projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Require SSP enabling before BR/EDR Secure Connections
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236 34
0857dd3b 35#include "hci_request.h"
ac4b7236 36#include "smp.h"
0381101f 37
2da9c55c 38#define MGMT_VERSION 1
854bda19 39#define MGMT_REVISION 8
02d98129 40
e70bb2e8
JH		 41static const u16 mgmt_commands[] = {
42 MGMT_OP_READ_INDEX_LIST,
43 MGMT_OP_READ_INFO,
44 MGMT_OP_SET_POWERED,
45 MGMT_OP_SET_DISCOVERABLE,
46 MGMT_OP_SET_CONNECTABLE,
47 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 48 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 49 MGMT_OP_SET_LINK_SECURITY,
50 MGMT_OP_SET_SSP,
51 MGMT_OP_SET_HS,
52 MGMT_OP_SET_LE,
53 MGMT_OP_SET_DEV_CLASS,
54 MGMT_OP_SET_LOCAL_NAME,
55 MGMT_OP_ADD_UUID,
56 MGMT_OP_REMOVE_UUID,
57 MGMT_OP_LOAD_LINK_KEYS,
58 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_DISCONNECT,
60 MGMT_OP_GET_CONNECTIONS,
61 MGMT_OP_PIN_CODE_REPLY,
62 MGMT_OP_PIN_CODE_NEG_REPLY,
63 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_PAIR_DEVICE,
65 MGMT_OP_CANCEL_PAIR_DEVICE,
66 MGMT_OP_UNPAIR_DEVICE,
67 MGMT_OP_USER_CONFIRM_REPLY,
68 MGMT_OP_USER_CONFIRM_NEG_REPLY,
69 MGMT_OP_USER_PASSKEY_REPLY,
70 MGMT_OP_USER_PASSKEY_NEG_REPLY,
71 MGMT_OP_READ_LOCAL_OOB_DATA,
72 MGMT_OP_ADD_REMOTE_OOB_DATA,
73 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
74 MGMT_OP_START_DISCOVERY,
75 MGMT_OP_STOP_DISCOVERY,
76 MGMT_OP_CONFIRM_NAME,
77 MGMT_OP_BLOCK_DEVICE,
78 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 79 MGMT_OP_SET_DEVICE_ID,
4375f103 80 MGMT_OP_SET_ADVERTISING,
0663ca2a 81 MGMT_OP_SET_BREDR,
d13eafce 82 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 83 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 84 MGMT_OP_SET_SECURE_CONN,
4e39ac81 85 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 86 MGMT_OP_SET_PRIVACY,
41edf160 87 MGMT_OP_LOAD_IRKS,
dd983808 88 MGMT_OP_GET_CONN_INFO,
95868426 89 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 90 MGMT_OP_ADD_DEVICE,
91 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 92 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 93 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 94 MGMT_OP_READ_CONFIG_INFO,
dbece37a 95 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 96 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 97 MGMT_OP_START_SERVICE_DISCOVERY,
e70bb2e8
JH		 98};
99
100static const u16 mgmt_events[] = {
101 MGMT_EV_CONTROLLER_ERROR,
102 MGMT_EV_INDEX_ADDED,
103 MGMT_EV_INDEX_REMOVED,
104 MGMT_EV_NEW_SETTINGS,
105 MGMT_EV_CLASS_OF_DEV_CHANGED,
106 MGMT_EV_LOCAL_NAME_CHANGED,
107 MGMT_EV_NEW_LINK_KEY,
108 MGMT_EV_NEW_LONG_TERM_KEY,
109 MGMT_EV_DEVICE_CONNECTED,
110 MGMT_EV_DEVICE_DISCONNECTED,
111 MGMT_EV_CONNECT_FAILED,
112 MGMT_EV_PIN_CODE_REQUEST,
113 MGMT_EV_USER_CONFIRM_REQUEST,
114 MGMT_EV_USER_PASSKEY_REQUEST,
115 MGMT_EV_AUTH_FAILED,
116 MGMT_EV_DEVICE_FOUND,
117 MGMT_EV_DISCOVERING,
118 MGMT_EV_DEVICE_BLOCKED,
119 MGMT_EV_DEVICE_UNBLOCKED,
120 MGMT_EV_DEVICE_UNPAIRED,
92a25256 121 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 122 MGMT_EV_NEW_IRK,
7ee4ea36 123 MGMT_EV_NEW_CSRK,
8afef092
MH		 124 MGMT_EV_DEVICE_ADDED,
125 MGMT_EV_DEVICE_REMOVED,
ffb5a827 126 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 127 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 128 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 129 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 130};
131
17b02e62 132#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 133
eec8d2bc
JH		 134struct pending_cmd {
135 struct list_head list;
fc2f4b13 136 u16 opcode;
eec8d2bc 137 int index;
c68fb7ff 138 void *param;
323b0b88 139 size_t param_len;
eec8d2bc 140 struct sock *sk;
e9a416b5 141 void *user_data;
9df74653 142 int (*cmd_complete)(struct pending_cmd *cmd, u8 status);
eec8d2bc
JH		 143};
144
ca69b795
JH		 145/* HCI to MGMT error code conversion table */
146static u8 mgmt_status_table[] = {
147 MGMT_STATUS_SUCCESS,
148 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
149 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
150 MGMT_STATUS_FAILED, /* Hardware Failure */
151 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
152 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 153 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 154 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
155 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
156 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
157 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
158 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
159 MGMT_STATUS_BUSY, /* Command Disallowed */
160 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
161 MGMT_STATUS_REJECTED, /* Rejected Security */
162 MGMT_STATUS_REJECTED, /* Rejected Personal */
163 MGMT_STATUS_TIMEOUT, /* Host Timeout */
164 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
166 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
167 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
168 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
169 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
170 MGMT_STATUS_BUSY, /* Repeated Attempts */
171 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
172 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
173 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
174 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
175 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
176 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
177 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
178 MGMT_STATUS_FAILED, /* Unspecified Error */
179 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
180 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
181 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
182 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
183 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
184 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
185 MGMT_STATUS_FAILED, /* Unit Link Key Used */
186 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
187 MGMT_STATUS_TIMEOUT, /* Instant Passed */
188 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
189 MGMT_STATUS_FAILED, /* Transaction Collision */
190 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
191 MGMT_STATUS_REJECTED, /* QoS Rejected */
192 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
193 MGMT_STATUS_REJECTED, /* Insufficient Security */
194 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
195 MGMT_STATUS_BUSY, /* Role Switch Pending */
196 MGMT_STATUS_FAILED, /* Slot Violation */
197 MGMT_STATUS_FAILED, /* Role Switch Failed */
198 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
199 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
200 MGMT_STATUS_BUSY, /* Host Busy Pairing */
201 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
202 MGMT_STATUS_BUSY, /* Controller Busy */
203 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
204 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
205 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
206 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
207 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
208};
209
210static u8 mgmt_status(u8 hci_status)
211{
212 if (hci_status < ARRAY_SIZE(mgmt_status_table))
213 return mgmt_status_table[hci_status];
214
215 return MGMT_STATUS_FAILED;
216}
217
04c60f05
MH		 218static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
219 struct sock *skip_sk)
220{
221 struct sk_buff *skb;
222 struct mgmt_hdr *hdr;
223
224 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
225 if (!skb)
226 return -ENOMEM;
227
228 hdr = (void *) skb_put(skb, sizeof(*hdr));
229 hdr->opcode = cpu_to_le16(event);
230 if (hdev)
231 hdr->index = cpu_to_le16(hdev->id);
232 else
233 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
234 hdr->len = cpu_to_le16(data_len);
235
236 if (data)
237 memcpy(skb_put(skb, data_len), data, data_len);
238
239 /* Time stamp */
240 __net_timestamp(skb);
241
242 hci_send_to_control(skb, skip_sk);
243 kfree_skb(skb);
244
245 return 0;
246}
247
4e51eae9 248static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 249{
250 struct sk_buff *skb;
251 struct mgmt_hdr *hdr;
252 struct mgmt_ev_cmd_status *ev;
56b7d137 253 int err;
f7b64e69 254
34eb525c 255 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 256
790eff44 257 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 258 if (!skb)
259 return -ENOMEM;
260
261 hdr = (void *) skb_put(skb, sizeof(*hdr));
262
dcf4adbf 263 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 264 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 265 hdr->len = cpu_to_le16(sizeof(*ev));
266
267 ev = (void *) skb_put(skb, sizeof(*ev));
268 ev->status = status;
eb55ef07 269 ev->opcode = cpu_to_le16(cmd);
f7b64e69 270
56b7d137
GP		 271 err = sock_queue_rcv_skb(sk, skb);
272 if (err < 0)
f7b64e69
JH		 273 kfree_skb(skb);
274
56b7d137 275 return err;
f7b64e69
JH		 276}
277
aee9b218 278static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 279 void *rp, size_t rp_len)
02d98129
JH		 280{
281 struct sk_buff *skb;
282 struct mgmt_hdr *hdr;
283 struct mgmt_ev_cmd_complete *ev;
56b7d137 284 int err;
02d98129
JH		 285
286 BT_DBG("sock %p", sk);
287
790eff44 288 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 289 if (!skb)
290 return -ENOMEM;
291
292 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 293
dcf4adbf 294 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 295 hdr->index = cpu_to_le16(index);
a38528f1 296 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 297
a38528f1 298 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 299 ev->opcode = cpu_to_le16(cmd);
aee9b218 300 ev->status = status;
8020c16a
SJ		 301
302 if (rp)
303 memcpy(ev->data, rp, rp_len);
02d98129 304
56b7d137
GP		 305 err = sock_queue_rcv_skb(sk, skb);
306 if (err < 0)
02d98129
JH		 307 kfree_skb(skb);
308
e5f0e151 309 return err;
02d98129
JH		 310}
311
04124681
GP		 312static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
313 u16 data_len)
a38528f1
JH		 314{
315 struct mgmt_rp_read_version rp;
316
317 BT_DBG("sock %p", sk);
318
319 rp.version = MGMT_VERSION;
dcf4adbf 320 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 321
aee9b218 322 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 323 sizeof(rp));
a38528f1
JH		 324}
325
04124681
GP		 326static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
327 u16 data_len)
e70bb2e8
JH		 328{
329 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 330 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
331 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 332 __le16 *opcode;
e70bb2e8
JH		 333 size_t rp_size;
334 int i, err;
335
336 BT_DBG("sock %p", sk);
337
338 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
339
340 rp = kmalloc(rp_size, GFP_KERNEL);
341 if (!rp)
342 return -ENOMEM;
343
dcf4adbf
JP		 344 rp->num_commands = cpu_to_le16(num_commands);
345 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 346
347 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
348 put_unaligned_le16(mgmt_commands[i], opcode);
349
350 for (i = 0; i < num_events; i++, opcode++)
351 put_unaligned_le16(mgmt_events[i], opcode);
352
aee9b218 353 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 354 rp_size);
e70bb2e8
JH		 355 kfree(rp);
356
357 return err;
358}
359
04124681
GP		 360static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
361 u16 data_len)
faba42eb 362{
faba42eb 363 struct mgmt_rp_read_index_list *rp;
8035ded4 364 struct hci_dev *d;
a38528f1 365 size_t rp_len;
faba42eb 366 u16 count;
476e44cb 367 int err;
faba42eb
JH		 368
369 BT_DBG("sock %p", sk);
370
371 read_lock(&hci_dev_list_lock);
372
373 count = 0;
bb4b2a9a 374 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 375 if (d->dev_type == HCI_BREDR &&
376 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 377 count++;
faba42eb
JH		 378 }
379
a38528f1
JH		 380 rp_len = sizeof(*rp) + (2 * count);
381 rp = kmalloc(rp_len, GFP_ATOMIC);
382 if (!rp) {
b2c60d42 383 read_unlock(&hci_dev_list_lock);
faba42eb 384 return -ENOMEM;
b2c60d42 385 }
faba42eb 386
476e44cb 387 count = 0;
8035ded4 388 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 389 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 390 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 391 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 392 continue;
393
73d1df2a
MH		 394 /* Devices marked as raw-only are neither configured
395 * nor unconfigured controllers.
396 */
397 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 398 continue;
399
73d1df2a
MH		 400 if (d->dev_type == HCI_BREDR &&
401 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 402 rp->index[count++] = cpu_to_le16(d->id);
403 BT_DBG("Added hci%u", d->id);
404 }
faba42eb
JH		 405 }
406
476e44cb
JH		 407 rp->num_controllers = cpu_to_le16(count);
408 rp_len = sizeof(*rp) + (2 * count);
409
faba42eb
JH		 410 read_unlock(&hci_dev_list_lock);
411
aee9b218 412 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 413 rp_len);
faba42eb 414
a38528f1
JH		 415 kfree(rp);
416
417 return err;
faba42eb
JH		 418}
419
73d1df2a
MH		 420static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
421 void *data, u16 data_len)
422{
423 struct mgmt_rp_read_unconf_index_list *rp;
424 struct hci_dev *d;
425 size_t rp_len;
426 u16 count;
427 int err;
428
429 BT_DBG("sock %p", sk);
430
431 read_lock(&hci_dev_list_lock);
432
433 count = 0;
434 list_for_each_entry(d, &hci_dev_list, list) {
435 if (d->dev_type == HCI_BREDR &&
436 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
437 count++;
438 }
439
440 rp_len = sizeof(*rp) + (2 * count);
441 rp = kmalloc(rp_len, GFP_ATOMIC);
442 if (!rp) {
443 read_unlock(&hci_dev_list_lock);
444 return -ENOMEM;
445 }
446
447 count = 0;
448 list_for_each_entry(d, &hci_dev_list, list) {
449 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 450 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 451 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
452 continue;
453
454 /* Devices marked as raw-only are neither configured
455 * nor unconfigured controllers.
456 */
457 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
458 continue;
459
460 if (d->dev_type == HCI_BREDR &&
461 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
462 rp->index[count++] = cpu_to_le16(d->id);
463 BT_DBG("Added hci%u", d->id);
464 }
465 }
466
467 rp->num_controllers = cpu_to_le16(count);
468 rp_len = sizeof(*rp) + (2 * count);
469
470 read_unlock(&hci_dev_list_lock);
471
472 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
473 0, rp, rp_len);
474
475 kfree(rp);
476
477 return err;
478}
479
dbece37a
MH		 480static bool is_configured(struct hci_dev *hdev)
481{
482 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
483 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
484 return false;
485
486 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
487 !bacmp(&hdev->public_addr, BDADDR_ANY))
488 return false;
489
490 return true;
491}
492
89bc22d2
MH		 493static __le32 get_missing_options(struct hci_dev *hdev)
494{
495 u32 options = 0;
496
dbece37a
MH		 497 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
498 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 499 options |= MGMT_OPTION_EXTERNAL_CONFIG;
500
89bc22d2
MH		 501 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
502 !bacmp(&hdev->public_addr, BDADDR_ANY))
503 options |= MGMT_OPTION_PUBLIC_ADDRESS;
504
505 return cpu_to_le32(options);
506}
507
f4537c04
MH		 508static int new_options(struct hci_dev *hdev, struct sock *skip)
509{
510 __le32 options = get_missing_options(hdev);
511
512 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
513 sizeof(options), skip);
514}
515
dbece37a
MH		 516static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
517{
518 __le32 options = get_missing_options(hdev);
519
520 return cmd_complete(sk, hdev->id, opcode, 0, &options,
521 sizeof(options));
522}
523
9fc3bfb6
MH		 524static int read_config_info(struct sock *sk, struct hci_dev *hdev,
525 void *data, u16 data_len)
526{
527 struct mgmt_rp_read_config_info rp;
89bc22d2 528 u32 options = 0;
9fc3bfb6
MH		 529
530 BT_DBG("sock %p %s", sk, hdev->name);
531
532 hci_dev_lock(hdev);
533
534 memset(&rp, 0, sizeof(rp));
535 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 536
eb1904f4
MH		 537 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
538 options |= MGMT_OPTION_EXTERNAL_CONFIG;
539
9fc3bfb6 540 if (hdev->set_bdaddr)
89bc22d2
MH		 541 options |= MGMT_OPTION_PUBLIC_ADDRESS;
542
543 rp.supported_options = cpu_to_le32(options);
544 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 545
546 hci_dev_unlock(hdev);
547
548 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
549 sizeof(rp));
550}
551
69ab39ea
JH		 552static u32 get_supported_settings(struct hci_dev *hdev)
553{
554 u32 settings = 0;
555
556 settings |= MGMT_SETTING_POWERED;
b2939475 557 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 558 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 559 settings |= MGMT_SETTING_CONNECTABLE;
560 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 561
ed3fa31f 562 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 563 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
564 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 565 settings |= MGMT_SETTING_BREDR;
566 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 567
568 if (lmp_ssp_capable(hdev)) {
569 settings |= MGMT_SETTING_SSP;
570 settings |= MGMT_SETTING_HS;
571 }
e98d2ce2 572
05b3c3e7 573 if (lmp_sc_capable(hdev))
e98d2ce2 574 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 575 }
d7b7e796 576
eeca6f89 577 if (lmp_le_capable(hdev)) {
9d42820f 578 settings |= MGMT_SETTING_LE;
eeca6f89 579 settings |= MGMT_SETTING_ADVERTISING;
a3209694 580 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 581 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 582 }
69ab39ea 583
eb1904f4
MH		 584 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
585 hdev->set_bdaddr)
9fc3bfb6
MH		 586 settings |= MGMT_SETTING_CONFIGURATION;
587
69ab39ea
JH		 588 return settings;
589}
590
591static u32 get_current_settings(struct hci_dev *hdev)
592{
593 u32 settings = 0;
594
f1f0eb02 595 if (hdev_is_powered(hdev))
f0d4b78a
MH		 596 settings |= MGMT_SETTING_POWERED;
597
5e5282bb 598 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 599 settings |= MGMT_SETTING_CONNECTABLE;
600
1a4d3c4b
JH		 601 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
602 settings |= MGMT_SETTING_FAST_CONNECTABLE;
603
5e5282bb 604 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 605 settings |= MGMT_SETTING_DISCOVERABLE;
606
b6ae8457 607 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
b2939475 608 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 609
56f87901 610 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 611 settings |= MGMT_SETTING_BREDR;
612
06199cf8 613 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 614 settings |= MGMT_SETTING_LE;
615
47990ea0 616 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 617 settings |= MGMT_SETTING_LINK_SECURITY;
618
84bde9d6 619 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 620 settings |= MGMT_SETTING_SSP;
621
6d80dfd0
JH		 622 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
623 settings |= MGMT_SETTING_HS;
624
f3d3444a 625 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 626 settings |= MGMT_SETTING_ADVERTISING;
627
e98d2ce2
MH		 628 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
629 settings |= MGMT_SETTING_SECURE_CONN;
630
0663b297 631 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 632 settings |= MGMT_SETTING_DEBUG_KEYS;
633
0f4bd942
JH		 634 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
635 settings |= MGMT_SETTING_PRIVACY;
636
69ab39ea
JH		 637 return settings;
638}
639
ef580372
JH		 640#define PNP_INFO_SVCLASS_ID 0x1200
641
213202ed
JH		 642static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
643{
644 u8 *ptr = data, *uuids_start = NULL;
645 struct bt_uuid *uuid;
646
647 if (len < 4)
648 return ptr;
649
650 list_for_each_entry(uuid, &hdev->uuids, list) {
651 u16 uuid16;
652
653 if (uuid->size != 16)
654 continue;
655
656 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
657 if (uuid16 < 0x1100)
658 continue;
659
660 if (uuid16 == PNP_INFO_SVCLASS_ID)
661 continue;
662
663 if (!uuids_start) {
664 uuids_start = ptr;
665 uuids_start[0] = 1;
666 uuids_start[1] = EIR_UUID16_ALL;
667 ptr += 2;
668 }
669
670 /* Stop if not enough space to put next UUID */
671 if ((ptr - data) + sizeof(u16) > len) {
672 uuids_start[1] = EIR_UUID16_SOME;
673 break;
674 }
675
676 *ptr++ = (uuid16 & 0x00ff);
677 *ptr++ = (uuid16 & 0xff00) >> 8;
678 uuids_start[0] += sizeof(uuid16);
679 }
680
681 return ptr;
682}
683
cdf1963f
JH		 684static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
685{
686 u8 *ptr = data, *uuids_start = NULL;
687 struct bt_uuid *uuid;
688
689 if (len < 6)
690 return ptr;
691
692 list_for_each_entry(uuid, &hdev->uuids, list) {
693 if (uuid->size != 32)
694 continue;
695
696 if (!uuids_start) {
697 uuids_start = ptr;
698 uuids_start[0] = 1;
699 uuids_start[1] = EIR_UUID32_ALL;
700 ptr += 2;
701 }
702
703 /* Stop if not enough space to put next UUID */
704 if ((ptr - data) + sizeof(u32) > len) {
705 uuids_start[1] = EIR_UUID32_SOME;
706 break;
707 }
708
709 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
710 ptr += sizeof(u32);
711 uuids_start[0] += sizeof(u32);
712 }
713
714 return ptr;
715}
716
c00d575b
JH		 717static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
718{
719 u8 *ptr = data, *uuids_start = NULL;
720 struct bt_uuid *uuid;
721
722 if (len < 18)
723 return ptr;
724
725 list_for_each_entry(uuid, &hdev->uuids, list) {
726 if (uuid->size != 128)
727 continue;
728
729 if (!uuids_start) {
730 uuids_start = ptr;
731 uuids_start[0] = 1;
732 uuids_start[1] = EIR_UUID128_ALL;
733 ptr += 2;
734 }
735
736 /* Stop if not enough space to put next UUID */
737 if ((ptr - data) + 16 > len) {
738 uuids_start[1] = EIR_UUID128_SOME;
739 break;
740 }
741
742 memcpy(ptr, uuid->uuid, 16);
743 ptr += 16;
744 uuids_start[0] += 16;
745 }
746
747 return ptr;
748}
749
eb2a8d20
JH		 750static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
751{
752 struct pending_cmd *cmd;
753
754 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
755 if (cmd->opcode == opcode)
756 return cmd;
757 }
758
759 return NULL;
760}
761
95868426
JH		 762static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
763 struct hci_dev *hdev,
764 const void *data)
765{
766 struct pending_cmd *cmd;
767
768 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
769 if (cmd->user_data != data)
770 continue;
771 if (cmd->opcode == opcode)
772 return cmd;
773 }
774
775 return NULL;
776}
777
f14d8f64
MH		 778static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
779{
7a5f4990
MH		 780 u8 ad_len = 0;
781 size_t name_len;
782
783 name_len = strlen(hdev->dev_name);
784 if (name_len > 0) {
785 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
786
787 if (name_len > max_len) {
788 name_len = max_len;
789 ptr[1] = EIR_NAME_SHORT;
790 } else
791 ptr[1] = EIR_NAME_COMPLETE;
792
793 ptr[0] = name_len + 1;
794
795 memcpy(ptr + 2, hdev->dev_name, name_len);
796
797 ad_len += (name_len + 2);
798 ptr += (name_len + 2);
799 }
800
801 return ad_len;
f14d8f64
MH		 802}
803
804static void update_scan_rsp_data(struct hci_request *req)
805{
806 struct hci_dev *hdev = req->hdev;
807 struct hci_cp_le_set_scan_rsp_data cp;
808 u8 len;
809
7751ef1b 810 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 811 return;
812
813 memset(&cp, 0, sizeof(cp));
814
815 len = create_scan_rsp_data(hdev, cp.data);
816
eb438b5f
JH		 817 if (hdev->scan_rsp_data_len == len &&
818 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 819 return;
820
eb438b5f
JH		 821 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
822 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 823
824 cp.length = len;
825
826 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
827}
828
9a43e25f
JH		 829static u8 get_adv_discov_flags(struct hci_dev *hdev)
830{
831 struct pending_cmd *cmd;
832
833 /* If there's a pending mgmt command the flags will not yet have
834 * their final values, so check for this first.
835 */
836 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
837 if (cmd) {
838 struct mgmt_mode *cp = cmd->param;
839 if (cp->val == 0x01)
840 return LE_AD_GENERAL;
841 else if (cp->val == 0x02)
842 return LE_AD_LIMITED;
843 } else {
844 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
845 return LE_AD_LIMITED;
846 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
847 return LE_AD_GENERAL;
848 }
849
850 return 0;
851}
852
46cad2ed 853static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 854{
855 u8 ad_len = 0, flags = 0;
441ad2d0 856
9a43e25f 857 flags |= get_adv_discov_flags(hdev);
441ad2d0 858
e834004b 859 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 860 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 861
862 if (flags) {
863 BT_DBG("adv flags 0x%02x", flags);
864
865 ptr[0] = 2;
866 ptr[1] = EIR_FLAGS;
867 ptr[2] = flags;
868
869 ad_len += 3;
870 ptr += 3;
871 }
872
873 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
874 ptr[0] = 2;
875 ptr[1] = EIR_TX_POWER;
876 ptr[2] = (u8) hdev->adv_tx_power;
877
878 ad_len += 3;
879 ptr += 3;
880 }
881
441ad2d0
MH		 882 return ad_len;
883}
884
5947f4bc 885static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 886{
887 struct hci_dev *hdev = req->hdev;
888 struct hci_cp_le_set_adv_data cp;
889 u8 len;
890
10994ce6 891 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 892 return;
893
894 memset(&cp, 0, sizeof(cp));
895
46cad2ed 896 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 897
898 if (hdev->adv_data_len == len &&
899 memcmp(cp.data, hdev->adv_data, len) == 0)
900 return;
901
902 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
903 hdev->adv_data_len = len;
904
905 cp.length = len;
906
907 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
908}
909
bc6d2d04
JH		 910int mgmt_update_adv_data(struct hci_dev *hdev)
911{
912 struct hci_request req;
913
914 hci_req_init(&req, hdev);
915 update_adv_data(&req);
916
917 return hci_req_run(&req, NULL);
918}
919
ef580372
JH		 920static void create_eir(struct hci_dev *hdev, u8 *data)
921{
922 u8 *ptr = data;
ef580372
JH		 923 size_t name_len;
924
925 name_len = strlen(hdev->dev_name);
926
927 if (name_len > 0) {
928 /* EIR Data type */
929 if (name_len > 48) {
930 name_len = 48;
931 ptr[1] = EIR_NAME_SHORT;
932 } else
933 ptr[1] = EIR_NAME_COMPLETE;
934
935 /* EIR Data length */
936 ptr[0] = name_len + 1;
937
938 memcpy(ptr + 2, hdev->dev_name, name_len);
939
ef580372
JH		 940 ptr += (name_len + 2);
941 }
942
bbaf444a 943 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 944 ptr[0] = 2;
945 ptr[1] = EIR_TX_POWER;
946 ptr[2] = (u8) hdev->inq_tx_power;
947
91c4e9b1
MH		 948 ptr += 3;
949 }
950
2b9be137
MH		 951 if (hdev->devid_source > 0) {
952 ptr[0] = 9;
953 ptr[1] = EIR_DEVICE_ID;
954
955 put_unaligned_le16(hdev->devid_source, ptr + 2);
956 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
957 put_unaligned_le16(hdev->devid_product, ptr + 6);
958 put_unaligned_le16(hdev->devid_version, ptr + 8);
959
2b9be137
MH		 960 ptr += 10;
961 }
962
213202ed 963 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 964 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 965 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 966}
967
890ea898 968static void update_eir(struct hci_request *req)
ef580372 969{
890ea898 970 struct hci_dev *hdev = req->hdev;
ef580372
JH		 971 struct hci_cp_write_eir cp;
972
504c8dcd 973 if (!hdev_is_powered(hdev))
890ea898 974 return;
7770c4aa 975
976eb20e 976 if (!lmp_ext_inq_capable(hdev))
890ea898 977 return;
ef580372 978
84bde9d6 979 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 980 return;
ef580372 981
a8b2d5c2 982 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 983 return;
ef580372
JH		 984
985 memset(&cp, 0, sizeof(cp));
986
987 create_eir(hdev, cp.data);
988
989 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 990 return;
ef580372
JH		 991
992 memcpy(hdev->eir, cp.data, sizeof(cp.data));
993
890ea898 994 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 995}
996
997static u8 get_service_classes(struct hci_dev *hdev)
998{
999 struct bt_uuid *uuid;
1000 u8 val = 0;
1001
1002 list_for_each_entry(uuid, &hdev->uuids, list)
1003 val |= uuid->svc_hint;
1004
1005 return val;
1006}
1007
890ea898 1008static void update_class(struct hci_request *req)
ef580372 1009{
890ea898 1010 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1011 u8 cod[3];
1012
1013 BT_DBG("%s", hdev->name);
1014
504c8dcd 1015 if (!hdev_is_powered(hdev))
890ea898 1016 return;
7770c4aa 1017
f87ea1da
JH		 1018 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1019 return;
1020
a8b2d5c2 1021 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1022 return;
ef580372
JH		 1023
1024 cod[0] = hdev->minor_class;
1025 cod[1] = hdev->major_class;
1026 cod[2] = get_service_classes(hdev);
1027
6acd7db4
MH		 1028 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1029 cod[1] |= 0x20;
1030
ef580372 1031 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1032 return;
ef580372 1033
890ea898 1034 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1035}
1036
a4858cb9 1037static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 1038{
1039 struct pending_cmd *cmd;
199a2fb1
JH		 1040
1041 /* If there's a pending mgmt command the flag will not yet have
1042 * it's final value, so check for this first.
