)
5602 goto unlock;
5603
5604 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5605 err = new_options(hdev, sk);
5606
5607 if (is_configured(hdev)) {
5608 mgmt_index_removed(hdev);
5609
5610 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5611
5612 set_bit(HCI_CONFIG, &hdev->dev_flags);
5613 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5614
5615 queue_work(hdev->req_workqueue, &hdev->power_on);
5616 }
5617
5618unlock:
5619 hci_dev_unlock(hdev);
5620 return err;
5621}
5622
2e3c35ea 5623static const struct mgmt_handler {
04124681
GP		 5624 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5625 u16 data_len);
be22b54e
JH		 5626 bool var_len;
5627 size_t data_len;
0f4e68cf
JH		 5628} mgmt_handlers[] = {
5629 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5630 { read_version, false, MGMT_READ_VERSION_SIZE },
5631 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5632 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5633 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5634 { set_powered, false, MGMT_SETTING_SIZE },
5635 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5636 { set_connectable, false, MGMT_SETTING_SIZE },
5637 { set_fast_connectable, false, MGMT_SETTING_SIZE },
b2939475 5638 { set_bondable, false, MGMT_SETTING_SIZE },
be22b54e
JH		 5639 { set_link_security, false, MGMT_SETTING_SIZE },
5640 { set_ssp, false, MGMT_SETTING_SIZE },
5641 { set_hs, false, MGMT_SETTING_SIZE },
5642 { set_le, false, MGMT_SETTING_SIZE },
5643 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5644 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5645 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5646 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5647 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5648 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5649 { disconnect, false, MGMT_DISCONNECT_SIZE },
5650 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5651 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5652 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5653 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5654 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5655 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5656 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5657 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5658 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5659 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5660 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5661 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5662 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5663 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5664 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5665 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5666 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5667 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5668 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5669 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5670 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5671 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5672 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5673 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5674 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5675 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5676 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5677 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5678 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5679 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5680 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5681 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
73d1df2a
MH		 5682 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
5683 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
9fc3bfb6 5684 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
dbece37a 5685 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
9713c17b 5686 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
0f4e68cf
JH		 5687};
5688
0381101f
JH		 5689int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5690{
650f726d
VCG		 5691 void *buf;
5692 u8 *cp;
0381101f 5693 struct mgmt_hdr *hdr;
4e51eae9 5694 u16 opcode, index, len;
bdb6d971 5695 struct hci_dev *hdev = NULL;
2e3c35ea 5696 const struct mgmt_handler *handler;
0381101f
JH		 5697 int err;
5698
5699 BT_DBG("got %zu bytes", msglen);
5700
5701 if (msglen < sizeof(*hdr))
5702 return -EINVAL;
5703
e63a15ec 5704 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5705 if (!buf)
5706 return -ENOMEM;
5707
5708 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5709 err = -EFAULT;
5710 goto done;
5711 }
5712
650f726d 5713 hdr = buf;
1f350c87
MH		 5714 opcode = __le16_to_cpu(hdr->opcode);
5715 index = __le16_to_cpu(hdr->index);
5716 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5717
5718 if (len != msglen - sizeof(*hdr)) {
5719 err = -EINVAL;
5720 goto done;
5721 }
5722
0f4e68cf 5723 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5724 hdev = hci_dev_get(index);
5725 if (!hdev) {
5726 err = cmd_status(sk, index, opcode,
04124681 5727 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5728 goto done;
5729 }
0736cfa8 5730
cebf4cfd 5731 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 5732 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 5733 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 5734 err = cmd_status(sk, index, opcode,
5735 MGMT_STATUS_INVALID_INDEX);
