projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix NULL pointer dereference when sending data
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
40456644 37#define MGMT_REVISION 5
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 82 MGMT_OP_SET_SECURE_CONN,
4e39ac81 83 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 84 MGMT_OP_SET_PRIVACY,
41edf160 85 MGMT_OP_LOAD_IRKS,
e70bb2e8
JH		 86};
87
88static const u16 mgmt_events[] = {
89 MGMT_EV_CONTROLLER_ERROR,
90 MGMT_EV_INDEX_ADDED,
91 MGMT_EV_INDEX_REMOVED,
92 MGMT_EV_NEW_SETTINGS,
93 MGMT_EV_CLASS_OF_DEV_CHANGED,
94 MGMT_EV_LOCAL_NAME_CHANGED,
95 MGMT_EV_NEW_LINK_KEY,
96 MGMT_EV_NEW_LONG_TERM_KEY,
97 MGMT_EV_DEVICE_CONNECTED,
98 MGMT_EV_DEVICE_DISCONNECTED,
99 MGMT_EV_CONNECT_FAILED,
100 MGMT_EV_PIN_CODE_REQUEST,
101 MGMT_EV_USER_CONFIRM_REQUEST,
102 MGMT_EV_USER_PASSKEY_REQUEST,
103 MGMT_EV_AUTH_FAILED,
104 MGMT_EV_DEVICE_FOUND,
105 MGMT_EV_DISCOVERING,
106 MGMT_EV_DEVICE_BLOCKED,
107 MGMT_EV_DEVICE_UNBLOCKED,
108 MGMT_EV_DEVICE_UNPAIRED,
92a25256 109 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 110 MGMT_EV_NEW_IRK,
e70bb2e8
JH		 111};
112
17b02e62 113#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 114
4b34ee78
JH		 115#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
116 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
117
eec8d2bc
JH		 118struct pending_cmd {
119 struct list_head list;
fc2f4b13 120 u16 opcode;
eec8d2bc 121 int index;
c68fb7ff 122 void *param;
eec8d2bc 123 struct sock *sk;
e9a416b5 124 void *user_data;
eec8d2bc
JH		 125};
126
ca69b795
JH		 127/* HCI to MGMT error code conversion table */
128static u8 mgmt_status_table[] = {
129 MGMT_STATUS_SUCCESS,
130 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
131 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
132 MGMT_STATUS_FAILED, /* Hardware Failure */
133 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
134 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 135 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 136 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
137 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
138 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
139 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
140 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
141 MGMT_STATUS_BUSY, /* Command Disallowed */
142 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
143 MGMT_STATUS_REJECTED, /* Rejected Security */
144 MGMT_STATUS_REJECTED, /* Rejected Personal */
145 MGMT_STATUS_TIMEOUT, /* Host Timeout */
146 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
147 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
148 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
149 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
150 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
151 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
152 MGMT_STATUS_BUSY, /* Repeated Attempts */
153 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
154 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
155 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
156 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
157 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
158 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
159 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
160 MGMT_STATUS_FAILED, /* Unspecified Error */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
162 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
163 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
164 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
165 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
166 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
167 MGMT_STATUS_FAILED, /* Unit Link Key Used */
168 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
169 MGMT_STATUS_TIMEOUT, /* Instant Passed */
170 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
171 MGMT_STATUS_FAILED, /* Transaction Collision */
172 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
173 MGMT_STATUS_REJECTED, /* QoS Rejected */
174 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
175 MGMT_STATUS_REJECTED, /* Insufficient Security */
176 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
177 MGMT_STATUS_BUSY, /* Role Switch Pending */
178 MGMT_STATUS_FAILED, /* Slot Violation */
179 MGMT_STATUS_FAILED, /* Role Switch Failed */
180 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
181 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
182 MGMT_STATUS_BUSY, /* Host Busy Pairing */
183 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
184 MGMT_STATUS_BUSY, /* Controller Busy */
185 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
186 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
187 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
188 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
189 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
190};
191
192static u8 mgmt_status(u8 hci_status)
193{
194 if (hci_status < ARRAY_SIZE(mgmt_status_table))
195 return mgmt_status_table[hci_status];
196
197 return MGMT_STATUS_FAILED;
198}
199
4e51eae9 200static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 201{
202 struct sk_buff *skb;
203 struct mgmt_hdr *hdr;
204 struct mgmt_ev_cmd_status *ev;
56b7d137 205 int err;
f7b64e69 206
34eb525c 207 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 208
790eff44 209 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 210 if (!skb)
211 return -ENOMEM;
212
213 hdr = (void *) skb_put(skb, sizeof(*hdr));
214
612dfce9 215 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 216 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 217 hdr->len = cpu_to_le16(sizeof(*ev));
218
219 ev = (void *) skb_put(skb, sizeof(*ev));
220 ev->status = status;
eb55ef07 221 ev->opcode = cpu_to_le16(cmd);
f7b64e69 222
56b7d137
GP		 223 err = sock_queue_rcv_skb(sk, skb);
224 if (err < 0)
f7b64e69
JH		 225 kfree_skb(skb);
226
56b7d137 227 return err;
f7b64e69
JH		 228}
229
aee9b218 230static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 231 void *rp, size_t rp_len)
02d98129
JH		 232{
233 struct sk_buff *skb;
234 struct mgmt_hdr *hdr;
235 struct mgmt_ev_cmd_complete *ev;
56b7d137 236 int err;
02d98129
JH		 237
238 BT_DBG("sock %p", sk);
239
790eff44 240 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 241 if (!skb)
242 return -ENOMEM;
243
244 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 245
612dfce9 246 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 247 hdr->index = cpu_to_le16(index);
a38528f1 248 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 249
a38528f1 250 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 251 ev->opcode = cpu_to_le16(cmd);
aee9b218 252 ev->status = status;
8020c16a
SJ		 253
254 if (rp)
255 memcpy(ev->data, rp, rp_len);
02d98129 256
56b7d137
GP		 257 err = sock_queue_rcv_skb(sk, skb);
258 if (err < 0)
02d98129
JH		 259 kfree_skb(skb);
260
e5f0e151 261 return err;
02d98129
JH		 262}
263
04124681
GP		 264static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
265 u16 data_len)
a38528f1
JH		 266{
267 struct mgmt_rp_read_version rp;
268
269 BT_DBG("sock %p", sk);
270
271 rp.version = MGMT_VERSION;
eb55ef07 272 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 273
aee9b218 274 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 275 sizeof(rp));
a38528f1
JH		 276}
277
04124681
GP		 278static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
279 u16 data_len)
e70bb2e8
JH		 280{
281 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 282 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
283 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 284 __le16 *opcode;
e70bb2e8
JH		 285 size_t rp_size;
286 int i, err;
287
288 BT_DBG("sock %p", sk);
289
290 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
291
292 rp = kmalloc(rp_size, GFP_KERNEL);
293 if (!rp)
294 return -ENOMEM;
295
eb55ef07
MH		 296 rp->num_commands = __constant_cpu_to_le16(num_commands);
297 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 298
299 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
300 put_unaligned_le16(mgmt_commands[i], opcode);
301
302 for (i = 0; i < num_events; i++, opcode++)
303 put_unaligned_le16(mgmt_events[i], opcode);
304
aee9b218 305 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 306 rp_size);
e70bb2e8
JH		 307 kfree(rp);
308
309 return err;
310}
311
04124681
GP		 312static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
313 u16 data_len)
faba42eb 314{
faba42eb 315 struct mgmt_rp_read_index_list *rp;
8035ded4 316 struct hci_dev *d;
a38528f1 317 size_t rp_len;
faba42eb 318 u16 count;
476e44cb 319 int err;
faba42eb
JH		 320
321 BT_DBG("sock %p", sk);
322
323 read_lock(&hci_dev_list_lock);
324
325 count = 0;
bb4b2a9a 326 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 327 if (d->dev_type == HCI_BREDR)
328 count++;
faba42eb
JH		 329 }
330
a38528f1
JH		 331 rp_len = sizeof(*rp) + (2 * count);
332 rp = kmalloc(rp_len, GFP_ATOMIC);
333 if (!rp) {
b2c60d42 334 read_unlock(&hci_dev_list_lock);
faba42eb 335 return -ENOMEM;
b2c60d42 336 }
faba42eb 337
476e44cb 338 count = 0;
8035ded4 339 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 340 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 341 continue;
342
0736cfa8
MH		 343 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
344 continue;
345
1514b892
MH		 346 if (d->dev_type == HCI_BREDR) {
347 rp->index[count++] = cpu_to_le16(d->id);
348 BT_DBG("Added hci%u", d->id);
349 }
faba42eb
JH		 350 }
351
476e44cb
JH		 352 rp->num_controllers = cpu_to_le16(count);
353 rp_len = sizeof(*rp) + (2 * count);
354
faba42eb
JH		 355 read_unlock(&hci_dev_list_lock);
356
aee9b218 357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 358 rp_len);
faba42eb 359
a38528f1
JH		 360 kfree(rp);
361
362 return err;
faba42eb
JH		 363}
364
69ab39ea
JH		 365static u32 get_supported_settings(struct hci_dev *hdev)
366{
367 u32 settings = 0;
368
369 settings |= MGMT_SETTING_POWERED;
69ab39ea 370 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 371 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 372
ed3fa31f 373 if (lmp_bredr_capable(hdev)) {
33c525c0 374 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 375 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
376 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 377 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 378 settings |= MGMT_SETTING_BREDR;
379 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 380
381 if (lmp_ssp_capable(hdev)) {
382 settings |= MGMT_SETTING_SSP;
383 settings |= MGMT_SETTING_HS;
384 }
e98d2ce2 385
5afeac14
MH		 386 if (lmp_sc_capable(hdev) ||
387 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
e98d2ce2 388 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 389 }
d7b7e796 390
eeca6f89 391 if (lmp_le_capable(hdev)) {
9d42820f 392 settings |= MGMT_SETTING_LE;
eeca6f89 393 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 394 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 395 }
69ab39ea
JH		 396
397 return settings;
398}
399
400static u32 get_current_settings(struct hci_dev *hdev)
401{
402 u32 settings = 0;
403
f1f0eb02 404 if (hdev_is_powered(hdev))
f0d4b78a
MH		 405 settings |= MGMT_SETTING_POWERED;
406
5e5282bb 407 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 408 settings |= MGMT_SETTING_CONNECTABLE;
409
1a4d3c4b
JH		 410 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
411 settings |= MGMT_SETTING_FAST_CONNECTABLE;
412
5e5282bb 413 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 414 settings |= MGMT_SETTING_DISCOVERABLE;
415
a8b2d5c2 416 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_PAIRABLE;
418
56f87901 419 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_BREDR;
421
06199cf8 422 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 423 settings |= MGMT_SETTING_LE;
424
47990ea0 425 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 426 settings |= MGMT_SETTING_LINK_SECURITY;
427
84bde9d6 428 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 429 settings |= MGMT_SETTING_SSP;
430
6d80dfd0
JH		 431 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
432 settings |= MGMT_SETTING_HS;
433
f3d3444a 434 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 435 settings |= MGMT_SETTING_ADVERTISING;
436
e98d2ce2
MH		 437 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
438 settings |= MGMT_SETTING_SECURE_CONN;
439
b1de97d8
MH		 440 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
441 settings |= MGMT_SETTING_DEBUG_KEYS;
442
0f4bd942
JH		 443 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
444 settings |= MGMT_SETTING_PRIVACY;
445
69ab39ea
JH		 446 return settings;
447}
448
ef580372
JH		 449#define PNP_INFO_SVCLASS_ID 0x1200
450
213202ed
JH		 451static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
452{
453 u8 *ptr = data, *uuids_start = NULL;
454 struct bt_uuid *uuid;
455
456 if (len < 4)
457 return ptr;
458
459 list_for_each_entry(uuid, &hdev->uuids, list) {
460 u16 uuid16;
461
462 if (uuid->size != 16)
463 continue;
464
465 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
466 if (uuid16 < 0x1100)
467 continue;
468
469 if (uuid16 == PNP_INFO_SVCLASS_ID)
470 continue;
471
472 if (!uuids_start) {
473 uuids_start = ptr;
474 uuids_start[0] = 1;
475 uuids_start[1] = EIR_UUID16_ALL;
476 ptr += 2;
477 }
478
479 /* Stop if not enough space to put next UUID */
480 if ((ptr - data) + sizeof(u16) > len) {
481 uuids_start[1] = EIR_UUID16_SOME;
482 break;
483 }
484
485 *ptr++ = (uuid16 & 0x00ff);
486 *ptr++ = (uuid16 & 0xff00) >> 8;
487 uuids_start[0] += sizeof(uuid16);
488 }
489
490 return ptr;
491}
492
cdf1963f
JH		 493static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
494{
495 u8 *ptr = data, *uuids_start = NULL;
496 struct bt_uuid *uuid;
497
498 if (len < 6)
499 return ptr;
500
501 list_for_each_entry(uuid, &hdev->uuids, list) {
502 if (uuid->size != 32)
503 continue;
504
505 if (!uuids_start) {
506 uuids_start = ptr;
507 uuids_start[0] = 1;
508 uuids_start[1] = EIR_UUID32_ALL;
509 ptr += 2;
510 }
511
512 /* Stop if not enough space to put next UUID */
513 if ((ptr - data) + sizeof(u32) > len) {
514 uuids_start[1] = EIR_UUID32_SOME;
515 break;
516 }
517
518 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
519 ptr += sizeof(u32);
520 uuids_start[0] += sizeof(u32);
521 }
522
523 return ptr;
524}
525
c00d575b
JH		 526static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
527{
528 u8 *ptr = data, *uuids_start = NULL;
529 struct bt_uuid *uuid;
530
531 if (len < 18)
532 return ptr;
533
534 list_for_each_entry(uuid, &hdev->uuids, list) {
535 if (uuid->size != 128)
536 continue;
537
538 if (!uuids_start) {
539 uuids_start = ptr;
540 uuids_start[0] = 1;
541 uuids_start[1] = EIR_UUID128_ALL;
542 ptr += 2;
543 }
544
545 /* Stop if not enough space to put next UUID */
546 if ((ptr - data) + 16 > len) {
547 uuids_start[1] = EIR_UUID128_SOME;
548 break;
549 }
550
551 memcpy(ptr, uuid->uuid, 16);
552 ptr += 16;
553 uuids_start[0] += 16;
554 }
555
556 return ptr;
557}
558
eb2a8d20
JH		 559static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
560{
561 struct pending_cmd *cmd;
562
563 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
564 if (cmd->opcode == opcode)
565 return cmd;
566 }
567
568 return NULL;
569}
570
f14d8f64
MH		 571static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
572{
7a5f4990
MH		 573 u8 ad_len = 0;
574 size_t name_len;
575
576 name_len = strlen(hdev->dev_name);
577 if (name_len > 0) {
578 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
579
580 if (name_len > max_len) {
581 name_len = max_len;
582 ptr[1] = EIR_NAME_SHORT;
583 } else
584 ptr[1] = EIR_NAME_COMPLETE;
585
586 ptr[0] = name_len + 1;
587
588 memcpy(ptr + 2, hdev->dev_name, name_len);
589
590 ad_len += (name_len + 2);
591 ptr += (name_len + 2);
592 }
593
594 return ad_len;
f14d8f64
MH		 595}
596
597static void update_scan_rsp_data(struct hci_request *req)
598{
599 struct hci_dev *hdev = req->hdev;
600 struct hci_cp_le_set_scan_rsp_data cp;
601 u8 len;
602
7751ef1b 603 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 604 return;
605
606 memset(&cp, 0, sizeof(cp));
607
608 len = create_scan_rsp_data(hdev, cp.data);
609
eb438b5f
JH		 610 if (hdev->scan_rsp_data_len == len &&
611 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 612 return;
613
eb438b5f
JH		 614 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
615 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 616
617 cp.length = len;
618
619 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
620}
621
9a43e25f
JH		 622static u8 get_adv_discov_flags(struct hci_dev *hdev)
623{
624 struct pending_cmd *cmd;
625
626 /* If there's a pending mgmt command the flags will not yet have
627 * their final values, so check for this first.
628 */
629 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
630 if (cmd) {
631 struct mgmt_mode *cp = cmd->param;
632 if (cp->val == 0x01)
633 return LE_AD_GENERAL;
634 else if (cp->val == 0x02)
635 return LE_AD_LIMITED;
636 } else {
637 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
638 return LE_AD_LIMITED;
639 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
640 return LE_AD_GENERAL;
641 }
642
643 return 0;
644}
645
46cad2ed 646static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 647{
648 u8 ad_len = 0, flags = 0;
441ad2d0 649
9a43e25f 650 flags |= get_adv_discov_flags(hdev);
441ad2d0 651
e834004b 652 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 653 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 654
655 if (flags) {
656 BT_DBG("adv flags 0x%02x", flags);
657
658 ptr[0] = 2;
659 ptr[1] = EIR_FLAGS;
660 ptr[2] = flags;
661
662 ad_len += 3;
663 ptr += 3;
664 }
665
666 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
667 ptr[0] = 2;
668 ptr[1] = EIR_TX_POWER;
669 ptr[2] = (u8) hdev->adv_tx_power;
670
671 ad_len += 3;
672 ptr += 3;
673 }
674
441ad2d0
MH		 675 return ad_len;
676}
677
5947f4bc 678static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 679{
680 struct hci_dev *hdev = req->hdev;
681 struct hci_cp_le_set_adv_data cp;
682 u8 len;
683
10994ce6 684 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 685 return;
686
687 memset(&cp, 0, sizeof(cp));
688
46cad2ed 689 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 690
691 if (hdev->adv_data_len == len &&
692 memcmp(cp.data, hdev->adv_data, len) == 0)
693 return;
694
695 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
696 hdev->adv_data_len = len;
697
698 cp.length = len;
699
700 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
701}
702
ef580372
JH		 703static void create_eir(struct hci_dev *hdev, u8 *data)
704{
705 u8 *ptr = data;
ef580372
JH		 706 size_t name_len;
707
708 name_len = strlen(hdev->dev_name);
709
710 if (name_len > 0) {
711 /* EIR Data type */
712 if (name_len > 48) {
713 name_len = 48;
714 ptr[1] = EIR_NAME_SHORT;
715 } else
716 ptr[1] = EIR_NAME_COMPLETE;
717
718 /* EIR Data length */
719 ptr[0] = name_len + 1;
720
721 memcpy(ptr + 2, hdev->dev_name, name_len);
722
ef580372
JH		 723 ptr += (name_len + 2);
724 }
725
bbaf444a 726 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 727 ptr[0] = 2;
728 ptr[1] = EIR_TX_POWER;
729 ptr[2] = (u8) hdev->inq_tx_power;
730
91c4e9b1
MH		 731 ptr += 3;
732 }
733
2b9be137
MH		 734 if (hdev->devid_source > 0) {
735 ptr[0] = 9;
736 ptr[1] = EIR_DEVICE_ID;
737
738 put_unaligned_le16(hdev->devid_source, ptr + 2);
739 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
740 put_unaligned_le16(hdev->devid_product, ptr + 6);
741 put_unaligned_le16(hdev->devid_version, ptr + 8);
742
2b9be137
MH		 743 ptr += 10;
744 }
745
213202ed 746 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 747 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 748 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 749}
750
890ea898 751static void update_eir(struct hci_request *req)
ef580372 752{
890ea898 753 struct hci_dev *hdev = req->hdev;
ef580372
JH		 754 struct hci_cp_write_eir cp;
755
504c8dcd 756 if (!hdev_is_powered(hdev))
890ea898 757 return;
7770c4aa 758
976eb20e 759 if (!lmp_ext_inq_capable(hdev))
890ea898 760 return;
ef580372 761
84bde9d6 762 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 763 return;
ef580372 764
a8b2d5c2 765 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 766 return;
ef580372
JH		 767
768 memset(&cp, 0, sizeof(cp));
769
770 create_eir(hdev, cp.data);
771
772 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 773 return;
ef580372
JH		 774
775 memcpy(hdev->eir, cp.data, sizeof(cp.data));
776
890ea898 777 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 778}
779
780static u8 get_service_classes(struct hci_dev *hdev)
781{
782 struct bt_uuid *uuid;
783 u8 val = 0;
784
785 list_for_each_entry(uuid, &hdev->uuids, list)
786 val |= uuid->svc_hint;
787
788 return val;
789}
790
890ea898 791static void update_class(struct hci_request *req)
ef580372 792{
890ea898 793 struct hci_dev *hdev = req->hdev;
ef580372
JH		 794 u8 cod[3];
795
796 BT_DBG("%s", hdev->name);
797
504c8dcd 798 if (!hdev_is_powered(hdev))
890ea898 799 return;
7770c4aa 800
f87ea1da
JH		 801 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
802 return;
803
a8b2d5c2 804 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 805 return;
ef580372
JH		 806
807 cod[0] = hdev->minor_class;
808 cod[1] = hdev->major_class;
809 cod[2] = get_service_classes(hdev);
810
6acd7db4
MH		 811 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
812 cod[1] |= 0x20;
813
ef580372 814 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 815 return;
ef580372 816
890ea898 817 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 818}
819
199a2fb1
JH		 820static u8 get_adv_type(struct hci_dev *hdev)
821{
822 struct pending_cmd *cmd;
823 bool connectable;
824
825 /* If there's a pending mgmt command the flag will not yet have
826 * it's final value, so check for this first.
