projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Simplify the error handling of Start Discovery command
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
854bda19 38#define MGMT_REVISION 8
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 47 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 89 MGMT_OP_ADD_DEVICE,
90 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 91 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 92 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 93 MGMT_OP_READ_CONFIG_INFO,
dbece37a 94 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 95 MGMT_OP_SET_PUBLIC_ADDRESS,
e70bb2e8
JH		 96};
97
98static const u16 mgmt_events[] = {
99 MGMT_EV_CONTROLLER_ERROR,
100 MGMT_EV_INDEX_ADDED,
101 MGMT_EV_INDEX_REMOVED,
102 MGMT_EV_NEW_SETTINGS,
103 MGMT_EV_CLASS_OF_DEV_CHANGED,
104 MGMT_EV_LOCAL_NAME_CHANGED,
105 MGMT_EV_NEW_LINK_KEY,
106 MGMT_EV_NEW_LONG_TERM_KEY,
107 MGMT_EV_DEVICE_CONNECTED,
108 MGMT_EV_DEVICE_DISCONNECTED,
109 MGMT_EV_CONNECT_FAILED,
110 MGMT_EV_PIN_CODE_REQUEST,
111 MGMT_EV_USER_CONFIRM_REQUEST,
112 MGMT_EV_USER_PASSKEY_REQUEST,
113 MGMT_EV_AUTH_FAILED,
114 MGMT_EV_DEVICE_FOUND,
115 MGMT_EV_DISCOVERING,
116 MGMT_EV_DEVICE_BLOCKED,
117 MGMT_EV_DEVICE_UNBLOCKED,
118 MGMT_EV_DEVICE_UNPAIRED,
92a25256 119 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 120 MGMT_EV_NEW_IRK,
7ee4ea36 121 MGMT_EV_NEW_CSRK,
8afef092
MH		 122 MGMT_EV_DEVICE_ADDED,
123 MGMT_EV_DEVICE_REMOVED,
ffb5a827 124 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 125 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 126 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 127 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 128};
129
17b02e62 130#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 131
eec8d2bc
JH		 132struct pending_cmd {
133 struct list_head list;
fc2f4b13 134 u16 opcode;
eec8d2bc 135 int index;
c68fb7ff 136 void *param;
eec8d2bc 137 struct sock *sk;
e9a416b5 138 void *user_data;
eec8d2bc
JH		 139};
140
ca69b795
JH		 141/* HCI to MGMT error code conversion table */
142static u8 mgmt_status_table[] = {
143 MGMT_STATUS_SUCCESS,
144 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
145 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
146 MGMT_STATUS_FAILED, /* Hardware Failure */
147 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
148 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 149 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 150 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
151 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
152 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
153 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
154 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
155 MGMT_STATUS_BUSY, /* Command Disallowed */
156 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
157 MGMT_STATUS_REJECTED, /* Rejected Security */
158 MGMT_STATUS_REJECTED, /* Rejected Personal */
159 MGMT_STATUS_TIMEOUT, /* Host Timeout */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
161 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
162 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
163 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
164 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
165 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
166 MGMT_STATUS_BUSY, /* Repeated Attempts */
167 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
168 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
169 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
170 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
171 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
172 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
173 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
174 MGMT_STATUS_FAILED, /* Unspecified Error */
175 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
176 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
177 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
178 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
179 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
180 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
181 MGMT_STATUS_FAILED, /* Unit Link Key Used */
182 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
183 MGMT_STATUS_TIMEOUT, /* Instant Passed */
184 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
185 MGMT_STATUS_FAILED, /* Transaction Collision */
186 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
187 MGMT_STATUS_REJECTED, /* QoS Rejected */
188 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
189 MGMT_STATUS_REJECTED, /* Insufficient Security */
190 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
191 MGMT_STATUS_BUSY, /* Role Switch Pending */
192 MGMT_STATUS_FAILED, /* Slot Violation */
193 MGMT_STATUS_FAILED, /* Role Switch Failed */
194 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
195 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
196 MGMT_STATUS_BUSY, /* Host Busy Pairing */
197 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
198 MGMT_STATUS_BUSY, /* Controller Busy */
199 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
200 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
201 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
202 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
203 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
204};
205
206static u8 mgmt_status(u8 hci_status)
207{
208 if (hci_status < ARRAY_SIZE(mgmt_status_table))
209 return mgmt_status_table[hci_status];
210
211 return MGMT_STATUS_FAILED;
212}
213
04c60f05
MH		 214static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
215 struct sock *skip_sk)
216{
217 struct sk_buff *skb;
218 struct mgmt_hdr *hdr;
219
220 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
221 if (!skb)
222 return -ENOMEM;
223
224 hdr = (void *) skb_put(skb, sizeof(*hdr));
225 hdr->opcode = cpu_to_le16(event);
226 if (hdev)
227 hdr->index = cpu_to_le16(hdev->id);
228 else
229 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
230 hdr->len = cpu_to_le16(data_len);
231
232 if (data)
233 memcpy(skb_put(skb, data_len), data, data_len);
234
235 /* Time stamp */
236 __net_timestamp(skb);
237
238 hci_send_to_control(skb, skip_sk);
239 kfree_skb(skb);
240
241 return 0;
242}
243
4e51eae9 244static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 245{
246 struct sk_buff *skb;
247 struct mgmt_hdr *hdr;
248 struct mgmt_ev_cmd_status *ev;
56b7d137 249 int err;
f7b64e69 250
34eb525c 251 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 252
790eff44 253 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 254 if (!skb)
255 return -ENOMEM;
256
257 hdr = (void *) skb_put(skb, sizeof(*hdr));
258
dcf4adbf 259 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 260 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 261 hdr->len = cpu_to_le16(sizeof(*ev));
262
263 ev = (void *) skb_put(skb, sizeof(*ev));
264 ev->status = status;
eb55ef07 265 ev->opcode = cpu_to_le16(cmd);
f7b64e69 266
56b7d137
GP		 267 err = sock_queue_rcv_skb(sk, skb);
268 if (err < 0)
f7b64e69
JH		 269 kfree_skb(skb);
270
56b7d137 271 return err;
f7b64e69
JH		 272}
273
aee9b218 274static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 275 void *rp, size_t rp_len)
02d98129
JH		 276{
277 struct sk_buff *skb;
278 struct mgmt_hdr *hdr;
279 struct mgmt_ev_cmd_complete *ev;
56b7d137 280 int err;
02d98129
JH		 281
282 BT_DBG("sock %p", sk);
283
790eff44 284 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 285 if (!skb)
286 return -ENOMEM;
287
288 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 289
dcf4adbf 290 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 291 hdr->index = cpu_to_le16(index);
a38528f1 292 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 293
a38528f1 294 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 295 ev->opcode = cpu_to_le16(cmd);
aee9b218 296 ev->status = status;
8020c16a
SJ		 297
298 if (rp)
299 memcpy(ev->data, rp, rp_len);
02d98129 300
56b7d137
GP		 301 err = sock_queue_rcv_skb(sk, skb);
302 if (err < 0)
02d98129
JH		 303 kfree_skb(skb);
304
e5f0e151 305 return err;
02d98129
JH		 306}
307
04124681
GP		 308static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
309 u16 data_len)
a38528f1
JH		 310{
311 struct mgmt_rp_read_version rp;
312
313 BT_DBG("sock %p", sk);
314
315 rp.version = MGMT_VERSION;
dcf4adbf 316 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 317
aee9b218 318 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 319 sizeof(rp));
a38528f1
JH		 320}
321
04124681
GP		 322static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
323 u16 data_len)
e70bb2e8
JH		 324{
325 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 326 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
327 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 328 __le16 *opcode;
e70bb2e8
JH		 329 size_t rp_size;
330 int i, err;
331
332 BT_DBG("sock %p", sk);
333
334 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
335
336 rp = kmalloc(rp_size, GFP_KERNEL);
337 if (!rp)
338 return -ENOMEM;
339
dcf4adbf
JP		 340 rp->num_commands = cpu_to_le16(num_commands);
341 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 342
343 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
344 put_unaligned_le16(mgmt_commands[i], opcode);
345
346 for (i = 0; i < num_events; i++, opcode++)
347 put_unaligned_le16(mgmt_events[i], opcode);
348
aee9b218 349 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 350 rp_size);
e70bb2e8
JH		 351 kfree(rp);
352
353 return err;
354}
355
04124681
GP		 356static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
357 u16 data_len)
faba42eb 358{
faba42eb 359 struct mgmt_rp_read_index_list *rp;
8035ded4 360 struct hci_dev *d;
a38528f1 361 size_t rp_len;
faba42eb 362 u16 count;
476e44cb 363 int err;
faba42eb
JH		 364
365 BT_DBG("sock %p", sk);
366
367 read_lock(&hci_dev_list_lock);
368
369 count = 0;
bb4b2a9a 370 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 371 if (d->dev_type == HCI_BREDR &&
372 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 373 count++;
faba42eb
JH		 374 }
375
a38528f1
JH		 376 rp_len = sizeof(*rp) + (2 * count);
377 rp = kmalloc(rp_len, GFP_ATOMIC);
378 if (!rp) {
b2c60d42 379 read_unlock(&hci_dev_list_lock);
faba42eb 380 return -ENOMEM;
b2c60d42 381 }
faba42eb 382
476e44cb 383 count = 0;
8035ded4 384 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 385 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 386 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 387 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 388 continue;
389
73d1df2a
MH		 390 /* Devices marked as raw-only are neither configured
391 * nor unconfigured controllers.