1043 */
1044 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1045 if (cmd) {
1046 struct mgmt_mode *cp = cmd->param;
a4858cb9 1047 return cp->val;
199a2fb1
JH		 1048 }
1049
a4858cb9 1050 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1051}
1052
0ec5ae84
JH		 1053static void disable_advertising(struct hci_request *req)
1054{
1055 u8 enable = 0x00;
1056
1057 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1058}
1059
199a2fb1
JH		 1060static void enable_advertising(struct hci_request *req)
1061{
1062 struct hci_dev *hdev = req->hdev;
1063 struct hci_cp_le_set_adv_param cp;
8f2a0601 1064 u8 own_addr_type, enable = 0x01;
a4858cb9 1065 bool connectable;
199a2fb1 1066
0ec5ae84
JH		 1067 if (hci_conn_num(hdev, LE_LINK) > 0)
1068 return;
1069
1070 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1071 disable_advertising(req);
1072
5ce194c4 1073 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1074 * hci_update_random_address knows that it's safe to go ahead
1075 * and write a new random address. The flag will be set back on
1076 * as soon as the SET_ADV_ENABLE HCI command completes.
1077 */
5ce194c4 1078 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
8d97250e 1079
a4858cb9 1080 connectable = get_connectable(hdev);
8f2a0601 1081
a4858cb9
JH		 1082 /* Set require_privacy to true only when non-connectable
1083 * advertising is used. In that case it is fine to use a
1084 * non-resolvable private address.
1085 */
1086 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1087 return;
1088
41c90c18 1089 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1090 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1091 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1092 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1093 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1094 cp.channel_map = hdev->le_adv_channel_map;
1095
1096 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1097
1098 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1099}
1100
7d78525d
JH		 1101static void service_cache_off(struct work_struct *work)
1102{
1103 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1104 service_cache.work);
890ea898 1105 struct hci_request req;
7d78525d 1106
a8b2d5c2 1107 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1108 return;
1109
890ea898
JH		 1110 hci_req_init(&req, hdev);
1111
7d78525d
JH		 1112 hci_dev_lock(hdev);
1113
890ea898
JH		 1114 update_eir(&req);
1115 update_class(&req);
7d78525d
JH		 1116
1117 hci_dev_unlock(hdev);
890ea898
JH		 1118
1119 hci_req_run(&req, NULL);
7d78525d
JH		 1120}
1121
d6bfd59c
JH		 1122static void rpa_expired(struct work_struct *work)
1123{
1124 struct hci_dev *hdev = container_of(work, struct hci_dev,
1125 rpa_expired.work);
1126 struct hci_request req;
1127
1128 BT_DBG("");
1129
1130 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1131
0ec5ae84 1132 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
d6bfd59c
JH		 1133 return;
1134
1135 /* The generation of a new RPA and programming it into the
1136 * controller happens in the enable_advertising() function.
1137 */
d6bfd59c 1138 hci_req_init(&req, hdev);
d6bfd59c 1139 enable_advertising(&req);
d6bfd59c
JH		 1140 hci_req_run(&req, NULL);
1141}
1142
6a919082 1143static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1144{
4f87da80 1145 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1146 return;
1147
4f87da80 1148 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1149 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1150
4f87da80
JH		 1151 /* Non-mgmt controlled devices get this bit set
1152 * implicitly so that pairing works for them, however
1153 * for mgmt we require user-space to explicitly enable
1154 * it
1155 */
b6ae8457 1156 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
7d78525d
JH		 1157}
1158
0f4e68cf 1159static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1160 void *data, u16 data_len)
0381101f 1161{
a38528f1 1162 struct mgmt_rp_read_info rp;
f7b64e69 1163
bdb6d971 1164 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1165
09fd0de5 1166 hci_dev_lock(hdev);
f7b64e69 1167
dc4fe30b
JH		 1168 memset(&rp, 0, sizeof(rp));
1169
69ab39ea 1170 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1171
69ab39ea 1172 rp.version = hdev->hci_ver;
eb55ef07 1173 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1174
1175 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1176 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1177
a38528f1 1178 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1179
dc4fe30b 1180 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1181 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1182
09fd0de5 1183 hci_dev_unlock(hdev);
0381101f 1184
bdb6d971 1185 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 1186 sizeof(rp));
0381101f
JH		 1187}
1188
eec8d2bc
JH		 1189static void mgmt_pending_free(struct pending_cmd *cmd)
1190{
1191 sock_put(cmd->sk);
c68fb7ff 1192 kfree(cmd->param);
eec8d2bc
JH		 1193 kfree(cmd);
1194}
1195
366a0336 1196static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1197 struct hci_dev *hdev, void *data,
1198 u16 len)
eec8d2bc
JH		 1199{
1200 struct pending_cmd *cmd;
1201
fca20018 1202 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1203 if (!cmd)
366a0336 1204 return NULL;
eec8d2bc
JH		 1205
1206 cmd->opcode = opcode;
2e58ef3e 1207 cmd->index = hdev->id;
eec8d2bc 1208
323b0b88 1209 cmd->param = kmemdup(data, len, GFP_KERNEL);
c68fb7ff 1210 if (!cmd->param) {
eec8d2bc 1211 kfree(cmd);
366a0336 1212 return NULL;
eec8d2bc
JH		 1213 }
1214
323b0b88 1215 cmd->param_len = len;
eec8d2bc
JH		 1216
1217 cmd->sk = sk;
1218 sock_hold(sk);
1219
2e58ef3e 1220 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1221
366a0336 1222 return cmd;
eec8d2bc
JH		 1223}
1224
744cf19e 1225static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1226 void (*cb)(struct pending_cmd *cmd,
1227 void *data),
04124681 1228 void *data)
eec8d2bc 1229{
a3d09356 1230 struct pending_cmd *cmd, *tmp;
eec8d2bc 1231
a3d09356 1232 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1233 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1234 continue;
1235
eec8d2bc
JH		 1236 cb(cmd, data);
1237 }
1238}
1239
a664b5bc 1240static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1241{
73f22f62
JH		 1242 list_del(&cmd->list);
1243 mgmt_pending_free(cmd);
1244}
1245
69ab39ea 1246static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1247{
69ab39ea 1248 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1249
aee9b218 1250 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1251 sizeof(settings));
8680570b
JH		 1252}
1253
1904a853 1254static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1255{
1256 BT_DBG("%s status 0x%02x", hdev->name, status);
1257
a3172b7e
JH		 1258 if (hci_conn_count(hdev) == 0) {
1259 cancel_delayed_work(&hdev->power_off);
8b064a3a 1260 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1261 }
8b064a3a
JH		 1262}
1263
23a48093 1264static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1265{
1266 struct hci_dev *hdev = req->hdev;
1267 struct hci_cp_remote_name_req_cancel cp;
1268 struct inquiry_entry *e;
1269
1270 switch (hdev->discovery.state) {
1271 case DISCOVERY_FINDING:
1272 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1273 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1274 } else {
1275 cancel_delayed_work(&hdev->le_scan_disable);
1276 hci_req_add_le_scan_disable(req);
1277 }
1278
23a48093 1279 return true;
21a60d30
JH		 1280
1281 case DISCOVERY_RESOLVING:
1282 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1283 NAME_PENDING);
1284 if (!e)
23a48093 1285 break;
21a60d30
JH		 1286
1287 bacpy(&cp.bdaddr, &e->data.bdaddr);
1288 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1289 &cp);
1290
23a48093 1291 return true;
21a60d30
JH		 1292
1293 default:
1294 /* Passive scanning */
23a48093 1295 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
21a60d30 1296 hci_req_add_le_scan_disable(req);
23a48093
JH		 1297 return true;
1298 }
1299
21a60d30
JH		 1300 break;
1301 }
23a48093
JH		 1302
1303 return false;
21a60d30
JH		 1304}
1305
8b064a3a
JH		 1306static int clean_up_hci_state(struct hci_dev *hdev)
1307{
1308 struct hci_request req;
1309 struct hci_conn *conn;
23a48093
JH		 1310 bool discov_stopped;
1311 int err;
8b064a3a
JH		 1312
1313 hci_req_init(&req, hdev);
1314
1315 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1316 test_bit(HCI_PSCAN, &hdev->flags)) {
1317 u8 scan = 0x00;
1318 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1319 }
1320
73e082f8 1321 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
8b064a3a
JH		 1322 disable_advertising(&req);
1323
23a48093 1324 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1325
1326 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1327 struct hci_cp_disconnect dc;
c9910d0f
JH		 1328 struct hci_cp_reject_conn_req rej;
1329
1330 switch (conn->state) {
1331 case BT_CONNECTED:
1332 case BT_CONFIG:
1333 dc.handle = cpu_to_le16(conn->handle);
1334 dc.reason = 0x15; /* Terminated due to Power Off */
1335 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1336 break;
1337 case BT_CONNECT:
1338 if (conn->type == LE_LINK)
1339 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1340 0, NULL);
1341 else if (conn->type == ACL_LINK)
1342 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1343 6, &conn->dst);
1344 break;
1345 case BT_CONNECT2:
1346 bacpy(&rej.bdaddr, &conn->dst);
1347 rej.reason = 0x15; /* Terminated due to Power Off */
1348 if (conn->type == ACL_LINK)
1349 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1350 sizeof(rej), &rej);
1351 else if (conn->type == SCO_LINK)
1352 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1353 sizeof(rej), &rej);
1354 break;
1355 }
8b064a3a
JH		 1356 }
1357
23a48093
JH		 1358 err = hci_req_run(&req, clean_up_hci_complete);
1359 if (!err && discov_stopped)
1360 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1361
1362 return err;
8b064a3a
JH		 1363}
1364
bdb6d971 1365static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1366 u16 len)
eec8d2bc 1367{
650f726d 1368 struct mgmt_mode *cp = data;
366a0336 1369 struct pending_cmd *cmd;
4b34ee78 1370 int err;
eec8d2bc 1371
bdb6d971 1372 BT_DBG("request for %s", hdev->name);
eec8d2bc 1373
a7e80f25
JH		 1374 if (cp->val != 0x00 && cp->val != 0x01)
1375 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1376 MGMT_STATUS_INVALID_PARAMS);
1377
09fd0de5 1378 hci_dev_lock(hdev);
eec8d2bc 1379
87b95ba6
JH		 1380 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1381 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1382 MGMT_STATUS_BUSY);
1383 goto failed;
1384 }
1385
f0d4b78a
MH		 1386 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1387 cancel_delayed_work(&hdev->power_off);
1388
1389 if (cp->val) {
a1d70450
JH		 1390 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1391 data, len);
1392 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1393 goto failed;
1394 }
1395 }
1396
4b34ee78 1397 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1398 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1399 goto failed;
1400 }
1401
2e58ef3e 1402 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1403 if (!cmd) {
1404 err = -ENOMEM;
eec8d2bc 1405 goto failed;
366a0336 1406 }
eec8d2bc 1407
8b064a3a 1408 if (cp->val) {
19202573 1409 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1410 err = 0;
1411 } else {
1412 /* Disconnect connections, stop scans, etc */
1413 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1414 if (!err)
1415 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1416 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1417
8b064a3a
JH		 1418 /* ENODATA means there were no HCI commands queued */
1419 if (err == -ENODATA) {
a3172b7e 1420 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1421 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1422 err = 0;
1423 }
1424 }
eec8d2bc
JH		 1425
1426failed:
09fd0de5 1427 hci_dev_unlock(hdev);
366a0336 1428 return err;
eec8d2bc
JH		 1429}
1430
beadb2bd
JH		 1431static int new_settings(struct hci_dev *hdev, struct sock *skip)
1432{
1433 __le32 ev;
1434
1435 ev = cpu_to_le32(get_current_settings(hdev));
1436
1437 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1438}
1439
91a668b0
JH		 1440int mgmt_new_settings(struct hci_dev *hdev)
1441{
1442 return new_settings(hdev, NULL);
1443}
1444
bd99abdd
JH		 1445struct cmd_lookup {
1446 struct sock *sk;
1447 struct hci_dev *hdev;
1448 u8 mgmt_status;
1449};
1450
1451static void settings_rsp(struct pending_cmd *cmd, void *data)
1452{
1453 struct cmd_lookup *match = data;
1454
1455 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1456
1457 list_del(&cmd->list);
1458
1459 if (match->sk == NULL) {
1460 match->sk = cmd->sk;
1461 sock_hold(match->sk);
1462 }
1463
1464 mgmt_pending_free(cmd);
1465}
1466
1467static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1468{
1469 u8 *status = data;
1470
1471 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1472 mgmt_pending_remove(cmd);
1473}
1474
1b9b5ee5
JH		 1475static void cmd_complete_rsp(struct pending_cmd *cmd, void *data)
1476{
1477 if (cmd->cmd_complete) {
1478 u8 *status = data;
1479
1480 cmd->cmd_complete(cmd, *status);
1481 mgmt_pending_remove(cmd);
1482
1483 return;
1484 }
1485
1486 cmd_status_rsp(cmd, data);
1487}
1488
9df74653 1489static int generic_cmd_complete(struct pending_cmd *cmd, u8 status)
f5818c22 1490{
9df74653
JH		 1491 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1492 cmd->param, cmd->param_len);
f5818c22
JH		 1493}
1494
9df74653 1495static int addr_cmd_complete(struct pending_cmd *cmd, u8 status)
7776d1d8 1496{
9df74653
JH		 1497 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param,
1498 sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1499}
1500
e6fe7986
JH		 1501static u8 mgmt_bredr_support(struct hci_dev *hdev)
1502{
1503 if (!lmp_bredr_capable(hdev))
1504 return MGMT_STATUS_NOT_SUPPORTED;
1505 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1506 return MGMT_STATUS_REJECTED;
1507 else
1508 return MGMT_STATUS_SUCCESS;
1509}
1510
1511static u8 mgmt_le_support(struct hci_dev *hdev)
1512{
1513 if (!lmp_le_capable(hdev))
1514 return MGMT_STATUS_NOT_SUPPORTED;
1515 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1516 return MGMT_STATUS_REJECTED;
1517 else
1518 return MGMT_STATUS_SUCCESS;
1519}
1520
1904a853
MH		 1521static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1522 u16 opcode)
bfaf8c9f
JH		 1523{
1524 struct pending_cmd *cmd;
1525 struct mgmt_mode *cp;
970ba524 1526 struct hci_request req;
bfaf8c9f
JH		 1527 bool changed;
1528
1529 BT_DBG("status 0x%02x", status);
1530
1531 hci_dev_lock(hdev);
1532
1533 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1534 if (!cmd)
1535 goto unlock;
1536
1537 if (status) {
1538 u8 mgmt_err = mgmt_status(status);
1539 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1540 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1541 goto remove_cmd;
1542 }
1543
1544 cp = cmd->param;
d4462a07 1545 if (cp->val) {
bfaf8c9f
JH		 1546 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1547 &hdev->dev_flags);
d4462a07
MH		 1548
1549 if (hdev->discov_timeout > 0) {
1550 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1551 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1552 to);
1553 }
1554 } else {
bfaf8c9f
JH		 1555 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1556 &hdev->dev_flags);
d4462a07 1557 }
bfaf8c9f
JH		 1558
1559 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1560
1561 if (changed)
1562 new_settings(hdev, cmd->sk);
1563
970ba524
MH		 1564 /* When the discoverable mode gets changed, make sure
1565 * that class of device has the limited discoverable
432df05e
JH		 1566 * bit correctly set. Also update page scan based on whitelist
1567 * entries.
970ba524
MH		 1568 */
1569 hci_req_init(&req, hdev);
1d2dc5b7 1570 __hci_update_page_scan(&req);
970ba524
MH		 1571 update_class(&req);
1572 hci_req_run(&req, NULL);
1573
bfaf8c9f
JH		 1574remove_cmd:
1575 mgmt_pending_remove(cmd);
1576
1577unlock:
1578 hci_dev_unlock(hdev);
1579}
1580
bdb6d971 1581static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1582 u16 len)
73f22f62 1583{
650f726d 1584 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1585 struct pending_cmd *cmd;
bfaf8c9f 1586 struct hci_request req;
5e5282bb 1587 u16 timeout;
9a43e25f 1588 u8 scan;
73f22f62
JH		 1589 int err;
1590
bdb6d971 1591 BT_DBG("request for %s", hdev->name);
73f22f62 1592
9a43e25f
JH		 1593 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1594 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1595 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1596 MGMT_STATUS_REJECTED);
33c525c0 1597
310a3d48 1598 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1599 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1600 MGMT_STATUS_INVALID_PARAMS);
1601
1f350c87 1602 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1603
1604 /* Disabling discoverable requires that no timeout is set,
1605 * and enabling limited discoverable requires a timeout.
1606 */
1607 if ((cp->val == 0x00 && timeout > 0) ||
1608 (cp->val == 0x02 && timeout == 0))
bdb6d971 1609 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1610 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1611
09fd0de5 1612 hci_dev_lock(hdev);
73f22f62 1613
5e5282bb 1614 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1615 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1616 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1617 goto failed;
1618 }
1619
2e58ef3e 1620 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1621 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1622 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1623 MGMT_STATUS_BUSY);
73f22f62
JH		 1624 goto failed;
1625 }
1626
5e5282bb 1627 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1628 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1629 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1630 goto failed;
1631 }
1632
1633 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1634 bool changed = false;
1635
310a3d48
MH		 1636 /* Setting limited discoverable when powered off is
1637 * not a valid operation since it requires a timeout
1638 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1639 */
0224d2fa
JH		 1640 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1641 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1642 changed = true;
1643 }
1644
5e5282bb 1645 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1646 if (err < 0)
1647 goto failed;
1648
1649 if (changed)
1650 err = new_settings(hdev, sk);
1651
5e5282bb
JH		 1652 goto failed;
1653 }
1654
310a3d48
MH		 1655 /* If the current mode is the same, then just update the timeout
1656 * value with the new value. And if only the timeout gets updated,
1657 * then no need for any HCI transactions.
1658 */
1659 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1660 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1661 &hdev->dev_flags)) {
36261547
MH		 1662 cancel_delayed_work(&hdev->discov_off);
1663 hdev->discov_timeout = timeout;
955638ec 1664
36261547
MH		 1665 if (cp->val && hdev->discov_timeout > 0) {
1666 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1667 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1668 to);
955638ec
MH		 1669 }
1670
69ab39ea 1671 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1672 goto failed;
1673 }
1674
2e58ef3e 1675 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1676 if (!cmd) {
1677 err = -ENOMEM;
73f22f62 1678 goto failed;
366a0336 1679 }
73f22f62 1680
310a3d48
MH		 1681 /* Cancel any potential discoverable timeout that might be
1682 * still active and store new timeout value. The arming of
1683 * the timeout happens in the complete handler.
1684 */
1685 cancel_delayed_work(&hdev->discov_off);
1686 hdev->discov_timeout = timeout;
1687
b456f87c
JH		 1688 /* Limited discoverable mode */
1689 if (cp->val == 0x02)
1690 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1691 else
1692 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1693
bfaf8c9f
JH		 1694 hci_req_init(&req, hdev);
1695
9a43e25f
JH		 1696 /* The procedure for LE-only controllers is much simpler - just
1697 * update the advertising data.
1698 */
1699 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1700 goto update_ad;
1701
73f22f62
JH		 1702 scan = SCAN_PAGE;
1703
310a3d48
MH		 1704 if (cp->val) {
1705 struct hci_cp_write_current_iac_lap hci_cp;
1706
1707 if (cp->val == 0x02) {
1708 /* Limited discoverable mode */
33337dcb 1709 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1710 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1711 hci_cp.iac_lap[1] = 0x8b;
1712 hci_cp.iac_lap[2] = 0x9e;
1713 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1714 hci_cp.iac_lap[4] = 0x8b;
1715 hci_cp.iac_lap[5] = 0x9e;
1716 } else {
1717 /* General discoverable mode */
310a3d48
MH		 1718 hci_cp.num_iac = 1;
1719 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1720 hci_cp.iac_lap[1] = 0x8b;
1721 hci_cp.iac_lap[2] = 0x9e;
1722 }
1723
1724 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1725 (hci_cp.num_iac * 3) + 1, &hci_cp);
1726
73f22f62 1727 scan |= SCAN_INQUIRY;
310a3d48
MH		 1728 } else {
1729 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1730 }
73f22f62 1731
310a3d48 1732 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1733
9a43e25f
JH		 1734update_ad:
1735 update_adv_data(&req);
1736
bfaf8c9f 1737 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1738 if (err < 0)
a664b5bc 1739 mgmt_pending_remove(cmd);
73f22f62
JH		 1740
1741failed:
09fd0de5 1742 hci_dev_unlock(hdev);
73f22f62
JH		 1743 return err;
1744}
1745
406d7804
JH		 1746static void write_fast_connectable(struct hci_request *req, bool enable)
1747{
bd98b996 1748 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1749 struct hci_cp_write_page_scan_activity acp;
1750 u8 type;
1751
547003b1
JH		 1752 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1753 return;
1754
4c01f8b8
JH		 1755 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1756 return;
1757
406d7804
JH		 1758 if (enable) {
1759 type = PAGE_SCAN_TYPE_INTERLACED;
1760
1761 /* 160 msec page scan interval */
dcf4adbf 1762 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1763 } else {
1764 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1765
1766 /* default 1.28 sec page scan */
dcf4adbf 1767 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1768 }
1769
dcf4adbf 1770 acp.window = cpu_to_le16(0x0012);
406d7804 1771
bd98b996
JH		 1772 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1773 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1774 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1775 sizeof(acp), &acp);
1776
1777 if (hdev->page_scan_type != type)
1778 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1779}
1780
1904a853
MH		 1781static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1782 u16 opcode)
2b76f453
JH		 1783{
1784 struct pending_cmd *cmd;
d7b856f9 1785 struct mgmt_mode *cp;
bc6d2d04 1786 bool conn_changed, discov_changed;
2b76f453
JH		 1787
1788 BT_DBG("status 0x%02x", status);
1789
1790 hci_dev_lock(hdev);
1791
1792 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1793 if (!cmd)
1794 goto unlock;
1795
37438c1f
JH		 1796 if (status) {
1797 u8 mgmt_err = mgmt_status(status);
1798 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1799 goto remove_cmd;
1800 }
1801
d7b856f9 1802 cp = cmd->param;
bc6d2d04
JH		 1803 if (cp->val) {
1804 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1805 &hdev->dev_flags);
1806 discov_changed = false;
1807 } else {
1808 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1809 &hdev->dev_flags);
1810 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1811 &hdev->dev_flags);
1812 }
d7b856f9 1813
2b76f453
JH		 1814 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1815
bc6d2d04 1816 if (conn_changed || discov_changed) {
d7b856f9 1817 new_settings(hdev, cmd->sk);
1d2dc5b7 1818 hci_update_page_scan(hdev);
bc6d2d04
JH		 1819 if (discov_changed)
1820 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1821 hci_update_background_scan(hdev);
1822 }
d7b856f9 1823
37438c1f 1824remove_cmd:
2b76f453
JH		 1825 mgmt_pending_remove(cmd);
1826
1827unlock:
1828 hci_dev_unlock(hdev);
1829}
1830
e8ba3a1f
JH		 1831static int set_connectable_update_settings(struct hci_dev *hdev,
1832 struct sock *sk, u8 val)
1833{
1834 bool changed = false;
1835 int err;
1836
1837 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1838 changed = true;
1839
1840 if (val) {
1841 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1842 } else {
1843 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1844 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1845 }
1846
1847 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1848 if (err < 0)
1849 return err;
1850
562064e6 1851 if (changed) {
1d2dc5b7 1852 hci_update_page_scan(hdev);
562064e6 1853 hci_update_background_scan(hdev);
e8ba3a1f 1854 return new_settings(hdev, sk);
562064e6 1855 }
e8ba3a1f
JH		 1856
1857 return 0;
1858}
1859
bdb6d971 1860static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1861 u16 len)
9fbcbb45 1862{
650f726d 1863 struct mgmt_mode *cp = data;
366a0336 1864 struct pending_cmd *cmd;
2b76f453 1865 struct hci_request req;
1987fdc7 1866 u8 scan;
9fbcbb45
JH		 1867 int err;
1868
bdb6d971 1869 BT_DBG("request for %s", hdev->name);
9fbcbb45 1870
1987fdc7
JH		 1871 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1872 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1873 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1874 MGMT_STATUS_REJECTED);
33c525c0 1875
a7e80f25
JH		 1876 if (cp->val != 0x00 && cp->val != 0x01)
1877 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1878 MGMT_STATUS_INVALID_PARAMS);
1879
09fd0de5 1880 hci_dev_lock(hdev);
9fbcbb45 1881
4b34ee78 1882 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1883 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1884 goto failed;
1885 }
1886
2e58ef3e 1887 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1888 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1889 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1890 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1891 goto failed;
1892 }
1893
2e58ef3e 1894 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1895 if (!cmd) {
1896 err = -ENOMEM;
9fbcbb45 1897 goto failed;
366a0336 1898 }
9fbcbb45 1899
9b74246f 1900 hci_req_init(&req, hdev);
9fbcbb45 1901
9a43e25f
JH		 1902 /* If BR/EDR is not enabled and we disable advertising as a
1903 * by-product of disabling connectable, we need to update the
1904 * advertising flags.