827 */
828 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
829 if (cmd) {
830 struct mgmt_mode *cp = cmd->param;
831 connectable = !!cp->val;
832 } else {
833 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
834 }
835
836 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
837}
838
839static void enable_advertising(struct hci_request *req)
840{
841 struct hci_dev *hdev = req->hdev;
842 struct hci_cp_le_set_adv_param cp;
8f2a0601 843 u8 own_addr_type, enable = 0x01;
41c90c18 844 bool require_privacy;
199a2fb1 845
41c90c18 846 require_privacy = !test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
8f2a0601 847
41c90c18 848 if (hci_update_random_address(req, require_privacy, &own_addr_type) < 0)
8f2a0601
JH		 849 return;
850
41c90c18 851 memset(&cp, 0, sizeof(cp));
199a2fb1
JH		 852 cp.min_interval = __constant_cpu_to_le16(0x0800);
853 cp.max_interval = __constant_cpu_to_le16(0x0800);
854 cp.type = get_adv_type(hdev);
8f2a0601 855 cp.own_address_type = own_addr_type;
199a2fb1
JH		 856 cp.channel_map = hdev->le_adv_channel_map;
857
858 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
859
860 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
861}
862
863static void disable_advertising(struct hci_request *req)
864{
865 u8 enable = 0x00;
866
867 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
868}
869
7d78525d
JH		 870static void service_cache_off(struct work_struct *work)
871{
872 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 873 service_cache.work);
890ea898 874 struct hci_request req;
7d78525d 875
a8b2d5c2 876 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 877 return;
878
890ea898
JH		 879 hci_req_init(&req, hdev);
880
7d78525d
JH		 881 hci_dev_lock(hdev);
882
890ea898
JH		 883 update_eir(&req);
884 update_class(&req);
7d78525d
JH		 885
886 hci_dev_unlock(hdev);
890ea898
JH		 887
888 hci_req_run(&req, NULL);
7d78525d
JH		 889}
890
d6bfd59c
JH		 891static void rpa_expired(struct work_struct *work)
892{
893 struct hci_dev *hdev = container_of(work, struct hci_dev,
894 rpa_expired.work);
895 struct hci_request req;
896
897 BT_DBG("");
898
899 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
900
901 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
902 hci_conn_num(hdev, LE_LINK) > 0)
903 return;
904
905 /* The generation of a new RPA and programming it into the
906 * controller happens in the enable_advertising() function.
907 */
908
909 hci_req_init(&req, hdev);
910
911 disable_advertising(&req);
912 enable_advertising(&req);
913
914 hci_req_run(&req, NULL);
915}
916
6a919082 917static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 918{
4f87da80 919 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 920 return;
921
4f87da80 922 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 923 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 924
4f87da80
JH		 925 /* Non-mgmt controlled devices get this bit set
926 * implicitly so that pairing works for them, however
927 * for mgmt we require user-space to explicitly enable
928 * it
929 */
930 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 931}
932
0f4e68cf 933static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 934 void *data, u16 data_len)
0381101f 935{
a38528f1 936 struct mgmt_rp_read_info rp;
f7b64e69 937
bdb6d971 938 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 939
09fd0de5 940 hci_dev_lock(hdev);
f7b64e69 941
dc4fe30b
JH		 942 memset(&rp, 0, sizeof(rp));
943
69ab39ea 944 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 945
69ab39ea 946 rp.version = hdev->hci_ver;
eb55ef07 947 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 948
949 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
950 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 951
a38528f1 952 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 953
dc4fe30b 954 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 955 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 956
09fd0de5 957 hci_dev_unlock(hdev);
0381101f 958
bdb6d971 959 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 960 sizeof(rp));
0381101f
JH		 961}
962
eec8d2bc
JH		 963static void mgmt_pending_free(struct pending_cmd *cmd)
964{
965 sock_put(cmd->sk);
c68fb7ff 966 kfree(cmd->param);
eec8d2bc
JH		 967 kfree(cmd);
968}
969
366a0336 970static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 971 struct hci_dev *hdev, void *data,
972 u16 len)
eec8d2bc
JH		 973{
974 struct pending_cmd *cmd;
975
12b94565 976 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 977 if (!cmd)
366a0336 978 return NULL;
eec8d2bc
JH		 979
980 cmd->opcode = opcode;
2e58ef3e 981 cmd->index = hdev->id;
eec8d2bc 982
12b94565 983 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 984 if (!cmd->param) {
eec8d2bc 985 kfree(cmd);
366a0336 986 return NULL;
eec8d2bc
JH		 987 }
988
8fce6357
SJ		 989 if (data)
990 memcpy(cmd->param, data, len);
eec8d2bc
JH		 991
992 cmd->sk = sk;
993 sock_hold(sk);
994
2e58ef3e 995 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 996
366a0336 997 return cmd;
eec8d2bc
JH		 998}
999
744cf19e 1000static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1001 void (*cb)(struct pending_cmd *cmd,
1002 void *data),
04124681 1003 void *data)
eec8d2bc 1004{
a3d09356 1005 struct pending_cmd *cmd, *tmp;
eec8d2bc 1006
a3d09356 1007 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1008 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1009 continue;
1010
eec8d2bc
JH		 1011 cb(cmd, data);
1012 }
1013}
1014
a664b5bc 1015static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1016{
73f22f62
JH		 1017 list_del(&cmd->list);
1018 mgmt_pending_free(cmd);
1019}
1020
69ab39ea 1021static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1022{
69ab39ea 1023 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1024
aee9b218 1025 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1026 sizeof(settings));
8680570b
JH		 1027}
1028
8b064a3a
JH		 1029static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1030{
1031 BT_DBG("%s status 0x%02x", hdev->name, status);
1032
1033 if (hci_conn_count(hdev) == 0)
1034 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1035}
1036
1037static int clean_up_hci_state(struct hci_dev *hdev)
1038{
1039 struct hci_request req;
1040 struct hci_conn *conn;
1041
1042 hci_req_init(&req, hdev);
1043
1044 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1045 test_bit(HCI_PSCAN, &hdev->flags)) {
1046 u8 scan = 0x00;
1047 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1048 }
1049
1050 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1051 disable_advertising(&req);
1052
1053 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
1054 struct hci_cp_le_set_scan_enable cp;
1055
1056 memset(&cp, 0, sizeof(cp));
1057 cp.enable = LE_SCAN_DISABLE;
1058 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1059 }
1060
1061 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1062 struct hci_cp_disconnect dc;
1063
1064 dc.handle = cpu_to_le16(conn->handle);
1065 dc.reason = 0x15; /* Terminated due to Power Off */
1066 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1067 }
1068
1069 return hci_req_run(&req, clean_up_hci_complete);
1070}
1071
bdb6d971 1072static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1073 u16 len)
eec8d2bc 1074{
650f726d 1075 struct mgmt_mode *cp = data;
366a0336 1076 struct pending_cmd *cmd;
4b34ee78 1077 int err;
eec8d2bc 1078
bdb6d971 1079 BT_DBG("request for %s", hdev->name);
eec8d2bc 1080
a7e80f25
JH		 1081 if (cp->val != 0x00 && cp->val != 0x01)
1082 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1083 MGMT_STATUS_INVALID_PARAMS);
1084
09fd0de5 1085 hci_dev_lock(hdev);
eec8d2bc 1086
87b95ba6
JH		 1087 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1088 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1089 MGMT_STATUS_BUSY);
1090 goto failed;
1091 }
1092
f0d4b78a
MH		 1093 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1094 cancel_delayed_work(&hdev->power_off);
1095
1096 if (cp->val) {
a1d70450
JH		 1097 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1098 data, len);
1099 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1100 goto failed;
1101 }
1102 }
1103
4b34ee78 1104 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1105 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1106 goto failed;
1107 }
1108
2e58ef3e 1109 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1110 if (!cmd) {
1111 err = -ENOMEM;
eec8d2bc 1112 goto failed;
366a0336 1113 }
eec8d2bc 1114
8b064a3a 1115 if (cp->val) {
19202573 1116 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1117 err = 0;
1118 } else {
1119 /* Disconnect connections, stop scans, etc */
1120 err = clean_up_hci_state(hdev);
eec8d2bc 1121
8b064a3a
JH		 1122 /* ENODATA means there were no HCI commands queued */
1123 if (err == -ENODATA) {
1124 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1125 err = 0;
1126 }
1127 }
eec8d2bc
JH		 1128
1129failed:
09fd0de5 1130 hci_dev_unlock(hdev);
366a0336 1131 return err;
eec8d2bc
JH		 1132}
1133
04124681
GP		 1134static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1135 struct sock *skip_sk)
beadb2bd
JH		 1136{
1137 struct sk_buff *skb;
1138 struct mgmt_hdr *hdr;
1139
790eff44 1140 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1141 if (!skb)
1142 return -ENOMEM;
1143
1144 hdr = (void *) skb_put(skb, sizeof(*hdr));
1145 hdr->opcode = cpu_to_le16(event);
1146 if (hdev)
1147 hdr->index = cpu_to_le16(hdev->id);
1148 else
612dfce9 1149 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1150 hdr->len = cpu_to_le16(data_len);
1151
1152 if (data)
1153 memcpy(skb_put(skb, data_len), data, data_len);
1154
97e0bdeb
MH		 1155 /* Time stamp */
1156 __net_timestamp(skb);
1157
beadb2bd
JH		 1158 hci_send_to_control(skb, skip_sk);
1159 kfree_skb(skb);
1160
1161 return 0;
1162}
1163
1164static int new_settings(struct hci_dev *hdev, struct sock *skip)
1165{
1166 __le32 ev;
1167
1168 ev = cpu_to_le32(get_current_settings(hdev));
1169
1170 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1171}
1172
bd99abdd
JH		 1173struct cmd_lookup {
1174 struct sock *sk;
1175 struct hci_dev *hdev;
1176 u8 mgmt_status;
1177};
1178
1179static void settings_rsp(struct pending_cmd *cmd, void *data)
1180{
1181 struct cmd_lookup *match = data;
1182
1183 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1184
1185 list_del(&cmd->list);
1186
1187 if (match->sk == NULL) {
1188 match->sk = cmd->sk;
1189 sock_hold(match->sk);
1190 }
1191
1192 mgmt_pending_free(cmd);
1193}
1194
1195static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1196{
1197 u8 *status = data;
1198
1199 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1200 mgmt_pending_remove(cmd);
1201}
1202
e6fe7986
JH		 1203static u8 mgmt_bredr_support(struct hci_dev *hdev)
1204{
1205 if (!lmp_bredr_capable(hdev))
1206 return MGMT_STATUS_NOT_SUPPORTED;
1207 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1208 return MGMT_STATUS_REJECTED;
1209 else
1210 return MGMT_STATUS_SUCCESS;
1211}
1212
1213static u8 mgmt_le_support(struct hci_dev *hdev)
1214{
1215 if (!lmp_le_capable(hdev))
1216 return MGMT_STATUS_NOT_SUPPORTED;
1217 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1218 return MGMT_STATUS_REJECTED;
1219 else
1220 return MGMT_STATUS_SUCCESS;
1221}
1222
bfaf8c9f
JH		 1223static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1224{
1225 struct pending_cmd *cmd;
1226 struct mgmt_mode *cp;
970ba524 1227 struct hci_request req;
bfaf8c9f
JH		 1228 bool changed;
1229
1230 BT_DBG("status 0x%02x", status);
1231
1232 hci_dev_lock(hdev);
1233
1234 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1235 if (!cmd)
1236 goto unlock;
1237
1238 if (status) {
1239 u8 mgmt_err = mgmt_status(status);
1240 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1241 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1242 goto remove_cmd;
1243 }
1244
1245 cp = cmd->param;
d4462a07 1246 if (cp->val) {
bfaf8c9f
JH		 1247 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1248 &hdev->dev_flags);
d4462a07
MH		 1249
1250 if (hdev->discov_timeout > 0) {
1251 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1252 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1253 to);
1254 }
1255 } else {
bfaf8c9f
JH		 1256 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1257 &hdev->dev_flags);
d4462a07 1258 }
bfaf8c9f
JH		 1259
1260 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1261
1262 if (changed)
1263 new_settings(hdev, cmd->sk);
1264
970ba524
MH		 1265 /* When the discoverable mode gets changed, make sure
1266 * that class of device has the limited discoverable
1267 * bit correctly set.
1268 */
1269 hci_req_init(&req, hdev);
1270 update_class(&req);
1271 hci_req_run(&req, NULL);
1272
bfaf8c9f
JH		 1273remove_cmd:
1274 mgmt_pending_remove(cmd);
1275
1276unlock:
1277 hci_dev_unlock(hdev);
1278}
1279
bdb6d971 1280static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1281 u16 len)
73f22f62 1282{
650f726d 1283 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1284 struct pending_cmd *cmd;
bfaf8c9f 1285 struct hci_request req;
5e5282bb 1286 u16 timeout;
9a43e25f 1287 u8 scan;
73f22f62
JH		 1288 int err;
1289
bdb6d971 1290 BT_DBG("request for %s", hdev->name);
73f22f62 1291
9a43e25f
JH		 1292 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1293 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1294 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1295 MGMT_STATUS_REJECTED);
33c525c0 1296
310a3d48 1297 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1298 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1299 MGMT_STATUS_INVALID_PARAMS);
1300
1f350c87 1301 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1302
1303 /* Disabling discoverable requires that no timeout is set,
1304 * and enabling limited discoverable requires a timeout.
1305 */
1306 if ((cp->val == 0x00 && timeout > 0) ||
1307 (cp->val == 0x02 && timeout == 0))
bdb6d971 1308 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1309 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1310
09fd0de5 1311 hci_dev_lock(hdev);
73f22f62 1312
5e5282bb 1313 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1314 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1315 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1316 goto failed;
1317 }
1318
2e58ef3e 1319 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1320 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1321 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1322 MGMT_STATUS_BUSY);
73f22f62
JH		 1323 goto failed;
1324 }
1325
5e5282bb 1326 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1327 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1328 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1329 goto failed;
1330 }
1331
1332 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1333 bool changed = false;
1334
310a3d48
MH		 1335 /* Setting limited discoverable when powered off is
1336 * not a valid operation since it requires a timeout
1337 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1338 */
0224d2fa
JH		 1339 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1340 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1341 changed = true;
1342 }
1343
5e5282bb 1344 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1345 if (err < 0)
1346 goto failed;
1347
1348 if (changed)
1349 err = new_settings(hdev, sk);
1350
5e5282bb
JH		 1351 goto failed;
1352 }
1353
310a3d48
MH		 1354 /* If the current mode is the same, then just update the timeout
1355 * value with the new value. And if only the timeout gets updated,
1356 * then no need for any HCI transactions.
1357 */
1358 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1359 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1360 &hdev->dev_flags)) {
36261547
MH		 1361 cancel_delayed_work(&hdev->discov_off);
1362 hdev->discov_timeout = timeout;
955638ec 1363
36261547
MH		 1364 if (cp->val && hdev->discov_timeout > 0) {
1365 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1366 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1367 to);
955638ec
MH		 1368 }
1369
69ab39ea 1370 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1371 goto failed;
1372 }
1373
2e58ef3e 1374 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1375 if (!cmd) {
1376 err = -ENOMEM;
73f22f62 1377 goto failed;
366a0336 1378 }
73f22f62 1379
310a3d48
MH		 1380 /* Cancel any potential discoverable timeout that might be
1381 * still active and store new timeout value. The arming of
1382 * the timeout happens in the complete handler.
1383 */
1384 cancel_delayed_work(&hdev->discov_off);
1385 hdev->discov_timeout = timeout;
1386
b456f87c
JH		 1387 /* Limited discoverable mode */
1388 if (cp->val == 0x02)
1389 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1390 else
1391 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1392
bfaf8c9f
JH		 1393 hci_req_init(&req, hdev);
1394
9a43e25f
JH		 1395 /* The procedure for LE-only controllers is much simpler - just
1396 * update the advertising data.
