projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Support the "connectable mode" adv flag
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
0381101f 39
2da9c55c 40#define MGMT_VERSION 1
beb1c21b 41#define MGMT_REVISION 9
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 50 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
4375f103 82 MGMT_OP_SET_ADVERTISING,
0663ca2a 83 MGMT_OP_SET_BREDR,
d13eafce 84 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 85 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 86 MGMT_OP_SET_SECURE_CONN,
4e39ac81 87 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 88 MGMT_OP_SET_PRIVACY,
41edf160 89 MGMT_OP_LOAD_IRKS,
dd983808 90 MGMT_OP_GET_CONN_INFO,
95868426 91 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 94 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 95 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 96 MGMT_OP_READ_CONFIG_INFO,
dbece37a 97 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 98 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 99 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 101 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 102 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 103 MGMT_OP_ADD_ADVERTISING,
da929335 104 MGMT_OP_REMOVE_ADVERTISING,
e70bb2e8
JH		 105};
106
107static const u16 mgmt_events[] = {
108 MGMT_EV_CONTROLLER_ERROR,
109 MGMT_EV_INDEX_ADDED,
110 MGMT_EV_INDEX_REMOVED,
111 MGMT_EV_NEW_SETTINGS,
112 MGMT_EV_CLASS_OF_DEV_CHANGED,
113 MGMT_EV_LOCAL_NAME_CHANGED,
114 MGMT_EV_NEW_LINK_KEY,
115 MGMT_EV_NEW_LONG_TERM_KEY,
116 MGMT_EV_DEVICE_CONNECTED,
117 MGMT_EV_DEVICE_DISCONNECTED,
118 MGMT_EV_CONNECT_FAILED,
119 MGMT_EV_PIN_CODE_REQUEST,
120 MGMT_EV_USER_CONFIRM_REQUEST,
121 MGMT_EV_USER_PASSKEY_REQUEST,
122 MGMT_EV_AUTH_FAILED,
123 MGMT_EV_DEVICE_FOUND,
124 MGMT_EV_DISCOVERING,
125 MGMT_EV_DEVICE_BLOCKED,
126 MGMT_EV_DEVICE_UNBLOCKED,
127 MGMT_EV_DEVICE_UNPAIRED,
92a25256 128 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 129 MGMT_EV_NEW_IRK,
7ee4ea36 130 MGMT_EV_NEW_CSRK,
8afef092
MH		 131 MGMT_EV_DEVICE_ADDED,
132 MGMT_EV_DEVICE_REMOVED,
ffb5a827 133 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 134 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 135 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 136 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 137 MGMT_EV_EXT_INDEX_ADDED,
138 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 139 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 140 MGMT_EV_ADVERTISING_ADDED,
141 MGMT_EV_ADVERTISING_REMOVED,
e70bb2e8
JH		 142};
143
99c679ac
MH		 144static const u16 mgmt_untrusted_commands[] = {
145 MGMT_OP_READ_INDEX_LIST,
146 MGMT_OP_READ_INFO,
147 MGMT_OP_READ_UNCONF_INDEX_LIST,
148 MGMT_OP_READ_CONFIG_INFO,
149 MGMT_OP_READ_EXT_INDEX_LIST,
150};
151
152static const u16 mgmt_untrusted_events[] = {
153 MGMT_EV_INDEX_ADDED,
154 MGMT_EV_INDEX_REMOVED,
155 MGMT_EV_NEW_SETTINGS,
156 MGMT_EV_CLASS_OF_DEV_CHANGED,
157 MGMT_EV_LOCAL_NAME_CHANGED,
158 MGMT_EV_UNCONF_INDEX_ADDED,
159 MGMT_EV_UNCONF_INDEX_REMOVED,
160 MGMT_EV_NEW_CONFIG_OPTIONS,
161 MGMT_EV_EXT_INDEX_ADDED,
162 MGMT_EV_EXT_INDEX_REMOVED,
163};
164
17b02e62 165#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 166
d25b78e2
JH		 167#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
168 "\x00\x00\x00\x00\x00\x00\x00\x00"
169
ca69b795
JH		 170/* HCI to MGMT error code conversion table */
171static u8 mgmt_status_table[] = {
172 MGMT_STATUS_SUCCESS,
173 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
174 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
175 MGMT_STATUS_FAILED, /* Hardware Failure */
176 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
177 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 178 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 179 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
180 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
181 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
182 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
183 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
184 MGMT_STATUS_BUSY, /* Command Disallowed */
185 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
186 MGMT_STATUS_REJECTED, /* Rejected Security */
187 MGMT_STATUS_REJECTED, /* Rejected Personal */
188 MGMT_STATUS_TIMEOUT, /* Host Timeout */
189 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
190 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
191 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
192 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
193 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
194 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
195 MGMT_STATUS_BUSY, /* Repeated Attempts */
196 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
197 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
198 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
199 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
200 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
201 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
202 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
203 MGMT_STATUS_FAILED, /* Unspecified Error */
204 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
205 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
206 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
207 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
208 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
209 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
210 MGMT_STATUS_FAILED, /* Unit Link Key Used */
211 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
212 MGMT_STATUS_TIMEOUT, /* Instant Passed */
213 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
214 MGMT_STATUS_FAILED, /* Transaction Collision */
215 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
216 MGMT_STATUS_REJECTED, /* QoS Rejected */
217 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
218 MGMT_STATUS_REJECTED, /* Insufficient Security */
219 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
220 MGMT_STATUS_BUSY, /* Role Switch Pending */
221 MGMT_STATUS_FAILED, /* Slot Violation */
222 MGMT_STATUS_FAILED, /* Role Switch Failed */
223 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
224 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
225 MGMT_STATUS_BUSY, /* Host Busy Pairing */
226 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
227 MGMT_STATUS_BUSY, /* Controller Busy */
228 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
229 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
230 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
231 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
232 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
233};
234
235static u8 mgmt_status(u8 hci_status)
236{
237 if (hci_status < ARRAY_SIZE(mgmt_status_table))
238 return mgmt_status_table[hci_status];
239
240 return MGMT_STATUS_FAILED;
241}
242
c08b1a1d
MH		 243static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
244 u16 len, int flag)
f9207338 245{
c08b1a1d
MH		 246 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
247 flag, NULL);
f9207338
MH		 248}
249
72000df2
MH		 250static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag, struct sock *skip_sk)
252{
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
254 flag, skip_sk);
255}
256
f6b7712e
MH		 257static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, struct sock *skip_sk)
259{
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 HCI_MGMT_GENERIC_EVENTS, skip_sk);
262}
263
7a00ff44
JH		 264static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
266{
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 268 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 269}
270
04124681
GP		 271static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
272 u16 data_len)
a38528f1
JH		 273{
274 struct mgmt_rp_read_version rp;
275
276 BT_DBG("sock %p", sk);
277
278 rp.version = MGMT_VERSION;
dcf4adbf 279 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 280
2a1afb5a
JH		 281 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
282 &rp, sizeof(rp));
a38528f1
JH		 283}
284
04124681
GP		 285static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
286 u16 data_len)
e70bb2e8
JH		 287{
288 struct mgmt_rp_read_commands *rp;
99c679ac 289 u16 num_commands, num_events;
e70bb2e8
JH		 290 size_t rp_size;
291 int i, err;
292
293 BT_DBG("sock %p", sk);
294
99c679ac
MH		 295 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
296 num_commands = ARRAY_SIZE(mgmt_commands);
297 num_events = ARRAY_SIZE(mgmt_events);
298 } else {
299 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
300 num_events = ARRAY_SIZE(mgmt_untrusted_events);
301 }
302
e70bb2e8
JH		 303 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
304
305 rp = kmalloc(rp_size, GFP_KERNEL);
306 if (!rp)
307 return -ENOMEM;
308
dcf4adbf
JP		 309 rp->num_commands = cpu_to_le16(num_commands);
310 rp->num_events = cpu_to_le16(num_events);
e70bb2e8 311
99c679ac
MH		 312 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
313 __le16 *opcode = rp->opcodes;
314
315 for (i = 0; i < num_commands; i++, opcode++)
316 put_unaligned_le16(mgmt_commands[i], opcode);
e70bb2e8 317
99c679ac
MH		 318 for (i = 0; i < num_events; i++, opcode++)
319 put_unaligned_le16(mgmt_events[i], opcode);
320 } else {
321 __le16 *opcode = rp->opcodes;
322
323 for (i = 0; i < num_commands; i++, opcode++)
324 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
325
326 for (i = 0; i < num_events; i++, opcode++)
327 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
328 }
e70bb2e8 329
2a1afb5a
JH		 330 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
331 rp, rp_size);
e70bb2e8
JH		 332 kfree(rp);
333
334 return err;
335}
336
04124681
GP		 337static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
338 u16 data_len)
faba42eb 339{
faba42eb 340 struct mgmt_rp_read_index_list *rp;
8035ded4 341 struct hci_dev *d;
a38528f1 342 size_t rp_len;
faba42eb 343 u16 count;
476e44cb 344 int err;
faba42eb
JH		 345
346 BT_DBG("sock %p", sk);
347
348 read_lock(&hci_dev_list_lock);
349
350 count = 0;
bb4b2a9a 351 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 352 if (d->dev_type == HCI_BREDR &&
d7a5a11d 353 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 354 count++;
faba42eb
JH		 355 }
356
a38528f1
JH		 357 rp_len = sizeof(*rp) + (2 * count);
358 rp = kmalloc(rp_len, GFP_ATOMIC);
359 if (!rp) {
b2c60d42 360 read_unlock(&hci_dev_list_lock);
faba42eb 361 return -ENOMEM;
b2c60d42 362 }
faba42eb 363
476e44cb 364 count = 0;
8035ded4 365 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 366 if (hci_dev_test_flag(d, HCI_SETUP) ||
367 hci_dev_test_flag(d, HCI_CONFIG) ||
368 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 369 continue;
370
73d1df2a
MH		 371 /* Devices marked as raw-only are neither configured
372 * nor unconfigured controllers.
373 */
374 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 375 continue;
376
73d1df2a 377 if (d->dev_type == HCI_BREDR &&
d7a5a11d 378 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 379 rp->index[count++] = cpu_to_le16(d->id);
380 BT_DBG("Added hci%u", d->id);
381 }
faba42eb
JH		 382 }
383
476e44cb
JH		 384 rp->num_controllers = cpu_to_le16(count);
385 rp_len = sizeof(*rp) + (2 * count);
386
faba42eb
JH		 387 read_unlock(&hci_dev_list_lock);
388
2a1afb5a
JH		 389 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
390 0, rp, rp_len);
faba42eb 391
a38528f1
JH		 392 kfree(rp);
393
394 return err;
faba42eb
JH		 395}
396
73d1df2a
MH		 397static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
398 void *data, u16 data_len)
399{
400 struct mgmt_rp_read_unconf_index_list *rp;
401 struct hci_dev *d;
402 size_t rp_len;
403 u16 count;
404 int err;
405
406 BT_DBG("sock %p", sk);
407
408 read_lock(&hci_dev_list_lock);
409
410 count = 0;
411 list_for_each_entry(d, &hci_dev_list, list) {
412 if (d->dev_type == HCI_BREDR &&
d7a5a11d 413 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 414 count++;
415 }
416
417 rp_len = sizeof(*rp) + (2 * count);
418 rp = kmalloc(rp_len, GFP_ATOMIC);
419 if (!rp) {
420 read_unlock(&hci_dev_list_lock);
421 return -ENOMEM;
422 }
423
424 count = 0;
425 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 426 if (hci_dev_test_flag(d, HCI_SETUP) ||
427 hci_dev_test_flag(d, HCI_CONFIG) ||
428 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 429 continue;
430
431 /* Devices marked as raw-only are neither configured
432 * nor unconfigured controllers.
433 */
434 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
435 continue;
436
437 if (d->dev_type == HCI_BREDR &&
d7a5a11d 438 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 439 rp->index[count++] = cpu_to_le16(d->id);
440 BT_DBG("Added hci%u", d->id);
441 }
442 }
443
444 rp->num_controllers = cpu_to_le16(count);
445 rp_len = sizeof(*rp) + (2 * count);
446
447 read_unlock(&hci_dev_list_lock);
448
2a1afb5a
JH		 449 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
450 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 451
452 kfree(rp);
453
454 return err;
455}
456
96f1474a
MH		 457static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
458 void *data, u16 data_len)
459{
460 struct mgmt_rp_read_ext_index_list *rp;
461 struct hci_dev *d;
462 size_t rp_len;
463 u16 count;
464 int err;
465
466 BT_DBG("sock %p", sk);
467
468 read_lock(&hci_dev_list_lock);
469
470 count = 0;
471 list_for_each_entry(d, &hci_dev_list, list) {
472 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
473 count++;
474 }
475
476 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
477 rp = kmalloc(rp_len, GFP_ATOMIC);
478 if (!rp) {
479 read_unlock(&hci_dev_list_lock);
480 return -ENOMEM;
481 }
482
483 count = 0;
484 list_for_each_entry(d, &hci_dev_list, list) {
485 if (hci_dev_test_flag(d, HCI_SETUP) ||
486 hci_dev_test_flag(d, HCI_CONFIG) ||
487 hci_dev_test_flag(d, HCI_USER_CHANNEL))
488 continue;
489
490 /* Devices marked as raw-only are neither configured
491 * nor unconfigured controllers.
492 */
493 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
494 continue;
495
496 if (d->dev_type == HCI_BREDR) {
497 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
498 rp->entry[count].type = 0x01;
499 else
500 rp->entry[count].type = 0x00;
501 } else if (d->dev_type == HCI_AMP) {
502 rp->entry[count].type = 0x02;
503 } else {
504 continue;
505 }
506
507 rp->entry[count].bus = d->bus;
508 rp->entry[count++].index = cpu_to_le16(d->id);
509 BT_DBG("Added hci%u", d->id);
510 }
511
512 rp->num_controllers = cpu_to_le16(count);
513 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
514
515 read_unlock(&hci_dev_list_lock);
516
517 /* If this command is called at least once, then all the
518 * default index and unconfigured index events are disabled
519 * and from now on only extended index events are used.
520 */
521 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
522 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
523 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
524
525 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
526 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
527
528 kfree(rp);
529
530 return err;
531}
532
dbece37a
MH		 533static bool is_configured(struct hci_dev *hdev)
534{
535 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 536 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 537 return false;
538
539 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
540 !bacmp(&hdev->public_addr, BDADDR_ANY))
541 return false;
542
543 return true;
544}
545
89bc22d2
MH		 546static __le32 get_missing_options(struct hci_dev *hdev)
547{
548 u32 options = 0;
549
dbece37a 550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 551 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 552 options |= MGMT_OPTION_EXTERNAL_CONFIG;
553
89bc22d2
MH		 554 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
555 !bacmp(&hdev->public_addr, BDADDR_ANY))
556 options |= MGMT_OPTION_PUBLIC_ADDRESS;
557
558 return cpu_to_le32(options);
559}
560
f4537c04
MH		 561static int new_options(struct hci_dev *hdev, struct sock *skip)
562{
563 __le32 options = get_missing_options(hdev);
564
f6b7712e
MH		 565 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
566 sizeof(options), skip);
f4537c04
MH		 567}
568
dbece37a
MH		 569static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
570{
571 __le32 options = get_missing_options(hdev);
572
2a1afb5a
JH		 573 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
574 sizeof(options));
dbece37a
MH		 575}
576
9fc3bfb6
MH		 577static int read_config_info(struct sock *sk, struct hci_dev *hdev,
578 void *data, u16 data_len)
579{
580 struct mgmt_rp_read_config_info rp;
89bc22d2 581 u32 options = 0;
9fc3bfb6
MH		 582
583 BT_DBG("sock %p %s", sk, hdev->name);
584
585 hci_dev_lock(hdev);
586
587 memset(&rp, 0, sizeof(rp));
588 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 589
eb1904f4
MH		 590 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
591 options |= MGMT_OPTION_EXTERNAL_CONFIG;
592
9fc3bfb6 593 if (hdev->set_bdaddr)
89bc22d2
MH		 594 options |= MGMT_OPTION_PUBLIC_ADDRESS;
595
596 rp.supported_options = cpu_to_le32(options);
597 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 598
599 hci_dev_unlock(hdev);
600
2a1afb5a
JH		 601 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
602 &rp, sizeof(rp));
9fc3bfb6
MH		 603}
604
69ab39ea
JH		 605static u32 get_supported_settings(struct hci_dev *hdev)
606{
607 u32 settings = 0;
608
609 settings |= MGMT_SETTING_POWERED;
b2939475 610 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 611 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 612 settings |= MGMT_SETTING_CONNECTABLE;
613 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 614
ed3fa31f 615 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 616 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
617 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 618 settings |= MGMT_SETTING_BREDR;
619 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 620
621 if (lmp_ssp_capable(hdev)) {
622 settings |= MGMT_SETTING_SSP;
623 settings |= MGMT_SETTING_HS;
624 }
e98d2ce2 625
05b3c3e7 626 if (lmp_sc_capable(hdev))
e98d2ce2 627 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 628 }
d7b7e796 629
eeca6f89 630 if (lmp_le_capable(hdev)) {
9d42820f 631 settings |= MGMT_SETTING_LE;
eeca6f89 632 settings |= MGMT_SETTING_ADVERTISING;
a3209694 633 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 634 settings |= MGMT_SETTING_PRIVACY;
93690c22 635 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 636 }
69ab39ea 637
eb1904f4
MH		 638 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
639 hdev->set_bdaddr)
9fc3bfb6
MH		 640 settings |= MGMT_SETTING_CONFIGURATION;
641
69ab39ea
JH		 642 return settings;
643}
644
645static u32 get_current_settings(struct hci_dev *hdev)
646{
647 u32 settings = 0;
648
f1f0eb02 649 if (hdev_is_powered(hdev))
f0d4b78a
MH		 650 settings |= MGMT_SETTING_POWERED;
651
d7a5a11d 652 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 653 settings |= MGMT_SETTING_CONNECTABLE;
654
d7a5a11d 655 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 656 settings |= MGMT_SETTING_FAST_CONNECTABLE;
657
d7a5a11d 658 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 659 settings |= MGMT_SETTING_DISCOVERABLE;
660
d7a5a11d 661 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 662 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 663
d7a5a11d 664 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 665 settings |= MGMT_SETTING_BREDR;
666
d7a5a11d 667 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 668 settings |= MGMT_SETTING_LE;
669
d7a5a11d 670 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 671 settings |= MGMT_SETTING_LINK_SECURITY;
672
d7a5a11d 673 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 674 settings |= MGMT_SETTING_SSP;
675
d7a5a11d 676 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 677 settings |= MGMT_SETTING_HS;
678
d7a5a11d 679 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 680 settings |= MGMT_SETTING_ADVERTISING;
681
d7a5a11d 682 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 683 settings |= MGMT_SETTING_SECURE_CONN;
684
d7a5a11d 685 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 686 settings |= MGMT_SETTING_DEBUG_KEYS;
687
d7a5a11d 688 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 689 settings |= MGMT_SETTING_PRIVACY;
690
93690c22
MH		 691 /* The current setting for static address has two purposes. The
692 * first is to indicate if the static address will be used and
693 * the second is to indicate if it is actually set.
694 *
695 * This means if the static address is not configured, this flag
08dc0e98 696 * will never be set. If the address is configured, then if the
93690c22
MH		 697 * address is actually used decides if the flag is set or not.
698 *
699 * For single mode LE only controllers and dual-mode controllers
700 * with BR/EDR disabled, the existence of the static address will
701 * be evaluated.
702 */
b7cb93e5 703 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 704 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 705 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
706 if (bacmp(&hdev->static_addr, BDADDR_ANY))
707 settings |= MGMT_SETTING_STATIC_ADDRESS;
708 }
709
69ab39ea
JH		 710 return settings;
711}
712
ef580372
JH		 713#define PNP_INFO_SVCLASS_ID 0x1200
714
213202ed
JH		 715static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
716{
717 u8 *ptr = data, *uuids_start = NULL;
718 struct bt_uuid *uuid;
719
720 if (len < 4)
721 return ptr;
722
723 list_for_each_entry(uuid, &hdev->uuids, list) {
724 u16 uuid16;
725
726 if (uuid->size != 16)
727 continue;
728
729 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
730 if (uuid16 < 0x1100)
731 continue;
732
733 if (uuid16 == PNP_INFO_SVCLASS_ID)
734 continue;
735
736 if (!uuids_start) {
737 uuids_start = ptr;
738 uuids_start[0] = 1;
739 uuids_start[1] = EIR_UUID16_ALL;
740 ptr += 2;
741 }
742
743 /* Stop if not enough space to put next UUID */
744 if ((ptr - data) + sizeof(u16) > len) {
745 uuids_start[1] = EIR_UUID16_SOME;
746 break;
747 }
748
749 *ptr++ = (uuid16 & 0x00ff);
750 *ptr++ = (uuid16 & 0xff00) >> 8;
751 uuids_start[0] += sizeof(uuid16);
752 }
753
754 return ptr;
755}
756
cdf1963f
JH		 757static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
758{
759 u8 *ptr = data, *uuids_start = NULL;
760 struct bt_uuid *uuid;
761
762 if (len < 6)
763 return ptr;
764
765 list_for_each_entry(uuid, &hdev->uuids, list) {
766 if (uuid->size != 32)
767 continue;
768
769 if (!uuids_start) {
770 uuids_start = ptr;
771 uuids_start[0] = 1;
772 uuids_start[1] = EIR_UUID32_ALL;
773 ptr += 2;
774 }
775
776 /* Stop if not enough space to put next UUID */
777 if ((ptr - data) + sizeof(u32) > len) {
778 uuids_start[1] = EIR_UUID32_SOME;
779 break;
780 }
781
782 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
783 ptr += sizeof(u32);
784 uuids_start[0] += sizeof(u32);
785 }
786
787 return ptr;
788}
789
c00d575b
JH		 790static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
791{
792 u8 *ptr = data, *uuids_start = NULL;
793 struct bt_uuid *uuid;
794
795 if (len < 18)
796 return ptr;
797
798 list_for_each_entry(uuid, &hdev->uuids, list) {
799 if (uuid->size != 128)
800 continue;
801
802 if (!uuids_start) {
803 uuids_start = ptr;
804 uuids_start[0] = 1;
805 uuids_start[1] = EIR_UUID128_ALL;
806 ptr += 2;
807 }
808
809 /* Stop if not enough space to put next UUID */
810 if ((ptr - data) + 16 > len) {
811 uuids_start[1] = EIR_UUID128_SOME;
812 break;
813 }
814
815 memcpy(ptr, uuid->uuid, 16);
816 ptr += 16;
817 uuids_start[0] += 16;
818 }
819
820 return ptr;
821}
822
333ae95d
JH		 823static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
824{
825 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
826}
827
333ae95d
JH		 828static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
829 struct hci_dev *hdev,
830 const void *data)
831{
832 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
833}
834
4117ed70 835static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
f14d8f64 836{
7a5f4990
MH		 837 u8 ad_len = 0;
838 size_t name_len;
839
840 name_len = strlen(hdev->dev_name);
841 if (name_len > 0) {
842 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
843
844 if (name_len > max_len) {
845 name_len = max_len;
846 ptr[1] = EIR_NAME_SHORT;
847 } else
848 ptr[1] = EIR_NAME_COMPLETE;
849
850 ptr[0] = name_len + 1;
851
852 memcpy(ptr + 2, hdev->dev_name, name_len);
853
854 ad_len += (name_len + 2);
855 ptr += (name_len + 2);
856 }
857
858 return ad_len;
f14d8f64
MH		 859}
860
4117ed70
AU		 861static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
862{
863 /* TODO: Set the appropriate entries based on advertising instance flags
864 * here once flags other than 0 are supported.
865 */
866 memcpy(ptr, hdev->adv_instance.scan_rsp_data,
867 hdev->adv_instance.scan_rsp_len);
868
869 return hdev->adv_instance.scan_rsp_len;
870}
871
872static void update_scan_rsp_data_for_instance(struct hci_request *req,
873 u8 instance)
f14d8f64
MH		 874{
875 struct hci_dev *hdev = req->hdev;
876 struct hci_cp_le_set_scan_rsp_data cp;
877 u8 len;
878
d7a5a11d 879 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
f14d8f64
MH		 880 return;
881
882 memset(&cp, 0, sizeof(cp));
883
4117ed70
AU		 884 if (instance)
885 len = create_instance_scan_rsp_data(hdev, cp.data);
886 else
887 len = create_default_scan_rsp_data(hdev, cp.data);
f14d8f64 888
eb438b5f 889 if (hdev->scan_rsp_data_len == len &&
4117ed70 890 !memcmp(cp.data, hdev->scan_rsp_data, len))
f14d8f64
MH		 891 return;
892
eb438b5f
JH		 893 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
894 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 895
896 cp.length = len;
897
898 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
899}
900
4117ed70
AU		 901static void update_scan_rsp_data(struct hci_request *req)
902{
903 struct hci_dev *hdev = req->hdev;
904 u8 instance;
905
906 /* The "Set Advertising" setting supersedes the "Add Advertising"
907 * setting. Here we set the scan response data based on which
908 * setting was set. When neither apply, default to the global settings,
909 * represented by instance "0".
910 */
911 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
912 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
913 instance = 0x01;
914 else
915 instance = 0x00;
916
917 update_scan_rsp_data_for_instance(req, instance);
918}
919
9a43e25f
JH		 920static u8 get_adv_discov_flags(struct hci_dev *hdev)
921{
3b0602cd 922 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 923
924 /* If there's a pending mgmt command the flags will not yet have
925 * their final values, so check for this first.
926 */
333ae95d 927 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 928 if (cmd) {
929 struct mgmt_mode *cp = cmd->param;
930 if (cp->val == 0x01)
931 return LE_AD_GENERAL;
932 else if (cp->val == 0x02)
933 return LE_AD_LIMITED;
934 } else {
d7a5a11d 935 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 936 return LE_AD_LIMITED;
d7a5a11d 937 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 938 return LE_AD_GENERAL;
939 }
940
941 return 0;
942}
943
24b4f38f 944static u8 create_default_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 945{
946 u8 ad_len = 0, flags = 0;
441ad2d0 947
9a43e25f 948 flags |= get_adv_discov_flags(hdev);
441ad2d0 949
d7a5a11d 950 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
441ad2d0 951 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 952
953 if (flags) {
954 BT_DBG("adv flags 0x%02x", flags);
955
956 ptr[0] = 2;
957 ptr[1] = EIR_FLAGS;
958 ptr[2] = flags;
959
960 ad_len += 3;
961 ptr += 3;
962 }
963
964 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
965 ptr[0] = 2;
966 ptr[1] = EIR_TX_POWER;
967 ptr[2] = (u8) hdev->adv_tx_power;
968
969 ad_len += 3;
970 ptr += 3;
971 }
972
441ad2d0
MH		 973 return ad_len;
974}
975
24b4f38f
AU		 976static u8 create_instance_adv_data(struct hci_dev *hdev, u8 *ptr)
977{
978 /* TODO: Set the appropriate entries based on advertising instance flags
979 * here once flags other than 0 are supported.
980 */
981 memcpy(ptr, hdev->adv_instance.adv_data,
982 hdev->adv_instance.adv_data_len);
983
984 return hdev->adv_instance.adv_data_len;
985}
986
987static void update_adv_data_for_instance(struct hci_request *req, u8 instance)
441ad2d0
MH		 988{
989 struct hci_dev *hdev = req->hdev;
990 struct hci_cp_le_set_adv_data cp;
991 u8 len;
992
d7a5a11d 993 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
441ad2d0
MH		 994 return;
995
996 memset(&cp, 0, sizeof(cp));
997
24b4f38f
AU		 998 if (instance)
999 len = create_instance_adv_data(hdev, cp.data);
1000 else
1001 len = create_default_adv_data(hdev, cp.data);
441ad2d0 1002
24b4f38f 1003 /* There's nothing to do if the data hasn't changed */
441ad2d0
MH		 1004 if (hdev->adv_data_len == len &&
1005 memcmp(cp.data, hdev->adv_data, len) == 0)
1006 return;
1007
1008 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1009 hdev->adv_data_len = len;
1010
1011 cp.length = len;
1012
1013 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1014}
1015
e7a685d3 1016static u8 get_current_adv_instance(struct hci_dev *hdev)
24b4f38f 1017{
24b4f38f
AU		 1018 /* The "Set Advertising" setting supersedes the "Add Advertising"
1019 * setting. Here we set the advertising data based on which
1020 * setting was set. When neither apply, default to the global settings,
1021 * represented by instance "0".
1022 */
1023 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
1024 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
e7a685d3
AU		 1025 return 0x01;
1026
1027 return 0x00;
1028}
1029
1030static bool get_connectable(struct hci_dev *hdev)
1031{
1032 struct mgmt_pending_cmd *cmd;
1033
1034 /* If there's a pending mgmt command the flag will not yet have
1035 * it's final value, so check for this first.