5736 goto done;
5737 }
42a9bc14
MH		 5738
5739 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
dbece37a 5740 opcode != MGMT_OP_READ_CONFIG_INFO &&
9713c17b
MH		 5741 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
5742 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
42a9bc14
MH		 5743 err = cmd_status(sk, index, opcode,
5744 MGMT_STATUS_INVALID_INDEX);
5745 goto done;
5746 }
bdb6d971
JH		 5747 }
5748
0f4e68cf 5749 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5750 mgmt_handlers[opcode].func == NULL) {
0381101f 5751 BT_DBG("Unknown op %u", opcode);
ca69b795 5752 err = cmd_status(sk, index, opcode,
04124681 5753 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5754 goto done;
5755 }
5756
73d1df2a
MH		 5757 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
5758 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5759 err = cmd_status(sk, index, opcode,
5760 MGMT_STATUS_INVALID_INDEX);
5761 goto done;
5762 }
5763
5764 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
5765 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
0f4e68cf 5766 err = cmd_status(sk, index, opcode,
04124681 5767 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5768 goto done;
0381101f
JH		 5769 }
5770
be22b54e
JH		 5771 handler = &mgmt_handlers[opcode];
5772
5773 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5774 (!handler->var_len && len != handler->data_len)) {
be22b54e 5775 err = cmd_status(sk, index, opcode,
04124681 5776 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5777 goto done;
5778 }
5779
0f4e68cf
JH		 5780 if (hdev)
5781 mgmt_init_hdev(sk, hdev);
5782
5783 cp = buf + sizeof(*hdr);
5784
be22b54e 5785 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5786 if (err < 0)
5787 goto done;
5788
0381101f
JH		 5789 err = msglen;
5790
5791done:
bdb6d971
JH		 5792 if (hdev)
5793 hci_dev_put(hdev);
5794
0381101f
JH		 5795 kfree(buf);
5796 return err;
5797}
c71e97bf 5798
bf6b56db 5799void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 5800{
1514b892 5801 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5802 return;
bb4b2a9a 5803
0602a8ad
MH		 5804 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5805 return;
5806
5807 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5808 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
5809 else
5810 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 5811}
5812
bf6b56db 5813void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 5814{
5f159032 5815 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 5816
1514b892 5817 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5818 return;
bb4b2a9a 5819
0602a8ad
MH		 5820 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5821 return;
5822
744cf19e 5823 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 5824
edd3896b
MH		 5825 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5826 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
5827 else
5828 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 5829}
5830
6046dc3e 5831/* This function requires the caller holds hdev->lock */
d7347f3c 5832static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 5833{
5834 struct hci_conn_params *p;
5835
5836 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 5837 /* Needed for AUTO_OFF case where might not "really"
5838 * have been powered off.
5839 */
5840 list_del_init(&p->action);
5841
5842 switch (p->auto_connect) {
4b9e7e75 5843 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 5844 case HCI_AUTO_CONN_ALWAYS:
5845 list_add(&p->action, &hdev->pend_le_conns);
5846 break;
5847 case HCI_AUTO_CONN_REPORT:
5848 list_add(&p->action, &hdev->pend_le_reports);
5849 break;
5850 default:
5851 break;
c83ed19d 5852 }
6046dc3e 5853 }
c83ed19d 5854
c83ed19d 5855 hci_update_background_scan(hdev);
6046dc3e
AG		 5856}
5857
229ab39c
JH		 5858static void powered_complete(struct hci_dev *hdev, u8 status)
5859{
5860 struct cmd_lookup match = { NULL, hdev };
5861
5862 BT_DBG("status 0x%02x", status);
5863
5864 hci_dev_lock(hdev);
5865
d7347f3c 5866 restart_le_actions(hdev);
6046dc3e 5867
229ab39c
JH		 5868 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5869
5870 new_settings(hdev, match.sk);
5871
5872 hci_dev_unlock(hdev);
5873
5874 if (match.sk)
5875 sock_put(match.sk);
5876}
5877
70da6243 5878static int powered_update_hci(struct hci_dev *hdev)
5add6af8 5879{
890ea898 5880 struct hci_request req;
70da6243 5881 u8 link_sec;
5add6af8 5882
890ea898
JH		 5883 hci_req_init(&req, hdev);
5884
70da6243
JH		 5885 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5886 !lmp_host_ssp_capable(hdev)) {
5887 u8 ssp = 1;
5e5282bb 5888
890ea898 5889 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5890 }
5add6af8 5891
c73eee91
JH		 5892 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5893 lmp_bredr_capable(hdev)) {
70da6243 5894 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5895
32226e4f
MH		 5896 cp.le = 0x01;
5897 cp.simul = 0x00;
3d1cbdd6 5898
70da6243
JH		 5899 /* Check first if we already have the right
5900 * host state (host features set)
5901 */
5902 if (cp.le != lmp_host_le_capable(hdev) ||
5903 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5904 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5905 sizeof(cp), &cp);
70da6243 5906 }
3d1cbdd6 5907
d13eafce 5908 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5909 /* Make sure the controller has a good default for
5910 * advertising data. This also applies to the case
5911 * where BR/EDR was toggled during the AUTO_OFF phase.