1397 */
1398 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1399 goto update_ad;
1400
73f22f62
JH		 1401 scan = SCAN_PAGE;
1402
310a3d48
MH		 1403 if (cp->val) {
1404 struct hci_cp_write_current_iac_lap hci_cp;
1405
1406 if (cp->val == 0x02) {
1407 /* Limited discoverable mode */
33337dcb 1408 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1409 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1410 hci_cp.iac_lap[1] = 0x8b;
1411 hci_cp.iac_lap[2] = 0x9e;
1412 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1413 hci_cp.iac_lap[4] = 0x8b;
1414 hci_cp.iac_lap[5] = 0x9e;
1415 } else {
1416 /* General discoverable mode */
310a3d48
MH		 1417 hci_cp.num_iac = 1;
1418 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1419 hci_cp.iac_lap[1] = 0x8b;
1420 hci_cp.iac_lap[2] = 0x9e;
1421 }
1422
1423 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1424 (hci_cp.num_iac * 3) + 1, &hci_cp);
1425
73f22f62 1426 scan |= SCAN_INQUIRY;
310a3d48
MH		 1427 } else {
1428 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1429 }
73f22f62 1430
310a3d48 1431 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1432
9a43e25f
JH		 1433update_ad:
1434 update_adv_data(&req);
1435
bfaf8c9f 1436 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1437 if (err < 0)
a664b5bc 1438 mgmt_pending_remove(cmd);
73f22f62
JH		 1439
1440failed:
09fd0de5 1441 hci_dev_unlock(hdev);
73f22f62
JH		 1442 return err;
1443}
1444
406d7804
JH		 1445static void write_fast_connectable(struct hci_request *req, bool enable)
1446{
bd98b996 1447 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1448 struct hci_cp_write_page_scan_activity acp;
1449 u8 type;
1450
547003b1
JH		 1451 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1452 return;
1453
4c01f8b8
JH		 1454 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1455 return;
1456
406d7804
JH		 1457 if (enable) {
1458 type = PAGE_SCAN_TYPE_INTERLACED;
1459
1460 /* 160 msec page scan interval */
1461 acp.interval = __constant_cpu_to_le16(0x0100);
1462 } else {
1463 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1464
1465 /* default 1.28 sec page scan */
1466 acp.interval = __constant_cpu_to_le16(0x0800);
1467 }
1468
1469 acp.window = __constant_cpu_to_le16(0x0012);
1470
bd98b996
JH		 1471 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1472 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1473 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1474 sizeof(acp), &acp);
1475
1476 if (hdev->page_scan_type != type)
1477 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1478}
1479
2b76f453
JH		 1480static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1481{
1482 struct pending_cmd *cmd;
d7b856f9
JH		 1483 struct mgmt_mode *cp;
1484 bool changed;
2b76f453
JH		 1485
1486 BT_DBG("status 0x%02x", status);
1487
1488 hci_dev_lock(hdev);
1489
1490 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1491 if (!cmd)
1492 goto unlock;
1493
37438c1f
JH		 1494 if (status) {
1495 u8 mgmt_err = mgmt_status(status);
1496 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1497 goto remove_cmd;
1498 }
1499
d7b856f9
JH		 1500 cp = cmd->param;
1501 if (cp->val)
1502 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1503 else
1504 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1505
2b76f453
JH		 1506 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1507
d7b856f9
JH		 1508 if (changed)
1509 new_settings(hdev, cmd->sk);
1510
37438c1f 1511remove_cmd:
2b76f453
JH		 1512 mgmt_pending_remove(cmd);
1513
1514unlock:
1515 hci_dev_unlock(hdev);
1516}
1517
e8ba3a1f
JH		 1518static int set_connectable_update_settings(struct hci_dev *hdev,
1519 struct sock *sk, u8 val)
1520{
1521 bool changed = false;
1522 int err;
1523
1524 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1525 changed = true;
1526
1527 if (val) {
1528 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1529 } else {
1530 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1531 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1532 }
1533
1534 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1535 if (err < 0)
1536 return err;
1537
1538 if (changed)
1539 return new_settings(hdev, sk);
1540
1541 return 0;
1542}
1543
bdb6d971 1544static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1545 u16 len)
9fbcbb45 1546{
650f726d 1547 struct mgmt_mode *cp = data;
366a0336 1548 struct pending_cmd *cmd;
2b76f453 1549 struct hci_request req;
1987fdc7 1550 u8 scan;
9fbcbb45
JH		 1551 int err;
1552
bdb6d971 1553 BT_DBG("request for %s", hdev->name);
9fbcbb45 1554
1987fdc7
JH		 1555 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1556 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1557 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1558 MGMT_STATUS_REJECTED);
33c525c0 1559
a7e80f25
JH		 1560 if (cp->val != 0x00 && cp->val != 0x01)
1561 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1562 MGMT_STATUS_INVALID_PARAMS);
1563
09fd0de5 1564 hci_dev_lock(hdev);
9fbcbb45 1565
4b34ee78 1566 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1567 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1568 goto failed;
1569 }
1570
2e58ef3e 1571 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1572 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1573 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1574 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1575 goto failed;
1576 }
1577
2e58ef3e 1578 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1579 if (!cmd) {
1580 err = -ENOMEM;
9fbcbb45 1581 goto failed;
366a0336 1582 }
9fbcbb45 1583
9b74246f 1584 hci_req_init(&req, hdev);
9fbcbb45 1585
9a43e25f
JH		 1586 /* If BR/EDR is not enabled and we disable advertising as a
1587 * by-product of disabling connectable, we need to update the
1588 * advertising flags.
1589 */
1590 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1591 if (!cp->val) {
1592 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1593 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1594 }
1595 update_adv_data(&req);
1596 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1597 if (cp->val) {
1598 scan = SCAN_PAGE;
1599 } else {
1600 scan = 0;
1601
1602 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1603 hdev->discov_timeout > 0)
9b74246f
JH		 1604 cancel_delayed_work(&hdev->discov_off);
1605 }
2b76f453 1606
9b74246f
JH		 1607 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1608 }
2b76f453 1609
4c01f8b8
JH		 1610 /* If we're going from non-connectable to connectable or
1611 * vice-versa when fast connectable is enabled ensure that fast
1612 * connectable gets disabled. write_fast_connectable won't do
1613 * anything if the page scan parameters are already what they
1614 * should be.
1615 */
1616 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1617 write_fast_connectable(&req, false);
1618
1987fdc7
JH		 1619 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1620 hci_conn_num(hdev, LE_LINK) == 0) {
1621 disable_advertising(&req);
1622 enable_advertising(&req);
1623 }
1624
2b76f453 1625 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1626 if (err < 0) {
a664b5bc 1627 mgmt_pending_remove(cmd);
9b74246f 1628 if (err == -ENODATA)
a81070ba
JH		 1629 err = set_connectable_update_settings(hdev, sk,
1630 cp->val);
9b74246f
JH		 1631 goto failed;
1632 }
9fbcbb45
JH		 1633
1634failed:
09fd0de5 1635 hci_dev_unlock(hdev);
9fbcbb45
JH		 1636 return err;
1637}
1638
bdb6d971 1639static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1640 u16 len)
c542a06c 1641{
650f726d 1642 struct mgmt_mode *cp = data;
55594356 1643 bool changed;
c542a06c
JH		 1644 int err;
1645
bdb6d971 1646 BT_DBG("request for %s", hdev->name);
c542a06c 1647
a7e80f25
JH		 1648 if (cp->val != 0x00 && cp->val != 0x01)
1649 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1650 MGMT_STATUS_INVALID_PARAMS);
1651
09fd0de5 1652 hci_dev_lock(hdev);
c542a06c
JH		 1653
1654 if (cp->val)
55594356 1655 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1656 else
55594356 1657 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1658
69ab39ea 1659 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1660 if (err < 0)
55594356 1661 goto unlock;
c542a06c 1662
55594356
MH		 1663 if (changed)
1664 err = new_settings(hdev, sk);
c542a06c 1665
55594356 1666unlock:
09fd0de5 1667 hci_dev_unlock(hdev);
c542a06c
JH		 1668 return err;
1669}
1670
04124681
GP		 1671static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1672 u16 len)
33ef95ed
JH		 1673{
1674 struct mgmt_mode *cp = data;
1675 struct pending_cmd *cmd;
e6fe7986 1676 u8 val, status;
33ef95ed
JH		 1677 int err;
1678
bdb6d971 1679 BT_DBG("request for %s", hdev->name);
33ef95ed 1680
e6fe7986
JH		 1681 status = mgmt_bredr_support(hdev);
1682 if (status)
33c525c0 1683 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1684 status);
33c525c0 1685
a7e80f25
JH		 1686 if (cp->val != 0x00 && cp->val != 0x01)
1687 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1688 MGMT_STATUS_INVALID_PARAMS);
1689
33ef95ed
JH		 1690 hci_dev_lock(hdev);
1691
4b34ee78 1692 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1693 bool changed = false;
1694
1695 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1696 &hdev->dev_flags)) {
47990ea0
JH		 1697 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1698 changed = true;
1699 }
1700
1701 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1702 if (err < 0)
1703 goto failed;
1704
1705 if (changed)
1706 err = new_settings(hdev, sk);
1707
33ef95ed
JH		 1708 goto failed;
1709 }
1710
1711 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1712 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1713 MGMT_STATUS_BUSY);
33ef95ed
JH		 1714 goto failed;
1715 }
1716
1717 val = !!cp->val;
1718
1719 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1720 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1721 goto failed;
1722 }
1723
1724 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1725 if (!cmd) {
1726 err = -ENOMEM;
1727 goto failed;
1728 }
1729
1730 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1731 if (err < 0) {
1732 mgmt_pending_remove(cmd);
1733 goto failed;
1734 }
1735
1736failed:
1737 hci_dev_unlock(hdev);
33ef95ed
JH		 1738 return err;
1739}
1740
bdb6d971 1741static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1742{
1743 struct mgmt_mode *cp = data;
1744 struct pending_cmd *cmd;
72ef0c1a 1745 u8 status;
ed2c4ee3
JH		 1746 int err;
1747
bdb6d971 1748 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1749
cdba5281
MH		 1750 status = mgmt_bredr_support(hdev);
1751 if (status)
1752 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1753
13ecd8b6
JH		 1754 if (!lmp_ssp_capable(hdev))
1755 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1756 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1757
a7e80f25
JH		 1758 if (cp->val != 0x00 && cp->val != 0x01)
1759 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1760 MGMT_STATUS_INVALID_PARAMS);
1761
13ecd8b6 1762 hci_dev_lock(hdev);
6c8f12c1 1763
4b34ee78 1764 if (!hdev_is_powered(hdev)) {
9ecb3e24 1765 bool changed;
c0ecddc2 1766
9ecb3e24
MH		 1767 if (cp->val) {
1768 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1769 &hdev->dev_flags);
1770 } else {
1771 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1772 &hdev->dev_flags);
1773 if (!changed)
1774 changed = test_and_clear_bit(HCI_HS_ENABLED,
1775 &hdev->dev_flags);
1776 else
1777 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1778 }
1779
1780 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1781 if (err < 0)
1782 goto failed;
1783
1784 if (changed)
1785 err = new_settings(hdev, sk);
1786
ed2c4ee3
JH		 1787 goto failed;
1788 }
1789
9ecb3e24
MH		 1790 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1791 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1792 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1793 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1794 goto failed;
1795 }
1796
72ef0c1a 1797 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1798 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1799 goto failed;
1800 }
1801
1802 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1803 if (!cmd) {
1804 err = -ENOMEM;
1805 goto failed;
1806 }
1807
72ef0c1a 1808 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1809 if (err < 0) {
1810 mgmt_pending_remove(cmd);
1811 goto failed;
1812 }
1813
1814failed:
1815 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1816 return err;
1817}
1818
bdb6d971 1819static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1820{
1821 struct mgmt_mode *cp = data;
ee392693 1822 bool changed;
e6fe7986 1823 u8 status;
ee392693 1824 int err;
6d80dfd0 1825
bdb6d971 1826 BT_DBG("request for %s", hdev->name);
6d80dfd0 1827
e6fe7986
JH		 1828 status = mgmt_bredr_support(hdev);
1829 if (status)
1830 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1831
9ecb3e24
MH		 1832 if (!lmp_ssp_capable(hdev))
1833 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1834 MGMT_STATUS_NOT_SUPPORTED);
1835
1836 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1837 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1838 MGMT_STATUS_REJECTED);
1839
a7e80f25
JH		 1840 if (cp->val != 0x00 && cp->val != 0x01)
1841 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1842 MGMT_STATUS_INVALID_PARAMS);
1843
ee392693
MH		 1844 hci_dev_lock(hdev);
1845
a0cdf960 1846 if (cp->val) {
ee392693 1847 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1848 } else {
1849 if (hdev_is_powered(hdev)) {
1850 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1851 MGMT_STATUS_REJECTED);
1852 goto unlock;
1853 }
1854
ee392693 1855 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1856 }
ee392693
MH		 1857
1858 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1859 if (err < 0)
1860 goto unlock;
1861
1862 if (changed)
1863 err = new_settings(hdev, sk);
6d80dfd0 1864
ee392693
MH		 1865unlock:
1866 hci_dev_unlock(hdev);
1867 return err;
6d80dfd0
JH		 1868}
1869
416a4ae5
JH		 1870static void le_enable_complete(struct hci_dev *hdev, u8 status)
1871{
1872 struct cmd_lookup match = { NULL, hdev };
1873
1874 if (status) {
1875 u8 mgmt_err = mgmt_status(status);
1876
1877 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1878 &mgmt_err);
1879 return;
1880 }
1881
1882 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1883
1884 new_settings(hdev, match.sk);
1885
1886 if (match.sk)
1887 sock_put(match.sk);
441ad2d0
MH		 1888
1889 /* Make sure the controller has a good default for
1890 * advertising data. Restrict the update to when LE
1891 * has actually been enabled. During power on, the
1892 * update in powered_update_hci will take care of it.
1893 */
1894 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1895 struct hci_request req;
1896
1897 hci_dev_lock(hdev);
1898
1899 hci_req_init(&req, hdev);
5947f4bc 1900 update_adv_data(&req);
f14d8f64 1901 update_scan_rsp_data(&req);
441ad2d0
MH		 1902 hci_req_run(&req, NULL);
1903
1904 hci_dev_unlock(hdev);
1905 }
416a4ae5
JH		 1906}
1907
bdb6d971 1908static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1909{
1910 struct mgmt_mode *cp = data;
1911 struct hci_cp_write_le_host_supported hci_cp;
1912 struct pending_cmd *cmd;
416a4ae5 1913 struct hci_request req;
06199cf8 1914 int err;
0b60eba1 1915 u8 val, enabled;
06199cf8 1916
bdb6d971 1917 BT_DBG("request for %s", hdev->name);
06199cf8 1918
13ecd8b6
JH		 1919 if (!lmp_le_capable(hdev))
1920 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1921 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1922
a7e80f25
JH		 1923 if (cp->val != 0x00 && cp->val != 0x01)
1924 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1925 MGMT_STATUS_INVALID_PARAMS);
1926
c73eee91 1927 /* LE-only devices do not allow toggling LE on/off */
56f87901 1928 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1929 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1930 MGMT_STATUS_REJECTED);
1931
13ecd8b6 1932 hci_dev_lock(hdev);
06199cf8
JH		 1933
1934 val = !!cp->val;
ffa88e02 1935 enabled = lmp_host_le_capable(hdev);
06199cf8 1936
0b60eba1 1937 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1938 bool changed = false;
1939
1940 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1941 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1942 changed = true;
1943 }
1944
f3d3444a
JH		 1945 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1946 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1947 changed = true;
1948 }
1949
06199cf8
JH		 1950 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1951 if (err < 0)
1de028ce 1952 goto unlock;
06199cf8
JH		 1953
1954 if (changed)
1955 err = new_settings(hdev, sk);
1956
1de028ce 1957 goto unlock;
06199cf8
JH		 1958 }
1959
4375f103
JH		 1960 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1961 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1962 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1963 MGMT_STATUS_BUSY);
1de028ce 1964 goto unlock;
06199cf8
JH		 1965 }
1966
1967 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1968 if (!cmd) {
1969 err = -ENOMEM;
1de028ce 1970 goto unlock;
06199cf8
JH		 1971 }
1972
441ad2d0
MH		 1973 hci_req_init(&req, hdev);
1974
06199cf8
JH		 1975 memset(&hci_cp, 0, sizeof(hci_cp));
1976
1977 if (val) {
1978 hci_cp.le = val;
ffa88e02 1979 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 1980 } else {
1981 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1982 disable_advertising(&req);
06199cf8
JH		 1983 }
1984
416a4ae5
JH		 1985 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1986 &hci_cp);
1987
1988 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1989 if (err < 0)
06199cf8 1990 mgmt_pending_remove(cmd);
06199cf8 1991
1de028ce
JH		 1992unlock:
1993 hci_dev_unlock(hdev);
06199cf8
JH		 1994 return err;
1995}
1996
0cab9c80
JH		 1997/* This is a helper function to test for pending mgmt commands that can
1998 * cause CoD or EIR HCI commands. We can only allow one such pending
1999 * mgmt command at a time since otherwise we cannot easily track what
2000 * the current values are, will be, and based on that calculate if a new
2001 * HCI command needs to be sent and if yes with what value.