392 */
393 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 394 continue;
395
73d1df2a
MH		 396 if (d->dev_type == HCI_BREDR &&
397 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 398 rp->index[count++] = cpu_to_le16(d->id);
399 BT_DBG("Added hci%u", d->id);
400 }
faba42eb
JH		 401 }
402
476e44cb
JH		 403 rp->num_controllers = cpu_to_le16(count);
404 rp_len = sizeof(*rp) + (2 * count);
405
faba42eb
JH		 406 read_unlock(&hci_dev_list_lock);
407
aee9b218 408 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 409 rp_len);
faba42eb 410
a38528f1
JH		 411 kfree(rp);
412
413 return err;
faba42eb
JH		 414}
415
73d1df2a
MH		 416static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
417 void *data, u16 data_len)
418{
419 struct mgmt_rp_read_unconf_index_list *rp;
420 struct hci_dev *d;
421 size_t rp_len;
422 u16 count;
423 int err;
424
425 BT_DBG("sock %p", sk);
426
427 read_lock(&hci_dev_list_lock);
428
429 count = 0;
430 list_for_each_entry(d, &hci_dev_list, list) {
431 if (d->dev_type == HCI_BREDR &&
432 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
433 count++;
434 }
435
436 rp_len = sizeof(*rp) + (2 * count);
437 rp = kmalloc(rp_len, GFP_ATOMIC);
438 if (!rp) {
439 read_unlock(&hci_dev_list_lock);
440 return -ENOMEM;
441 }
442
443 count = 0;
444 list_for_each_entry(d, &hci_dev_list, list) {
445 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 446 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 447 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
448 continue;
449
450 /* Devices marked as raw-only are neither configured
451 * nor unconfigured controllers.
452 */
453 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
454 continue;
455
456 if (d->dev_type == HCI_BREDR &&
457 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
458 rp->index[count++] = cpu_to_le16(d->id);
459 BT_DBG("Added hci%u", d->id);
460 }
461 }
462
463 rp->num_controllers = cpu_to_le16(count);
464 rp_len = sizeof(*rp) + (2 * count);
465
466 read_unlock(&hci_dev_list_lock);
467
468 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
469 0, rp, rp_len);
470
471 kfree(rp);
472
473 return err;
474}
475
dbece37a
MH		 476static bool is_configured(struct hci_dev *hdev)
477{
478 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
479 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
480 return false;
481
482 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
483 !bacmp(&hdev->public_addr, BDADDR_ANY))
484 return false;
485
486 return true;
487}
488
89bc22d2
MH		 489static __le32 get_missing_options(struct hci_dev *hdev)
490{
491 u32 options = 0;
492
dbece37a
MH		 493 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
494 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 495 options |= MGMT_OPTION_EXTERNAL_CONFIG;
496
89bc22d2
MH		 497 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
498 !bacmp(&hdev->public_addr, BDADDR_ANY))
499 options |= MGMT_OPTION_PUBLIC_ADDRESS;
500
501 return cpu_to_le32(options);
502}
503
f4537c04
MH		 504static int new_options(struct hci_dev *hdev, struct sock *skip)
505{
506 __le32 options = get_missing_options(hdev);
507
508 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
509 sizeof(options), skip);
510}
511
dbece37a
MH		 512static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
513{
514 __le32 options = get_missing_options(hdev);
515
516 return cmd_complete(sk, hdev->id, opcode, 0, &options,
517 sizeof(options));
518}
519
9fc3bfb6
MH		 520static int read_config_info(struct sock *sk, struct hci_dev *hdev,
521 void *data, u16 data_len)
522{
523 struct mgmt_rp_read_config_info rp;
89bc22d2 524 u32 options = 0;
9fc3bfb6
MH		 525
526 BT_DBG("sock %p %s", sk, hdev->name);
527
528 hci_dev_lock(hdev);
529
530 memset(&rp, 0, sizeof(rp));
531 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 532
eb1904f4
MH		 533 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
534 options |= MGMT_OPTION_EXTERNAL_CONFIG;
535
9fc3bfb6 536 if (hdev->set_bdaddr)
89bc22d2
MH		 537 options |= MGMT_OPTION_PUBLIC_ADDRESS;
538
539 rp.supported_options = cpu_to_le32(options);
540 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 541
542 hci_dev_unlock(hdev);
543
544 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
545 sizeof(rp));
546}
547
69ab39ea
JH		 548static u32 get_supported_settings(struct hci_dev *hdev)
549{
550 u32 settings = 0;
551
552 settings |= MGMT_SETTING_POWERED;
b2939475 553 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 554 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 555 settings |= MGMT_SETTING_CONNECTABLE;
556 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 557
ed3fa31f 558 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 559 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
560 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 561 settings |= MGMT_SETTING_BREDR;
562 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 563
564 if (lmp_ssp_capable(hdev)) {
565 settings |= MGMT_SETTING_SSP;
566 settings |= MGMT_SETTING_HS;
567 }
e98d2ce2 568
5afeac14 569 if (lmp_sc_capable(hdev) ||
111902f7 570 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 571 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 572 }
d7b7e796 573
eeca6f89 574 if (lmp_le_capable(hdev)) {
9d42820f 575 settings |= MGMT_SETTING_LE;
eeca6f89 576 settings |= MGMT_SETTING_ADVERTISING;
a3209694 577 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 578 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 579 }
69ab39ea 580
eb1904f4
MH		 581 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
582 hdev->set_bdaddr)
9fc3bfb6
MH		 583 settings |= MGMT_SETTING_CONFIGURATION;
584
69ab39ea
JH		 585 return settings;
586}
587
588static u32 get_current_settings(struct hci_dev *hdev)
589{
590 u32 settings = 0;
591
f1f0eb02 592 if (hdev_is_powered(hdev))
f0d4b78a
MH		 593 settings |= MGMT_SETTING_POWERED;
594
5e5282bb 595 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 596 settings |= MGMT_SETTING_CONNECTABLE;
597
1a4d3c4b
JH		 598 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
599 settings |= MGMT_SETTING_FAST_CONNECTABLE;
600
5e5282bb 601 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 602 settings |= MGMT_SETTING_DISCOVERABLE;
603
b6ae8457 604 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
b2939475 605 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 606
56f87901 607 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 608 settings |= MGMT_SETTING_BREDR;
609
06199cf8 610 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 611 settings |= MGMT_SETTING_LE;
612
47990ea0 613 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 614 settings |= MGMT_SETTING_LINK_SECURITY;
615
84bde9d6 616 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 617 settings |= MGMT_SETTING_SSP;
618
6d80dfd0
JH		 619 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
620 settings |= MGMT_SETTING_HS;
621
f3d3444a 622 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 623 settings |= MGMT_SETTING_ADVERTISING;
624
e98d2ce2
MH		 625 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
626 settings |= MGMT_SETTING_SECURE_CONN;
627
0663b297 628 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 629 settings |= MGMT_SETTING_DEBUG_KEYS;
630
0f4bd942
JH		 631 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
632 settings |= MGMT_SETTING_PRIVACY;
633
69ab39ea
JH		 634 return settings;
635}
636
ef580372
JH		 637#define PNP_INFO_SVCLASS_ID 0x1200
638
213202ed
JH		 639static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
640{
641 u8 *ptr = data, *uuids_start = NULL;
642 struct bt_uuid *uuid;
643
644 if (len < 4)
645 return ptr;
646
647 list_for_each_entry(uuid, &hdev->uuids, list) {
648 u16 uuid16;
649
650 if (uuid->size != 16)
651 continue;
652
653 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
654 if (uuid16 < 0x1100)
655 continue;
656
657 if (uuid16 == PNP_INFO_SVCLASS_ID)
658 continue;
659
660 if (!uuids_start) {
661 uuids_start = ptr;
662 uuids_start[0] = 1;
663 uuids_start[1] = EIR_UUID16_ALL;
664 ptr += 2;
665 }
666
667 /* Stop if not enough space to put next UUID */
668 if ((ptr - data) + sizeof(u16) > len) {
669 uuids_start[1] = EIR_UUID16_SOME;
670 break;
671 }
672
673 *ptr++ = (uuid16 & 0x00ff);
674 *ptr++ = (uuid16 & 0xff00) >> 8;
675 uuids_start[0] += sizeof(uuid16);
676 }
677
678 return ptr;
679}
680
cdf1963f
JH		 681static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
682{
683 u8 *ptr = data, *uuids_start = NULL;
684 struct bt_uuid *uuid;
685
686 if (len < 6)
687 return ptr;
688
689 list_for_each_entry(uuid, &hdev->uuids, list) {