5912 */
f14d8f64 5913 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5914 update_adv_data(&req);
f14d8f64
MH		 5915 update_scan_rsp_data(&req);
5916 }
441ad2d0 5917
bba3aa55
MH		 5918 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5919 enable_advertising(&req);
eeca6f89
JH		 5920 }
5921
70da6243
JH		 5922 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5923 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5924 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5925 sizeof(link_sec), &link_sec);
562fcc24 5926
70da6243 5927 if (lmp_bredr_capable(hdev)) {
432df05e
JH		 5928 write_fast_connectable(&req, false);
5929 hci_update_page_scan(hdev, &req);
890ea898 5930 update_class(&req);
13928971 5931 update_name(&req);
890ea898 5932 update_eir(&req);
70da6243 5933 }
562fcc24 5934
229ab39c 5935 return hci_req_run(&req, powered_complete);
70da6243 5936}
562fcc24 5937
70da6243
JH		 5938int mgmt_powered(struct hci_dev *hdev, u8 powered)
5939{
5940 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5941 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5942 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5943 int err;
f0ff92fb 5944
70da6243
JH		 5945 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5946 return 0;
5947
70da6243 5948 if (powered) {
229ab39c
JH		 5949 if (powered_update_hci(hdev) == 0)
5950 return 0;
fe038884 5951
229ab39c
JH		 5952 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5953 &match);
5954 goto new_settings;
b24752fe
JH		 5955 }
5956
229ab39c
JH		 5957 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5958 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5959
5960 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5961 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5962 zero_cod, sizeof(zero_cod), NULL);
5963
5964new_settings:
beadb2bd 5965 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5966
5967 if (match.sk)
5968 sock_put(match.sk);
5969
7bb895d6 5970 return err;
5add6af8 5971}
73f22f62 5972
3eec705e 5973void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5974{
5975 struct pending_cmd *cmd;
5976 u8 status;
5977
5978 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5979 if (!cmd)
3eec705e 5980 return;
96570ffc
JH		 5981
5982 if (err == -ERFKILL)
5983 status = MGMT_STATUS_RFKILLED;
5984 else
5985 status = MGMT_STATUS_FAILED;
5986
3eec705e 5987 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5988
5989 mgmt_pending_remove(cmd);
96570ffc
JH		 5990}
5991
d1967ff8
MH		 5992void mgmt_discoverable_timeout(struct hci_dev *hdev)
5993{
5994 struct hci_request req;
d1967ff8
MH		 5995
5996 hci_dev_lock(hdev);
5997
5998 /* When discoverable timeout triggers, then just make sure
5999 * the limited discoverable flag is cleared. Even in the case
6000 * of a timeout triggered from general discoverable, it is
6001 * safe to unconditionally clear the flag.
6002 */
6003 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 6004 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 6005
6006 hci_req_init(&req, hdev);
4b580614
JH		 6007 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6008 u8 scan = SCAN_PAGE;
6009 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6010 sizeof(scan), &scan);
6011 }
d1967ff8 6012 update_class(&req);
9a43e25f 6013 update_adv_data(&req);
d1967ff8
MH		 6014 hci_req_run(&req, NULL);
6015
6016 hdev->discov_timeout = 0;
6017
9a43e25f
JH		 6018 new_settings(hdev, NULL);
6019
d1967ff8
MH		 6020 hci_dev_unlock(hdev);
6021}
6022
dc4a5ee2
MH		 6023void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6024 bool persistent)
55ed8ca1 6025{
86742e1e 6026 struct mgmt_ev_new_link_key ev;
55ed8ca1 6027
a492cd52 6028 memset(&ev, 0, sizeof(ev));
55ed8ca1 6029
a492cd52 6030 ev.store_hint = persistent;
d753fdc4 6031 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6032 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6033 ev.key.type = key->type;
9b3b4460 6034 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6035 ev.key.pin_len = key->pin_len;
55ed8ca1 6036
dc4a5ee2 6037 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6038}
f7520543 6039
d7b25450
JH		 6040static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6041{
6042 if (ltk->authenticated)
6043 return MGMT_LTK_AUTHENTICATED;
6044
6045 return MGMT_LTK_UNAUTHENTICATED;
6046}
6047
53ac6ab6 6048void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6049{
6050 struct mgmt_ev_new_long_term_key ev;
6051
6052 memset(&ev, 0, sizeof(ev));
6053
5192d301
MH		 6054 /* Devices using resolvable or non-resolvable random addresses
6055 * without providing an indentity resolving key don't require
6056 * to store long term keys. Their addresses will change the
6057 * next time around.
6058 *
6059 * Only when a remote device provides an identity address
6060 * make sure the long term key is stored. If the remote
6061 * identity is known, the long term keys are internally
6062 * mapped to the identity address. So allow static random
6063 * and public addresses here.