2002 */
2003static bool pending_eir_or_class(struct hci_dev *hdev)
2004{
2005 struct pending_cmd *cmd;
2006
2007 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2008 switch (cmd->opcode) {
2009 case MGMT_OP_ADD_UUID:
2010 case MGMT_OP_REMOVE_UUID:
2011 case MGMT_OP_SET_DEV_CLASS:
2012 case MGMT_OP_SET_POWERED:
2013 return true;
2014 }
2015 }
2016
2017 return false;
2018}
2019
83be8eca
JH		 2020static const u8 bluetooth_base_uuid[] = {
2021 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2022 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2023};
2024
2025static u8 get_uuid_size(const u8 *uuid)
2026{
2027 u32 val;
2028
2029 if (memcmp(uuid, bluetooth_base_uuid, 12))
2030 return 128;
2031
2032 val = get_unaligned_le32(&uuid[12]);
2033 if (val > 0xffff)
2034 return 32;
2035
2036 return 16;
2037}
2038
92da6097
JH		 2039static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2040{
2041 struct pending_cmd *cmd;
2042
2043 hci_dev_lock(hdev);
2044
2045 cmd = mgmt_pending_find(mgmt_op, hdev);
2046 if (!cmd)
2047 goto unlock;
2048
2049 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2050 hdev->dev_class, 3);
2051
2052 mgmt_pending_remove(cmd);
2053
2054unlock:
2055 hci_dev_unlock(hdev);
2056}
2057
2058static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2059{
2060 BT_DBG("status 0x%02x", status);
2061
2062 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2063}
2064
bdb6d971 2065static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2066{
650f726d 2067 struct mgmt_cp_add_uuid *cp = data;
90e70454 2068 struct pending_cmd *cmd;
890ea898 2069 struct hci_request req;
2aeb9a1a 2070 struct bt_uuid *uuid;
2aeb9a1a
JH		 2071 int err;
2072
bdb6d971 2073 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2074
09fd0de5 2075 hci_dev_lock(hdev);
2aeb9a1a 2076
0cab9c80 2077 if (pending_eir_or_class(hdev)) {
bdb6d971 2078 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2079 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2080 goto failed;
2081 }
2082
92c4c204 2083 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2084 if (!uuid) {
2085 err = -ENOMEM;
2086 goto failed;
2087 }
2088
2089 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2090 uuid->svc_hint = cp->svc_hint;
83be8eca 2091 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2092
de66aa63 2093 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2094
890ea898 2095 hci_req_init(&req, hdev);
1aff6f09 2096
890ea898
JH		 2097 update_class(&req);
2098 update_eir(&req);
2099
92da6097
JH		 2100 err = hci_req_run(&req, add_uuid_complete);
2101 if (err < 0) {
2102 if (err != -ENODATA)
2103 goto failed;
80a1e1db 2104
bdb6d971 2105 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2106 hdev->dev_class, 3);
90e70454
JH		 2107 goto failed;
2108 }
2109
2110 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2111 if (!cmd) {
90e70454 2112 err = -ENOMEM;
890ea898
JH		 2113 goto failed;
2114 }
2115
2116 err = 0;
2aeb9a1a
JH		 2117
2118failed:
09fd0de5 2119 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2120 return err;
2121}
2122
24b78d0f
JH		 2123static bool enable_service_cache(struct hci_dev *hdev)
2124{
2125 if (!hdev_is_powered(hdev))
2126 return false;
2127
2128 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2129 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2130 CACHE_TIMEOUT);
24b78d0f
JH		 2131 return true;
2132 }
2133
2134 return false;
2135}
2136
92da6097
JH		 2137static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2138{
2139 BT_DBG("status 0x%02x", status);
2140
2141 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2142}
2143
bdb6d971 2144static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2145 u16 len)
2aeb9a1a 2146{
650f726d 2147 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2148 struct pending_cmd *cmd;
056341c8 2149 struct bt_uuid *match, *tmp;
2aeb9a1a 2150 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2151 struct hci_request req;
2aeb9a1a
JH		 2152 int err, found;
2153
bdb6d971 2154 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2155
09fd0de5 2156 hci_dev_lock(hdev);
2aeb9a1a 2157
0cab9c80 2158 if (pending_eir_or_class(hdev)) {
bdb6d971 2159 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2160 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2161 goto unlock;
2162 }
2163
2aeb9a1a 2164 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2165 hci_uuids_clear(hdev);
4004b6d9 2166
24b78d0f 2167 if (enable_service_cache(hdev)) {
bdb6d971 2168 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2169 0, hdev->dev_class, 3);
24b78d0f
JH		 2170 goto unlock;
2171 }
4004b6d9 2172
9246a869 2173 goto update_class;
2aeb9a1a
JH		 2174 }
2175
2176 found = 0;
2177
056341c8 2178 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2179 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2180 continue;
2181
2182 list_del(&match->list);
482049f7 2183 kfree(match);
2aeb9a1a
JH		 2184 found++;
2185 }
2186
2187 if (found == 0) {
bdb6d971 2188 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2189 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2190 goto unlock;
2191 }
2192
9246a869 2193update_class:
890ea898 2194 hci_req_init(&req, hdev);
1aff6f09 2195
890ea898
JH		 2196 update_class(&req);
2197 update_eir(&req);
2198
92da6097
JH		 2199 err = hci_req_run(&req, remove_uuid_complete);
2200 if (err < 0) {
2201 if (err != -ENODATA)
2202 goto unlock;
80a1e1db 2203
bdb6d971 2204 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2205 hdev->dev_class, 3);
90e70454
JH		 2206 goto unlock;
2207 }
2208
2209 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2210 if (!cmd) {
90e70454 2211 err = -ENOMEM;
890ea898
JH		 2212 goto unlock;
2213 }
2214
2215 err = 0;
2aeb9a1a
JH		 2216
2217unlock:
09fd0de5 2218 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2219 return err;
2220}
2221
92da6097
JH		 2222static void set_class_complete(struct hci_dev *hdev, u8 status)
2223{
2224 BT_DBG("status 0x%02x", status);
2225
2226 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2227}
2228
bdb6d971 2229static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2230 u16 len)
1aff6f09 2231{
650f726d 2232 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2233 struct pending_cmd *cmd;
890ea898 2234 struct hci_request req;
1aff6f09
JH		 2235 int err;
2236
bdb6d971 2237 BT_DBG("request for %s", hdev->name);
1aff6f09 2238
6203fc98 2239 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2240 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2241 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2242
0cab9c80 2243 hci_dev_lock(hdev);
ee98f473 2244
0cab9c80
JH		 2245 if (pending_eir_or_class(hdev)) {
2246 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2247 MGMT_STATUS_BUSY);
2248 goto unlock;
2249 }
c95f0ba7 2250
0cab9c80
JH		 2251 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2252 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2253 MGMT_STATUS_INVALID_PARAMS);
2254 goto unlock;
2255 }
575b3a02 2256
932f5ff5
JH		 2257 hdev->major_class = cp->major;
2258 hdev->minor_class = cp->minor;
2259
b5235a65 2260 if (!hdev_is_powered(hdev)) {
bdb6d971 2261 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2262 hdev->dev_class, 3);
b5235a65
JH		 2263 goto unlock;
2264 }
2265
890ea898
JH		 2266 hci_req_init(&req, hdev);
2267
a8b2d5c2 2268 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2269 hci_dev_unlock(hdev);
2270 cancel_delayed_work_sync(&hdev->service_cache);
2271 hci_dev_lock(hdev);
890ea898 2272 update_eir(&req);
7d78525d 2273 }
14c0b608 2274
890ea898
JH		 2275 update_class(&req);
2276
92da6097
JH		 2277 err = hci_req_run(&req, set_class_complete);
2278 if (err < 0) {
2279 if (err != -ENODATA)
2280 goto unlock;
1aff6f09 2281
bdb6d971 2282 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2283 hdev->dev_class, 3);
90e70454
JH		 2284 goto unlock;
2285 }
2286
2287 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2288 if (!cmd) {
90e70454 2289 err = -ENOMEM;
890ea898
JH		 2290 goto unlock;
2291 }
2292
2293 err = 0;
1aff6f09 2294
b5235a65 2295unlock:
09fd0de5 2296 hci_dev_unlock(hdev);
1aff6f09
JH		 2297 return err;
2298}
2299
bdb6d971 2300static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2301 u16 len)
55ed8ca1 2302{
650f726d 2303 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2304 u16 key_count, expected_len;
b1de97d8 2305 bool changed;
a492cd52 2306 int i;
55ed8ca1 2307
9060d5cf
MH		 2308 BT_DBG("request for %s", hdev->name);
2309
2310 if (!lmp_bredr_capable(hdev))
2311 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2312 MGMT_STATUS_NOT_SUPPORTED);
2313
1f350c87 2314 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2315
86742e1e
JH		 2316 expected_len = sizeof(*cp) + key_count *
2317 sizeof(struct mgmt_link_key_info);
a492cd52 2318 if (expected_len != len) {
86742e1e 2319 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2320 len, expected_len);
bdb6d971 2321 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2322 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2323 }
2324
4ae14301
JH		 2325 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2326 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2327 MGMT_STATUS_INVALID_PARAMS);
2328
bdb6d971 2329 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2330 key_count);
55ed8ca1 2331
4ee71b20
JH		 2332 for (i = 0; i < key_count; i++) {
2333 struct mgmt_link_key_info *key = &cp->keys[i];
2334
8e991132 2335 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2336 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2337 MGMT_STATUS_INVALID_PARAMS);
2338 }
2339
09fd0de5 2340 hci_dev_lock(hdev);
55ed8ca1
JH		 2341
2342 hci_link_keys_clear(hdev);
2343
55ed8ca1 2344 if (cp->debug_keys)
b1de97d8 2345 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2346 else
b1de97d8
MH		 2347 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2348
2349 if (changed)
2350 new_settings(hdev, NULL);
55ed8ca1 2351
a492cd52 2352 for (i = 0; i < key_count; i++) {
86742e1e 2353 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2354
d753fdc4 2355 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2356 key->type, key->pin_len);
55ed8ca1
JH		 2357 }
2358
bdb6d971 2359 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2360
09fd0de5 2361 hci_dev_unlock(hdev);
55ed8ca1 2362
a492cd52 2363 return 0;
55ed8ca1
JH		 2364}
2365
b1078ad0 2366static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2367 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2368{
2369 struct mgmt_ev_device_unpaired ev;
2370
2371 bacpy(&ev.addr.bdaddr, bdaddr);
2372 ev.addr.type = addr_type;
2373
2374 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2375 skip_sk);
b1078ad0
JH		 2376}
2377
bdb6d971 2378static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2379 u16 len)
55ed8ca1 2380{
124f6e35
JH		 2381 struct mgmt_cp_unpair_device *cp = data;
2382 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2383 struct hci_cp_disconnect dc;
2384 struct pending_cmd *cmd;
55ed8ca1 2385 struct hci_conn *conn;
55ed8ca1
JH		 2386 int err;
2387
a8a1d19e 2388 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2389 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2390 rp.addr.type = cp->addr.type;
a8a1d19e 2391
4ee71b20
JH		 2392 if (!bdaddr_type_is_valid(cp->addr.type))
2393 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2394 MGMT_STATUS_INVALID_PARAMS,
2395 &rp, sizeof(rp));
2396
118da70b
JH		 2397 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2398 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2399 MGMT_STATUS_INVALID_PARAMS,
2400 &rp, sizeof(rp));
2401
4ee71b20
JH		 2402 hci_dev_lock(hdev);
2403
86a8cfc6 2404 if (!hdev_is_powered(hdev)) {
bdb6d971 2405 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2406 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2407 goto unlock;
2408 }
2409
e0b2b27e 2410 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2411 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2412 } else {
2413 u8 addr_type;
2414
2415 if (cp->addr.type == BDADDR_LE_PUBLIC)
2416 addr_type = ADDR_LE_DEV_PUBLIC;
2417 else
2418 addr_type = ADDR_LE_DEV_RANDOM;
2419
a7ec7338
JH		 2420 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2421
e0b2b27e
JH		 2422 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2423 }
b0dbfb46 2424
55ed8ca1 2425 if (err < 0) {
bdb6d971 2426 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2427 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2428 goto unlock;
2429 }
2430
86a8cfc6 2431 if (cp->disconnect) {
591f47f3 2432 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2433 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2434 &cp->addr.bdaddr);
86a8cfc6
JH		 2435 else
2436 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2437 &cp->addr.bdaddr);
86a8cfc6
JH		 2438 } else {
2439 conn = NULL;
2440 }
124f6e35 2441
a8a1d19e 2442 if (!conn) {
bdb6d971 2443 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2444 &rp, sizeof(rp));
b1078ad0 2445 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2446 goto unlock;
2447 }
55ed8ca1 2448
124f6e35 2449 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2450 sizeof(*cp));
a8a1d19e
JH		 2451 if (!cmd) {
2452 err = -ENOMEM;
2453 goto unlock;
55ed8ca1
JH		 2454 }
2455
eb55ef07 2456 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2457 dc.reason = 0x13; /* Remote User Terminated Connection */
2458 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2459 if (err < 0)
2460 mgmt_pending_remove(cmd);
2461
55ed8ca1 2462unlock:
09fd0de5 2463 hci_dev_unlock(hdev);
55ed8ca1
JH		 2464 return err;
2465}
2466
bdb6d971 2467static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2468 u16 len)
8962ee74 2469{
650f726d 2470 struct mgmt_cp_disconnect *cp = data;
06a63b19 2471 struct mgmt_rp_disconnect rp;
8962ee74 2472 struct hci_cp_disconnect dc;
366a0336 2473 struct pending_cmd *cmd;
8962ee74 2474 struct hci_conn *conn;
8962ee74
JH		 2475 int err;
2476
2477 BT_DBG("");
2478
06a63b19
JH		 2479 memset(&rp, 0, sizeof(rp));
2480 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2481 rp.addr.type = cp->addr.type;
2482
4ee71b20 2483 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2484 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2485 MGMT_STATUS_INVALID_PARAMS,
2486 &rp, sizeof(rp));
4ee71b20 2487
09fd0de5 2488 hci_dev_lock(hdev);
8962ee74
JH		 2489
2490 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2491 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2492 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2493 goto failed;
2494 }
2495
2e58ef3e 2496 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2497 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2498 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2499 goto failed;
2500 }
2501
591f47f3 2502 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2503 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2504 &cp->addr.bdaddr);
88c3df13
JH		 2505 else
2506 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2507
f960727e 2508 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2509 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2510 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2511 goto failed;
2512 }
2513
2e58ef3e 2514 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2515 if (!cmd) {
2516 err = -ENOMEM;
8962ee74 2517 goto failed;
366a0336 2518 }
8962ee74 2519
eb55ef07 2520 dc.handle = cpu_to_le16(conn->handle);
3701f944 2521 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2522
2523 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2524 if (err < 0)
a664b5bc 2525 mgmt_pending_remove(cmd);
8962ee74
JH		 2526
2527failed:
09fd0de5 2528 hci_dev_unlock(hdev);
8962ee74
JH		 2529 return err;
2530}
2531
57c1477c 2532static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2533{
2534 switch (link_type) {
2535 case LE_LINK:
48264f06
JH		 2536 switch (addr_type) {
2537 case ADDR_LE_DEV_PUBLIC:
591f47f3 2538 return BDADDR_LE_PUBLIC;
0ed09148 2539
48264f06 2540 default:
0ed09148 2541 /* Fallback to LE Random address type */
591f47f3 2542 return BDADDR_LE_RANDOM;
48264f06 2543 }
0ed09148 2544
4c659c39 2545 default:
0ed09148 2546 /* Fallback to BR/EDR type */
591f47f3 2547 return BDADDR_BREDR;
4c659c39
JH		 2548 }
2549}
2550
04124681
GP		 2551static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2552 u16 data_len)
2784eb41 2553{
2784eb41 2554 struct mgmt_rp_get_connections *rp;
8035ded4 2555 struct hci_conn *c;
a38528f1 2556 size_t rp_len;
60fc5fb6
JH		 2557 int err;
2558 u16 i;
2784eb41
JH		 2559
2560 BT_DBG("");
2561
09fd0de5 2562 hci_dev_lock(hdev);
2784eb41 2563
5f97c1df 2564 if (!hdev_is_powered(hdev)) {
bdb6d971 2565 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2566 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2567 goto unlock;
2568 }
2569
60fc5fb6 2570 i = 0;
b644ba33
JH		 2571 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2572 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2573 i++;
2784eb41
JH		 2574 }
2575
60fc5fb6 2576 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2577 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2578 if (!rp) {
2784eb41
JH		 2579 err = -ENOMEM;
2580 goto unlock;
2581 }
2582
2784eb41 2583 i = 0;
4c659c39 2584 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2585 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2586 continue;
4c659c39 2587 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2588 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2589 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2590 continue;
2591 i++;
2592 }
2593
eb55ef07 2594 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2595
4c659c39
JH		 2596 /* Recalculate length in case of filtered SCO connections, etc */
2597 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2598
bdb6d971 2599 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2600 rp_len);
2784eb41 2601
a38528f1 2602 kfree(rp);
5f97c1df
JH		 2603
2604unlock:
09fd0de5 2605 hci_dev_unlock(hdev);
2784eb41
JH		 2606 return err;
2607}
2608
bdb6d971 2609static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2610 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2611{
2612 struct pending_cmd *cmd;
2613 int err;
2614
2e58ef3e 2615 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2616 sizeof(*cp));
96d97a67
WR		 2617 if (!cmd)
2618 return -ENOMEM;
2619
d8457698 2620 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2621 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2622 if (err < 0)
2623 mgmt_pending_remove(cmd);
2624
2625 return err;
2626}
2627
bdb6d971 2628static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2629 u16 len)
980e1a53 2630{
96d97a67 2631 struct hci_conn *conn;
650f726d 2632 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2633 struct hci_cp_pin_code_reply reply;
366a0336 2634 struct pending_cmd *cmd;
980e1a53
JH		 2635 int err;
2636
2637 BT_DBG("");
2638
09fd0de5 2639 hci_dev_lock(hdev);
980e1a53 2640
4b34ee78 2641 if (!hdev_is_powered(hdev)) {
bdb6d971 2642 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2643 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2644 goto failed;
2645 }
2646
d8457698 2647 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2648 if (!conn) {
bdb6d971 2649 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2650 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2651 goto failed;
2652 }
2653
2654 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2655 struct mgmt_cp_pin_code_neg_reply ncp;
2656
2657 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2658
2659 BT_ERR("PIN code is not 16 bytes long");
2660
bdb6d971 2661 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2662 if (err >= 0)
bdb6d971 2663 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2664 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2665
2666 goto failed;
2667 }
2668
00abfe44 2669 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2670 if (!cmd) {
2671 err = -ENOMEM;
980e1a53 2672 goto failed;
366a0336 2673 }
980e1a53 2674
d8457698 2675 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2676 reply.pin_len = cp->pin_len;
24718ca5 2677 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2678
2679 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2680 if (err < 0)
a664b5bc 2681 mgmt_pending_remove(cmd);
980e1a53
JH		 2682
2683failed:
09fd0de5 2684 hci_dev_unlock(hdev);
980e1a53
JH		 2685 return err;
2686}
2687
04124681
GP		 2688static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2689 u16 len)
17fa4b9d 2690{
650f726d 2691 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2692
2693 BT_DBG("");
2694
09fd0de5 2695 hci_dev_lock(hdev);
17fa4b9d
JH		 2696
2697 hdev->io_capability = cp->io_capability;
2698
2699 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2700 hdev->io_capability);
17fa4b9d 2701
09fd0de5 2702 hci_dev_unlock(hdev);
17fa4b9d 2703
04124681
GP		 2704 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2705 0);
17fa4b9d
JH		 2706}
2707
6039aa73 2708static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2709{
2710 struct hci_dev *hdev = conn->hdev;
8035ded4 2711 struct pending_cmd *cmd;
e9a416b5 2712
2e58ef3e 2713 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2714 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2715 continue;
2716
e9a416b5
JH		 2717 if (cmd->user_data != conn)
2718 continue;
2719
2720 return cmd;
2721 }
2722
2723 return NULL;
2724}
2725
2726static void pairing_complete(struct pending_cmd *cmd, u8 status)
2727{
2728 struct mgmt_rp_pair_device rp;
2729 struct hci_conn *conn = cmd->user_data;