690 if (uuid->size != 32)
691 continue;
692
693 if (!uuids_start) {
694 uuids_start = ptr;
695 uuids_start[0] = 1;
696 uuids_start[1] = EIR_UUID32_ALL;
697 ptr += 2;
698 }
699
700 /* Stop if not enough space to put next UUID */
701 if ((ptr - data) + sizeof(u32) > len) {
702 uuids_start[1] = EIR_UUID32_SOME;
703 break;
704 }
705
706 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
707 ptr += sizeof(u32);
708 uuids_start[0] += sizeof(u32);
709 }
710
711 return ptr;
712}
713
c00d575b
JH		 714static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
715{
716 u8 *ptr = data, *uuids_start = NULL;
717 struct bt_uuid *uuid;
718
719 if (len < 18)
720 return ptr;
721
722 list_for_each_entry(uuid, &hdev->uuids, list) {
723 if (uuid->size != 128)
724 continue;
725
726 if (!uuids_start) {
727 uuids_start = ptr;
728 uuids_start[0] = 1;
729 uuids_start[1] = EIR_UUID128_ALL;
730 ptr += 2;
731 }
732
733 /* Stop if not enough space to put next UUID */
734 if ((ptr - data) + 16 > len) {
735 uuids_start[1] = EIR_UUID128_SOME;
736 break;
737 }
738
739 memcpy(ptr, uuid->uuid, 16);
740 ptr += 16;
741 uuids_start[0] += 16;
742 }
743
744 return ptr;
745}
746
eb2a8d20
JH		 747static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
748{
749 struct pending_cmd *cmd;
750
751 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
752 if (cmd->opcode == opcode)
753 return cmd;
754 }
755
756 return NULL;
757}
758
95868426
JH		 759static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
760 struct hci_dev *hdev,
761 const void *data)
762{
763 struct pending_cmd *cmd;
764
765 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
766 if (cmd->user_data != data)
767 continue;
768 if (cmd->opcode == opcode)
769 return cmd;
770 }
771
772 return NULL;
773}
774
f14d8f64
MH		 775static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
776{
7a5f4990
MH		 777 u8 ad_len = 0;
778 size_t name_len;
779
780 name_len = strlen(hdev->dev_name);
781 if (name_len > 0) {
782 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
783
784 if (name_len > max_len) {
785 name_len = max_len;
786 ptr[1] = EIR_NAME_SHORT;
787 } else
788 ptr[1] = EIR_NAME_COMPLETE;
789
790 ptr[0] = name_len + 1;
791
792 memcpy(ptr + 2, hdev->dev_name, name_len);
793
794 ad_len += (name_len + 2);
795 ptr += (name_len + 2);
796 }
797
798 return ad_len;
f14d8f64
MH		 799}
800
801static void update_scan_rsp_data(struct hci_request *req)
802{
803 struct hci_dev *hdev = req->hdev;
804 struct hci_cp_le_set_scan_rsp_data cp;
805 u8 len;
806
7751ef1b 807 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 808 return;
809
810 memset(&cp, 0, sizeof(cp));
811
812 len = create_scan_rsp_data(hdev, cp.data);
813
eb438b5f
JH		 814 if (hdev->scan_rsp_data_len == len &&
815 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 816 return;
817
eb438b5f
JH		 818 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
819 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 820
821 cp.length = len;
822
823 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
824}
825
9a43e25f
JH		 826static u8 get_adv_discov_flags(struct hci_dev *hdev)
827{
828 struct pending_cmd *cmd;
829
830 /* If there's a pending mgmt command the flags will not yet have
831 * their final values, so check for this first.
832 */
833 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
834 if (cmd) {
835 struct mgmt_mode *cp = cmd->param;
836 if (cp->val == 0x01)
837 return LE_AD_GENERAL;
838 else if (cp->val == 0x02)
839 return LE_AD_LIMITED;
840 } else {
841 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
842 return LE_AD_LIMITED;
843 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
844 return LE_AD_GENERAL;
845 }
846
847 return 0;
848}
849
46cad2ed 850static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 851{
852 u8 ad_len = 0, flags = 0;
441ad2d0 853
9a43e25f 854 flags |= get_adv_discov_flags(hdev);
441ad2d0 855
e834004b 856 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 857 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 858
859 if (flags) {
860 BT_DBG("adv flags 0x%02x", flags);
861
862 ptr[0] = 2;
863 ptr[1] = EIR_FLAGS;
864 ptr[2] = flags;
865
866 ad_len += 3;
867 ptr += 3;
868 }
869
870 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
871 ptr[0] = 2;
872 ptr[1] = EIR_TX_POWER;
873 ptr[2] = (u8) hdev->adv_tx_power;
874
875 ad_len += 3;
876 ptr += 3;
877 }
878
441ad2d0
MH		 879 return ad_len;
880}
881
5947f4bc 882static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 883{
884 struct hci_dev *hdev = req->hdev;
885 struct hci_cp_le_set_adv_data cp;
886 u8 len;
887
10994ce6 888 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 889 return;
890
891 memset(&cp, 0, sizeof(cp));
892
46cad2ed 893 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 894
895 if (hdev->adv_data_len == len &&
896 memcmp(cp.data, hdev->adv_data, len) == 0)
897 return;
898
899 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
900 hdev->adv_data_len = len;
901
902 cp.length = len;
903
904 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
905}
906
bc6d2d04
JH		 907int mgmt_update_adv_data(struct hci_dev *hdev)
908{
909 struct hci_request req;
910
911 hci_req_init(&req, hdev);
912 update_adv_data(&req);
913
914 return hci_req_run(&req, NULL);
915}
916
ef580372
JH		 917static void create_eir(struct hci_dev *hdev, u8 *data)
918{
919 u8 *ptr = data;
ef580372
JH		 920 size_t name_len;
921
922 name_len = strlen(hdev->dev_name);
923
924 if (name_len > 0) {
925 /* EIR Data type */
926 if (name_len > 48) {
927 name_len = 48;
928 ptr[1] = EIR_NAME_SHORT;
929 } else
930 ptr[1] = EIR_NAME_COMPLETE;
931
932 /* EIR Data length */
933 ptr[0] = name_len + 1;
934
935 memcpy(ptr + 2, hdev->dev_name, name_len);
936
ef580372
JH		 937 ptr += (name_len + 2);
938 }
939
bbaf444a 940 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 941 ptr[0] = 2;
942 ptr[1] = EIR_TX_POWER;
943 ptr[2] = (u8) hdev->inq_tx_power;
944
91c4e9b1
MH		 945 ptr += 3;
946 }
947
2b9be137
MH		 948 if (hdev->devid_source > 0) {
949 ptr[0] = 9;
950 ptr[1] = EIR_DEVICE_ID;
951
952 put_unaligned_le16(hdev->devid_source, ptr + 2);
953 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
954 put_unaligned_le16(hdev->devid_product, ptr + 6);
955 put_unaligned_le16(hdev->devid_version, ptr + 8);
956
2b9be137
MH		 957 ptr += 10;
958 }
959
213202ed 960 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 961 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 962 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 963}
964
890ea898 965static void update_eir(struct hci_request *req)
ef580372 966{
890ea898 967 struct hci_dev *hdev = req->hdev;
ef580372
JH		 968 struct hci_cp_write_eir cp;
969
504c8dcd 970 if (!hdev_is_powered(hdev))
890ea898 971 return;
7770c4aa 972
976eb20e 973 if (!lmp_ext_inq_capable(hdev))
890ea898 974 return;
ef580372 975
84bde9d6 976 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 977 return;
ef580372 978
a8b2d5c2 979 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 980 return;
ef580372
JH		 981
982 memset(&cp, 0, sizeof(cp));
983
984 create_eir(hdev, cp.data);
985
986 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 987 return;
ef580372
JH		 988
989 memcpy(hdev->eir, cp.data, sizeof(cp.data));
990
890ea898 991 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 992}
993
994static u8 get_service_classes(struct hci_dev *hdev)
995{
996 struct bt_uuid *uuid;
997 u8 val = 0;
998
999 list_for_each_entry(uuid, &hdev->uuids, list)
1000 val |= uuid->svc_hint;
1001
1002 return val;
1003}
1004
890ea898 1005static void update_class(struct hci_request *req)
ef580372 1006{
890ea898 1007 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1008 u8 cod[3];
1009
1010 BT_DBG("%s", hdev->name);
1011
504c8dcd 1012 if (!hdev_is_powered(hdev))
890ea898 1013 return;
7770c4aa 1014
f87ea1da
JH		 1015 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1016 return;
1017
a8b2d5c2 1018 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1019 return;
ef580372
JH		 1020
1021 cod[0] = hdev->minor_class;
1022 cod[1] = hdev->major_class;
1023 cod[2] = get_service_classes(hdev);
1024
6acd7db4
MH		 1025 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1026 cod[1] |= 0x20;
1027
ef580372 1028 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1029 return;
ef580372 1030
890ea898 1031 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1032}
1033
a4858cb9 1034static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 1035{
1036 struct pending_cmd *cmd;
199a2fb1
JH		 1037
1038 /* If there's a pending mgmt command the flag will not yet have
1039 * it's final value, so check for this first.