6064 */
ba74b666
JH		 6065 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6066 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6067 ev.store_hint = 0x00;
6068 else
53ac6ab6 6069 ev.store_hint = persistent;
ba74b666 6070
346af67b 6071 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6072 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6073 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6074 ev.key.enc_size = key->enc_size;
6075 ev.key.ediv = key->ediv;
fe39c7b2 6076 ev.key.rand = key->rand;
346af67b 6077
2ceba539 6078 if (key->type == SMP_LTK)
346af67b
VCG		 6079 ev.key.master = 1;
6080
346af67b
VCG		 6081 memcpy(ev.key.val, key->val, sizeof(key->val));
6082
083368f7 6083 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6084}
6085
95fbac8a
JH		 6086void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6087{
6088 struct mgmt_ev_new_irk ev;
6089
6090 memset(&ev, 0, sizeof(ev));
6091
bab6d1e5
MH		 6092 /* For identity resolving keys from devices that are already
6093 * using a public address or static random address, do not
6094 * ask for storing this key. The identity resolving key really
6095 * is only mandatory for devices using resovlable random
6096 * addresses.
6097 *
6098 * Storing all identity resolving keys has the downside that
6099 * they will be also loaded on next boot of they system. More
6100 * identity resolving keys, means more time during scanning is
6101 * needed to actually resolve these addresses.
6102 */
6103 if (bacmp(&irk->rpa, BDADDR_ANY))
6104 ev.store_hint = 0x01;
6105 else
6106 ev.store_hint = 0x00;
6107
95fbac8a
JH		 6108 bacpy(&ev.rpa, &irk->rpa);
6109 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6110 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6111 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6112
6113 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6114}
6115
53ac6ab6
MH		 6116void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6117 bool persistent)
7ee4ea36
MH		 6118{
6119 struct mgmt_ev_new_csrk ev;
6120
6121 memset(&ev, 0, sizeof(ev));
6122
6123 /* Devices using resolvable or non-resolvable random addresses
6124 * without providing an indentity resolving key don't require
6125 * to store signature resolving keys. Their addresses will change
6126 * the next time around.
6127 *
6128 * Only when a remote device provides an identity address
6129 * make sure the signature resolving key is stored. So allow
6130 * static random and public addresses here.
6131 */
6132 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6133 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6134 ev.store_hint = 0x00;
6135 else
53ac6ab6 6136 ev.store_hint = persistent;
7ee4ea36
MH		 6137
6138 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6139 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6140 ev.key.master = csrk->master;
6141 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6142
6143 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6144}
6145
ffb5a827 6146void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6147 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6148 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6149{
6150 struct mgmt_ev_new_conn_param ev;
6151
c103aea6
JH		 6152 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6153 return;
6154
ffb5a827
AG		 6155 memset(&ev, 0, sizeof(ev));
6156 bacpy(&ev.addr.bdaddr, bdaddr);
6157 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6158 ev.store_hint = store_hint;
ffb5a827
AG		 6159 ev.min_interval = cpu_to_le16(min_interval);
6160 ev.max_interval = cpu_to_le16(max_interval);
6161 ev.latency = cpu_to_le16(latency);
6162 ev.timeout = cpu_to_le16(timeout);
6163
6164 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6165}
6166
94933991
MH		 6167static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6168 u8 data_len)
6169{
6170 eir[eir_len++] = sizeof(type) + data_len;
6171 eir[eir_len++] = type;
6172 memcpy(&eir[eir_len], data, data_len);
6173 eir_len += data_len;
6174
6175 return eir_len;
6176}
6177
ecd90ae7
MH		 6178void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6179 u8 addr_type, u32 flags, u8 *name, u8 name_len,
6180 u8 *dev_class)
f7520543 6181{
b644ba33
JH		 6182 char buf[512];
6183 struct mgmt_ev_device_connected *ev = (void *) buf;
6184 u16 eir_len = 0;
f7520543 6185
b644ba33 6186 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6187 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 6188
c95f0ba7 6189 ev->flags = __cpu_to_le32(flags);
08c79b61 6190
b644ba33
JH		 6191 if (name_len > 0)
6192 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 6193 name, name_len);
b644ba33
JH		 6194
6195 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 6196 eir_len = eir_append_data(ev->eir, eir_len,
04124681 6197 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 6198
eb55ef07 6199 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6200
ecd90ae7
MH		 6201 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6202 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6203}
6204
8962ee74
JH		 6205static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6206{
c68fb7ff 6207 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 6208 struct sock **sk = data;
a38528f1 6209 struct mgmt_rp_disconnect rp;
8962ee74 6210
88c3df13
JH		 6211 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6212 rp.addr.type = cp->addr.type;
8962ee74 6213
aee9b218 6214 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 6215 sizeof(rp));
8962ee74
JH		 6216
6217 *sk = cmd->sk;
6218 sock_hold(*sk);
6219
a664b5bc 6220 mgmt_pending_remove(cmd);
8962ee74
JH		 6221}
6222
124f6e35 6223static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 6224{
b1078ad0 6225 struct hci_dev *hdev = data;
124f6e35
JH		 6226 struct mgmt_cp_unpair_device *cp = cmd->param;
6227 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 6228
6229 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 6230 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6231 rp.addr.type = cp->addr.type;
a8a1d19e 6232
b1078ad0
JH		 6233 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6234
aee9b218 6235 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 6236
6237 mgmt_pending_remove(cmd);
6238}
6239
84c61d92
JH		 6240bool mgmt_powering_down(struct hci_dev *hdev)
6241{
6242 struct pending_cmd *cmd;
6243 struct mgmt_mode *cp;
6244
6245 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6246 if (!cmd)
6247 return false;
6248
6249 cp = cmd->param;
6250 if (!cp->val)
6251 return true;
6252
6253 return false;
6254}
6255
9b80ec5e 6256void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6257 u8 link_type, u8 addr_type, u8 reason,
6258 bool mgmt_connected)
f7520543 6259{
f0d6a0ea 6260 struct mgmt_ev_device_disconnected ev;
8962ee74 6261 struct sock *sk = NULL;
8962ee74 6262
84c61d92
JH		 6263 /* The connection is still in hci_conn_hash so test for 1
6264 * instead of 0 to know if this is the last one.