1036 */
1037 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1038 if (cmd) {
1039 struct mgmt_mode *cp = cmd->param;
1040
1041 return cp->val;
1042 }
1043
1044 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
1045}
1046
1047static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
1048{
1049 u32 flags;
1050
1051 if (instance > 0x01)
1052 return 0;
1053
1054 if (instance == 1)
1055 return hdev->adv_instance.flags;
1056
1057 flags = 0;
1058
1059 /* For instance 0, assemble the flags from global settings */
1060 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE) ||
1061 get_connectable(hdev))
1062 flags |= MGMT_ADV_FLAG_CONNECTABLE;
1063
1064 /* TODO: Add the rest of the flags */
1065
1066 return flags;
1067}
1068
1069static void update_adv_data(struct hci_request *req)
1070{
1071 struct hci_dev *hdev = req->hdev;
1072 u8 instance = get_current_adv_instance(hdev);
24b4f38f
AU		 1073
1074 update_adv_data_for_instance(req, instance);
1075}
1076
bc6d2d04
JH		 1077int mgmt_update_adv_data(struct hci_dev *hdev)
1078{
1079 struct hci_request req;
1080
1081 hci_req_init(&req, hdev);
1082 update_adv_data(&req);
1083
1084 return hci_req_run(&req, NULL);
1085}
1086
ef580372
JH		 1087static void create_eir(struct hci_dev *hdev, u8 *data)
1088{
1089 u8 *ptr = data;
ef580372
JH		 1090 size_t name_len;
1091
1092 name_len = strlen(hdev->dev_name);
1093
1094 if (name_len > 0) {
1095 /* EIR Data type */
1096 if (name_len > 48) {
1097 name_len = 48;
1098 ptr[1] = EIR_NAME_SHORT;
1099 } else
1100 ptr[1] = EIR_NAME_COMPLETE;
1101
1102 /* EIR Data length */
1103 ptr[0] = name_len + 1;
1104
1105 memcpy(ptr + 2, hdev->dev_name, name_len);
1106
ef580372
JH		 1107 ptr += (name_len + 2);
1108 }
1109
bbaf444a 1110 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 1111 ptr[0] = 2;
1112 ptr[1] = EIR_TX_POWER;
1113 ptr[2] = (u8) hdev->inq_tx_power;
1114
91c4e9b1
MH		 1115 ptr += 3;
1116 }
1117
2b9be137
MH		 1118 if (hdev->devid_source > 0) {
1119 ptr[0] = 9;
1120 ptr[1] = EIR_DEVICE_ID;
1121
1122 put_unaligned_le16(hdev->devid_source, ptr + 2);
1123 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1124 put_unaligned_le16(hdev->devid_product, ptr + 6);
1125 put_unaligned_le16(hdev->devid_version, ptr + 8);
1126
2b9be137
MH		 1127 ptr += 10;
1128 }
1129
213202ed 1130 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 1131 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 1132 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 1133}
1134
890ea898 1135static void update_eir(struct hci_request *req)
ef580372 1136{
890ea898 1137 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1138 struct hci_cp_write_eir cp;
1139
504c8dcd 1140 if (!hdev_is_powered(hdev))
890ea898 1141 return;
7770c4aa 1142
976eb20e 1143 if (!lmp_ext_inq_capable(hdev))
890ea898 1144 return;
ef580372 1145
d7a5a11d 1146 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
890ea898 1147 return;
ef580372 1148
d7a5a11d 1149 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1150 return;
ef580372
JH		 1151
1152 memset(&cp, 0, sizeof(cp));
1153
1154 create_eir(hdev, cp.data);
1155
1156 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 1157 return;
ef580372
JH		 1158
1159 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1160
890ea898 1161 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 1162}
1163
1164static u8 get_service_classes(struct hci_dev *hdev)
1165{
1166 struct bt_uuid *uuid;
1167 u8 val = 0;
1168
1169 list_for_each_entry(uuid, &hdev->uuids, list)
1170 val |= uuid->svc_hint;
1171
1172 return val;
1173}
1174
890ea898 1175static void update_class(struct hci_request *req)
ef580372 1176{
890ea898 1177 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1178 u8 cod[3];
1179
1180 BT_DBG("%s", hdev->name);
1181
504c8dcd 1182 if (!hdev_is_powered(hdev))
890ea898 1183 return;
7770c4aa 1184
d7a5a11d 1185 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
f87ea1da
JH		 1186 return;
1187
d7a5a11d 1188 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1189 return;
ef580372
JH		 1190
1191 cod[0] = hdev->minor_class;
1192 cod[1] = hdev->major_class;
1193 cod[2] = get_service_classes(hdev);
1194
d7a5a11d 1195 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
6acd7db4
MH		 1196 cod[1] |= 0x20;
1197
ef580372 1198 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1199 return;
ef580372 1200
890ea898 1201 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1202}
1203
0ec5ae84
JH		 1204static void disable_advertising(struct hci_request *req)
1205{
1206 u8 enable = 0x00;
1207
1208 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1209}
1210
199a2fb1
JH		 1211static void enable_advertising(struct hci_request *req)
1212{
1213 struct hci_dev *hdev = req->hdev;
1214 struct hci_cp_le_set_adv_param cp;
8f2a0601 1215 u8 own_addr_type, enable = 0x01;
a4858cb9 1216 bool connectable;
e7a685d3
AU		 1217 u8 instance;
1218 u32 flags;
199a2fb1 1219
0ec5ae84
JH		 1220 if (hci_conn_num(hdev, LE_LINK) > 0)
1221 return;
1222
d7a5a11d 1223 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
0ec5ae84
JH		 1224 disable_advertising(req);
1225
5ce194c4 1226 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1227 * hci_update_random_address knows that it's safe to go ahead
1228 * and write a new random address. The flag will be set back on
1229 * as soon as the SET_ADV_ENABLE HCI command completes.
1230 */
a358dc11 1231 hci_dev_clear_flag(hdev, HCI_LE_ADV);
8d97250e 1232
e7a685d3
AU		 1233 instance = get_current_adv_instance(hdev);
1234 flags = get_adv_instance_flags(hdev, instance);
1235 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE);
8f2a0601 1236
a4858cb9
JH		 1237 /* Set require_privacy to true only when non-connectable
1238 * advertising is used. In that case it is fine to use a
1239 * non-resolvable private address.
1240 */
1241 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1242 return;
1243
41c90c18 1244 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1245 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1246 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1247 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1248 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1249 cp.channel_map = hdev->le_adv_channel_map;
1250
1251 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1252
1253 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1254}
1255
7d78525d
JH		 1256static void service_cache_off(struct work_struct *work)
1257{
1258 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1259 service_cache.work);
890ea898 1260 struct hci_request req;
7d78525d 1261
a69d8927 1262 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 1263 return;
1264
890ea898
JH		 1265 hci_req_init(&req, hdev);
1266
7d78525d
JH		 1267 hci_dev_lock(hdev);
1268
890ea898
JH		 1269 update_eir(&req);
1270 update_class(&req);
7d78525d
JH		 1271
1272 hci_dev_unlock(hdev);
890ea898
JH		 1273
1274 hci_req_run(&req, NULL);
7d78525d
JH		 1275}
1276
d6bfd59c
JH		 1277static void rpa_expired(struct work_struct *work)
1278{
1279 struct hci_dev *hdev = container_of(work, struct hci_dev,
1280 rpa_expired.work);
1281 struct hci_request req;
1282
1283 BT_DBG("");
1284
a1536da2 1285 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 1286
d7a5a11d 1287 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 1288 return;
1289
1290 /* The generation of a new RPA and programming it into the
1291 * controller happens in the enable_advertising() function.
1292 */
d6bfd59c 1293 hci_req_init(&req, hdev);
d6bfd59c 1294 enable_advertising(&req);
d6bfd59c
JH		 1295 hci_req_run(&req, NULL);
1296}
1297
6a919082 1298static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1299{
238be788 1300 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 1301 return;
1302
4f87da80 1303 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1304 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1305
4f87da80
JH		 1306 /* Non-mgmt controlled devices get this bit set
1307 * implicitly so that pairing works for them, however
1308 * for mgmt we require user-space to explicitly enable
1309 * it
1310 */
a358dc11 1311 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 1312}
1313
0f4e68cf 1314static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1315 void *data, u16 data_len)
0381101f 1316{
a38528f1 1317 struct mgmt_rp_read_info rp;
f7b64e69 1318
bdb6d971 1319 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1320
09fd0de5 1321 hci_dev_lock(hdev);
f7b64e69 1322
dc4fe30b
JH		 1323 memset(&rp, 0, sizeof(rp));
1324
69ab39ea 1325 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1326
69ab39ea 1327 rp.version = hdev->hci_ver;
eb55ef07 1328 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1329
1330 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1331 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1332
a38528f1 1333 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1334
dc4fe30b 1335 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1336 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1337
09fd0de5 1338 hci_dev_unlock(hdev);
0381101f 1339
2a1afb5a
JH		 1340 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1341 sizeof(rp));
0381101f
JH		 1342}
1343
69ab39ea 1344static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1345{
69ab39ea 1346 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1347
2a1afb5a
JH		 1348 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1349 sizeof(settings));
8680570b
JH		 1350}
1351
1904a853 1352static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1353{
1354 BT_DBG("%s status 0x%02x", hdev->name, status);
1355
a3172b7e
JH		 1356 if (hci_conn_count(hdev) == 0) {
1357 cancel_delayed_work(&hdev->power_off);
8b064a3a 1358 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1359 }
8b064a3a
JH		 1360}
1361
23a48093 1362static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1363{
1364 struct hci_dev *hdev = req->hdev;
1365 struct hci_cp_remote_name_req_cancel cp;
1366 struct inquiry_entry *e;
1367
1368 switch (hdev->discovery.state) {
1369 case DISCOVERY_FINDING:
07d2334a 1370 if (test_bit(HCI_INQUIRY, &hdev->flags))
21a60d30 1371 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
07d2334a
JP		 1372
1373 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
21a60d30
JH		 1374 cancel_delayed_work(&hdev->le_scan_disable);
1375 hci_req_add_le_scan_disable(req);
1376 }
1377
23a48093 1378 return true;
21a60d30
JH		 1379
1380 case DISCOVERY_RESOLVING:
1381 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1382 NAME_PENDING);
1383 if (!e)
23a48093 1384 break;
21a60d30
JH		 1385
1386 bacpy(&cp.bdaddr, &e->data.bdaddr);
1387 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1388 &cp);
1389
23a48093 1390 return true;
21a60d30
JH		 1391
1392 default:
1393 /* Passive scanning */
d7a5a11d 1394 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
21a60d30 1395 hci_req_add_le_scan_disable(req);
23a48093
JH		 1396 return true;
1397 }
1398
21a60d30
JH		 1399 break;
1400 }
23a48093
JH		 1401
1402 return false;
21a60d30
JH		 1403}
1404
912098a6
AU		 1405static void advertising_added(struct sock *sk, struct hci_dev *hdev,
1406 u8 instance)
1407{
1408 struct mgmt_ev_advertising_added ev;
1409
1410 ev.instance = instance;
1411
1412 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1413}
1414
1415static void advertising_removed(struct sock *sk, struct hci_dev *hdev,
1416 u8 instance)
1417{
1418 struct mgmt_ev_advertising_removed ev;
1419
1420 ev.instance = instance;
1421
1422 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1423}
1424
1425static void clear_adv_instance(struct hci_dev *hdev)
1426{
1427 struct hci_request req;
1428
1429 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
1430 return;
1431
1432 if (hdev->adv_instance.timeout)
1433 cancel_delayed_work(&hdev->adv_instance.timeout_exp);
1434
1435 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
1436 advertising_removed(NULL, hdev, 1);
1437 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
1438
1439 if (!hdev_is_powered(hdev) ||
1440 hci_dev_test_flag(hdev, HCI_ADVERTISING))
1441 return;
1442
1443 hci_req_init(&req, hdev);
1444 disable_advertising(&req);
1445 hci_req_run(&req, NULL);
1446}
1447
8b064a3a
JH		 1448static int clean_up_hci_state(struct hci_dev *hdev)
1449{
1450 struct hci_request req;
1451 struct hci_conn *conn;
23a48093
JH		 1452 bool discov_stopped;
1453 int err;
8b064a3a
JH		 1454
1455 hci_req_init(&req, hdev);
1456
1457 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1458 test_bit(HCI_PSCAN, &hdev->flags)) {
1459 u8 scan = 0x00;
1460 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1461 }
1462
912098a6
AU		 1463 if (hdev->adv_instance.timeout)
1464 clear_adv_instance(hdev);
1465
d7a5a11d 1466 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
8b064a3a
JH		 1467 disable_advertising(&req);
1468
23a48093 1469 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1470
1471 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1472 struct hci_cp_disconnect dc;
c9910d0f
JH		 1473 struct hci_cp_reject_conn_req rej;
1474
1475 switch (conn->state) {
1476 case BT_CONNECTED:
1477 case BT_CONFIG:
1478 dc.handle = cpu_to_le16(conn->handle);
1479 dc.reason = 0x15; /* Terminated due to Power Off */
1480 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1481 break;
1482 case BT_CONNECT:
1483 if (conn->type == LE_LINK)
1484 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1485 0, NULL);
1486 else if (conn->type == ACL_LINK)
1487 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1488 6, &conn->dst);
1489 break;
1490 case BT_CONNECT2:
1491 bacpy(&rej.bdaddr, &conn->dst);
1492 rej.reason = 0x15; /* Terminated due to Power Off */
1493 if (conn->type == ACL_LINK)
1494 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1495 sizeof(rej), &rej);
1496 else if (conn->type == SCO_LINK)
1497 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1498 sizeof(rej), &rej);
1499 break;
1500 }
8b064a3a
JH		 1501 }
1502
23a48093
JH		 1503 err = hci_req_run(&req, clean_up_hci_complete);
1504 if (!err && discov_stopped)
1505 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1506
1507 return err;
8b064a3a
JH		 1508}
1509
bdb6d971 1510static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1511 u16 len)
eec8d2bc 1512{
650f726d 1513 struct mgmt_mode *cp = data;
3b0602cd 1514 struct mgmt_pending_cmd *cmd;
4b34ee78 1515 int err;
eec8d2bc 1516
bdb6d971 1517 BT_DBG("request for %s", hdev->name);
eec8d2bc 1518
a7e80f25 1519 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1520 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1521 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1522
09fd0de5 1523 hci_dev_lock(hdev);
eec8d2bc 1524
333ae95d 1525 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1526 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1527 MGMT_STATUS_BUSY);
87b95ba6
JH		 1528 goto failed;
1529 }
1530
a69d8927 1531 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
f0d4b78a
MH		 1532 cancel_delayed_work(&hdev->power_off);
1533
1534 if (cp->val) {
a1d70450
JH		 1535 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1536 data, len);
1537 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1538 goto failed;
1539 }
1540 }
1541
4b34ee78 1542 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1543 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1544 goto failed;
1545 }
1546
2e58ef3e 1547 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1548 if (!cmd) {
1549 err = -ENOMEM;
eec8d2bc 1550 goto failed;
366a0336 1551 }
eec8d2bc 1552
8b064a3a 1553 if (cp->val) {
19202573 1554 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1555 err = 0;
1556 } else {
1557 /* Disconnect connections, stop scans, etc */
1558 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1559 if (!err)
1560 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1561 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1562
8b064a3a
JH		 1563 /* ENODATA means there were no HCI commands queued */
1564 if (err == -ENODATA) {
a3172b7e 1565 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1566 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1567 err = 0;
1568 }
1569 }
eec8d2bc
JH		 1570
1571failed:
09fd0de5 1572 hci_dev_unlock(hdev);
366a0336 1573 return err;
eec8d2bc
JH		 1574}
1575
beadb2bd
JH		 1576static int new_settings(struct hci_dev *hdev, struct sock *skip)
1577{
f6b7712e 1578 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1579
f6b7712e
MH		 1580 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1581 sizeof(ev), skip);
beadb2bd
JH		 1582}
1583
91a668b0
JH		 1584int mgmt_new_settings(struct hci_dev *hdev)
1585{
1586 return new_settings(hdev, NULL);
1587}
1588
bd99abdd
JH		 1589struct cmd_lookup {
1590 struct sock *sk;
1591 struct hci_dev *hdev;
1592 u8 mgmt_status;
1593};
1594
3b0602cd 1595static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1596{
1597 struct cmd_lookup *match = data;
1598
1599 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1600
1601 list_del(&cmd->list);
1602
1603 if (match->sk == NULL) {
1604 match->sk = cmd->sk;
1605 sock_hold(match->sk);
1606 }
1607
1608 mgmt_pending_free(cmd);
1609}
1610
3b0602cd 1611static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1612{
1613 u8 *status = data;
1614
a69e8375 1615 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1616 mgmt_pending_remove(cmd);
1617}
1618
3b0602cd 1619static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1620{
1621 if (cmd->cmd_complete) {
1622 u8 *status = data;
1623
1624 cmd->cmd_complete(cmd, *status);
1625 mgmt_pending_remove(cmd);
1626
1627 return;
1628 }
1629
1630 cmd_status_rsp(cmd, data);
1631}
1632
3b0602cd 1633static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1634{
2a1afb5a
JH		 1635 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1636 cmd->param, cmd->param_len);
f5818c22
JH		 1637}
1638
3b0602cd 1639static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1640{
2a1afb5a
JH		 1641 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1642 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1643}
1644
e6fe7986
JH		 1645static u8 mgmt_bredr_support(struct hci_dev *hdev)
1646{
1647 if (!lmp_bredr_capable(hdev))
1648 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1649 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1650 return MGMT_STATUS_REJECTED;
1651 else
1652 return MGMT_STATUS_SUCCESS;
1653}
1654
1655static u8 mgmt_le_support(struct hci_dev *hdev)
1656{
1657 if (!lmp_le_capable(hdev))
1658 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1659 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1660 return MGMT_STATUS_REJECTED;
1661 else
1662 return MGMT_STATUS_SUCCESS;
1663}
1664
1904a853
MH		 1665static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1666 u16 opcode)
bfaf8c9f 1667{
3b0602cd 1668 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1669 struct mgmt_mode *cp;
970ba524 1670 struct hci_request req;
bfaf8c9f
JH		 1671 bool changed;
1672
1673 BT_DBG("status 0x%02x", status);
1674
1675 hci_dev_lock(hdev);
1676
333ae95d 1677 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1678 if (!cmd)
1679 goto unlock;
1680
1681 if (status) {
1682 u8 mgmt_err = mgmt_status(status);
a69e8375 1683 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1684 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1685 goto remove_cmd;
1686 }
1687
1688 cp = cmd->param;
d4462a07 1689 if (cp->val) {
238be788 1690 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
d4462a07
MH		 1691
1692 if (hdev->discov_timeout > 0) {
1693 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1694 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1695 to);
1696 }
1697 } else {
a69d8927 1698 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
d4462a07 1699 }
bfaf8c9f
JH		 1700
1701 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1702
1703 if (changed)
1704 new_settings(hdev, cmd->sk);
1705
970ba524
MH		 1706 /* When the discoverable mode gets changed, make sure
1707 * that class of device has the limited discoverable
432df05e
JH		 1708 * bit correctly set. Also update page scan based on whitelist
1709 * entries.
970ba524
MH		 1710 */
1711 hci_req_init(&req, hdev);
1d2dc5b7 1712 __hci_update_page_scan(&req);
970ba524
MH		 1713 update_class(&req);
1714 hci_req_run(&req, NULL);
1715
bfaf8c9f
JH		 1716remove_cmd:
1717 mgmt_pending_remove(cmd);
1718
1719unlock:
1720 hci_dev_unlock(hdev);
1721}
1722
bdb6d971 1723static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1724 u16 len)
73f22f62 1725{
650f726d 1726 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1727 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1728 struct hci_request req;
5e5282bb 1729 u16 timeout;
9a43e25f 1730 u8 scan;
73f22f62
JH		 1731 int err;
1732
bdb6d971 1733 BT_DBG("request for %s", hdev->name);
73f22f62 1734
d7a5a11d
MH		 1735 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1736 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1737 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1738 MGMT_STATUS_REJECTED);
33c525c0 1739
310a3d48 1740 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1741 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1742 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1743
1f350c87 1744 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1745
1746 /* Disabling discoverable requires that no timeout is set,
1747 * and enabling limited discoverable requires a timeout.
1748 */
1749 if ((cp->val == 0x00 && timeout > 0) ||
1750 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1751 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1752 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1753
09fd0de5 1754 hci_dev_lock(hdev);
73f22f62 1755
5e5282bb 1756 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1757 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1758 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1759 goto failed;
1760 }
1761
333ae95d
JH		 1762 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1763 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1764 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1765 MGMT_STATUS_BUSY);
73f22f62
JH		 1766 goto failed;
1767 }
1768
d7a5a11d 1769 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1770 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1771 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1772 goto failed;
1773 }
1774
1775 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1776 bool changed = false;
1777
310a3d48
MH		 1778 /* Setting limited discoverable when powered off is
1779 * not a valid operation since it requires a timeout
1780 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1781 */
d7a5a11d 1782 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1783 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1784 changed = true;
1785 }
1786
5e5282bb 1787 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1788 if (err < 0)
1789 goto failed;
1790
1791 if (changed)
1792 err = new_settings(hdev, sk);
1793
5e5282bb
JH		 1794 goto failed;
1795 }
1796
310a3d48
MH		 1797 /* If the current mode is the same, then just update the timeout
1798 * value with the new value. And if only the timeout gets updated,
1799 * then no need for any HCI transactions.
1800 */
d7a5a11d
MH		 1801 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1802 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1803 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1804 cancel_delayed_work(&hdev->discov_off);
1805 hdev->discov_timeout = timeout;
955638ec 1806
36261547
MH		 1807 if (cp->val && hdev->discov_timeout > 0) {
1808 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1809 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1810 to);
955638ec
MH		 1811 }
1812
69ab39ea 1813 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1814 goto failed;
1815 }
1816
2e58ef3e 1817 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1818 if (!cmd) {
1819 err = -ENOMEM;
73f22f62 1820 goto failed;
366a0336 1821 }
73f22f62 1822
310a3d48
MH		 1823 /* Cancel any potential discoverable timeout that might be
1824 * still active and store new timeout value. The arming of
1825 * the timeout happens in the complete handler.
1826 */
1827 cancel_delayed_work(&hdev->discov_off);
1828 hdev->discov_timeout = timeout;
1829
b456f87c
JH		 1830 /* Limited discoverable mode */
1831 if (cp->val == 0x02)
a1536da2 1832 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1833 else
a358dc11 1834 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1835
bfaf8c9f
JH		 1836 hci_req_init(&req, hdev);
1837
9a43e25f
JH		 1838 /* The procedure for LE-only controllers is much simpler - just
1839 * update the advertising data.
1840 */
d7a5a11d 1841 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
9a43e25f
JH		 1842 goto update_ad;
1843
73f22f62
JH		 1844 scan = SCAN_PAGE;
1845
310a3d48
MH		 1846 if (cp->val) {
1847 struct hci_cp_write_current_iac_lap hci_cp;
1848
1849 if (cp->val == 0x02) {
1850 /* Limited discoverable mode */
33337dcb 1851 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1852 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1853 hci_cp.iac_lap[1] = 0x8b;
1854 hci_cp.iac_lap[2] = 0x9e;
1855 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1856 hci_cp.iac_lap[4] = 0x8b;
1857 hci_cp.iac_lap[5] = 0x9e;
1858 } else {
1859 /* General discoverable mode */
310a3d48
MH		 1860 hci_cp.num_iac = 1;
1861 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1862 hci_cp.iac_lap[1] = 0x8b;
1863 hci_cp.iac_lap[2] = 0x9e;
1864 }
1865
1866 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1867 (hci_cp.num_iac * 3) + 1, &hci_cp);
1868
73f22f62 1869 scan |= SCAN_INQUIRY;
310a3d48 1870 } else {
a358dc11 1871 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
310a3d48 1872 }
73f22f62 1873
310a3d48 1874 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1875
9a43e25f
JH		 1876update_ad:
1877 update_adv_data(&req);
1878
bfaf8c9f 1879 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1880 if (err < 0)
a664b5bc 1881 mgmt_pending_remove(cmd);
73f22f62
JH		 1882
1883failed:
09fd0de5 1884 hci_dev_unlock(hdev);
73f22f62
JH		 1885 return err;
1886}
1887
406d7804
JH		 1888static void write_fast_connectable(struct hci_request *req, bool enable)
1889{
bd98b996 1890 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1891 struct hci_cp_write_page_scan_activity acp;
1892 u8 type;
1893
d7a5a11d 1894 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
547003b1
JH		 1895 return;
1896
4c01f8b8
JH		 1897 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1898 return;
1899
406d7804
JH		 1900 if (enable) {
1901 type = PAGE_SCAN_TYPE_INTERLACED;
1902
1903 /* 160 msec page scan interval */
dcf4adbf 1904 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1905 } else {
1906 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1907
1908 /* default 1.28 sec page scan */
dcf4adbf 1909 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1910 }
1911
dcf4adbf 1912 acp.window = cpu_to_le16(0x0012);
406d7804 1913
bd98b996
JH		 1914 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1915 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1916 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1917 sizeof(acp), &acp);
1918
1919 if (hdev->page_scan_type != type)
1920 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1921}
1922
1904a853
MH		 1923static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1924 u16 opcode)
2b76f453 1925{
3b0602cd 1926 struct mgmt_pending_cmd *cmd;
d7b856f9 1927 struct mgmt_mode *cp;
bc6d2d04 1928 bool conn_changed, discov_changed;
2b76f453
JH		 1929
1930 BT_DBG("status 0x%02x", status);
1931
1932 hci_dev_lock(hdev);
1933
333ae95d 1934 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 1935 if (!cmd)
1936 goto unlock;
1937
37438c1f
JH		 1938 if (status) {
1939 u8 mgmt_err = mgmt_status(status);
a69e8375 1940 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1941 goto remove_cmd;
1942 }
1943
d7b856f9 1944 cp = cmd->param;
bc6d2d04 1945 if (cp->val) {
238be788
MH		 1946 conn_changed = !hci_dev_test_and_set_flag(hdev,
1947 HCI_CONNECTABLE);
bc6d2d04
JH		 1948 discov_changed = false;
1949 } else {
a69d8927
MH		 1950 conn_changed = hci_dev_test_and_clear_flag(hdev,
1951 HCI_CONNECTABLE);
1952 discov_changed = hci_dev_test_and_clear_flag(hdev,
1953 HCI_DISCOVERABLE);
bc6d2d04 1954 }
d7b856f9 1955
2b76f453
JH		 1956 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1957
bc6d2d04 1958 if (conn_changed || discov_changed) {
d7b856f9 1959 new_settings(hdev, cmd->sk);
1d2dc5b7 1960 hci_update_page_scan(hdev);
bc6d2d04
JH		 1961 if (discov_changed)
1962 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1963 hci_update_background_scan(hdev);
1964 }
d7b856f9 1965
37438c1f 1966remove_cmd:
2b76f453
JH		 1967 mgmt_pending_remove(cmd);
1968
1969unlock:
1970 hci_dev_unlock(hdev);
1971}
1972
e8ba3a1f
JH		 1973static int set_connectable_update_settings(struct hci_dev *hdev,
1974 struct sock *sk, u8 val)
1975{
1976 bool changed = false;
1977 int err;
1978
d7a5a11d 1979 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1980 changed = true;
1981
1982 if (val) {
a1536da2 1983 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1984 } else {
a358dc11
MH		 1985 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1986 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1987 }
1988
1989 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1990 if (err < 0)
1991 return err;
1992
562064e6 1993 if (changed) {
1d2dc5b7 1994 hci_update_page_scan(hdev);
562064e6 1995 hci_update_background_scan(hdev);
e8ba3a1f 1996 return new_settings(hdev, sk);
562064e6 1997 }
e8ba3a1f
JH		 1998
1999 return 0;
2000}
2001
bdb6d971 2002static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2003 u16 len)
9fbcbb45 2004{
650f726d 2005 struct mgmt_mode *cp = data;
3b0602cd 2006 struct mgmt_pending_cmd *cmd;
2b76f453 2007 struct hci_request req;
1987fdc7 2008 u8 scan;
9fbcbb45
JH		 2009 int err;
2010
bdb6d971 2011 BT_DBG("request for %s", hdev->name);
9fbcbb45 2012
d7a5a11d
MH		 2013 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2014 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 2015 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2016 MGMT_STATUS_REJECTED);
33c525c0 2017
a7e80f25 2018 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2019 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2020 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2021
09fd0de5 2022 hci_dev_lock(hdev);
9fbcbb45 2023
4b34ee78 2024 if (!hdev_is_powered(hdev)) {
e8ba3a1f 2025 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 2026 goto failed;
2027 }
2028
333ae95d
JH		 2029 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
2030 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 2031 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2032 MGMT_STATUS_BUSY);
9fbcbb45
JH		 2033 goto failed;
2034 }
2035
2e58ef3e 2036 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 2037 if (!cmd) {
2038 err = -ENOMEM;
9fbcbb45 2039 goto failed;
366a0336 2040 }
9fbcbb45 2041
9b74246f 2042 hci_req_init(&req, hdev);
9fbcbb45 2043
9a43e25f
JH		 2044 /* If BR/EDR is not enabled and we disable advertising as a
2045 * by-product of disabling connectable, we need to update the
2046 * advertising flags.
2047 */
d7a5a11d 2048 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
9a43e25f 2049 if (!cp->val) {
a358dc11
MH		 2050 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2051 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
9a43e25f
JH		 2052 }
2053 update_adv_data(&req);
2054 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 2055 if (cp->val) {
2056 scan = SCAN_PAGE;
2057 } else {
3bd27240
JH		 2058 /* If we don't have any whitelist entries just
2059 * disable all scanning. If there are entries
2060 * and we had both page and inquiry scanning
2061 * enabled then fall back to only page scanning.
2062 * Otherwise no changes are needed.