1040 */
1041 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1042 if (cmd) {
1043 struct mgmt_mode *cp = cmd->param;
a4858cb9 1044 return cp->val;
199a2fb1
JH		 1045 }
1046
a4858cb9 1047 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1048}
1049
0ec5ae84
JH		 1050static void disable_advertising(struct hci_request *req)
1051{
1052 u8 enable = 0x00;
1053
1054 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1055}
1056
199a2fb1
JH		 1057static void enable_advertising(struct hci_request *req)
1058{
1059 struct hci_dev *hdev = req->hdev;
1060 struct hci_cp_le_set_adv_param cp;
8f2a0601 1061 u8 own_addr_type, enable = 0x01;
a4858cb9 1062 bool connectable;
199a2fb1 1063
0ec5ae84
JH		 1064 if (hci_conn_num(hdev, LE_LINK) > 0)
1065 return;
1066
1067 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1068 disable_advertising(req);
1069
5ce194c4 1070 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1071 * hci_update_random_address knows that it's safe to go ahead
1072 * and write a new random address. The flag will be set back on
1073 * as soon as the SET_ADV_ENABLE HCI command completes.
1074 */
5ce194c4 1075 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
8d97250e 1076
a4858cb9 1077 connectable = get_connectable(hdev);
8f2a0601 1078
a4858cb9
JH		 1079 /* Set require_privacy to true only when non-connectable
1080 * advertising is used. In that case it is fine to use a
1081 * non-resolvable private address.
1082 */
1083 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1084 return;
1085
41c90c18 1086 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1087 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1088 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1089 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1090 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1091 cp.channel_map = hdev->le_adv_channel_map;
1092
1093 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1094
1095 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1096}
1097
7d78525d
JH		 1098static void service_cache_off(struct work_struct *work)
1099{
1100 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1101 service_cache.work);
890ea898 1102 struct hci_request req;
7d78525d 1103
a8b2d5c2 1104 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1105 return;
1106
890ea898
JH		 1107 hci_req_init(&req, hdev);
1108
7d78525d
JH		 1109 hci_dev_lock(hdev);
1110
890ea898
JH		 1111 update_eir(&req);
1112 update_class(&req);
7d78525d
JH		 1113
1114 hci_dev_unlock(hdev);
890ea898
JH		 1115
1116 hci_req_run(&req, NULL);
7d78525d
JH		 1117}
1118
d6bfd59c
JH		 1119static void rpa_expired(struct work_struct *work)
1120{
1121 struct hci_dev *hdev = container_of(work, struct hci_dev,
1122 rpa_expired.work);
1123 struct hci_request req;
1124
1125 BT_DBG("");
1126
1127 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1128
0ec5ae84 1129 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
d6bfd59c
JH		 1130 return;
1131
1132 /* The generation of a new RPA and programming it into the
1133 * controller happens in the enable_advertising() function.
1134 */
d6bfd59c 1135 hci_req_init(&req, hdev);
d6bfd59c 1136 enable_advertising(&req);
d6bfd59c
JH		 1137 hci_req_run(&req, NULL);
1138}
1139
6a919082 1140static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1141{
4f87da80 1142 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1143 return;
1144
4f87da80 1145 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1146 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1147
4f87da80
JH		 1148 /* Non-mgmt controlled devices get this bit set
1149 * implicitly so that pairing works for them, however
1150 * for mgmt we require user-space to explicitly enable
1151 * it
1152 */
b6ae8457 1153 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
7d78525d
JH		 1154}
1155
0f4e68cf 1156static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1157 void *data, u16 data_len)
0381101f 1158{
a38528f1 1159 struct mgmt_rp_read_info rp;
f7b64e69 1160
bdb6d971 1161 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1162
09fd0de5 1163 hci_dev_lock(hdev);
f7b64e69 1164
dc4fe30b
JH		 1165 memset(&rp, 0, sizeof(rp));
1166
69ab39ea 1167 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1168
69ab39ea 1169 rp.version = hdev->hci_ver;
eb55ef07 1170 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1171
1172 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1173 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1174
a38528f1 1175 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1176
dc4fe30b 1177 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1178 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1179
09fd0de5 1180 hci_dev_unlock(hdev);
0381101f 1181
bdb6d971 1182 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 1183 sizeof(rp));
0381101f
JH		 1184}
1185
eec8d2bc
JH		 1186static void mgmt_pending_free(struct pending_cmd *cmd)
1187{
1188 sock_put(cmd->sk);
c68fb7ff 1189 kfree(cmd->param);
eec8d2bc
JH		 1190 kfree(cmd);
1191}
1192
366a0336 1193static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1194 struct hci_dev *hdev, void *data,
1195 u16 len)
eec8d2bc
JH		 1196{
1197 struct pending_cmd *cmd;
1198
fca20018 1199 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1200 if (!cmd)
366a0336 1201 return NULL;
eec8d2bc
JH		 1202
1203 cmd->opcode = opcode;
2e58ef3e 1204 cmd->index = hdev->id;
eec8d2bc 1205
12b94565 1206 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 1207 if (!cmd->param) {
eec8d2bc 1208 kfree(cmd);
366a0336 1209 return NULL;
eec8d2bc
JH		 1210 }
1211
8fce6357
SJ		 1212 if (data)
1213 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1214
1215 cmd->sk = sk;
1216 sock_hold(sk);
1217
2e58ef3e 1218 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1219
366a0336 1220 return cmd;
eec8d2bc
JH		 1221}
1222
744cf19e 1223static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1224 void (*cb)(struct pending_cmd *cmd,
1225 void *data),
04124681 1226 void *data)
eec8d2bc 1227{
a3d09356 1228 struct pending_cmd *cmd, *tmp;
eec8d2bc 1229
a3d09356 1230 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1231 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1232 continue;
1233
eec8d2bc
JH		 1234 cb(cmd, data);
1235 }
1236}
1237
a664b5bc 1238static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1239{
73f22f62
JH		 1240 list_del(&cmd->list);
1241 mgmt_pending_free(cmd);
1242}
1243
69ab39ea 1244static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1245{
69ab39ea 1246 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1247
aee9b218 1248 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1249 sizeof(settings));
8680570b
JH		 1250}
1251
8b064a3a
JH		 1252static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1253{
1254 BT_DBG("%s status 0x%02x", hdev->name, status);
1255
a3172b7e
JH		 1256 if (hci_conn_count(hdev) == 0) {
1257 cancel_delayed_work(&hdev->power_off);
8b064a3a 1258 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1259 }
8b064a3a
JH		 1260}
1261
23a48093 1262static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1263{
1264 struct hci_dev *hdev = req->hdev;
1265 struct hci_cp_remote_name_req_cancel cp;
1266 struct inquiry_entry *e;
1267
1268 switch (hdev->discovery.state) {
1269 case DISCOVERY_FINDING:
1270 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1271 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1272 } else {
1273 cancel_delayed_work(&hdev->le_scan_disable);
1274 hci_req_add_le_scan_disable(req);
1275 }
1276
23a48093 1277 return true;
21a60d30
JH		 1278