6265 */
6266 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6267 cancel_delayed_work(&hdev->power_off);
6268 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6269 }
6270
12d4a3b2
JH		 6271 if (!mgmt_connected)
6272 return;
6273
57eb776f
AG		 6274 if (link_type != ACL_LINK && link_type != LE_LINK)
6275 return;
6276
744cf19e 6277 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6278
f0d6a0ea
MA		 6279 bacpy(&ev.addr.bdaddr, bdaddr);
6280 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6281 ev.reason = reason;
f7520543 6282
9b80ec5e 6283 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6284
6285 if (sk)
d97dcb66 6286 sock_put(sk);
8962ee74 6287
124f6e35 6288 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6289 hdev);
8962ee74
JH		 6290}
6291
7892924c
MH		 6292void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6293 u8 link_type, u8 addr_type, u8 status)
8962ee74 6294{
3655bba8
AG		 6295 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6296 struct mgmt_cp_disconnect *cp;
88c3df13 6297 struct mgmt_rp_disconnect rp;
8962ee74 6298 struct pending_cmd *cmd;
8962ee74 6299
36a75f1b
JD		 6300 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6301 hdev);
6302
2e58ef3e 6303 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6304 if (!cmd)
7892924c 6305 return;
8962ee74 6306
3655bba8
AG		 6307 cp = cmd->param;
6308
6309 if (bacmp(bdaddr, &cp->addr.bdaddr))
6310 return;
6311
6312 if (cp->addr.type != bdaddr_type)
6313 return;
6314
88c3df13 6315 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 6316 rp.addr.type = bdaddr_type;
37d9ef76 6317
7892924c
MH		 6318 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
6319 mgmt_status(status), &rp, sizeof(rp));
8962ee74 6320
a664b5bc 6321 mgmt_pending_remove(cmd);
f7520543 6322}
17d5c04c 6323
445608d0
MH		 6324void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6325 u8 addr_type, u8 status)
17d5c04c
JH		 6326{
6327 struct mgmt_ev_connect_failed ev;
c9910d0f 6328
84c61d92
JH		 6329 /* The connection is still in hci_conn_hash so test for 1
6330 * instead of 0 to know if this is the last one.