2063 */
2064 if (list_empty(&hdev->whitelist))
2065 scan = SCAN_DISABLED;
2066 else if (test_bit(HCI_ISCAN, &hdev->flags))
2067 scan = SCAN_PAGE;
2068 else
2069 goto no_scan_update;
9b74246f
JH		 2070
2071 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 2072 hdev->discov_timeout > 0)
9b74246f
JH		 2073 cancel_delayed_work(&hdev->discov_off);
2074 }
2b76f453 2075
9b74246f
JH		 2076 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2077 }
2b76f453 2078
3bd27240 2079no_scan_update:
e8b1202c 2080 /* Update the advertising parameters if necessary */
d7a5a11d 2081 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
1987fdc7 2082 enable_advertising(&req);
1987fdc7 2083
2b76f453 2084 err = hci_req_run(&req, set_connectable_complete);
9b74246f 2085 if (err < 0) {
a664b5bc 2086 mgmt_pending_remove(cmd);
9b74246f 2087 if (err == -ENODATA)
a81070ba
JH		 2088 err = set_connectable_update_settings(hdev, sk,
2089 cp->val);
9b74246f
JH		 2090 goto failed;
2091 }
9fbcbb45
JH		 2092
2093failed:
09fd0de5 2094 hci_dev_unlock(hdev);
9fbcbb45
JH		 2095 return err;
2096}
2097
b2939475 2098static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2099 u16 len)
c542a06c 2100{
650f726d 2101 struct mgmt_mode *cp = data;
55594356 2102 bool changed;
c542a06c
JH		 2103 int err;
2104
bdb6d971 2105 BT_DBG("request for %s", hdev->name);
c542a06c 2106
a7e80f25 2107 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2108 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2109 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2110
09fd0de5 2111 hci_dev_lock(hdev);
c542a06c
JH		 2112
2113 if (cp->val)
238be788 2114 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 2115 else
a69d8927 2116 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 2117
b2939475 2118 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 2119 if (err < 0)
55594356 2120 goto unlock;
c542a06c 2121
55594356
MH		 2122 if (changed)
2123 err = new_settings(hdev, sk);
c542a06c 2124
55594356 2125unlock:
09fd0de5 2126 hci_dev_unlock(hdev);
c542a06c
JH		 2127 return err;
2128}
2129
04124681
GP		 2130static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2131 u16 len)
33ef95ed
JH		 2132{
2133 struct mgmt_mode *cp = data;
3b0602cd 2134 struct mgmt_pending_cmd *cmd;
e6fe7986 2135 u8 val, status;
33ef95ed
JH		 2136 int err;
2137
bdb6d971 2138 BT_DBG("request for %s", hdev->name);
33ef95ed 2139
e6fe7986
JH		 2140 status = mgmt_bredr_support(hdev);
2141 if (status)
a69e8375
JH		 2142 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2143 status);
33c525c0 2144
a7e80f25 2145 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2146 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2147 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2148
33ef95ed
JH		 2149 hci_dev_lock(hdev);
2150
4b34ee78 2151 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2152 bool changed = false;
2153
d7a5a11d 2154 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 2155 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 2156 changed = true;
2157 }
2158
2159 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2160 if (err < 0)
2161 goto failed;
2162
2163 if (changed)
2164 err = new_settings(hdev, sk);
2165
33ef95ed
JH		 2166 goto failed;
2167 }
2168
333ae95d 2169 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 2170 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2171 MGMT_STATUS_BUSY);
33ef95ed
JH		 2172 goto failed;
2173 }
2174
2175 val = !!cp->val;
2176
2177 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2178 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2179 goto failed;
2180 }
2181
2182 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2183 if (!cmd) {
2184 err = -ENOMEM;
2185 goto failed;
2186 }
2187
2188 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2189 if (err < 0) {
2190 mgmt_pending_remove(cmd);
2191 goto failed;
2192 }
2193
2194failed:
2195 hci_dev_unlock(hdev);
33ef95ed
JH		 2196 return err;
2197}
2198
bdb6d971 2199static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2200{
2201 struct mgmt_mode *cp = data;
3b0602cd 2202 struct mgmt_pending_cmd *cmd;
72ef0c1a 2203 u8 status;
ed2c4ee3
JH		 2204 int err;
2205
bdb6d971 2206 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2207
cdba5281
MH		 2208 status = mgmt_bredr_support(hdev);
2209 if (status)
a69e8375 2210 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 2211
13ecd8b6 2212 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2213 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2214 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2215
a7e80f25 2216 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2217 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2218 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2219
13ecd8b6 2220 hci_dev_lock(hdev);
6c8f12c1 2221
4b34ee78 2222 if (!hdev_is_powered(hdev)) {
9ecb3e24 2223 bool changed;
c0ecddc2 2224
9ecb3e24 2225 if (cp->val) {
238be788
MH		 2226 changed = !hci_dev_test_and_set_flag(hdev,
2227 HCI_SSP_ENABLED);
9ecb3e24 2228 } else {
a69d8927
MH		 2229 changed = hci_dev_test_and_clear_flag(hdev,
2230 HCI_SSP_ENABLED);
9ecb3e24 2231 if (!changed)
a69d8927
MH		 2232 changed = hci_dev_test_and_clear_flag(hdev,
2233 HCI_HS_ENABLED);
9ecb3e24 2234 else
a358dc11 2235 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 2236 }
2237
2238 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2239 if (err < 0)
2240 goto failed;
2241
2242 if (changed)
2243 err = new_settings(hdev, sk);
2244
ed2c4ee3
JH		 2245 goto failed;
2246 }
2247
333ae95d 2248 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2249 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2250 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2251 goto failed;
2252 }
2253
d7a5a11d 2254 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 2255 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2256 goto failed;
2257 }
2258
2259 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2260 if (!cmd) {
2261 err = -ENOMEM;
2262 goto failed;
2263 }
2264
d7a5a11d 2265 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 2266 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2267 sizeof(cp->val), &cp->val);
2268
72ef0c1a 2269 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2270 if (err < 0) {
2271 mgmt_pending_remove(cmd);
2272 goto failed;
2273 }
2274
2275failed:
2276 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2277 return err;
2278}
2279
bdb6d971 2280static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2281{
2282 struct mgmt_mode *cp = data;
ee392693 2283 bool changed;
e6fe7986 2284 u8 status;
ee392693 2285 int err;
6d80dfd0 2286
bdb6d971 2287 BT_DBG("request for %s", hdev->name);
6d80dfd0 2288
e6fe7986
JH		 2289 status = mgmt_bredr_support(hdev);
2290 if (status)
a69e8375 2291 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2292
9ecb3e24 2293 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2294 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2295 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 2296
d7a5a11d 2297 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 2298 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2299 MGMT_STATUS_REJECTED);
9ecb3e24 2300
a7e80f25 2301 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2302 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2303 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2304
ee392693
MH		 2305 hci_dev_lock(hdev);
2306
333ae95d 2307 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2308 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2309 MGMT_STATUS_BUSY);
a2cb01de
JH		 2310 goto unlock;
2311 }
2312
a0cdf960 2313 if (cp->val) {
238be788 2314 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 2315 } else {
2316 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2317 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2318 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2319 goto unlock;
2320 }
2321
a69d8927 2322 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 2323 }
ee392693
MH		 2324
2325 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2326 if (err < 0)
2327 goto unlock;
2328
2329 if (changed)
2330 err = new_settings(hdev, sk);
6d80dfd0 2331
ee392693
MH		 2332unlock:
2333 hci_dev_unlock(hdev);
2334 return err;
6d80dfd0
JH		 2335}
2336
1904a853 2337static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2338{
2339 struct cmd_lookup match = { NULL, hdev };
2340
3ad67582
JK		 2341 hci_dev_lock(hdev);
2342
416a4ae5
JH		 2343 if (status) {
2344 u8 mgmt_err = mgmt_status(status);
2345
2346 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2347 &mgmt_err);
3ad67582 2348 goto unlock;
416a4ae5
JH		 2349 }
2350
2351 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2352
2353 new_settings(hdev, match.sk);
2354
2355 if (match.sk)
2356 sock_put(match.sk);
441ad2d0
MH		 2357
2358 /* Make sure the controller has a good default for
2359 * advertising data. Restrict the update to when LE
2360 * has actually been enabled. During power on, the
2361 * update in powered_update_hci will take care of it.
2362 */
d7a5a11d 2363 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 2364 struct hci_request req;
2365
441ad2d0 2366 hci_req_init(&req, hdev);
5947f4bc 2367 update_adv_data(&req);
f14d8f64 2368 update_scan_rsp_data(&req);
2cf22218 2369 __hci_update_background_scan(&req);
441ad2d0 2370 hci_req_run(&req, NULL);
441ad2d0 2371 }
3ad67582
JK		 2372
2373unlock:
2374 hci_dev_unlock(hdev);
416a4ae5
JH		 2375}
2376
bdb6d971 2377static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2378{
2379 struct mgmt_mode *cp = data;
2380 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 2381 struct mgmt_pending_cmd *cmd;
416a4ae5 2382 struct hci_request req;
06199cf8 2383 int err;
0b60eba1 2384 u8 val, enabled;
06199cf8 2385
bdb6d971 2386 BT_DBG("request for %s", hdev->name);
06199cf8 2387
13ecd8b6 2388 if (!lmp_le_capable(hdev))
a69e8375
JH		 2389 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2390 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2391
a7e80f25 2392 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2393 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2394 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2395
e7844ee5
MH		 2396 /* Bluetooth single mode LE only controllers or dual-mode
2397 * controllers configured as LE only devices, do not allow
2398 * switching LE off. These have either LE enabled explicitly
2399 * or BR/EDR has been previously switched off.
2400 *
2401 * When trying to enable an already enabled LE, then gracefully
2402 * send a positive response. Trying to disable it however will
2403 * result into rejection.
2404 */
2405 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2406 if (cp->val == 0x01)
2407 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2408
a69e8375
JH		 2409 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2410 MGMT_STATUS_REJECTED);
e7844ee5 2411 }
c73eee91 2412
13ecd8b6 2413 hci_dev_lock(hdev);
06199cf8
JH		 2414
2415 val = !!cp->val;
ffa88e02 2416 enabled = lmp_host_le_capable(hdev);
06199cf8 2417
0b60eba1 2418 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2419 bool changed = false;
2420
d7a5a11d 2421 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 2422 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 2423 changed = true;
2424 }
2425
d7a5a11d 2426 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 2427 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 2428 changed = true;
2429 }
2430
06199cf8
JH		 2431 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2432 if (err < 0)
1de028ce 2433 goto unlock;
06199cf8
JH		 2434
2435 if (changed)
2436 err = new_settings(hdev, sk);
2437
1de028ce 2438 goto unlock;
06199cf8
JH		 2439 }
2440
333ae95d
JH		 2441 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2442 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2443 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2444 MGMT_STATUS_BUSY);
1de028ce 2445 goto unlock;
06199cf8
JH		 2446 }
2447
2448 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2449 if (!cmd) {
2450 err = -ENOMEM;
1de028ce 2451 goto unlock;
06199cf8
JH		 2452 }
2453
441ad2d0
MH		 2454 hci_req_init(&req, hdev);
2455
06199cf8
JH		 2456 memset(&hci_cp, 0, sizeof(hci_cp));
2457
2458 if (val) {
2459 hci_cp.le = val;
32226e4f 2460 hci_cp.simul = 0x00;
441ad2d0 2461 } else {
d7a5a11d 2462 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
441ad2d0 2463 disable_advertising(&req);
06199cf8
JH		 2464 }
2465
416a4ae5
JH		 2466 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2467 &hci_cp);
2468
2469 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2470 if (err < 0)
06199cf8 2471 mgmt_pending_remove(cmd);
06199cf8 2472
1de028ce
JH		 2473unlock:
2474 hci_dev_unlock(hdev);
06199cf8
JH		 2475 return err;
2476}
2477
0cab9c80
JH		 2478/* This is a helper function to test for pending mgmt commands that can
2479 * cause CoD or EIR HCI commands. We can only allow one such pending
2480 * mgmt command at a time since otherwise we cannot easily track what
2481 * the current values are, will be, and based on that calculate if a new
2482 * HCI command needs to be sent and if yes with what value.
2483 */
2484static bool pending_eir_or_class(struct hci_dev *hdev)
2485{
3b0602cd 2486 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2487
2488 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2489 switch (cmd->opcode) {
2490 case MGMT_OP_ADD_UUID:
2491 case MGMT_OP_REMOVE_UUID:
2492 case MGMT_OP_SET_DEV_CLASS:
2493 case MGMT_OP_SET_POWERED:
2494 return true;
2495 }
2496 }
2497
2498 return false;
2499}
2500
83be8eca
JH		 2501static const u8 bluetooth_base_uuid[] = {
2502 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2503 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2504};
2505
2506static u8 get_uuid_size(const u8 *uuid)
2507{
2508 u32 val;
2509
2510 if (memcmp(uuid, bluetooth_base_uuid, 12))
2511 return 128;
2512
2513 val = get_unaligned_le32(&uuid[12]);
2514 if (val > 0xffff)
2515 return 32;
2516
2517 return 16;
2518}
2519
92da6097
JH		 2520static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2521{
3b0602cd 2522 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2523
2524 hci_dev_lock(hdev);
2525
333ae95d 2526 cmd = pending_find(mgmt_op, hdev);
92da6097
JH		 2527 if (!cmd)
2528 goto unlock;
2529
2a1afb5a
JH		 2530 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2531 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2532
2533 mgmt_pending_remove(cmd);
2534
2535unlock:
2536 hci_dev_unlock(hdev);
2537}
2538
1904a853 2539static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2540{
2541 BT_DBG("status 0x%02x", status);
2542
2543 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2544}
2545
bdb6d971 2546static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2547{
650f726d 2548 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2549 struct mgmt_pending_cmd *cmd;
890ea898 2550 struct hci_request req;
2aeb9a1a 2551 struct bt_uuid *uuid;
2aeb9a1a
JH		 2552 int err;
2553
bdb6d971 2554 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2555
09fd0de5 2556 hci_dev_lock(hdev);
2aeb9a1a 2557
0cab9c80 2558 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2559 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2560 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2561 goto failed;
2562 }
2563
92c4c204 2564 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2565 if (!uuid) {
2566 err = -ENOMEM;
2567 goto failed;
2568 }
2569
2570 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2571 uuid->svc_hint = cp->svc_hint;
83be8eca 2572 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2573
de66aa63 2574 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2575
890ea898 2576 hci_req_init(&req, hdev);
1aff6f09 2577
890ea898
JH		 2578 update_class(&req);
2579 update_eir(&req);
2580
92da6097
JH		 2581 err = hci_req_run(&req, add_uuid_complete);
2582 if (err < 0) {
2583 if (err != -ENODATA)
2584 goto failed;
80a1e1db 2585
2a1afb5a
JH		 2586 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2587 hdev->dev_class, 3);
90e70454
JH		 2588 goto failed;
2589 }
2590
2591 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2592 if (!cmd) {
90e70454 2593 err = -ENOMEM;
890ea898
JH		 2594 goto failed;
2595 }
2596
2597 err = 0;
2aeb9a1a
JH		 2598
2599failed:
09fd0de5 2600 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2601 return err;
2602}
2603
24b78d0f
JH		 2604static bool enable_service_cache(struct hci_dev *hdev)
2605{
2606 if (!hdev_is_powered(hdev))
2607 return false;
2608
238be788 2609 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2610 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2611 CACHE_TIMEOUT);
24b78d0f
JH		 2612 return true;
2613 }
2614
2615 return false;
2616}
2617
1904a853 2618static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2619{
2620 BT_DBG("status 0x%02x", status);
2621
2622 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2623}
2624
bdb6d971 2625static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2626 u16 len)
2aeb9a1a 2627{
650f726d 2628 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2629 struct mgmt_pending_cmd *cmd;
056341c8 2630 struct bt_uuid *match, *tmp;
2aeb9a1a 2631 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2632 struct hci_request req;
2aeb9a1a
JH		 2633 int err, found;
2634
bdb6d971 2635 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2636
09fd0de5 2637 hci_dev_lock(hdev);
2aeb9a1a 2638
0cab9c80 2639 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2640 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2641 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2642 goto unlock;
2643 }
2644
2aeb9a1a 2645 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2646 hci_uuids_clear(hdev);
4004b6d9 2647
24b78d0f 2648 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2649 err = mgmt_cmd_complete(sk, hdev->id,
2650 MGMT_OP_REMOVE_UUID,
2651 0, hdev->dev_class, 3);
24b78d0f
JH		 2652 goto unlock;
2653 }
4004b6d9 2654
9246a869 2655 goto update_class;
2aeb9a1a
JH		 2656 }
2657
2658 found = 0;
2659
056341c8 2660 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2661 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2662 continue;
2663
2664 list_del(&match->list);
482049f7 2665 kfree(match);
2aeb9a1a
JH		 2666 found++;
2667 }
2668
2669 if (found == 0) {
a69e8375
JH		 2670 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2671 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2672 goto unlock;
2673 }
2674
9246a869 2675update_class:
890ea898 2676 hci_req_init(&req, hdev);
1aff6f09 2677
890ea898
JH		 2678 update_class(&req);
2679 update_eir(&req);
2680
92da6097
JH		 2681 err = hci_req_run(&req, remove_uuid_complete);
2682 if (err < 0) {
2683 if (err != -ENODATA)
2684 goto unlock;
80a1e1db 2685
2a1afb5a
JH		 2686 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2687 hdev->dev_class, 3);
90e70454
JH		 2688 goto unlock;
2689 }
2690
2691 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2692 if (!cmd) {
90e70454 2693 err = -ENOMEM;
890ea898
JH		 2694 goto unlock;
2695 }
2696
2697 err = 0;
2aeb9a1a
JH		 2698
2699unlock:
09fd0de5 2700 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2701 return err;
2702}
2703
1904a853 2704static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2705{
2706 BT_DBG("status 0x%02x", status);
2707
2708 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2709}
2710
bdb6d971 2711static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2712 u16 len)
1aff6f09 2713{
650f726d 2714 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2715 struct mgmt_pending_cmd *cmd;
890ea898 2716 struct hci_request req;
1aff6f09
JH		 2717 int err;
2718
bdb6d971 2719 BT_DBG("request for %s", hdev->name);
1aff6f09 2720
6203fc98 2721 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2722 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2723 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2724
0cab9c80 2725 hci_dev_lock(hdev);
ee98f473 2726
0cab9c80 2727 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2728 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2729 MGMT_STATUS_BUSY);
0cab9c80
JH		 2730 goto unlock;
2731 }
c95f0ba7 2732
0cab9c80 2733 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2734 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2735 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2736 goto unlock;
2737 }
575b3a02 2738
932f5ff5
JH		 2739 hdev->major_class = cp->major;
2740 hdev->minor_class = cp->minor;
2741
b5235a65 2742 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2743 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2744 hdev->dev_class, 3);
b5235a65
JH		 2745 goto unlock;
2746 }
2747
890ea898
JH		 2748 hci_req_init(&req, hdev);
2749
a69d8927 2750 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2751 hci_dev_unlock(hdev);
2752 cancel_delayed_work_sync(&hdev->service_cache);
2753 hci_dev_lock(hdev);
890ea898 2754 update_eir(&req);
7d78525d 2755 }
14c0b608 2756
890ea898
JH		 2757 update_class(&req);
2758
92da6097
JH		 2759 err = hci_req_run(&req, set_class_complete);
2760 if (err < 0) {
2761 if (err != -ENODATA)
2762 goto unlock;
1aff6f09 2763
2a1afb5a
JH		 2764 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2765 hdev->dev_class, 3);
90e70454
JH		 2766 goto unlock;
2767 }
2768
2769 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2770 if (!cmd) {
90e70454 2771 err = -ENOMEM;
890ea898
JH		 2772 goto unlock;
2773 }
2774
2775 err = 0;
1aff6f09 2776
b5235a65 2777unlock:
09fd0de5 2778 hci_dev_unlock(hdev);
1aff6f09
JH		 2779 return err;
2780}
2781
bdb6d971 2782static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2783 u16 len)
55ed8ca1 2784{
650f726d 2785 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2786 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2787 sizeof(struct mgmt_link_key_info));
4e51eae9 2788 u16 key_count, expected_len;
b1de97d8 2789 bool changed;
a492cd52 2790 int i;
55ed8ca1 2791
9060d5cf
MH		 2792 BT_DBG("request for %s", hdev->name);
2793
2794 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2795 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2796 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2797
1f350c87 2798 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2799 if (key_count > max_key_count) {
2800 BT_ERR("load_link_keys: too big key_count value %u",
2801 key_count);
a69e8375
JH		 2802 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2803 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2804 }
55ed8ca1 2805
86742e1e
JH		 2806 expected_len = sizeof(*cp) + key_count *
2807 sizeof(struct mgmt_link_key_info);
a492cd52 2808 if (expected_len != len) {
86742e1e 2809 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2810 expected_len, len);
a69e8375
JH		 2811 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2812 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2813 }
2814
4ae14301 2815 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2816 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2817 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2818
bdb6d971 2819 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2820 key_count);
55ed8ca1 2821
4ee71b20
JH		 2822 for (i = 0; i < key_count; i++) {
2823 struct mgmt_link_key_info *key = &cp->keys[i];
2824
8e991132 2825 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2826 return mgmt_cmd_status(sk, hdev->id,
2827 MGMT_OP_LOAD_LINK_KEYS,
2828 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2829 }
2830
09fd0de5 2831 hci_dev_lock(hdev);
55ed8ca1
JH		 2832
2833 hci_link_keys_clear(hdev);
2834
55ed8ca1 2835 if (cp->debug_keys)
238be788 2836 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2837 else
a69d8927
MH		 2838 changed = hci_dev_test_and_clear_flag(hdev,
2839 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2840
2841 if (changed)
2842 new_settings(hdev, NULL);
55ed8ca1 2843
a492cd52 2844 for (i = 0; i < key_count; i++) {
86742e1e 2845 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2846
58e9293c
JH		 2847 /* Always ignore debug keys and require a new pairing if
2848 * the user wants to use them.
2849 */
2850 if (key->type == HCI_LK_DEBUG_COMBINATION)
2851 continue;
2852
7652ff6a
JH		 2853 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2854 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2855 }
2856
2a1afb5a 2857 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2858
09fd0de5 2859 hci_dev_unlock(hdev);
55ed8ca1 2860
a492cd52 2861 return 0;
55ed8ca1
JH		 2862}
2863
b1078ad0 2864static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2865 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2866{
2867 struct mgmt_ev_device_unpaired ev;
2868
2869 bacpy(&ev.addr.bdaddr, bdaddr);
2870 ev.addr.type = addr_type;
2871
2872 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2873 skip_sk);
b1078ad0
JH		 2874}
2875
bdb6d971 2876static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2877 u16 len)
55ed8ca1 2878{
124f6e35
JH		 2879 struct mgmt_cp_unpair_device *cp = data;
2880 struct mgmt_rp_unpair_device rp;
a8a1d19e 2881 struct hci_cp_disconnect dc;
3b0602cd 2882 struct mgmt_pending_cmd *cmd;
55ed8ca1 2883 struct hci_conn *conn;
55ed8ca1
JH		 2884 int err;
2885
a8a1d19e 2886 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2887 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2888 rp.addr.type = cp->addr.type;
a8a1d19e 2889
4ee71b20 2890 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2891 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2892 MGMT_STATUS_INVALID_PARAMS,
2893 &rp, sizeof(rp));
4ee71b20 2894
118da70b 2895 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2896 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2897 MGMT_STATUS_INVALID_PARAMS,
2898 &rp, sizeof(rp));
118da70b 2899
4ee71b20
JH		 2900 hci_dev_lock(hdev);
2901
86a8cfc6 2902 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2903 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2904 MGMT_STATUS_NOT_POWERED, &rp,
2905 sizeof(rp));
86a8cfc6
JH		 2906 goto unlock;
2907 }
2908
e0b2b27e 2909 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2910 /* If disconnection is requested, then look up the
2911 * connection. If the remote device is connected, it
2912 * will be later used to terminate the link.
2913 *
2914 * Setting it to NULL explicitly will cause no
2915 * termination of the link.
2916 */
2917 if (cp->disconnect)
2918 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2919 &cp->addr.bdaddr);
2920 else
2921 conn = NULL;
2922
124f6e35 2923 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2924 } else {
2925 u8 addr_type;
2926
89cbb063
AA		 2927 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2928 &cp->addr.bdaddr);
2929 if (conn) {
2930 /* Defer clearing up the connection parameters
2931 * until closing to give a chance of keeping
2932 * them if a repairing happens.
2933 */
2934 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2935
2936 /* If disconnection is not requested, then
2937 * clear the connection variable so that the
2938 * link is not terminated.
2939 */
2940 if (!cp->disconnect)
2941 conn = NULL;
2942 }
2943
e0b2b27e
JH		 2944 if (cp->addr.type == BDADDR_LE_PUBLIC)
2945 addr_type = ADDR_LE_DEV_PUBLIC;
2946 else
2947 addr_type = ADDR_LE_DEV_RANDOM;
2948
a7ec7338
JH		 2949 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2950
e0b2b27e
JH		 2951 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2952 }
b0dbfb46 2953
55ed8ca1 2954 if (err < 0) {
2a1afb5a
JH		 2955 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2956 MGMT_STATUS_NOT_PAIRED, &rp,
2957 sizeof(rp));
55ed8ca1
JH		 2958 goto unlock;
2959 }
2960
89cbb063
AA		 2961 /* If the connection variable is set, then termination of the
2962 * link is requested.
2963 */
a8a1d19e 2964 if (!conn) {
2a1afb5a
JH		 2965 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2966 &rp, sizeof(rp));
b1078ad0 2967 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2968 goto unlock;
2969 }
55ed8ca1 2970
124f6e35 2971 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2972 sizeof(*cp));
a8a1d19e
JH		 2973 if (!cmd) {
2974 err = -ENOMEM;
2975 goto unlock;
55ed8ca1
JH		 2976 }
2977
d8b7b1e4
JH		 2978 cmd->cmd_complete = addr_cmd_complete;
2979
eb55ef07 2980 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2981 dc.reason = 0x13; /* Remote User Terminated Connection */
2982 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2983 if (err < 0)
2984 mgmt_pending_remove(cmd);
2985
55ed8ca1 2986unlock:
09fd0de5 2987 hci_dev_unlock(hdev);
55ed8ca1
JH		 2988 return err;
2989}
2990
bdb6d971 2991static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2992 u16 len)
8962ee74 2993{
650f726d 2994 struct mgmt_cp_disconnect *cp = data;
06a63b19 2995 struct mgmt_rp_disconnect rp;
3b0602cd 2996 struct mgmt_pending_cmd *cmd;
8962ee74 2997 struct hci_conn *conn;
8962ee74
JH		 2998 int err;
2999
3000 BT_DBG("");
3001
06a63b19
JH		 3002 memset(&rp, 0, sizeof(rp));
3003 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3004 rp.addr.type = cp->addr.type;
3005
4ee71b20 3006 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3007 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3008 MGMT_STATUS_INVALID_PARAMS,
3009 &rp, sizeof(rp));
4ee71b20 3010
09fd0de5 3011 hci_dev_lock(hdev);
8962ee74
JH		 3012
3013 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 3014 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3015 MGMT_STATUS_NOT_POWERED, &rp,
3016 sizeof(rp));
8962ee74
JH		 3017 goto failed;
3018 }
3019
333ae95d 3020 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 3021 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3022 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 3023 goto failed;
3024 }
3025
591f47f3 3026 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 3027 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3028 &cp->addr.bdaddr);
88c3df13
JH		 3029 else
3030 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 3031
f960727e 3032 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 3033 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3034 MGMT_STATUS_NOT_CONNECTED, &rp,
3035 sizeof(rp));
8962ee74
JH		 3036 goto failed;
3037 }
3038
2e58ef3e 3039 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 3040 if (!cmd) {
3041 err = -ENOMEM;
8962ee74 3042 goto failed;
366a0336 3043 }
8962ee74 3044
f5818c22
JH		 3045 cmd->cmd_complete = generic_cmd_complete;
3046
e3f2f92a 3047 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 3048 if (err < 0)
a664b5bc 3049 mgmt_pending_remove(cmd);
8962ee74
JH		 3050
3051failed:
09fd0de5 3052 hci_dev_unlock(hdev);
8962ee74
JH		 3053 return err;
3054}
3055
57c1477c 3056static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 3057{
3058 switch (link_type) {
3059 case LE_LINK:
48264f06
JH		 3060 switch (addr_type) {
3061 case ADDR_LE_DEV_PUBLIC:
591f47f3 3062 return BDADDR_LE_PUBLIC;
0ed09148 3063
48264f06 3064 default:
0ed09148 3065 /* Fallback to LE Random address type */
591f47f3 3066 return BDADDR_LE_RANDOM;
48264f06 3067 }
0ed09148 3068
4c659c39 3069 default:
0ed09148 3070 /* Fallback to BR/EDR type */
591f47f3 3071 return BDADDR_BREDR;
4c659c39
JH		 3072 }
3073}
3074
04124681
GP		 3075static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3076 u16 data_len)
2784eb41 3077{
2784eb41 3078 struct mgmt_rp_get_connections *rp;
8035ded4 3079 struct hci_conn *c;
a38528f1 3080 size_t rp_len;
60fc5fb6
JH		 3081 int err;
3082 u16 i;
2784eb41
JH		 3083
3084 BT_DBG("");
3085
09fd0de5 3086 hci_dev_lock(hdev);
2784eb41 3087
5f97c1df 3088 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3089 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3090 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3091 goto unlock;
3092 }
3093
60fc5fb6 3094 i = 0;
b644ba33
JH		 3095 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3096 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 3097 i++;
2784eb41
JH		 3098 }
3099
60fc5fb6 3100 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 3101 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 3102 if (!rp) {
2784eb41
JH		 3103 err = -ENOMEM;
3104 goto unlock;
3105 }
3106
2784eb41 3107 i = 0;
4c659c39 3108 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 3109 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3110 continue;
4c659c39 3111 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 3112 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 3113 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 3114 continue;
3115 i++;
3116 }
3117
eb55ef07 3118 rp->conn_count = cpu_to_le16(i);
60fc5fb6 3119
4c659c39
JH		 3120 /* Recalculate length in case of filtered SCO connections, etc */
3121 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 3122
2a1afb5a
JH		 3123 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3124 rp_len);
2784eb41 3125
a38528f1 3126 kfree(rp);
5f97c1df
JH		 3127
3128unlock:
09fd0de5 3129 hci_dev_unlock(hdev);
2784eb41
JH		 3130 return err;
3131}
3132
bdb6d971 3133static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3134 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 3135{
3b0602cd 3136 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 3137 int err;
3138
2e58ef3e 3139 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 3140 sizeof(*cp));
96d97a67
WR		 3141 if (!cmd)
3142 return -ENOMEM;
3143
d8457698 3144 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 3145 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 3146 if (err < 0)
3147 mgmt_pending_remove(cmd);
3148
3149 return err;
3150}
3151
bdb6d971 3152static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3153 u16 len)
980e1a53 3154{
96d97a67 3155 struct hci_conn *conn;
650f726d 3156 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3157 struct hci_cp_pin_code_reply reply;
3b0602cd 3158 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3159 int err;
3160
3161 BT_DBG("");
3162
09fd0de5 3163 hci_dev_lock(hdev);
980e1a53 3164
4b34ee78 3165 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3166 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3167 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3168 goto failed;
3169 }
3170
d8457698 3171 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3172 if (!conn) {
a69e8375
JH		 3173 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3174 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3175 goto failed;
3176 }
3177
3178 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3179 struct mgmt_cp_pin_code_neg_reply ncp;
3180
3181 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3182
3183 BT_ERR("PIN code is not 16 bytes long");
3184
bdb6d971 3185 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3186 if (err >= 0)
a69e8375
JH		 3187 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3188 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3189
3190 goto failed;
3191 }
3192
00abfe44 3193 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3194 if (!cmd) {
3195 err = -ENOMEM;
980e1a53 3196 goto failed;
366a0336 3197 }
980e1a53 3198
7776d1d8
JH		 3199 cmd->cmd_complete = addr_cmd_complete;
3200
d8457698 3201 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3202 reply.pin_len = cp->pin_len;
24718ca5 3203 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3204
3205 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3206 if (err < 0)
a664b5bc 3207 mgmt_pending_remove(cmd);
980e1a53
JH		 3208
3209failed:
09fd0de5 3210 hci_dev_unlock(hdev);
980e1a53
JH		 3211 return err;
3212}
3213
04124681
GP		 3214static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3215 u16 len)
17fa4b9d 3216{
650f726d 3217 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3218
3219 BT_DBG("");
3220
4ec86d4c 3221 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3222 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3223 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 3224
09fd0de5 3225 hci_dev_lock(hdev);
17fa4b9d
JH		 3226
3227 hdev->io_capability = cp->io_capability;
3228
3229 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3230 hdev->io_capability);
17fa4b9d 3231
09fd0de5 3232 hci_dev_unlock(hdev);
17fa4b9d 3233
2a1afb5a
JH		 3234 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3235 NULL, 0);
17fa4b9d
JH		 3236}
3237
3b0602cd 3238static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3239{
3240 struct hci_dev *hdev = conn->hdev;
3b0602cd 3241 struct mgmt_pending_cmd *cmd;
e9a416b5 3242
2e58ef3e 3243 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3244 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3245 continue;
3246
e9a416b5
JH		 3247 if (cmd->user_data != conn)
3248 continue;
3249
3250 return cmd;
3251 }
3252
3253 return NULL;
3254}
3255
3b0602cd 3256static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3257{
3258 struct mgmt_rp_pair_device rp;
3259 struct hci_conn *conn = cmd->user_data;
9df74653 3260 int err;
e9a416b5 3261
61b1a7fb
JH		 3262 bacpy(&rp.addr.bdaddr, &conn->dst);
3263 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3264
2a1afb5a
JH		 3265 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3266 status, &rp, sizeof(rp));
e9a416b5
JH		 3267
3268 /* So we don't get further callbacks for this connection */
3269 conn->connect_cfm_cb = NULL;
3270 conn->security_cfm_cb = NULL;
3271 conn->disconn_cfm_cb = NULL;
3272
76a68ba0 3273 hci_conn_drop(conn);
89cbb063
AA		 3274
3275 /* The device is paired so there is no need to remove
3276 * its connection parameters anymore.