2730
ba4e564f 2731 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2732 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2733
aee9b218 2734 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2735 &rp, sizeof(rp));
e9a416b5
JH		 2736
2737 /* So we don't get further callbacks for this connection */
2738 conn->connect_cfm_cb = NULL;
2739 conn->security_cfm_cb = NULL;
2740 conn->disconn_cfm_cb = NULL;
2741
76a68ba0 2742 hci_conn_drop(conn);
e9a416b5 2743
a664b5bc 2744 mgmt_pending_remove(cmd);
e9a416b5
JH		 2745}
2746
f4a407be
JH		 2747void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2748{
2749 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2750 struct pending_cmd *cmd;
2751
2752 cmd = find_pairing(conn);
2753 if (cmd)
2754 pairing_complete(cmd, status);
2755}
2756
e9a416b5
JH		 2757static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2758{
2759 struct pending_cmd *cmd;
2760
2761 BT_DBG("status %u", status);
2762
2763 cmd = find_pairing(conn);
56e5cb86 2764 if (!cmd)
e9a416b5 2765 BT_DBG("Unable to find a pending command");
56e5cb86 2766 else
e211326c 2767 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2768}
2769
f4a407be 2770static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2771{
2772 struct pending_cmd *cmd;
2773
2774 BT_DBG("status %u", status);
2775
2776 if (!status)
2777 return;
2778
2779 cmd = find_pairing(conn);
2780 if (!cmd)
2781 BT_DBG("Unable to find a pending command");
2782 else
2783 pairing_complete(cmd, mgmt_status(status));
2784}
2785
bdb6d971 2786static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2787 u16 len)
e9a416b5 2788{
650f726d 2789 struct mgmt_cp_pair_device *cp = data;
1425acb7 2790 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2791 struct pending_cmd *cmd;
2792 u8 sec_level, auth_type;
2793 struct hci_conn *conn;
e9a416b5
JH		 2794 int err;
2795
2796 BT_DBG("");
2797
f950a30e
SJ		 2798 memset(&rp, 0, sizeof(rp));
2799 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2800 rp.addr.type = cp->addr.type;
2801
4ee71b20
JH		 2802 if (!bdaddr_type_is_valid(cp->addr.type))
2803 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2804 MGMT_STATUS_INVALID_PARAMS,
2805 &rp, sizeof(rp));
2806
09fd0de5 2807 hci_dev_lock(hdev);
e9a416b5 2808
5f97c1df 2809 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2810 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2811 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2812 goto unlock;
2813 }
2814
c908df36
VCG		 2815 sec_level = BT_SECURITY_MEDIUM;
2816 if (cp->io_cap == 0x03)
e9a416b5 2817 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2818 else
e9a416b5 2819 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2820
591f47f3 2821 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2822 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2823 cp->addr.type, sec_level, auth_type);
7a512d01 2824 else
b12f62cf
AG		 2825 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2826 cp->addr.type, sec_level, auth_type);
7a512d01 2827
30e76272 2828 if (IS_ERR(conn)) {
489dc48e
AK		 2829 int status;
2830
2831 if (PTR_ERR(conn) == -EBUSY)
2832 status = MGMT_STATUS_BUSY;
2833 else
2834 status = MGMT_STATUS_CONNECT_FAILED;
2835
bdb6d971 2836 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2837 status, &rp,
04124681 2838 sizeof(rp));
e9a416b5
JH		 2839 goto unlock;
2840 }
2841
2842 if (conn->connect_cfm_cb) {
76a68ba0 2843 hci_conn_drop(conn);
bdb6d971 2844 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2845 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2846 goto unlock;
2847 }
2848
2e58ef3e 2849 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2850 if (!cmd) {
2851 err = -ENOMEM;
76a68ba0 2852 hci_conn_drop(conn);
e9a416b5
JH		 2853 goto unlock;
2854 }
2855
7a512d01 2856 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2857 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2858 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2859 conn->security_cfm_cb = pairing_complete_cb;
2860 conn->disconn_cfm_cb = pairing_complete_cb;
2861 } else {
2862 conn->connect_cfm_cb = le_pairing_complete_cb;
2863 conn->security_cfm_cb = le_pairing_complete_cb;
2864 conn->disconn_cfm_cb = le_pairing_complete_cb;
2865 }
7a512d01 2866
e9a416b5
JH		 2867 conn->io_capability = cp->io_cap;
2868 cmd->user_data = conn;
2869
2870 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2871 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2872 pairing_complete(cmd, 0);
2873
2874 err = 0;
2875
2876unlock:
09fd0de5 2877 hci_dev_unlock(hdev);
e9a416b5
JH		 2878 return err;
2879}
2880
04124681
GP		 2881static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2882 u16 len)
28424707 2883{
0f4e68cf 2884 struct mgmt_addr_info *addr = data;
28424707
JH		 2885 struct pending_cmd *cmd;
2886 struct hci_conn *conn;
2887 int err;
2888
2889 BT_DBG("");
2890
28424707
JH		 2891 hci_dev_lock(hdev);
2892
5f97c1df 2893 if (!hdev_is_powered(hdev)) {
bdb6d971 2894 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2895 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2896 goto unlock;
2897 }
2898
28424707
JH		 2899 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2900 if (!cmd) {
bdb6d971 2901 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2902 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2903 goto unlock;
2904 }
2905
2906 conn = cmd->user_data;
2907
2908 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2909 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2910 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2911 goto unlock;
2912 }
2913
2914 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2915
bdb6d971 2916 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2917 addr, sizeof(*addr));
28424707
JH		 2918unlock:
2919 hci_dev_unlock(hdev);
28424707
JH		 2920 return err;
2921}
2922
bdb6d971 2923static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2924 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2925 u16 hci_op, __le32 passkey)
a5c29683 2926{
a5c29683 2927 struct pending_cmd *cmd;
0df4c185 2928 struct hci_conn *conn;
a5c29683
JH		 2929 int err;
2930
09fd0de5 2931 hci_dev_lock(hdev);
08ba5382 2932
4b34ee78 2933 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2934 err = cmd_complete(sk, hdev->id, mgmt_op,
2935 MGMT_STATUS_NOT_POWERED, addr,
2936 sizeof(*addr));
0df4c185 2937 goto done;
a5c29683
JH		 2938 }
2939
1707c60e
JH		 2940 if (addr->type == BDADDR_BREDR)
2941 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2942 else
1707c60e 2943 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2944
2945 if (!conn) {
feb94d3d
JH		 2946 err = cmd_complete(sk, hdev->id, mgmt_op,
2947 MGMT_STATUS_NOT_CONNECTED, addr,
2948 sizeof(*addr));
272d90df
JH		 2949 goto done;
2950 }
47c15e2b 2951
1707c60e 2952 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2953 /* Continue with pairing via SMP */
5fe57d9e
BG		 2954 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2955
2956 if (!err)
feb94d3d
JH		 2957 err = cmd_complete(sk, hdev->id, mgmt_op,
2958 MGMT_STATUS_SUCCESS, addr,
2959 sizeof(*addr));
5fe57d9e 2960 else
feb94d3d
JH		 2961 err = cmd_complete(sk, hdev->id, mgmt_op,
2962 MGMT_STATUS_FAILED, addr,
2963 sizeof(*addr));
47c15e2b 2964
47c15e2b
BG		 2965 goto done;
2966 }
2967
1707c60e 2968 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2969 if (!cmd) {
2970 err = -ENOMEM;
0df4c185 2971 goto done;
a5c29683
JH		 2972 }
2973
0df4c185 2974 /* Continue with pairing via HCI */
604086b7
BG		 2975 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2976 struct hci_cp_user_passkey_reply cp;
2977
1707c60e 2978 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2979 cp.passkey = passkey;
2980 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2981 } else
1707c60e
JH		 2982 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2983 &addr->bdaddr);
604086b7 2984
a664b5bc
JH		 2985 if (err < 0)
2986 mgmt_pending_remove(cmd);
a5c29683 2987
0df4c185 2988done:
09fd0de5 2989 hci_dev_unlock(hdev);
a5c29683
JH		 2990 return err;
2991}
2992
afeb019d
JK		 2993static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2994 void *data, u16 len)
2995{
2996 struct mgmt_cp_pin_code_neg_reply *cp = data;
2997
2998 BT_DBG("");
2999
1707c60e 3000 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3001 MGMT_OP_PIN_CODE_NEG_REPLY,
3002 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3003}
3004
04124681
GP		 3005static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3006 u16 len)
0df4c185 3007{
650f726d 3008 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3009
3010 BT_DBG("");
3011
3012 if (len != sizeof(*cp))
bdb6d971 3013 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3014 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3015
1707c60e 3016 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3017 MGMT_OP_USER_CONFIRM_REPLY,
3018 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3019}
3020
bdb6d971 3021static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3022 void *data, u16 len)
0df4c185 3023{
c9c2659f 3024 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3025
3026 BT_DBG("");
3027
1707c60e 3028 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3029 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3030 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3031}
3032
04124681
GP		 3033static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3034 u16 len)
604086b7 3035{
650f726d 3036 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3037
3038 BT_DBG("");
3039
1707c60e 3040 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3041 MGMT_OP_USER_PASSKEY_REPLY,
3042 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3043}
3044
bdb6d971 3045static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3046 void *data, u16 len)
604086b7 3047{
650f726d 3048 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3049
3050 BT_DBG("");
3051
1707c60e 3052 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3053 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3054 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3055}
3056
13928971 3057static void update_name(struct hci_request *req)
2b4bf397 3058{
13928971 3059 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3060 struct hci_cp_write_local_name cp;
3061
13928971 3062 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3063
890ea898 3064 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3065}
3066
13928971
JH		 3067static void set_name_complete(struct hci_dev *hdev, u8 status)
3068{
3069 struct mgmt_cp_set_local_name *cp;
3070 struct pending_cmd *cmd;
3071
3072 BT_DBG("status 0x%02x", status);
3073
3074 hci_dev_lock(hdev);
3075
3076 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3077 if (!cmd)
3078 goto unlock;
3079
3080 cp = cmd->param;
3081
3082 if (status)
3083 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3084 mgmt_status(status));
3085 else
3086 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3087 cp, sizeof(*cp));
3088
3089 mgmt_pending_remove(cmd);
3090
3091unlock:
3092 hci_dev_unlock(hdev);
3093}
3094
bdb6d971 3095static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3096 u16 len)
b312b161 3097{
2b4bf397 3098 struct mgmt_cp_set_local_name *cp = data;
b312b161 3099 struct pending_cmd *cmd;
890ea898 3100 struct hci_request req;
b312b161
JH		 3101 int err;
3102
3103 BT_DBG("");
3104
09fd0de5 3105 hci_dev_lock(hdev);
b312b161 3106
b3f2ca94
JH		 3107 /* If the old values are the same as the new ones just return a
3108 * direct command complete event.
3109 */
3110 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3111 !memcmp(hdev->short_name, cp->short_name,
3112 sizeof(hdev->short_name))) {
3113 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3114 data, len);
3115 goto failed;
3116 }
3117
2b4bf397 3118 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3119
b5235a65 3120 if (!hdev_is_powered(hdev)) {
2b4bf397 3121 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3122
3123 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3124 data, len);
28cc7bde
JH		 3125 if (err < 0)
3126 goto failed;
3127
3128 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3129 sk);
28cc7bde 3130
b5235a65
JH		 3131 goto failed;
3132 }
3133
28cc7bde 3134 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3135 if (!cmd) {
3136 err = -ENOMEM;
3137 goto failed;
3138 }
3139
13928971
JH		 3140 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3141
890ea898 3142 hci_req_init(&req, hdev);
3f985050
JH		 3143
3144 if (lmp_bredr_capable(hdev)) {
3145 update_name(&req);
3146 update_eir(&req);
3147 }
3148
7a5f4990
MH		 3149 /* The name is stored in the scan response data and so
3150 * no need to udpate the advertising data here.
3151 */
3f985050 3152 if (lmp_le_capable(hdev))
7a5f4990 3153 update_scan_rsp_data(&req);
3f985050 3154
13928971 3155 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3156 if (err < 0)
3157 mgmt_pending_remove(cmd);
3158
3159failed:
09fd0de5 3160 hci_dev_unlock(hdev);
b312b161
JH		 3161 return err;
3162}
3163
0f4e68cf 3164static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3165 void *data, u16 data_len)
c35938b2 3166{
c35938b2
SJ		 3167 struct pending_cmd *cmd;
3168 int err;
3169
bdb6d971 3170 BT_DBG("%s", hdev->name);
c35938b2 3171
09fd0de5 3172 hci_dev_lock(hdev);
c35938b2 3173
4b34ee78 3174 if (!hdev_is_powered(hdev)) {
bdb6d971 3175 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3176 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3177 goto unlock;
3178 }
3179
9a1a1996 3180 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3181 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3182 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3183 goto unlock;
3184 }
3185
2e58ef3e 3186 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3187 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3188 MGMT_STATUS_BUSY);
c35938b2
SJ		 3189 goto unlock;
3190 }
3191
2e58ef3e 3192 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3193 if (!cmd) {
3194 err = -ENOMEM;
3195 goto unlock;
3196 }
3197
4d2d2796
MH		 3198 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3199 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3200 0, NULL);
3201 else
3202 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3203
c35938b2
SJ		 3204 if (err < 0)
3205 mgmt_pending_remove(cmd);
3206
3207unlock:
09fd0de5 3208 hci_dev_unlock(hdev);
c35938b2
SJ		 3209 return err;
3210}
3211
bdb6d971 3212static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3213 void *data, u16 len)
2763eda6 3214{
2763eda6
SJ		 3215 int err;
3216
bdb6d971 3217 BT_DBG("%s ", hdev->name);
2763eda6 3218
09fd0de5 3219 hci_dev_lock(hdev);
2763eda6 3220
ec109113
MH		 3221 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3222 struct mgmt_cp_add_remote_oob_data *cp = data;
3223 u8 status;
bf1e3541 3224
ec109113
MH		 3225 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3226 cp->hash, cp->randomizer);
3227 if (err < 0)
3228 status = MGMT_STATUS_FAILED;
3229 else
3230 status = MGMT_STATUS_SUCCESS;
3231
3232 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3233 status, &cp->addr, sizeof(cp->addr));
3234 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3235 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3236 u8 status;
3237
3238 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3239 cp->hash192,
3240 cp->randomizer192,
3241 cp->hash256,
3242 cp->randomizer256);
3243 if (err < 0)
3244 status = MGMT_STATUS_FAILED;
3245 else
3246 status = MGMT_STATUS_SUCCESS;
3247
3248 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3249 status, &cp->addr, sizeof(cp->addr));
3250 } else {
3251 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3252 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3253 MGMT_STATUS_INVALID_PARAMS);
3254 }
2763eda6 3255
09fd0de5 3256 hci_dev_unlock(hdev);
2763eda6
SJ		 3257 return err;
3258}
3259
bdb6d971 3260static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3261 void *data, u16 len)
2763eda6 3262{
650f726d 3263 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3264 u8 status;
2763eda6
SJ		 3265 int err;
3266
bdb6d971 3267 BT_DBG("%s", hdev->name);
2763eda6 3268
09fd0de5 3269 hci_dev_lock(hdev);
2763eda6 3270
664ce4cc 3271 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3272 if (err < 0)
bf1e3541 3273 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3274 else
a6785be2 3275 status = MGMT_STATUS_SUCCESS;
bf1e3541 3276
bdb6d971 3277 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3278 status, &cp->addr, sizeof(cp->addr));
2763eda6 3279
09fd0de5 3280 hci_dev_unlock(hdev);
2763eda6
SJ		 3281 return err;
3282}
3283
41dc2bd6
AG		 3284static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3285{
3286 struct pending_cmd *cmd;
3287 u8 type;
3288 int err;
3289
3290 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3291
3292 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3293 if (!cmd)
3294 return -ENOENT;
3295
3296 type = hdev->discovery.type;
3297
3298 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3299 &type, sizeof(type));
3300 mgmt_pending_remove(cmd);
3301
3302 return err;
3303}
3304
7c307720
AG		 3305static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3306{
3307 BT_DBG("status %d", status);
3308
3309 if (status) {
3310 hci_dev_lock(hdev);
3311 mgmt_start_discovery_failed(hdev, status);
3312 hci_dev_unlock(hdev);
3313 return;
3314 }
3315
3316 hci_dev_lock(hdev);
3317 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3318 hci_dev_unlock(hdev);
3319
3320 switch (hdev->discovery.type) {
3321 case DISCOV_TYPE_LE:
3322 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3323 DISCOV_LE_TIMEOUT);
7c307720
AG		 3324 break;
3325
3326 case DISCOV_TYPE_INTERLEAVED:
3327 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3328 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 3329 break;
3330
3331 case DISCOV_TYPE_BREDR:
3332 break;
3333
3334 default:
3335 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3336 }
3337}
3338
bdb6d971 3339static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3340 void *data, u16 len)
14a53664 3341{
650f726d 3342 struct mgmt_cp_start_discovery *cp = data;
14a53664 3343 struct pending_cmd *cmd;
7c307720
AG		 3344 struct hci_cp_le_set_scan_param param_cp;
3345 struct hci_cp_le_set_scan_enable enable_cp;
3346 struct hci_cp_inquiry inq_cp;
3347 struct hci_request req;
3348 /* General inquiry access code (GIAC) */
3349 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3350 u8 status, own_addr_type;
14a53664
JH		 3351 int err;
3352
bdb6d971 3353 BT_DBG("%s", hdev->name);
14a53664 3354
09fd0de5 3355 hci_dev_lock(hdev);
14a53664 3356
4b34ee78 3357 if (!hdev_is_powered(hdev)) {
bdb6d971 3358 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3359 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3360 goto failed;
3361 }
3362
642be6c7
AG		 3363 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3364 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3365 MGMT_STATUS_BUSY);
3366 goto failed;
3367 }
3368
ff9ef578 3369 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3370 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3371 MGMT_STATUS_BUSY);
ff9ef578
JH		 3372 goto failed;
3373 }
3374
2e58ef3e 3375 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3376 if (!cmd) {
3377 err = -ENOMEM;
3378 goto failed;
3379 }
3380
4aab14e5
AG		 3381 hdev->discovery.type = cp->type;
3382
7c307720
AG		 3383 hci_req_init(&req, hdev);
3384
4aab14e5 3385 switch (hdev->discovery.type) {
f39799f5 3386 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3387 status = mgmt_bredr_support(hdev);
3388 if (status) {
04106755 3389 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3390 status);
04106755
JH		 3391 mgmt_pending_remove(cmd);
3392 goto failed;
3393 }
3394
7c307720
AG		 3395 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3396 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3397 MGMT_STATUS_BUSY);
3398 mgmt_pending_remove(cmd);
3399 goto failed;
3400 }
3401
3402 hci_inquiry_cache_flush(hdev);
3403
3404 memset(&inq_cp, 0, sizeof(inq_cp));
3405 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3406 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3407 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3408 break;
3409
3410 case DISCOV_TYPE_LE:
7c307720 3411 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3412 status = mgmt_le_support(hdev);
3413 if (status) {
04106755 3414 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3415 status);
04106755
JH		 3416 mgmt_pending_remove(cmd);
3417 goto failed;
3418 }
3419
7c307720 3420 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3421 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3422 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3423 MGMT_STATUS_NOT_SUPPORTED);
3424 mgmt_pending_remove(cmd);
3425 goto failed;
3426 }
3427
f3d3444a 3428 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3429 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3430 MGMT_STATUS_REJECTED);
3431 mgmt_pending_remove(cmd);
3432 goto failed;
3433 }
3434
3435 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3436 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3437 MGMT_STATUS_BUSY);
3438 mgmt_pending_remove(cmd);
3439 goto failed;
3440 }
3441
3442 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3443
94b1fc92
MH		 3444 /* All active scans will be done with either a resolvable
3445 * private address (when privacy feature has been enabled)
3446 * or unresolvable private address.