1279 case DISCOVERY_RESOLVING:
1280 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1281 NAME_PENDING);
1282 if (!e)
23a48093 1283 break;
21a60d30
JH		 1284
1285 bacpy(&cp.bdaddr, &e->data.bdaddr);
1286 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1287 &cp);
1288
23a48093 1289 return true;
21a60d30
JH		 1290
1291 default:
1292 /* Passive scanning */
23a48093 1293 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
21a60d30 1294 hci_req_add_le_scan_disable(req);
23a48093
JH		 1295 return true;
1296 }
1297
21a60d30
JH		 1298 break;
1299 }
23a48093
JH		 1300
1301 return false;
21a60d30
JH		 1302}
1303
8b064a3a
JH		 1304static int clean_up_hci_state(struct hci_dev *hdev)
1305{
1306 struct hci_request req;
1307 struct hci_conn *conn;
23a48093
JH		 1308 bool discov_stopped;
1309 int err;
8b064a3a
JH		 1310
1311 hci_req_init(&req, hdev);
1312
1313 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1314 test_bit(HCI_PSCAN, &hdev->flags)) {
1315 u8 scan = 0x00;
1316 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1317 }
1318
73e082f8 1319 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
8b064a3a
JH		 1320 disable_advertising(&req);
1321
23a48093 1322 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1323
1324 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1325 struct hci_cp_disconnect dc;
c9910d0f
JH		 1326 struct hci_cp_reject_conn_req rej;
1327
1328 switch (conn->state) {
1329 case BT_CONNECTED:
1330 case BT_CONFIG:
1331 dc.handle = cpu_to_le16(conn->handle);
1332 dc.reason = 0x15; /* Terminated due to Power Off */
1333 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1334 break;
1335 case BT_CONNECT:
1336 if (conn->type == LE_LINK)
1337 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1338 0, NULL);
1339 else if (conn->type == ACL_LINK)
1340 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1341 6, &conn->dst);
1342 break;
1343 case BT_CONNECT2:
1344 bacpy(&rej.bdaddr, &conn->dst);
1345 rej.reason = 0x15; /* Terminated due to Power Off */
1346 if (conn->type == ACL_LINK)
1347 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1348 sizeof(rej), &rej);
1349 else if (conn->type == SCO_LINK)
1350 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1351 sizeof(rej), &rej);
1352 break;
1353 }
8b064a3a
JH		 1354 }
1355
23a48093
JH		 1356 err = hci_req_run(&req, clean_up_hci_complete);
1357 if (!err && discov_stopped)
1358 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1359
1360 return err;
8b064a3a
JH		 1361}
1362
bdb6d971 1363static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1364 u16 len)
eec8d2bc 1365{
650f726d 1366 struct mgmt_mode *cp = data;
366a0336 1367 struct pending_cmd *cmd;
4b34ee78 1368 int err;
eec8d2bc 1369
bdb6d971 1370 BT_DBG("request for %s", hdev->name);
eec8d2bc 1371
a7e80f25
JH		 1372 if (cp->val != 0x00 && cp->val != 0x01)
1373 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1374 MGMT_STATUS_INVALID_PARAMS);
1375
09fd0de5 1376 hci_dev_lock(hdev);
eec8d2bc 1377
87b95ba6
JH		 1378 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1379 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1380 MGMT_STATUS_BUSY);
1381 goto failed;
1382 }
1383
f0d4b78a
MH		 1384 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1385 cancel_delayed_work(&hdev->power_off);
1386
1387 if (cp->val) {
a1d70450
JH		 1388 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1389 data, len);
1390 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1391 goto failed;
1392 }
1393 }
1394
4b34ee78 1395 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1396 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1397 goto failed;
1398 }
1399
2e58ef3e 1400 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1401 if (!cmd) {
1402 err = -ENOMEM;
eec8d2bc 1403 goto failed;
366a0336 1404 }
eec8d2bc 1405
8b064a3a 1406 if (cp->val) {
19202573 1407 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1408 err = 0;
1409 } else {
1410 /* Disconnect connections, stop scans, etc */
1411 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1412 if (!err)
1413 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1414 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1415
8b064a3a
JH		 1416 /* ENODATA means there were no HCI commands queued */
1417 if (err == -ENODATA) {
a3172b7e 1418 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1419 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1420 err = 0;
1421 }
1422 }
eec8d2bc
JH		 1423
1424failed:
09fd0de5 1425 hci_dev_unlock(hdev);
366a0336 1426 return err;
eec8d2bc
JH		 1427}
1428
beadb2bd
JH		 1429static int new_settings(struct hci_dev *hdev, struct sock *skip)
1430{
1431 __le32 ev;
1432
1433 ev = cpu_to_le32(get_current_settings(hdev));
1434
1435 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1436}
1437
91a668b0
JH		 1438int mgmt_new_settings(struct hci_dev *hdev)
1439{
1440 return new_settings(hdev, NULL);
1441}
1442
bd99abdd
JH		 1443struct cmd_lookup {
1444 struct sock *sk;
1445 struct hci_dev *hdev;
1446 u8 mgmt_status;
1447};
1448
1449static void settings_rsp(struct pending_cmd *cmd, void *data)
1450{
1451 struct cmd_lookup *match = data;
1452
1453 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1454
1455 list_del(&cmd->list);
1456
1457 if (match->sk == NULL) {
1458 match->sk = cmd->sk;
1459 sock_hold(match->sk);
1460 }
1461
1462 mgmt_pending_free(cmd);
1463}
1464
1465static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1466{
1467 u8 *status = data;
1468
1469 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1470 mgmt_pending_remove(cmd);
1471}
1472
e6fe7986
JH		 1473static u8 mgmt_bredr_support(struct hci_dev *hdev)
1474{
1475 if (!lmp_bredr_capable(hdev))
1476 return MGMT_STATUS_NOT_SUPPORTED;
1477 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1478 return MGMT_STATUS_REJECTED;
1479 else
1480 return MGMT_STATUS_SUCCESS;
1481}
1482
1483static u8 mgmt_le_support(struct hci_dev *hdev)
1484{
1485 if (!lmp_le_capable(hdev))
1486 return MGMT_STATUS_NOT_SUPPORTED;
1487 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1488 return MGMT_STATUS_REJECTED;
1489 else
1490 return MGMT_STATUS_SUCCESS;
1491}
1492
bfaf8c9f
JH		 1493static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1494{
1495 struct pending_cmd *cmd;
1496 struct mgmt_mode *cp;
970ba524 1497 struct hci_request req;
bfaf8c9f
JH		 1498 bool changed;
1499
1500 BT_DBG("status 0x%02x", status);
1501
1502 hci_dev_lock(hdev);
1503
1504 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1505 if (!cmd)
1506 goto unlock;
1507
1508 if (status) {
1509 u8 mgmt_err = mgmt_status(status);
1510 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1511 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1512 goto remove_cmd;
1513 }
1514
1515 cp = cmd->param;
d4462a07 1516 if (cp->val) {
bfaf8c9f
JH		 1517 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1518 &hdev->dev_flags);
d4462a07
MH		 1519
1520 if (hdev->discov_timeout > 0) {
1521 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1522 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1523 to);
1524 }
1525 } else {
bfaf8c9f
JH		 1526 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1527 &hdev->dev_flags);
d4462a07 1528 }
bfaf8c9f
JH		 1529
1530 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1531
1532 if (changed)
1533 new_settings(hdev, cmd->sk);
1534
970ba524
MH		 1535 /* When the discoverable mode gets changed, make sure
1536 * that class of device has the limited discoverable
432df05e
JH		 1537 * bit correctly set. Also update page scan based on whitelist
1538 * entries.