3277 */
3278 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3279
3280 hci_conn_put(conn);
9df74653
JH		 3281
3282 return err;
e9a416b5
JH		 3283}
3284
f4a407be
JH		 3285void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3286{
3287 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3288 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3289
3290 cmd = find_pairing(conn);
a511b35b 3291 if (cmd) {
04ab2749 3292 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3293 mgmt_pending_remove(cmd);
3294 }
f4a407be
JH		 3295}
3296
e9a416b5
JH		 3297static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3298{
3b0602cd 3299 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3300
3301 BT_DBG("status %u", status);
3302
3303 cmd = find_pairing(conn);
a511b35b 3304 if (!cmd) {
e9a416b5 3305 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3306 return;
3307 }
3308
3309 cmd->cmd_complete(cmd, mgmt_status(status));
3310 mgmt_pending_remove(cmd);
e9a416b5
JH		 3311}
3312
f4a407be 3313static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3314{
3b0602cd 3315 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3316
3317 BT_DBG("status %u", status);
3318
3319 if (!status)
3320 return;
3321
3322 cmd = find_pairing(conn);
a511b35b 3323 if (!cmd) {
4c47d739 3324 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3325 return;
3326 }
3327
3328 cmd->cmd_complete(cmd, mgmt_status(status));
3329 mgmt_pending_remove(cmd);
4c47d739
VA		 3330}
3331
bdb6d971 3332static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3333 u16 len)
e9a416b5 3334{
650f726d 3335 struct mgmt_cp_pair_device *cp = data;
1425acb7 3336 struct mgmt_rp_pair_device rp;
3b0602cd 3337 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3338 u8 sec_level, auth_type;
3339 struct hci_conn *conn;
e9a416b5
JH		 3340 int err;
3341
3342 BT_DBG("");
3343
f950a30e
SJ		 3344 memset(&rp, 0, sizeof(rp));
3345 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3346 rp.addr.type = cp->addr.type;
3347
4ee71b20 3348 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3349 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3350 MGMT_STATUS_INVALID_PARAMS,
3351 &rp, sizeof(rp));
4ee71b20 3352
4ec86d4c 3353 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3354 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3355 MGMT_STATUS_INVALID_PARAMS,
3356 &rp, sizeof(rp));
4ec86d4c 3357
09fd0de5 3358 hci_dev_lock(hdev);
e9a416b5 3359
5f97c1df 3360 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3361 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3362 MGMT_STATUS_NOT_POWERED, &rp,
3363 sizeof(rp));
5f97c1df
JH		 3364 goto unlock;
3365 }
3366
55e76b38
JH		 3367 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3368 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3369 MGMT_STATUS_ALREADY_PAIRED, &rp,
3370 sizeof(rp));
3371 goto unlock;
3372 }
3373
c908df36 3374 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3375 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3376
6f77d8c7 3377 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3378 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3379 auth_type);
6f77d8c7
AG		 3380 } else {
3381 u8 addr_type;
3382
3383 /* Convert from L2CAP channel address type to HCI address type
3384 */
3385 if (cp->addr.type == BDADDR_LE_PUBLIC)
3386 addr_type = ADDR_LE_DEV_PUBLIC;
3387 else
3388 addr_type = ADDR_LE_DEV_RANDOM;
3389
7c264b10
MH		 3390 /* When pairing a new device, it is expected to remember
3391 * this device for future connections. Adding the connection
3392 * parameter information ahead of time allows tracking
3393 * of the slave preferred values and will speed up any
3394 * further connection establishment.
3395 *
3396 * If connection parameters already exist, then they
3397 * will be kept and this function does nothing.
3398 */
3399 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3400
6f77d8c7 3401 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3402 sec_level, HCI_LE_CONN_TIMEOUT,
3403 HCI_ROLE_MASTER);
6f77d8c7 3404 }
7a512d01 3405
30e76272 3406 if (IS_ERR(conn)) {
489dc48e
AK		 3407 int status;
3408
3409 if (PTR_ERR(conn) == -EBUSY)
3410 status = MGMT_STATUS_BUSY;
faa81030
LR		 3411 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3412 status = MGMT_STATUS_NOT_SUPPORTED;
3413 else if (PTR_ERR(conn) == -ECONNREFUSED)
3414 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3415 else
3416 status = MGMT_STATUS_CONNECT_FAILED;
3417
2a1afb5a
JH		 3418 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3419 status, &rp, sizeof(rp));
e9a416b5
JH		 3420 goto unlock;
3421 }
3422
3423 if (conn->connect_cfm_cb) {
76a68ba0 3424 hci_conn_drop(conn);
2a1afb5a
JH		 3425 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3426 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3427 goto unlock;
3428 }
3429
2e58ef3e 3430 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3431 if (!cmd) {
3432 err = -ENOMEM;
76a68ba0 3433 hci_conn_drop(conn);
e9a416b5
JH		 3434 goto unlock;
3435 }
3436
04ab2749
JH		 3437 cmd->cmd_complete = pairing_complete;
3438
7a512d01 3439 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3440 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3441 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3442 conn->security_cfm_cb = pairing_complete_cb;
3443 conn->disconn_cfm_cb = pairing_complete_cb;
3444 } else {
3445 conn->connect_cfm_cb = le_pairing_complete_cb;
3446 conn->security_cfm_cb = le_pairing_complete_cb;
3447 conn->disconn_cfm_cb = le_pairing_complete_cb;
3448 }
7a512d01 3449
e9a416b5 3450 conn->io_capability = cp->io_cap;
f8aaf9b6 3451 cmd->user_data = hci_conn_get(conn);
e9a416b5 3452
6f78fd4b 3453 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3454 hci_conn_security(conn, sec_level, auth_type, true)) {
3455 cmd->cmd_complete(cmd, 0);
3456 mgmt_pending_remove(cmd);
3457 }
e9a416b5
JH		 3458
3459 err = 0;
3460
3461unlock:
09fd0de5 3462 hci_dev_unlock(hdev);
e9a416b5
JH		 3463 return err;
3464}
3465
04124681
GP		 3466static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3467 u16 len)
28424707 3468{
0f4e68cf 3469 struct mgmt_addr_info *addr = data;
3b0602cd 3470 struct mgmt_pending_cmd *cmd;
28424707
JH		 3471 struct hci_conn *conn;
3472 int err;
3473
3474 BT_DBG("");
3475
28424707
JH		 3476 hci_dev_lock(hdev);
3477
5f97c1df 3478 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3479 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3480 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3481 goto unlock;
3482 }
3483
333ae95d 3484 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 3485 if (!cmd) {
a69e8375
JH		 3486 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3487 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3488 goto unlock;
3489 }
3490
3491 conn = cmd->user_data;
3492
3493 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3494 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3495 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3496 goto unlock;
3497 }
3498
a511b35b
JH		 3499 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3500 mgmt_pending_remove(cmd);
28424707 3501
2a1afb5a
JH		 3502 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3503 addr, sizeof(*addr));
28424707
JH		 3504unlock:
3505 hci_dev_unlock(hdev);
28424707
JH		 3506 return err;
3507}
3508
bdb6d971 3509static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3510 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3511 u16 hci_op, __le32 passkey)
a5c29683 3512{
3b0602cd 3513 struct mgmt_pending_cmd *cmd;
0df4c185 3514 struct hci_conn *conn;
a5c29683
JH		 3515 int err;
3516
09fd0de5 3517 hci_dev_lock(hdev);
08ba5382 3518
4b34ee78 3519 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3520 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3521 MGMT_STATUS_NOT_POWERED, addr,
3522 sizeof(*addr));
0df4c185 3523 goto done;
a5c29683
JH		 3524 }
3525
1707c60e
JH		 3526 if (addr->type == BDADDR_BREDR)
3527 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3528 else
1707c60e 3529 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3530
3531 if (!conn) {
2a1afb5a
JH		 3532 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3533 MGMT_STATUS_NOT_CONNECTED, addr,
3534 sizeof(*addr));
272d90df
JH		 3535 goto done;
3536 }
47c15e2b 3537
1707c60e 3538 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3539 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3540 if (!err)
2a1afb5a
JH		 3541 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3542 MGMT_STATUS_SUCCESS, addr,
3543 sizeof(*addr));
5fe57d9e 3544 else
2a1afb5a
JH		 3545 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3546 MGMT_STATUS_FAILED, addr,
3547 sizeof(*addr));
47c15e2b 3548
47c15e2b
BG		 3549 goto done;
3550 }
3551
1707c60e 3552 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3553 if (!cmd) {
3554 err = -ENOMEM;
0df4c185 3555 goto done;
a5c29683
JH		 3556 }
3557
7776d1d8
JH		 3558 cmd->cmd_complete = addr_cmd_complete;
3559
0df4c185 3560 /* Continue with pairing via HCI */
604086b7
BG		 3561 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3562 struct hci_cp_user_passkey_reply cp;
3563
1707c60e 3564 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3565 cp.passkey = passkey;
3566 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3567 } else
1707c60e
JH		 3568 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3569 &addr->bdaddr);
604086b7 3570
a664b5bc
JH		 3571 if (err < 0)
3572 mgmt_pending_remove(cmd);
a5c29683 3573
0df4c185 3574done:
09fd0de5 3575 hci_dev_unlock(hdev);
a5c29683
JH		 3576 return err;
3577}
3578
afeb019d
JK		 3579static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3580 void *data, u16 len)
3581{
3582 struct mgmt_cp_pin_code_neg_reply *cp = data;
3583
3584 BT_DBG("");
3585
1707c60e 3586 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3587 MGMT_OP_PIN_CODE_NEG_REPLY,
3588 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3589}
3590
04124681
GP		 3591static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3592 u16 len)
0df4c185 3593{
650f726d 3594 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3595
3596 BT_DBG("");
3597
3598 if (len != sizeof(*cp))
a69e8375
JH		 3599 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3600 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3601
1707c60e 3602 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3603 MGMT_OP_USER_CONFIRM_REPLY,
3604 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3605}
3606
bdb6d971 3607static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3608 void *data, u16 len)
0df4c185 3609{
c9c2659f 3610 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3611
3612 BT_DBG("");
3613
1707c60e 3614 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3615 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3616 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3617}
3618
04124681
GP		 3619static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3620 u16 len)
604086b7 3621{
650f726d 3622 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3623
3624 BT_DBG("");
3625
1707c60e 3626 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3627 MGMT_OP_USER_PASSKEY_REPLY,
3628 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3629}
3630
bdb6d971 3631static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3632 void *data, u16 len)
604086b7 3633{
650f726d 3634 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3635
3636 BT_DBG("");
3637
1707c60e 3638 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3639 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3640 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3641}
3642
13928971 3643static void update_name(struct hci_request *req)
2b4bf397 3644{
13928971 3645 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3646 struct hci_cp_write_local_name cp;
3647
13928971 3648 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3649
890ea898 3650 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3651}
3652
1904a853 3653static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3654{
3655 struct mgmt_cp_set_local_name *cp;
3b0602cd 3656 struct mgmt_pending_cmd *cmd;
13928971
JH		 3657
3658 BT_DBG("status 0x%02x", status);
3659
3660 hci_dev_lock(hdev);
3661
333ae95d 3662 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 3663 if (!cmd)
3664 goto unlock;
3665
3666 cp = cmd->param;
3667
3668 if (status)
a69e8375
JH		 3669 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3670 mgmt_status(status));
13928971 3671 else
2a1afb5a
JH		 3672 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3673 cp, sizeof(*cp));
13928971
JH		 3674
3675 mgmt_pending_remove(cmd);
3676
3677unlock:
3678 hci_dev_unlock(hdev);
3679}
3680
bdb6d971 3681static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3682 u16 len)
b312b161 3683{
2b4bf397 3684 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3685 struct mgmt_pending_cmd *cmd;
890ea898 3686 struct hci_request req;
b312b161
JH		 3687 int err;
3688
3689 BT_DBG("");
3690
09fd0de5 3691 hci_dev_lock(hdev);
b312b161 3692
b3f2ca94
JH		 3693 /* If the old values are the same as the new ones just return a
3694 * direct command complete event.
3695 */
3696 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3697 !memcmp(hdev->short_name, cp->short_name,
3698 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3699 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3700 data, len);
b3f2ca94
JH		 3701 goto failed;
3702 }
3703
2b4bf397 3704 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3705
b5235a65 3706 if (!hdev_is_powered(hdev)) {
2b4bf397 3707 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3708
2a1afb5a
JH		 3709 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3710 data, len);
28cc7bde
JH		 3711 if (err < 0)
3712 goto failed;
3713
f6b7712e
MH		 3714 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3715 data, len, sk);
28cc7bde 3716
b5235a65
JH		 3717 goto failed;
3718 }
3719
28cc7bde 3720 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3721 if (!cmd) {
3722 err = -ENOMEM;
3723 goto failed;
3724 }
3725
13928971
JH		 3726 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3727
890ea898 3728 hci_req_init(&req, hdev);
3f985050
JH		 3729
3730 if (lmp_bredr_capable(hdev)) {
3731 update_name(&req);
3732 update_eir(&req);
3733 }
3734
7a5f4990
MH		 3735 /* The name is stored in the scan response data and so
3736 * no need to udpate the advertising data here.
3737 */
3f985050 3738 if (lmp_le_capable(hdev))
7a5f4990 3739 update_scan_rsp_data(&req);
3f985050 3740
13928971 3741 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3742 if (err < 0)
3743 mgmt_pending_remove(cmd);
3744
3745failed:
09fd0de5 3746 hci_dev_unlock(hdev);
b312b161
JH		 3747 return err;
3748}
3749
0f4e68cf 3750static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3751 void *data, u16 data_len)
c35938b2 3752{
3b0602cd 3753 struct mgmt_pending_cmd *cmd;
c35938b2
SJ		 3754 int err;
3755
bdb6d971 3756 BT_DBG("%s", hdev->name);
c35938b2 3757
09fd0de5 3758 hci_dev_lock(hdev);
c35938b2 3759
4b34ee78 3760 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3761 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3762 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3763 goto unlock;
3764 }
3765
9a1a1996 3766 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3767 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3768 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3769 goto unlock;
3770 }
3771
333ae95d 3772 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3773 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3774 MGMT_STATUS_BUSY);
c35938b2
SJ		 3775 goto unlock;
3776 }
3777
2e58ef3e 3778 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3779 if (!cmd) {
3780 err = -ENOMEM;
3781 goto unlock;
3782 }
3783
710f11c0 3784 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3785 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3786 0, NULL);
3787 else
3788 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3789
c35938b2
SJ		 3790 if (err < 0)
3791 mgmt_pending_remove(cmd);
3792
3793unlock:
09fd0de5 3794 hci_dev_unlock(hdev);
c35938b2
SJ		 3795 return err;
3796}
3797
bdb6d971 3798static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3799 void *data, u16 len)
2763eda6 3800{
5d57e796 3801 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3802 int err;
3803
bdb6d971 3804 BT_DBG("%s ", hdev->name);
2763eda6 3805
5d57e796 3806 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3807 return mgmt_cmd_complete(sk, hdev->id,
3808 MGMT_OP_ADD_REMOTE_OOB_DATA,
3809 MGMT_STATUS_INVALID_PARAMS,
3810 addr, sizeof(*addr));
5d57e796 3811
09fd0de5 3812 hci_dev_lock(hdev);
2763eda6 3813
ec109113
MH		 3814 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3815 struct mgmt_cp_add_remote_oob_data *cp = data;
3816 u8 status;
bf1e3541 3817
c19a495c 3818 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3819 err = mgmt_cmd_complete(sk, hdev->id,
3820 MGMT_OP_ADD_REMOTE_OOB_DATA,
3821 MGMT_STATUS_INVALID_PARAMS,
3822 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3823 goto unlock;
3824 }
3825
ec109113 3826 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3827 cp->addr.type, cp->hash,
3828 cp->rand, NULL, NULL);
ec109113
MH		 3829 if (err < 0)
3830 status = MGMT_STATUS_FAILED;
3831 else
3832 status = MGMT_STATUS_SUCCESS;
3833
2a1afb5a
JH		 3834 err = mgmt_cmd_complete(sk, hdev->id,
3835 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3836 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3837 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3838 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3839 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3840 u8 status;
3841
86df9200 3842 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3843 /* Enforce zero-valued 192-bit parameters as
3844 * long as legacy SMP OOB isn't implemented.
3845 */
3846 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3847 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3848 err = mgmt_cmd_complete(sk, hdev->id,
3849 MGMT_OP_ADD_REMOTE_OOB_DATA,
3850 MGMT_STATUS_INVALID_PARAMS,
3851 addr, sizeof(*addr));
d25b78e2
JH		 3852 goto unlock;
3853 }
3854
86df9200
JH		 3855 rand192 = NULL;
3856 hash192 = NULL;
3857 } else {
41bcfd50
MH		 3858 /* In case one of the P-192 values is set to zero,
3859 * then just disable OOB data for P-192.
3860 */
3861 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3862 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3863 rand192 = NULL;
3864 hash192 = NULL;
3865 } else {
3866 rand192 = cp->rand192;
3867 hash192 = cp->hash192;
3868 }
3869 }
3870
3871 /* In case one of the P-256 values is set to zero, then just
3872 * disable OOB data for P-256.
3873 */
3874 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3875 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3876 rand256 = NULL;
3877 hash256 = NULL;
3878 } else {
3879 rand256 = cp->rand256;
3880 hash256 = cp->hash256;
86df9200
JH		 3881 }
3882
81328d5c 3883 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3884 cp->addr.type, hash192, rand192,
41bcfd50 3885 hash256, rand256);
ec109113
MH		 3886 if (err < 0)
3887 status = MGMT_STATUS_FAILED;
3888 else
3889 status = MGMT_STATUS_SUCCESS;
3890
2a1afb5a
JH		 3891 err = mgmt_cmd_complete(sk, hdev->id,
3892 MGMT_OP_ADD_REMOTE_OOB_DATA,
3893 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3894 } else {
3895 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3896 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3897 MGMT_STATUS_INVALID_PARAMS);
ec109113 3898 }
2763eda6 3899
c19a495c 3900unlock:
09fd0de5 3901 hci_dev_unlock(hdev);
2763eda6
SJ		 3902 return err;
3903}
3904
bdb6d971 3905static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3906 void *data, u16 len)
2763eda6 3907{
650f726d 3908 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3909 u8 status;
2763eda6
SJ		 3910 int err;
3911
bdb6d971 3912 BT_DBG("%s", hdev->name);
2763eda6 3913
c19a495c 3914 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3915 return mgmt_cmd_complete(sk, hdev->id,
3916 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3917 MGMT_STATUS_INVALID_PARAMS,
3918 &cp->addr, sizeof(cp->addr));
c19a495c 3919
09fd0de5 3920 hci_dev_lock(hdev);
2763eda6 3921
eedbd581
JH		 3922 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3923 hci_remote_oob_data_clear(hdev);
3924 status = MGMT_STATUS_SUCCESS;
3925 goto done;
3926 }
3927
6928a924 3928 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3929 if (err < 0)
bf1e3541 3930 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3931 else
a6785be2 3932 status = MGMT_STATUS_SUCCESS;
bf1e3541 3933
eedbd581 3934done:
2a1afb5a
JH		 3935 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3936 status, &cp->addr, sizeof(cp->addr));
2763eda6 3937
09fd0de5 3938 hci_dev_unlock(hdev);
2763eda6
SJ		 3939 return err;
3940}
3941
812abb13 3942static bool trigger_bredr_inquiry(struct hci_request *req, u8 *status)
41dc2bd6 3943{
8019044d 3944 struct hci_dev *hdev = req->hdev;
812abb13 3945 struct hci_cp_inquiry cp;
8019044d
MH		 3946 /* General inquiry access code (GIAC) */
3947 u8 lap[3] = { 0x33, 0x8b, 0x9e };
812abb13
JP		 3948
3949 *status = mgmt_bredr_support(hdev);
3950 if (*status)
3951 return false;
3952
3953 if (hci_dev_test_flag(hdev, HCI_INQUIRY)) {
3954 *status = MGMT_STATUS_BUSY;
3955 return false;
3956 }
3957
3958 hci_inquiry_cache_flush(hdev);
3959
3960 memset(&cp, 0, sizeof(cp));
3961 memcpy(&cp.lap, lap, sizeof(cp.lap));
3962 cp.length = DISCOV_BREDR_INQUIRY_LEN;
3963
3964 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
3965
3966 return true;
3967}
3968
3969static bool trigger_le_scan(struct hci_request *req, u16 interval, u8 *status)
3970{
3971 struct hci_dev *hdev = req->hdev;
3972 struct hci_cp_le_set_scan_param param_cp;
3973 struct hci_cp_le_set_scan_enable enable_cp;
8019044d 3974 u8 own_addr_type;
41dc2bd6
AG		 3975 int err;
3976
812abb13
JP		 3977 *status = mgmt_le_support(hdev);
3978 if (*status)
3979 return false;
41dc2bd6 3980
812abb13
JP		 3981 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
3982 /* Don't let discovery abort an outgoing connection attempt
3983 * that's using directed advertising.
3984 */
3985 if (hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) {
3986 *status = MGMT_STATUS_REJECTED;
8019044d
MH		 3987 return false;
3988 }
41dc2bd6 3989
812abb13
JP		 3990 disable_advertising(req);
3991 }
41dc2bd6 3992
812abb13
JP		 3993 /* If controller is scanning, it means the background scanning is
3994 * running. Thus, we should temporarily stop it in order to set the
3995 * discovery scanning parameters.
3996 */
3997 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
3998 hci_req_add_le_scan_disable(req);
41dc2bd6 3999
812abb13
JP		 4000 /* All active scans will be done with either a resolvable private
4001 * address (when privacy feature has been enabled) or non-resolvable
4002 * private address.
4003 */
4004 err = hci_update_random_address(req, true, &own_addr_type);
4005 if (err < 0) {
4006 *status = MGMT_STATUS_FAILED;
4007 return false;
4008 }
8019044d 4009
812abb13
JP		 4010 memset(&param_cp, 0, sizeof(param_cp));
4011 param_cp.type = LE_SCAN_ACTIVE;
4012 param_cp.interval = cpu_to_le16(interval);
4013 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
4014 param_cp.own_address_type = own_addr_type;
8019044d 4015
812abb13
JP		 4016 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
4017 &param_cp);
8019044d 4018
812abb13
JP		 4019 memset(&enable_cp, 0, sizeof(enable_cp));
4020 enable_cp.enable = LE_SCAN_ENABLE;
4021 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
8019044d 4022
812abb13
JP		 4023 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
4024 &enable_cp);
4025
4026 return true;
4027}
8019044d 4028
812abb13
JP		 4029static bool trigger_discovery(struct hci_request *req, u8 *status)
4030{
4031 struct hci_dev *hdev = req->hdev;
8019044d 4032
812abb13
JP		 4033 switch (hdev->discovery.type) {
4034 case DISCOV_TYPE_BREDR:
4035 if (!trigger_bredr_inquiry(req, status))
4036 return false;
4037 break;
4038
4039 case DISCOV_TYPE_INTERLEAVED:
07d2334a
JP		 4040 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
4041 &hdev->quirks)) {
4042 /* During simultaneous discovery, we double LE scan
4043 * interval. We must leave some time for the controller
4044 * to do BR/EDR inquiry.
4045 */
4046 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT * 2,
4047 status))
4048 return false;
4049
4050 if (!trigger_bredr_inquiry(req, status))
4051 return false;
4052
4053 return true;
4054 }
4055
812abb13
JP		 4056 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4057 *status = MGMT_STATUS_NOT_SUPPORTED;
8019044d
MH		 4058 return false;
4059 }
812abb13 4060 /* fall through */
8019044d 4061
812abb13
JP		 4062 case DISCOV_TYPE_LE:
4063 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT, status))
4064 return false;
8019044d
MH		 4065 break;
4066
4067 default:
4068 *status = MGMT_STATUS_INVALID_PARAMS;
4069 return false;
4070 }
4071
4072 return true;
41dc2bd6
AG		 4073}
4074
1904a853
MH		 4075static void start_discovery_complete(struct hci_dev *hdev, u8 status,
4076 u16 opcode)
7c307720 4077{
3b0602cd 4078 struct mgmt_pending_cmd *cmd;
11e6e25d 4079 unsigned long timeout;
ae55f598 4080
7c307720
AG		 4081 BT_DBG("status %d", status);
4082
11e6e25d 4083 hci_dev_lock(hdev);
41dc2bd6 4084
333ae95d 4085 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 4086 if (!cmd)
333ae95d 4087 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 4088
11e6e25d 4089 if (cmd) {
2922a94f 4090 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 4091 mgmt_pending_remove(cmd);
4092 }
7c307720
AG		 4093
4094 if (status) {
11e6e25d
MH		 4095 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4096 goto unlock;
7c307720
AG		 4097 }
4098
7c307720 4099 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720 4100
2d28cfe7
JP		 4101 /* If the scan involves LE scan, pick proper timeout to schedule
4102 * hdev->le_scan_disable that will stop it.
4103 */
7c307720
AG		 4104 switch (hdev->discovery.type) {
4105 case DISCOV_TYPE_LE:
3d5a76f0 4106 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 4107 break;
7c307720 4108 case DISCOV_TYPE_INTERLEAVED:
07d2334a
JP		 4109 /* When running simultaneous discovery, the LE scanning time
4110 * should occupy the whole discovery time sine BR/EDR inquiry
4111 * and LE scanning are scheduled by the controller.
4112 *
4113 * For interleaving discovery in comparison, BR/EDR inquiry
4114 * and LE scanning are done sequentially with separate
4115 * timeouts.
4116 */
4117 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
4118 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4119 else
4120 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 4121 break;
7c307720 4122 case DISCOV_TYPE_BREDR:
11e6e25d 4123 timeout = 0;
7c307720 4124 break;
7c307720
AG		 4125 default:
4126 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 4127 timeout = 0;
4128 break;
7c307720 4129 }
ae55f598 4130
2d28cfe7
JP		 4131 if (timeout) {
4132 /* When service discovery is used and the controller has
4133 * a strict duplicate filter, it is important to remember
4134 * the start and duration of the scan. This is required
4135 * for restarting scanning during the discovery phase.