1905 */
1906 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1907 if (!cp->val) {
1908 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1909 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1910 }
1911 update_adv_data(&req);
1912 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1913 if (cp->val) {
1914 scan = SCAN_PAGE;
1915 } else {
3bd27240
JH		 1916 /* If we don't have any whitelist entries just
1917 * disable all scanning. If there are entries
1918 * and we had both page and inquiry scanning
1919 * enabled then fall back to only page scanning.
1920 * Otherwise no changes are needed.
1921 */
1922 if (list_empty(&hdev->whitelist))
1923 scan = SCAN_DISABLED;
1924 else if (test_bit(HCI_ISCAN, &hdev->flags))
1925 scan = SCAN_PAGE;
1926 else
1927 goto no_scan_update;
9b74246f
JH		 1928
1929 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1930 hdev->discov_timeout > 0)
9b74246f
JH		 1931 cancel_delayed_work(&hdev->discov_off);
1932 }
2b76f453 1933
9b74246f
JH		 1934 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1935 }
2b76f453 1936
3bd27240 1937no_scan_update:
4c01f8b8
JH		 1938 /* If we're going from non-connectable to connectable or
1939 * vice-versa when fast connectable is enabled ensure that fast
1940 * connectable gets disabled. write_fast_connectable won't do
1941 * anything if the page scan parameters are already what they
1942 * should be.
1943 */
1944 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1945 write_fast_connectable(&req, false);
1946
e8b1202c
JH		 1947 /* Update the advertising parameters if necessary */
1948 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1987fdc7 1949 enable_advertising(&req);
1987fdc7 1950
2b76f453 1951 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1952 if (err < 0) {
a664b5bc 1953 mgmt_pending_remove(cmd);
9b74246f 1954 if (err == -ENODATA)
a81070ba
JH		 1955 err = set_connectable_update_settings(hdev, sk,
1956 cp->val);
9b74246f
JH		 1957 goto failed;
1958 }
9fbcbb45
JH		 1959
1960failed:
09fd0de5 1961 hci_dev_unlock(hdev);
9fbcbb45
JH		 1962 return err;
1963}
1964
b2939475 1965static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1966 u16 len)
c542a06c 1967{
650f726d 1968 struct mgmt_mode *cp = data;
55594356 1969 bool changed;
c542a06c
JH		 1970 int err;
1971
bdb6d971 1972 BT_DBG("request for %s", hdev->name);
c542a06c 1973
a7e80f25 1974 if (cp->val != 0x00 && cp->val != 0x01)
b2939475 1975 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
a7e80f25
JH		 1976 MGMT_STATUS_INVALID_PARAMS);
1977
09fd0de5 1978 hci_dev_lock(hdev);
c542a06c
JH		 1979
1980 if (cp->val)
b6ae8457 1981 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1982 else
b6ae8457 1983 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1984
b2939475 1985 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1986 if (err < 0)
55594356 1987 goto unlock;
c542a06c 1988
55594356
MH		 1989 if (changed)
1990 err = new_settings(hdev, sk);
c542a06c 1991
55594356 1992unlock:
09fd0de5 1993 hci_dev_unlock(hdev);
c542a06c
JH		 1994 return err;
1995}
1996
04124681
GP		 1997static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1998 u16 len)
33ef95ed
JH		 1999{
2000 struct mgmt_mode *cp = data;
2001 struct pending_cmd *cmd;
e6fe7986 2002 u8 val, status;
33ef95ed
JH		 2003 int err;
2004
bdb6d971 2005 BT_DBG("request for %s", hdev->name);
33ef95ed 2006
e6fe7986
JH		 2007 status = mgmt_bredr_support(hdev);
2008 if (status)
33c525c0 2009 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 2010 status);
33c525c0 2011
a7e80f25
JH		 2012 if (cp->val != 0x00 && cp->val != 0x01)
2013 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2014 MGMT_STATUS_INVALID_PARAMS);
2015
33ef95ed
JH		 2016 hci_dev_lock(hdev);
2017
4b34ee78 2018 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2019 bool changed = false;
2020
2021 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 2022 &hdev->dev_flags)) {
47990ea0
JH		 2023 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
2024 changed = true;
2025 }
2026
2027 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2028 if (err < 0)
2029 goto failed;
2030
2031 if (changed)
2032 err = new_settings(hdev, sk);
2033
33ef95ed
JH		 2034 goto failed;
2035 }
2036
2037 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 2038 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 2039 MGMT_STATUS_BUSY);
33ef95ed
JH		 2040 goto failed;
2041 }
2042
2043 val = !!cp->val;
2044
2045 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2046 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2047 goto failed;
2048 }
2049
2050 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2051 if (!cmd) {
2052 err = -ENOMEM;
2053 goto failed;
2054 }
2055
2056 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2057 if (err < 0) {
2058 mgmt_pending_remove(cmd);
2059 goto failed;
2060 }
2061
2062failed:
2063 hci_dev_unlock(hdev);
33ef95ed
JH		 2064 return err;
2065}
2066
bdb6d971 2067static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2068{
2069 struct mgmt_mode *cp = data;
2070 struct pending_cmd *cmd;
72ef0c1a 2071 u8 status;
ed2c4ee3
JH		 2072 int err;
2073
bdb6d971 2074 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2075
cdba5281
MH		 2076 status = mgmt_bredr_support(hdev);
2077 if (status)
2078 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2079
13ecd8b6
JH		 2080 if (!lmp_ssp_capable(hdev))
2081 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2082 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2083
a7e80f25
JH		 2084 if (cp->val != 0x00 && cp->val != 0x01)
2085 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2086 MGMT_STATUS_INVALID_PARAMS);
2087
13ecd8b6 2088 hci_dev_lock(hdev);
6c8f12c1 2089
4b34ee78 2090 if (!hdev_is_powered(hdev)) {
9ecb3e24 2091 bool changed;
c0ecddc2 2092
9ecb3e24
MH		 2093 if (cp->val) {
2094 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2095 &hdev->dev_flags);
2096 } else {
2097 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2098 &hdev->dev_flags);
2099 if (!changed)
2100 changed = test_and_clear_bit(HCI_HS_ENABLED,
2101 &hdev->dev_flags);
2102 else
2103 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2104 }
2105
2106 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2107 if (err < 0)
2108 goto failed;
2109
2110 if (changed)
2111 err = new_settings(hdev, sk);
2112
ed2c4ee3
JH		 2113 goto failed;
2114 }
2115
9ecb3e24
MH		 2116 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2117 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 2118 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2119 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2120 goto failed;
2121 }
2122
72ef0c1a 2123 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2124 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2125 goto failed;
2126 }
2127
2128 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2129 if (!cmd) {
2130 err = -ENOMEM;
2131 goto failed;
2132 }
2133
3769972b
JH		 2134 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2135 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2136 sizeof(cp->val), &cp->val);
2137
72ef0c1a 2138 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2139 if (err < 0) {
2140 mgmt_pending_remove(cmd);
2141 goto failed;
2142 }
2143
2144failed:
2145 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2146 return err;
2147}
2148
bdb6d971 2149static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2150{
2151 struct mgmt_mode *cp = data;
ee392693 2152 bool changed;
e6fe7986 2153 u8 status;
ee392693 2154 int err;
6d80dfd0 2155
bdb6d971 2156 BT_DBG("request for %s", hdev->name);
6d80dfd0 2157
e6fe7986
JH		 2158 status = mgmt_bredr_support(hdev);
2159 if (status)
2160 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2161
9ecb3e24
MH		 2162 if (!lmp_ssp_capable(hdev))
2163 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2164 MGMT_STATUS_NOT_SUPPORTED);
2165
2166 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2167 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2168 MGMT_STATUS_REJECTED);
2169
a7e80f25
JH		 2170 if (cp->val != 0x00 && cp->val != 0x01)
2171 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2172 MGMT_STATUS_INVALID_PARAMS);
2173
ee392693
MH		 2174 hci_dev_lock(hdev);
2175
a0cdf960 2176 if (cp->val) {
ee392693 2177 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2178 } else {
2179 if (hdev_is_powered(hdev)) {
2180 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2181 MGMT_STATUS_REJECTED);
2182 goto unlock;
2183 }
2184
ee392693 2185 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2186 }
ee392693
MH		 2187
2188 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2189 if (err < 0)
2190 goto unlock;
2191
2192 if (changed)
2193 err = new_settings(hdev, sk);
6d80dfd0 2194
ee392693
MH		 2195unlock:
2196 hci_dev_unlock(hdev);
2197 return err;
6d80dfd0
JH		 2198}
2199
1904a853 2200static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2201{
2202 struct cmd_lookup match = { NULL, hdev };
2203
3ad67582
JK		 2204 hci_dev_lock(hdev);
2205
416a4ae5
JH		 2206 if (status) {
2207 u8 mgmt_err = mgmt_status(status);
2208
2209 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2210 &mgmt_err);
3ad67582 2211 goto unlock;
416a4ae5
JH		 2212 }
2213
2214 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2215
2216 new_settings(hdev, match.sk);
2217
2218 if (match.sk)
2219 sock_put(match.sk);
441ad2d0
MH		 2220
2221 /* Make sure the controller has a good default for
2222 * advertising data. Restrict the update to when LE
2223 * has actually been enabled. During power on, the
2224 * update in powered_update_hci will take care of it.
2225 */
2226 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2227 struct hci_request req;
2228
441ad2d0 2229 hci_req_init(&req, hdev);
5947f4bc 2230 update_adv_data(&req);
f14d8f64 2231 update_scan_rsp_data(&req);
2cf22218 2232 __hci_update_background_scan(&req);
441ad2d0 2233 hci_req_run(&req, NULL);
441ad2d0 2234 }
3ad67582
JK		 2235
2236unlock:
2237 hci_dev_unlock(hdev);
416a4ae5
JH		 2238}
2239
bdb6d971 2240static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2241{
2242 struct mgmt_mode *cp = data;
2243 struct hci_cp_write_le_host_supported hci_cp;
2244 struct pending_cmd *cmd;
416a4ae5 2245 struct hci_request req;
06199cf8 2246 int err;
0b60eba1 2247 u8 val, enabled;
06199cf8 2248
bdb6d971 2249 BT_DBG("request for %s", hdev->name);
06199cf8 2250
13ecd8b6
JH		 2251 if (!lmp_le_capable(hdev))
2252 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2253 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2254
a7e80f25
JH		 2255 if (cp->val != 0x00 && cp->val != 0x01)
2256 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2257 MGMT_STATUS_INVALID_PARAMS);
2258
c73eee91 2259 /* LE-only devices do not allow toggling LE on/off */
56f87901 2260 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2261 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2262 MGMT_STATUS_REJECTED);
2263
13ecd8b6 2264 hci_dev_lock(hdev);
06199cf8
JH		 2265
2266 val = !!cp->val;
ffa88e02 2267 enabled = lmp_host_le_capable(hdev);
06199cf8 2268
0b60eba1 2269 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2270 bool changed = false;
2271
2272 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2273 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2274 changed = true;
2275 }
2276
f3d3444a
JH		 2277 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2278 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2279 changed = true;
2280 }
2281
06199cf8
JH		 2282 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2283 if (err < 0)
1de028ce 2284 goto unlock;
06199cf8
JH		 2285
2286 if (changed)
2287 err = new_settings(hdev, sk);
2288
1de028ce 2289 goto unlock;
06199cf8
JH		 2290 }
2291
4375f103
JH		 2292 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2293 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2294 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2295 MGMT_STATUS_BUSY);
1de028ce 2296 goto unlock;
06199cf8
JH		 2297 }
2298
2299 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2300 if (!cmd) {
2301 err = -ENOMEM;
1de028ce 2302 goto unlock;
06199cf8
JH		 2303 }
2304
441ad2d0
MH		 2305 hci_req_init(&req, hdev);
2306
06199cf8
JH		 2307 memset(&hci_cp, 0, sizeof(hci_cp));
2308
2309 if (val) {
2310 hci_cp.le = val;
32226e4f 2311 hci_cp.simul = 0x00;
441ad2d0 2312 } else {
73e082f8 2313 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
441ad2d0 2314 disable_advertising(&req);
06199cf8
JH		 2315 }
2316
416a4ae5
JH		 2317 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2318 &hci_cp);
2319
2320 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2321 if (err < 0)
06199cf8 2322 mgmt_pending_remove(cmd);
06199cf8 2323
1de028ce
JH		 2324unlock:
2325 hci_dev_unlock(hdev);
06199cf8
JH		 2326 return err;
2327}
2328
0cab9c80
JH		 2329/* This is a helper function to test for pending mgmt commands that can
2330 * cause CoD or EIR HCI commands. We can only allow one such pending
2331 * mgmt command at a time since otherwise we cannot easily track what
2332 * the current values are, will be, and based on that calculate if a new
2333 * HCI command needs to be sent and if yes with what value.
2334 */
2335static bool pending_eir_or_class(struct hci_dev *hdev)
2336{
2337 struct pending_cmd *cmd;
2338
2339 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2340 switch (cmd->opcode) {
2341 case MGMT_OP_ADD_UUID:
2342 case MGMT_OP_REMOVE_UUID:
2343 case MGMT_OP_SET_DEV_CLASS:
2344 case MGMT_OP_SET_POWERED:
2345 return true;
2346 }
2347 }
2348
2349 return false;
2350}
2351
83be8eca
JH		 2352static const u8 bluetooth_base_uuid[] = {
2353 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2354 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2355};
2356
2357static u8 get_uuid_size(const u8 *uuid)
2358{
2359 u32 val;
2360
2361 if (memcmp(uuid, bluetooth_base_uuid, 12))
2362 return 128;
2363
2364 val = get_unaligned_le32(&uuid[12]);
2365 if (val > 0xffff)
2366 return 32;
2367
2368 return 16;
2369}
2370
92da6097
JH		 2371static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2372{
2373 struct pending_cmd *cmd;
2374
2375 hci_dev_lock(hdev);
2376
2377 cmd = mgmt_pending_find(mgmt_op, hdev);
2378 if (!cmd)
2379 goto unlock;
2380
2381 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2382 hdev->dev_class, 3);
2383
2384 mgmt_pending_remove(cmd);
2385
2386unlock:
2387 hci_dev_unlock(hdev);
2388}
2389
1904a853 2390static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2391{
2392 BT_DBG("status 0x%02x", status);
2393
2394 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2395}
2396
bdb6d971 2397static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2398{
650f726d 2399 struct mgmt_cp_add_uuid *cp = data;
90e70454 2400 struct pending_cmd *cmd;
890ea898 2401 struct hci_request req;
2aeb9a1a 2402 struct bt_uuid *uuid;
2aeb9a1a
JH		 2403 int err;
2404
bdb6d971 2405 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2406
09fd0de5 2407 hci_dev_lock(hdev);
2aeb9a1a 2408
0cab9c80 2409 if (pending_eir_or_class(hdev)) {
bdb6d971 2410 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2411 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2412 goto failed;
2413 }
2414
92c4c204 2415 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2416 if (!uuid) {
2417 err = -ENOMEM;
2418 goto failed;
2419 }
2420
2421 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2422 uuid->svc_hint = cp->svc_hint;
83be8eca 2423 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2424
de66aa63 2425 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2426
890ea898 2427 hci_req_init(&req, hdev);
1aff6f09 2428
890ea898
JH		 2429 update_class(&req);
2430 update_eir(&req);
2431
92da6097
JH		 2432 err = hci_req_run(&req, add_uuid_complete);
2433 if (err < 0) {
2434 if (err != -ENODATA)
2435 goto failed;
80a1e1db 2436
bdb6d971 2437 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2438 hdev->dev_class, 3);
90e70454
JH		 2439 goto failed;
2440 }
2441
2442 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2443 if (!cmd) {
90e70454 2444 err = -ENOMEM;
890ea898
JH		 2445 goto failed;
2446 }
2447
2448 err = 0;
2aeb9a1a
JH		 2449
2450failed:
09fd0de5 2451 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2452 return err;
2453}
2454
24b78d0f
JH		 2455static bool enable_service_cache(struct hci_dev *hdev)
2456{
2457 if (!hdev_is_powered(hdev))
2458 return false;
2459
2460 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2461 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2462 CACHE_TIMEOUT);
24b78d0f
JH		 2463 return true;
2464 }
2465
2466 return false;
2467}
2468
1904a853 2469static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2470{
2471 BT_DBG("status 0x%02x", status);
2472
2473 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2474}
2475
bdb6d971 2476static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2477 u16 len)
2aeb9a1a 2478{
650f726d 2479 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2480 struct pending_cmd *cmd;
056341c8 2481 struct bt_uuid *match, *tmp;
2aeb9a1a 2482 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2483 struct hci_request req;
2aeb9a1a
JH		 2484 int err, found;
2485
bdb6d971 2486 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2487
09fd0de5 2488 hci_dev_lock(hdev);
2aeb9a1a 2489
0cab9c80 2490 if (pending_eir_or_class(hdev)) {
bdb6d971 2491 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2492 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2493 goto unlock;
2494 }
2495
2aeb9a1a 2496 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2497 hci_uuids_clear(hdev);
4004b6d9 2498
24b78d0f 2499 if (enable_service_cache(hdev)) {
bdb6d971 2500 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2501 0, hdev->dev_class, 3);
24b78d0f
JH		 2502 goto unlock;
2503 }
4004b6d9 2504
9246a869 2505 goto update_class;
2aeb9a1a
JH		 2506 }
2507
2508 found = 0;
2509
056341c8 2510 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2511 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2512 continue;
2513
2514 list_del(&match->list);
482049f7 2515 kfree(match);
2aeb9a1a
JH		 2516 found++;
2517 }
2518
2519 if (found == 0) {
bdb6d971 2520 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2521 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2522 goto unlock;
2523 }
2524
9246a869 2525update_class:
890ea898 2526 hci_req_init(&req, hdev);
1aff6f09 2527
890ea898
JH		 2528 update_class(&req);
2529 update_eir(&req);
2530
92da6097
JH		 2531 err = hci_req_run(&req, remove_uuid_complete);
2532 if (err < 0) {
2533 if (err != -ENODATA)
2534 goto unlock;
80a1e1db 2535
bdb6d971 2536 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2537 hdev->dev_class, 3);
90e70454
JH		 2538 goto unlock;
2539 }
2540
2541 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2542 if (!cmd) {
90e70454 2543 err = -ENOMEM;
890ea898
JH		 2544 goto unlock;
2545 }
2546
2547 err = 0;
2aeb9a1a
JH		 2548
2549unlock:
09fd0de5 2550 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2551 return err;
2552}
2553
1904a853 2554static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2555{
2556 BT_DBG("status 0x%02x", status);
2557
2558 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2559}
2560
bdb6d971 2561static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2562 u16 len)
1aff6f09 2563{
650f726d 2564 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2565 struct pending_cmd *cmd;
890ea898 2566 struct hci_request req;
1aff6f09
JH		 2567 int err;
2568
bdb6d971 2569 BT_DBG("request for %s", hdev->name);
1aff6f09 2570
6203fc98 2571 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2572 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2573 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2574
0cab9c80 2575 hci_dev_lock(hdev);
ee98f473 2576
0cab9c80
JH		 2577 if (pending_eir_or_class(hdev)) {
2578 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2579 MGMT_STATUS_BUSY);
2580 goto unlock;
2581 }
c95f0ba7 2582
0cab9c80
JH		 2583 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2584 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2585 MGMT_STATUS_INVALID_PARAMS);
2586 goto unlock;
2587 }
575b3a02 2588
932f5ff5
JH		 2589 hdev->major_class = cp->major;
2590 hdev->minor_class = cp->minor;
2591
b5235a65 2592 if (!hdev_is_powered(hdev)) {
bdb6d971 2593 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2594 hdev->dev_class, 3);
b5235a65
JH		 2595 goto unlock;
2596 }
2597
890ea898
JH		 2598 hci_req_init(&req, hdev);
2599
a8b2d5c2 2600 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2601 hci_dev_unlock(hdev);
2602 cancel_delayed_work_sync(&hdev->service_cache);
2603 hci_dev_lock(hdev);
890ea898 2604 update_eir(&req);
7d78525d 2605 }
14c0b608 2606
890ea898
JH		 2607 update_class(&req);
2608
92da6097
JH		 2609 err = hci_req_run(&req, set_class_complete);
2610 if (err < 0) {
2611 if (err != -ENODATA)
2612 goto unlock;
1aff6f09 2613
bdb6d971 2614 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2615 hdev->dev_class, 3);
90e70454
JH		 2616 goto unlock;
2617 }
2618
2619 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2620 if (!cmd) {
90e70454 2621 err = -ENOMEM;
890ea898
JH		 2622 goto unlock;
2623 }
2624
2625 err = 0;
1aff6f09 2626
b5235a65 2627unlock:
09fd0de5 2628 hci_dev_unlock(hdev);
1aff6f09
JH		 2629 return err;
2630}
2631
bdb6d971 2632static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2633 u16 len)
55ed8ca1 2634{
650f726d 2635 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2636 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2637 sizeof(struct mgmt_link_key_info));
4e51eae9 2638 u16 key_count, expected_len;
b1de97d8 2639 bool changed;
a492cd52 2640 int i;
55ed8ca1 2641
9060d5cf
MH		 2642 BT_DBG("request for %s", hdev->name);
2643
2644 if (!lmp_bredr_capable(hdev))
2645 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2646 MGMT_STATUS_NOT_SUPPORTED);
2647
1f350c87 2648 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2649 if (key_count > max_key_count) {
2650 BT_ERR("load_link_keys: too big key_count value %u",
2651 key_count);
2652 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2653 MGMT_STATUS_INVALID_PARAMS);
2654 }
55ed8ca1 2655
86742e1e
JH		 2656 expected_len = sizeof(*cp) + key_count *
2657 sizeof(struct mgmt_link_key_info);
a492cd52 2658 if (expected_len != len) {
86742e1e 2659 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2660 expected_len, len);
bdb6d971 2661 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2662 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2663 }
2664
4ae14301
JH		 2665 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2666 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2667 MGMT_STATUS_INVALID_PARAMS);
2668
bdb6d971 2669 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2670 key_count);
55ed8ca1 2671
4ee71b20
JH		 2672 for (i = 0; i < key_count; i++) {
2673 struct mgmt_link_key_info *key = &cp->keys[i];
2674
8e991132 2675 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2676 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2677 MGMT_STATUS_INVALID_PARAMS);
2678 }
2679
09fd0de5 2680 hci_dev_lock(hdev);
55ed8ca1
JH		 2681
2682 hci_link_keys_clear(hdev);
2683
55ed8ca1 2684 if (cp->debug_keys)
0663b297
JH		 2685 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2686 &hdev->dev_flags);
55ed8ca1 2687 else
0663b297
JH		 2688 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2689 &hdev->dev_flags);
b1de97d8
MH		 2690
2691 if (changed)
2692 new_settings(hdev, NULL);
55ed8ca1 2693
a492cd52 2694 for (i = 0; i < key_count; i++) {
86742e1e 2695 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2696
58e9293c
JH		 2697 /* Always ignore debug keys and require a new pairing if
2698 * the user wants to use them.
2699 */
2700 if (key->type == HCI_LK_DEBUG_COMBINATION)
2701 continue;
2702
7652ff6a
JH		 2703 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2704 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2705 }
2706
bdb6d971 2707 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2708
09fd0de5 2709 hci_dev_unlock(hdev);
55ed8ca1 2710
a492cd52 2711 return 0;
55ed8ca1
JH		 2712}
2713
b1078ad0 2714static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2715 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2716{
2717 struct mgmt_ev_device_unpaired ev;
2718
2719 bacpy(&ev.addr.bdaddr, bdaddr);
2720 ev.addr.type = addr_type;
2721
2722 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2723 skip_sk);
b1078ad0
JH		 2724}
2725
bdb6d971 2726static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2727 u16 len)
55ed8ca1 2728{
124f6e35
JH		 2729 struct mgmt_cp_unpair_device *cp = data;
2730 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2731 struct hci_cp_disconnect dc;
2732 struct pending_cmd *cmd;
55ed8ca1 2733 struct hci_conn *conn;
55ed8ca1
JH		 2734 int err;
2735
a8a1d19e 2736 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2737 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2738 rp.addr.type = cp->addr.type;
a8a1d19e 2739
4ee71b20
JH		 2740 if (!bdaddr_type_is_valid(cp->addr.type))
2741 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2742 MGMT_STATUS_INVALID_PARAMS,
2743 &rp, sizeof(rp));
2744
118da70b
JH		 2745 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2746 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2747 MGMT_STATUS_INVALID_PARAMS,
2748 &rp, sizeof(rp));
2749
4ee71b20
JH		 2750 hci_dev_lock(hdev);
2751
86a8cfc6 2752 if (!hdev_is_powered(hdev)) {
bdb6d971 2753 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2754 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2755 goto unlock;
2756 }
2757
e0b2b27e 2758 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2759 /* If disconnection is requested, then look up the
2760 * connection. If the remote device is connected, it
2761 * will be later used to terminate the link.
2762 *
2763 * Setting it to NULL explicitly will cause no
2764 * termination of the link.
2765 */
2766 if (cp->disconnect)
2767 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2768 &cp->addr.bdaddr);
2769 else
2770 conn = NULL;
2771
124f6e35 2772 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2773 } else {
2774 u8 addr_type;
2775
89cbb063
AA		 2776 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2777 &cp->addr.bdaddr);
2778 if (conn) {
2779 /* Defer clearing up the connection parameters
2780 * until closing to give a chance of keeping
2781 * them if a repairing happens.
2782 */
2783 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2784
2785 /* If disconnection is not requested, then
2786 * clear the connection variable so that the
2787 * link is not terminated.
2788 */
2789 if (!cp->disconnect)
2790 conn = NULL;
2791 }
2792
e0b2b27e
JH		 2793 if (cp->addr.type == BDADDR_LE_PUBLIC)
2794 addr_type = ADDR_LE_DEV_PUBLIC;
2795 else
2796 addr_type = ADDR_LE_DEV_RANDOM;
2797
a7ec7338
JH		 2798 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2799
e0b2b27e
JH		 2800 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2801 }
b0dbfb46 2802
55ed8ca1 2803 if (err < 0) {
bdb6d971 2804 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2805 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2806 goto unlock;
2807 }
2808
89cbb063
AA		 2809 /* If the connection variable is set, then termination of the
2810 * link is requested.