6331 */
6332 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6333 cancel_delayed_work(&hdev->power_off);
6334 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6335 }
17d5c04c 6336
4c659c39 6337 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6338 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6339 ev.status = mgmt_status(status);
17d5c04c 6340
445608d0 6341 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6342}
980e1a53 6343
ce0e4a0d 6344void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6345{
6346 struct mgmt_ev_pin_code_request ev;
6347
d8457698 6348 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6349 ev.addr.type = BDADDR_BREDR;
a770bb5a 6350 ev.secure = secure;
980e1a53 6351
ce0e4a0d 6352 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6353}
6354
e669cf80
MH		 6355void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6356 u8 status)
980e1a53
JH		 6357{
6358 struct pending_cmd *cmd;
ac56fb13 6359 struct mgmt_rp_pin_code_reply rp;
980e1a53 6360
2e58ef3e 6361 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6362 if (!cmd)
e669cf80 6363 return;
980e1a53 6364
d8457698 6365 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6366 rp.addr.type = BDADDR_BREDR;
ac56fb13 6367
e669cf80
MH		 6368 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6369 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6370
a664b5bc 6371 mgmt_pending_remove(cmd);
980e1a53
JH		 6372}
6373
3eb38528
MH		 6374void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6375 u8 status)
980e1a53
JH		 6376{
6377 struct pending_cmd *cmd;
ac56fb13 6378 struct mgmt_rp_pin_code_reply rp;
980e1a53 6379
2e58ef3e 6380 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6381 if (!cmd)
3eb38528 6382 return;
980e1a53 6383
d8457698 6384 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6385 rp.addr.type = BDADDR_BREDR;
ac56fb13 6386
3eb38528
MH		 6387 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6388 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6389
a664b5bc 6390 mgmt_pending_remove(cmd);
980e1a53 6391}
a5c29683 6392
744cf19e 6393int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6394 u8 link_type, u8 addr_type, u32 value,
04124681 6395 u8 confirm_hint)
a5c29683
JH		 6396{
6397 struct mgmt_ev_user_confirm_request ev;
6398
744cf19e 6399 BT_DBG("%s", hdev->name);
a5c29683 6400
272d90df 6401 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6402 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6403 ev.confirm_hint = confirm_hint;
39adbffe 6404 ev.value = cpu_to_le32(value);
a5c29683 6405
744cf19e 6406 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6407 NULL);
a5c29683
JH		 6408}
6409
272d90df 6410int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6411 u8 link_type, u8 addr_type)
604086b7
BG		 6412{
6413 struct mgmt_ev_user_passkey_request ev;
6414
6415 BT_DBG("%s", hdev->name);
6416
272d90df 6417 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6418 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6419
6420 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6421 NULL);
604086b7
BG		 6422}
6423
0df4c185 6424static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6425 u8 link_type, u8 addr_type, u8 status,
6426 u8 opcode)
a5c29683
JH		 6427{
6428 struct pending_cmd *cmd;
6429 struct mgmt_rp_user_confirm_reply rp;
6430 int err;
6431
2e58ef3e 6432 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6433 if (!cmd)
6434 return -ENOENT;
6435
272d90df 6436 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 6437 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 6438 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 6439 &rp, sizeof(rp));
a5c29683 6440
a664b5bc 6441 mgmt_pending_remove(cmd);
a5c29683
JH		 6442
6443 return err;
6444}
6445
744cf19e 6446int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6447 u8 link_type, u8 addr_type, u8 status)
a5c29683 6448{
272d90df 6449 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6450 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6451}
6452
272d90df 6453int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6454 u8 link_type, u8 addr_type, u8 status)
a5c29683 6455{
272d90df 6456 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6457 status,
6458 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6459}
2a611692 6460
604086b7 6461int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6462 u8 link_type, u8 addr_type, u8 status)
604086b7 6463{
272d90df 6464 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6465 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6466}
6467
272d90df 6468int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6469 u8 link_type, u8 addr_type, u8 status)
604086b7 6470{
272d90df 6471 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6472 status,
6473 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6474}
6475
92a25256
JH		 6476int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6477 u8 link_type, u8 addr_type, u32 passkey,
6478 u8 entered)
6479{
6480 struct mgmt_ev_passkey_notify ev;
6481
6482 BT_DBG("%s", hdev->name);
6483
6484 bacpy(&ev.addr.bdaddr, bdaddr);
6485 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6486 ev.passkey = __cpu_to_le32(passkey);
6487 ev.entered = entered;
6488
6489 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6490}
6491
e546099c
MH		 6492void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6493 u8 addr_type, u8 status)
2a611692
JH		 6494{
6495 struct mgmt_ev_auth_failed ev;
6496
bab73cb6 6497 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6498 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6499 ev.status = mgmt_status(status);