3447 */
3448 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3449 if (err < 0) {
3450 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3451 MGMT_STATUS_FAILED);
3452 mgmt_pending_remove(cmd);
3453 goto failed;
3454 }
3455
7c307720 3456 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3457 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3458 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3459 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3460 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3461 &param_cp);
3462
3463 memset(&enable_cp, 0, sizeof(enable_cp));
3464 enable_cp.enable = LE_SCAN_ENABLE;
3465 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3466 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3467 &enable_cp);
5e0452c0
AG		 3468 break;
3469
f39799f5 3470 default:
04106755
JH		 3471 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3472 MGMT_STATUS_INVALID_PARAMS);
3473 mgmt_pending_remove(cmd);
3474 goto failed;
f39799f5 3475 }
3fd24153 3476
7c307720 3477 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3478 if (err < 0)
3479 mgmt_pending_remove(cmd);
ff9ef578
JH		 3480 else
3481 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3482
3483failed:
09fd0de5 3484 hci_dev_unlock(hdev);
14a53664
JH		 3485 return err;
3486}
3487
1183fdca
AG		 3488static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3489{
3490 struct pending_cmd *cmd;
3491 int err;
3492
3493 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3494 if (!cmd)
3495 return -ENOENT;
3496
3497 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3498 &hdev->discovery.type, sizeof(hdev->discovery.type));
3499 mgmt_pending_remove(cmd);
3500
3501 return err;
3502}
3503
0e05bba6
AG		 3504static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3505{
3506 BT_DBG("status %d", status);
3507
3508 hci_dev_lock(hdev);
3509
3510 if (status) {
3511 mgmt_stop_discovery_failed(hdev, status);
3512 goto unlock;
3513 }
3514
3515 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3516
3517unlock:
3518 hci_dev_unlock(hdev);
3519}
3520
bdb6d971 3521static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3522 u16 len)
14a53664 3523{
d930650b 3524 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3525 struct pending_cmd *cmd;
30dc78e1
JH		 3526 struct hci_cp_remote_name_req_cancel cp;
3527 struct inquiry_entry *e;
0e05bba6
AG		 3528 struct hci_request req;
3529 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3530 int err;
3531
bdb6d971 3532 BT_DBG("%s", hdev->name);
14a53664 3533
09fd0de5 3534 hci_dev_lock(hdev);
14a53664 3535
30dc78e1 3536 if (!hci_discovery_active(hdev)) {
bdb6d971 3537 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3538 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3539 sizeof(mgmt_cp->type));
d930650b
JH		 3540 goto unlock;
3541 }
3542
3543 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3544 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3545 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3546 sizeof(mgmt_cp->type));
30dc78e1 3547 goto unlock;
ff9ef578
JH		 3548 }
3549
2e58ef3e 3550 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3551 if (!cmd) {
3552 err = -ENOMEM;
30dc78e1
JH		 3553 goto unlock;
3554 }
3555
0e05bba6
AG		 3556 hci_req_init(&req, hdev);
3557
e0d9727e
AG		 3558 switch (hdev->discovery.state) {
3559 case DISCOVERY_FINDING:
0e05bba6
AG		 3560 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3561 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3562 } else {
3563 cancel_delayed_work(&hdev->le_scan_disable);
3564
3565 memset(&enable_cp, 0, sizeof(enable_cp));
3566 enable_cp.enable = LE_SCAN_DISABLE;
3567 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3568 sizeof(enable_cp), &enable_cp);
3569 }
c9ecc48e 3570
e0d9727e
AG		 3571 break;
3572
3573 case DISCOVERY_RESOLVING:
3574 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3575 NAME_PENDING);
e0d9727e 3576 if (!e) {
30dc78e1 3577 mgmt_pending_remove(cmd);
e0d9727e
AG		 3578 err = cmd_complete(sk, hdev->id,
3579 MGMT_OP_STOP_DISCOVERY, 0,
3580 &mgmt_cp->type,
3581 sizeof(mgmt_cp->type));
3582 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3583 goto unlock;
3584 }
30dc78e1 3585
e0d9727e 3586 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3587 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3588 &cp);
e0d9727e
AG		 3589
3590 break;
3591
3592 default:
3593 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3594
3595 mgmt_pending_remove(cmd);
3596 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3597 MGMT_STATUS_FAILED, &mgmt_cp->type,
3598 sizeof(mgmt_cp->type));
3599 goto unlock;
14a53664
JH		 3600 }
3601
0e05bba6 3602 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3603 if (err < 0)
3604 mgmt_pending_remove(cmd);
ff9ef578
JH		 3605 else
3606 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3607
30dc78e1 3608unlock:
09fd0de5 3609 hci_dev_unlock(hdev);
14a53664
JH		 3610 return err;
3611}
3612
bdb6d971 3613static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3614 u16 len)
561aafbc 3615{
650f726d 3616 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3617 struct inquiry_entry *e;
561aafbc
JH		 3618 int err;
3619
bdb6d971 3620 BT_DBG("%s", hdev->name);
561aafbc 3621
561aafbc
JH		 3622 hci_dev_lock(hdev);
3623
30dc78e1 3624 if (!hci_discovery_active(hdev)) {
bdb6d971 3625 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3626 MGMT_STATUS_FAILED);
30dc78e1
JH		 3627 goto failed;
3628 }
3629
a198e7b1 3630 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3631 if (!e) {
bdb6d971 3632 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3633 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3634 goto failed;
3635 }
3636
3637 if (cp->name_known) {
3638 e->name_state = NAME_KNOWN;
3639 list_del(&e->list);
3640 } else {
3641 e->name_state = NAME_NEEDED;
a3d4e20a 3642 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3643 }
3644
e384662b
JH		 3645 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3646 sizeof(cp->addr));
561aafbc
JH		 3647
3648failed:
3649 hci_dev_unlock(hdev);
561aafbc
JH		 3650 return err;
3651}
3652
bdb6d971 3653static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3654 u16 len)
7fbec224 3655{
650f726d 3656 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3657 u8 status;
7fbec224
AJ		 3658 int err;
3659
bdb6d971 3660 BT_DBG("%s", hdev->name);
7fbec224 3661
4ee71b20 3662 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3663 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3664 MGMT_STATUS_INVALID_PARAMS,
3665 &cp->addr, sizeof(cp->addr));
4ee71b20 3666
09fd0de5 3667 hci_dev_lock(hdev);
5e762444 3668
88c1fe4b 3669 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3670 if (err < 0)
f0eeea8b 3671 status = MGMT_STATUS_FAILED;
7fbec224 3672 else
a6785be2 3673 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3674
bdb6d971 3675 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3676 &cp->addr, sizeof(cp->addr));
5e762444 3677
09fd0de5 3678 hci_dev_unlock(hdev);
7fbec224
AJ		 3679
3680 return err;
3681}
3682
bdb6d971 3683static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3684 u16 len)
7fbec224 3685{
650f726d 3686 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3687 u8 status;
7fbec224
AJ		 3688 int err;
3689
bdb6d971 3690 BT_DBG("%s", hdev->name);
7fbec224 3691
4ee71b20 3692 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3693 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3694 MGMT_STATUS_INVALID_PARAMS,
3695 &cp->addr, sizeof(cp->addr));
4ee71b20 3696
09fd0de5 3697 hci_dev_lock(hdev);
5e762444 3698
88c1fe4b 3699 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3700 if (err < 0)
f0eeea8b 3701 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3702 else
a6785be2 3703 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3704
bdb6d971 3705 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3706 &cp->addr, sizeof(cp->addr));
5e762444 3707
09fd0de5 3708 hci_dev_unlock(hdev);
7fbec224
AJ		 3709
3710 return err;
3711}
3712
cdbaccca
MH		 3713static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3714 u16 len)
3715{
3716 struct mgmt_cp_set_device_id *cp = data;
890ea898 3717 struct hci_request req;
cdbaccca 3718 int err;
c72d4b8a 3719 __u16 source;
cdbaccca
MH		 3720
3721 BT_DBG("%s", hdev->name);
3722
c72d4b8a
SJ		 3723 source = __le16_to_cpu(cp->source);
3724
3725 if (source > 0x0002)
3726 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3727 MGMT_STATUS_INVALID_PARAMS);
3728
cdbaccca
MH		 3729 hci_dev_lock(hdev);
3730
c72d4b8a 3731 hdev->devid_source = source;
cdbaccca
MH		 3732 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3733 hdev->devid_product = __le16_to_cpu(cp->product);
3734 hdev->devid_version = __le16_to_cpu(cp->version);
3735
3736 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3737
890ea898
JH		 3738 hci_req_init(&req, hdev);
3739 update_eir(&req);
3740 hci_req_run(&req, NULL);
cdbaccca
MH		 3741
3742 hci_dev_unlock(hdev);
3743
3744 return err;
3745}
3746
4375f103
JH		 3747static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3748{
3749 struct cmd_lookup match = { NULL, hdev };
3750
3751 if (status) {
3752 u8 mgmt_err = mgmt_status(status);
3753
3754 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3755 cmd_status_rsp, &mgmt_err);
3756 return;
3757 }
3758
3759 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3760 &match);
3761
3762 new_settings(hdev, match.sk);
3763
3764 if (match.sk)
3765 sock_put(match.sk);
3766}
3767
21b5187f
MH		 3768static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3769 u16 len)
4375f103
JH		 3770{
3771 struct mgmt_mode *cp = data;
3772 struct pending_cmd *cmd;
3773 struct hci_request req;
e6fe7986 3774 u8 val, enabled, status;
4375f103
JH		 3775 int err;
3776
3777 BT_DBG("request for %s", hdev->name);
3778
e6fe7986
JH		 3779 status = mgmt_le_support(hdev);
3780 if (status)
4375f103 3781 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3782 status);
4375f103
JH		 3783
3784 if (cp->val != 0x00 && cp->val != 0x01)
3785 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3786 MGMT_STATUS_INVALID_PARAMS);
3787
3788 hci_dev_lock(hdev);
3789
3790 val = !!cp->val;
f3d3444a 3791 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3792
f74ca9b8
JH		 3793 /* The following conditions are ones which mean that we should
3794 * not do any HCI communication but directly send a mgmt
3795 * response to user space (after toggling the flag if
3796 * necessary).
3797 */
3798 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3799 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3800 bool changed = false;
3801
f3d3444a
JH		 3802 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3803 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3804 changed = true;
3805 }
3806
3807 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3808 if (err < 0)
3809 goto unlock;
3810
3811 if (changed)
3812 err = new_settings(hdev, sk);
3813
3814 goto unlock;
3815 }
3816
3817 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3818 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3819 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3820 MGMT_STATUS_BUSY);
3821 goto unlock;
3822 }
3823
3824 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3825 if (!cmd) {
3826 err = -ENOMEM;
3827 goto unlock;
3828 }
3829
3830 hci_req_init(&req, hdev);
3831
bba3aa55
MH		 3832 if (val)
3833 enable_advertising(&req);
3834 else
3835 disable_advertising(&req);
4375f103
JH		 3836
3837 err = hci_req_run(&req, set_advertising_complete);
3838 if (err < 0)
3839 mgmt_pending_remove(cmd);
3840
3841unlock:
3842 hci_dev_unlock(hdev);
3843 return err;
3844}
3845
d13eafce
MH		 3846static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3847 void *data, u16 len)
3848{
3849 struct mgmt_cp_set_static_address *cp = data;
3850 int err;
3851
3852 BT_DBG("%s", hdev->name);
3853
62af4443 3854 if (!lmp_le_capable(hdev))
d13eafce 3855 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3856 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3857
3858 if (hdev_is_powered(hdev))
3859 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3860 MGMT_STATUS_REJECTED);
3861
3862 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3863 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3864 return cmd_status(sk, hdev->id,
3865 MGMT_OP_SET_STATIC_ADDRESS,
3866 MGMT_STATUS_INVALID_PARAMS);
3867
3868 /* Two most significant bits shall be set */
3869 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3870 return cmd_status(sk, hdev->id,
3871 MGMT_OP_SET_STATIC_ADDRESS,
3872 MGMT_STATUS_INVALID_PARAMS);
3873 }
3874
3875 hci_dev_lock(hdev);
3876
3877 bacpy(&hdev->static_addr, &cp->bdaddr);
3878
3879 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3880
3881 hci_dev_unlock(hdev);
3882
3883 return err;
3884}
3885
14b49b9a
MH		 3886static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3887 void *data, u16 len)
3888{
3889 struct mgmt_cp_set_scan_params *cp = data;
3890 __u16 interval, window;
3891 int err;
3892
3893 BT_DBG("%s", hdev->name);
3894
3895 if (!lmp_le_capable(hdev))
3896 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3897 MGMT_STATUS_NOT_SUPPORTED);
3898
3899 interval = __le16_to_cpu(cp->interval);
3900
3901 if (interval < 0x0004 || interval > 0x4000)
3902 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3903 MGMT_STATUS_INVALID_PARAMS);
3904
3905 window = __le16_to_cpu(cp->window);
3906
3907 if (window < 0x0004 || window > 0x4000)
3908 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3909 MGMT_STATUS_INVALID_PARAMS);
3910
899e1075
MH		 3911 if (window > interval)
3912 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3913 MGMT_STATUS_INVALID_PARAMS);
3914
14b49b9a
MH		 3915 hci_dev_lock(hdev);
3916
3917 hdev->le_scan_interval = interval;
3918 hdev->le_scan_window = window;
3919
3920 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3921
3922 hci_dev_unlock(hdev);
3923
3924 return err;
3925}
3926
33e38b3e
JH		 3927static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3928{
3929 struct pending_cmd *cmd;
3930
3931 BT_DBG("status 0x%02x", status);
3932
3933 hci_dev_lock(hdev);
3934
3935 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3936 if (!cmd)
3937 goto unlock;
3938
3939 if (status) {
3940 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3941 mgmt_status(status));
3942 } else {
1a4d3c4b
JH		 3943 struct mgmt_mode *cp = cmd->param;
3944
3945 if (cp->val)
3946 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3947 else
3948 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3949
33e38b3e
JH		 3950 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3951 new_settings(hdev, cmd->sk);
3952 }
3953
3954 mgmt_pending_remove(cmd);
3955
3956unlock:
3957 hci_dev_unlock(hdev);
3958}
3959
bdb6d971 3960static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3961 void *data, u16 len)
f6422ec6 3962{
650f726d 3963 struct mgmt_mode *cp = data;
33e38b3e
JH		 3964 struct pending_cmd *cmd;
3965 struct hci_request req;
f6422ec6
AJ		 3966 int err;
3967
bdb6d971 3968 BT_DBG("%s", hdev->name);
f6422ec6 3969
56f87901
JH		 3970 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3971 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3972 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3973 MGMT_STATUS_NOT_SUPPORTED);
3974
a7e80f25
JH		 3975 if (cp->val != 0x00 && cp->val != 0x01)
3976 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3977 MGMT_STATUS_INVALID_PARAMS);
3978
5400c044 3979 if (!hdev_is_powered(hdev))
bdb6d971 3980 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3981 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3982
3983 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3984 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3985 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3986
3987 hci_dev_lock(hdev);
3988
05cbf29f
JH		 3989 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3990 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3991 MGMT_STATUS_BUSY);
3992 goto unlock;
3993 }
3994
1a4d3c4b
JH		 3995 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3996 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3997 hdev);
3998 goto unlock;
3999 }
4000
33e38b3e
JH		 4001 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4002 data, len);
4003 if (!cmd) {
4004 err = -ENOMEM;
4005 goto unlock;
f6422ec6
AJ		 4006 }
4007
33e38b3e
JH		 4008 hci_req_init(&req, hdev);
4009
406d7804 4010 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4011
4012 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4013 if (err < 0) {
bdb6d971 4014 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4015 MGMT_STATUS_FAILED);
33e38b3e 4016 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4017 }
4018
33e38b3e 4019unlock:
f6422ec6 4020 hci_dev_unlock(hdev);
33e38b3e 4021
f6422ec6
AJ		 4022 return err;
4023}
4024
67e5a7a3
JH		 4025static void set_bredr_scan(struct hci_request *req)
4026{
4027 struct hci_dev *hdev = req->hdev;
4028 u8 scan = 0;
4029
4030 /* Ensure that fast connectable is disabled. This function will
4031 * not do anything if the page scan parameters are already what
4032 * they should be.
4033 */
4034 write_fast_connectable(req, false);
4035
4036 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4037 scan |= SCAN_PAGE;
4038 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4039 scan |= SCAN_INQUIRY;
4040
4041 if (scan)
4042 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4043}
4044
0663ca2a
JH		 4045static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4046{
4047 struct pending_cmd *cmd;
4048
4049 BT_DBG("status 0x%02x", status);
4050
4051 hci_dev_lock(hdev);
4052
4053 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4054 if (!cmd)
4055 goto unlock;
4056
4057 if (status) {
4058 u8 mgmt_err = mgmt_status(status);
4059
4060 /* We need to restore the flag if related HCI commands
4061 * failed.
4062 */
4063 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4064
4065 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4066 } else {
4067 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4068 new_settings(hdev, cmd->sk);
4069 }
4070
4071 mgmt_pending_remove(cmd);
4072
4073unlock:
4074 hci_dev_unlock(hdev);
4075}
4076
4077static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4078{
4079 struct mgmt_mode *cp = data;
4080 struct pending_cmd *cmd;
4081 struct hci_request req;
4082 int err;
4083
4084 BT_DBG("request for %s", hdev->name);
4085
4086 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4087 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4088 MGMT_STATUS_NOT_SUPPORTED);
4089
4090 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4091 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4092 MGMT_STATUS_REJECTED);
4093
4094 if (cp->val != 0x00 && cp->val != 0x01)
4095 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4096 MGMT_STATUS_INVALID_PARAMS);
4097
4098 hci_dev_lock(hdev);
4099
4100 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4101 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4102 goto unlock;
4103 }
4104
4105 if (!hdev_is_powered(hdev)) {
4106 if (!cp->val) {
0663ca2a
JH		 4107 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4108 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4109 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4110 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4111 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4112 }
4113
4114 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4115
4116 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4117 if (err < 0)
4118 goto unlock;
4119
4120 err = new_settings(hdev, sk);
4121 goto unlock;
4122 }
4123
4124 /* Reject disabling when powered on */
4125 if (!cp->val) {
4126 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4127 MGMT_STATUS_REJECTED);
4128 goto unlock;
4129 }
4130
4131 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4132 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4133 MGMT_STATUS_BUSY);
4134 goto unlock;
4135 }
4136
4137 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4138 if (!cmd) {
4139 err = -ENOMEM;
4140 goto unlock;
4141 }
4142
5947f4bc 4143 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4144 * generates the correct flags.
4145 */
4146 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4147
4148 hci_req_init(&req, hdev);
aa8af46e
JH		 4149
4150 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4151 set_bredr_scan(&req);
4152
f14d8f64
MH		 4153 /* Since only the advertising data flags will change, there
4154 * is no need to update the scan response data.