4136 */
4137 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
4138 &hdev->quirks) &&
82f8b651 4139 hdev->discovery.result_filtering) {
2d28cfe7
JP		 4140 hdev->discovery.scan_start = jiffies;
4141 hdev->discovery.scan_duration = timeout;
4142 }
4143
11e6e25d
MH		 4144 queue_delayed_work(hdev->workqueue,
4145 &hdev->le_scan_disable, timeout);
2d28cfe7 4146 }
ae55f598 4147
11e6e25d
MH		 4148unlock:
4149 hci_dev_unlock(hdev);
7c307720
AG		 4150}
4151
bdb6d971 4152static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 4153 void *data, u16 len)
14a53664 4154{
650f726d 4155 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 4156 struct mgmt_pending_cmd *cmd;
7c307720 4157 struct hci_request req;
8019044d 4158 u8 status;
14a53664
JH		 4159 int err;
4160
bdb6d971 4161 BT_DBG("%s", hdev->name);
14a53664 4162
09fd0de5 4163 hci_dev_lock(hdev);
14a53664 4164
4b34ee78 4165 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4166 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4167 MGMT_STATUS_NOT_POWERED,
4168 &cp->type, sizeof(cp->type));
bd2d1334
JH		 4169 goto failed;
4170 }
4171
f5a969f2 4172 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4173 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4174 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4175 MGMT_STATUS_BUSY, &cp->type,
4176 sizeof(cp->type));
642be6c7
AG		 4177 goto failed;
4178 }
4179
2922a94f 4180 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 4181 if (!cmd) {
4182 err = -ENOMEM;
4183 goto failed;
4184 }
4185
2922a94f
JH		 4186 cmd->cmd_complete = generic_cmd_complete;
4187
22078800
MH		 4188 /* Clear the discovery filter first to free any previously
4189 * allocated memory for the UUID list.
4190 */
4191 hci_discovery_filter_clear(hdev);
4192
4aab14e5 4193 hdev->discovery.type = cp->type;
da25cf6a 4194 hdev->discovery.report_invalid_rssi = false;
4aab14e5 4195
7c307720
AG		 4196 hci_req_init(&req, hdev);
4197
8019044d 4198 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4199 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4200 status, &cp->type, sizeof(cp->type));
04106755
JH		 4201 mgmt_pending_remove(cmd);
4202 goto failed;
f39799f5 4203 }
04106755 4204
7c307720 4205 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 4206 if (err < 0) {
14a53664 4207 mgmt_pending_remove(cmd);
f5a969f2
MH		 4208 goto failed;
4209 }
7c307720 4210
f5a969f2 4211 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 4212
14a53664 4213failed:
09fd0de5 4214 hci_dev_unlock(hdev);
14a53664
JH		 4215 return err;
4216}
f39799f5 4217
3b0602cd
JH		 4218static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4219 u8 status)
2922a94f 4220{
2a1afb5a
JH		 4221 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4222 cmd->param, 1);
2922a94f 4223}
04106755 4224
66ea9427
JP		 4225static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4226 void *data, u16 len)
4227{
4228 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 4229 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 4230 struct hci_request req;
4231 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4232 u16 uuid_count, expected_len;
4233 u8 status;
4234 int err;
04106755 4235
66ea9427 4236 BT_DBG("%s", hdev->name);
e8bb6b97 4237
66ea9427 4238 hci_dev_lock(hdev);
7c307720 4239
66ea9427 4240 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4241 err = mgmt_cmd_complete(sk, hdev->id,
4242 MGMT_OP_START_SERVICE_DISCOVERY,
4243 MGMT_STATUS_NOT_POWERED,
4244 &cp->type, sizeof(cp->type));
66ea9427
JP		 4245 goto failed;
4246 }
7c307720 4247
66ea9427 4248 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4249 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4250 err = mgmt_cmd_complete(sk, hdev->id,
4251 MGMT_OP_START_SERVICE_DISCOVERY,
4252 MGMT_STATUS_BUSY, &cp->type,
4253 sizeof(cp->type));
66ea9427
JP		 4254 goto failed;
4255 }
d9483943 4256
66ea9427
JP		 4257 uuid_count = __le16_to_cpu(cp->uuid_count);
4258 if (uuid_count > max_uuid_count) {
4259 BT_ERR("service_discovery: too big uuid_count value %u",
4260 uuid_count);
2a1afb5a
JH		 4261 err = mgmt_cmd_complete(sk, hdev->id,
4262 MGMT_OP_START_SERVICE_DISCOVERY,
4263 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4264 sizeof(cp->type));
66ea9427
JP		 4265 goto failed;
4266 }
4267
4268 expected_len = sizeof(*cp) + uuid_count * 16;
4269 if (expected_len != len) {
4270 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4271 expected_len, len);
2a1afb5a
JH		 4272 err = mgmt_cmd_complete(sk, hdev->id,
4273 MGMT_OP_START_SERVICE_DISCOVERY,
4274 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4275 sizeof(cp->type));
66ea9427
JP		 4276 goto failed;
4277 }
4278
4279 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4280 hdev, data, len);
66ea9427
JP		 4281 if (!cmd) {
4282 err = -ENOMEM;
4283 goto failed;
4284 }
4285
2922a94f
JH		 4286 cmd->cmd_complete = service_discovery_cmd_complete;
4287
22078800
MH		 4288 /* Clear the discovery filter first to free any previously
4289 * allocated memory for the UUID list.
4290 */
4291 hci_discovery_filter_clear(hdev);
4292
82f8b651 4293 hdev->discovery.result_filtering = true;
66ea9427
JP		 4294 hdev->discovery.type = cp->type;
4295 hdev->discovery.rssi = cp->rssi;
4296 hdev->discovery.uuid_count = uuid_count;
4297
4298 if (uuid_count > 0) {
4299 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4300 GFP_KERNEL);
4301 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4302 err = mgmt_cmd_complete(sk, hdev->id,
4303 MGMT_OP_START_SERVICE_DISCOVERY,
4304 MGMT_STATUS_FAILED,
4305 &cp->type, sizeof(cp->type));
d9483943
JH		 4306 mgmt_pending_remove(cmd);
4307 goto failed;
4308 }
66ea9427 4309 }
d9483943 4310
66ea9427 4311 hci_req_init(&req, hdev);
5e0452c0 4312
66ea9427 4313 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4314 err = mgmt_cmd_complete(sk, hdev->id,
4315 MGMT_OP_START_SERVICE_DISCOVERY,
4316 status, &cp->type, sizeof(cp->type));
04106755
JH		 4317 mgmt_pending_remove(cmd);
4318 goto failed;
f39799f5 4319 }
3fd24153 4320
7c307720 4321 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4322 if (err < 0) {
14a53664 4323 mgmt_pending_remove(cmd);
66ea9427
JP		 4324 goto failed;
4325 }
4326
4327 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4328
4329failed:
09fd0de5 4330 hci_dev_unlock(hdev);
14a53664
JH		 4331 return err;
4332}
4333
1904a853 4334static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1183fdca 4335{
3b0602cd 4336 struct mgmt_pending_cmd *cmd;
1183fdca 4337
0e05bba6
AG		 4338 BT_DBG("status %d", status);
4339
4340 hci_dev_lock(hdev);
4341
333ae95d 4342 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 4343 if (cmd) {
2922a94f 4344 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4345 mgmt_pending_remove(cmd);
0e05bba6
AG		 4346 }
4347
11e6e25d
MH		 4348 if (!status)
4349 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4350
0e05bba6
AG		 4351 hci_dev_unlock(hdev);
4352}
4353
bdb6d971 4354static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4355 u16 len)
14a53664 4356{
d930650b 4357 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4358 struct mgmt_pending_cmd *cmd;
0e05bba6 4359 struct hci_request req;
14a53664
JH		 4360 int err;
4361
bdb6d971 4362 BT_DBG("%s", hdev->name);
14a53664 4363
09fd0de5 4364 hci_dev_lock(hdev);
14a53664 4365
30dc78e1 4366 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4367 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4368 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4369 sizeof(mgmt_cp->type));
d930650b
JH		 4370 goto unlock;
4371 }
4372
4373 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4374 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4375 MGMT_STATUS_INVALID_PARAMS,
4376 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4377 goto unlock;
ff9ef578
JH		 4378 }
4379
2922a94f 4380 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4381 if (!cmd) {
4382 err = -ENOMEM;
30dc78e1
JH		 4383 goto unlock;
4384 }
4385
2922a94f
JH		 4386 cmd->cmd_complete = generic_cmd_complete;
4387
0e05bba6
AG		 4388 hci_req_init(&req, hdev);
4389
21a60d30 4390 hci_stop_discovery(&req);
e0d9727e 4391
21a60d30
JH		 4392 err = hci_req_run(&req, stop_discovery_complete);
4393 if (!err) {
4394 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4395 goto unlock;
14a53664
JH		 4396 }
4397
21a60d30
JH		 4398 mgmt_pending_remove(cmd);
4399
4400 /* If no HCI commands were sent we're done */
4401 if (err == -ENODATA) {
2a1afb5a
JH		 4402 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4403 &mgmt_cp->type, sizeof(mgmt_cp->type));
21a60d30
JH		 4404 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4405 }
14a53664 4406
30dc78e1 4407unlock:
09fd0de5 4408 hci_dev_unlock(hdev);
14a53664
JH		 4409 return err;
4410}
4411
bdb6d971 4412static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4413 u16 len)
561aafbc 4414{
650f726d 4415 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4416 struct inquiry_entry *e;
561aafbc
JH		 4417 int err;
4418
bdb6d971 4419 BT_DBG("%s", hdev->name);
561aafbc 4420
561aafbc
JH		 4421 hci_dev_lock(hdev);
4422
30dc78e1 4423 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4424 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4425 MGMT_STATUS_FAILED, &cp->addr,
4426 sizeof(cp->addr));
30dc78e1
JH		 4427 goto failed;
4428 }
4429
a198e7b1 4430 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4431 if (!e) {
2a1afb5a
JH		 4432 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4433 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4434 sizeof(cp->addr));
561aafbc
JH		 4435 goto failed;
4436 }
4437
4438 if (cp->name_known) {
4439 e->name_state = NAME_KNOWN;
4440 list_del(&e->list);
4441 } else {
4442 e->name_state = NAME_NEEDED;
a3d4e20a 4443 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4444 }
4445
2a1afb5a
JH		 4446 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4447 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4448
4449failed:
4450 hci_dev_unlock(hdev);
561aafbc
JH		 4451 return err;
4452}
4453
bdb6d971 4454static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4455 u16 len)
7fbec224 4456{
650f726d 4457 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4458 u8 status;
7fbec224
AJ		 4459 int err;
4460
bdb6d971 4461 BT_DBG("%s", hdev->name);
7fbec224 4462
4ee71b20 4463 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4464 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4465 MGMT_STATUS_INVALID_PARAMS,
4466 &cp->addr, sizeof(cp->addr));
4ee71b20 4467
09fd0de5 4468 hci_dev_lock(hdev);
5e762444 4469
dcc36c16
JH		 4470 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4471 cp->addr.type);
2a8357f2 4472 if (err < 0) {
f0eeea8b 4473 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4474 goto done;
4475 }
4476
4477 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4478 sk);
4479 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4480
2a8357f2 4481done:
2a1afb5a
JH		 4482 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4483 &cp->addr, sizeof(cp->addr));
5e762444 4484
09fd0de5 4485 hci_dev_unlock(hdev);
7fbec224
AJ		 4486
4487 return err;
4488}
4489
bdb6d971 4490static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4491 u16 len)
7fbec224 4492{
650f726d 4493 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4494 u8 status;
7fbec224
AJ		 4495 int err;
4496
bdb6d971 4497 BT_DBG("%s", hdev->name);
7fbec224 4498
4ee71b20 4499 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4500 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4501 MGMT_STATUS_INVALID_PARAMS,
4502 &cp->addr, sizeof(cp->addr));
4ee71b20 4503
09fd0de5 4504 hci_dev_lock(hdev);
5e762444 4505
dcc36c16
JH		 4506 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4507 cp->addr.type);
2a8357f2 4508 if (err < 0) {
f0eeea8b 4509 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4510 goto done;
4511 }
4512
4513 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4514 sk);
4515 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4516
2a8357f2 4517done:
2a1afb5a
JH		 4518 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4519 &cp->addr, sizeof(cp->addr));
5e762444 4520
09fd0de5 4521 hci_dev_unlock(hdev);
7fbec224
AJ		 4522
4523 return err;
4524}
4525
cdbaccca
MH		 4526static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4527 u16 len)
4528{
4529 struct mgmt_cp_set_device_id *cp = data;
890ea898 4530 struct hci_request req;
cdbaccca 4531 int err;
c72d4b8a 4532 __u16 source;
cdbaccca
MH		 4533
4534 BT_DBG("%s", hdev->name);
4535
c72d4b8a
SJ		 4536 source = __le16_to_cpu(cp->source);
4537
4538 if (source > 0x0002)
a69e8375
JH		 4539 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4540 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4541
cdbaccca
MH		 4542 hci_dev_lock(hdev);
4543
c72d4b8a 4544 hdev->devid_source = source;
cdbaccca
MH		 4545 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4546 hdev->devid_product = __le16_to_cpu(cp->product);
4547 hdev->devid_version = __le16_to_cpu(cp->version);
4548
2a1afb5a
JH		 4549 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4550 NULL, 0);
cdbaccca 4551
890ea898
JH		 4552 hci_req_init(&req, hdev);
4553 update_eir(&req);
4554 hci_req_run(&req, NULL);
cdbaccca
MH		 4555
4556 hci_dev_unlock(hdev);
4557
4558 return err;
4559}
4560
24b4f38f
AU		 4561static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4562 u16 opcode)
4563{
4564 BT_DBG("status %d", status);
4565}
4566
1904a853
MH		 4567static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4568 u16 opcode)
4375f103
JH		 4569{
4570 struct cmd_lookup match = { NULL, hdev };
24b4f38f 4571 struct hci_request req;
4375f103 4572
3ad67582
JK		 4573 hci_dev_lock(hdev);
4574
4375f103
JH		 4575 if (status) {
4576 u8 mgmt_err = mgmt_status(status);
4577
4578 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4579 cmd_status_rsp, &mgmt_err);
3ad67582 4580 goto unlock;
4375f103
JH		 4581 }
4582
d7a5a11d 4583 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 4584 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 4585 else
a358dc11 4586 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 4587
4375f103
JH		 4588 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4589 &match);
4590
4591 new_settings(hdev, match.sk);
4592
4593 if (match.sk)
4594 sock_put(match.sk);
3ad67582 4595
24b4f38f
AU		 4596 /* If "Set Advertising" was just disabled and instance advertising was
4597 * set up earlier, then enable the advertising instance.
4598 */
4599 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4600 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
4601 goto unlock;
4602
4603 hci_req_init(&req, hdev);
4604
4605 update_adv_data(&req);
4606 enable_advertising(&req);
4607
4608 if (hci_req_run(&req, enable_advertising_instance) < 0)
4609 BT_ERR("Failed to re-configure advertising");
4610
3ad67582
JK		 4611unlock:
4612 hci_dev_unlock(hdev);
4375f103
JH		 4613}
4614
21b5187f
MH		 4615static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4616 u16 len)
4375f103
JH		 4617{
4618 struct mgmt_mode *cp = data;
3b0602cd 4619 struct mgmt_pending_cmd *cmd;
4375f103 4620 struct hci_request req;
cc91cb04 4621 u8 val, status;
4375f103
JH		 4622 int err;
4623
4624 BT_DBG("request for %s", hdev->name);
4625
e6fe7986
JH		 4626 status = mgmt_le_support(hdev);
4627 if (status)
a69e8375
JH		 4628 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4629 status);
4375f103 4630
cc91cb04 4631 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4632 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4633 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4634
4635 hci_dev_lock(hdev);
4636
4637 val = !!cp->val;
4375f103 4638
f74ca9b8
JH		 4639 /* The following conditions are ones which mean that we should
4640 * not do any HCI communication but directly send a mgmt
4641 * response to user space (after toggling the flag if
4642 * necessary).
4643 */
cc91cb04 4644 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 4645 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4646 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 4647 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 4648 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 4649 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 4650 bool changed;
4375f103 4651
cc91cb04 4652 if (cp->val) {
238be788 4653 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 4654 if (cp->val == 0x02)
a1536da2 4655 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4656 else
a358dc11 4657 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4658 } else {
a69d8927 4659 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 4660 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 4661 }
4662
4663 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4664 if (err < 0)
4665 goto unlock;
4666
4667 if (changed)
4668 err = new_settings(hdev, sk);
4669
4670 goto unlock;
4671 }
4672
333ae95d
JH		 4673 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4674 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4675 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4676 MGMT_STATUS_BUSY);
4375f103
JH		 4677 goto unlock;
4678 }
4679
4680 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4681 if (!cmd) {
4682 err = -ENOMEM;
4683 goto unlock;
4684 }
4685
4686 hci_req_init(&req, hdev);
4687
cc91cb04 4688 if (cp->val == 0x02)
a1536da2 4689 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4690 else
a358dc11 4691 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4692
24b4f38f
AU		 4693 if (val) {
4694 /* Switch to instance "0" for the Set Advertising setting. */
4695 update_adv_data_for_instance(&req, 0);
4117ed70 4696 update_scan_rsp_data_for_instance(&req, 0);
bba3aa55 4697 enable_advertising(&req);
24b4f38f 4698 } else {
bba3aa55 4699 disable_advertising(&req);
24b4f38f 4700 }
4375f103
JH		 4701
4702 err = hci_req_run(&req, set_advertising_complete);
4703 if (err < 0)
4704 mgmt_pending_remove(cmd);
4705
4706unlock:
4707 hci_dev_unlock(hdev);
4708 return err;
4709}
4710
d13eafce
MH		 4711static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4712 void *data, u16 len)
4713{
4714 struct mgmt_cp_set_static_address *cp = data;
4715 int err;
4716
4717 BT_DBG("%s", hdev->name);
4718
62af4443 4719 if (!lmp_le_capable(hdev))
a69e8375
JH		 4720 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4721 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4722
4723 if (hdev_is_powered(hdev))
a69e8375
JH		 4724 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4725 MGMT_STATUS_REJECTED);
d13eafce
MH		 4726
4727 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4728 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4729 return mgmt_cmd_status(sk, hdev->id,
4730 MGMT_OP_SET_STATIC_ADDRESS,
4731 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4732
4733 /* Two most significant bits shall be set */
4734 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4735 return mgmt_cmd_status(sk, hdev->id,
4736 MGMT_OP_SET_STATIC_ADDRESS,
4737 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4738 }
4739
4740 hci_dev_lock(hdev);
4741
4742 bacpy(&hdev->static_addr, &cp->bdaddr);
4743
93690c22
MH		 4744 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4745 if (err < 0)
4746 goto unlock;
4747
4748 err = new_settings(hdev, sk);
d13eafce 4749
93690c22 4750unlock:
d13eafce 4751 hci_dev_unlock(hdev);
d13eafce
MH		 4752 return err;
4753}
4754
14b49b9a
MH		 4755static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4756 void *data, u16 len)
4757{
4758 struct mgmt_cp_set_scan_params *cp = data;
4759 __u16 interval, window;
4760 int err;
4761
4762 BT_DBG("%s", hdev->name);
4763
4764 if (!lmp_le_capable(hdev))
a69e8375
JH		 4765 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4766 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4767
4768 interval = __le16_to_cpu(cp->interval);
4769
4770 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4771 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4772 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4773
4774 window = __le16_to_cpu(cp->window);
4775
4776 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4777 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4778 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4779
899e1075 4780 if (window > interval)
a69e8375
JH		 4781 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4782 MGMT_STATUS_INVALID_PARAMS);
899e1075 4783
14b49b9a
MH		 4784 hci_dev_lock(hdev);
4785
4786 hdev->le_scan_interval = interval;
4787 hdev->le_scan_window = window;
4788
2a1afb5a
JH		 4789 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4790 NULL, 0);
14b49b9a 4791
dd2ef8e2
AG		 4792 /* If background scan is running, restart it so new parameters are
4793 * loaded.
4794 */
d7a5a11d 4795 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4796 hdev->discovery.state == DISCOVERY_STOPPED) {
4797 struct hci_request req;
4798
4799 hci_req_init(&req, hdev);
4800
4801 hci_req_add_le_scan_disable(&req);
4802 hci_req_add_le_passive_scan(&req);
4803
4804 hci_req_run(&req, NULL);
4805 }
4806
14b49b9a
MH		 4807 hci_dev_unlock(hdev);
4808
4809 return err;
4810}
4811
1904a853
MH		 4812static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4813 u16 opcode)
33e38b3e 4814{
3b0602cd 4815 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4816
4817 BT_DBG("status 0x%02x", status);
4818
4819 hci_dev_lock(hdev);
4820
333ae95d 4821 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
33e38b3e
JH		 4822 if (!cmd)
4823 goto unlock;
4824
4825 if (status) {
a69e8375
JH		 4826 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4827 mgmt_status(status));
33e38b3e 4828 } else {
1a4d3c4b
JH		 4829 struct mgmt_mode *cp = cmd->param;
4830
4831 if (cp->val)
a1536da2 4832 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4833 else
a358dc11 4834 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4835
33e38b3e
JH		 4836 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4837 new_settings(hdev, cmd->sk);
4838 }
4839
4840 mgmt_pending_remove(cmd);
4841
4842unlock:
4843 hci_dev_unlock(hdev);
4844}
4845
bdb6d971 4846static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4847 void *data, u16 len)
f6422ec6 4848{
650f726d 4849 struct mgmt_mode *cp = data;
3b0602cd 4850 struct mgmt_pending_cmd *cmd;
33e38b3e 4851 struct hci_request req;
f6422ec6
AJ		 4852 int err;
4853
bdb6d971 4854 BT_DBG("%s", hdev->name);
f6422ec6 4855
d7a5a11d 4856 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4857 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4858 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4859 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4860
a7e80f25 4861 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4862 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4863 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4864
f6422ec6
AJ		 4865 hci_dev_lock(hdev);
4866
333ae95d 4867 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4868 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4869 MGMT_STATUS_BUSY);
05cbf29f
JH		 4870 goto unlock;
4871 }
4872
d7a5a11d 4873 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4874 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4875 hdev);
4876 goto unlock;
4877 }
4878
406ef2a6 4879 if (!hdev_is_powered(hdev)) {
ce05d603 4880 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4881 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4882 hdev);
4883 new_settings(hdev, sk);
4884 goto unlock;
4885 }
4886
33e38b3e
JH		 4887 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4888 data, len);
4889 if (!cmd) {
4890 err = -ENOMEM;
4891 goto unlock;
f6422ec6
AJ		 4892 }
4893
33e38b3e
JH		 4894 hci_req_init(&req, hdev);
4895
406d7804 4896 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4897
4898 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4899 if (err < 0) {
a69e8375
JH		 4900 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4901 MGMT_STATUS_FAILED);
33e38b3e 4902 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4903 }
4904
33e38b3e 4905unlock:
f6422ec6 4906 hci_dev_unlock(hdev);
33e38b3e 4907
f6422ec6
AJ		 4908 return err;
4909}
4910
1904a853 4911static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4912{
3b0602cd 4913 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4914
4915 BT_DBG("status 0x%02x", status);
4916
4917 hci_dev_lock(hdev);
4918
333ae95d 4919 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
0663ca2a
JH		 4920 if (!cmd)
4921 goto unlock;
4922
4923 if (status) {
4924 u8 mgmt_err = mgmt_status(status);
4925
4926 /* We need to restore the flag if related HCI commands
4927 * failed.
4928 */
a358dc11 4929 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4930
a69e8375 4931 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4932 } else {
4933 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4934 new_settings(hdev, cmd->sk);
4935 }
4936
4937 mgmt_pending_remove(cmd);
4938
4939unlock:
4940 hci_dev_unlock(hdev);
4941}
4942
4943static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4944{
4945 struct mgmt_mode *cp = data;
3b0602cd 4946 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4947 struct hci_request req;
4948 int err;
4949
4950 BT_DBG("request for %s", hdev->name);
4951
4952 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4953 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4954 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4955
d7a5a11d 4956 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4957 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4958 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4959
4960 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4961 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4962 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4963
4964 hci_dev_lock(hdev);
4965
d7a5a11d 4966 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4967 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4968 goto unlock;
4969 }
4970
4971 if (!hdev_is_powered(hdev)) {
4972 if (!cp->val) {
a358dc11
MH		 4973 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4974 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4975 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4976 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4977 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4978 }
4979
ce05d603 4980 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4981
4982 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4983 if (err < 0)
4984 goto unlock;
4985
4986 err = new_settings(hdev, sk);
4987 goto unlock;
4988 }
4989
4990 /* Reject disabling when powered on */
4991 if (!cp->val) {
a69e8375
JH		 4992 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4993 MGMT_STATUS_REJECTED);
0663ca2a 4994 goto unlock;
111e4bcc
MH		 4995 } else {
4996 /* When configuring a dual-mode controller to operate
4997 * with LE only and using a static address, then switching
4998 * BR/EDR back on is not allowed.
4999 *
5000 * Dual-mode controllers shall operate with the public
5001 * address as its identity address for BR/EDR and LE. So
5002 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 5003 *
5004 * The same restrictions applies when secure connections
5005 * has been enabled. For BR/EDR this is a controller feature
5006 * while for LE it is a host stack feature. This means that
5007 * switching BR/EDR back on when secure connections has been
5008 * enabled is not a supported transaction.
111e4bcc 5009 */
d7a5a11d 5010 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 5011 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 5012 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 5013 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5014 MGMT_STATUS_REJECTED);
111e4bcc
MH		 5015 goto unlock;
5016 }
0663ca2a
JH		 5017 }
5018
333ae95d 5019 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 5020 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5021 MGMT_STATUS_BUSY);
0663ca2a
JH		 5022 goto unlock;
5023 }
5024
5025 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5026 if (!cmd) {
5027 err = -ENOMEM;
5028 goto unlock;
5029 }
5030
5947f4bc 5031 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 5032 * generates the correct flags.
5033 */
a1536da2 5034 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 5035
5036 hci_req_init(&req, hdev);
aa8af46e 5037
432df05e 5038 write_fast_connectable(&req, false);
1d2dc5b7 5039 __hci_update_page_scan(&req);
aa8af46e 5040
f14d8f64
MH		 5041 /* Since only the advertising data flags will change, there
5042 * is no need to update the scan response data.