2a611692 6500
e546099c 6501 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 6502}
b312b161 6503
464996ae 6504void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6505{
6506 struct cmd_lookup match = { NULL, hdev };
464996ae 6507 bool changed;
33ef95ed
JH		 6508
6509 if (status) {
6510 u8 mgmt_err = mgmt_status(status);
6511 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6512 cmd_status_rsp, &mgmt_err);
464996ae 6513 return;
33ef95ed
JH		 6514 }
6515
464996ae
MH		 6516 if (test_bit(HCI_AUTH, &hdev->flags))
6517 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6518 &hdev->dev_flags);
6519 else
6520 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6521 &hdev->dev_flags);
47990ea0 6522
33ef95ed 6523 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6524 &match);
33ef95ed 6525
47990ea0 6526 if (changed)
464996ae 6527 new_settings(hdev, match.sk);
33ef95ed
JH		 6528
6529 if (match.sk)
6530 sock_put(match.sk);
33ef95ed
JH		 6531}
6532
890ea898 6533static void clear_eir(struct hci_request *req)
cacaf52f 6534{
890ea898 6535 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6536 struct hci_cp_write_eir cp;
6537
976eb20e 6538 if (!lmp_ext_inq_capable(hdev))
890ea898 6539 return;
cacaf52f 6540
c80da27e
JH		 6541 memset(hdev->eir, 0, sizeof(hdev->eir));
6542
cacaf52f
JH		 6543 memset(&cp, 0, sizeof(cp));
6544
890ea898 6545 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6546}
6547
3e248560 6548void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6549{
6550 struct cmd_lookup match = { NULL, hdev };
890ea898 6551 struct hci_request req;
c0ecddc2 6552 bool changed = false;
ed2c4ee3
JH		 6553
6554 if (status) {
6555 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6556
6557 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6558 &hdev->dev_flags)) {
6559 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6560 new_settings(hdev, NULL);
9ecb3e24 6561 }
c0ecddc2 6562
04124681
GP		 6563 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6564 &mgmt_err);
3e248560 6565 return;
c0ecddc2
JH		 6566 }
6567
6568 if (enable) {
9ecb3e24 6569 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6570 } else {
9ecb3e24
MH		 6571 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6572 if (!changed)
6573 changed = test_and_clear_bit(HCI_HS_ENABLED,
6574 &hdev->dev_flags);
6575 else
6576 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6577 }
6578
6579 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6580
c0ecddc2 6581 if (changed)
3e248560 6582 new_settings(hdev, match.sk);
ed2c4ee3 6583
5fc6ebb1 6584 if (match.sk)
ed2c4ee3
JH		 6585 sock_put(match.sk);
6586
890ea898
JH		 6587 hci_req_init(&req, hdev);
6588
3769972b
JH		 6589 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6590 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6591 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6592 sizeof(enable), &enable);
890ea898 6593 update_eir(&req);
3769972b 6594 } else {
890ea898 6595 clear_eir(&req);
3769972b 6596 }
890ea898
JH		 6597
6598 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6599}
6600
eac83dc6
MH		 6601void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6602{
6603 struct cmd_lookup match = { NULL, hdev };
6604 bool changed = false;
6605
6606 if (status) {
6607 u8 mgmt_err = mgmt_status(status);
6608
0ab04a9c
MH		 6609 if (enable) {
6610 if (test_and_clear_bit(HCI_SC_ENABLED,
6611 &hdev->dev_flags))
6612 new_settings(hdev, NULL);
6613 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6614 }
eac83dc6
MH		 6615
6616 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6617 cmd_status_rsp, &mgmt_err);
6618 return;
6619 }
6620
0ab04a9c 6621 if (enable) {
eac83dc6 6622 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6623 } else {
eac83dc6 6624 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6625 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6626 }
eac83dc6
MH		 6627
6628 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6629 settings_rsp, &match);
6630
6631 if (changed)
6632 new_settings(hdev, match.sk);
6633
6634 if (match.sk)
6635 sock_put(match.sk);
6636}
6637
92da6097 6638static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6639{
6640 struct cmd_lookup *match = data;
6641
90e70454
JH		 6642 if (match->sk == NULL) {
6643 match->sk = cmd->sk;
6644 sock_hold(match->sk);
6645 }
90e70454
JH		 6646}
6647
4e1b0245
MH		 6648void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6649 u8 status)
7f9a903c 6650{
90e70454 6651 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6652
92da6097
JH		 6653 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6654 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6655 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6656
6657 if (!status)
4e1b0245
MH		 6658 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6659 NULL);
90e70454
JH		 6660
6661 if (match.sk)
6662 sock_put(match.sk);
7f9a903c
MH		 6663}
6664
7667da34 6665void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6666{
b312b161 6667 struct mgmt_cp_set_local_name ev;
13928971 6668 struct pending_cmd *cmd;
28cc7bde 6669
13928971 6670 if (status)
7667da34 6671 return;
b312b161
JH		 6672
6673 memset(&ev, 0, sizeof(ev));
6674 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6675 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6676
2e58ef3e 6677 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6678 if (!cmd) {
6679 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6680
13928971
JH		 6681 /* If this is a HCI command related to powering on the
6682 * HCI dev don't send any mgmt signals.