970ba524
MH		 1539 */
1540 hci_req_init(&req, hdev);
432df05e 1541 hci_update_page_scan(hdev, &req);
970ba524
MH		 1542 update_class(&req);
1543 hci_req_run(&req, NULL);
1544
bfaf8c9f
JH		 1545remove_cmd:
1546 mgmt_pending_remove(cmd);
1547
1548unlock:
1549 hci_dev_unlock(hdev);
1550}
1551
bdb6d971 1552static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1553 u16 len)
73f22f62 1554{
650f726d 1555 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1556 struct pending_cmd *cmd;
bfaf8c9f 1557 struct hci_request req;
5e5282bb 1558 u16 timeout;
9a43e25f 1559 u8 scan;
73f22f62
JH		 1560 int err;
1561
bdb6d971 1562 BT_DBG("request for %s", hdev->name);
73f22f62 1563
9a43e25f
JH		 1564 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1565 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1566 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1567 MGMT_STATUS_REJECTED);
33c525c0 1568
310a3d48 1569 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1570 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1571 MGMT_STATUS_INVALID_PARAMS);
1572
1f350c87 1573 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1574
1575 /* Disabling discoverable requires that no timeout is set,
1576 * and enabling limited discoverable requires a timeout.
1577 */
1578 if ((cp->val == 0x00 && timeout > 0) ||
1579 (cp->val == 0x02 && timeout == 0))
bdb6d971 1580 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1581 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1582
09fd0de5 1583 hci_dev_lock(hdev);
73f22f62 1584
5e5282bb 1585 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1586 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1587 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1588 goto failed;
1589 }
1590
2e58ef3e 1591 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1592 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1593 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1594 MGMT_STATUS_BUSY);
73f22f62
JH		 1595 goto failed;
1596 }
1597
5e5282bb 1598 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1599 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1600 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1601 goto failed;
1602 }
1603
1604 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1605 bool changed = false;
1606
310a3d48
MH		 1607 /* Setting limited discoverable when powered off is
1608 * not a valid operation since it requires a timeout
1609 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1610 */
0224d2fa
JH		 1611 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1612 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1613 changed = true;
1614 }
1615
5e5282bb 1616 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1617 if (err < 0)
1618 goto failed;
1619
1620 if (changed)
1621 err = new_settings(hdev, sk);
1622
5e5282bb
JH		 1623 goto failed;
1624 }
1625
310a3d48
MH		 1626 /* If the current mode is the same, then just update the timeout
1627 * value with the new value. And if only the timeout gets updated,
1628 * then no need for any HCI transactions.
1629 */
1630 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1631 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1632 &hdev->dev_flags)) {
36261547
MH		 1633 cancel_delayed_work(&hdev->discov_off);
1634 hdev->discov_timeout = timeout;
955638ec 1635
36261547
MH		 1636 if (cp->val && hdev->discov_timeout > 0) {
1637 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1638 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1639 to);
955638ec
MH		 1640 }
1641
69ab39ea 1642 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1643 goto failed;
1644 }
1645
2e58ef3e 1646 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1647 if (!cmd) {
1648 err = -ENOMEM;
73f22f62 1649 goto failed;
366a0336 1650 }
73f22f62 1651
310a3d48
MH		 1652 /* Cancel any potential discoverable timeout that might be
1653 * still active and store new timeout value. The arming of
1654 * the timeout happens in the complete handler.
1655 */
1656 cancel_delayed_work(&hdev->discov_off);
1657 hdev->discov_timeout = timeout;
1658
b456f87c
JH		 1659 /* Limited discoverable mode */
1660 if (cp->val == 0x02)
1661 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1662 else
1663 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1664
bfaf8c9f
JH		 1665 hci_req_init(&req, hdev);
1666
9a43e25f
JH		 1667 /* The procedure for LE-only controllers is much simpler - just
1668 * update the advertising data.
1669 */
1670 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1671 goto update_ad;
1672
73f22f62
JH		 1673 scan = SCAN_PAGE;
1674
310a3d48
MH		 1675 if (cp->val) {
1676 struct hci_cp_write_current_iac_lap hci_cp;
1677
1678 if (cp->val == 0x02) {
1679 /* Limited discoverable mode */
33337dcb 1680 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1681 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1682 hci_cp.iac_lap[1] = 0x8b;
1683 hci_cp.iac_lap[2] = 0x9e;
1684 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1685 hci_cp.iac_lap[4] = 0x8b;
1686 hci_cp.iac_lap[5] = 0x9e;
1687 } else {
1688 /* General discoverable mode */
310a3d48
MH		 1689 hci_cp.num_iac = 1;
1690 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1691 hci_cp.iac_lap[1] = 0x8b;
1692 hci_cp.iac_lap[2] = 0x9e;
1693 }
1694
1695 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1696 (hci_cp.num_iac * 3) + 1, &hci_cp);
1697
73f22f62 1698 scan |= SCAN_INQUIRY;
310a3d48
MH		 1699 } else {
1700 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1701 }
73f22f62 1702
310a3d48 1703 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1704
9a43e25f
JH		 1705update_ad:
1706 update_adv_data(&req);
1707
bfaf8c9f 1708 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1709 if (err < 0)
a664b5bc 1710 mgmt_pending_remove(cmd);
73f22f62
JH		 1711
1712failed:
09fd0de5 1713 hci_dev_unlock(hdev);
73f22f62
JH		 1714 return err;
1715}
1716
406d7804
JH		 1717static void write_fast_connectable(struct hci_request *req, bool enable)
1718{
bd98b996 1719 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1720 struct hci_cp_write_page_scan_activity acp;
1721 u8 type;
1722
547003b1
JH		 1723 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1724 return;
1725
4c01f8b8
JH		 1726 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1727 return;
1728
406d7804
JH		 1729 if (enable) {
1730 type = PAGE_SCAN_TYPE_INTERLACED;
1731
1732 /* 160 msec page scan interval */
dcf4adbf 1733 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1734 } else {
1735 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1736
1737 /* default 1.28 sec page scan */
dcf4adbf 1738 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1739 }
1740
dcf4adbf 1741 acp.window = cpu_to_le16(0x0012);
406d7804 1742
bd98b996
JH		 1743 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1744 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1745 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1746 sizeof(acp), &acp);
1747
1748 if (hdev->page_scan_type != type)
1749 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1750}
1751
2b76f453
JH		 1752static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1753{
1754 struct pending_cmd *cmd;
d7b856f9 1755 struct mgmt_mode *cp;
bc6d2d04 1756 bool conn_changed, discov_changed;
2b76f453
JH		 1757
1758 BT_DBG("status 0x%02x", status);
1759
1760 hci_dev_lock(hdev);
1761
1762 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1763 if (!cmd)
1764 goto unlock;
1765
37438c1f
JH		 1766 if (status) {
1767 u8 mgmt_err = mgmt_status(status);
1768 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1769 goto remove_cmd;
1770 }
1771
d7b856f9 1772 cp = cmd->param;
bc6d2d04
JH		 1773 if (cp->val) {
1774 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1775 &hdev->dev_flags);
1776 discov_changed = false;
1777 } else {
1778 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1779 &hdev->dev_flags);
1780 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1781 &hdev->dev_flags);
1782 }
d7b856f9 1783
2b76f453
JH		 1784 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1785
bc6d2d04 1786 if (conn_changed || discov_changed) {
d7b856f9 1787 new_settings(hdev, cmd->sk);
432df05e 1788 hci_update_page_scan(hdev, NULL);
bc6d2d04
JH		 1789 if (discov_changed)
1790 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1791 hci_update_background_scan(hdev);
1792 }
d7b856f9 1793
37438c1f 1794remove_cmd:
2b76f453
JH		 1795 mgmt_pending_remove(cmd);
1796
1797unlock:
1798 hci_dev_unlock(hdev);
1799}
1800
e8ba3a1f
JH		 1801static int set_connectable_update_settings(struct hci_dev *hdev,
1802 struct sock *sk, u8 val)
1803{
1804 bool changed = false;
1805 int err;
1806
1807 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1808 changed = true;
1809
1810 if (val) {
1811 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1812 } else {
1813 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1814 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1815 }
1816
1817 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1818 if (err < 0)
1819 return err;
1820
562064e6 1821 if (changed) {
432df05e 1822 hci_update_page_scan(hdev, NULL);
562064e6 1823 hci_update_background_scan(hdev);
e8ba3a1f 1824 return new_settings(hdev, sk);
562064e6 1825 }
e8ba3a1f
JH		 1826
1827 return 0;
1828}
1829
bdb6d971 1830static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1831 u16 len)
9fbcbb45 1832{
650f726d 1833 struct mgmt_mode *cp = data;
366a0336 1834 struct pending_cmd *cmd;
2b76f453 1835 struct hci_request req;
1987fdc7 1836 u8 scan;
9fbcbb45
JH		 1837 int err;
1838
bdb6d971 1839 BT_DBG("request for %s", hdev->name);
9fbcbb45 1840
1987fdc7
JH		 1841 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1842 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1843 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1844 MGMT_STATUS_REJECTED);
33c525c0 1845
a7e80f25
JH		 1846 if (cp->val != 0x00 && cp->val != 0x01)
1847 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1848 MGMT_STATUS_INVALID_PARAMS);
1849
09fd0de5 1850 hci_dev_lock(hdev);
9fbcbb45 1851
4b34ee78 1852 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1853 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1854 goto failed;
1855 }
1856
2e58ef3e 1857 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1858 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1859 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1860 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1861 goto failed;
1862 }
1863
2e58ef3e 1864 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1865 if (!cmd) {
1866 err = -ENOMEM;
9fbcbb45 1867 goto failed;
366a0336 1868 }
9fbcbb45 1869
9b74246f 1870 hci_req_init(&req, hdev);
9fbcbb45 1871
9a43e25f
JH		 1872 /* If BR/EDR is not enabled and we disable advertising as a
1873 * by-product of disabling connectable, we need to update the
1874 * advertising flags.