5043 */
5947f4bc 5044 update_adv_data(&req);
aa8af46e 5045
0663ca2a
JH		 5046 err = hci_req_run(&req, set_bredr_complete);
5047 if (err < 0)
5048 mgmt_pending_remove(cmd);
5049
5050unlock:
5051 hci_dev_unlock(hdev);
5052 return err;
5053}
5054
a1443f5a
JH		 5055static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5056{
3b0602cd 5057 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 5058 struct mgmt_mode *cp;
5059
5060 BT_DBG("%s status %u", hdev->name, status);
5061
5062 hci_dev_lock(hdev);
5063
333ae95d 5064 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
a1443f5a
JH		 5065 if (!cmd)
5066 goto unlock;
5067
5068 if (status) {
a69e8375
JH		 5069 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5070 mgmt_status(status));
a1443f5a
JH		 5071 goto remove;
5072 }
5073
5074 cp = cmd->param;
5075
5076 switch (cp->val) {
5077 case 0x00:
a358dc11
MH		 5078 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5079 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5080 break;
5081 case 0x01:
a1536da2 5082 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 5083 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5084 break;
5085 case 0x02:
a1536da2
MH		 5086 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5087 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5088 break;
5089 }
5090
5091 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5092 new_settings(hdev, cmd->sk);
5093
5094remove:
5095 mgmt_pending_remove(cmd);
5096unlock:
5097 hci_dev_unlock(hdev);
5098}
5099
eac83dc6
MH		 5100static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5101 void *data, u16 len)
5102{
5103 struct mgmt_mode *cp = data;
3b0602cd 5104 struct mgmt_pending_cmd *cmd;
a1443f5a 5105 struct hci_request req;
a3209694 5106 u8 val;
eac83dc6
MH		 5107 int err;
5108
5109 BT_DBG("request for %s", hdev->name);
5110
05b3c3e7 5111 if (!lmp_sc_capable(hdev) &&
d7a5a11d 5112 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 5113 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5114 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 5115
d7a5a11d 5116 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 5117 lmp_sc_capable(hdev) &&
d7a5a11d 5118 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 5119 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5120 MGMT_STATUS_REJECTED);
ed93ec69 5121
0ab04a9c 5122 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 5123 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 5124 MGMT_STATUS_INVALID_PARAMS);
5125
5126 hci_dev_lock(hdev);
5127
05b3c3e7 5128 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 5129 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 5130 bool changed;
5131
0ab04a9c 5132 if (cp->val) {
238be788
MH		 5133 changed = !hci_dev_test_and_set_flag(hdev,
5134 HCI_SC_ENABLED);
0ab04a9c 5135 if (cp->val == 0x02)
a1536da2 5136 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5137 else
a358dc11 5138 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5139 } else {
a69d8927
MH		 5140 changed = hci_dev_test_and_clear_flag(hdev,
5141 HCI_SC_ENABLED);
a358dc11 5142 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5143 }
eac83dc6
MH		 5144
5145 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5146 if (err < 0)
5147 goto failed;
5148
5149 if (changed)
5150 err = new_settings(hdev, sk);
5151
5152 goto failed;
5153 }
5154
333ae95d 5155 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 5156 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5157 MGMT_STATUS_BUSY);
eac83dc6
MH		 5158 goto failed;
5159 }
5160
0ab04a9c
MH		 5161 val = !!cp->val;
5162
d7a5a11d
MH		 5163 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5164 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 5165 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5166 goto failed;
5167 }
5168
5169 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5170 if (!cmd) {
5171 err = -ENOMEM;
5172 goto failed;
5173 }
5174
a1443f5a
JH		 5175 hci_req_init(&req, hdev);
5176 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5177 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 5178 if (err < 0) {
5179 mgmt_pending_remove(cmd);
5180 goto failed;
5181 }
5182
5183failed:
5184 hci_dev_unlock(hdev);
5185 return err;
5186}
5187
4e39ac81
MH		 5188static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5189 void *data, u16 len)
5190{
5191 struct mgmt_mode *cp = data;
b9710979 5192 bool changed, use_changed;
4e39ac81
MH		 5193 int err;
5194
5195 BT_DBG("request for %s", hdev->name);
5196
b9710979 5197 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 5198 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5199 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 5200
5201 hci_dev_lock(hdev);
5202
5203 if (cp->val)
238be788 5204 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 5205 else
a69d8927
MH		 5206 changed = hci_dev_test_and_clear_flag(hdev,
5207 HCI_KEEP_DEBUG_KEYS);
4e39ac81 5208
b9710979 5209 if (cp->val == 0x02)
238be788
MH		 5210 use_changed = !hci_dev_test_and_set_flag(hdev,
5211 HCI_USE_DEBUG_KEYS);
b9710979 5212 else
a69d8927
MH		 5213 use_changed = hci_dev_test_and_clear_flag(hdev,
5214 HCI_USE_DEBUG_KEYS);
b9710979
JH		 5215
5216 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 5217 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 5218 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5219 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5220 sizeof(mode), &mode);
5221 }
5222
4e39ac81
MH		 5223 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5224 if (err < 0)
5225 goto unlock;
5226
5227 if (changed)
5228 err = new_settings(hdev, sk);
5229
5230unlock:
5231 hci_dev_unlock(hdev);
5232 return err;
5233}
5234
62b04cd1
JH		 5235static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5236 u16 len)
5237{
5238 struct mgmt_cp_set_privacy *cp = cp_data;
5239 bool changed;
5240 int err;
5241
5242 BT_DBG("request for %s", hdev->name);
5243
5244 if (!lmp_le_capable(hdev))
a69e8375
JH		 5245 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5246 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 5247
5248 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 5249 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5250 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 5251
5252 if (hdev_is_powered(hdev))
a69e8375
JH		 5253 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5254 MGMT_STATUS_REJECTED);
62b04cd1
JH		 5255
5256 hci_dev_lock(hdev);
5257
c21c0ea0
JH		 5258 /* If user space supports this command it is also expected to
5259 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5260 */
a1536da2 5261 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 5262
62b04cd1 5263 if (cp->privacy) {
238be788 5264 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 5265 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 5266 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1 5267 } else {
a69d8927 5268 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 5269 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 5270 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 5271 }
5272
5273 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5274 if (err < 0)
5275 goto unlock;
5276
5277 if (changed)
5278 err = new_settings(hdev, sk);
5279
5280unlock:
5281 hci_dev_unlock(hdev);
5282 return err;
5283}
5284
41edf160
JH		 5285static bool irk_is_valid(struct mgmt_irk_info *irk)
5286{
5287 switch (irk->addr.type) {
5288 case BDADDR_LE_PUBLIC:
5289 return true;
5290
5291 case BDADDR_LE_RANDOM:
5292 /* Two most significant bits shall be set */
5293 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5294 return false;
5295 return true;
5296 }
5297
5298 return false;
5299}
5300
5301static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5302 u16 len)
5303{
5304 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5305 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5306 sizeof(struct mgmt_irk_info));
41edf160
JH		 5307 u16 irk_count, expected_len;
5308 int i, err;
5309
5310 BT_DBG("request for %s", hdev->name);
5311
5312 if (!lmp_le_capable(hdev))
a69e8375
JH		 5313 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5314 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5315
5316 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 5317 if (irk_count > max_irk_count) {
5318 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 5319 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5320 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5321 }
41edf160
JH		 5322
5323 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5324 if (expected_len != len) {
5325 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 5326 expected_len, len);
a69e8375
JH		 5327 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5328 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5329 }
5330
5331 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5332
5333 for (i = 0; i < irk_count; i++) {
5334 struct mgmt_irk_info *key = &cp->irks[i];
5335
5336 if (!irk_is_valid(key))
a69e8375
JH		 5337 return mgmt_cmd_status(sk, hdev->id,
5338 MGMT_OP_LOAD_IRKS,
5339 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5340 }
5341
5342 hci_dev_lock(hdev);
5343
5344 hci_smp_irks_clear(hdev);
5345
5346 for (i = 0; i < irk_count; i++) {
5347 struct mgmt_irk_info *irk = &cp->irks[i];
5348 u8 addr_type;
5349
5350 if (irk->addr.type == BDADDR_LE_PUBLIC)
5351 addr_type = ADDR_LE_DEV_PUBLIC;
5352 else
5353 addr_type = ADDR_LE_DEV_RANDOM;
5354
5355 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5356 BDADDR_ANY);
5357 }
5358
a1536da2 5359 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 5360
2a1afb5a 5361 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5362
5363 hci_dev_unlock(hdev);
5364
5365 return err;
5366}
5367
3f706b72
JH		 5368static bool ltk_is_valid(struct mgmt_ltk_info *key)
5369{
5370 if (key->master != 0x00 && key->master != 0x01)
5371 return false;
490cb0b3
MH		 5372
5373 switch (key->addr.type) {
5374 case BDADDR_LE_PUBLIC:
5375 return true;
5376
5377 case BDADDR_LE_RANDOM:
5378 /* Two most significant bits shall be set */
5379 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5380 return false;
5381 return true;
5382 }
5383
5384 return false;
3f706b72
JH		 5385}
5386
bdb6d971 5387static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5388 void *cp_data, u16 len)
346af67b 5389{
346af67b 5390 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5391 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5392 sizeof(struct mgmt_ltk_info));
346af67b 5393 u16 key_count, expected_len;
715a5bf2 5394 int i, err;
346af67b 5395
cf99ba13
MH		 5396 BT_DBG("request for %s", hdev->name);
5397
5398 if (!lmp_le_capable(hdev))
a69e8375
JH		 5399 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5400 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5401
1f350c87 5402 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5403 if (key_count > max_key_count) {
5404 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 5405 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5406 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5407 }
346af67b
VCG		 5408
5409 expected_len = sizeof(*cp) + key_count *
5410 sizeof(struct mgmt_ltk_info);
5411 if (expected_len != len) {
5412 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5413 expected_len, len);
a69e8375
JH		 5414 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5415 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5416 }
5417
bdb6d971 5418 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5419
54ad6d8a
JH		 5420 for (i = 0; i < key_count; i++) {
5421 struct mgmt_ltk_info *key = &cp->keys[i];
5422
3f706b72 5423 if (!ltk_is_valid(key))
a69e8375
JH		 5424 return mgmt_cmd_status(sk, hdev->id,
5425 MGMT_OP_LOAD_LONG_TERM_KEYS,
5426 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5427 }
5428
346af67b
VCG		 5429 hci_dev_lock(hdev);
5430
5431 hci_smp_ltks_clear(hdev);
5432
5433 for (i = 0; i < key_count; i++) {
5434 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5435 u8 type, addr_type, authenticated;
79d95a19
MH		 5436
5437 if (key->addr.type == BDADDR_LE_PUBLIC)
5438 addr_type = ADDR_LE_DEV_PUBLIC;
5439 else
5440 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5441
61b43357
JH		 5442 switch (key->type) {
5443 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5444 authenticated = 0x00;
23fb8de3 5445 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5446 break;
5447 case MGMT_LTK_AUTHENTICATED:
d7b25450 5448 authenticated = 0x01;
23fb8de3
JH		 5449 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5450 break;
5451 case MGMT_LTK_P256_UNAUTH:
5452 authenticated = 0x00;
5453 type = SMP_LTK_P256;
61b43357 5454 break;
23fb8de3
JH		 5455 case MGMT_LTK_P256_AUTH:
5456 authenticated = 0x01;
5457 type = SMP_LTK_P256;
61b43357 5458 break;
23fb8de3
JH		 5459 case MGMT_LTK_P256_DEBUG:
5460 authenticated = 0x00;
5461 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5462 default:
5463 continue;
5464 }
d7b25450 5465
35d70271 5466 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5467 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5468 key->rand);
346af67b
VCG		 5469 }
5470
2a1afb5a 5471 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5472 NULL, 0);
5473
346af67b 5474 hci_dev_unlock(hdev);
346af67b 5475
715a5bf2 5476 return err;
346af67b
VCG		 5477}
5478
3b0602cd 5479static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5480{
dd983808 5481 struct hci_conn *conn = cmd->user_data;
9981bdb0 5482 struct mgmt_rp_get_conn_info rp;
9df74653 5483 int err;
dd983808 5484
9981bdb0 5485 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5486
9981bdb0 5487 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5488 rp.rssi = conn->rssi;
9981bdb0
JH		 5489 rp.tx_power = conn->tx_power;
5490 rp.max_tx_power = conn->max_tx_power;
5491 } else {
5492 rp.rssi = HCI_RSSI_INVALID;
5493 rp.tx_power = HCI_TX_POWER_INVALID;
5494 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5495 }
5496
2a1afb5a
JH		 5497 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5498 status, &rp, sizeof(rp));
dd983808
AK		 5499
5500 hci_conn_drop(conn);
f8aaf9b6 5501 hci_conn_put(conn);
9df74653
JH		 5502
5503 return err;
dd983808
AK		 5504}
5505
1904a853
MH		 5506static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5507 u16 opcode)
dd983808
AK		 5508{
5509 struct hci_cp_read_rssi *cp;
3b0602cd 5510 struct mgmt_pending_cmd *cmd;
dd983808 5511 struct hci_conn *conn;
dd983808 5512 u16 handle;
9981bdb0 5513 u8 status;
dd983808 5514
9981bdb0 5515 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5516
5517 hci_dev_lock(hdev);
5518
dd983808
AK		 5519 /* Commands sent in request are either Read RSSI or Read Transmit Power
5520 * Level so we check which one was last sent to retrieve connection
5521 * handle. Both commands have handle as first parameter so it's safe to
5522 * cast data on the same command struct.
5523 *
5524 * First command sent is always Read RSSI and we fail only if it fails.
5525 * In other case we simply override error to indicate success as we
5526 * already remembered if TX power value is actually valid.
5527 */
5528 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5529 if (!cp) {
5530 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5531 status = MGMT_STATUS_SUCCESS;
5532 } else {
5533 status = mgmt_status(hci_status);
dd983808
AK		 5534 }
5535
5536 if (!cp) {
9981bdb0 5537 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5538 goto unlock;
5539 }
5540
5541 handle = __le16_to_cpu(cp->handle);
5542 conn = hci_conn_hash_lookup_handle(hdev, handle);
5543 if (!conn) {
9981bdb0 5544 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5545 goto unlock;
5546 }
5547
333ae95d 5548 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
9981bdb0
JH		 5549 if (!cmd)
5550 goto unlock;
dd983808 5551
9981bdb0
JH		 5552 cmd->cmd_complete(cmd, status);
5553 mgmt_pending_remove(cmd);
dd983808
AK		 5554
5555unlock:
5556 hci_dev_unlock(hdev);
5557}
5558
5559static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5560 u16 len)
5561{
5562 struct mgmt_cp_get_conn_info *cp = data;
5563 struct mgmt_rp_get_conn_info rp;
5564 struct hci_conn *conn;
5565 unsigned long conn_info_age;
5566 int err = 0;
5567
5568 BT_DBG("%s", hdev->name);
5569
5570 memset(&rp, 0, sizeof(rp));
5571 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5572 rp.addr.type = cp->addr.type;
5573
5574 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5575 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5576 MGMT_STATUS_INVALID_PARAMS,
5577 &rp, sizeof(rp));
dd983808
AK		 5578
5579 hci_dev_lock(hdev);
5580
5581 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5582 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5583 MGMT_STATUS_NOT_POWERED, &rp,
5584 sizeof(rp));
dd983808
AK		 5585 goto unlock;
5586 }
5587
5588 if (cp->addr.type == BDADDR_BREDR)
5589 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5590 &cp->addr.bdaddr);
5591 else
5592 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5593
5594 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5595 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5596 MGMT_STATUS_NOT_CONNECTED, &rp,
5597 sizeof(rp));
dd983808
AK		 5598 goto unlock;
5599 }
5600
333ae95d 5601 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5602 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5603 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5604 goto unlock;
5605 }
5606
dd983808
AK		 5607 /* To avoid client trying to guess when to poll again for information we
5608 * calculate conn info age as random value between min/max set in hdev.
5609 */
5610 conn_info_age = hdev->conn_info_min_age +
5611 prandom_u32_max(hdev->conn_info_max_age -
5612 hdev->conn_info_min_age);
5613
5614 /* Query controller to refresh cached values if they are too old or were
5615 * never read.
5616 */
f4e2dd53
AK		 5617 if (time_after(jiffies, conn->conn_info_timestamp +
5618 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5619 !conn->conn_info_timestamp) {
5620 struct hci_request req;
5621 struct hci_cp_read_tx_power req_txp_cp;
5622 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5623 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5624
5625 hci_req_init(&req, hdev);
5626 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5627 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5628 &req_rssi_cp);
5629
f7faab0c
AK		 5630 /* For LE links TX power does not change thus we don't need to
5631 * query for it once value is known.
5632 */
5633 if (!bdaddr_type_is_le(cp->addr.type) ||
5634 conn->tx_power == HCI_TX_POWER_INVALID) {
5635 req_txp_cp.handle = cpu_to_le16(conn->handle);
5636 req_txp_cp.type = 0x00;
5637 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5638 sizeof(req_txp_cp), &req_txp_cp);
5639 }
dd983808 5640
eed5daf3
AK		 5641 /* Max TX power needs to be read only once per connection */
5642 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5643 req_txp_cp.handle = cpu_to_le16(conn->handle);
5644 req_txp_cp.type = 0x01;
5645 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5646 sizeof(req_txp_cp), &req_txp_cp);
5647 }
5648
dd983808
AK		 5649 err = hci_req_run(&req, conn_info_refresh_complete);
5650 if (err < 0)
5651 goto unlock;
5652
5653 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5654 data, len);
5655 if (!cmd) {
5656 err = -ENOMEM;
5657 goto unlock;
5658 }
5659
5660 hci_conn_hold(conn);
f8aaf9b6 5661 cmd->user_data = hci_conn_get(conn);
9981bdb0 5662 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5663
5664 conn->conn_info_timestamp = jiffies;
5665 } else {
5666 /* Cache is valid, just reply with values cached in hci_conn */
5667 rp.rssi = conn->rssi;
5668 rp.tx_power = conn->tx_power;
eed5daf3 5669 rp.max_tx_power = conn->max_tx_power;
dd983808 5670
2a1afb5a
JH		 5671 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5672 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5673 }
5674
5675unlock:
5676 hci_dev_unlock(hdev);
5677 return err;
5678}
5679
3b0602cd 5680static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5681{
69487371 5682 struct hci_conn *conn = cmd->user_data;
95868426 5683 struct mgmt_rp_get_clock_info rp;
69487371 5684 struct hci_dev *hdev;
9df74653 5685 int err;
69487371
JH		 5686
5687 memset(&rp, 0, sizeof(rp));
5688 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5689
5690 if (status)
5691 goto complete;
5692
5693 hdev = hci_dev_get(cmd->index);
5694 if (hdev) {
5695 rp.local_clock = cpu_to_le32(hdev->clock);
5696 hci_dev_put(hdev);
5697 }
5698
5699 if (conn) {
5700 rp.piconet_clock = cpu_to_le32(conn->clock);
5701 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5702 }
5703
5704complete:
2a1afb5a
JH		 5705 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5706 sizeof(rp));
69487371
JH		 5707
5708 if (conn) {
5709 hci_conn_drop(conn);
5710 hci_conn_put(conn);
5711 }
9df74653
JH		 5712
5713 return err;
69487371
JH		 5714}
5715
1904a853 5716static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5717{
95868426 5718 struct hci_cp_read_clock *hci_cp;
3b0602cd 5719 struct mgmt_pending_cmd *cmd;
95868426
JH		 5720 struct hci_conn *conn;
5721
5722 BT_DBG("%s status %u", hdev->name, status);
5723
5724 hci_dev_lock(hdev);
5725
5726 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5727 if (!hci_cp)
5728 goto unlock;
5729
5730 if (hci_cp->which) {
5731 u16 handle = __le16_to_cpu(hci_cp->handle);
5732 conn = hci_conn_hash_lookup_handle(hdev, handle);
5733 } else {
5734 conn = NULL;
5735 }
5736
333ae95d 5737 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
95868426
JH		 5738 if (!cmd)
5739 goto unlock;
5740
69487371 5741 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5742 mgmt_pending_remove(cmd);
95868426
JH		 5743
5744unlock:
5745 hci_dev_unlock(hdev);
5746}
5747
5748static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5749 u16 len)
5750{
5751 struct mgmt_cp_get_clock_info *cp = data;
5752 struct mgmt_rp_get_clock_info rp;
5753 struct hci_cp_read_clock hci_cp;
3b0602cd 5754 struct mgmt_pending_cmd *cmd;
95868426
JH		 5755 struct hci_request req;
5756 struct hci_conn *conn;
5757 int err;
5758
5759 BT_DBG("%s", hdev->name);
5760
5761 memset(&rp, 0, sizeof(rp));
5762 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5763 rp.addr.type = cp->addr.type;
5764
5765 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5766 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5767 MGMT_STATUS_INVALID_PARAMS,
5768 &rp, sizeof(rp));
95868426
JH		 5769
5770 hci_dev_lock(hdev);
5771
5772 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5773 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5774 MGMT_STATUS_NOT_POWERED, &rp,
5775 sizeof(rp));
95868426
JH		 5776 goto unlock;
5777 }
5778
5779 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5780 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5781 &cp->addr.bdaddr);
5782 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5783 err = mgmt_cmd_complete(sk, hdev->id,
5784 MGMT_OP_GET_CLOCK_INFO,
5785 MGMT_STATUS_NOT_CONNECTED,
5786 &rp, sizeof(rp));
95868426
JH		 5787 goto unlock;
5788 }
5789 } else {
5790 conn = NULL;
5791 }
5792
5793 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5794 if (!cmd) {
5795 err = -ENOMEM;
5796 goto unlock;
5797 }
5798
69487371
JH		 5799 cmd->cmd_complete = clock_info_cmd_complete;
5800
95868426
JH		 5801 hci_req_init(&req, hdev);
5802
5803 memset(&hci_cp, 0, sizeof(hci_cp));
5804 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5805
5806 if (conn) {
5807 hci_conn_hold(conn);
f8aaf9b6 5808 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5809
5810 hci_cp.handle = cpu_to_le16(conn->handle);
5811 hci_cp.which = 0x01; /* Piconet clock */
5812 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5813 }
5814
5815 err = hci_req_run(&req, get_clock_info_complete);
5816 if (err < 0)
5817 mgmt_pending_remove(cmd);
5818
5819unlock:
5820 hci_dev_unlock(hdev);
5821 return err;
5822}
5823
5a154e6f
JH		 5824static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5825{
5826 struct hci_conn *conn;
5827
5828 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5829 if (!conn)
5830 return false;
5831
5832 if (conn->dst_type != type)
5833 return false;
5834
5835 if (conn->state != BT_CONNECTED)
5836 return false;
5837
5838 return true;
5839}
5840
5841/* This function requires the caller holds hdev->lock */
5842static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5843 u8 addr_type, u8 auto_connect)
5844{
5845 struct hci_dev *hdev = req->hdev;
5846 struct hci_conn_params *params;
5847
5848 params = hci_conn_params_add(hdev, addr, addr_type);
5849 if (!params)
5850 return -EIO;
5851
5852 if (params->auto_connect == auto_connect)
5853 return 0;
5854
5855 list_del_init(&params->action);
5856
5857 switch (auto_connect) {
5858 case HCI_AUTO_CONN_DISABLED:
5859 case HCI_AUTO_CONN_LINK_LOSS:
5860 __hci_update_background_scan(req);
5861 break;
5862 case HCI_AUTO_CONN_REPORT:
5863 list_add(&params->action, &hdev->pend_le_reports);
5864 __hci_update_background_scan(req);
5865 break;
5866 case HCI_AUTO_CONN_DIRECT:
5867 case HCI_AUTO_CONN_ALWAYS:
5868 if (!is_connected(hdev, addr, addr_type)) {
5869 list_add(&params->action, &hdev->pend_le_conns);
5870 __hci_update_background_scan(req);
5871 }
5872 break;
5873 }
5874
5875 params->auto_connect = auto_connect;
5876
5877 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5878 auto_connect);
5879
5880 return 0;
5881}
5882
8afef092
MH		 5883static void device_added(struct sock *sk, struct hci_dev *hdev,
5884 bdaddr_t *bdaddr, u8 type, u8 action)
5885{
5886 struct mgmt_ev_device_added ev;
5887
5888 bacpy(&ev.addr.bdaddr, bdaddr);
5889 ev.addr.type = type;
5890 ev.action = action;
5891
5892 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5893}
5894
1904a853 5895static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5a154e6f 5896{
3b0602cd 5897 struct mgmt_pending_cmd *cmd;
5a154e6f
JH		 5898
5899 BT_DBG("status 0x%02x", status);
5900
5901 hci_dev_lock(hdev);
5902
333ae95d 5903 cmd = pending_find(MGMT_OP_ADD_DEVICE, hdev);
5a154e6f
JH		 5904 if (!cmd)
5905 goto unlock;
5906
5907 cmd->cmd_complete(cmd, mgmt_status(status));
5908 mgmt_pending_remove(cmd);
5909
5910unlock:
5911 hci_dev_unlock(hdev);
5912}
5913
2faade53
MH		 5914static int add_device(struct sock *sk, struct hci_dev *hdev,
5915 void *data, u16 len)
5916{
5917 struct mgmt_cp_add_device *cp = data;
3b0602cd 5918 struct mgmt_pending_cmd *cmd;
5a154e6f 5919 struct hci_request req;
2faade53
MH		 5920 u8 auto_conn, addr_type;
5921 int err;
5922
5923 BT_DBG("%s", hdev->name);
5924
6659358e 5925 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5926 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5927 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5928 MGMT_STATUS_INVALID_PARAMS,
5929 &cp->addr, sizeof(cp->addr));
2faade53 5930
4b9e7e75 5931 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5932 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5933 MGMT_STATUS_INVALID_PARAMS,
5934 &cp->addr, sizeof(cp->addr));
2faade53 5935
5a154e6f
JH		 5936 hci_req_init(&req, hdev);
5937
2faade53
MH		 5938 hci_dev_lock(hdev);
5939
5a154e6f
JH		 5940 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5941 if (!cmd) {
5942 err = -ENOMEM;
5943 goto unlock;
5944 }
5945
5946 cmd->cmd_complete = addr_cmd_complete;
5947
6659358e 5948 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5949 /* Only incoming connections action is supported for now */
6659358e 5950 if (cp->action != 0x01) {
9df74653
JH		 5951 err = cmd->cmd_complete(cmd,
5952 MGMT_STATUS_INVALID_PARAMS);
5a154e6f 5953 mgmt_pending_remove(cmd);
6659358e
JH		 5954 goto unlock;
5955 }
5956
5957 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5958 cp->addr.type);
5959 if (err)
5960 goto unlock;
a397407f 5961
5a154e6f 5962 __hci_update_page_scan(&req);
a397407f 5963
6659358e
JH		 5964 goto added;
5965 }
5966
2faade53
MH		 5967 if (cp->addr.type == BDADDR_LE_PUBLIC)
5968 addr_type = ADDR_LE_DEV_PUBLIC;
5969 else
5970 addr_type = ADDR_LE_DEV_RANDOM;
5971
4b9e7e75 5972 if (cp->action == 0x02)
2faade53 5973 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5974 else if (cp->action == 0x01)
5975 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5976 else
a3451d27 5977 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5978
bf5b3c8b
MH		 5979 /* If the connection parameters don't exist for this device,
5980 * they will be created and configured with defaults.
5981 */
5a154e6f 5982 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
d06b50ce 5983 auto_conn) < 0) {
9df74653 5984 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5a154e6f 5985 mgmt_pending_remove(cmd);
2faade53
MH		 5986 goto unlock;
5987 }
5988
6659358e 5989added:
8afef092
MH		 5990 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5991
5a154e6f
JH		 5992 err = hci_req_run(&req, add_device_complete);
5993 if (err < 0) {
5994 /* ENODATA means no HCI commands were needed (e.g. if
5995 * the adapter is powered off).
5996 */
9df74653
JH		 5997 if (err == -ENODATA)
5998 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5a154e6f
JH		 5999 mgmt_pending_remove(cmd);
6000 }
2faade53
MH		 6001
6002unlock:
6003 hci_dev_unlock(hdev);
6004 return err;
6005}
6006
8afef092
MH		 6007static void device_removed(struct sock *sk, struct hci_dev *hdev,
6008 bdaddr_t *bdaddr, u8 type)
6009{
6010 struct mgmt_ev_device_removed ev;
6011
6012 bacpy(&ev.addr.bdaddr, bdaddr);
6013 ev.addr.type = type;
6014
6015 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
6016}
6017
1904a853 6018static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
51ef3ebe 6019{
3b0602cd 6020 struct mgmt_pending_cmd *cmd;
51ef3ebe
JH		 6021
6022 BT_DBG("status 0x%02x", status);
6023
6024 hci_dev_lock(hdev);
6025
333ae95d 6026 cmd = pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
51ef3ebe
JH		 6027 if (!cmd)
6028 goto unlock;
6029
6030 cmd->cmd_complete(cmd, mgmt_status(status));
6031 mgmt_pending_remove(cmd);
6032
6033unlock:
6034 hci_dev_unlock(hdev);
6035}
6036
2faade53
MH		 6037static int remove_device(struct sock *sk, struct hci_dev *hdev,
6038 void *data, u16 len)
6039{
6040 struct mgmt_cp_remove_device *cp = data;
3b0602cd 6041 struct mgmt_pending_cmd *cmd;
51ef3ebe 6042 struct hci_request req;
2faade53
MH		 6043 int err;
6044
6045 BT_DBG("%s", hdev->name);
6046
51ef3ebe
JH		 6047 hci_req_init(&req, hdev);
6048
2faade53
MH		 6049 hci_dev_lock(hdev);
6050
51ef3ebe
JH		 6051 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
6052 if (!cmd) {
6053 err = -ENOMEM;
6054 goto unlock;
6055 }
6056
6057 cmd->cmd_complete = addr_cmd_complete;
6058
2faade53 6059 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 6060 struct hci_conn_params *params;
2faade53
MH		 6061 u8 addr_type;
6062
6659358e 6063 if (!bdaddr_type_is_valid(cp->addr.type)) {
9df74653
JH		 6064 err = cmd->cmd_complete(cmd,
6065 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6066 mgmt_pending_remove(cmd);
2faade53
MH		 6067 goto unlock;
6068 }
6069
6659358e
JH		 6070 if (cp->addr.type == BDADDR_BREDR) {
6071 err = hci_bdaddr_list_del(&hdev->whitelist,
6072 &cp->addr.bdaddr,
6073 cp->addr.type);
6074 if (err) {
9df74653
JH		 6075 err = cmd->cmd_complete(cmd,
6076 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6077 mgmt_pending_remove(cmd);
6659358e
JH		 6078 goto unlock;
6079 }
6080
51ef3ebe 6081 __hci_update_page_scan(&req);
a397407f 6082
6659358e
JH		 6083 device_removed(sk, hdev, &cp->addr.bdaddr,
6084 cp->addr.type);
6085 goto complete;
6086 }
6087
2faade53
MH		 6088 if (cp->addr.type == BDADDR_LE_PUBLIC)
6089 addr_type = ADDR_LE_DEV_PUBLIC;
6090 else
6091 addr_type = ADDR_LE_DEV_RANDOM;
6092
c71593dd
JH		 6093 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6094 addr_type);
6095 if (!params) {
9df74653
JH		 6096 err = cmd->cmd_complete(cmd,
6097 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6098 mgmt_pending_remove(cmd);
c71593dd
JH		 6099 goto unlock;
6100 }
6101
6102 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
9df74653
JH		 6103 err = cmd->cmd_complete(cmd,
6104 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6105 mgmt_pending_remove(cmd);
c71593dd
JH		 6106 goto unlock;
6107 }
6108
d1dbf12e 6109 list_del(&params->action);
c71593dd
JH		 6110 list_del(&params->list);
6111 kfree(params);
51ef3ebe 6112 __hci_update_background_scan(&req);
8afef092
MH		 6113
6114 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 6115 } else {
19de0825 6116 struct hci_conn_params *p, *tmp;
6659358e 6117 struct bdaddr_list *b, *btmp;
19de0825 6118
2faade53 6119 if (cp->addr.type) {
9df74653
JH		 6120 err = cmd->cmd_complete(cmd,
6121 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6122 mgmt_pending_remove(cmd);
2faade53
MH		 6123 goto unlock;
6124 }
6125
6659358e
JH		 6126 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6127 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6128 list_del(&b->list);
6129 kfree(b);
6130 }
6131
51ef3ebe 6132 __hci_update_page_scan(&req);
a397407f 6133
19de0825
JH		 6134 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6135 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6136 continue;
6137 device_removed(sk, hdev, &p->addr, p->addr_type);
6138 list_del(&p->action);
6139 list_del(&p->list);
6140 kfree(p);
6141 }
6142
6143 BT_DBG("All LE connection parameters were removed");
6144
51ef3ebe 6145 __hci_update_background_scan(&req);
2faade53
MH		 6146 }
6147
6659358e 6148complete:
51ef3ebe
JH		 6149 err = hci_req_run(&req, remove_device_complete);
6150 if (err < 0) {
6151 /* ENODATA means no HCI commands were needed (e.g. if
6152 * the adapter is powered off).