6683 */
6684 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6685 return;
890ea898 6686 }
b312b161 6687
7667da34
MH		 6688 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6689 cmd ? cmd->sk : NULL);
b312b161 6690}
c35938b2 6691
4d2d2796
MH		 6692void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6693 u8 *randomizer192, u8 *hash256,
6694 u8 *randomizer256, u8 status)
c35938b2
SJ		 6695{
6696 struct pending_cmd *cmd;
c35938b2 6697
744cf19e 6698 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6699
2e58ef3e 6700 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6701 if (!cmd)
3edaf092 6702 return;
c35938b2
SJ		 6703
6704 if (status) {
3edaf092
MH		 6705 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6706 mgmt_status(status));
c35938b2 6707 } else {
4d2d2796
MH		 6708 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6709 hash256 && randomizer256) {
6710 struct mgmt_rp_read_local_oob_ext_data rp;
6711
6712 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6713 memcpy(rp.randomizer192, randomizer192,
6714 sizeof(rp.randomizer192));
c35938b2 6715
4d2d2796
MH		 6716 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6717 memcpy(rp.randomizer256, randomizer256,
6718 sizeof(rp.randomizer256));
c35938b2 6719
4d2d2796
MH		 6720 cmd_complete(cmd->sk, hdev->id,
6721 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6722 &rp, sizeof(rp));
6723 } else {
6724 struct mgmt_rp_read_local_oob_data rp;
6725
6726 memcpy(rp.hash, hash192, sizeof(rp.hash));
6727 memcpy(rp.randomizer, randomizer192,
6728 sizeof(rp.randomizer));
6729
6730 cmd_complete(cmd->sk, hdev->id,
6731 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6732 &rp, sizeof(rp));
6733 }
c35938b2
SJ		 6734 }
6735
6736 mgmt_pending_remove(cmd);
c35938b2 6737}
e17acd40 6738
901801b9 6739void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 6740 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6741 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 6742{
e319d2e7
JH		 6743 char buf[512];
6744 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 6745 size_t ev_size;
e17acd40 6746
75ce208c
JH		 6747 /* Don't send events for a non-kernel initiated discovery. With
6748 * LE one exception is if we have pend_le_reports > 0 in which
6749 * case we're doing passive scanning and want these events.
6750 */
6751 if (!hci_discovery_active(hdev)) {
6752 if (link_type == ACL_LINK)
6753 return;
66f8455a 6754 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
75ce208c
JH		 6755 return;
6756 }
12602d0c 6757
5d2e9fad
JH		 6758 /* Make sure that the buffer is big enough. The 5 extra bytes
6759 * are for the potential CoD field.
6760 */
6761 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 6762 return;
7d262f86 6763
1dc06093
JH		 6764 memset(buf, 0, sizeof(buf));
6765
841c5644
JH		 6766 bacpy(&ev->addr.bdaddr, bdaddr);
6767 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 6768 ev->rssi = rssi;
af58925c 6769 ev->flags = cpu_to_le32(flags);
e17acd40 6770
1dc06093 6771 if (eir_len > 0)
e319d2e7 6772 memcpy(ev->eir, eir, eir_len);
e17acd40 6773
1dc06093
JH		 6774 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6775 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 6776 dev_class, 3);
1dc06093 6777
5d2e9fad
JH		 6778 if (scan_rsp_len > 0)
6779 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6780
6781 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6782 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 6783
901801b9 6784 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 6785}
a88a9652 6786
9cf12aee
MH		 6787void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6788 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 6789{
b644ba33
JH		 6790 struct mgmt_ev_device_found *ev;
6791 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6792 u16 eir_len;
a88a9652 6793
b644ba33 6794 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 6795
b644ba33
JH		 6796 memset(buf, 0, sizeof(buf));
6797
6798 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6799 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 6800 ev->rssi = rssi;
6801
6802 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 6803 name_len);
b644ba33 6804
eb55ef07 6805 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 6806
9cf12aee 6807 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 6808}
314b2381 6809
2f1e063b 6810void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 6811{
f963e8e9 6812 struct mgmt_ev_discovering ev;
164a6e78
JH		 6813 struct pending_cmd *cmd;
6814
343fb145
AG		 6815 BT_DBG("%s discovering %u", hdev->name, discovering);
6816
164a6e78 6817 if (discovering)
2e58ef3e 6818 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 6819 else
2e58ef3e 6820 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6821
6822 if (cmd != NULL) {
f808e166
JH		 6823 u8 type = hdev->discovery.type;
6824
04124681
GP		 6825 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6826 sizeof(type));
164a6e78
JH		 6827 mgmt_pending_remove(cmd);
6828 }
6829
f963e8e9
JH		 6830 memset(&ev, 0, sizeof(ev));
6831 ev.type = hdev->discovery.type;
6832 ev.discovering = discovering;
6833
2f1e063b 6834 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6835}
5e762444 6836
5976e608
MH		 6837static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6838{
6839 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 6840}
6841
6842void mgmt_reenable_advertising(struct hci_dev *hdev)
6843{
6844 struct hci_request req;
6845
5976e608
MH		 6846 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6847 return;
6848
6849 hci_req_init(&req, hdev);
6850 enable_advertising(&req);
0ec5ae84 6851 hci_req_run(&req, adv_enable_complete);
5976e608 6852}
Linux kernel - Deliverables
This page took 0.758418 seconds and 5 git commands to generate.