2811 */
a8a1d19e 2812 if (!conn) {
bdb6d971 2813 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2814 &rp, sizeof(rp));
b1078ad0 2815 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2816 goto unlock;
2817 }
55ed8ca1 2818
124f6e35 2819 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2820 sizeof(*cp));
a8a1d19e
JH		 2821 if (!cmd) {
2822 err = -ENOMEM;
2823 goto unlock;
55ed8ca1
JH		 2824 }
2825
d8b7b1e4
JH		 2826 cmd->cmd_complete = addr_cmd_complete;
2827
eb55ef07 2828 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2829 dc.reason = 0x13; /* Remote User Terminated Connection */
2830 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2831 if (err < 0)
2832 mgmt_pending_remove(cmd);
2833
55ed8ca1 2834unlock:
09fd0de5 2835 hci_dev_unlock(hdev);
55ed8ca1
JH		 2836 return err;
2837}
2838
bdb6d971 2839static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2840 u16 len)
8962ee74 2841{
650f726d 2842 struct mgmt_cp_disconnect *cp = data;
06a63b19 2843 struct mgmt_rp_disconnect rp;
366a0336 2844 struct pending_cmd *cmd;
8962ee74 2845 struct hci_conn *conn;
8962ee74
JH		 2846 int err;
2847
2848 BT_DBG("");
2849
06a63b19
JH		 2850 memset(&rp, 0, sizeof(rp));
2851 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2852 rp.addr.type = cp->addr.type;
2853
4ee71b20 2854 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2855 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2856 MGMT_STATUS_INVALID_PARAMS,
2857 &rp, sizeof(rp));
4ee71b20 2858
09fd0de5 2859 hci_dev_lock(hdev);
8962ee74
JH		 2860
2861 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2862 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2863 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2864 goto failed;
2865 }
2866
2e58ef3e 2867 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2868 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2869 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2870 goto failed;
2871 }
2872
591f47f3 2873 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2874 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2875 &cp->addr.bdaddr);
88c3df13
JH		 2876 else
2877 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2878
f960727e 2879 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2880 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2881 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2882 goto failed;
2883 }
2884
2e58ef3e 2885 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2886 if (!cmd) {
2887 err = -ENOMEM;
8962ee74 2888 goto failed;
366a0336 2889 }
8962ee74 2890
f5818c22
JH		 2891 cmd->cmd_complete = generic_cmd_complete;
2892
e3f2f92a 2893 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2894 if (err < 0)
a664b5bc 2895 mgmt_pending_remove(cmd);
8962ee74
JH		 2896
2897failed:
09fd0de5 2898 hci_dev_unlock(hdev);
8962ee74
JH		 2899 return err;
2900}
2901
57c1477c 2902static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2903{
2904 switch (link_type) {
2905 case LE_LINK:
48264f06
JH		 2906 switch (addr_type) {
2907 case ADDR_LE_DEV_PUBLIC:
591f47f3 2908 return BDADDR_LE_PUBLIC;
0ed09148 2909
48264f06 2910 default:
0ed09148 2911 /* Fallback to LE Random address type */
591f47f3 2912 return BDADDR_LE_RANDOM;
48264f06 2913 }
0ed09148 2914
4c659c39 2915 default:
0ed09148 2916 /* Fallback to BR/EDR type */
591f47f3 2917 return BDADDR_BREDR;
4c659c39
JH		 2918 }
2919}
2920
04124681
GP		 2921static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2922 u16 data_len)
2784eb41 2923{
2784eb41 2924 struct mgmt_rp_get_connections *rp;
8035ded4 2925 struct hci_conn *c;
a38528f1 2926 size_t rp_len;
60fc5fb6
JH		 2927 int err;
2928 u16 i;
2784eb41
JH		 2929
2930 BT_DBG("");
2931
09fd0de5 2932 hci_dev_lock(hdev);
2784eb41 2933
5f97c1df 2934 if (!hdev_is_powered(hdev)) {
bdb6d971 2935 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2936 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2937 goto unlock;
2938 }
2939
60fc5fb6 2940 i = 0;
b644ba33
JH		 2941 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2942 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2943 i++;
2784eb41
JH		 2944 }
2945
60fc5fb6 2946 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2947 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2948 if (!rp) {
2784eb41
JH		 2949 err = -ENOMEM;
2950 goto unlock;
2951 }
2952
2784eb41 2953 i = 0;
4c659c39 2954 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2955 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2956 continue;
4c659c39 2957 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2958 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2959 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2960 continue;
2961 i++;
2962 }
2963
eb55ef07 2964 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2965
4c659c39
JH		 2966 /* Recalculate length in case of filtered SCO connections, etc */
2967 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2968
bdb6d971 2969 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2970 rp_len);
2784eb41 2971
a38528f1 2972 kfree(rp);
5f97c1df
JH		 2973
2974unlock:
09fd0de5 2975 hci_dev_unlock(hdev);
2784eb41
JH		 2976 return err;
2977}
2978
bdb6d971 2979static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2980 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2981{
2982 struct pending_cmd *cmd;
2983 int err;
2984
2e58ef3e 2985 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2986 sizeof(*cp));
96d97a67
WR		 2987 if (!cmd)
2988 return -ENOMEM;
2989
d8457698 2990 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2991 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2992 if (err < 0)
2993 mgmt_pending_remove(cmd);
2994
2995 return err;
2996}
2997
bdb6d971 2998static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2999 u16 len)
980e1a53 3000{
96d97a67 3001 struct hci_conn *conn;
650f726d 3002 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3003 struct hci_cp_pin_code_reply reply;
366a0336 3004 struct pending_cmd *cmd;
980e1a53
JH		 3005 int err;
3006
3007 BT_DBG("");
3008
09fd0de5 3009 hci_dev_lock(hdev);
980e1a53 3010
4b34ee78 3011 if (!hdev_is_powered(hdev)) {
bdb6d971 3012 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3013 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3014 goto failed;
3015 }
3016
d8457698 3017 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3018 if (!conn) {
bdb6d971 3019 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3020 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3021 goto failed;
3022 }
3023
3024 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3025 struct mgmt_cp_pin_code_neg_reply ncp;
3026
3027 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3028
3029 BT_ERR("PIN code is not 16 bytes long");
3030
bdb6d971 3031 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3032 if (err >= 0)
bdb6d971 3033 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3034 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3035
3036 goto failed;
3037 }
3038
00abfe44 3039 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3040 if (!cmd) {
3041 err = -ENOMEM;
980e1a53 3042 goto failed;
366a0336 3043 }
980e1a53 3044
7776d1d8
JH		 3045 cmd->cmd_complete = addr_cmd_complete;
3046
d8457698 3047 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3048 reply.pin_len = cp->pin_len;
24718ca5 3049 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3050
3051 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3052 if (err < 0)
a664b5bc 3053 mgmt_pending_remove(cmd);
980e1a53
JH		 3054
3055failed:
09fd0de5 3056 hci_dev_unlock(hdev);
980e1a53
JH		 3057 return err;
3058}
3059
04124681
GP		 3060static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3061 u16 len)
17fa4b9d 3062{
650f726d 3063 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3064
3065 BT_DBG("");
3066
4ec86d4c
JH		 3067 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3068 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3069 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3070
09fd0de5 3071 hci_dev_lock(hdev);
17fa4b9d
JH		 3072
3073 hdev->io_capability = cp->io_capability;
3074
3075 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3076 hdev->io_capability);
17fa4b9d 3077
09fd0de5 3078 hci_dev_unlock(hdev);
17fa4b9d 3079
04124681
GP		 3080 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3081 0);
17fa4b9d
JH		 3082}
3083
6039aa73 3084static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3085{
3086 struct hci_dev *hdev = conn->hdev;
8035ded4 3087 struct pending_cmd *cmd;
e9a416b5 3088
2e58ef3e 3089 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3090 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3091 continue;
3092
e9a416b5
JH		 3093 if (cmd->user_data != conn)
3094 continue;
3095
3096 return cmd;
3097 }
3098
3099 return NULL;
3100}
3101
9df74653 3102static int pairing_complete(struct pending_cmd *cmd, u8 status)
e9a416b5
JH		 3103{
3104 struct mgmt_rp_pair_device rp;
3105 struct hci_conn *conn = cmd->user_data;
9df74653 3106 int err;
e9a416b5 3107
61b1a7fb
JH		 3108 bacpy(&rp.addr.bdaddr, &conn->dst);
3109 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3110
9df74653
JH		 3111 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
3112 &rp, sizeof(rp));
e9a416b5
JH		 3113
3114 /* So we don't get further callbacks for this connection */
3115 conn->connect_cfm_cb = NULL;
3116 conn->security_cfm_cb = NULL;
3117 conn->disconn_cfm_cb = NULL;
3118
76a68ba0 3119 hci_conn_drop(conn);
89cbb063
AA		 3120
3121 /* The device is paired so there is no need to remove
3122 * its connection parameters anymore.
3123 */
3124 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3125
3126 hci_conn_put(conn);
9df74653
JH		 3127
3128 return err;
e9a416b5
JH		 3129}
3130
f4a407be
JH		 3131void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3132{
3133 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3134 struct pending_cmd *cmd;
3135
3136 cmd = find_pairing(conn);
a511b35b 3137 if (cmd) {
04ab2749 3138 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3139 mgmt_pending_remove(cmd);
3140 }
f4a407be
JH		 3141}
3142
e9a416b5
JH		 3143static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3144{
3145 struct pending_cmd *cmd;
3146
3147 BT_DBG("status %u", status);
3148
3149 cmd = find_pairing(conn);
a511b35b 3150 if (!cmd) {
e9a416b5 3151 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3152 return;
3153 }
3154
3155 cmd->cmd_complete(cmd, mgmt_status(status));
3156 mgmt_pending_remove(cmd);
e9a416b5
JH		 3157}
3158
f4a407be 3159static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 3160{
3161 struct pending_cmd *cmd;
3162
3163 BT_DBG("status %u", status);
3164
3165 if (!status)
3166 return;
3167
3168 cmd = find_pairing(conn);
a511b35b 3169 if (!cmd) {
4c47d739 3170 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3171 return;
3172 }
3173
3174 cmd->cmd_complete(cmd, mgmt_status(status));
3175 mgmt_pending_remove(cmd);
4c47d739
VA		 3176}
3177
bdb6d971 3178static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3179 u16 len)
e9a416b5 3180{
650f726d 3181 struct mgmt_cp_pair_device *cp = data;
1425acb7 3182 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 3183 struct pending_cmd *cmd;
3184 u8 sec_level, auth_type;
3185 struct hci_conn *conn;
e9a416b5
JH		 3186 int err;
3187
3188 BT_DBG("");
3189
f950a30e
SJ		 3190 memset(&rp, 0, sizeof(rp));
3191 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3192 rp.addr.type = cp->addr.type;
3193
4ee71b20
JH		 3194 if (!bdaddr_type_is_valid(cp->addr.type))
3195 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3196 MGMT_STATUS_INVALID_PARAMS,
3197 &rp, sizeof(rp));
3198
4ec86d4c
JH		 3199 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3200 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3201 MGMT_STATUS_INVALID_PARAMS,
3202 &rp, sizeof(rp));
3203
09fd0de5 3204 hci_dev_lock(hdev);
e9a416b5 3205
5f97c1df 3206 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 3207 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3208 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 3209 goto unlock;
3210 }
3211
c908df36 3212 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3213 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3214
6f77d8c7 3215 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3216 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3217 auth_type);
6f77d8c7
AG		 3218 } else {
3219 u8 addr_type;
3220
3221 /* Convert from L2CAP channel address type to HCI address type
3222 */
3223 if (cp->addr.type == BDADDR_LE_PUBLIC)
3224 addr_type = ADDR_LE_DEV_PUBLIC;
3225 else
3226 addr_type = ADDR_LE_DEV_RANDOM;
3227
7c264b10
MH		 3228 /* When pairing a new device, it is expected to remember
3229 * this device for future connections. Adding the connection
3230 * parameter information ahead of time allows tracking
3231 * of the slave preferred values and will speed up any
3232 * further connection establishment.
3233 *
3234 * If connection parameters already exist, then they
3235 * will be kept and this function does nothing.
3236 */
3237 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3238
6f77d8c7 3239 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3240 sec_level, HCI_LE_CONN_TIMEOUT,
3241 HCI_ROLE_MASTER);
6f77d8c7 3242 }
7a512d01 3243
30e76272 3244 if (IS_ERR(conn)) {
489dc48e
AK		 3245 int status;
3246
3247 if (PTR_ERR(conn) == -EBUSY)
3248 status = MGMT_STATUS_BUSY;
3249 else
3250 status = MGMT_STATUS_CONNECT_FAILED;
3251
bdb6d971 3252 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 3253 status, &rp,
04124681 3254 sizeof(rp));
e9a416b5
JH		 3255 goto unlock;
3256 }
3257
3258 if (conn->connect_cfm_cb) {
76a68ba0 3259 hci_conn_drop(conn);
bdb6d971 3260 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 3261 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3262 goto unlock;
3263 }
3264
2e58ef3e 3265 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3266 if (!cmd) {
3267 err = -ENOMEM;
76a68ba0 3268 hci_conn_drop(conn);
e9a416b5
JH		 3269 goto unlock;
3270 }
3271
04ab2749
JH		 3272 cmd->cmd_complete = pairing_complete;
3273
7a512d01 3274 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3275 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3276 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3277 conn->security_cfm_cb = pairing_complete_cb;
3278 conn->disconn_cfm_cb = pairing_complete_cb;
3279 } else {
3280 conn->connect_cfm_cb = le_pairing_complete_cb;
3281 conn->security_cfm_cb = le_pairing_complete_cb;
3282 conn->disconn_cfm_cb = le_pairing_complete_cb;
3283 }
7a512d01 3284
e9a416b5 3285 conn->io_capability = cp->io_cap;
f8aaf9b6 3286 cmd->user_data = hci_conn_get(conn);
e9a416b5 3287
6f78fd4b 3288 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3289 hci_conn_security(conn, sec_level, auth_type, true)) {
3290 cmd->cmd_complete(cmd, 0);
3291 mgmt_pending_remove(cmd);
3292 }
e9a416b5
JH		 3293
3294 err = 0;
3295
3296unlock:
09fd0de5 3297 hci_dev_unlock(hdev);
e9a416b5
JH		 3298 return err;
3299}
3300
04124681
GP		 3301static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3302 u16 len)
28424707 3303{
0f4e68cf 3304 struct mgmt_addr_info *addr = data;
28424707
JH		 3305 struct pending_cmd *cmd;
3306 struct hci_conn *conn;
3307 int err;
3308
3309 BT_DBG("");
3310
28424707
JH		 3311 hci_dev_lock(hdev);
3312
5f97c1df 3313 if (!hdev_is_powered(hdev)) {
bdb6d971 3314 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3315 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3316 goto unlock;
3317 }
3318
28424707
JH		 3319 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3320 if (!cmd) {
bdb6d971 3321 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3322 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3323 goto unlock;
3324 }
3325
3326 conn = cmd->user_data;
3327
3328 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3329 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3330 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3331 goto unlock;
3332 }
3333
a511b35b
JH		 3334 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3335 mgmt_pending_remove(cmd);
28424707 3336
bdb6d971 3337 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3338 addr, sizeof(*addr));
28424707
JH		 3339unlock:
3340 hci_dev_unlock(hdev);
28424707
JH		 3341 return err;
3342}
3343
bdb6d971 3344static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3345 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3346 u16 hci_op, __le32 passkey)
a5c29683 3347{
a5c29683 3348 struct pending_cmd *cmd;
0df4c185 3349 struct hci_conn *conn;
a5c29683
JH		 3350 int err;
3351
09fd0de5 3352 hci_dev_lock(hdev);
08ba5382 3353
4b34ee78 3354 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3355 err = cmd_complete(sk, hdev->id, mgmt_op,
3356 MGMT_STATUS_NOT_POWERED, addr,
3357 sizeof(*addr));
0df4c185 3358 goto done;
a5c29683
JH		 3359 }
3360
1707c60e
JH		 3361 if (addr->type == BDADDR_BREDR)
3362 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3363 else
1707c60e 3364 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3365
3366 if (!conn) {
feb94d3d
JH		 3367 err = cmd_complete(sk, hdev->id, mgmt_op,
3368 MGMT_STATUS_NOT_CONNECTED, addr,
3369 sizeof(*addr));
272d90df
JH		 3370 goto done;
3371 }
47c15e2b 3372
1707c60e 3373 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3374 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3375 if (!err)
feb94d3d
JH		 3376 err = cmd_complete(sk, hdev->id, mgmt_op,
3377 MGMT_STATUS_SUCCESS, addr,
3378 sizeof(*addr));
5fe57d9e 3379 else
feb94d3d
JH		 3380 err = cmd_complete(sk, hdev->id, mgmt_op,
3381 MGMT_STATUS_FAILED, addr,
3382 sizeof(*addr));
47c15e2b 3383
47c15e2b
BG		 3384 goto done;
3385 }
3386
1707c60e 3387 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3388 if (!cmd) {
3389 err = -ENOMEM;
0df4c185 3390 goto done;
a5c29683
JH		 3391 }
3392
7776d1d8
JH		 3393 cmd->cmd_complete = addr_cmd_complete;
3394
0df4c185 3395 /* Continue with pairing via HCI */
604086b7
BG		 3396 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3397 struct hci_cp_user_passkey_reply cp;
3398
1707c60e 3399 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3400 cp.passkey = passkey;
3401 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3402 } else
1707c60e
JH		 3403 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3404 &addr->bdaddr);
604086b7 3405
a664b5bc
JH		 3406 if (err < 0)
3407 mgmt_pending_remove(cmd);
a5c29683 3408
0df4c185 3409done:
09fd0de5 3410 hci_dev_unlock(hdev);
a5c29683
JH		 3411 return err;
3412}
3413
afeb019d
JK		 3414static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3415 void *data, u16 len)
3416{
3417 struct mgmt_cp_pin_code_neg_reply *cp = data;
3418
3419 BT_DBG("");
3420
1707c60e 3421 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3422 MGMT_OP_PIN_CODE_NEG_REPLY,
3423 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3424}
3425
04124681
GP		 3426static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3427 u16 len)
0df4c185 3428{
650f726d 3429 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3430
3431 BT_DBG("");
3432
3433 if (len != sizeof(*cp))
bdb6d971 3434 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3435 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3436
1707c60e 3437 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3438 MGMT_OP_USER_CONFIRM_REPLY,
3439 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3440}
3441
bdb6d971 3442static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3443 void *data, u16 len)
0df4c185 3444{
c9c2659f 3445 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3446
3447 BT_DBG("");
3448
1707c60e 3449 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3450 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3451 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3452}
3453
04124681
GP		 3454static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3455 u16 len)
604086b7 3456{
650f726d 3457 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3458
3459 BT_DBG("");
3460
1707c60e 3461 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3462 MGMT_OP_USER_PASSKEY_REPLY,
3463 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3464}
3465
bdb6d971 3466static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3467 void *data, u16 len)
604086b7 3468{
650f726d 3469 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3470
3471 BT_DBG("");
3472
1707c60e 3473 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3474 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3475 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3476}
3477
13928971 3478static void update_name(struct hci_request *req)
2b4bf397 3479{
13928971 3480 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3481 struct hci_cp_write_local_name cp;
3482
13928971 3483 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3484
890ea898 3485 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3486}
3487
1904a853 3488static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3489{
3490 struct mgmt_cp_set_local_name *cp;
3491 struct pending_cmd *cmd;
3492
3493 BT_DBG("status 0x%02x", status);
3494
3495 hci_dev_lock(hdev);
3496
3497 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3498 if (!cmd)
3499 goto unlock;
3500
3501 cp = cmd->param;
3502
3503 if (status)
3504 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3505 mgmt_status(status));
3506 else
3507 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3508 cp, sizeof(*cp));
3509
3510 mgmt_pending_remove(cmd);
3511
3512unlock:
3513 hci_dev_unlock(hdev);
3514}
3515
bdb6d971 3516static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3517 u16 len)
b312b161 3518{
2b4bf397 3519 struct mgmt_cp_set_local_name *cp = data;
b312b161 3520 struct pending_cmd *cmd;
890ea898 3521 struct hci_request req;
b312b161
JH		 3522 int err;
3523
3524 BT_DBG("");
3525
09fd0de5 3526 hci_dev_lock(hdev);
b312b161 3527
b3f2ca94
JH		 3528 /* If the old values are the same as the new ones just return a
3529 * direct command complete event.
3530 */
3531 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3532 !memcmp(hdev->short_name, cp->short_name,
3533 sizeof(hdev->short_name))) {
3534 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3535 data, len);
3536 goto failed;
3537 }
3538
2b4bf397 3539 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3540
b5235a65 3541 if (!hdev_is_powered(hdev)) {
2b4bf397 3542 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3543
3544 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3545 data, len);
28cc7bde
JH		 3546 if (err < 0)
3547 goto failed;
3548
3549 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3550 sk);
28cc7bde 3551
b5235a65
JH		 3552 goto failed;
3553 }
3554
28cc7bde 3555 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3556 if (!cmd) {
3557 err = -ENOMEM;
3558 goto failed;
3559 }
3560
13928971
JH		 3561 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3562
890ea898 3563 hci_req_init(&req, hdev);
3f985050
JH		 3564
3565 if (lmp_bredr_capable(hdev)) {
3566 update_name(&req);
3567 update_eir(&req);
3568 }
3569
7a5f4990
MH		 3570 /* The name is stored in the scan response data and so
3571 * no need to udpate the advertising data here.
3572 */
3f985050 3573 if (lmp_le_capable(hdev))
7a5f4990 3574 update_scan_rsp_data(&req);
3f985050 3575
13928971 3576 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3577 if (err < 0)
3578 mgmt_pending_remove(cmd);
3579
3580failed:
09fd0de5 3581 hci_dev_unlock(hdev);
b312b161
JH		 3582 return err;
3583}
3584
0f4e68cf 3585static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3586 void *data, u16 data_len)
c35938b2 3587{
c35938b2
SJ		 3588 struct pending_cmd *cmd;
3589 int err;
3590
bdb6d971 3591 BT_DBG("%s", hdev->name);
c35938b2 3592
09fd0de5 3593 hci_dev_lock(hdev);
c35938b2 3594
4b34ee78 3595 if (!hdev_is_powered(hdev)) {
bdb6d971 3596 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3597 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3598 goto unlock;
3599 }
3600
9a1a1996 3601 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3602 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3603 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3604 goto unlock;
3605 }
3606
2e58ef3e 3607 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3608 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3609 MGMT_STATUS_BUSY);
c35938b2
SJ		 3610 goto unlock;
3611 }
3612
2e58ef3e 3613 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3614 if (!cmd) {
3615 err = -ENOMEM;
3616 goto unlock;
3617 }
3618
710f11c0 3619 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3620 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3621 0, NULL);
3622 else
3623 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3624
c35938b2
SJ		 3625 if (err < 0)
3626 mgmt_pending_remove(cmd);
3627
3628unlock:
09fd0de5 3629 hci_dev_unlock(hdev);
c35938b2
SJ		 3630 return err;
3631}
3632
bdb6d971 3633static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3634 void *data, u16 len)
2763eda6 3635{
2763eda6
SJ		 3636 int err;
3637
bdb6d971 3638 BT_DBG("%s ", hdev->name);
2763eda6 3639
09fd0de5 3640 hci_dev_lock(hdev);
2763eda6 3641
ec109113
MH		 3642 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3643 struct mgmt_cp_add_remote_oob_data *cp = data;
3644 u8 status;
bf1e3541 3645
c19a495c
JH		 3646 if (cp->addr.type != BDADDR_BREDR) {
3647 err = cmd_complete(sk, hdev->id,
3648 MGMT_OP_ADD_REMOTE_OOB_DATA,
3649 MGMT_STATUS_INVALID_PARAMS,
3650 &cp->addr, sizeof(cp->addr));
3651 goto unlock;
3652 }
3653
ec109113 3654 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3655 cp->addr.type, cp->hash,
3656 cp->rand, NULL, NULL);
ec109113
MH		 3657 if (err < 0)
3658 status = MGMT_STATUS_FAILED;
3659 else
3660 status = MGMT_STATUS_SUCCESS;
3661
3662 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3663 status, &cp->addr, sizeof(cp->addr));
3664 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3665 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
86df9200 3666 u8 *rand192, *hash192;
ec109113
MH		 3667 u8 status;
3668
c19a495c
JH		 3669 if (cp->addr.type != BDADDR_BREDR) {
3670 err = cmd_complete(sk, hdev->id,
3671 MGMT_OP_ADD_REMOTE_OOB_DATA,
3672 MGMT_STATUS_INVALID_PARAMS,
3673 &cp->addr, sizeof(cp->addr));
3674 goto unlock;
3675 }
3676
86df9200
JH		 3677 if (bdaddr_type_is_le(cp->addr.type)) {
3678 rand192 = NULL;
3679 hash192 = NULL;
3680 } else {
3681 rand192 = cp->rand192;
3682 hash192 = cp->hash192;
3683 }
3684
81328d5c 3685 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200
JH		 3686 cp->addr.type, hash192, rand192,
3687 cp->hash256, cp->rand256);
ec109113
MH		 3688 if (err < 0)
3689 status = MGMT_STATUS_FAILED;
3690 else
3691 status = MGMT_STATUS_SUCCESS;
3692
3693 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3694 status, &cp->addr, sizeof(cp->addr));
3695 } else {
3696 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3697 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3698 MGMT_STATUS_INVALID_PARAMS);
3699 }
2763eda6 3700
c19a495c 3701unlock:
09fd0de5 3702 hci_dev_unlock(hdev);
2763eda6
SJ		 3703 return err;
3704}
3705
bdb6d971 3706static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3707 void *data, u16 len)
2763eda6 3708{
650f726d 3709 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3710 u8 status;
2763eda6
SJ		 3711 int err;
3712
bdb6d971 3713 BT_DBG("%s", hdev->name);
2763eda6 3714
c19a495c
JH		 3715 if (cp->addr.type != BDADDR_BREDR)
3716 return cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3717 MGMT_STATUS_INVALID_PARAMS,
3718 &cp->addr, sizeof(cp->addr));
3719
09fd0de5 3720 hci_dev_lock(hdev);
2763eda6 3721
eedbd581
JH		 3722 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3723 hci_remote_oob_data_clear(hdev);
3724 status = MGMT_STATUS_SUCCESS;
3725 goto done;
3726 }
3727
6928a924 3728 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3729 if (err < 0)
bf1e3541 3730 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3731 else
a6785be2 3732 status = MGMT_STATUS_SUCCESS;
bf1e3541 3733
eedbd581 3734done:
bdb6d971 3735 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3736 status, &cp->addr, sizeof(cp->addr));
2763eda6 3737
09fd0de5 3738 hci_dev_unlock(hdev);
2763eda6
SJ		 3739 return err;
3740}
3741
8019044d 3742static bool trigger_discovery(struct hci_request *req, u8 *status)
41dc2bd6 3743{
8019044d
MH		 3744 struct hci_dev *hdev = req->hdev;
3745 struct hci_cp_le_set_scan_param param_cp;
3746 struct hci_cp_le_set_scan_enable enable_cp;
3747 struct hci_cp_inquiry inq_cp;
3748 /* General inquiry access code (GIAC) */
3749 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3750 u8 own_addr_type;
41dc2bd6
AG		 3751 int err;
3752
8019044d
MH		 3753 switch (hdev->discovery.type) {
3754 case DISCOV_TYPE_BREDR:
3755 *status = mgmt_bredr_support(hdev);
3756 if (*status)
3757 return false;
41dc2bd6 3758
8019044d
MH		 3759 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3760 *status = MGMT_STATUS_BUSY;
3761 return false;
3762 }
41dc2bd6 3763
8019044d 3764 hci_inquiry_cache_flush(hdev);
41dc2bd6 3765
8019044d
MH		 3766 memset(&inq_cp, 0, sizeof(inq_cp));
3767 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3768 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3769 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3770 break;
41dc2bd6 3771
8019044d
MH		 3772 case DISCOV_TYPE_LE:
3773 case DISCOV_TYPE_INTERLEAVED:
3774 *status = mgmt_le_support(hdev);
3775 if (*status)
3776 return false;
3777
3778 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3779 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3780 *status = MGMT_STATUS_NOT_SUPPORTED;
3781 return false;
3782 }
3783
3784 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3785 /* Don't let discovery abort an outgoing
3786 * connection attempt that's using directed
3787 * advertising.