6153 */
9df74653
JH		 6154 if (err == -ENODATA)
6155 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
51ef3ebe
JH		 6156 mgmt_pending_remove(cmd);
6157 }
2faade53
MH		 6158
6159unlock:
6160 hci_dev_unlock(hdev);
6161 return err;
6162}
6163
a26f3dcf
JH		 6164static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6165 u16 len)
6166{
6167 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 6168 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6169 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 6170 u16 param_count, expected_len;
6171 int i;
6172
6173 if (!lmp_le_capable(hdev))
a69e8375
JH		 6174 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6175 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 6176
6177 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 6178 if (param_count > max_param_count) {
6179 BT_ERR("load_conn_param: too big param_count value %u",
6180 param_count);
a69e8375
JH		 6181 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6182 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 6183 }
a26f3dcf
JH		 6184
6185 expected_len = sizeof(*cp) + param_count *
6186 sizeof(struct mgmt_conn_param);
6187 if (expected_len != len) {
6188 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6189 expected_len, len);
a69e8375
JH		 6190 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6191 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 6192 }
6193
6194 BT_DBG("%s param_count %u", hdev->name, param_count);
6195
6196 hci_dev_lock(hdev);
6197
6198 hci_conn_params_clear_disabled(hdev);
6199
6200 for (i = 0; i < param_count; i++) {
6201 struct mgmt_conn_param *param = &cp->params[i];
6202 struct hci_conn_params *hci_param;
6203 u16 min, max, latency, timeout;
6204 u8 addr_type;
6205
6206 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
6207 param->addr.type);
6208
6209 if (param->addr.type == BDADDR_LE_PUBLIC) {
6210 addr_type = ADDR_LE_DEV_PUBLIC;
6211 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6212 addr_type = ADDR_LE_DEV_RANDOM;
6213 } else {
6214 BT_ERR("Ignoring invalid connection parameters");
6215 continue;
6216 }
6217
6218 min = le16_to_cpu(param->min_interval);
6219 max = le16_to_cpu(param->max_interval);
6220 latency = le16_to_cpu(param->latency);
6221 timeout = le16_to_cpu(param->timeout);
6222
6223 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6224 min, max, latency, timeout);
6225
6226 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6227 BT_ERR("Ignoring invalid connection parameters");
6228 continue;
6229 }
6230
6231 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
6232 addr_type);
6233 if (!hci_param) {
6234 BT_ERR("Failed to add connection parameters");
6235 continue;
6236 }
6237
6238 hci_param->conn_min_interval = min;
6239 hci_param->conn_max_interval = max;
6240 hci_param->conn_latency = latency;
6241 hci_param->supervision_timeout = timeout;
6242 }
6243
6244 hci_dev_unlock(hdev);
6245
2a1afb5a
JH		 6246 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6247 NULL, 0);
a26f3dcf
JH		 6248}
6249
dbece37a
MH		 6250static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6251 void *data, u16 len)
6252{
6253 struct mgmt_cp_set_external_config *cp = data;
6254 bool changed;
6255 int err;
6256
6257 BT_DBG("%s", hdev->name);
6258
6259 if (hdev_is_powered(hdev))
a69e8375
JH		 6260 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6261 MGMT_STATUS_REJECTED);
dbece37a
MH		 6262
6263 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 6264 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6265 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 6266
6267 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 6268 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6269 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 6270
6271 hci_dev_lock(hdev);
6272
6273 if (cp->config)
238be788 6274 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 6275 else
a69d8927 6276 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 6277
6278 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6279 if (err < 0)
6280 goto unlock;
6281
6282 if (!changed)
6283 goto unlock;
6284
f4537c04
MH		 6285 err = new_options(hdev, sk);
6286
d7a5a11d 6287 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 6288 mgmt_index_removed(hdev);
d603b76b 6289
516018a9 6290 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 6291 hci_dev_set_flag(hdev, HCI_CONFIG);
6292 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 6293
6294 queue_work(hdev->req_workqueue, &hdev->power_on);
6295 } else {
5ea234d3 6296 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6297 mgmt_index_added(hdev);
6298 }
dbece37a
MH		 6299 }
6300
6301unlock:
6302 hci_dev_unlock(hdev);
6303 return err;
6304}
6305
9713c17b
MH		 6306static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6307 void *data, u16 len)
6308{
6309 struct mgmt_cp_set_public_address *cp = data;
6310 bool changed;
6311 int err;
6312
6313 BT_DBG("%s", hdev->name);
6314
6315 if (hdev_is_powered(hdev))
a69e8375
JH		 6316 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6317 MGMT_STATUS_REJECTED);
9713c17b
MH		 6318
6319 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 6320 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6321 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 6322
6323 if (!hdev->set_bdaddr)
a69e8375
JH		 6324 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6325 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 6326
6327 hci_dev_lock(hdev);
6328
6329 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6330 bacpy(&hdev->public_addr, &cp->bdaddr);
6331
6332 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6333 if (err < 0)
6334 goto unlock;
6335
6336 if (!changed)
6337 goto unlock;
6338
d7a5a11d 6339 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 6340 err = new_options(hdev, sk);
6341
6342 if (is_configured(hdev)) {
6343 mgmt_index_removed(hdev);
6344
a358dc11 6345 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 6346
a1536da2
MH		 6347 hci_dev_set_flag(hdev, HCI_CONFIG);
6348 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 6349
6350 queue_work(hdev->req_workqueue, &hdev->power_on);
6351 }
6352
6353unlock:
6354 hci_dev_unlock(hdev);
6355 return err;
6356}
6357
bea41609
MH		 6358static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6359 u8 data_len)
6360{
6361 eir[eir_len++] = sizeof(type) + data_len;
6362 eir[eir_len++] = type;
6363 memcpy(&eir[eir_len], data, data_len);
6364 eir_len += data_len;
6365
6366 return eir_len;
6367}
6368
4f0f155c
MH		 6369static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6370 void *data, u16 data_len)
6371{
6372 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6373 struct mgmt_rp_read_local_oob_ext_data *rp;
6374 size_t rp_len;
6375 u16 eir_len;
0821a2c5 6376 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 6377 int err;
6378
6379 BT_DBG("%s", hdev->name);
6380
6381 if (!hdev_is_powered(hdev))
6382 return mgmt_cmd_complete(sk, hdev->id,
6383 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6384 MGMT_STATUS_NOT_POWERED,
6385 &cp->type, sizeof(cp->type));
6386
6387 switch (cp->type) {
6388 case BIT(BDADDR_BREDR):
6389 status = mgmt_bredr_support(hdev);
6390 if (status)
6391 return mgmt_cmd_complete(sk, hdev->id,
6392 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6393 status, &cp->type,
6394 sizeof(cp->type));
6395 eir_len = 5;
6396 break;
6397 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6398 status = mgmt_le_support(hdev);
6399 if (status)
6400 return mgmt_cmd_complete(sk, hdev->id,
6401 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6402 status, &cp->type,
6403 sizeof(cp->type));
0821a2c5 6404 eir_len = 9 + 3 + 18 + 18 + 3;
4f0f155c
MH		 6405 break;
6406 default:
6407 return mgmt_cmd_complete(sk, hdev->id,
6408 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6409 MGMT_STATUS_INVALID_PARAMS,
6410 &cp->type, sizeof(cp->type));
6411 }
6412
6413 hci_dev_lock(hdev);
6414
6415 rp_len = sizeof(*rp) + eir_len;
6416 rp = kmalloc(rp_len, GFP_ATOMIC);
6417 if (!rp) {
6418 hci_dev_unlock(hdev);
6419 return -ENOMEM;
6420 }
6421
6422 eir_len = 0;
6423 switch (cp->type) {
6424 case BIT(BDADDR_BREDR):
6425 eir_len = eir_append_data(rp->eir, eir_len, EIR_CLASS_OF_DEV,
6426 hdev->dev_class, 3);
6427 break;
6428 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 6429 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6430 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5
MH		 6431 hci_dev_unlock(hdev);
6432 err = mgmt_cmd_complete(sk, hdev->id,
5082a599
MH		 6433 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6434 MGMT_STATUS_FAILED,
6435 &cp->type, sizeof(cp->type));
0821a2c5
MH		 6436 goto done;
6437 }
6438
4f0f155c
MH		 6439 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6440 memcpy(addr, &hdev->rpa, 6);
6441 addr[6] = 0x01;
6442 } else if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6443 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6444 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6445 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6446 memcpy(addr, &hdev->static_addr, 6);
6447 addr[6] = 0x01;
6448 } else {
6449 memcpy(addr, &hdev->bdaddr, 6);
6450 addr[6] = 0x00;
6451 }
6452
6453 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6454 addr, sizeof(addr));
6455
6456 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6457 role = 0x02;
6458 else
6459 role = 0x01;
6460
6461 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6462 &role, sizeof(role));
6463
5082a599
MH		 6464 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6465 eir_len = eir_append_data(rp->eir, eir_len,
6466 EIR_LE_SC_CONFIRM,
6467 hash, sizeof(hash));
0821a2c5 6468
5082a599
MH		 6469 eir_len = eir_append_data(rp->eir, eir_len,
6470 EIR_LE_SC_RANDOM,
6471 rand, sizeof(rand));
6472 }
0821a2c5 6473
4f0f155c
MH		 6474 flags = get_adv_discov_flags(hdev);
6475
6476 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6477 flags |= LE_AD_NO_BREDR;
6478
6479 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6480 &flags, sizeof(flags));
6481 break;
6482 }
6483
6484 rp->type = cp->type;
6485 rp->eir_len = cpu_to_le16(eir_len);
6486
6487 hci_dev_unlock(hdev);
6488
72000df2
MH		 6489 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6490
4f0f155c 6491 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
5425f98e 6492 MGMT_STATUS_SUCCESS, rp, sizeof(*rp) + eir_len);
72000df2
MH		 6493 if (err < 0)
6494 goto done;
6495
6496 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6497 rp, sizeof(*rp) + eir_len,
6498 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 6499
0821a2c5 6500done:
4f0f155c
MH		 6501 kfree(rp);
6502
6503 return err;
6504}
6505
d3d5305b
MH		 6506static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6507 void *data, u16 data_len)
6508{
6509 struct mgmt_rp_read_adv_features *rp;
6510 size_t rp_len;
6511 int err;
24b4f38f 6512 bool instance;
d3d5305b
MH		 6513
6514 BT_DBG("%s", hdev->name);
6515
6516 hci_dev_lock(hdev);
6517
6518 rp_len = sizeof(*rp);
24b4f38f
AU		 6519
6520 /* Currently only one instance is supported, so just add 1 to the
6521 * response length.
6522 */
6523 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
6524 if (instance)
6525 rp_len++;
6526
d3d5305b
MH		 6527 rp = kmalloc(rp_len, GFP_ATOMIC);
6528 if (!rp) {
6529 hci_dev_unlock(hdev);
6530 return -ENOMEM;
6531 }
6532
6533 rp->supported_flags = cpu_to_le32(0);
dc5d82a9
MH		 6534 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6535 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
24b4f38f
AU		 6536 rp->max_instances = 1;
6537
6538 /* Currently only one instance is supported, so simply return the
6539 * current instance number.
6540 */
6541 if (instance) {
6542 rp->num_instances = 1;
6543 rp->instance[0] = 1;
6544 } else {
6545 rp->num_instances = 0;
6546 }
d3d5305b
MH		 6547
6548 hci_dev_unlock(hdev);
6549
6550 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6551 MGMT_STATUS_SUCCESS, rp, rp_len);
6552
6553 kfree(rp);
6554
6555 return err;
6556}
6557
4117ed70
AU		 6558static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6559 u8 len)
24b4f38f 6560{
4117ed70 6561 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f
AU		 6562 int i, cur_len;
6563
4117ed70 6564 /* TODO: Correctly reduce len based on adv_flags. */
24b4f38f 6565
4117ed70 6566 if (len > max_len)
24b4f38f
AU		 6567 return false;
6568
4117ed70
AU		 6569 /* Make sure that the data is correctly formatted. */
6570 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6571 cur_len = data[i];
24b4f38f
AU		 6572
6573 /* If the current field length would exceed the total data
6574 * length, then it's invalid.
6575 */
4117ed70 6576 if (i + cur_len >= len)
24b4f38f
AU		 6577 return false;
6578 }
6579
6580 return true;
6581}
6582
24b4f38f
AU		 6583static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6584 u16 opcode)
6585{
6586 struct mgmt_pending_cmd *cmd;
6587 struct mgmt_rp_add_advertising rp;
6588
6589 BT_DBG("status %d", status);
6590
6591 hci_dev_lock(hdev);
6592
6593 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6594
6595 if (status) {
6596 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
6597 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
6598 advertising_removed(cmd ? cmd->sk : NULL, hdev, 1);
6599 }
6600
6601 if (!cmd)
6602 goto unlock;
6603
6604 rp.instance = 0x01;
6605
6606 if (status)
6607 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6608 mgmt_status(status));
6609 else
6610 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6611 mgmt_status(status), &rp, sizeof(rp));
6612
6613 mgmt_pending_remove(cmd);
6614
6615unlock:
6616 hci_dev_unlock(hdev);
6617}
6618
912098a6
AU		 6619static void adv_timeout_expired(struct work_struct *work)
6620{
6621 struct hci_dev *hdev = container_of(work, struct hci_dev,
6622 adv_instance.timeout_exp.work);
6623
6624 hdev->adv_instance.timeout = 0;
6625
6626 hci_dev_lock(hdev);
6627 clear_adv_instance(hdev);
6628 hci_dev_unlock(hdev);
6629}
6630
24b4f38f
AU		 6631static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6632 void *data, u16 data_len)
6633{
6634 struct mgmt_cp_add_advertising *cp = data;
6635 struct mgmt_rp_add_advertising rp;
6636 u32 flags;
6637 u8 status;
912098a6 6638 u16 timeout;
24b4f38f
AU		 6639 int err;
6640 struct mgmt_pending_cmd *cmd;
6641 struct hci_request req;
6642
6643 BT_DBG("%s", hdev->name);
6644
6645 status = mgmt_le_support(hdev);
6646 if (status)
6647 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6648 status);
6649
6650 flags = __le32_to_cpu(cp->flags);
912098a6 6651 timeout = __le16_to_cpu(cp->timeout);
24b4f38f 6652
e7a685d3
AU		 6653 /* The current implementation only supports adding one instance */
6654 if (cp->instance != 0x01)
24b4f38f
AU		 6655 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6656 MGMT_STATUS_INVALID_PARAMS);
6657
6658 hci_dev_lock(hdev);
6659
912098a6
AU		 6660 if (timeout && !hdev_is_powered(hdev)) {
6661 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6662 MGMT_STATUS_REJECTED);
6663 goto unlock;
6664 }
6665
24b4f38f 6666 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
da929335 6667 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
24b4f38f
AU		 6668 pending_find(MGMT_OP_SET_LE, hdev)) {
6669 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6670 MGMT_STATUS_BUSY);
6671 goto unlock;
6672 }
6673
4117ed70
AU		 6674 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len) ||
6675 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6676 cp->scan_rsp_len)) {
24b4f38f
AU		 6677 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6678 MGMT_STATUS_INVALID_PARAMS);
6679 goto unlock;
6680 }
6681
912098a6
AU		 6682 INIT_DELAYED_WORK(&hdev->adv_instance.timeout_exp, adv_timeout_expired);
6683
24b4f38f
AU		 6684 hdev->adv_instance.flags = flags;
6685 hdev->adv_instance.adv_data_len = cp->adv_data_len;
6686 hdev->adv_instance.scan_rsp_len = cp->scan_rsp_len;
6687
6688 if (cp->adv_data_len)
6689 memcpy(hdev->adv_instance.adv_data, cp->data, cp->adv_data_len);
6690
6691 if (cp->scan_rsp_len)
6692 memcpy(hdev->adv_instance.scan_rsp_data,
6693 cp->data + cp->adv_data_len, cp->scan_rsp_len);
6694
912098a6
AU		 6695 if (hdev->adv_instance.timeout)
6696 cancel_delayed_work(&hdev->adv_instance.timeout_exp);
6697
6698 hdev->adv_instance.timeout = timeout;
6699
6700 if (timeout)
6701 queue_delayed_work(hdev->workqueue,
6702 &hdev->adv_instance.timeout_exp,
6703 msecs_to_jiffies(timeout * 1000));
6704
24b4f38f
AU		 6705 if (!hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING_INSTANCE))
6706 advertising_added(sk, hdev, 1);
6707
6708 /* If the HCI_ADVERTISING flag is set or the device isn't powered then
6709 * we have no HCI communication to make. Simply return.
6710 */
6711 if (!hdev_is_powered(hdev) ||
6712 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6713 rp.instance = 0x01;
6714 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6715 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6716 goto unlock;
6717 }
6718
6719 /* We're good to go, update advertising data, parameters, and start
6720 * advertising.
6721 */
6722 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6723 data_len);
6724 if (!cmd) {
6725 err = -ENOMEM;
6726 goto unlock;
6727 }
6728
6729 hci_req_init(&req, hdev);
6730
6731 update_adv_data(&req);
4117ed70 6732 update_scan_rsp_data(&req);
24b4f38f
AU		 6733 enable_advertising(&req);
6734
6735 err = hci_req_run(&req, add_advertising_complete);
6736 if (err < 0)
6737 mgmt_pending_remove(cmd);
6738
6739unlock:
6740 hci_dev_unlock(hdev);
6741
6742 return err;
6743}
6744
da929335
AU		 6745static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6746 u16 opcode)
6747{
6748 struct mgmt_pending_cmd *cmd;
6749 struct mgmt_rp_remove_advertising rp;
6750
6751 BT_DBG("status %d", status);
6752
6753 hci_dev_lock(hdev);
6754
6755 /* A failure status here only means that we failed to disable
6756 * advertising. Otherwise, the advertising instance has been removed,
6757 * so report success.
6758 */
6759 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6760 if (!cmd)
6761 goto unlock;
6762
6763 rp.instance = 1;
6764
6765 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6766 &rp, sizeof(rp));
6767 mgmt_pending_remove(cmd);
6768
6769unlock:
6770 hci_dev_unlock(hdev);
6771}
6772
6773static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6774 void *data, u16 data_len)
6775{
6776 struct mgmt_cp_remove_advertising *cp = data;
6777 struct mgmt_rp_remove_advertising rp;
6778 int err;
6779 struct mgmt_pending_cmd *cmd;
6780 struct hci_request req;
6781
6782 BT_DBG("%s", hdev->name);
6783
6784 /* The current implementation only allows modifying instance no 1. A
6785 * value of 0 indicates that all instances should be cleared.
6786 */
6787 if (cp->instance > 1)
6788 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6789 MGMT_STATUS_INVALID_PARAMS);
6790
6791 hci_dev_lock(hdev);
6792
6793 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6794 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6795 pending_find(MGMT_OP_SET_LE, hdev)) {
6796 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6797 MGMT_STATUS_BUSY);
6798 goto unlock;
6799 }
6800
6801 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
6802 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6803 MGMT_STATUS_INVALID_PARAMS);
6804 goto unlock;
6805 }
6806
912098a6
AU		 6807 if (hdev->adv_instance.timeout)
6808 cancel_delayed_work(&hdev->adv_instance.timeout_exp);
6809
da929335
AU		 6810 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
6811
6812 advertising_removed(sk, hdev, 1);
6813
6814 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
6815
6816 /* If the HCI_ADVERTISING flag is set or the device isn't powered then
6817 * we have no HCI communication to make. Simply return.
6818 */
6819 if (!hdev_is_powered(hdev) ||
6820 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6821 rp.instance = 1;
6822 err = mgmt_cmd_complete(sk, hdev->id,
6823 MGMT_OP_REMOVE_ADVERTISING,
6824 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6825 goto unlock;
6826 }
6827
6828 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6829 data_len);
6830 if (!cmd) {
6831 err = -ENOMEM;
6832 goto unlock;
6833 }
6834
6835 hci_req_init(&req, hdev);
6836 disable_advertising(&req);
6837
6838 err = hci_req_run(&req, remove_advertising_complete);
6839 if (err < 0)
6840 mgmt_pending_remove(cmd);
6841
6842unlock:
6843 hci_dev_unlock(hdev);
6844
6845 return err;
6846}
6847
6d785aa3 6848static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6849 { NULL }, /* 0x0000 (no command) */
b9a245fb 6850 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 6851 HCI_MGMT_NO_HDEV |
6852 HCI_MGMT_UNTRUSTED },
b9a245fb 6853 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 6854 HCI_MGMT_NO_HDEV |
6855 HCI_MGMT_UNTRUSTED },
b9a245fb 6856 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 6857 HCI_MGMT_NO_HDEV |
6858 HCI_MGMT_UNTRUSTED },
6859 { read_controller_info, MGMT_READ_INFO_SIZE,
6860 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 6861 { set_powered, MGMT_SETTING_SIZE },
6862 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6863 { set_connectable, MGMT_SETTING_SIZE },
6864 { set_fast_connectable, MGMT_SETTING_SIZE },
6865 { set_bondable, MGMT_SETTING_SIZE },
6866 { set_link_security, MGMT_SETTING_SIZE },
6867 { set_ssp, MGMT_SETTING_SIZE },
6868 { set_hs, MGMT_SETTING_SIZE },
6869 { set_le, MGMT_SETTING_SIZE },
6870 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6871 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6872 { add_uuid, MGMT_ADD_UUID_SIZE },
6873 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 6874 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6875 HCI_MGMT_VAR_LEN },
6876 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6877 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6878 { disconnect, MGMT_DISCONNECT_SIZE },
6879 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6880 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6881 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6882 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6883 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6884 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6885 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6886 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6887 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6888 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6889 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 6890 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6891 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6892 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6893 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6894 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6895 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6896 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6897 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6898 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6899 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6900 { set_advertising, MGMT_SETTING_SIZE },
6901 { set_bredr, MGMT_SETTING_SIZE },
6902 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6903 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6904 { set_secure_conn, MGMT_SETTING_SIZE },
6905 { set_debug_keys, MGMT_SETTING_SIZE },
6906 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 6907 { load_irks, MGMT_LOAD_IRKS_SIZE,
6908 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6909 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6910 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6911 { add_device, MGMT_ADD_DEVICE_SIZE },
6912 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 6913 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6914 HCI_MGMT_VAR_LEN },
6915 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 6916 HCI_MGMT_NO_HDEV |
6917 HCI_MGMT_UNTRUSTED },
b9a245fb 6918 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 6919 HCI_MGMT_UNCONFIGURED |
6920 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 6921 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6922 HCI_MGMT_UNCONFIGURED },
6923 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6924 HCI_MGMT_UNCONFIGURED },
6925 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6926 HCI_MGMT_VAR_LEN },
4f0f155c 6927 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 6928 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 6929 HCI_MGMT_NO_HDEV |
6930 HCI_MGMT_UNTRUSTED },
d3d5305b 6931 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 6932 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6933 HCI_MGMT_VAR_LEN },
da929335 6934 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
0f4e68cf
JH		 6935};
6936
bf6b56db 6937void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6938{
ced85549 6939 struct mgmt_ev_ext_index ev;
bb4b2a9a 6940
0602a8ad
MH		 6941 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6942 return;
6943
f9207338
MH		 6944 switch (hdev->dev_type) {
6945 case HCI_BREDR:
6946 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6947 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6948 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6949 ev.type = 0x01;
f9207338
MH		 6950 } else {
6951 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6952 HCI_MGMT_INDEX_EVENTS);
ced85549 6953 ev.type = 0x00;
f9207338
MH		 6954 }
6955 break;
ced85549
MH		 6956 case HCI_AMP:
6957 ev.type = 0x02;
6958 break;
6959 default:
6960 return;
f9207338 6961 }
ced85549
MH		 6962
6963 ev.bus = hdev->bus;
6964
6965 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6966 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 6967}
6968
bf6b56db 6969void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6970{
ced85549 6971 struct mgmt_ev_ext_index ev;
5f159032 6972 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6973
0602a8ad
MH		 6974 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6975 return;
6976
f9207338
MH		 6977 switch (hdev->dev_type) {
6978 case HCI_BREDR:
6979 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6980
f9207338
MH		 6981 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6982 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6983 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6984 ev.type = 0x01;
f9207338
MH		 6985 } else {
6986 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6987 HCI_MGMT_INDEX_EVENTS);
ced85549 6988 ev.type = 0x00;
f9207338
MH		 6989 }
6990 break;
ced85549
MH		 6991 case HCI_AMP:
6992 ev.type = 0x02;
6993 break;
6994 default:
6995 return;
f9207338 6996 }
ced85549
MH		 6997
6998 ev.bus = hdev->bus;
6999
7000 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
7001 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 7002}
7003
6046dc3e 7004/* This function requires the caller holds hdev->lock */
2cf22218 7005static void restart_le_actions(struct hci_request *req)
6046dc3e 7006{
2cf22218 7007 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 7008 struct hci_conn_params *p;
7009
7010 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 7011 /* Needed for AUTO_OFF case where might not "really"
7012 * have been powered off.
7013 */
7014 list_del_init(&p->action);
7015
7016 switch (p->auto_connect) {
4b9e7e75 7017 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 7018 case HCI_AUTO_CONN_ALWAYS:
7019 list_add(&p->action, &hdev->pend_le_conns);
7020 break;
7021 case HCI_AUTO_CONN_REPORT:
7022 list_add(&p->action, &hdev->pend_le_reports);
7023 break;
7024 default:
7025 break;
c83ed19d 7026 }
6046dc3e 7027 }
c83ed19d 7028
2cf22218 7029 __hci_update_background_scan(req);
6046dc3e
AG		 7030}
7031
1904a853 7032static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 7033{
7034 struct cmd_lookup match = { NULL, hdev };
7035
7036 BT_DBG("status 0x%02x", status);
7037
162a3bac
MH		 7038 if (!status) {
7039 /* Register the available SMP channels (BR/EDR and LE) only
7040 * when successfully powering on the controller. This late
7041 * registration is required so that LE SMP can clearly
7042 * decide if the public address or static address is used.
7043 */
7044 smp_register(hdev);
7045 }
7046
229ab39c
JH		 7047 hci_dev_lock(hdev);
7048
7049 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7050
7051 new_settings(hdev, match.sk);
7052
7053 hci_dev_unlock(hdev);
7054
7055 if (match.sk)
7056 sock_put(match.sk);
7057}
7058
70da6243 7059static int powered_update_hci(struct hci_dev *hdev)
5add6af8 7060{
890ea898 7061 struct hci_request req;
70da6243 7062 u8 link_sec;
5add6af8 7063
890ea898
JH		 7064 hci_req_init(&req, hdev);
7065
d7a5a11d 7066 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
70da6243 7067 !lmp_host_ssp_capable(hdev)) {
574ea3c7 7068 u8 mode = 0x01;
5e5282bb 7069
574ea3c7
MH		 7070 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
7071
7072 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
7073 u8 support = 0x01;
5add6af8 7074
574ea3c7
MH		 7075 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
7076 sizeof(support), &support);
7077 }
ec6f99b8
JH		 7078 }
7079
d7a5a11d 7080 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
c73eee91 7081 lmp_bredr_capable(hdev)) {
70da6243 7082 struct hci_cp_write_le_host_supported cp;
f0ff92fb 7083
32226e4f
MH		 7084 cp.le = 0x01;
7085 cp.simul = 0x00;
3d1cbdd6 7086
70da6243
JH		 7087 /* Check first if we already have the right
7088 * host state (host features set)
7089 */
7090 if (cp.le != lmp_host_le_capable(hdev) ||
7091 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 7092 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
7093 sizeof(cp), &cp);
70da6243 7094 }
3d1cbdd6 7095
d13eafce 7096 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 7097 /* Make sure the controller has a good default for
7098 * advertising data. This also applies to the case
7099 * where BR/EDR was toggled during the AUTO_OFF phase.
7100 */
d7a5a11d 7101 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
5947f4bc 7102 update_adv_data(&req);
f14d8f64
MH		 7103 update_scan_rsp_data(&req);
7104 }
441ad2d0 7105
24b4f38f
AU		 7106 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7107 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
bba3aa55 7108 enable_advertising(&req);
2cf22218
JH		 7109
7110 restart_le_actions(&req);
eeca6f89
JH		 7111 }
7112
d7a5a11d 7113 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
70da6243 7114 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 7115 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
7116 sizeof(link_sec), &link_sec);
562fcc24 7117
70da6243 7118 if (lmp_bredr_capable(hdev)) {
d7a5a11d 7119 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
406ef2a6
JH		 7120 write_fast_connectable(&req, true);
7121 else
7122 write_fast_connectable(&req, false);
1d2dc5b7 7123 __hci_update_page_scan(&req);
890ea898 7124 update_class(&req);
13928971 7125 update_name(&req);
890ea898 7126 update_eir(&req);
70da6243 7127 }
562fcc24 7128
229ab39c 7129 return hci_req_run(&req, powered_complete);
70da6243 7130}
562fcc24 7131
70da6243
JH		 7132int mgmt_powered(struct hci_dev *hdev, u8 powered)
7133{
7134 struct cmd_lookup match = { NULL, hdev };
9845904f 7135 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 7136 int err;
f0ff92fb 7137
d7a5a11d 7138 if (!hci_dev_test_flag(hdev, HCI_MGMT))
70da6243
JH		 7139 return 0;
7140
70da6243 7141 if (powered) {
229ab39c
JH		 7142 if (powered_update_hci(hdev) == 0)
7143 return 0;
fe038884 7144
229ab39c
JH		 7145 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
7146 &match);
7147 goto new_settings;
b24752fe
JH		 7148 }
7149
229ab39c 7150 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 7151
7152 /* If the power off is because of hdev unregistration let
7153 * use the appropriate INVALID_INDEX status. Otherwise use
7154 * NOT_POWERED. We cover both scenarios here since later in
7155 * mgmt_index_removed() any hci_conn callbacks will have already
7156 * been triggered, potentially causing misleading DISCONNECTED
7157 * status responses.