4155 */
5947f4bc 4156 update_adv_data(&req);
aa8af46e 4157
0663ca2a
JH		 4158 err = hci_req_run(&req, set_bredr_complete);
4159 if (err < 0)
4160 mgmt_pending_remove(cmd);
4161
4162unlock:
4163 hci_dev_unlock(hdev);
4164 return err;
4165}
4166
eac83dc6
MH		 4167static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4168 void *data, u16 len)
4169{
4170 struct mgmt_mode *cp = data;
4171 struct pending_cmd *cmd;
0ab04a9c 4172 u8 val, status;
eac83dc6
MH		 4173 int err;
4174
4175 BT_DBG("request for %s", hdev->name);
4176
4177 status = mgmt_bredr_support(hdev);
4178 if (status)
4179 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4180 status);
4181
5afeac14
MH		 4182 if (!lmp_sc_capable(hdev) &&
4183 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
eac83dc6
MH		 4184 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4185 MGMT_STATUS_NOT_SUPPORTED);
4186
0ab04a9c 4187 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4188 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4189 MGMT_STATUS_INVALID_PARAMS);
4190
4191 hci_dev_lock(hdev);
4192
4193 if (!hdev_is_powered(hdev)) {
4194 bool changed;
4195
0ab04a9c 4196 if (cp->val) {
eac83dc6
MH		 4197 changed = !test_and_set_bit(HCI_SC_ENABLED,
4198 &hdev->dev_flags);
0ab04a9c
MH		 4199 if (cp->val == 0x02)
4200 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4201 else
4202 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4203 } else {
eac83dc6
MH		 4204 changed = test_and_clear_bit(HCI_SC_ENABLED,
4205 &hdev->dev_flags);
0ab04a9c
MH		 4206 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4207 }
eac83dc6
MH		 4208
4209 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4210 if (err < 0)
4211 goto failed;
4212
4213 if (changed)
4214 err = new_settings(hdev, sk);
4215
4216 goto failed;
4217 }
4218
4219 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4220 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4221 MGMT_STATUS_BUSY);
4222 goto failed;
4223 }
4224
0ab04a9c
MH		 4225 val = !!cp->val;
4226
4227 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4228 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4229 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4230 goto failed;
4231 }
4232
4233 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4234 if (!cmd) {
4235 err = -ENOMEM;
4236 goto failed;
4237 }
4238
0ab04a9c 4239 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4240 if (err < 0) {
4241 mgmt_pending_remove(cmd);
4242 goto failed;
4243 }
4244
0ab04a9c
MH		 4245 if (cp->val == 0x02)
4246 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4247 else
4248 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4249
eac83dc6
MH		 4250failed:
4251 hci_dev_unlock(hdev);
4252 return err;
4253}
4254
4e39ac81
MH		 4255static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4256 void *data, u16 len)
4257{
4258 struct mgmt_mode *cp = data;
4259 bool changed;
4260 int err;
4261
4262 BT_DBG("request for %s", hdev->name);
4263
4264 if (cp->val != 0x00 && cp->val != 0x01)
4265 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4266 MGMT_STATUS_INVALID_PARAMS);
4267
4268 hci_dev_lock(hdev);
4269
4270 if (cp->val)
4271 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4272 else
4273 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4274
4275 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4276 if (err < 0)
4277 goto unlock;
4278
4279 if (changed)
4280 err = new_settings(hdev, sk);
4281
4282unlock:
4283 hci_dev_unlock(hdev);
4284 return err;
4285}
4286
62b04cd1
JH		 4287static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4288 u16 len)
4289{
4290 struct mgmt_cp_set_privacy *cp = cp_data;
4291 bool changed;
4292 int err;
4293
4294 BT_DBG("request for %s", hdev->name);
4295
4296 if (!lmp_le_capable(hdev))
4297 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4298 MGMT_STATUS_NOT_SUPPORTED);
4299
4300 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4301 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4302 MGMT_STATUS_INVALID_PARAMS);
4303
4304 if (hdev_is_powered(hdev))
4305 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4306 MGMT_STATUS_REJECTED);
4307
4308 hci_dev_lock(hdev);
4309
c21c0ea0
JH		 4310 /* If user space supports this command it is also expected to
4311 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4312 */
4313 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4314
62b04cd1
JH		 4315 if (cp->privacy) {
4316 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4317 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4318 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4319 } else {
4320 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4321 memset(hdev->irk, 0, sizeof(hdev->irk));
4322 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4323 }
4324
4325 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4326 if (err < 0)
4327 goto unlock;
4328
4329 if (changed)
4330 err = new_settings(hdev, sk);
4331
4332unlock:
4333 hci_dev_unlock(hdev);
4334 return err;
4335}
4336
41edf160
JH		 4337static bool irk_is_valid(struct mgmt_irk_info *irk)
4338{
4339 switch (irk->addr.type) {
4340 case BDADDR_LE_PUBLIC:
4341 return true;
4342
4343 case BDADDR_LE_RANDOM:
4344 /* Two most significant bits shall be set */
4345 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4346 return false;
4347 return true;
4348 }
4349
4350 return false;
4351}
4352
4353static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4354 u16 len)
4355{
4356 struct mgmt_cp_load_irks *cp = cp_data;
4357 u16 irk_count, expected_len;
4358 int i, err;
4359
4360 BT_DBG("request for %s", hdev->name);
4361
4362 if (!lmp_le_capable(hdev))
4363 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4364 MGMT_STATUS_NOT_SUPPORTED);
4365
4366 irk_count = __le16_to_cpu(cp->irk_count);
4367
4368 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4369 if (expected_len != len) {
4370 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4371 len, expected_len);
4372 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4373 MGMT_STATUS_INVALID_PARAMS);
4374 }
4375
4376 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4377
4378 for (i = 0; i < irk_count; i++) {
4379 struct mgmt_irk_info *key = &cp->irks[i];
4380
4381 if (!irk_is_valid(key))
4382 return cmd_status(sk, hdev->id,
4383 MGMT_OP_LOAD_IRKS,
4384 MGMT_STATUS_INVALID_PARAMS);
4385 }
4386
4387 hci_dev_lock(hdev);
4388
4389 hci_smp_irks_clear(hdev);
4390
4391 for (i = 0; i < irk_count; i++) {
4392 struct mgmt_irk_info *irk = &cp->irks[i];
4393 u8 addr_type;
4394
4395 if (irk->addr.type == BDADDR_LE_PUBLIC)
4396 addr_type = ADDR_LE_DEV_PUBLIC;
4397 else
4398 addr_type = ADDR_LE_DEV_RANDOM;
4399
4400 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4401 BDADDR_ANY);
4402 }
4403
4404 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4405
4406 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4407
4408 hci_dev_unlock(hdev);
4409
4410 return err;
4411}
4412
3f706b72
JH		 4413static bool ltk_is_valid(struct mgmt_ltk_info *key)
4414{
4415 if (key->master != 0x00 && key->master != 0x01)
4416 return false;
490cb0b3
MH		 4417
4418 switch (key->addr.type) {
4419 case BDADDR_LE_PUBLIC:
4420 return true;
4421
4422 case BDADDR_LE_RANDOM:
4423 /* Two most significant bits shall be set */
4424 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4425 return false;
4426 return true;
4427 }
4428
4429 return false;
3f706b72
JH		 4430}
4431
bdb6d971 4432static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4433 void *cp_data, u16 len)
346af67b 4434{
346af67b
VCG		 4435 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4436 u16 key_count, expected_len;
715a5bf2 4437 int i, err;
346af67b 4438
cf99ba13
MH		 4439 BT_DBG("request for %s", hdev->name);
4440
4441 if (!lmp_le_capable(hdev))
4442 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4443 MGMT_STATUS_NOT_SUPPORTED);
4444
1f350c87 4445 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4446
4447 expected_len = sizeof(*cp) + key_count *
4448 sizeof(struct mgmt_ltk_info);
4449 if (expected_len != len) {
4450 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 4451 len, expected_len);
bdb6d971 4452 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4453 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4454 }
4455
bdb6d971 4456 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4457
54ad6d8a
JH		 4458 for (i = 0; i < key_count; i++) {
4459 struct mgmt_ltk_info *key = &cp->keys[i];
4460
3f706b72 4461 if (!ltk_is_valid(key))
54ad6d8a
JH		 4462 return cmd_status(sk, hdev->id,
4463 MGMT_OP_LOAD_LONG_TERM_KEYS,
4464 MGMT_STATUS_INVALID_PARAMS);
4465 }
4466
346af67b
VCG		 4467 hci_dev_lock(hdev);
4468
4469 hci_smp_ltks_clear(hdev);
4470
4471 for (i = 0; i < key_count; i++) {
4472 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 4473 u8 type, addr_type;
4474
4475 if (key->addr.type == BDADDR_LE_PUBLIC)
4476 addr_type = ADDR_LE_DEV_PUBLIC;
4477 else
4478 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4479
4480 if (key->master)
4481 type = HCI_SMP_LTK;
4482 else
4483 type = HCI_SMP_LTK_SLAVE;
4484
35d70271
JH		 4485 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4486 key->type, key->val, key->enc_size, key->ediv,
4487 key->rand);
346af67b
VCG		 4488 }
4489
715a5bf2
JH		 4490 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4491 NULL, 0);
4492
346af67b 4493 hci_dev_unlock(hdev);
346af67b 4494
715a5bf2 4495 return err;
346af67b
VCG		 4496}
4497
2e3c35ea 4498static const struct mgmt_handler {
04124681
GP		 4499 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4500 u16 data_len);
be22b54e
JH		 4501 bool var_len;
4502 size_t data_len;
0f4e68cf
JH		 4503} mgmt_handlers[] = {
4504 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4505 { read_version, false, MGMT_READ_VERSION_SIZE },
4506 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4507 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4508 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4509 { set_powered, false, MGMT_SETTING_SIZE },
4510 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4511 { set_connectable, false, MGMT_SETTING_SIZE },
4512 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4513 { set_pairable, false, MGMT_SETTING_SIZE },
4514 { set_link_security, false, MGMT_SETTING_SIZE },
4515 { set_ssp, false, MGMT_SETTING_SIZE },
4516 { set_hs, false, MGMT_SETTING_SIZE },
4517 { set_le, false, MGMT_SETTING_SIZE },
4518 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4519 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4520 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4521 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4522 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4523 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4524 { disconnect, false, MGMT_DISCONNECT_SIZE },
4525 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4526 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4527 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4528 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4529 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4530 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4531 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4532 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4533 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4534 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4535 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4536 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 4537 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 4538 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4539 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4540 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4541 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4542 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4543 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4544 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4545 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4546 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4547 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4548 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 4549 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 4550 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 4551 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 4552 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
0f4e68cf
JH		 4553};
4554
4555
0381101f
JH		 4556int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4557{
650f726d
VCG		 4558 void *buf;
4559 u8 *cp;
0381101f 4560 struct mgmt_hdr *hdr;
4e51eae9 4561 u16 opcode, index, len;
bdb6d971 4562 struct hci_dev *hdev = NULL;
2e3c35ea 4563 const struct mgmt_handler *handler;
0381101f
JH		 4564 int err;
4565
4566 BT_DBG("got %zu bytes", msglen);
4567
4568 if (msglen < sizeof(*hdr))
4569 return -EINVAL;
4570
e63a15ec 4571 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4572 if (!buf)
4573 return -ENOMEM;
4574
4575 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4576 err = -EFAULT;
4577 goto done;
4578 }
4579
650f726d 4580 hdr = buf;
1f350c87
MH		 4581 opcode = __le16_to_cpu(hdr->opcode);
4582 index = __le16_to_cpu(hdr->index);
4583 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4584
4585 if (len != msglen - sizeof(*hdr)) {
4586 err = -EINVAL;
4587 goto done;
4588 }
4589
0f4e68cf 4590 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4591 hdev = hci_dev_get(index);
4592 if (!hdev) {
4593 err = cmd_status(sk, index, opcode,
04124681 4594 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4595 goto done;
4596 }
0736cfa8 4597
cebf4cfd
JH		 4598 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4599 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4600 err = cmd_status(sk, index, opcode,
4601 MGMT_STATUS_INVALID_INDEX);
4602 goto done;
4603 }
bdb6d971
JH		 4604 }
4605
0f4e68cf 4606 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4607 mgmt_handlers[opcode].func == NULL) {
0381101f 4608 BT_DBG("Unknown op %u", opcode);
ca69b795 4609 err = cmd_status(sk, index, opcode,
04124681 4610 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4611 goto done;
4612 }
4613
4614 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4615 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4616 err = cmd_status(sk, index, opcode,
04124681 4617 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4618 goto done;
0381101f
JH		 4619 }
4620
be22b54e
JH		 4621 handler = &mgmt_handlers[opcode];
4622
4623 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4624 (!handler->var_len && len != handler->data_len)) {
be22b54e 4625 err = cmd_status(sk, index, opcode,
04124681 4626 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4627 goto done;
4628 }
4629
0f4e68cf
JH		 4630 if (hdev)
4631 mgmt_init_hdev(sk, hdev);
4632
4633 cp = buf + sizeof(*hdr);
4634
be22b54e 4635 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4636 if (err < 0)
4637 goto done;
4638
0381101f
JH		 4639 err = msglen;
4640
4641done:
bdb6d971
JH		 4642 if (hdev)
4643 hci_dev_put(hdev);
4644
0381101f
JH		 4645 kfree(buf);
4646 return err;
4647}
c71e97bf 4648
bf6b56db 4649void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4650{
1514b892 4651 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4652 return;
bb4b2a9a 4653
bf6b56db 4654 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4655}
4656
bf6b56db 4657void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4658{
5f159032 4659 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4660
1514b892 4661 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4662 return;
bb4b2a9a 4663
744cf19e 4664 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4665
bf6b56db 4666 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4667}
4668
229ab39c
JH		 4669static void powered_complete(struct hci_dev *hdev, u8 status)
4670{
4671 struct cmd_lookup match = { NULL, hdev };
4672
4673 BT_DBG("status 0x%02x", status);
4674
4675 hci_dev_lock(hdev);
4676
4677 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4678
4679 new_settings(hdev, match.sk);
4680
4681 hci_dev_unlock(hdev);
4682
4683 if (match.sk)
4684 sock_put(match.sk);
4685}
4686
70da6243 4687static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4688{
890ea898 4689 struct hci_request req;
70da6243 4690 u8 link_sec;
5add6af8 4691
890ea898
JH		 4692 hci_req_init(&req, hdev);
4693
70da6243
JH		 4694 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4695 !lmp_host_ssp_capable(hdev)) {
4696 u8 ssp = 1;
5e5282bb 4697
890ea898 4698 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4699 }
5add6af8 4700
c73eee91
JH		 4701 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4702 lmp_bredr_capable(hdev)) {
70da6243 4703 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4704
70da6243
JH		 4705 cp.le = 1;
4706 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4707
70da6243
JH		 4708 /* Check first if we already have the right
4709 * host state (host features set)
4710 */
4711 if (cp.le != lmp_host_le_capable(hdev) ||
4712 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4713 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4714 sizeof(cp), &cp);
70da6243 4715 }
3d1cbdd6 4716
d13eafce 4717 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 4718 /* Make sure the controller has a good default for
4719 * advertising data. This also applies to the case
4720 * where BR/EDR was toggled during the AUTO_OFF phase.
4721 */
f14d8f64 4722 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 4723 update_adv_data(&req);
f14d8f64
MH		 4724 update_scan_rsp_data(&req);
4725 }
441ad2d0 4726
bba3aa55
MH		 4727 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4728 enable_advertising(&req);
eeca6f89
JH		 4729 }
4730
70da6243
JH		 4731 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4732 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4733 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4734 sizeof(link_sec), &link_sec);
562fcc24 4735
70da6243 4736 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4737 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4738 set_bredr_scan(&req);
890ea898 4739 update_class(&req);
13928971 4740 update_name(&req);
890ea898 4741 update_eir(&req);
70da6243 4742 }
562fcc24 4743
229ab39c 4744 return hci_req_run(&req, powered_complete);
70da6243 4745}
562fcc24 4746
70da6243
JH		 4747int mgmt_powered(struct hci_dev *hdev, u8 powered)
4748{
4749 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4750 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4751 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4752 int err;
f0ff92fb 4753
70da6243
JH		 4754 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4755 return 0;
4756
70da6243 4757 if (powered) {
229ab39c
JH		 4758 if (powered_update_hci(hdev) == 0)
4759 return 0;
fe038884 4760
229ab39c
JH		 4761 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4762 &match);
4763 goto new_settings;
b24752fe
JH		 4764 }
4765
229ab39c
JH		 4766 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4767 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4768
4769 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4770 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4771 zero_cod, sizeof(zero_cod), NULL);
4772
4773new_settings:
beadb2bd 4774 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4775
4776 if (match.sk)
4777 sock_put(match.sk);
4778
7bb895d6 4779 return err;
5add6af8 4780}
73f22f62 4781
3eec705e 4782void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4783{
4784 struct pending_cmd *cmd;
4785 u8 status;
4786
4787 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4788 if (!cmd)
3eec705e 4789 return;
96570ffc
JH		 4790
4791 if (err == -ERFKILL)
4792 status = MGMT_STATUS_RFKILLED;
4793 else
4794 status = MGMT_STATUS_FAILED;
4795
3eec705e 4796 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4797
4798 mgmt_pending_remove(cmd);
96570ffc
JH		 4799}
4800
d1967ff8
MH		 4801void mgmt_discoverable_timeout(struct hci_dev *hdev)
4802{
4803 struct hci_request req;
d1967ff8
MH		 4804
4805 hci_dev_lock(hdev);
4806
4807 /* When discoverable timeout triggers, then just make sure
4808 * the limited discoverable flag is cleared. Even in the case
4809 * of a timeout triggered from general discoverable, it is
4810 * safe to unconditionally clear the flag.
4811 */
4812 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 4813 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 4814
4815 hci_req_init(&req, hdev);
4b580614
JH		 4816 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4817 u8 scan = SCAN_PAGE;
4818 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4819 sizeof(scan), &scan);
4820 }
d1967ff8 4821 update_class(&req);
9a43e25f 4822 update_adv_data(&req);
d1967ff8
MH		 4823 hci_req_run(&req, NULL);
4824
4825 hdev->discov_timeout = 0;
4826
9a43e25f
JH		 4827 new_settings(hdev, NULL);
4828
d1967ff8
MH		 4829 hci_dev_unlock(hdev);
4830}
4831
86a75645 4832void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4833{
86a75645 4834 bool changed;
73f22f62 4835
bfaf8c9f
JH		 4836 /* Nothing needed here if there's a pending command since that
4837 * commands request completion callback takes care of everything
4838 * necessary.
4839 */
4840 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 4841 return;
bfaf8c9f 4842
bd107999
JH		 4843 /* Powering off may clear the scan mode - don't let that interfere */
4844 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4845 return;
4846
9a43e25f 4847 if (discoverable) {
86a75645 4848 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4849 } else {
4850 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 4851 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4852 }
4853
4854 if (changed) {
4855 struct hci_request req;
4856
4857 /* In case this change in discoverable was triggered by
4858 * a disabling of connectable there could be a need to
4859 * update the advertising flags.
4860 */
4861 hci_req_init(&req, hdev);
4862 update_adv_data(&req);
4863 hci_req_run(&req, NULL);
73f22f62 4864
86a75645 4865 new_settings(hdev, NULL);
9a43e25f 4866 }
73f22f62 4867}
9fbcbb45 4868
a330916c 4869void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4870{
a330916c 4871 bool changed;
9fbcbb45 4872
d7b856f9
JH		 4873 /* Nothing needed here if there's a pending command since that
4874 * commands request completion callback takes care of everything
4875 * necessary.
4876 */
4877 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 4878 return;
d7b856f9 4879
ce3f24cf
JH		 4880 /* Powering off may clear the scan mode - don't let that interfere */
4881 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4882 return;
4883
a330916c
MH		 4884 if (connectable)
4885 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4886 else
4887 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 4888
beadb2bd 4889 if (changed)
a330916c 4890 new_settings(hdev, NULL);
9fbcbb45 4891}
55ed8ca1 4892
778b235a
JH		 4893void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
4894{
7c4cfab8
JH		 4895 /* Powering off may stop advertising - don't let that interfere */
4896 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4897 return;
4898
778b235a
JH		 4899 if (advertising)
4900 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4901 else
4902 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4903}
4904
4796e8af 4905void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4906{
ca69b795
JH		 4907 u8 mgmt_err = mgmt_status(status);
4908
2d7cee58 4909 if (scan & SCAN_PAGE)
744cf19e 4910 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4911 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4912
4913 if (scan & SCAN_INQUIRY)
744cf19e 4914 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4915 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4916}
4917
dc4a5ee2
MH		 4918void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4919 bool persistent)
55ed8ca1 4920{
86742e1e 4921 struct mgmt_ev_new_link_key ev;
55ed8ca1 4922
a492cd52 4923 memset(&ev, 0, sizeof(ev));
55ed8ca1 4924
a492cd52 4925 ev.store_hint = persistent;
d753fdc4 4926 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4927 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4928 ev.key.type = key->type;
9b3b4460 4929 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4930 ev.key.pin_len = key->pin_len;
55ed8ca1 4931
dc4a5ee2 4932 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4933}
f7520543 4934
ba74b666 4935void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key)
346af67b
VCG		 4936{
4937 struct mgmt_ev_new_long_term_key ev;
4938
4939 memset(&ev, 0, sizeof(ev));
4940
5192d301
MH		 4941 /* Devices using resolvable or non-resolvable random addresses
4942 * without providing an indentity resolving key don't require
4943 * to store long term keys. Their addresses will change the
4944 * next time around.
4945 *
4946 * Only when a remote device provides an identity address
4947 * make sure the long term key is stored. If the remote
4948 * identity is known, the long term keys are internally
4949 * mapped to the identity address. So allow static random
4950 * and public addresses here.
4951 */
ba74b666
JH		 4952 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
4953 (key->bdaddr.b[5] & 0xc0) != 0xc0)
4954 ev.store_hint = 0x00;
4955 else
4956 ev.store_hint = 0x01;
4957
346af67b 4958 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4959 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d40f3eef 4960 ev.key.type = key->authenticated;
346af67b
VCG		 4961 ev.key.enc_size = key->enc_size;
4962 ev.key.ediv = key->ediv;
4963
4964 if (key->type == HCI_SMP_LTK)
4965 ev.key.master = 1;
4966
4967 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4968 memcpy(ev.key.val, key->val, sizeof(key->val));
4969
083368f7 4970 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 4971}
4972
95fbac8a
JH		 4973void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
4974{
4975 struct mgmt_ev_new_irk ev;
4976
4977 memset(&ev, 0, sizeof(ev));
4978
bab6d1e5
MH		 4979 /* For identity resolving keys from devices that are already
4980 * using a public address or static random address, do not
4981 * ask for storing this key. The identity resolving key really
4982 * is only mandatory for devices using resovlable random
4983 * addresses.
4984 *
4985 * Storing all identity resolving keys has the downside that
4986 * they will be also loaded on next boot of they system. More
4987 * identity resolving keys, means more time during scanning is
4988 * needed to actually resolve these addresses.