1875 */
1876 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1877 if (!cp->val) {
1878 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1879 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1880 }
1881 update_adv_data(&req);
1882 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1883 if (cp->val) {
1884 scan = SCAN_PAGE;
1885 } else {
3bd27240
JH		 1886 /* If we don't have any whitelist entries just
1887 * disable all scanning. If there are entries
1888 * and we had both page and inquiry scanning
1889 * enabled then fall back to only page scanning.
1890 * Otherwise no changes are needed.
1891 */
1892 if (list_empty(&hdev->whitelist))
1893 scan = SCAN_DISABLED;
1894 else if (test_bit(HCI_ISCAN, &hdev->flags))
1895 scan = SCAN_PAGE;
1896 else
1897 goto no_scan_update;
9b74246f
JH		 1898
1899 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1900 hdev->discov_timeout > 0)
9b74246f
JH		 1901 cancel_delayed_work(&hdev->discov_off);
1902 }
2b76f453 1903
9b74246f
JH		 1904 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1905 }
2b76f453 1906
3bd27240 1907no_scan_update:
4c01f8b8
JH		 1908 /* If we're going from non-connectable to connectable or
1909 * vice-versa when fast connectable is enabled ensure that fast
1910 * connectable gets disabled. write_fast_connectable won't do
1911 * anything if the page scan parameters are already what they
1912 * should be.
1913 */
1914 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1915 write_fast_connectable(&req, false);
1916
e8b1202c
JH		 1917 /* Update the advertising parameters if necessary */
1918 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1987fdc7 1919 enable_advertising(&req);
1987fdc7 1920
2b76f453 1921 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1922 if (err < 0) {
a664b5bc 1923 mgmt_pending_remove(cmd);
9b74246f 1924 if (err == -ENODATA)
a81070ba
JH		 1925 err = set_connectable_update_settings(hdev, sk,
1926 cp->val);
9b74246f
JH		 1927 goto failed;
1928 }
9fbcbb45
JH		 1929
1930failed:
09fd0de5 1931 hci_dev_unlock(hdev);
9fbcbb45
JH		 1932 return err;
1933}
1934
b2939475 1935static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1936 u16 len)
c542a06c 1937{
650f726d 1938 struct mgmt_mode *cp = data;
55594356 1939 bool changed;
c542a06c
JH		 1940 int err;
1941
bdb6d971 1942 BT_DBG("request for %s", hdev->name);
c542a06c 1943
a7e80f25 1944 if (cp->val != 0x00 && cp->val != 0x01)
b2939475 1945 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
a7e80f25
JH		 1946 MGMT_STATUS_INVALID_PARAMS);
1947
09fd0de5 1948 hci_dev_lock(hdev);
c542a06c
JH		 1949
1950 if (cp->val)
b6ae8457 1951 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1952 else
b6ae8457 1953 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1954
b2939475 1955 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1956 if (err < 0)
55594356 1957 goto unlock;
c542a06c 1958
55594356
MH		 1959 if (changed)
1960 err = new_settings(hdev, sk);
c542a06c 1961
55594356 1962unlock:
09fd0de5 1963 hci_dev_unlock(hdev);
c542a06c
JH		 1964 return err;
1965}
1966
04124681
GP		 1967static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1968 u16 len)
33ef95ed
JH		 1969{
1970 struct mgmt_mode *cp = data;
1971 struct pending_cmd *cmd;
e6fe7986 1972 u8 val, status;
33ef95ed
JH		 1973 int err;
1974
bdb6d971 1975 BT_DBG("request for %s", hdev->name);
33ef95ed 1976
e6fe7986
JH		 1977 status = mgmt_bredr_support(hdev);
1978 if (status)
33c525c0 1979 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1980 status);
33c525c0 1981
a7e80f25
JH		 1982 if (cp->val != 0x00 && cp->val != 0x01)
1983 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1984 MGMT_STATUS_INVALID_PARAMS);
1985
33ef95ed
JH		 1986 hci_dev_lock(hdev);
1987
4b34ee78 1988 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1989 bool changed = false;
1990
1991 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1992 &hdev->dev_flags)) {
47990ea0
JH		 1993 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1994 changed = true;
1995 }
1996
1997 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1998 if (err < 0)
1999 goto failed;
2000
2001 if (changed)
2002 err = new_settings(hdev, sk);
2003
33ef95ed
JH		 2004 goto failed;
2005 }
2006
2007 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 2008 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 2009 MGMT_STATUS_BUSY);
33ef95ed
JH		 2010 goto failed;
2011 }
2012
2013 val = !!cp->val;
2014
2015 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2016 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2017 goto failed;
2018 }
2019
2020 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2021 if (!cmd) {
2022 err = -ENOMEM;
2023 goto failed;
2024 }
2025
2026 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2027 if (err < 0) {
2028 mgmt_pending_remove(cmd);
2029 goto failed;
2030 }
2031
2032failed:
2033 hci_dev_unlock(hdev);
33ef95ed
JH		 2034 return err;
2035}
2036
bdb6d971 2037static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2038{
2039 struct mgmt_mode *cp = data;
2040 struct pending_cmd *cmd;
72ef0c1a 2041 u8 status;
ed2c4ee3
JH		 2042 int err;
2043
bdb6d971 2044 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2045
cdba5281
MH		 2046 status = mgmt_bredr_support(hdev);
2047 if (status)
2048 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2049
13ecd8b6
JH		 2050 if (!lmp_ssp_capable(hdev))
2051 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2052 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2053
a7e80f25
JH		 2054 if (cp->val != 0x00 && cp->val != 0x01)
2055 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2056 MGMT_STATUS_INVALID_PARAMS);
2057
13ecd8b6 2058 hci_dev_lock(hdev);
6c8f12c1 2059
4b34ee78 2060 if (!hdev_is_powered(hdev)) {
9ecb3e24 2061 bool changed;
c0ecddc2 2062
9ecb3e24
MH		 2063 if (cp->val) {
2064 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2065 &hdev->dev_flags);
2066 } else {
2067 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2068 &hdev->dev_flags);
2069 if (!changed)
2070 changed = test_and_clear_bit(HCI_HS_ENABLED,
2071 &hdev->dev_flags);
2072 else
2073 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2074 }
2075
2076 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2077 if (err < 0)
2078 goto failed;
2079
2080 if (changed)
2081 err = new_settings(hdev, sk);
2082
ed2c4ee3
JH		 2083 goto failed;
2084 }
2085
9ecb3e24
MH		 2086 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2087 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 2088 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2089 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2090 goto failed;
2091 }
2092
72ef0c1a 2093 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2094 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2095 goto failed;
2096 }
2097
2098 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2099 if (!cmd) {
2100 err = -ENOMEM;
2101 goto failed;
2102 }
2103
3769972b
JH		 2104 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2105 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2106 sizeof(cp->val), &cp->val);
2107
72ef0c1a 2108 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2109 if (err < 0) {
2110 mgmt_pending_remove(cmd);
2111 goto failed;
2112 }
2113
2114failed:
2115 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2116 return err;
2117}
2118
bdb6d971 2119static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2120{
2121 struct mgmt_mode *cp = data;
ee392693 2122 bool changed;
e6fe7986 2123 u8 status;
ee392693 2124 int err;
6d80dfd0 2125
bdb6d971 2126 BT_DBG("request for %s", hdev->name);
6d80dfd0 2127
e6fe7986
JH		 2128 status = mgmt_bredr_support(hdev);
2129 if (status)
2130 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2131
9ecb3e24
MH		 2132 if (!lmp_ssp_capable(hdev))
2133 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2134 MGMT_STATUS_NOT_SUPPORTED);
2135
2136 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2137 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2138 MGMT_STATUS_REJECTED);
2139
a7e80f25
JH		 2140 if (cp->val != 0x00 && cp->val != 0x01)
2141 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2142 MGMT_STATUS_INVALID_PARAMS);
2143
ee392693
MH		 2144 hci_dev_lock(hdev);
2145
a0cdf960 2146 if (cp->val) {
ee392693 2147 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2148 } else {
2149 if (hdev_is_powered(hdev)) {
2150 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2151 MGMT_STATUS_REJECTED);
2152 goto unlock;
2153 }
2154
ee392693 2155 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2156 }
ee392693
MH		 2157
2158 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2159 if (err < 0)
2160 goto unlock;
2161
2162 if (changed)
2163 err = new_settings(hdev, sk);
6d80dfd0 2164
ee392693
MH		 2165unlock:
2166 hci_dev_unlock(hdev);
2167 return err;
6d80dfd0
JH		 2168}
2169
416a4ae5
JH		 2170static void le_enable_complete(struct hci_dev *hdev, u8 status)
2171{
2172 struct cmd_lookup match = { NULL, hdev };
2173
2174 if (status) {
2175 u8 mgmt_err = mgmt_status(status);
2176
2177 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2178 &mgmt_err);
2179 return;
2180 }
2181
2182 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2183
2184 new_settings(hdev, match.sk);
2185
2186 if (match.sk)
2187 sock_put(match.sk);
441ad2d0
MH		 2188
2189 /* Make sure the controller has a good default for
2190 * advertising data. Restrict the update to when LE
2191 * has actually been enabled. During power on, the
2192 * update in powered_update_hci will take care of it.