7158 */
d7a5a11d 7159 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 7160 status = MGMT_STATUS_INVALID_INDEX;
7161 else
7162 status = MGMT_STATUS_NOT_POWERED;
7163
7164 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 7165
7166 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
f6b7712e
MH		 7167 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7168 zero_cod, sizeof(zero_cod), NULL);
229ab39c
JH		 7169
7170new_settings:
beadb2bd 7171 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 7172
7173 if (match.sk)
7174 sock_put(match.sk);
7175
7bb895d6 7176 return err;
5add6af8 7177}
73f22f62 7178
3eec705e 7179void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 7180{
3b0602cd 7181 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 7182 u8 status;
7183
333ae95d 7184 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 7185 if (!cmd)
3eec705e 7186 return;
96570ffc
JH		 7187
7188 if (err == -ERFKILL)
7189 status = MGMT_STATUS_RFKILLED;
7190 else
7191 status = MGMT_STATUS_FAILED;
7192
a69e8375 7193 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 7194
7195 mgmt_pending_remove(cmd);
96570ffc
JH		 7196}
7197
d1967ff8
MH		 7198void mgmt_discoverable_timeout(struct hci_dev *hdev)
7199{
7200 struct hci_request req;
d1967ff8
MH		 7201
7202 hci_dev_lock(hdev);
7203
7204 /* When discoverable timeout triggers, then just make sure
7205 * the limited discoverable flag is cleared. Even in the case
7206 * of a timeout triggered from general discoverable, it is
7207 * safe to unconditionally clear the flag.
7208 */
a358dc11
MH		 7209 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
7210 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
d1967ff8
MH		 7211
7212 hci_req_init(&req, hdev);
d7a5a11d 7213 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4b580614
JH		 7214 u8 scan = SCAN_PAGE;
7215 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
7216 sizeof(scan), &scan);
7217 }
d1967ff8 7218 update_class(&req);
24b4f38f
AU		 7219
7220 /* Advertising instances don't use the global discoverable setting, so
7221 * only update AD if advertising was enabled using Set Advertising.
7222 */
7223 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7224 update_adv_data(&req);
7225
d1967ff8
MH		 7226 hci_req_run(&req, NULL);
7227
7228 hdev->discov_timeout = 0;
7229
9a43e25f
JH		 7230 new_settings(hdev, NULL);
7231
d1967ff8
MH		 7232 hci_dev_unlock(hdev);
7233}
7234
dc4a5ee2
MH		 7235void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7236 bool persistent)
55ed8ca1 7237{
86742e1e 7238 struct mgmt_ev_new_link_key ev;
55ed8ca1 7239
a492cd52 7240 memset(&ev, 0, sizeof(ev));
55ed8ca1 7241
a492cd52 7242 ev.store_hint = persistent;
d753fdc4 7243 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 7244 ev.key.addr.type = BDADDR_BREDR;
a492cd52 7245 ev.key.type = key->type;
9b3b4460 7246 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 7247 ev.key.pin_len = key->pin_len;
55ed8ca1 7248
dc4a5ee2 7249 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 7250}
f7520543 7251
d7b25450
JH		 7252static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7253{
23fb8de3
JH		 7254 switch (ltk->type) {
7255 case SMP_LTK:
7256 case SMP_LTK_SLAVE:
7257 if (ltk->authenticated)
7258 return MGMT_LTK_AUTHENTICATED;
7259 return MGMT_LTK_UNAUTHENTICATED;
7260 case SMP_LTK_P256:
7261 if (ltk->authenticated)
7262 return MGMT_LTK_P256_AUTH;
7263 return MGMT_LTK_P256_UNAUTH;
7264 case SMP_LTK_P256_DEBUG:
7265 return MGMT_LTK_P256_DEBUG;
7266 }
d7b25450
JH		 7267
7268 return MGMT_LTK_UNAUTHENTICATED;
7269}
7270
53ac6ab6 7271void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 7272{
7273 struct mgmt_ev_new_long_term_key ev;
7274
7275 memset(&ev, 0, sizeof(ev));
7276
5192d301
MH		 7277 /* Devices using resolvable or non-resolvable random addresses
7278 * without providing an indentity resolving key don't require
7279 * to store long term keys. Their addresses will change the
7280 * next time around.
7281 *
7282 * Only when a remote device provides an identity address
7283 * make sure the long term key is stored. If the remote
7284 * identity is known, the long term keys are internally
7285 * mapped to the identity address. So allow static random
7286 * and public addresses here.
7287 */
ba74b666
JH		 7288 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7289 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7290 ev.store_hint = 0x00;
7291 else
53ac6ab6 7292 ev.store_hint = persistent;
ba74b666 7293
346af67b 7294 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 7295 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 7296 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 7297 ev.key.enc_size = key->enc_size;
7298 ev.key.ediv = key->ediv;
fe39c7b2 7299 ev.key.rand = key->rand;
346af67b 7300
2ceba539 7301 if (key->type == SMP_LTK)
346af67b
VCG		 7302 ev.key.master = 1;
7303
346af67b
VCG		 7304 memcpy(ev.key.val, key->val, sizeof(key->val));
7305
083368f7 7306 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 7307}
7308
95fbac8a
JH		 7309void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
7310{
7311 struct mgmt_ev_new_irk ev;
7312
7313 memset(&ev, 0, sizeof(ev));
7314
bab6d1e5
MH		 7315 /* For identity resolving keys from devices that are already
7316 * using a public address or static random address, do not
7317 * ask for storing this key. The identity resolving key really
7318 * is only mandatory for devices using resovlable random
7319 * addresses.
7320 *
7321 * Storing all identity resolving keys has the downside that
7322 * they will be also loaded on next boot of they system. More
7323 * identity resolving keys, means more time during scanning is
7324 * needed to actually resolve these addresses.
7325 */
7326 if (bacmp(&irk->rpa, BDADDR_ANY))
7327 ev.store_hint = 0x01;
7328 else
7329 ev.store_hint = 0x00;
7330
95fbac8a
JH		 7331 bacpy(&ev.rpa, &irk->rpa);
7332 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7333 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7334 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7335
7336 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7337}
7338
53ac6ab6
MH		 7339void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7340 bool persistent)
7ee4ea36
MH		 7341{
7342 struct mgmt_ev_new_csrk ev;
7343
7344 memset(&ev, 0, sizeof(ev));
7345
7346 /* Devices using resolvable or non-resolvable random addresses
7347 * without providing an indentity resolving key don't require
7348 * to store signature resolving keys. Their addresses will change
7349 * the next time around.
7350 *
7351 * Only when a remote device provides an identity address
7352 * make sure the signature resolving key is stored. So allow
7353 * static random and public addresses here.
7354 */
7355 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7356 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7357 ev.store_hint = 0x00;
7358 else
53ac6ab6 7359 ev.store_hint = persistent;
7ee4ea36
MH		 7360
7361 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7362 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 7363 ev.key.type = csrk->type;
7ee4ea36
MH		 7364 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7365
7366 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7367}
7368
ffb5a827 7369void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 7370 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7371 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 7372{
7373 struct mgmt_ev_new_conn_param ev;
7374
c103aea6
JH		 7375 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7376 return;
7377
ffb5a827
AG		 7378 memset(&ev, 0, sizeof(ev));
7379 bacpy(&ev.addr.bdaddr, bdaddr);
7380 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 7381 ev.store_hint = store_hint;
ffb5a827
AG		 7382 ev.min_interval = cpu_to_le16(min_interval);
7383 ev.max_interval = cpu_to_le16(max_interval);
7384 ev.latency = cpu_to_le16(latency);
7385 ev.timeout = cpu_to_le16(timeout);
7386
7387 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7388}
7389
48ec92fa
AA		 7390void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7391 u32 flags, u8 *name, u8 name_len)
f7520543 7392{
b644ba33
JH		 7393 char buf[512];
7394 struct mgmt_ev_device_connected *ev = (void *) buf;
7395 u16 eir_len = 0;
f7520543 7396
48ec92fa
AA		 7397 bacpy(&ev->addr.bdaddr, &conn->dst);
7398 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 7399
c95f0ba7 7400 ev->flags = __cpu_to_le32(flags);
08c79b61 7401
fd45ada9
AA		 7402 /* We must ensure that the EIR Data fields are ordered and
7403 * unique. Keep it simple for now and avoid the problem by not
7404 * adding any BR/EDR data to the LE adv.
7405 */
7406 if (conn->le_adv_data_len > 0) {
7407 memcpy(&ev->eir[eir_len],
7408 conn->le_adv_data, conn->le_adv_data_len);
7409 eir_len = conn->le_adv_data_len;
7410 } else {
7411 if (name_len > 0)
7412 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7413 name, name_len);
b644ba33 7414
ddbea5cf 7415 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 7416 eir_len = eir_append_data(ev->eir, eir_len,
7417 EIR_CLASS_OF_DEV,
7418 conn->dev_class, 3);
7419 }
b644ba33 7420
eb55ef07 7421 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 7422
ecd90ae7
MH		 7423 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7424 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 7425}
7426
3b0602cd 7427static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 7428{
8962ee74 7429 struct sock **sk = data;
8962ee74 7430
f5818c22 7431 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 7432
7433 *sk = cmd->sk;
7434 sock_hold(*sk);
7435
a664b5bc 7436 mgmt_pending_remove(cmd);
8962ee74
JH		 7437}
7438
3b0602cd 7439static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 7440{
b1078ad0 7441 struct hci_dev *hdev = data;
124f6e35 7442 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 7443
b1078ad0
JH		 7444 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7445
d8b7b1e4 7446 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 7447 mgmt_pending_remove(cmd);
7448}
7449
84c61d92
JH		 7450bool mgmt_powering_down(struct hci_dev *hdev)
7451{
3b0602cd 7452 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 7453 struct mgmt_mode *cp;
7454
333ae95d 7455 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 7456 if (!cmd)
7457 return false;
7458
7459 cp = cmd->param;
7460 if (!cp->val)
7461 return true;
7462
7463 return false;
7464}
7465
9b80ec5e 7466void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 7467 u8 link_type, u8 addr_type, u8 reason,
7468 bool mgmt_connected)
f7520543 7469{
f0d6a0ea 7470 struct mgmt_ev_device_disconnected ev;
8962ee74 7471 struct sock *sk = NULL;
8962ee74 7472
84c61d92
JH		 7473 /* The connection is still in hci_conn_hash so test for 1
7474 * instead of 0 to know if this is the last one.
7475 */
7476 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7477 cancel_delayed_work(&hdev->power_off);
7478 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 7479 }
7480
12d4a3b2
JH		 7481 if (!mgmt_connected)
7482 return;
7483
57eb776f
AG		 7484 if (link_type != ACL_LINK && link_type != LE_LINK)
7485 return;
7486
744cf19e 7487 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 7488
f0d6a0ea
MA		 7489 bacpy(&ev.addr.bdaddr, bdaddr);
7490 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7491 ev.reason = reason;
f7520543 7492
9b80ec5e 7493 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 7494
7495 if (sk)
d97dcb66 7496 sock_put(sk);
8962ee74 7497
124f6e35 7498 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 7499 hdev);
8962ee74
JH		 7500}
7501
7892924c
MH		 7502void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7503 u8 link_type, u8 addr_type, u8 status)
8962ee74 7504{
3655bba8
AG		 7505 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7506 struct mgmt_cp_disconnect *cp;
3b0602cd 7507 struct mgmt_pending_cmd *cmd;
8962ee74 7508
36a75f1b
JD		 7509 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7510 hdev);
7511
333ae95d 7512 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 7513 if (!cmd)
7892924c 7514 return;
8962ee74 7515
3655bba8
AG		 7516 cp = cmd->param;
7517
7518 if (bacmp(bdaddr, &cp->addr.bdaddr))
7519 return;
7520
7521 if (cp->addr.type != bdaddr_type)
7522 return;
7523
f5818c22 7524 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7525 mgmt_pending_remove(cmd);
f7520543 7526}
17d5c04c 7527
445608d0
MH		 7528void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7529 u8 addr_type, u8 status)
17d5c04c
JH		 7530{
7531 struct mgmt_ev_connect_failed ev;
c9910d0f 7532
84c61d92
JH		 7533 /* The connection is still in hci_conn_hash so test for 1
7534 * instead of 0 to know if this is the last one.
7535 */
7536 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7537 cancel_delayed_work(&hdev->power_off);
7538 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 7539 }
17d5c04c 7540
4c659c39 7541 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7542 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 7543 ev.status = mgmt_status(status);
17d5c04c 7544
445608d0 7545 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 7546}
980e1a53 7547
ce0e4a0d 7548void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 7549{
7550 struct mgmt_ev_pin_code_request ev;
7551
d8457698 7552 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 7553 ev.addr.type = BDADDR_BREDR;
a770bb5a 7554 ev.secure = secure;
980e1a53 7555
ce0e4a0d 7556 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 7557}
7558
e669cf80
MH		 7559void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7560 u8 status)
980e1a53 7561{
3b0602cd 7562 struct mgmt_pending_cmd *cmd;
980e1a53 7563
333ae95d 7564 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 7565 if (!cmd)
e669cf80 7566 return;
980e1a53 7567
7776d1d8 7568 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7569 mgmt_pending_remove(cmd);
980e1a53
JH		 7570}
7571
3eb38528
MH		 7572void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7573 u8 status)
980e1a53 7574{
3b0602cd 7575 struct mgmt_pending_cmd *cmd;
980e1a53 7576
333ae95d 7577 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 7578 if (!cmd)
3eb38528 7579 return;
980e1a53 7580
7776d1d8 7581 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7582 mgmt_pending_remove(cmd);
980e1a53 7583}
a5c29683 7584
744cf19e 7585int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 7586 u8 link_type, u8 addr_type, u32 value,
04124681 7587 u8 confirm_hint)
a5c29683
JH		 7588{
7589 struct mgmt_ev_user_confirm_request ev;
7590
744cf19e 7591 BT_DBG("%s", hdev->name);
a5c29683 7592
272d90df 7593 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7594 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 7595 ev.confirm_hint = confirm_hint;
39adbffe 7596 ev.value = cpu_to_le32(value);
a5c29683 7597
744cf19e 7598 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 7599 NULL);
a5c29683
JH		 7600}
7601
272d90df 7602int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7603 u8 link_type, u8 addr_type)
604086b7
BG		 7604{
7605 struct mgmt_ev_user_passkey_request ev;
7606
7607 BT_DBG("%s", hdev->name);
7608
272d90df 7609 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7610 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7611
7612 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7613 NULL);
604086b7
BG		 7614}
7615
0df4c185 7616static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7617 u8 link_type, u8 addr_type, u8 status,
7618 u8 opcode)
a5c29683 7619{
3b0602cd 7620 struct mgmt_pending_cmd *cmd;
a5c29683 7621
333ae95d 7622 cmd = pending_find(opcode, hdev);
a5c29683
JH		 7623 if (!cmd)
7624 return -ENOENT;
7625
7776d1d8 7626 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7627 mgmt_pending_remove(cmd);
a5c29683 7628
7776d1d8 7629 return 0;
a5c29683
JH		 7630}
7631
744cf19e 7632int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7633 u8 link_type, u8 addr_type, u8 status)
a5c29683 7634{
272d90df 7635 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7636 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7637}
7638
272d90df 7639int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7640 u8 link_type, u8 addr_type, u8 status)
a5c29683 7641{
272d90df 7642 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7643 status,
7644 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7645}
2a611692 7646
604086b7 7647int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7648 u8 link_type, u8 addr_type, u8 status)
604086b7 7649{
272d90df 7650 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7651 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7652}
7653
272d90df 7654int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7655 u8 link_type, u8 addr_type, u8 status)
604086b7 7656{
272d90df 7657 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7658 status,
7659 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7660}
7661
92a25256
JH		 7662int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7663 u8 link_type, u8 addr_type, u32 passkey,
7664 u8 entered)
7665{
7666 struct mgmt_ev_passkey_notify ev;
7667
7668 BT_DBG("%s", hdev->name);
7669
7670 bacpy(&ev.addr.bdaddr, bdaddr);
7671 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7672 ev.passkey = __cpu_to_le32(passkey);
7673 ev.entered = entered;
7674
7675 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7676}
7677
e1e930f5 7678void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7679{
7680 struct mgmt_ev_auth_failed ev;
3b0602cd 7681 struct mgmt_pending_cmd *cmd;
e1e930f5 7682 u8 status = mgmt_status(hci_status);
2a611692 7683
e1e930f5
JH		 7684 bacpy(&ev.addr.bdaddr, &conn->dst);
7685 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7686 ev.status = status;
2a611692 7687
e1e930f5
JH		 7688 cmd = find_pairing(conn);
7689
7690 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7691 cmd ? cmd->sk : NULL);
7692
a511b35b
JH		 7693 if (cmd) {
7694 cmd->cmd_complete(cmd, status);
7695 mgmt_pending_remove(cmd);
7696 }
2a611692 7697}
b312b161 7698
464996ae 7699void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7700{
7701 struct cmd_lookup match = { NULL, hdev };
464996ae 7702 bool changed;
33ef95ed
JH		 7703
7704 if (status) {
7705 u8 mgmt_err = mgmt_status(status);
7706 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7707 cmd_status_rsp, &mgmt_err);
464996ae 7708 return;
33ef95ed
JH		 7709 }
7710
464996ae 7711 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7712 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7713 else
a69d8927 7714 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 7715
33ef95ed 7716 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7717 &match);
33ef95ed 7718
47990ea0 7719 if (changed)
464996ae 7720 new_settings(hdev, match.sk);
33ef95ed
JH		 7721
7722 if (match.sk)
7723 sock_put(match.sk);
33ef95ed
JH		 7724}
7725
890ea898 7726static void clear_eir(struct hci_request *req)
cacaf52f 7727{
890ea898 7728 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7729 struct hci_cp_write_eir cp;
7730
976eb20e 7731 if (!lmp_ext_inq_capable(hdev))
890ea898 7732 return;
cacaf52f 7733
c80da27e
JH		 7734 memset(hdev->eir, 0, sizeof(hdev->eir));
7735
cacaf52f
JH		 7736 memset(&cp, 0, sizeof(cp));
7737
890ea898 7738 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7739}
7740
3e248560 7741void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7742{
7743 struct cmd_lookup match = { NULL, hdev };
890ea898 7744 struct hci_request req;
c0ecddc2 7745 bool changed = false;
ed2c4ee3
JH		 7746
7747 if (status) {
7748 u8 mgmt_err = mgmt_status(status);
c0ecddc2 7749
a69d8927
MH		 7750 if (enable && hci_dev_test_and_clear_flag(hdev,
7751 HCI_SSP_ENABLED)) {
a358dc11 7752 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 7753 new_settings(hdev, NULL);
9ecb3e24 7754 }
c0ecddc2 7755
04124681
GP		 7756 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7757 &mgmt_err);
3e248560 7758 return;
c0ecddc2
JH		 7759 }
7760
7761 if (enable) {
238be788 7762 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7763 } else {
a69d8927 7764 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7765 if (!changed)
a69d8927
MH		 7766 changed = hci_dev_test_and_clear_flag(hdev,
7767 HCI_HS_ENABLED);
9ecb3e24 7768 else
a358dc11 7769 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7770 }
7771
7772 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7773
c0ecddc2 7774 if (changed)
3e248560 7775 new_settings(hdev, match.sk);
ed2c4ee3 7776
5fc6ebb1 7777 if (match.sk)
ed2c4ee3
JH		 7778 sock_put(match.sk);
7779
890ea898
JH		 7780 hci_req_init(&req, hdev);
7781
d7a5a11d
MH		 7782 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7783 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7784 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7785 sizeof(enable), &enable);
890ea898 7786 update_eir(&req);
3769972b 7787 } else {
890ea898 7788 clear_eir(&req);
3769972b 7789 }
890ea898
JH		 7790
7791 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7792}
7793
3b0602cd 7794static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7795{
7796 struct cmd_lookup *match = data;
7797
90e70454
JH		 7798 if (match->sk == NULL) {
7799 match->sk = cmd->sk;
7800 sock_hold(match->sk);
7801 }
90e70454
JH		 7802}
7803
4e1b0245
MH		 7804void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7805 u8 status)
7f9a903c 7806{
90e70454 7807 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7808
92da6097
JH		 7809 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7810 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7811 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7812
7813 if (!status)
f6b7712e
MH		 7814 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7815 dev_class, 3, NULL);
90e70454
JH		 7816
7817 if (match.sk)
7818 sock_put(match.sk);
7f9a903c
MH		 7819}
7820
7667da34 7821void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7822{
b312b161 7823 struct mgmt_cp_set_local_name ev;
3b0602cd 7824 struct mgmt_pending_cmd *cmd;
28cc7bde 7825
13928971 7826 if (status)
7667da34 7827 return;
b312b161
JH		 7828
7829 memset(&ev, 0, sizeof(ev));
7830 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7831 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7832
333ae95d 7833 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7834 if (!cmd) {
7835 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7836
13928971
JH		 7837 /* If this is a HCI command related to powering on the
7838 * HCI dev don't send any mgmt signals.
7839 */
333ae95d 7840 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7841 return;
890ea898 7842 }
b312b161 7843
f6b7712e
MH		 7844 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7845 cmd ? cmd->sk : NULL);
b312b161 7846}
c35938b2 7847
4d2d2796 7848void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 7849 u8 *rand192, u8 *hash256, u8 *rand256,
7850 u8 status)
c35938b2 7851{
3b0602cd 7852 struct mgmt_pending_cmd *cmd;
c35938b2 7853
744cf19e 7854 BT_DBG("%s status %u", hdev->name, status);
c35938b2 7855
333ae95d 7856 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 7857 if (!cmd)
3edaf092 7858 return;
c35938b2
SJ		 7859
7860 if (status) {
a69e8375
JH		 7861 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7862 mgmt_status(status));
c35938b2 7863 } else {
66f096f7
JH		 7864 struct mgmt_rp_read_local_oob_data rp;
7865 size_t rp_size = sizeof(rp);
4d2d2796 7866
66f096f7
JH		 7867 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7868 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 7869
66f096f7 7870 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796 7871 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 7872 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
4d2d2796 7873 } else {
66f096f7 7874 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
4d2d2796 7875 }
66f096f7 7876
2a1afb5a
JH		 7877 mgmt_cmd_complete(cmd->sk, hdev->id,
7878 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7879 &rp, rp_size);
c35938b2
SJ		 7880 }
7881
7882 mgmt_pending_remove(cmd);
c35938b2 7883}
e17acd40 7884
799ce93d
JP		 7885static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7886{
7887 int i;
7888
7889 for (i = 0; i < uuid_count; i++) {
7890 if (!memcmp(uuid, uuids[i], 16))
7891 return true;
7892 }
7893
7894 return false;
7895}
7896
b487b9ce
MH		 7897static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7898{
799ce93d
JP		 7899 u16 parsed = 0;
7900
7901 while (parsed < eir_len) {
7902 u8 field_len = eir[0];
7903 u8 uuid[16];
7904 int i;
7905
7906 if (field_len == 0)
7907 break;
7908
7909 if (eir_len - parsed < field_len + 1)
7910 break;
7911
7912 switch (eir[1]) {
7913 case EIR_UUID16_ALL:
7914 case EIR_UUID16_SOME:
7915 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7916 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7917 uuid[13] = eir[i + 3];
7918 uuid[12] = eir[i + 2];
7919 if (has_uuid(uuid, uuid_count, uuids))
7920 return true;
7921 }
7922 break;
7923 case EIR_UUID32_ALL:
7924 case EIR_UUID32_SOME:
7925 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7926 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7927 uuid[15] = eir[i + 5];
7928 uuid[14] = eir[i + 4];
7929 uuid[13] = eir[i + 3];
7930 uuid[12] = eir[i + 2];
7931 if (has_uuid(uuid, uuid_count, uuids))
7932 return true;
7933 }
7934 break;
7935 case EIR_UUID128_ALL:
7936 case EIR_UUID128_SOME:
7937 for (i = 0; i + 17 <= field_len; i += 16) {
7938 memcpy(uuid, eir + i + 2, 16);
7939 if (has_uuid(uuid, uuid_count, uuids))
7940 return true;
7941 }
7942 break;
7943 }
7944
7945 parsed += field_len + 1;
7946 eir += field_len + 1;
7947 }
7948
b487b9ce
MH		 7949 return false;
7950}
7951
4b0e0ced
JP		 7952static void restart_le_scan(struct hci_dev *hdev)
7953{
7954 /* If controller is not scanning we are done. */
d7a5a11d 7955 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 7956 return;
7957
7958 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7959 hdev->discovery.scan_start +
7960 hdev->discovery.scan_duration))
7961 return;
7962
7963 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
7964 DISCOV_LE_RESTART_DELAY);
7965}
7966
48f86b7f
JP		 7967static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7968 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7969{
48f86b7f
JP		 7970 /* If a RSSI threshold has been specified, and
7971 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7972 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7973 * is set, let it through for further processing, as we might need to
7974 * restart the scan.
efb2513f
MH		 7975 *
7976 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7977 * the results are also dropped.
bda157a4
MH		 7978 */
7979 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7980 (rssi == HCI_RSSI_INVALID ||
7981 (rssi < hdev->discovery.rssi &&
7982 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7983 return false;
efb2513f 7984
2976cdeb
JP		 7985 if (hdev->discovery.uuid_count != 0) {
7986 /* If a list of UUIDs is provided in filter, results with no
7987 * matching UUID should be dropped.
b487b9ce 7988 */
2976cdeb
JP		 7989 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7990 hdev->discovery.uuids) &&
7991 !eir_has_uuids(scan_rsp, scan_rsp_len,
7992 hdev->discovery.uuid_count,
7993 hdev->discovery.uuids))
7994 return false;
b487b9ce 7995 }
5d2e9fad 7996
2976cdeb
JP		 7997 /* If duplicate filtering does not report RSSI changes, then restart
7998 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7999 */
2976cdeb
JP		 8000 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
8001 restart_le_scan(hdev);
8002
8003 /* Validate RSSI value against the RSSI threshold once more. */
8004 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8005 rssi < hdev->discovery.rssi)
8006 return false;
8007 }
48f86b7f
JP		 8008
8009 return true;
8010}
8011
8012void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8013 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
8014 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8015{
8016 char buf[512];
8017 struct mgmt_ev_device_found *ev = (void *)buf;
8018 size_t ev_size;
8019
8020 /* Don't send events for a non-kernel initiated discovery. With
8021 * LE one exception is if we have pend_le_reports > 0 in which
8022 * case we're doing passive scanning and want these events.
8023 */
8024 if (!hci_discovery_active(hdev)) {
8025 if (link_type == ACL_LINK)
8026 return;
8027 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
8028 return;
8029 }
8030
82f8b651 8031 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 8032 /* We are using service discovery */
8033 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
8034 scan_rsp_len))
8035 return;
8036 }
8037
8038 /* Make sure that the buffer is big enough. The 5 extra bytes
8039 * are for the potential CoD field.
8040 */
8041 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 8042 return;
8043
48f86b7f
JP		 8044 memset(buf, 0, sizeof(buf));
8045
8046 /* In case of device discovery with BR/EDR devices (pre 1.2), the
8047 * RSSI value was reported as 0 when not available. This behavior
8048 * is kept when using device discovery. This is required for full
8049 * backwards compatibility with the API.
8050 *
8051 * However when using service discovery, the value 127 will be
8052 * returned when the RSSI is not available.
8053 */
8054 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
8055 link_type == ACL_LINK)
8056 rssi = 0;
8057
8058 bacpy(&ev->addr.bdaddr, bdaddr);
8059 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8060 ev->rssi = rssi;
8061 ev->flags = cpu_to_le32(flags);
8062
8063 if (eir_len > 0)
8064 /* Copy EIR or advertising data into event */
8065 memcpy(ev->eir, eir, eir_len);
8066
8067 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
8068 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8069 dev_class, 3);
8070
8071 if (scan_rsp_len > 0)
8072 /* Append scan response data to event */
8073 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
8074
5d2e9fad
JH		 8075 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
8076 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 8077
901801b9 8078 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 8079}
a88a9652 8080
9cf12aee
MH		 8081void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8082 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 8083{
b644ba33
JH		 8084 struct mgmt_ev_device_found *ev;
8085 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
8086 u16 eir_len;
a88a9652 8087
b644ba33 8088 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 8089
b644ba33
JH		 8090 memset(buf, 0, sizeof(buf));
8091
8092 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 8093 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 8094 ev->rssi = rssi;
8095
8096 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 8097 name_len);
b644ba33 8098
eb55ef07 8099 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 8100
9cf12aee 8101 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 8102}
314b2381 8103
2f1e063b 8104void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 8105{
f963e8e9 8106 struct mgmt_ev_discovering ev;
164a6e78 8107
343fb145
AG		 8108 BT_DBG("%s discovering %u", hdev->name, discovering);
8109
f963e8e9
JH		 8110 memset(&ev, 0, sizeof(ev));
8111 ev.type = hdev->discovery.type;
8112 ev.discovering = discovering;
8113
2f1e063b 8114 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 8115}
5e762444 8116
1904a853 8117static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 8118{
8119 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 8120}
8121
8122void mgmt_reenable_advertising(struct hci_dev *hdev)
8123{
8124 struct hci_request req;
8125
24b4f38f
AU		 8126 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
8127 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
5976e608
MH		 8128 return;
8129
8130 hci_req_init(&req, hdev);
8131 enable_advertising(&req);
0ec5ae84 8132 hci_req_run(&req, adv_enable_complete);
5976e608 8133}
6d785aa3
JH		 8134
8135static struct hci_mgmt_chan chan = {
8136 .channel = HCI_CHANNEL_CONTROL,
8137 .handler_count = ARRAY_SIZE(mgmt_handlers),
8138 .handlers = mgmt_handlers,
88b94ce9 8139 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 8140};
8141
8142int mgmt_init(void)
8143{
8144 return hci_mgmt_chan_register(&chan);
8145}
8146
8147void mgmt_exit(void)
8148{
8149 hci_mgmt_chan_unregister(&chan);
8150}
Linux kernel - Deliverables
This page took 0.9576 seconds and 5 git commands to generate.