4989 */
4990 if (bacmp(&irk->rpa, BDADDR_ANY))
4991 ev.store_hint = 0x01;
4992 else
4993 ev.store_hint = 0x00;
4994
95fbac8a
JH		 4995 bacpy(&ev.rpa, &irk->rpa);
4996 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
4997 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
4998 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
4999
5000 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5001}
5002
94933991
MH		 5003static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5004 u8 data_len)
5005{
5006 eir[eir_len++] = sizeof(type) + data_len;
5007 eir[eir_len++] = type;
5008 memcpy(&eir[eir_len], data, data_len);
5009 eir_len += data_len;
5010
5011 return eir_len;
5012}
5013
ecd90ae7
MH		 5014void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5015 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5016 u8 *dev_class)
f7520543 5017{
b644ba33
JH		 5018 char buf[512];
5019 struct mgmt_ev_device_connected *ev = (void *) buf;
5020 u16 eir_len = 0;
f7520543 5021
b644ba33 5022 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5023 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 5024
c95f0ba7 5025 ev->flags = __cpu_to_le32(flags);
08c79b61 5026
b644ba33
JH		 5027 if (name_len > 0)
5028 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 5029 name, name_len);
b644ba33
JH		 5030
5031 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 5032 eir_len = eir_append_data(ev->eir, eir_len,
04124681 5033 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 5034
eb55ef07 5035 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 5036
ecd90ae7
MH		 5037 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5038 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 5039}
5040
8962ee74
JH		 5041static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5042{
c68fb7ff 5043 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 5044 struct sock **sk = data;
a38528f1 5045 struct mgmt_rp_disconnect rp;
8962ee74 5046
88c3df13
JH		 5047 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5048 rp.addr.type = cp->addr.type;
8962ee74 5049
aee9b218 5050 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 5051 sizeof(rp));
8962ee74
JH		 5052
5053 *sk = cmd->sk;
5054 sock_hold(*sk);
5055
a664b5bc 5056 mgmt_pending_remove(cmd);
8962ee74
JH		 5057}
5058
124f6e35 5059static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 5060{
b1078ad0 5061 struct hci_dev *hdev = data;
124f6e35
JH		 5062 struct mgmt_cp_unpair_device *cp = cmd->param;
5063 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 5064
5065 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 5066 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5067 rp.addr.type = cp->addr.type;
a8a1d19e 5068
b1078ad0
JH		 5069 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5070
aee9b218 5071 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 5072
5073 mgmt_pending_remove(cmd);
5074}
5075
9b80ec5e 5076void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 5077 u8 link_type, u8 addr_type, u8 reason,
5078 bool mgmt_connected)
f7520543 5079{
f0d6a0ea 5080 struct mgmt_ev_device_disconnected ev;
8b064a3a 5081 struct pending_cmd *power_off;
8962ee74 5082 struct sock *sk = NULL;
8962ee74 5083
8b064a3a
JH		 5084 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5085 if (power_off) {
5086 struct mgmt_mode *cp = power_off->param;
5087
5088 /* The connection is still in hci_conn_hash so test for 1
5089 * instead of 0 to know if this is the last one.
5090 */
5091 if (!cp->val && hci_conn_count(hdev) == 1)
5092 queue_work(hdev->req_workqueue, &hdev->power_off.work);
5093 }
5094
12d4a3b2
JH		 5095 if (!mgmt_connected)
5096 return;
5097
57eb776f
AG		 5098 if (link_type != ACL_LINK && link_type != LE_LINK)
5099 return;
5100
744cf19e 5101 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5102
f0d6a0ea
MA		 5103 bacpy(&ev.addr.bdaddr, bdaddr);
5104 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5105 ev.reason = reason;
f7520543 5106
9b80ec5e 5107 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5108
5109 if (sk)
d97dcb66 5110 sock_put(sk);
8962ee74 5111
124f6e35 5112 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5113 hdev);
8962ee74
JH		 5114}
5115
7892924c
MH		 5116void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5117 u8 link_type, u8 addr_type, u8 status)
8962ee74 5118{
3655bba8
AG		 5119 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5120 struct mgmt_cp_disconnect *cp;
88c3df13 5121 struct mgmt_rp_disconnect rp;
8962ee74 5122 struct pending_cmd *cmd;
8962ee74 5123
36a75f1b
JD		 5124 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5125 hdev);
5126
2e58ef3e 5127 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5128 if (!cmd)
7892924c 5129 return;
8962ee74 5130
3655bba8
AG		 5131 cp = cmd->param;
5132
5133 if (bacmp(bdaddr, &cp->addr.bdaddr))
5134 return;
5135
5136 if (cp->addr.type != bdaddr_type)
5137 return;
5138
88c3df13 5139 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5140 rp.addr.type = bdaddr_type;
37d9ef76 5141
7892924c
MH		 5142 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5143 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5144
a664b5bc 5145 mgmt_pending_remove(cmd);
f7520543 5146}
17d5c04c 5147
445608d0
MH		 5148void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5149 u8 addr_type, u8 status)
17d5c04c
JH		 5150{
5151 struct mgmt_ev_connect_failed ev;
5152
4c659c39 5153 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5154 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5155 ev.status = mgmt_status(status);
17d5c04c 5156
445608d0 5157 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5158}
980e1a53 5159
ce0e4a0d 5160void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 5161{
5162 struct mgmt_ev_pin_code_request ev;
5163
d8457698 5164 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 5165 ev.addr.type = BDADDR_BREDR;
a770bb5a 5166 ev.secure = secure;
980e1a53 5167
ce0e4a0d 5168 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 5169}
5170
e669cf80
MH		 5171void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5172 u8 status)
980e1a53
JH		 5173{
5174 struct pending_cmd *cmd;
ac56fb13 5175 struct mgmt_rp_pin_code_reply rp;
980e1a53 5176
2e58ef3e 5177 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 5178 if (!cmd)
e669cf80 5179 return;
980e1a53 5180
d8457698 5181 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5182 rp.addr.type = BDADDR_BREDR;
ac56fb13 5183
e669cf80
MH		 5184 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5185 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5186
a664b5bc 5187 mgmt_pending_remove(cmd);
980e1a53
JH		 5188}
5189
3eb38528
MH		 5190void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5191 u8 status)
980e1a53
JH		 5192{
5193 struct pending_cmd *cmd;
ac56fb13 5194 struct mgmt_rp_pin_code_reply rp;
980e1a53 5195
2e58ef3e 5196 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 5197 if (!cmd)
3eb38528 5198 return;
980e1a53 5199
d8457698 5200 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5201 rp.addr.type = BDADDR_BREDR;
ac56fb13 5202
3eb38528
MH		 5203 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5204 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5205
a664b5bc 5206 mgmt_pending_remove(cmd);
980e1a53 5207}
a5c29683 5208
744cf19e 5209int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 5210 u8 link_type, u8 addr_type, __le32 value,
5211 u8 confirm_hint)
a5c29683
JH		 5212{
5213 struct mgmt_ev_user_confirm_request ev;
5214
744cf19e 5215 BT_DBG("%s", hdev->name);
a5c29683 5216
272d90df 5217 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5218 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 5219 ev.confirm_hint = confirm_hint;
78e8098e 5220 ev.value = value;
a5c29683 5221
744cf19e 5222 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 5223 NULL);
a5c29683
JH		 5224}
5225
272d90df 5226int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 5227 u8 link_type, u8 addr_type)
604086b7
BG		 5228{
5229 struct mgmt_ev_user_passkey_request ev;
5230
5231 BT_DBG("%s", hdev->name);
5232
272d90df 5233 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5234 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 5235
5236 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 5237 NULL);
604086b7
BG		 5238}
5239
0df4c185 5240static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 5241 u8 link_type, u8 addr_type, u8 status,
5242 u8 opcode)
a5c29683
JH		 5243{
5244 struct pending_cmd *cmd;
5245 struct mgmt_rp_user_confirm_reply rp;
5246 int err;
5247
2e58ef3e 5248 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 5249 if (!cmd)
5250 return -ENOENT;
5251
272d90df 5252 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 5253 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 5254 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 5255 &rp, sizeof(rp));
a5c29683 5256
a664b5bc 5257 mgmt_pending_remove(cmd);
a5c29683
JH		 5258
5259 return err;
5260}
5261
744cf19e 5262int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5263 u8 link_type, u8 addr_type, u8 status)
a5c29683 5264{
272d90df 5265 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5266 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 5267}
5268
272d90df 5269int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5270 u8 link_type, u8 addr_type, u8 status)
a5c29683 5271{
272d90df 5272 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5273 status,
5274 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 5275}
2a611692 5276
604086b7 5277int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5278 u8 link_type, u8 addr_type, u8 status)
604086b7 5279{
272d90df 5280 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5281 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 5282}
5283
272d90df 5284int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5285 u8 link_type, u8 addr_type, u8 status)
604086b7 5286{
272d90df 5287 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5288 status,
5289 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 5290}
5291
92a25256
JH		 5292int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5293 u8 link_type, u8 addr_type, u32 passkey,
5294 u8 entered)
5295{
5296 struct mgmt_ev_passkey_notify ev;
5297
5298 BT_DBG("%s", hdev->name);
5299
5300 bacpy(&ev.addr.bdaddr, bdaddr);
5301 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5302 ev.passkey = __cpu_to_le32(passkey);
5303 ev.entered = entered;
5304
5305 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5306}
5307
e546099c
MH		 5308void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5309 u8 addr_type, u8 status)
2a611692
JH		 5310{
5311 struct mgmt_ev_auth_failed ev;
5312
bab73cb6 5313 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5314 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5315 ev.status = mgmt_status(status);
2a611692 5316
e546099c 5317 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 5318}
b312b161 5319
464996ae 5320void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 5321{
5322 struct cmd_lookup match = { NULL, hdev };
464996ae 5323 bool changed;
33ef95ed
JH		 5324
5325 if (status) {
5326 u8 mgmt_err = mgmt_status(status);
5327 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 5328 cmd_status_rsp, &mgmt_err);
464996ae 5329 return;
33ef95ed
JH		 5330 }
5331
464996ae
MH		 5332 if (test_bit(HCI_AUTH, &hdev->flags))
5333 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5334 &hdev->dev_flags);
5335 else
5336 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5337 &hdev->dev_flags);
47990ea0 5338
33ef95ed 5339 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 5340 &match);
33ef95ed 5341
47990ea0 5342 if (changed)
464996ae 5343 new_settings(hdev, match.sk);
33ef95ed
JH		 5344
5345 if (match.sk)
5346 sock_put(match.sk);
33ef95ed
JH		 5347}
5348
890ea898 5349static void clear_eir(struct hci_request *req)
cacaf52f 5350{
890ea898 5351 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 5352 struct hci_cp_write_eir cp;
5353
976eb20e 5354 if (!lmp_ext_inq_capable(hdev))
890ea898 5355 return;
cacaf52f 5356
c80da27e
JH		 5357 memset(hdev->eir, 0, sizeof(hdev->eir));
5358
cacaf52f
JH		 5359 memset(&cp, 0, sizeof(cp));
5360
890ea898 5361 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 5362}
5363
3e248560 5364void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 5365{
5366 struct cmd_lookup match = { NULL, hdev };
890ea898 5367 struct hci_request req;
c0ecddc2 5368 bool changed = false;
ed2c4ee3
JH		 5369
5370 if (status) {
5371 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 5372
5373 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 5374 &hdev->dev_flags)) {
5375 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 5376 new_settings(hdev, NULL);
9ecb3e24 5377 }
c0ecddc2 5378
04124681
GP		 5379 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5380 &mgmt_err);
3e248560 5381 return;
c0ecddc2
JH		 5382 }
5383
5384 if (enable) {
9ecb3e24 5385 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 5386 } else {
9ecb3e24
MH		 5387 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5388 if (!changed)
5389 changed = test_and_clear_bit(HCI_HS_ENABLED,
5390 &hdev->dev_flags);
5391 else
5392 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 5393 }
5394
5395 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5396
c0ecddc2 5397 if (changed)
3e248560 5398 new_settings(hdev, match.sk);
ed2c4ee3 5399
5fc6ebb1 5400 if (match.sk)
ed2c4ee3
JH		 5401 sock_put(match.sk);
5402
890ea898
JH		 5403 hci_req_init(&req, hdev);
5404
5fc6ebb1 5405 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 5406 update_eir(&req);
5fc6ebb1 5407 else
890ea898
JH		 5408 clear_eir(&req);
5409
5410 hci_req_run(&req, NULL);
ed2c4ee3
JH		 5411}
5412
eac83dc6
MH		 5413void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5414{
5415 struct cmd_lookup match = { NULL, hdev };
5416 bool changed = false;
5417
5418 if (status) {
5419 u8 mgmt_err = mgmt_status(status);
5420
0ab04a9c
MH		 5421 if (enable) {
5422 if (test_and_clear_bit(HCI_SC_ENABLED,
5423 &hdev->dev_flags))
5424 new_settings(hdev, NULL);
5425 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5426 }
eac83dc6
MH		 5427
5428 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5429 cmd_status_rsp, &mgmt_err);
5430 return;
5431 }
5432
0ab04a9c 5433 if (enable) {
eac83dc6 5434 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 5435 } else {
eac83dc6 5436 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 5437 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5438 }
eac83dc6
MH		 5439
5440 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5441 settings_rsp, &match);
5442
5443 if (changed)
5444 new_settings(hdev, match.sk);
5445
5446 if (match.sk)
5447 sock_put(match.sk);
5448}
5449
92da6097 5450static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 5451{
5452 struct cmd_lookup *match = data;
5453
90e70454
JH		 5454 if (match->sk == NULL) {
5455 match->sk = cmd->sk;
5456 sock_hold(match->sk);
5457 }
90e70454
JH		 5458}
5459
4e1b0245
MH		 5460void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5461 u8 status)
7f9a903c 5462{
90e70454 5463 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 5464
92da6097
JH		 5465 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5466 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5467 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 5468
5469 if (!status)
4e1b0245
MH		 5470 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5471 NULL);
90e70454
JH		 5472
5473 if (match.sk)
5474 sock_put(match.sk);
7f9a903c
MH		 5475}
5476
7667da34 5477void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 5478{
b312b161 5479 struct mgmt_cp_set_local_name ev;
13928971 5480 struct pending_cmd *cmd;
28cc7bde 5481
13928971 5482 if (status)
7667da34 5483 return;
b312b161
JH		 5484
5485 memset(&ev, 0, sizeof(ev));
5486 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 5487 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 5488
2e58ef3e 5489 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 5490 if (!cmd) {
5491 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 5492
13928971
JH		 5493 /* If this is a HCI command related to powering on the
5494 * HCI dev don't send any mgmt signals.
5495 */
5496 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 5497 return;
890ea898 5498 }
b312b161 5499
7667da34
MH		 5500 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5501 cmd ? cmd->sk : NULL);
b312b161 5502}
c35938b2 5503
4d2d2796
MH		 5504void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5505 u8 *randomizer192, u8 *hash256,
5506 u8 *randomizer256, u8 status)
c35938b2
SJ		 5507{
5508 struct pending_cmd *cmd;
c35938b2 5509
744cf19e 5510 BT_DBG("%s status %u", hdev->name, status);
c35938b2 5511
2e58ef3e 5512 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 5513 if (!cmd)
3edaf092 5514 return;
c35938b2
SJ		 5515
5516 if (status) {
3edaf092
MH		 5517 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5518 mgmt_status(status));
c35938b2 5519 } else {
4d2d2796
MH		 5520 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5521 hash256 && randomizer256) {
5522 struct mgmt_rp_read_local_oob_ext_data rp;
5523
5524 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5525 memcpy(rp.randomizer192, randomizer192,
5526 sizeof(rp.randomizer192));
c35938b2 5527
4d2d2796
MH		 5528 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5529 memcpy(rp.randomizer256, randomizer256,
5530 sizeof(rp.randomizer256));
c35938b2 5531
4d2d2796
MH		 5532 cmd_complete(cmd->sk, hdev->id,
5533 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5534 &rp, sizeof(rp));
5535 } else {
5536 struct mgmt_rp_read_local_oob_data rp;
5537
5538 memcpy(rp.hash, hash192, sizeof(rp.hash));
5539 memcpy(rp.randomizer, randomizer192,
5540 sizeof(rp.randomizer));
5541
5542 cmd_complete(cmd->sk, hdev->id,
5543 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5544 &rp, sizeof(rp));
5545 }
c35938b2
SJ		 5546 }
5547
5548 mgmt_pending_remove(cmd);
c35938b2 5549}
e17acd40 5550
901801b9
MH		 5551void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5552 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
5553 ssp, u8 *eir, u16 eir_len)
e17acd40 5554{
e319d2e7
JH		 5555 char buf[512];
5556 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 5557 struct smp_irk *irk;
1dc06093 5558 size_t ev_size;
e17acd40 5559
12602d0c 5560 if (!hci_discovery_active(hdev))
901801b9 5561 return;
12602d0c 5562
1dc06093
JH		 5563 /* Leave 5 bytes for a potential CoD field */
5564 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 5565 return;
7d262f86 5566
1dc06093
JH		 5567 memset(buf, 0, sizeof(buf));
5568
5cedbb8d
JH		 5569 irk = hci_get_irk(hdev, bdaddr, addr_type);
5570 if (irk) {
5571 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5572 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5573 } else {
5574 bacpy(&ev->addr.bdaddr, bdaddr);
5575 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5576 }
5577
e319d2e7 5578 ev->rssi = rssi;
9a395a80 5579 if (cfm_name)
612dfce9 5580 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 5581 if (!ssp)
612dfce9 5582 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 5583
1dc06093 5584 if (eir_len > 0)
e319d2e7 5585 memcpy(ev->eir, eir, eir_len);
e17acd40 5586
1dc06093
JH		 5587 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5588 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 5589 dev_class, 3);
1dc06093 5590
eb55ef07 5591 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 5592 ev_size = sizeof(*ev) + eir_len;
f8523598 5593
901801b9 5594 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 5595}
a88a9652 5596
9cf12aee
MH		 5597void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5598 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 5599{
b644ba33
JH		 5600 struct mgmt_ev_device_found *ev;
5601 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5602 u16 eir_len;
a88a9652 5603
b644ba33 5604 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 5605
b644ba33
JH		 5606 memset(buf, 0, sizeof(buf));
5607
5608 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5609 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 5610 ev->rssi = rssi;
5611
5612 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 5613 name_len);
b644ba33 5614
eb55ef07 5615 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 5616
9cf12aee 5617 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 5618}
314b2381 5619
2f1e063b 5620void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 5621{
f963e8e9 5622 struct mgmt_ev_discovering ev;
164a6e78
JH		 5623 struct pending_cmd *cmd;
5624
343fb145
AG		 5625 BT_DBG("%s discovering %u", hdev->name, discovering);
5626
164a6e78 5627 if (discovering)
2e58ef3e 5628 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 5629 else
2e58ef3e 5630 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 5631
5632 if (cmd != NULL) {
f808e166
JH		 5633 u8 type = hdev->discovery.type;
5634
04124681
GP		 5635 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5636 sizeof(type));
164a6e78
JH		 5637 mgmt_pending_remove(cmd);
5638 }
5639
f963e8e9
JH		 5640 memset(&ev, 0, sizeof(ev));
5641 ev.type = hdev->discovery.type;
5642 ev.discovering = discovering;
5643
2f1e063b 5644 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 5645}
5e762444 5646
88c1fe4b 5647int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5648{
5649 struct pending_cmd *cmd;
5650 struct mgmt_ev_device_blocked ev;
5651
2e58ef3e 5652 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 5653
88c1fe4b
JH		 5654 bacpy(&ev.addr.bdaddr, bdaddr);
5655 ev.addr.type = type;
5e762444 5656
744cf19e 5657 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 5658 cmd ? cmd->sk : NULL);
5e762444
AJ		 5659}
5660
88c1fe4b 5661int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5662{
5663 struct pending_cmd *cmd;
5664 struct mgmt_ev_device_unblocked ev;
5665
2e58ef3e 5666 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 5667
88c1fe4b
JH		 5668 bacpy(&ev.addr.bdaddr, bdaddr);
5669 ev.addr.type = type;
5e762444 5670
744cf19e 5671 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 5672 cmd ? cmd->sk : NULL);
5e762444 5673}
5976e608
MH		 5674
5675static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5676{
5677 BT_DBG("%s status %u", hdev->name, status);
5678
5679 /* Clear the advertising mgmt setting if we failed to re-enable it */
5680 if (status) {
5681 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5682 new_settings(hdev, NULL);
5976e608
MH		 5683 }
5684}
5685
5686void mgmt_reenable_advertising(struct hci_dev *hdev)
5687{
5688 struct hci_request req;
5689
b145edcd 5690 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 5691 return;
5692
5693 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5694 return;
5695
5696 hci_req_init(&req, hdev);
5697 enable_advertising(&req);
5698
5699 /* If this fails we have no option but to let user space know
5700 * that we've disabled advertising.
5701 */
5702 if (hci_req_run(&req, adv_enable_complete) < 0) {
5703 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5704 new_settings(hdev, NULL);
5976e608
MH		 5705 }
5706}
Linux kernel - Deliverables
This page took 0.819894 seconds and 5 git commands to generate.