3788 */
3789 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3790 BT_CONNECT)) {
3791 *status = MGMT_STATUS_REJECTED;
3792 return false;
3793 }
3794
3795 disable_advertising(req);
3796 }
3797
3798 /* If controller is scanning, it means the background scanning
3799 * is running. Thus, we should temporarily stop it in order to
3800 * set the discovery scanning parameters.
3801 */
3802 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3803 hci_req_add_le_scan_disable(req);
3804
3805 memset(&param_cp, 0, sizeof(param_cp));
3806
3807 /* All active scans will be done with either a resolvable
3808 * private address (when privacy feature has been enabled)
9437d2ed 3809 * or non-resolvable private address.
8019044d
MH		 3810 */
3811 err = hci_update_random_address(req, true, &own_addr_type);
3812 if (err < 0) {
3813 *status = MGMT_STATUS_FAILED;
3814 return false;
3815 }
3816
3817 param_cp.type = LE_SCAN_ACTIVE;
3818 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3819 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3820 param_cp.own_address_type = own_addr_type;
3821 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3822 &param_cp);
3823
3824 memset(&enable_cp, 0, sizeof(enable_cp));
3825 enable_cp.enable = LE_SCAN_ENABLE;
3826 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3827 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3828 &enable_cp);
3829 break;
3830
3831 default:
3832 *status = MGMT_STATUS_INVALID_PARAMS;
3833 return false;
3834 }
3835
3836 return true;
41dc2bd6
AG		 3837}
3838
1904a853
MH		 3839static void start_discovery_complete(struct hci_dev *hdev, u8 status,
3840 u16 opcode)
7c307720 3841{
41dc2bd6 3842 struct pending_cmd *cmd;
11e6e25d 3843 unsigned long timeout;
ae55f598 3844
7c307720
AG		 3845 BT_DBG("status %d", status);
3846
11e6e25d 3847 hci_dev_lock(hdev);
41dc2bd6 3848
11e6e25d 3849 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427
JP		 3850 if (!cmd)
3851 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3852
11e6e25d 3853 if (cmd) {
2922a94f 3854 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3855 mgmt_pending_remove(cmd);
3856 }
7c307720
AG		 3857
3858 if (status) {
11e6e25d
MH		 3859 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3860 goto unlock;
7c307720
AG		 3861 }
3862
7c307720 3863 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720
AG		 3864
3865 switch (hdev->discovery.type) {
3866 case DISCOV_TYPE_LE:
3d5a76f0 3867 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 3868 break;
7c307720 3869 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3870 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 3871 break;
7c307720 3872 case DISCOV_TYPE_BREDR:
11e6e25d 3873 timeout = 0;
7c307720 3874 break;
7c307720
AG		 3875 default:
3876 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 3877 timeout = 0;
3878 break;
7c307720 3879 }
ae55f598 3880
11e6e25d
MH		 3881 if (timeout)
3882 queue_delayed_work(hdev->workqueue,
3883 &hdev->le_scan_disable, timeout);
ae55f598 3884
11e6e25d
MH		 3885unlock:
3886 hci_dev_unlock(hdev);
7c307720
AG		 3887}
3888
bdb6d971 3889static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3890 void *data, u16 len)
14a53664 3891{
650f726d 3892 struct mgmt_cp_start_discovery *cp = data;
14a53664 3893 struct pending_cmd *cmd;
7c307720 3894 struct hci_request req;
8019044d 3895 u8 status;
14a53664
JH		 3896 int err;
3897
bdb6d971 3898 BT_DBG("%s", hdev->name);
14a53664 3899
09fd0de5 3900 hci_dev_lock(hdev);
14a53664 3901
4b34ee78 3902 if (!hdev_is_powered(hdev)) {
a736abc1
SJ		 3903 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3904 MGMT_STATUS_NOT_POWERED,
3905 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3906 goto failed;
3907 }
3908
f5a969f2
MH		 3909 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3910 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
a736abc1
SJ		 3911 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3912 MGMT_STATUS_BUSY, &cp->type,
3913 sizeof(cp->type));
642be6c7
AG		 3914 goto failed;
3915 }
3916
2922a94f 3917 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 3918 if (!cmd) {
3919 err = -ENOMEM;
3920 goto failed;
3921 }
3922
2922a94f
JH		 3923 cmd->cmd_complete = generic_cmd_complete;
3924
22078800
MH		 3925 /* Clear the discovery filter first to free any previously
3926 * allocated memory for the UUID list.
3927 */
3928 hci_discovery_filter_clear(hdev);
3929
4aab14e5 3930 hdev->discovery.type = cp->type;
da25cf6a 3931 hdev->discovery.report_invalid_rssi = false;
4aab14e5 3932
7c307720
AG		 3933 hci_req_init(&req, hdev);
3934
8019044d 3935 if (!trigger_discovery(&req, &status)) {
a736abc1 3936 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
8019044d 3937 status, &cp->type, sizeof(cp->type));
04106755
JH		 3938 mgmt_pending_remove(cmd);
3939 goto failed;
f39799f5 3940 }
04106755 3941
7c307720 3942 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 3943 if (err < 0) {
14a53664 3944 mgmt_pending_remove(cmd);
f5a969f2
MH		 3945 goto failed;
3946 }
7c307720 3947
f5a969f2 3948 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 3949
14a53664 3950failed:
09fd0de5 3951 hci_dev_unlock(hdev);
14a53664
JH		 3952 return err;
3953}
f39799f5 3954
9df74653 3955static int service_discovery_cmd_complete(struct pending_cmd *cmd, u8 status)
2922a94f 3956{
9df74653
JH		 3957 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3958 cmd->param, 1);
2922a94f 3959}
04106755 3960
66ea9427
JP		 3961static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3962 void *data, u16 len)
3963{
3964 struct mgmt_cp_start_service_discovery *cp = data;
3965 struct pending_cmd *cmd;
3966 struct hci_request req;
3967 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3968 u16 uuid_count, expected_len;
3969 u8 status;
3970 int err;
04106755 3971
66ea9427 3972 BT_DBG("%s", hdev->name);
e8bb6b97 3973
66ea9427 3974 hci_dev_lock(hdev);
7c307720 3975
66ea9427
JP		 3976 if (!hdev_is_powered(hdev)) {
3977 err = cmd_complete(sk, hdev->id,
3978 MGMT_OP_START_SERVICE_DISCOVERY,
3979 MGMT_STATUS_NOT_POWERED,
3980 &cp->type, sizeof(cp->type));
3981 goto failed;
3982 }
7c307720 3983
66ea9427
JP		 3984 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3985 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3986 err = cmd_complete(sk, hdev->id,
3987 MGMT_OP_START_SERVICE_DISCOVERY,
3988 MGMT_STATUS_BUSY, &cp->type,
3989 sizeof(cp->type));
3990 goto failed;
3991 }
d9483943 3992
66ea9427
JP		 3993 uuid_count = __le16_to_cpu(cp->uuid_count);
3994 if (uuid_count > max_uuid_count) {
3995 BT_ERR("service_discovery: too big uuid_count value %u",
3996 uuid_count);
3997 err = cmd_complete(sk, hdev->id,
3998 MGMT_OP_START_SERVICE_DISCOVERY,
3999 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4000 sizeof(cp->type));
4001 goto failed;
4002 }
4003
4004 expected_len = sizeof(*cp) + uuid_count * 16;
4005 if (expected_len != len) {
4006 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4007 expected_len, len);
4008 err = cmd_complete(sk, hdev->id,
4009 MGMT_OP_START_SERVICE_DISCOVERY,
4010 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4011 sizeof(cp->type));
4012 goto failed;
4013 }
4014
4015 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4016 hdev, data, len);
66ea9427
JP		 4017 if (!cmd) {
4018 err = -ENOMEM;
4019 goto failed;
4020 }
4021
2922a94f
JH		 4022 cmd->cmd_complete = service_discovery_cmd_complete;
4023
22078800
MH		 4024 /* Clear the discovery filter first to free any previously
4025 * allocated memory for the UUID list.
4026 */
4027 hci_discovery_filter_clear(hdev);
4028
66ea9427
JP		 4029 hdev->discovery.type = cp->type;
4030 hdev->discovery.rssi = cp->rssi;
4031 hdev->discovery.uuid_count = uuid_count;
4032
4033 if (uuid_count > 0) {
4034 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4035 GFP_KERNEL);
4036 if (!hdev->discovery.uuids) {
a736abc1 4037 err = cmd_complete(sk, hdev->id,
66ea9427 4038 MGMT_OP_START_SERVICE_DISCOVERY,
a736abc1
SJ		 4039 MGMT_STATUS_FAILED,
4040 &cp->type, sizeof(cp->type));
d9483943
JH		 4041 mgmt_pending_remove(cmd);
4042 goto failed;
4043 }
66ea9427 4044 }
d9483943 4045
66ea9427 4046 hci_req_init(&req, hdev);
5e0452c0 4047
66ea9427
JP		 4048 if (!trigger_discovery(&req, &status)) {
4049 err = cmd_complete(sk, hdev->id,
4050 MGMT_OP_START_SERVICE_DISCOVERY,
4051 status, &cp->type, sizeof(cp->type));
04106755
JH		 4052 mgmt_pending_remove(cmd);
4053 goto failed;
f39799f5 4054 }
3fd24153 4055
7c307720 4056 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4057 if (err < 0) {
14a53664 4058 mgmt_pending_remove(cmd);
66ea9427
JP		 4059 goto failed;
4060 }
4061
4062 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4063
4064failed:
09fd0de5 4065 hci_dev_unlock(hdev);
14a53664
JH		 4066 return err;
4067}
4068
1904a853 4069static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1183fdca
AG		 4070{
4071 struct pending_cmd *cmd;
1183fdca 4072
0e05bba6
AG		 4073 BT_DBG("status %d", status);
4074
4075 hci_dev_lock(hdev);
4076
11e6e25d
MH		 4077 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4078 if (cmd) {
2922a94f 4079 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4080 mgmt_pending_remove(cmd);
0e05bba6
AG		 4081 }
4082
11e6e25d
MH		 4083 if (!status)
4084 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4085
0e05bba6
AG		 4086 hci_dev_unlock(hdev);
4087}
4088
bdb6d971 4089static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4090 u16 len)
14a53664 4091{
d930650b 4092 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 4093 struct pending_cmd *cmd;
0e05bba6 4094 struct hci_request req;
14a53664
JH		 4095 int err;
4096
bdb6d971 4097 BT_DBG("%s", hdev->name);
14a53664 4098
09fd0de5 4099 hci_dev_lock(hdev);
14a53664 4100
30dc78e1 4101 if (!hci_discovery_active(hdev)) {
bdb6d971 4102 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 4103 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4104 sizeof(mgmt_cp->type));
d930650b
JH		 4105 goto unlock;
4106 }
4107
4108 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 4109 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 4110 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
4111 sizeof(mgmt_cp->type));
30dc78e1 4112 goto unlock;
ff9ef578
JH		 4113 }
4114
2922a94f 4115 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4116 if (!cmd) {
4117 err = -ENOMEM;
30dc78e1
JH		 4118 goto unlock;
4119 }
4120
2922a94f
JH		 4121 cmd->cmd_complete = generic_cmd_complete;
4122
0e05bba6
AG		 4123 hci_req_init(&req, hdev);
4124
21a60d30 4125 hci_stop_discovery(&req);
e0d9727e 4126
21a60d30
JH		 4127 err = hci_req_run(&req, stop_discovery_complete);
4128 if (!err) {
4129 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4130 goto unlock;
14a53664
JH		 4131 }
4132
21a60d30
JH		 4133 mgmt_pending_remove(cmd);
4134
4135 /* If no HCI commands were sent we're done */
4136 if (err == -ENODATA) {
4137 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4138 &mgmt_cp->type, sizeof(mgmt_cp->type));
4139 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4140 }
14a53664 4141
30dc78e1 4142unlock:
09fd0de5 4143 hci_dev_unlock(hdev);
14a53664
JH		 4144 return err;
4145}
4146
bdb6d971 4147static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4148 u16 len)
561aafbc 4149{
650f726d 4150 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4151 struct inquiry_entry *e;
561aafbc
JH		 4152 int err;
4153
bdb6d971 4154 BT_DBG("%s", hdev->name);
561aafbc 4155
561aafbc
JH		 4156 hci_dev_lock(hdev);
4157
30dc78e1 4158 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 4159 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4160 MGMT_STATUS_FAILED, &cp->addr,
4161 sizeof(cp->addr));
30dc78e1
JH		 4162 goto failed;
4163 }
4164
a198e7b1 4165 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4166 if (!e) {
d3a2541d
LR		 4167 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4168 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4169 sizeof(cp->addr));
561aafbc
JH		 4170 goto failed;
4171 }
4172
4173 if (cp->name_known) {
4174 e->name_state = NAME_KNOWN;
4175 list_del(&e->list);
4176 } else {
4177 e->name_state = NAME_NEEDED;
a3d4e20a 4178 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4179 }
4180
e384662b
JH		 4181 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
4182 sizeof(cp->addr));
561aafbc
JH		 4183
4184failed:
4185 hci_dev_unlock(hdev);
561aafbc
JH		 4186 return err;
4187}
4188
bdb6d971 4189static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4190 u16 len)
7fbec224 4191{
650f726d 4192 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4193 u8 status;
7fbec224
AJ		 4194 int err;
4195
bdb6d971 4196 BT_DBG("%s", hdev->name);
7fbec224 4197
4ee71b20 4198 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4199 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4200 MGMT_STATUS_INVALID_PARAMS,
4201 &cp->addr, sizeof(cp->addr));
4ee71b20 4202
09fd0de5 4203 hci_dev_lock(hdev);
5e762444 4204
dcc36c16
JH		 4205 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4206 cp->addr.type);
2a8357f2 4207 if (err < 0) {
f0eeea8b 4208 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4209 goto done;
4210 }
4211
4212 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4213 sk);
4214 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4215
2a8357f2 4216done:
bdb6d971 4217 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 4218 &cp->addr, sizeof(cp->addr));
5e762444 4219
09fd0de5 4220 hci_dev_unlock(hdev);
7fbec224
AJ		 4221
4222 return err;
4223}
4224
bdb6d971 4225static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4226 u16 len)
7fbec224 4227{
650f726d 4228 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4229 u8 status;
7fbec224
AJ		 4230 int err;
4231
bdb6d971 4232 BT_DBG("%s", hdev->name);
7fbec224 4233
4ee71b20 4234 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4235 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4236 MGMT_STATUS_INVALID_PARAMS,
4237 &cp->addr, sizeof(cp->addr));
4ee71b20 4238
09fd0de5 4239 hci_dev_lock(hdev);
5e762444 4240
dcc36c16
JH		 4241 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4242 cp->addr.type);
2a8357f2 4243 if (err < 0) {
f0eeea8b 4244 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4245 goto done;
4246 }
4247
4248 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4249 sk);
4250 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4251
2a8357f2 4252done:
bdb6d971 4253 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 4254 &cp->addr, sizeof(cp->addr));
5e762444 4255
09fd0de5 4256 hci_dev_unlock(hdev);
7fbec224
AJ		 4257
4258 return err;
4259}
4260
cdbaccca
MH		 4261static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4262 u16 len)
4263{
4264 struct mgmt_cp_set_device_id *cp = data;
890ea898 4265 struct hci_request req;
cdbaccca 4266 int err;
c72d4b8a 4267 __u16 source;
cdbaccca
MH		 4268
4269 BT_DBG("%s", hdev->name);
4270
c72d4b8a
SJ		 4271 source = __le16_to_cpu(cp->source);
4272
4273 if (source > 0x0002)
4274 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4275 MGMT_STATUS_INVALID_PARAMS);
4276
cdbaccca
MH		 4277 hci_dev_lock(hdev);
4278
c72d4b8a 4279 hdev->devid_source = source;
cdbaccca
MH		 4280 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4281 hdev->devid_product = __le16_to_cpu(cp->product);
4282 hdev->devid_version = __le16_to_cpu(cp->version);
4283
4284 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4285
890ea898
JH		 4286 hci_req_init(&req, hdev);
4287 update_eir(&req);
4288 hci_req_run(&req, NULL);
cdbaccca
MH		 4289
4290 hci_dev_unlock(hdev);
4291
4292 return err;
4293}
4294
1904a853
MH		 4295static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4296 u16 opcode)
4375f103
JH		 4297{
4298 struct cmd_lookup match = { NULL, hdev };
4299
3ad67582
JK		 4300 hci_dev_lock(hdev);
4301
4375f103
JH		 4302 if (status) {
4303 u8 mgmt_err = mgmt_status(status);
4304
4305 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4306 cmd_status_rsp, &mgmt_err);
3ad67582 4307 goto unlock;
4375f103
JH		 4308 }
4309
c93bd150
JH		 4310 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4311 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4312 else
4313 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4314
4375f103
JH		 4315 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4316 &match);
4317
4318 new_settings(hdev, match.sk);
4319
4320 if (match.sk)
4321 sock_put(match.sk);
3ad67582
JK		 4322
4323unlock:
4324 hci_dev_unlock(hdev);
4375f103
JH		 4325}
4326
21b5187f
MH		 4327static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4328 u16 len)
4375f103
JH		 4329{
4330 struct mgmt_mode *cp = data;
4331 struct pending_cmd *cmd;
4332 struct hci_request req;
e6fe7986 4333 u8 val, enabled, status;
4375f103
JH		 4334 int err;
4335
4336 BT_DBG("request for %s", hdev->name);
4337
e6fe7986
JH		 4338 status = mgmt_le_support(hdev);
4339 if (status)
4375f103 4340 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 4341 status);
4375f103
JH		 4342
4343 if (cp->val != 0x00 && cp->val != 0x01)
4344 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4345 MGMT_STATUS_INVALID_PARAMS);
4346
4347 hci_dev_lock(hdev);
4348
4349 val = !!cp->val;
f3d3444a 4350 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4351
f74ca9b8
JH		 4352 /* The following conditions are ones which mean that we should
4353 * not do any HCI communication but directly send a mgmt
4354 * response to user space (after toggling the flag if
4355 * necessary).
4356 */
4357 if (!hdev_is_powered(hdev) || val == enabled ||
e8bb6b97
JH		 4358 hci_conn_num(hdev, LE_LINK) > 0 ||
4359 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4360 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4375f103
JH		 4361 bool changed = false;
4362
f3d3444a
JH		 4363 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4364 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4365 changed = true;
4366 }
4367
4368 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4369 if (err < 0)
4370 goto unlock;
4371
4372 if (changed)
4373 err = new_settings(hdev, sk);
4374
4375 goto unlock;
4376 }
4377
4378 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4379 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4380 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4381 MGMT_STATUS_BUSY);
4382 goto unlock;
4383 }
4384
4385 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4386 if (!cmd) {
4387 err = -ENOMEM;
4388 goto unlock;
4389 }
4390
4391 hci_req_init(&req, hdev);
4392
bba3aa55
MH		 4393 if (val)
4394 enable_advertising(&req);
4395 else
4396 disable_advertising(&req);
4375f103
JH		 4397
4398 err = hci_req_run(&req, set_advertising_complete);
4399 if (err < 0)
4400 mgmt_pending_remove(cmd);
4401
4402unlock:
4403 hci_dev_unlock(hdev);
4404 return err;
4405}
4406
d13eafce
MH		 4407static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4408 void *data, u16 len)
4409{
4410 struct mgmt_cp_set_static_address *cp = data;
4411 int err;
4412
4413 BT_DBG("%s", hdev->name);
4414
62af4443 4415 if (!lmp_le_capable(hdev))
d13eafce 4416 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 4417 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4418
4419 if (hdev_is_powered(hdev))
4420 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4421 MGMT_STATUS_REJECTED);
4422
4423 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4424 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4425 return cmd_status(sk, hdev->id,
4426 MGMT_OP_SET_STATIC_ADDRESS,
4427 MGMT_STATUS_INVALID_PARAMS);
4428
4429 /* Two most significant bits shall be set */
4430 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4431 return cmd_status(sk, hdev->id,
4432 MGMT_OP_SET_STATIC_ADDRESS,
4433 MGMT_STATUS_INVALID_PARAMS);
4434 }
4435
4436 hci_dev_lock(hdev);
4437
4438 bacpy(&hdev->static_addr, &cp->bdaddr);
4439
4440 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4441
4442 hci_dev_unlock(hdev);
4443
4444 return err;
4445}
4446
14b49b9a
MH		 4447static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4448 void *data, u16 len)
4449{
4450 struct mgmt_cp_set_scan_params *cp = data;
4451 __u16 interval, window;
4452 int err;
4453
4454 BT_DBG("%s", hdev->name);
4455
4456 if (!lmp_le_capable(hdev))
4457 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4458 MGMT_STATUS_NOT_SUPPORTED);
4459
4460 interval = __le16_to_cpu(cp->interval);
4461
4462 if (interval < 0x0004 || interval > 0x4000)
4463 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4464 MGMT_STATUS_INVALID_PARAMS);
4465
4466 window = __le16_to_cpu(cp->window);
4467
4468 if (window < 0x0004 || window > 0x4000)
4469 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4470 MGMT_STATUS_INVALID_PARAMS);
4471
899e1075
MH		 4472 if (window > interval)
4473 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4474 MGMT_STATUS_INVALID_PARAMS);
4475
14b49b9a
MH		 4476 hci_dev_lock(hdev);
4477
4478 hdev->le_scan_interval = interval;
4479 hdev->le_scan_window = window;
4480
4481 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4482
dd2ef8e2
AG		 4483 /* If background scan is running, restart it so new parameters are
4484 * loaded.
4485 */
4486 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4487 hdev->discovery.state == DISCOVERY_STOPPED) {
4488 struct hci_request req;
4489
4490 hci_req_init(&req, hdev);
4491
4492 hci_req_add_le_scan_disable(&req);
4493 hci_req_add_le_passive_scan(&req);
4494
4495 hci_req_run(&req, NULL);
4496 }
4497
14b49b9a
MH		 4498 hci_dev_unlock(hdev);
4499
4500 return err;
4501}
4502
1904a853
MH		 4503static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4504 u16 opcode)
33e38b3e
JH		 4505{
4506 struct pending_cmd *cmd;
4507
4508 BT_DBG("status 0x%02x", status);
4509
4510 hci_dev_lock(hdev);
4511
4512 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4513 if (!cmd)
4514 goto unlock;
4515
4516 if (status) {
4517 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4518 mgmt_status(status));
4519 } else {
1a4d3c4b
JH		 4520 struct mgmt_mode *cp = cmd->param;
4521
4522 if (cp->val)
4523 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4524 else
4525 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4526
33e38b3e
JH		 4527 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4528 new_settings(hdev, cmd->sk);
4529 }
4530
4531 mgmt_pending_remove(cmd);
4532
4533unlock:
4534 hci_dev_unlock(hdev);
4535}
4536
bdb6d971 4537static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4538 void *data, u16 len)
f6422ec6 4539{
650f726d 4540 struct mgmt_mode *cp = data;
33e38b3e
JH		 4541 struct pending_cmd *cmd;
4542 struct hci_request req;
f6422ec6
AJ		 4543 int err;
4544
bdb6d971 4545 BT_DBG("%s", hdev->name);
f6422ec6 4546
56f87901
JH		 4547 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4548 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4549 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4550 MGMT_STATUS_NOT_SUPPORTED);
4551
a7e80f25
JH		 4552 if (cp->val != 0x00 && cp->val != 0x01)
4553 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4554 MGMT_STATUS_INVALID_PARAMS);
4555
5400c044 4556 if (!hdev_is_powered(hdev))
bdb6d971 4557 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4558 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4559
4560 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4561 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4562 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4563
4564 hci_dev_lock(hdev);
4565
05cbf29f
JH		 4566 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4567 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4568 MGMT_STATUS_BUSY);
4569 goto unlock;
4570 }
4571
1a4d3c4b
JH		 4572 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4573 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4574 hdev);
4575 goto unlock;
4576 }
4577
33e38b3e
JH		 4578 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4579 data, len);
4580 if (!cmd) {
4581 err = -ENOMEM;
4582 goto unlock;
f6422ec6
AJ		 4583 }
4584
33e38b3e
JH		 4585 hci_req_init(&req, hdev);
4586
406d7804 4587 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4588
4589 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4590 if (err < 0) {
bdb6d971 4591 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4592 MGMT_STATUS_FAILED);
33e38b3e 4593 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4594 }
4595
33e38b3e 4596unlock:
f6422ec6 4597 hci_dev_unlock(hdev);
33e38b3e 4598
f6422ec6
AJ		 4599 return err;
4600}
4601
1904a853 4602static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a
JH		 4603{
4604 struct pending_cmd *cmd;
4605
4606 BT_DBG("status 0x%02x", status);
4607
4608 hci_dev_lock(hdev);
4609
4610 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4611 if (!cmd)
4612 goto unlock;
4613
4614 if (status) {
4615 u8 mgmt_err = mgmt_status(status);
4616
4617 /* We need to restore the flag if related HCI commands
4618 * failed.
4619 */
4620 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4621
4622 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4623 } else {
4624 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4625 new_settings(hdev, cmd->sk);
4626 }
4627
4628 mgmt_pending_remove(cmd);
4629
4630unlock:
4631 hci_dev_unlock(hdev);
4632}
4633
4634static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4635{
4636 struct mgmt_mode *cp = data;
4637 struct pending_cmd *cmd;
4638 struct hci_request req;
4639 int err;
4640
4641 BT_DBG("request for %s", hdev->name);
4642
4643 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4644 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4645 MGMT_STATUS_NOT_SUPPORTED);
4646
4647 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4648 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4649 MGMT_STATUS_REJECTED);
4650
4651 if (cp->val != 0x00 && cp->val != 0x01)
4652 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4653 MGMT_STATUS_INVALID_PARAMS);
4654
4655 hci_dev_lock(hdev);
4656
4657 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4658 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4659 goto unlock;
4660 }
4661
4662 if (!hdev_is_powered(hdev)) {
4663 if (!cp->val) {
0663ca2a
JH		 4664 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4665 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4666 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4667 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4668 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4669 }
4670
4671 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4672
4673 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4674 if (err < 0)
4675 goto unlock;
4676
4677 err = new_settings(hdev, sk);
4678 goto unlock;
4679 }
4680
4681 /* Reject disabling when powered on */
4682 if (!cp->val) {
4683 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4684 MGMT_STATUS_REJECTED);
4685 goto unlock;
111e4bcc
MH		 4686 } else {
4687 /* When configuring a dual-mode controller to operate
4688 * with LE only and using a static address, then switching
4689 * BR/EDR back on is not allowed.
4690 *
4691 * Dual-mode controllers shall operate with the public
4692 * address as its identity address for BR/EDR and LE. So
4693 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4694 *
4695 * The same restrictions applies when secure connections
4696 * has been enabled. For BR/EDR this is a controller feature
4697 * while for LE it is a host stack feature. This means that
4698 * switching BR/EDR back on when secure connections has been
4699 * enabled is not a supported transaction.
111e4bcc
MH		 4700 */
4701 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
3a5486e1
MH		 4702 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4703 test_bit(HCI_SC_ENABLED, &hdev->dev_flags))) {
111e4bcc
MH		 4704 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4705 MGMT_STATUS_REJECTED);
4706 goto unlock;
4707 }
0663ca2a
JH		 4708 }
4709
4710 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4711 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4712 MGMT_STATUS_BUSY);
4713 goto unlock;
4714 }
4715
4716 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4717 if (!cmd) {
4718 err = -ENOMEM;
4719 goto unlock;
4720 }
4721
5947f4bc 4722 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4723 * generates the correct flags.
4724 */
4725 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4726
4727 hci_req_init(&req, hdev);
aa8af46e 4728
432df05e 4729 write_fast_connectable(&req, false);
1d2dc5b7 4730 __hci_update_page_scan(&req);
aa8af46e 4731
f14d8f64
MH		 4732 /* Since only the advertising data flags will change, there
4733 * is no need to update the scan response data.
4734 */
5947f4bc 4735 update_adv_data(&req);
aa8af46e 4736
0663ca2a
JH		 4737 err = hci_req_run(&req, set_bredr_complete);
4738 if (err < 0)
4739 mgmt_pending_remove(cmd);
4740
4741unlock:
4742 hci_dev_unlock(hdev);
4743 return err;
4744}
4745
eac83dc6
MH		 4746static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4747 void *data, u16 len)
4748{
4749 struct mgmt_mode *cp = data;
4750 struct pending_cmd *cmd;
a3209694 4751 u8 val;
eac83dc6
MH		 4752 int err;
4753
4754 BT_DBG("request for %s", hdev->name);
4755
05b3c3e7
MH		 4756 if (!lmp_sc_capable(hdev) &&
4757 !test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
eac83dc6
MH		 4758 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4759 MGMT_STATUS_NOT_SUPPORTED);
4760
ed93ec69
MH		 4761 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
4762 !test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4763 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4764 MGMT_STATUS_REJECTED);
4765
0ab04a9c 4766 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4767 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4768 MGMT_STATUS_INVALID_PARAMS);
4769
4770 hci_dev_lock(hdev);
4771
05b3c3e7 4772 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
a3209694 4773 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
eac83dc6
MH		 4774 bool changed;
4775
0ab04a9c 4776 if (cp->val) {
eac83dc6
MH		 4777 changed = !test_and_set_bit(HCI_SC_ENABLED,
4778 &hdev->dev_flags);
0ab04a9c
MH		 4779 if (cp->val == 0x02)
4780 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4781 else
4782 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4783 } else {
eac83dc6
MH		 4784 changed = test_and_clear_bit(HCI_SC_ENABLED,
4785 &hdev->dev_flags);
0ab04a9c
MH		 4786 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4787 }
eac83dc6
MH		 4788
4789 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4790 if (err < 0)
4791 goto failed;
4792
4793 if (changed)
4794 err = new_settings(hdev, sk);
4795
4796 goto failed;
4797 }
4798
4799 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4800 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4801 MGMT_STATUS_BUSY);
4802 goto failed;
4803 }
4804
0ab04a9c
MH		 4805 val = !!cp->val;
4806
4807 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4808 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4809 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4810 goto failed;
4811 }
4812
4813 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4814 if (!cmd) {
4815 err = -ENOMEM;
4816 goto failed;
4817 }
4818
0ab04a9c 4819 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4820 if (err < 0) {
4821 mgmt_pending_remove(cmd);
4822 goto failed;
4823 }
4824
0ab04a9c
MH		 4825 if (cp->val == 0x02)
4826 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4827 else
4828 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4829
eac83dc6
MH		 4830failed:
4831 hci_dev_unlock(hdev);
4832 return err;
4833}
4834
4e39ac81
MH		 4835static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4836 void *data, u16 len)
4837{
4838 struct mgmt_mode *cp = data;
b9710979 4839 bool changed, use_changed;
4e39ac81
MH		 4840 int err;
4841
4842 BT_DBG("request for %s", hdev->name);
4843
b9710979 4844 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4845 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4846 MGMT_STATUS_INVALID_PARAMS);
4847
4848 hci_dev_lock(hdev);
4849
4850 if (cp->val)
0663b297
JH		 4851 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4852 &hdev->dev_flags);
4e39ac81 4853 else
0663b297
JH		 4854 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4855 &hdev->dev_flags);
4e39ac81 4856
b9710979
JH		 4857 if (cp->val == 0x02)
4858 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4859 &hdev->dev_flags);
4860 else
4861 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4862 &hdev->dev_flags);
4863
4864 if (hdev_is_powered(hdev) && use_changed &&
4865 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4866 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4867 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4868 sizeof(mode), &mode);
4869 }
4870
4e39ac81
MH		 4871 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4872 if (err < 0)
4873 goto unlock;
4874
4875 if (changed)
4876 err = new_settings(hdev, sk);
4877
4878unlock:
4879 hci_dev_unlock(hdev);
4880 return err;
4881}
4882
62b04cd1
JH		 4883static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4884 u16 len)
4885{
4886 struct mgmt_cp_set_privacy *cp = cp_data;
4887 bool changed;
4888 int err;
4889
4890 BT_DBG("request for %s", hdev->name);
4891
4892 if (!lmp_le_capable(hdev))
4893 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4894 MGMT_STATUS_NOT_SUPPORTED);
4895
4896 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4897 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4898 MGMT_STATUS_INVALID_PARAMS);
4899
4900 if (hdev_is_powered(hdev))
4901 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4902 MGMT_STATUS_REJECTED);
4903
4904 hci_dev_lock(hdev);
4905
c21c0ea0
JH		 4906 /* If user space supports this command it is also expected to
4907 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4908 */
4909 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4910
62b04cd1
JH		 4911 if (cp->privacy) {
4912 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4913 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4914 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4915 } else {
4916 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4917 memset(hdev->irk, 0, sizeof(hdev->irk));
4918 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4919 }
4920
4921 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4922 if (err < 0)
4923 goto unlock;
4924
4925 if (changed)
4926 err = new_settings(hdev, sk);
4927
4928unlock:
4929 hci_dev_unlock(hdev);
4930 return err;
4931}
4932
41edf160
JH		 4933static bool irk_is_valid(struct mgmt_irk_info *irk)
4934{
4935 switch (irk->addr.type) {
4936 case BDADDR_LE_PUBLIC:
4937 return true;
4938
4939 case BDADDR_LE_RANDOM:
4940 /* Two most significant bits shall be set */
4941 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4942 return false;
4943 return true;
4944 }
4945
4946 return false;
4947}
4948
4949static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4950 u16 len)
4951{
4952 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4953 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4954 sizeof(struct mgmt_irk_info));
41edf160
JH		 4955 u16 irk_count, expected_len;
4956 int i, err;
4957
4958 BT_DBG("request for %s", hdev->name);
4959
4960 if (!lmp_le_capable(hdev))
4961 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4962 MGMT_STATUS_NOT_SUPPORTED);
4963
4964 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4965 if (irk_count > max_irk_count) {
4966 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4967 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4968 MGMT_STATUS_INVALID_PARAMS);
4969 }
41edf160
JH		 4970
4971 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4972 if (expected_len != len) {
4973 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4974 expected_len, len);
41edf160
JH		 4975 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4976 MGMT_STATUS_INVALID_PARAMS);
4977 }
4978
4979 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4980
4981 for (i = 0; i < irk_count; i++) {
4982 struct mgmt_irk_info *key = &cp->irks[i];
4983
4984 if (!irk_is_valid(key))
4985 return cmd_status(sk, hdev->id,
4986 MGMT_OP_LOAD_IRKS,
4987 MGMT_STATUS_INVALID_PARAMS);
4988 }
4989
4990 hci_dev_lock(hdev);
4991
4992 hci_smp_irks_clear(hdev);
4993
4994 for (i = 0; i < irk_count; i++) {
4995 struct mgmt_irk_info *irk = &cp->irks[i];
4996 u8 addr_type;
4997
4998 if (irk->addr.type == BDADDR_LE_PUBLIC)
4999 addr_type = ADDR_LE_DEV_PUBLIC;
5000 else
5001 addr_type = ADDR_LE_DEV_RANDOM;
5002
5003 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5004 BDADDR_ANY);
5005 }
5006
5007 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5008
5009 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5010
5011 hci_dev_unlock(hdev);
5012
5013 return err;
5014}
5015
3f706b72
JH		 5016static bool ltk_is_valid(struct mgmt_ltk_info *key)
5017{
5018 if (key->master != 0x00 && key->master != 0x01)
5019 return false;
490cb0b3
MH		 5020
5021 switch (key->addr.type) {
5022 case BDADDR_LE_PUBLIC:
5023 return true;
5024
5025 case BDADDR_LE_RANDOM:
5026 /* Two most significant bits shall be set */
5027 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5028 return false;
5029 return true;
5030 }
5031
5032 return false;
3f706b72
JH		 5033}
5034
bdb6d971 5035static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5036 void *cp_data, u16 len)
346af67b 5037{
346af67b 5038 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5039 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5040 sizeof(struct mgmt_ltk_info));
346af67b 5041 u16 key_count, expected_len;
715a5bf2 5042 int i, err;
346af67b 5043
cf99ba13
MH		 5044 BT_DBG("request for %s", hdev->name);
5045
5046 if (!lmp_le_capable(hdev))
5047 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5048 MGMT_STATUS_NOT_SUPPORTED);
5049
1f350c87 5050 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5051 if (key_count > max_key_count) {
5052 BT_ERR("load_ltks: too big key_count value %u", key_count);
5053 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5054 MGMT_STATUS_INVALID_PARAMS);
5055 }
346af67b
VCG		 5056
5057 expected_len = sizeof(*cp) + key_count *
5058 sizeof(struct mgmt_ltk_info);
5059 if (expected_len != len) {
5060 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5061 expected_len, len);
bdb6d971 5062 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 5063 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5064 }
5065
bdb6d971 5066 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5067
54ad6d8a
JH		 5068 for (i = 0; i < key_count; i++) {
5069 struct mgmt_ltk_info *key = &cp->keys[i];
5070
3f706b72 5071 if (!ltk_is_valid(key))
54ad6d8a
JH		 5072 return cmd_status(sk, hdev->id,
5073 MGMT_OP_LOAD_LONG_TERM_KEYS,
5074 MGMT_STATUS_INVALID_PARAMS);
5075 }
5076
346af67b
VCG		 5077 hci_dev_lock(hdev);
5078
5079 hci_smp_ltks_clear(hdev);
5080
5081 for (i = 0; i < key_count; i++) {
5082 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5083 u8 type, addr_type, authenticated;
79d95a19
MH		 5084
5085 if (key->addr.type == BDADDR_LE_PUBLIC)
5086 addr_type = ADDR_LE_DEV_PUBLIC;
5087 else
5088 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5089
61b43357
JH		 5090 switch (key->type) {
5091 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5092 authenticated = 0x00;
23fb8de3 5093 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5094 break;
5095 case MGMT_LTK_AUTHENTICATED:
d7b25450 5096 authenticated = 0x01;
23fb8de3
JH		 5097 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5098 break;
5099 case MGMT_LTK_P256_UNAUTH:
5100 authenticated = 0x00;
5101 type = SMP_LTK_P256;
61b43357 5102 break;
23fb8de3
JH		 5103 case MGMT_LTK_P256_AUTH:
5104 authenticated = 0x01;
5105 type = SMP_LTK_P256;
61b43357 5106 break;
23fb8de3
JH		 5107 case MGMT_LTK_P256_DEBUG:
5108 authenticated = 0x00;
5109 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5110 default:
5111 continue;
5112 }
d7b25450 5113
35d70271 5114 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5115 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5116 key->rand);
346af67b
VCG		 5117 }
5118
715a5bf2
JH		 5119 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5120 NULL, 0);
5121
346af67b 5122 hci_dev_unlock(hdev);
346af67b 5123
715a5bf2 5124 return err;
346af67b
VCG		 5125}
5126
9df74653 5127static int conn_info_cmd_complete(struct pending_cmd *cmd, u8 status)
dd983808 5128{
dd983808 5129 struct hci_conn *conn = cmd->user_data;
9981bdb0 5130 struct mgmt_rp_get_conn_info rp;
9df74653 5131 int err;
dd983808 5132
9981bdb0 5133 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5134
9981bdb0 5135 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5136 rp.rssi = conn->rssi;
9981bdb0
JH		 5137 rp.tx_power = conn->tx_power;
5138 rp.max_tx_power = conn->max_tx_power;
5139 } else {
5140 rp.rssi = HCI_RSSI_INVALID;
5141 rp.tx_power = HCI_TX_POWER_INVALID;
5142 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5143 }
5144
9df74653
JH		 5145 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
5146 &rp, sizeof(rp));
dd983808
AK		 5147
5148 hci_conn_drop(conn);
f8aaf9b6 5149 hci_conn_put(conn);
9df74653
JH		 5150
5151 return err;
dd983808
AK		 5152}
5153
1904a853
MH		 5154static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5155 u16 opcode)
dd983808
AK		 5156{
5157 struct hci_cp_read_rssi *cp;
9981bdb0 5158 struct pending_cmd *cmd;
dd983808 5159 struct hci_conn *conn;
dd983808 5160 u16 handle;
9981bdb0 5161 u8 status;
dd983808 5162
9981bdb0 5163 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5164
5165 hci_dev_lock(hdev);
5166
dd983808
AK		 5167 /* Commands sent in request are either Read RSSI or Read Transmit Power
5168 * Level so we check which one was last sent to retrieve connection
5169 * handle. Both commands have handle as first parameter so it's safe to
5170 * cast data on the same command struct.
5171 *
5172 * First command sent is always Read RSSI and we fail only if it fails.
5173 * In other case we simply override error to indicate success as we
5174 * already remembered if TX power value is actually valid.
5175 */
5176 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5177 if (!cp) {
5178 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5179 status = MGMT_STATUS_SUCCESS;
5180 } else {
5181 status = mgmt_status(hci_status);
dd983808
AK		 5182 }
5183
5184 if (!cp) {
9981bdb0 5185 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5186 goto unlock;
5187 }
5188
5189 handle = __le16_to_cpu(cp->handle);
5190 conn = hci_conn_hash_lookup_handle(hdev, handle);
5191 if (!conn) {
9981bdb0 5192 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5193 goto unlock;
5194 }
5195
9981bdb0
JH		 5196 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5197 if (!cmd)
5198 goto unlock;
dd983808 5199
9981bdb0
JH		 5200 cmd->cmd_complete(cmd, status);
5201 mgmt_pending_remove(cmd);
dd983808
AK		 5202
5203unlock:
5204 hci_dev_unlock(hdev);
5205}
5206
5207static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5208 u16 len)
5209{
5210 struct mgmt_cp_get_conn_info *cp = data;
5211 struct mgmt_rp_get_conn_info rp;
5212 struct hci_conn *conn;
5213 unsigned long conn_info_age;
5214 int err = 0;
5215
5216 BT_DBG("%s", hdev->name);
5217
5218 memset(&rp, 0, sizeof(rp));
5219 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5220 rp.addr.type = cp->addr.type;
5221
5222 if (!bdaddr_type_is_valid(cp->addr.type))
5223 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5224 MGMT_STATUS_INVALID_PARAMS,
5225 &rp, sizeof(rp));
5226
5227 hci_dev_lock(hdev);
5228
5229 if (!hdev_is_powered(hdev)) {
5230 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5231 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5232 goto unlock;
5233 }
5234
5235 if (cp->addr.type == BDADDR_BREDR)
5236 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5237 &cp->addr.bdaddr);
5238 else
5239 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5240
5241 if (!conn || conn->state != BT_CONNECTED) {
5242 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5243 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
5244 goto unlock;
5245 }
5246
9981bdb0
JH		 5247 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5248 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5249 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5250 goto unlock;
5251 }
5252
dd983808
AK		 5253 /* To avoid client trying to guess when to poll again for information we
5254 * calculate conn info age as random value between min/max set in hdev.
5255 */
5256 conn_info_age = hdev->conn_info_min_age +
5257 prandom_u32_max(hdev->conn_info_max_age -
5258 hdev->conn_info_min_age);
5259
5260 /* Query controller to refresh cached values if they are too old or were
5261 * never read.
5262 */
f4e2dd53
AK		 5263 if (time_after(jiffies, conn->conn_info_timestamp +
5264 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5265 !conn->conn_info_timestamp) {
5266 struct hci_request req;
5267 struct hci_cp_read_tx_power req_txp_cp;
5268 struct hci_cp_read_rssi req_rssi_cp;
5269 struct pending_cmd *cmd;
5270
5271 hci_req_init(&req, hdev);
5272 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5273 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5274 &req_rssi_cp);
5275
f7faab0c
AK		 5276 /* For LE links TX power does not change thus we don't need to
5277 * query for it once value is known.
5278 */
5279 if (!bdaddr_type_is_le(cp->addr.type) ||
5280 conn->tx_power == HCI_TX_POWER_INVALID) {
5281 req_txp_cp.handle = cpu_to_le16(conn->handle);
5282 req_txp_cp.type = 0x00;
5283 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5284 sizeof(req_txp_cp), &req_txp_cp);
5285 }
dd983808 5286
eed5daf3
AK		 5287 /* Max TX power needs to be read only once per connection */
5288 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5289 req_txp_cp.handle = cpu_to_le16(conn->handle);
5290 req_txp_cp.type = 0x01;
5291 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5292 sizeof(req_txp_cp), &req_txp_cp);
5293 }
5294
dd983808
AK		 5295 err = hci_req_run(&req, conn_info_refresh_complete);
5296 if (err < 0)
5297 goto unlock;
5298
5299 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5300 data, len);
5301 if (!cmd) {
5302 err = -ENOMEM;
5303 goto unlock;
5304 }
5305
5306 hci_conn_hold(conn);
f8aaf9b6 5307 cmd->user_data = hci_conn_get(conn);
9981bdb0 5308 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5309
5310 conn->conn_info_timestamp = jiffies;
5311 } else {
5312 /* Cache is valid, just reply with values cached in hci_conn */
5313 rp.rssi = conn->rssi;
5314 rp.tx_power = conn->tx_power;
eed5daf3 5315 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 5316
5317 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5318 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5319 }
5320
5321unlock:
5322 hci_dev_unlock(hdev);
5323 return err;
5324}
5325
9df74653 5326static int clock_info_cmd_complete(struct pending_cmd *cmd, u8 status)
95868426 5327{
69487371 5328 struct hci_conn *conn = cmd->user_data;
95868426 5329 struct mgmt_rp_get_clock_info rp;
69487371 5330 struct hci_dev *hdev;
9df74653 5331 int err;
69487371
JH		 5332
5333 memset(&rp, 0, sizeof(rp));
5334 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5335
5336 if (status)
5337 goto complete;
5338
5339 hdev = hci_dev_get(cmd->index);
5340 if (hdev) {
5341 rp.local_clock = cpu_to_le32(hdev->clock);
5342 hci_dev_put(hdev);
5343 }
5344
5345 if (conn) {
5346 rp.piconet_clock = cpu_to_le32(conn->clock);
5347 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5348 }
5349
5350complete:
9df74653
JH		 5351 err = cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5352 sizeof(rp));
69487371
JH		 5353
5354 if (conn) {
5355 hci_conn_drop(conn);
5356 hci_conn_put(conn);
5357 }
9df74653
JH		 5358
5359 return err;
69487371
JH		 5360}
5361
1904a853 5362static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5363{
95868426
JH		 5364 struct hci_cp_read_clock *hci_cp;
5365 struct pending_cmd *cmd;
5366 struct hci_conn *conn;
5367
5368 BT_DBG("%s status %u", hdev->name, status);
5369
5370 hci_dev_lock(hdev);
5371
5372 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5373 if (!hci_cp)
5374 goto unlock;
5375
5376 if (hci_cp->which) {
5377 u16 handle = __le16_to_cpu(hci_cp->handle);
5378 conn = hci_conn_hash_lookup_handle(hdev, handle);
5379 } else {
5380 conn = NULL;
5381 }
5382
5383 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5384 if (!cmd)
5385 goto unlock;
5386
69487371 5387 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5388 mgmt_pending_remove(cmd);
95868426
JH		 5389
5390unlock:
5391 hci_dev_unlock(hdev);
5392}
5393
5394static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5395 u16 len)
5396{
5397 struct mgmt_cp_get_clock_info *cp = data;
5398 struct mgmt_rp_get_clock_info rp;
5399 struct hci_cp_read_clock hci_cp;
5400 struct pending_cmd *cmd;
5401 struct hci_request req;
5402 struct hci_conn *conn;
5403 int err;
5404
5405 BT_DBG("%s", hdev->name);
5406
5407 memset(&rp, 0, sizeof(rp));
5408 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5409 rp.addr.type = cp->addr.type;
5410
5411 if (cp->addr.type != BDADDR_BREDR)
5412 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5413 MGMT_STATUS_INVALID_PARAMS,
5414 &rp, sizeof(rp));
5415
5416 hci_dev_lock(hdev);
5417
5418 if (!hdev_is_powered(hdev)) {
5419 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5420 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5421 goto unlock;
5422 }
5423
5424 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5425 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5426 &cp->addr.bdaddr);
5427 if (!conn || conn->state != BT_CONNECTED) {
5428 err = cmd_complete(sk, hdev->id,
5429 MGMT_OP_GET_CLOCK_INFO,
5430 MGMT_STATUS_NOT_CONNECTED,
5431 &rp, sizeof(rp));
5432 goto unlock;
5433 }
5434 } else {
5435 conn = NULL;
5436 }
5437
5438 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5439 if (!cmd) {
5440 err = -ENOMEM;
5441 goto unlock;
5442 }
5443
69487371
JH		 5444 cmd->cmd_complete = clock_info_cmd_complete;
5445
95868426
JH		 5446 hci_req_init(&req, hdev);
5447
5448 memset(&hci_cp, 0, sizeof(hci_cp));
5449 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5450
5451 if (conn) {
5452 hci_conn_hold(conn);
f8aaf9b6 5453 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5454
5455 hci_cp.handle = cpu_to_le16(conn->handle);
5456 hci_cp.which = 0x01; /* Piconet clock */
5457 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5458 }
5459
5460 err = hci_req_run(&req, get_clock_info_complete);
5461 if (err < 0)
5462 mgmt_pending_remove(cmd);
5463
5464unlock:
5465 hci_dev_unlock(hdev);
5466 return err;
5467}
5468
5a154e6f
JH		 5469static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5470{
5471 struct hci_conn *conn;
5472
5473 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5474 if (!conn)
5475 return false;
5476
5477 if (conn->dst_type != type)
5478 return false;
5479
5480 if (conn->state != BT_CONNECTED)
5481 return false;
5482
5483 return true;
5484}
5485
5486/* This function requires the caller holds hdev->lock */
5487static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5488 u8 addr_type, u8 auto_connect)
5489{
5490 struct hci_dev *hdev = req->hdev;
5491 struct hci_conn_params *params;
5492
5493 params = hci_conn_params_add(hdev, addr, addr_type);
5494 if (!params)
5495 return -EIO;
5496
5497 if (params->auto_connect == auto_connect)
5498 return 0;
5499
5500 list_del_init(&params->action);
5501
5502 switch (auto_connect) {
5503 case HCI_AUTO_CONN_DISABLED:
5504 case HCI_AUTO_CONN_LINK_LOSS:
5505 __hci_update_background_scan(req);
5506 break;
5507 case HCI_AUTO_CONN_REPORT:
5508 list_add(&params->action, &hdev->pend_le_reports);
5509 __hci_update_background_scan(req);
5510 break;
5511 case HCI_AUTO_CONN_DIRECT:
5512 case HCI_AUTO_CONN_ALWAYS:
5513 if (!is_connected(hdev, addr, addr_type)) {
5514 list_add(&params->action, &hdev->pend_le_conns);
5515 __hci_update_background_scan(req);
5516 }
5517 break;
5518 }
5519
5520 params->auto_connect = auto_connect;
5521
5522 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5523 auto_connect);
5524
5525 return 0;
5526}
5527
8afef092
MH		 5528static void device_added(struct sock *sk, struct hci_dev *hdev,
5529 bdaddr_t *bdaddr, u8 type, u8 action)
5530{
5531 struct mgmt_ev_device_added ev;
5532
5533 bacpy(&ev.addr.bdaddr, bdaddr);
5534 ev.addr.type = type;
5535 ev.action = action;
5536
5537 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5538}
5539
1904a853 5540static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5a154e6f
JH		 5541{
5542 struct pending_cmd *cmd;
5543
5544 BT_DBG("status 0x%02x", status);
5545
5546 hci_dev_lock(hdev);
5547
5548 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
5549 if (!cmd)
5550 goto unlock;
5551
5552 cmd->cmd_complete(cmd, mgmt_status(status));
5553 mgmt_pending_remove(cmd);
5554
5555unlock:
5556 hci_dev_unlock(hdev);
5557}
5558
2faade53
MH		 5559static int add_device(struct sock *sk, struct hci_dev *hdev,
5560 void *data, u16 len)
5561{
5562 struct mgmt_cp_add_device *cp = data;
5a154e6f
JH		 5563 struct pending_cmd *cmd;
5564 struct hci_request req;
2faade53
MH		 5565 u8 auto_conn, addr_type;
5566 int err;
5567
5568 BT_DBG("%s", hdev->name);
5569
6659358e 5570 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53
MH		 5571 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5572 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5573 MGMT_STATUS_INVALID_PARAMS,
5574 &cp->addr, sizeof(cp->addr));
5575
4b9e7e75 5576 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2faade53
MH		 5577 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5578 MGMT_STATUS_INVALID_PARAMS,
5579 &cp->addr, sizeof(cp->addr));
5580
5a154e6f
JH		 5581 hci_req_init(&req, hdev);
5582
2faade53
MH		 5583 hci_dev_lock(hdev);
5584
5a154e6f
JH		 5585 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5586 if (!cmd) {
5587 err = -ENOMEM;
5588 goto unlock;
5589 }
5590
5591 cmd->cmd_complete = addr_cmd_complete;
5592
6659358e 5593 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5594 /* Only incoming connections action is supported for now */
6659358e 5595 if (cp->action != 0x01) {
9df74653
JH		 5596 err = cmd->cmd_complete(cmd,
5597 MGMT_STATUS_INVALID_PARAMS);
5a154e6f 5598 mgmt_pending_remove(cmd);
6659358e
JH		 5599 goto unlock;
5600 }
5601
5602 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5603 cp->addr.type);
5604 if (err)
5605 goto unlock;
a397407f 5606
5a154e6f 5607 __hci_update_page_scan(&req);
a397407f 5608
6659358e
JH		 5609 goto added;
5610 }
5611
2faade53
MH		 5612 if (cp->addr.type == BDADDR_LE_PUBLIC)
5613 addr_type = ADDR_LE_DEV_PUBLIC;
5614 else
5615 addr_type = ADDR_LE_DEV_RANDOM;
5616
4b9e7e75 5617 if (cp->action == 0x02)
2faade53 5618 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5619 else if (cp->action == 0x01)
5620 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5621 else
a3451d27 5622 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5623
bf5b3c8b
MH		 5624 /* If the connection parameters don't exist for this device,
5625 * they will be created and configured with defaults.
5626 */
5a154e6f 5627 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
d06b50ce 5628 auto_conn) < 0) {
9df74653 5629 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5a154e6f 5630 mgmt_pending_remove(cmd);
2faade53
MH		 5631 goto unlock;
5632 }
5633
6659358e 5634added:
8afef092
MH		 5635 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5636
5a154e6f
JH		 5637 err = hci_req_run(&req, add_device_complete);
5638 if (err < 0) {
5639 /* ENODATA means no HCI commands were needed (e.g. if
5640 * the adapter is powered off).
5641 */
9df74653
JH		 5642 if (err == -ENODATA)
5643 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5a154e6f
JH		 5644 mgmt_pending_remove(cmd);
5645 }
2faade53
MH		 5646
5647unlock:
5648 hci_dev_unlock(hdev);
5649 return err;
5650}
5651
8afef092
MH		 5652static void device_removed(struct sock *sk, struct hci_dev *hdev,
5653 bdaddr_t *bdaddr, u8 type)
5654{
5655 struct mgmt_ev_device_removed ev;
5656
5657 bacpy(&ev.addr.bdaddr, bdaddr);
5658 ev.addr.type = type;
5659
5660 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5661}
5662
1904a853 5663static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
51ef3ebe
JH		 5664{
5665 struct pending_cmd *cmd;
5666
5667 BT_DBG("status 0x%02x", status);
5668
5669 hci_dev_lock(hdev);
5670
5671 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
5672 if (!cmd)
5673 goto unlock;
5674
5675 cmd->cmd_complete(cmd, mgmt_status(status));
5676 mgmt_pending_remove(cmd);
5677
5678unlock:
5679 hci_dev_unlock(hdev);
5680}
5681
2faade53
MH		 5682static int remove_device(struct sock *sk, struct hci_dev *hdev,
5683 void *data, u16 len)
5684{
5685 struct mgmt_cp_remove_device *cp = data;
51ef3ebe
JH		 5686 struct pending_cmd *cmd;
5687 struct hci_request req;
2faade53
MH		 5688 int err;
5689
5690 BT_DBG("%s", hdev->name);
5691
51ef3ebe
JH		 5692 hci_req_init(&req, hdev);
5693
2faade53
MH		 5694 hci_dev_lock(hdev);
5695
51ef3ebe
JH		 5696 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5697 if (!cmd) {
5698 err = -ENOMEM;
5699 goto unlock;
5700 }
5701
5702 cmd->cmd_complete = addr_cmd_complete;
5703
2faade53 5704 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5705 struct hci_conn_params *params;
2faade53
MH		 5706 u8 addr_type;
5707
6659358e 5708 if (!bdaddr_type_is_valid(cp->addr.type)) {
9df74653
JH		 5709 err = cmd->cmd_complete(cmd,
5710 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5711 mgmt_pending_remove(cmd);
2faade53
MH		 5712 goto unlock;
5713 }
5714
6659358e
JH		 5715 if (cp->addr.type == BDADDR_BREDR) {
5716 err = hci_bdaddr_list_del(&hdev->whitelist,
5717 &cp->addr.bdaddr,
5718 cp->addr.type);
5719 if (err) {
9df74653
JH		 5720 err = cmd->cmd_complete(cmd,
5721 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5722 mgmt_pending_remove(cmd);
6659358e
JH		 5723 goto unlock;
5724 }
5725
51ef3ebe 5726 __hci_update_page_scan(&req);
a397407f 5727
6659358e
JH		 5728 device_removed(sk, hdev, &cp->addr.bdaddr,
5729 cp->addr.type);
5730 goto complete;
5731 }
5732
2faade53
MH		 5733 if (cp->addr.type == BDADDR_LE_PUBLIC)
5734 addr_type = ADDR_LE_DEV_PUBLIC;
5735 else
5736 addr_type = ADDR_LE_DEV_RANDOM;
5737
c71593dd
JH		 5738 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5739 addr_type);
5740 if (!params) {
9df74653
JH		 5741 err = cmd->cmd_complete(cmd,
5742 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5743 mgmt_pending_remove(cmd);
c71593dd
JH		 5744 goto unlock;
5745 }
5746
5747 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
9df74653
JH		 5748 err = cmd->cmd_complete(cmd,
5749 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5750 mgmt_pending_remove(cmd);
c71593dd
JH		 5751 goto unlock;
5752 }
5753
d1dbf12e 5754 list_del(&params->action);
c71593dd
JH		 5755 list_del(&params->list);
5756 kfree(params);
51ef3ebe 5757 __hci_update_background_scan(&req);
8afef092
MH		 5758
5759 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5760 } else {
19de0825 5761 struct hci_conn_params *p, *tmp;
6659358e 5762 struct bdaddr_list *b, *btmp;
19de0825 5763
2faade53 5764 if (cp->addr.type) {
9df74653
JH		 5765 err = cmd->cmd_complete(cmd,
5766 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5767 mgmt_pending_remove(cmd);
2faade53
MH		 5768 goto unlock;
5769 }
5770
6659358e
JH		 5771 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5772 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5773 list_del(&b->list);
5774 kfree(b);
5775 }
5776
51ef3ebe 5777 __hci_update_page_scan(&req);
a397407f 5778
19de0825
JH		 5779 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5780 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5781 continue;
5782 device_removed(sk, hdev, &p->addr, p->addr_type);
5783 list_del(&p->action);
5784 list_del(&p->list);
5785 kfree(p);
5786 }
5787
5788 BT_DBG("All LE connection parameters were removed");
5789
51ef3ebe 5790 __hci_update_background_scan(&req);
2faade53
MH		 5791 }
5792
6659358e 5793complete:
51ef3ebe
JH		 5794 err = hci_req_run(&req, remove_device_complete);
5795 if (err < 0) {
5796 /* ENODATA means no HCI commands were needed (e.g. if
5797 * the adapter is powered off).
5798 */
9df74653
JH		 5799 if (err == -ENODATA)
5800 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
51ef3ebe
JH		 5801 mgmt_pending_remove(cmd);
5802 }
2faade53
MH		 5803
5804unlock:
5805 hci_dev_unlock(hdev);
5806 return err;
5807}
5808
a26f3dcf
JH		 5809static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5810 u16 len)
5811{
5812 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5813 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5814 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5815 u16 param_count, expected_len;
5816 int i;
5817
5818 if (!lmp_le_capable(hdev))
5819 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5820 MGMT_STATUS_NOT_SUPPORTED);
5821
5822 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5823 if (param_count > max_param_count) {
5824 BT_ERR("load_conn_param: too big param_count value %u",
5825 param_count);
5826 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5827 MGMT_STATUS_INVALID_PARAMS);
5828 }
a26f3dcf
JH		 5829
5830 expected_len = sizeof(*cp) + param_count *
5831 sizeof(struct mgmt_conn_param);
5832 if (expected_len != len) {
5833 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5834 expected_len, len);
5835 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5836 MGMT_STATUS_INVALID_PARAMS);
5837 }
5838
5839 BT_DBG("%s param_count %u", hdev->name, param_count);
5840
5841 hci_dev_lock(hdev);
5842
5843 hci_conn_params_clear_disabled(hdev);
5844
5845 for (i = 0; i < param_count; i++) {
5846 struct mgmt_conn_param *param = &cp->params[i];
5847 struct hci_conn_params *hci_param;
5848 u16 min, max, latency, timeout;
5849 u8 addr_type;
5850
5851 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5852 param->addr.type);
5853
5854 if (param->addr.type == BDADDR_LE_PUBLIC) {
5855 addr_type = ADDR_LE_DEV_PUBLIC;
5856 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5857 addr_type = ADDR_LE_DEV_RANDOM;
5858 } else {
5859 BT_ERR("Ignoring invalid connection parameters");
5860 continue;
5861 }
5862
5863 min = le16_to_cpu(param->min_interval);
5864 max = le16_to_cpu(param->max_interval);
5865 latency = le16_to_cpu(param->latency);
5866 timeout = le16_to_cpu(param->timeout);
5867
5868 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5869 min, max, latency, timeout);
5870
5871 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5872 BT_ERR("Ignoring invalid connection parameters");
5873 continue;
5874 }
5875
5876 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5877 addr_type);
5878 if (!hci_param) {
5879 BT_ERR("Failed to add connection parameters");
5880 continue;
5881 }
5882
5883 hci_param->conn_min_interval = min;
5884 hci_param->conn_max_interval = max;
5885 hci_param->conn_latency = latency;
5886 hci_param->supervision_timeout = timeout;
5887 }
5888
5889 hci_dev_unlock(hdev);
5890
5891 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5892}
5893
dbece37a
MH		 5894static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5895 void *data, u16 len)
5896{
5897 struct mgmt_cp_set_external_config *cp = data;
5898 bool changed;
5899 int err;
5900
5901 BT_DBG("%s", hdev->name);
5902
5903 if (hdev_is_powered(hdev))
5904 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5905 MGMT_STATUS_REJECTED);
5906
5907 if (cp->config != 0x00 && cp->config != 0x01)
5908 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5909 MGMT_STATUS_INVALID_PARAMS);
5910
5911 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5912 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5913 MGMT_STATUS_NOT_SUPPORTED);
5914
5915 hci_dev_lock(hdev);
5916
5917 if (cp->config)
5918 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5919 &hdev->dev_flags);
5920 else
5921 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5922 &hdev->dev_flags);
5923
5924 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5925 if (err < 0)
5926 goto unlock;
5927
5928 if (!changed)
5929 goto unlock;
5930
f4537c04
MH		 5931 err = new_options(hdev, sk);
5932
dbece37a
MH		 5933 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5934 mgmt_index_removed(hdev);
d603b76b
MH		 5935
5936 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5937 set_bit(HCI_CONFIG, &hdev->dev_flags);
5938 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5939
5940 queue_work(hdev->req_workqueue, &hdev->power_on);
5941 } else {
5ea234d3 5942 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5943 mgmt_index_added(hdev);
5944 }
dbece37a
MH		 5945 }
5946
5947unlock:
5948 hci_dev_unlock(hdev);
5949 return err;
5950}
5951
9713c17b
MH		 5952static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5953 void *data, u16 len)
5954{
5955 struct mgmt_cp_set_public_address *cp = data;
5956 bool changed;
5957 int err;
5958
5959 BT_DBG("%s", hdev->name);
5960
5961 if (hdev_is_powered(hdev))
5962 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5963 MGMT_STATUS_REJECTED);
5964
5965 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5966 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5967 MGMT_STATUS_INVALID_PARAMS);
5968
5969 if (!hdev->set_bdaddr)
5970 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5971 MGMT_STATUS_NOT_SUPPORTED);
5972
5973 hci_dev_lock(hdev);
5974
5975 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5976 bacpy(&hdev->public_addr, &cp->bdaddr);
5977
5978 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5979 if (err < 0)
5980 goto unlock;
5981
5982 if (!changed)
5983 goto unlock;
5984
5985 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5986 err = new_options(hdev, sk);
5987
5988 if (is_configured(hdev)) {
5989 mgmt_index_removed(hdev);
5990
5991 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5992
5993 set_bit(HCI_CONFIG, &hdev->dev_flags);
5994 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5995
5996 queue_work(hdev->req_workqueue, &hdev->power_on);
5997 }
5998
5999unlock:
6000 hci_dev_unlock(hdev);
6001 return err;
6002}
6003
2e3c35ea 6004static const struct mgmt_handler {
04124681
GP		 6005 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
6006 u16 data_len);
be22b54e
JH		 6007 bool var_len;
6008 size_t data_len;
0f4e68cf
JH		 6009} mgmt_handlers[] = {
6010 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 6011 { read_version, false, MGMT_READ_VERSION_SIZE },
6012 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
6013 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
6014 { read_controller_info, false, MGMT_READ_INFO_SIZE },
6015 { set_powered, false, MGMT_SETTING_SIZE },
6016 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
6017 { set_connectable, false, MGMT_SETTING_SIZE },
6018 { set_fast_connectable, false, MGMT_SETTING_SIZE },
b2939475 6019 { set_bondable, false, MGMT_SETTING_SIZE },
be22b54e
JH		 6020 { set_link_security, false, MGMT_SETTING_SIZE },
6021 { set_ssp, false, MGMT_SETTING_SIZE },
6022 { set_hs, false, MGMT_SETTING_SIZE },
6023 { set_le, false, MGMT_SETTING_SIZE },
6024 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
6025 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
6026 { add_uuid, false, MGMT_ADD_UUID_SIZE },
6027 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
6028 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
6029 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
6030 { disconnect, false, MGMT_DISCONNECT_SIZE },
6031 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
6032 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
6033 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6034 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
6035 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
6036 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6037 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
6038 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
6039 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6040 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
6041 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6042 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 6043 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 6044 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6045 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
6046 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
6047 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
6048 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
6049 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 6050 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 6051 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 6052 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 6053 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 6054 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 6055 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 6056 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 6057 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 6058 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 6059 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 6060 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 6061 { add_device, false, MGMT_ADD_DEVICE_SIZE },
6062 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
73d1df2a
MH		 6063 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
6064 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
9fc3bfb6 6065 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
dbece37a 6066 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
9713c17b 6067 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
66ea9427 6068 { start_service_discovery,true, MGMT_START_SERVICE_DISCOVERY_SIZE },
0f4e68cf
JH		 6069};
6070
0381101f
JH		 6071int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
6072{
650f726d
VCG		 6073 void *buf;
6074 u8 *cp;
0381101f 6075 struct mgmt_hdr *hdr;
4e51eae9 6076 u16 opcode, index, len;
bdb6d971 6077 struct hci_dev *hdev = NULL;
2e3c35ea 6078 const struct mgmt_handler *handler;
0381101f
JH		 6079 int err;
6080
6081 BT_DBG("got %zu bytes", msglen);
6082
6083 if (msglen < sizeof(*hdr))
6084 return -EINVAL;
6085
e63a15ec 6086 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 6087 if (!buf)
6088 return -ENOMEM;
6089
6ce8e9ce 6090 if (memcpy_from_msg(buf, msg, msglen)) {
0381101f
JH		 6091 err = -EFAULT;
6092 goto done;
6093 }
6094
650f726d 6095 hdr = buf;
1f350c87
MH		 6096 opcode = __le16_to_cpu(hdr->opcode);
6097 index = __le16_to_cpu(hdr->index);
6098 len = __le16_to_cpu(hdr->len);
0381101f
JH		 6099
6100 if (len != msglen - sizeof(*hdr)) {
6101 err = -EINVAL;
6102 goto done;
6103 }
6104
0f4e68cf 6105 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 6106 hdev = hci_dev_get(index);
6107 if (!hdev) {
6108 err = cmd_status(sk, index, opcode,
04124681 6109 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 6110 goto done;
6111 }
0736cfa8 6112
cebf4cfd 6113 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 6114 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 6115 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 6116 err = cmd_status(sk, index, opcode,
6117 MGMT_STATUS_INVALID_INDEX);
6118 goto done;
6119 }
42a9bc14
MH		 6120
6121 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
dbece37a 6122 opcode != MGMT_OP_READ_CONFIG_INFO &&
9713c17b
MH		 6123 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
6124 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
42a9bc14
MH		 6125 err = cmd_status(sk, index, opcode,
6126 MGMT_STATUS_INVALID_INDEX);
6127 goto done;
6128 }
bdb6d971
JH		 6129 }
6130
0f4e68cf 6131 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 6132 mgmt_handlers[opcode].func == NULL) {
0381101f 6133 BT_DBG("Unknown op %u", opcode);
ca69b795 6134 err = cmd_status(sk, index, opcode,
04124681 6135 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 6136 goto done;
6137 }
6138
73d1df2a
MH		 6139 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
6140 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
6141 err = cmd_status(sk, index, opcode,
6142 MGMT_STATUS_INVALID_INDEX);
6143 goto done;
6144 }
6145
6146 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
6147 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
0f4e68cf 6148 err = cmd_status(sk, index, opcode,
04124681 6149 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 6150 goto done;
0381101f
JH		 6151 }
6152
be22b54e
JH		 6153 handler = &mgmt_handlers[opcode];
6154
6155 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 6156 (!handler->var_len && len != handler->data_len)) {
be22b54e 6157 err = cmd_status(sk, index, opcode,
04124681 6158 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 6159 goto done;
6160 }
6161
0f4e68cf
JH		 6162 if (hdev)
6163 mgmt_init_hdev(sk, hdev);
6164
6165 cp = buf + sizeof(*hdr);
6166
be22b54e 6167 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 6168 if (err < 0)
6169 goto done;
6170
0381101f
JH		 6171 err = msglen;
6172
6173done:
bdb6d971
JH		 6174 if (hdev)
6175 hci_dev_put(hdev);
6176
0381101f
JH		 6177 kfree(buf);
6178 return err;
6179}
c71e97bf 6180
bf6b56db 6181void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6182{
1514b892 6183 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6184 return;
bb4b2a9a 6185
0602a8ad
MH		 6186 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6187 return;
6188
6189 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6190 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
6191 else
6192 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 6193}
6194
bf6b56db 6195void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6196{
5f159032 6197 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6198
1514b892 6199 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6200 return;
bb4b2a9a 6201
0602a8ad
MH		 6202 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6203 return;
6204
1b9b5ee5 6205 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6206
edd3896b
MH		 6207 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6208 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
6209 else
6210 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 6211}
6212
6046dc3e 6213/* This function requires the caller holds hdev->lock */
2cf22218 6214static void restart_le_actions(struct hci_request *req)
6046dc3e 6215{
2cf22218 6216 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 6217 struct hci_conn_params *p;
6218
6219 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6220 /* Needed for AUTO_OFF case where might not "really"
6221 * have been powered off.
6222 */
6223 list_del_init(&p->action);
6224
6225 switch (p->auto_connect) {
4b9e7e75 6226 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6227 case HCI_AUTO_CONN_ALWAYS:
6228 list_add(&p->action, &hdev->pend_le_conns);
6229 break;
6230 case HCI_AUTO_CONN_REPORT:
6231 list_add(&p->action, &hdev->pend_le_reports);
6232 break;
6233 default:
6234 break;
c83ed19d 6235 }
6046dc3e 6236 }
c83ed19d 6237
2cf22218 6238 __hci_update_background_scan(req);
6046dc3e
AG		 6239}
6240
1904a853 6241static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 6242{
6243 struct cmd_lookup match = { NULL, hdev };
6244
6245 BT_DBG("status 0x%02x", status);
6246
162a3bac
MH		 6247 if (!status) {
6248 /* Register the available SMP channels (BR/EDR and LE) only
6249 * when successfully powering on the controller. This late
6250 * registration is required so that LE SMP can clearly
6251 * decide if the public address or static address is used.
6252 */
6253 smp_register(hdev);
6254 }
6255
229ab39c
JH		 6256 hci_dev_lock(hdev);
6257
6258 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6259
6260 new_settings(hdev, match.sk);
6261
6262 hci_dev_unlock(hdev);
6263
6264 if (match.sk)
6265 sock_put(match.sk);
6266}
6267
70da6243 6268static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6269{
890ea898 6270 struct hci_request req;
70da6243 6271 u8 link_sec;
5add6af8 6272
890ea898
JH		 6273 hci_req_init(&req, hdev);
6274
70da6243
JH		 6275 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
6276 !lmp_host_ssp_capable(hdev)) {
574ea3c7 6277 u8 mode = 0x01;
5e5282bb 6278
574ea3c7
MH		 6279 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6280
6281 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6282 u8 support = 0x01;
5add6af8 6283
574ea3c7
MH		 6284 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6285 sizeof(support), &support);
6286 }
ec6f99b8
JH		 6287 }
6288
c73eee91
JH		 6289 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
6290 lmp_bredr_capable(hdev)) {
70da6243 6291 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6292
32226e4f
MH		 6293 cp.le = 0x01;
6294 cp.simul = 0x00;
3d1cbdd6 6295
70da6243
JH		 6296 /* Check first if we already have the right
6297 * host state (host features set)
6298 */
6299 if (cp.le != lmp_host_le_capable(hdev) ||
6300 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6301 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6302 sizeof(cp), &cp);
70da6243 6303 }
3d1cbdd6 6304
d13eafce 6305 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6306 /* Make sure the controller has a good default for
6307 * advertising data. This also applies to the case
6308 * where BR/EDR was toggled during the AUTO_OFF phase.
6309 */
f14d8f64 6310 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 6311 update_adv_data(&req);
f14d8f64
MH		 6312 update_scan_rsp_data(&req);
6313 }
441ad2d0 6314
bba3aa55
MH		 6315 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6316 enable_advertising(&req);
2cf22218
JH		 6317
6318 restart_le_actions(&req);
eeca6f89
JH		 6319 }
6320
70da6243
JH		 6321 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
6322 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6323 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6324 sizeof(link_sec), &link_sec);
562fcc24 6325
70da6243 6326 if (lmp_bredr_capable(hdev)) {
432df05e 6327 write_fast_connectable(&req, false);
1d2dc5b7 6328 __hci_update_page_scan(&req);
890ea898 6329 update_class(&req);
13928971 6330 update_name(&req);
890ea898 6331 update_eir(&req);
70da6243 6332 }
562fcc24 6333
229ab39c 6334 return hci_req_run(&req, powered_complete);
70da6243 6335}
562fcc24 6336
70da6243
JH		 6337int mgmt_powered(struct hci_dev *hdev, u8 powered)
6338{
6339 struct cmd_lookup match = { NULL, hdev };
9845904f 6340 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6341 int err;
f0ff92fb 6342
70da6243
JH		 6343 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
6344 return 0;
6345
70da6243 6346 if (powered) {
229ab39c
JH		 6347 if (powered_update_hci(hdev) == 0)
6348 return 0;
fe038884 6349
229ab39c
JH		 6350 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6351 &match);
6352 goto new_settings;
b24752fe
JH		 6353 }
6354
229ab39c 6355 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6356
6357 /* If the power off is because of hdev unregistration let
6358 * use the appropriate INVALID_INDEX status. Otherwise use
6359 * NOT_POWERED. We cover both scenarios here since later in
6360 * mgmt_index_removed() any hci_conn callbacks will have already
6361 * been triggered, potentially causing misleading DISCONNECTED
6362 * status responses.
6363 */
6364 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags))
6365 status = MGMT_STATUS_INVALID_INDEX;
6366 else
6367 status = MGMT_STATUS_NOT_POWERED;
6368
6369 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6370
6371 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6372 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6373 zero_cod, sizeof(zero_cod), NULL);
6374
6375new_settings:
beadb2bd 6376 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6377
6378 if (match.sk)
6379 sock_put(match.sk);
6380
7bb895d6 6381 return err;
5add6af8 6382}
73f22f62 6383
3eec705e 6384void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 6385{
6386 struct pending_cmd *cmd;
6387 u8 status;
6388
6389 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6390 if (!cmd)
3eec705e 6391 return;
96570ffc
JH		 6392
6393 if (err == -ERFKILL)
6394 status = MGMT_STATUS_RFKILLED;
6395 else
6396 status = MGMT_STATUS_FAILED;
6397
3eec705e 6398 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6399
6400 mgmt_pending_remove(cmd);
96570ffc
JH		 6401}
6402
d1967ff8
MH		 6403void mgmt_discoverable_timeout(struct hci_dev *hdev)
6404{
6405 struct hci_request req;
d1967ff8
MH		 6406
6407 hci_dev_lock(hdev);
6408
6409 /* When discoverable timeout triggers, then just make sure
6410 * the limited discoverable flag is cleared. Even in the case
6411 * of a timeout triggered from general discoverable, it is
6412 * safe to unconditionally clear the flag.
6413 */
6414 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 6415 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 6416
6417 hci_req_init(&req, hdev);
4b580614
JH		 6418 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6419 u8 scan = SCAN_PAGE;
6420 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6421 sizeof(scan), &scan);
6422 }
d1967ff8 6423 update_class(&req);
9a43e25f 6424 update_adv_data(&req);
d1967ff8
MH		 6425 hci_req_run(&req, NULL);
6426
6427 hdev->discov_timeout = 0;
6428
9a43e25f
JH		 6429 new_settings(hdev, NULL);
6430
d1967ff8
MH		 6431 hci_dev_unlock(hdev);
6432}
6433
dc4a5ee2
MH		 6434void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6435 bool persistent)
55ed8ca1 6436{
86742e1e 6437 struct mgmt_ev_new_link_key ev;
55ed8ca1 6438
a492cd52 6439 memset(&ev, 0, sizeof(ev));
55ed8ca1 6440
a492cd52 6441 ev.store_hint = persistent;
d753fdc4 6442 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6443 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6444 ev.key.type = key->type;
9b3b4460 6445 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6446 ev.key.pin_len = key->pin_len;
55ed8ca1 6447
dc4a5ee2 6448 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6449}
f7520543 6450
d7b25450
JH		 6451static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6452{
23fb8de3
JH		 6453 switch (ltk->type) {
6454 case SMP_LTK:
6455 case SMP_LTK_SLAVE:
6456 if (ltk->authenticated)
6457 return MGMT_LTK_AUTHENTICATED;
6458 return MGMT_LTK_UNAUTHENTICATED;
6459 case SMP_LTK_P256:
6460 if (ltk->authenticated)
6461 return MGMT_LTK_P256_AUTH;
6462 return MGMT_LTK_P256_UNAUTH;
6463 case SMP_LTK_P256_DEBUG:
6464 return MGMT_LTK_P256_DEBUG;
6465 }
d7b25450
JH		 6466
6467 return MGMT_LTK_UNAUTHENTICATED;
6468}
6469
53ac6ab6 6470void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6471{
6472 struct mgmt_ev_new_long_term_key ev;
6473
6474 memset(&ev, 0, sizeof(ev));
6475
5192d301
MH		 6476 /* Devices using resolvable or non-resolvable random addresses
6477 * without providing an indentity resolving key don't require
6478 * to store long term keys. Their addresses will change the
6479 * next time around.
6480 *
6481 * Only when a remote device provides an identity address
6482 * make sure the long term key is stored. If the remote
6483 * identity is known, the long term keys are internally
6484 * mapped to the identity address. So allow static random
6485 * and public addresses here.
6486 */
ba74b666
JH		 6487 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6488 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6489 ev.store_hint = 0x00;
6490 else
53ac6ab6 6491 ev.store_hint = persistent;
ba74b666 6492
346af67b 6493 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6494 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6495 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6496 ev.key.enc_size = key->enc_size;
6497 ev.key.ediv = key->ediv;
fe39c7b2 6498 ev.key.rand = key->rand;
346af67b 6499
2ceba539 6500 if (key->type == SMP_LTK)
346af67b
VCG		 6501 ev.key.master = 1;
6502
346af67b
VCG		 6503 memcpy(ev.key.val, key->val, sizeof(key->val));
6504
083368f7 6505 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6506}
6507
95fbac8a
JH		 6508void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6509{
6510 struct mgmt_ev_new_irk ev;
6511
6512 memset(&ev, 0, sizeof(ev));
6513
bab6d1e5
MH		 6514 /* For identity resolving keys from devices that are already
6515 * using a public address or static random address, do not
6516 * ask for storing this key. The identity resolving key really
6517 * is only mandatory for devices using resovlable random
6518 * addresses.
6519 *
6520 * Storing all identity resolving keys has the downside that
6521 * they will be also loaded on next boot of they system. More
6522 * identity resolving keys, means more time during scanning is
6523 * needed to actually resolve these addresses.
6524 */
6525 if (bacmp(&irk->rpa, BDADDR_ANY))
6526 ev.store_hint = 0x01;
6527 else
6528 ev.store_hint = 0x00;
6529
95fbac8a
JH		 6530 bacpy(&ev.rpa, &irk->rpa);
6531 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6532 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6533 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6534
6535 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6536}
6537
53ac6ab6
MH		 6538void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6539 bool persistent)
7ee4ea36
MH		 6540{
6541 struct mgmt_ev_new_csrk ev;
6542
6543 memset(&ev, 0, sizeof(ev));
6544
6545 /* Devices using resolvable or non-resolvable random addresses
6546 * without providing an indentity resolving key don't require
6547 * to store signature resolving keys. Their addresses will change
6548 * the next time around.
6549 *
6550 * Only when a remote device provides an identity address
6551 * make sure the signature resolving key is stored. So allow
6552 * static random and public addresses here.
6553 */
6554 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6555 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6556 ev.store_hint = 0x00;
6557 else
53ac6ab6 6558 ev.store_hint = persistent;
7ee4ea36
MH		 6559
6560 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6561 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6562 ev.key.master = csrk->master;
6563 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6564
6565 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6566}
6567
ffb5a827 6568void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6569 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6570 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6571{
6572 struct mgmt_ev_new_conn_param ev;
6573
c103aea6
JH		 6574 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6575 return;
6576
ffb5a827
AG		 6577 memset(&ev, 0, sizeof(ev));
6578 bacpy(&ev.addr.bdaddr, bdaddr);
6579 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6580 ev.store_hint = store_hint;
ffb5a827
AG		 6581 ev.min_interval = cpu_to_le16(min_interval);
6582 ev.max_interval = cpu_to_le16(max_interval);
6583 ev.latency = cpu_to_le16(latency);
6584 ev.timeout = cpu_to_le16(timeout);
6585
6586 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6587}
6588
94933991
MH		 6589static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6590 u8 data_len)
6591{
6592 eir[eir_len++] = sizeof(type) + data_len;
6593 eir[eir_len++] = type;
6594 memcpy(&eir[eir_len], data, data_len);
6595 eir_len += data_len;
6596
6597 return eir_len;
6598}
6599
48ec92fa
AA		 6600void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6601 u32 flags, u8 *name, u8 name_len)
f7520543 6602{
b644ba33
JH		 6603 char buf[512];
6604 struct mgmt_ev_device_connected *ev = (void *) buf;
6605 u16 eir_len = 0;
f7520543 6606
48ec92fa
AA		 6607 bacpy(&ev->addr.bdaddr, &conn->dst);
6608 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6609
c95f0ba7 6610 ev->flags = __cpu_to_le32(flags);
08c79b61 6611
fd45ada9
AA		 6612 /* We must ensure that the EIR Data fields are ordered and
6613 * unique. Keep it simple for now and avoid the problem by not
6614 * adding any BR/EDR data to the LE adv.
6615 */
6616 if (conn->le_adv_data_len > 0) {
6617 memcpy(&ev->eir[eir_len],
6618 conn->le_adv_data, conn->le_adv_data_len);
6619 eir_len = conn->le_adv_data_len;
6620 } else {
6621 if (name_len > 0)
6622 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6623 name, name_len);
b644ba33 6624
ddbea5cf 6625 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6626 eir_len = eir_append_data(ev->eir, eir_len,
6627 EIR_CLASS_OF_DEV,
6628 conn->dev_class, 3);
6629 }
b644ba33 6630
eb55ef07 6631 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6632
ecd90ae7
MH		 6633 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6634 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6635}
6636
8962ee74
JH		 6637static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6638{
8962ee74 6639 struct sock **sk = data;
8962ee74 6640
f5818c22 6641 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6642
6643 *sk = cmd->sk;
6644 sock_hold(*sk);
6645
a664b5bc 6646 mgmt_pending_remove(cmd);
8962ee74
JH		 6647}
6648
124f6e35 6649static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 6650{
b1078ad0 6651 struct hci_dev *hdev = data;
124f6e35 6652 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6653
b1078ad0
JH		 6654 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6655
d8b7b1e4 6656 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6657 mgmt_pending_remove(cmd);
6658}
6659
84c61d92
JH		 6660bool mgmt_powering_down(struct hci_dev *hdev)
6661{
6662 struct pending_cmd *cmd;
6663 struct mgmt_mode *cp;
6664
6665 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6666 if (!cmd)
6667 return false;
6668
6669 cp = cmd->param;
6670 if (!cp->val)
6671 return true;
6672
6673 return false;
6674}
6675
9b80ec5e 6676void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6677 u8 link_type, u8 addr_type, u8 reason,
6678 bool mgmt_connected)
f7520543 6679{
f0d6a0ea 6680 struct mgmt_ev_device_disconnected ev;
8962ee74 6681 struct sock *sk = NULL;
8962ee74 6682
84c61d92
JH		 6683 /* The connection is still in hci_conn_hash so test for 1
6684 * instead of 0 to know if this is the last one.
6685 */
6686 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6687 cancel_delayed_work(&hdev->power_off);
6688 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6689 }
6690
12d4a3b2
JH		 6691 if (!mgmt_connected)
6692 return;
6693
57eb776f
AG		 6694 if (link_type != ACL_LINK && link_type != LE_LINK)
6695 return;
6696
744cf19e 6697 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6698
f0d6a0ea
MA		 6699 bacpy(&ev.addr.bdaddr, bdaddr);
6700 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6701 ev.reason = reason;
f7520543 6702
9b80ec5e 6703 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6704
6705 if (sk)
d97dcb66 6706 sock_put(sk);
8962ee74 6707
124f6e35 6708 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6709 hdev);
8962ee74
JH		 6710}
6711
7892924c
MH		 6712void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6713 u8 link_type, u8 addr_type, u8 status)
8962ee74 6714{
3655bba8
AG		 6715 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6716 struct mgmt_cp_disconnect *cp;
8962ee74 6717 struct pending_cmd *cmd;
8962ee74 6718
36a75f1b
JD		 6719 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6720 hdev);
6721
2e58ef3e 6722 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6723 if (!cmd)
7892924c 6724 return;
8962ee74 6725
3655bba8
AG		 6726 cp = cmd->param;
6727
6728 if (bacmp(bdaddr, &cp->addr.bdaddr))
6729 return;
6730
6731 if (cp->addr.type != bdaddr_type)
6732 return;
6733
f5818c22 6734 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6735 mgmt_pending_remove(cmd);
f7520543 6736}
17d5c04c 6737
445608d0
MH		 6738void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6739 u8 addr_type, u8 status)
17d5c04c
JH		 6740{
6741 struct mgmt_ev_connect_failed ev;
c9910d0f 6742
84c61d92
JH		 6743 /* The connection is still in hci_conn_hash so test for 1
6744 * instead of 0 to know if this is the last one.
6745 */
6746 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6747 cancel_delayed_work(&hdev->power_off);
6748 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6749 }
17d5c04c 6750
4c659c39 6751 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6752 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6753 ev.status = mgmt_status(status);
17d5c04c 6754
445608d0 6755 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6756}
980e1a53 6757
ce0e4a0d 6758void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6759{
6760 struct mgmt_ev_pin_code_request ev;
6761
d8457698 6762 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6763 ev.addr.type = BDADDR_BREDR;
a770bb5a 6764 ev.secure = secure;
980e1a53 6765
ce0e4a0d 6766 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6767}
6768
e669cf80
MH		 6769void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6770 u8 status)
980e1a53
JH		 6771{
6772 struct pending_cmd *cmd;
980e1a53 6773
2e58ef3e 6774 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6775 if (!cmd)
e669cf80 6776 return;
980e1a53 6777
7776d1d8 6778 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6779 mgmt_pending_remove(cmd);
980e1a53
JH		 6780}
6781
3eb38528
MH		 6782void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6783 u8 status)
980e1a53
JH		 6784{
6785 struct pending_cmd *cmd;
980e1a53 6786
2e58ef3e 6787 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6788 if (!cmd)
3eb38528 6789 return;
980e1a53 6790
7776d1d8 6791 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6792 mgmt_pending_remove(cmd);
980e1a53 6793}
a5c29683 6794
744cf19e 6795int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6796 u8 link_type, u8 addr_type, u32 value,
04124681 6797 u8 confirm_hint)
a5c29683
JH		 6798{
6799 struct mgmt_ev_user_confirm_request ev;
6800
744cf19e 6801 BT_DBG("%s", hdev->name);
a5c29683 6802
272d90df 6803 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6804 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6805 ev.confirm_hint = confirm_hint;
39adbffe 6806 ev.value = cpu_to_le32(value);
a5c29683 6807
744cf19e 6808 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6809 NULL);
a5c29683
JH		 6810}
6811
272d90df 6812int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6813 u8 link_type, u8 addr_type)
604086b7
BG		 6814{
6815 struct mgmt_ev_user_passkey_request ev;
6816
6817 BT_DBG("%s", hdev->name);
6818
272d90df 6819 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6820 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6821
6822 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6823 NULL);
604086b7
BG		 6824}
6825
0df4c185 6826static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6827 u8 link_type, u8 addr_type, u8 status,
6828 u8 opcode)
a5c29683
JH		 6829{
6830 struct pending_cmd *cmd;
a5c29683 6831
2e58ef3e 6832 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6833 if (!cmd)
6834 return -ENOENT;
6835
7776d1d8 6836 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6837 mgmt_pending_remove(cmd);
a5c29683 6838
7776d1d8 6839 return 0;
a5c29683
JH		 6840}
6841
744cf19e 6842int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6843 u8 link_type, u8 addr_type, u8 status)
a5c29683 6844{
272d90df 6845 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6846 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6847}
6848
272d90df 6849int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6850 u8 link_type, u8 addr_type, u8 status)
a5c29683 6851{
272d90df 6852 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6853 status,
6854 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6855}
2a611692 6856
604086b7 6857int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6858 u8 link_type, u8 addr_type, u8 status)
604086b7 6859{
272d90df 6860 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6861 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6862}
6863
272d90df 6864int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6865 u8 link_type, u8 addr_type, u8 status)
604086b7 6866{
272d90df 6867 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6868 status,
6869 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6870}
6871
92a25256
JH		 6872int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6873 u8 link_type, u8 addr_type, u32 passkey,
6874 u8 entered)
6875{
6876 struct mgmt_ev_passkey_notify ev;
6877
6878 BT_DBG("%s", hdev->name);
6879
6880 bacpy(&ev.addr.bdaddr, bdaddr);
6881 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6882 ev.passkey = __cpu_to_le32(passkey);
6883 ev.entered = entered;
6884
6885 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6886}
6887
e1e930f5 6888void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 6889{
6890 struct mgmt_ev_auth_failed ev;
e1e930f5
JH		 6891 struct pending_cmd *cmd;
6892 u8 status = mgmt_status(hci_status);
2a611692 6893
e1e930f5
JH		 6894 bacpy(&ev.addr.bdaddr, &conn->dst);
6895 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6896 ev.status = status;
2a611692 6897
e1e930f5
JH		 6898 cmd = find_pairing(conn);
6899
6900 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
6901 cmd ? cmd->sk : NULL);
6902
a511b35b
JH		 6903 if (cmd) {
6904 cmd->cmd_complete(cmd, status);
6905 mgmt_pending_remove(cmd);
6906 }
2a611692 6907}
b312b161 6908
464996ae 6909void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6910{
6911 struct cmd_lookup match = { NULL, hdev };
464996ae 6912 bool changed;
33ef95ed
JH		 6913
6914 if (status) {
6915 u8 mgmt_err = mgmt_status(status);
6916 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6917 cmd_status_rsp, &mgmt_err);
464996ae 6918 return;
33ef95ed
JH		 6919 }
6920
464996ae
MH		 6921 if (test_bit(HCI_AUTH, &hdev->flags))
6922 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6923 &hdev->dev_flags);
6924 else
6925 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6926 &hdev->dev_flags);
47990ea0 6927
33ef95ed 6928 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6929 &match);
33ef95ed 6930
47990ea0 6931 if (changed)
464996ae 6932 new_settings(hdev, match.sk);
33ef95ed
JH		 6933
6934 if (match.sk)
6935 sock_put(match.sk);
33ef95ed
JH		 6936}
6937
890ea898 6938static void clear_eir(struct hci_request *req)
cacaf52f 6939{
890ea898 6940 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6941 struct hci_cp_write_eir cp;
6942
976eb20e 6943 if (!lmp_ext_inq_capable(hdev))
890ea898 6944 return;
cacaf52f 6945
c80da27e
JH		 6946 memset(hdev->eir, 0, sizeof(hdev->eir));
6947
cacaf52f
JH		 6948 memset(&cp, 0, sizeof(cp));
6949
890ea898 6950 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6951}
6952
3e248560 6953void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6954{
6955 struct cmd_lookup match = { NULL, hdev };
890ea898 6956 struct hci_request req;
c0ecddc2 6957 bool changed = false;
ed2c4ee3
JH		 6958
6959 if (status) {
6960 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6961
6962 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6963 &hdev->dev_flags)) {
6964 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6965 new_settings(hdev, NULL);
9ecb3e24 6966 }
c0ecddc2 6967
04124681
GP		 6968 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6969 &mgmt_err);
3e248560 6970 return;
c0ecddc2
JH		 6971 }
6972
6973 if (enable) {
9ecb3e24 6974 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6975 } else {
9ecb3e24
MH		 6976 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6977 if (!changed)
6978 changed = test_and_clear_bit(HCI_HS_ENABLED,
6979 &hdev->dev_flags);
6980 else
6981 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6982 }
6983
6984 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6985
c0ecddc2 6986 if (changed)
3e248560 6987 new_settings(hdev, match.sk);
ed2c4ee3 6988
5fc6ebb1 6989 if (match.sk)
ed2c4ee3
JH		 6990 sock_put(match.sk);
6991
890ea898
JH		 6992 hci_req_init(&req, hdev);
6993
3769972b
JH		 6994 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6995 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6996 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6997 sizeof(enable), &enable);
890ea898 6998 update_eir(&req);
3769972b 6999 } else {
890ea898 7000 clear_eir(&req);
3769972b 7001 }
890ea898
JH		 7002
7003 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7004}
7005
eac83dc6
MH		 7006void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7007{
7008 struct cmd_lookup match = { NULL, hdev };
7009 bool changed = false;
7010
7011 if (status) {
7012 u8 mgmt_err = mgmt_status(status);
7013
0ab04a9c
MH		 7014 if (enable) {
7015 if (test_and_clear_bit(HCI_SC_ENABLED,
7016 &hdev->dev_flags))
7017 new_settings(hdev, NULL);
7018 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
7019 }
eac83dc6
MH		 7020
7021 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
7022 cmd_status_rsp, &mgmt_err);
7023 return;
7024 }
7025
0ab04a9c 7026 if (enable) {
eac83dc6 7027 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 7028 } else {
eac83dc6 7029 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 7030 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
7031 }
eac83dc6
MH		 7032
7033 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
7034 settings_rsp, &match);
7035
7036 if (changed)
7037 new_settings(hdev, match.sk);
7038
7039 if (match.sk)
7040 sock_put(match.sk);
7041}
7042
92da6097 7043static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 7044{
7045 struct cmd_lookup *match = data;
7046
90e70454
JH		 7047 if (match->sk == NULL) {
7048 match->sk = cmd->sk;
7049 sock_hold(match->sk);
7050 }
90e70454
JH		 7051}
7052
4e1b0245
MH		 7053void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7054 u8 status)
7f9a903c 7055{
90e70454 7056 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7057
92da6097
JH		 7058 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7059 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7060 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7061
7062 if (!status)
4e1b0245
MH		 7063 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
7064 NULL);
90e70454
JH		 7065
7066 if (match.sk)
7067 sock_put(match.sk);
7f9a903c
MH		 7068}
7069
7667da34 7070void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7071{
b312b161 7072 struct mgmt_cp_set_local_name ev;
13928971 7073 struct pending_cmd *cmd;
28cc7bde 7074
13928971 7075 if (status)
7667da34 7076 return;
b312b161
JH		 7077
7078 memset(&ev, 0, sizeof(ev));
7079 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7080 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7081
2e58ef3e 7082 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7083 if (!cmd) {
7084 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7085
13928971
JH		 7086 /* If this is a HCI command related to powering on the
7087 * HCI dev don't send any mgmt signals.
7088 */
7089 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7090 return;
890ea898 7091 }
b312b161 7092
7667da34
MH		 7093 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7094 cmd ? cmd->sk : NULL);
b312b161 7095}
c35938b2 7096
4d2d2796 7097void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 7098 u8 *rand192, u8 *hash256, u8 *rand256,
7099 u8 status)
c35938b2
SJ		 7100{
7101 struct pending_cmd *cmd;
c35938b2 7102
744cf19e 7103 BT_DBG("%s status %u", hdev->name, status);
c35938b2 7104
2e58ef3e 7105 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 7106 if (!cmd)
3edaf092 7107 return;
c35938b2
SJ		 7108
7109 if (status) {
3edaf092
MH		 7110 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7111 mgmt_status(status));
c35938b2 7112 } else {
710f11c0 7113 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796
MH		 7114 struct mgmt_rp_read_local_oob_ext_data rp;
7115
7116 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
38da1703 7117 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 7118
4d2d2796 7119 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 7120 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
c35938b2 7121
4d2d2796
MH		 7122 cmd_complete(cmd->sk, hdev->id,
7123 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7124 &rp, sizeof(rp));
7125 } else {
7126 struct mgmt_rp_read_local_oob_data rp;
7127
7128 memcpy(rp.hash, hash192, sizeof(rp.hash));
38da1703 7129 memcpy(rp.rand, rand192, sizeof(rp.rand));
4d2d2796
MH		 7130
7131 cmd_complete(cmd->sk, hdev->id,
7132 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7133 &rp, sizeof(rp));
7134 }
c35938b2
SJ		 7135 }
7136
7137 mgmt_pending_remove(cmd);
c35938b2 7138}
e17acd40 7139
799ce93d
JP		 7140static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7141{
7142 int i;
7143
7144 for (i = 0; i < uuid_count; i++) {
7145 if (!memcmp(uuid, uuids[i], 16))
7146 return true;
7147 }
7148
7149 return false;
7150}
7151
b487b9ce
MH		 7152static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7153{
799ce93d
JP		 7154 u16 parsed = 0;
7155
7156 while (parsed < eir_len) {
7157 u8 field_len = eir[0];
7158 u8 uuid[16];
7159 int i;
7160
7161 if (field_len == 0)
7162 break;
7163
7164 if (eir_len - parsed < field_len + 1)
7165 break;
7166
7167 switch (eir[1]) {
7168 case EIR_UUID16_ALL:
7169 case EIR_UUID16_SOME:
7170 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7171 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7172 uuid[13] = eir[i + 3];
7173 uuid[12] = eir[i + 2];
7174 if (has_uuid(uuid, uuid_count, uuids))
7175 return true;
7176 }
7177 break;
7178 case EIR_UUID32_ALL:
7179 case EIR_UUID32_SOME:
7180 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7181 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7182 uuid[15] = eir[i + 5];
7183 uuid[14] = eir[i + 4];
7184 uuid[13] = eir[i + 3];
7185 uuid[12] = eir[i + 2];
7186 if (has_uuid(uuid, uuid_count, uuids))
7187 return true;
7188 }
7189 break;
7190 case EIR_UUID128_ALL:
7191 case EIR_UUID128_SOME:
7192 for (i = 0; i + 17 <= field_len; i += 16) {
7193 memcpy(uuid, eir + i + 2, 16);
7194 if (has_uuid(uuid, uuid_count, uuids))
7195 return true;
7196 }
7197 break;
7198 }
7199
7200 parsed += field_len + 1;
7201 eir += field_len + 1;
7202 }
7203
b487b9ce
MH		 7204 return false;
7205}
7206
901801b9 7207void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 7208 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7209 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7210{
e319d2e7
JH		 7211 char buf[512];
7212 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 7213 size_t ev_size;
b487b9ce 7214 bool match;
e17acd40 7215
75ce208c
JH		 7216 /* Don't send events for a non-kernel initiated discovery. With
7217 * LE one exception is if we have pend_le_reports > 0 in which
7218 * case we're doing passive scanning and want these events.
7219 */
7220 if (!hci_discovery_active(hdev)) {
7221 if (link_type == ACL_LINK)
7222 return;
66f8455a 7223 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
75ce208c
JH		 7224 return;
7225 }
12602d0c 7226
bda157a4
MH		 7227 /* When using service discovery with a RSSI threshold, then check
7228 * if such a RSSI threshold is specified. If a RSSI threshold has
7229 * been specified, then all results with a RSSI smaller than the
7230 * RSSI threshold will be dropped.
efb2513f
MH		 7231 *
7232 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7233 * the results are also dropped.
bda157a4
MH		 7234 */
7235 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
efb2513f 7236 (rssi < hdev->discovery.rssi || rssi == HCI_RSSI_INVALID))
bda157a4
MH		 7237 return;
7238
5d2e9fad
JH		 7239 /* Make sure that the buffer is big enough. The 5 extra bytes
7240 * are for the potential CoD field.
7241 */
7242 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 7243 return;
7d262f86 7244
1dc06093
JH		 7245 memset(buf, 0, sizeof(buf));
7246
da25cf6a
MH		 7247 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7248 * RSSI value was reported as 0 when not available. This behavior
7249 * is kept when using device discovery. This is required for full
7250 * backwards compatibility with the API.
7251 *
7252 * However when using service discovery, the value 127 will be
7253 * returned when the RSSI is not available.
7254 */
91200e9f
SJ		 7255 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7256 link_type == ACL_LINK)
efb2513f
MH		 7257 rssi = 0;
7258
841c5644
JH		 7259 bacpy(&ev->addr.bdaddr, bdaddr);
7260 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 7261 ev->rssi = rssi;
af58925c 7262 ev->flags = cpu_to_le32(flags);
e17acd40 7263
b487b9ce
MH		 7264 if (eir_len > 0) {
7265 /* When using service discovery and a list of UUID is
7266 * provided, results with no matching UUID should be
7267 * dropped. In case there is a match the result is
7268 * kept and checking possible scan response data
7269 * will be skipped.
7270 */
ea8ae251 7271 if (hdev->discovery.uuid_count > 0)
b487b9ce
MH		 7272 match = eir_has_uuids(eir, eir_len,
7273 hdev->discovery.uuid_count,
7274 hdev->discovery.uuids);
ea8ae251
MH		 7275 else
7276 match = true;
7277
7278 if (!match && !scan_rsp_len)
7279 return;
b487b9ce
MH		 7280
7281 /* Copy EIR or advertising data into event */
e319d2e7 7282 memcpy(ev->eir, eir, eir_len);
b487b9ce
MH		 7283 } else {
7284 /* When using service discovery and a list of UUID is
7285 * provided, results with empty EIR or advertising data
7286 * should be dropped since they do not match any UUID.
7287 */
ea8ae251 7288 if (hdev->discovery.uuid_count > 0 && !scan_rsp_len)
b487b9ce 7289 return;
ea8ae251
MH		 7290
7291 match = false;
b487b9ce 7292 }
e17acd40 7293
1dc06093
JH		 7294 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7295 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 7296 dev_class, 3);
1dc06093 7297
b487b9ce
MH		 7298 if (scan_rsp_len > 0) {
7299 /* When using service discovery and a list of UUID is
7300 * provided, results with no matching UUID should be
7301 * dropped if there is no previous match from the
7302 * advertising data.
7303 */
7304 if (hdev->discovery.uuid_count > 0) {
7305 if (!match && !eir_has_uuids(scan_rsp, scan_rsp_len,
7306 hdev->discovery.uuid_count,
7307 hdev->discovery.uuids))
7308 return;
7309 }
7310
7311 /* Append scan response data to event */
5d2e9fad 7312 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
b487b9ce
MH		 7313 } else {
7314 /* When using service discovery and a list of UUID is
7315 * provided, results with empty scan response and no
7316 * previous matched advertising data should be dropped.
7317 */
7318 if (hdev->discovery.uuid_count > 0 && !match)
7319 return;
7320 }
5d2e9fad
JH		 7321
7322 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7323 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7324
901801b9 7325 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7326}
a88a9652 7327
9cf12aee
MH		 7328void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7329 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7330{
b644ba33
JH		 7331 struct mgmt_ev_device_found *ev;
7332 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7333 u16 eir_len;
a88a9652 7334
b644ba33 7335 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7336
b644ba33
JH		 7337 memset(buf, 0, sizeof(buf));
7338
7339 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7340 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7341 ev->rssi = rssi;
7342
7343 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7344 name_len);
b644ba33 7345
eb55ef07 7346 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7347
9cf12aee 7348 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7349}
314b2381 7350
2f1e063b 7351void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7352{
f963e8e9 7353 struct mgmt_ev_discovering ev;
164a6e78 7354
343fb145
AG		 7355 BT_DBG("%s discovering %u", hdev->name, discovering);
7356
f963e8e9
JH		 7357 memset(&ev, 0, sizeof(ev));
7358 ev.type = hdev->discovery.type;
7359 ev.discovering = discovering;
7360
2f1e063b 7361 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7362}
5e762444 7363
1904a853 7364static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 7365{
7366 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 7367}
7368
7369void mgmt_reenable_advertising(struct hci_dev *hdev)
7370{
7371 struct hci_request req;
7372
5976e608
MH		 7373 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
7374 return;
7375
7376 hci_req_init(&req, hdev);
7377 enable_advertising(&req);
0ec5ae84 7378 hci_req_run(&req, adv_enable_complete);
5976e608 7379}
Linux kernel - Deliverables
This page took 0.800174 seconds and 5 git commands to generate.