2193 */
2194 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2195 struct hci_request req;
2196
2197 hci_dev_lock(hdev);
2198
2199 hci_req_init(&req, hdev);
5947f4bc 2200 update_adv_data(&req);
f14d8f64 2201 update_scan_rsp_data(&req);
441ad2d0
MH		 2202 hci_req_run(&req, NULL);
2203
a70f4b5f
JH		 2204 hci_update_background_scan(hdev);
2205
441ad2d0
MH		 2206 hci_dev_unlock(hdev);
2207 }
416a4ae5
JH		 2208}
2209
bdb6d971 2210static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2211{
2212 struct mgmt_mode *cp = data;
2213 struct hci_cp_write_le_host_supported hci_cp;
2214 struct pending_cmd *cmd;
416a4ae5 2215 struct hci_request req;
06199cf8 2216 int err;
0b60eba1 2217 u8 val, enabled;
06199cf8 2218
bdb6d971 2219 BT_DBG("request for %s", hdev->name);
06199cf8 2220
13ecd8b6
JH		 2221 if (!lmp_le_capable(hdev))
2222 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2223 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2224
a7e80f25
JH		 2225 if (cp->val != 0x00 && cp->val != 0x01)
2226 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2227 MGMT_STATUS_INVALID_PARAMS);
2228
c73eee91 2229 /* LE-only devices do not allow toggling LE on/off */
56f87901 2230 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2231 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2232 MGMT_STATUS_REJECTED);
2233
13ecd8b6 2234 hci_dev_lock(hdev);
06199cf8
JH		 2235
2236 val = !!cp->val;
ffa88e02 2237 enabled = lmp_host_le_capable(hdev);
06199cf8 2238
0b60eba1 2239 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2240 bool changed = false;
2241
2242 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2243 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2244 changed = true;
2245 }
2246
f3d3444a
JH		 2247 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2248 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2249 changed = true;
2250 }
2251
06199cf8
JH		 2252 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2253 if (err < 0)
1de028ce 2254 goto unlock;
06199cf8
JH		 2255
2256 if (changed)
2257 err = new_settings(hdev, sk);
2258
1de028ce 2259 goto unlock;
06199cf8
JH		 2260 }
2261
4375f103
JH		 2262 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2263 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2264 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2265 MGMT_STATUS_BUSY);
1de028ce 2266 goto unlock;
06199cf8
JH		 2267 }
2268
2269 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2270 if (!cmd) {
2271 err = -ENOMEM;
1de028ce 2272 goto unlock;
06199cf8
JH		 2273 }
2274
441ad2d0
MH		 2275 hci_req_init(&req, hdev);
2276
06199cf8
JH		 2277 memset(&hci_cp, 0, sizeof(hci_cp));
2278
2279 if (val) {
2280 hci_cp.le = val;
32226e4f 2281 hci_cp.simul = 0x00;
441ad2d0 2282 } else {
73e082f8 2283 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
441ad2d0 2284 disable_advertising(&req);
06199cf8
JH		 2285 }
2286
416a4ae5
JH		 2287 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2288 &hci_cp);
2289
2290 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2291 if (err < 0)
06199cf8 2292 mgmt_pending_remove(cmd);
06199cf8 2293
1de028ce
JH		 2294unlock:
2295 hci_dev_unlock(hdev);
06199cf8
JH		 2296 return err;
2297}
2298
0cab9c80
JH		 2299/* This is a helper function to test for pending mgmt commands that can
2300 * cause CoD or EIR HCI commands. We can only allow one such pending
2301 * mgmt command at a time since otherwise we cannot easily track what
2302 * the current values are, will be, and based on that calculate if a new
2303 * HCI command needs to be sent and if yes with what value.
2304 */
2305static bool pending_eir_or_class(struct hci_dev *hdev)
2306{
2307 struct pending_cmd *cmd;
2308
2309 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2310 switch (cmd->opcode) {
2311 case MGMT_OP_ADD_UUID:
2312 case MGMT_OP_REMOVE_UUID:
2313 case MGMT_OP_SET_DEV_CLASS:
2314 case MGMT_OP_SET_POWERED:
2315 return true;
2316 }
2317 }
2318
2319 return false;
2320}
2321
83be8eca
JH		 2322static const u8 bluetooth_base_uuid[] = {
2323 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2324 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2325};
2326
2327static u8 get_uuid_size(const u8 *uuid)
2328{
2329 u32 val;
2330
2331 if (memcmp(uuid, bluetooth_base_uuid, 12))
2332 return 128;
2333
2334 val = get_unaligned_le32(&uuid[12]);
2335 if (val > 0xffff)
2336 return 32;
2337
2338 return 16;
2339}
2340
92da6097
JH		 2341static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2342{
2343 struct pending_cmd *cmd;
2344
2345 hci_dev_lock(hdev);
2346
2347 cmd = mgmt_pending_find(mgmt_op, hdev);
2348 if (!cmd)
2349 goto unlock;
2350
2351 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2352 hdev->dev_class, 3);
2353
2354 mgmt_pending_remove(cmd);
2355
2356unlock:
2357 hci_dev_unlock(hdev);
2358}
2359
2360static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2361{
2362 BT_DBG("status 0x%02x", status);
2363
2364 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2365}
2366
bdb6d971 2367static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2368{
650f726d 2369 struct mgmt_cp_add_uuid *cp = data;
90e70454 2370 struct pending_cmd *cmd;
890ea898 2371 struct hci_request req;
2aeb9a1a 2372 struct bt_uuid *uuid;
2aeb9a1a
JH		 2373 int err;
2374
bdb6d971 2375 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2376
09fd0de5 2377 hci_dev_lock(hdev);
2aeb9a1a 2378
0cab9c80 2379 if (pending_eir_or_class(hdev)) {
bdb6d971 2380 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2381 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2382 goto failed;
2383 }
2384
92c4c204 2385 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2386 if (!uuid) {
2387 err = -ENOMEM;
2388 goto failed;
2389 }
2390
2391 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2392 uuid->svc_hint = cp->svc_hint;
83be8eca 2393 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2394
de66aa63 2395 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2396
890ea898 2397 hci_req_init(&req, hdev);
1aff6f09 2398
890ea898
JH		 2399 update_class(&req);
2400 update_eir(&req);
2401
92da6097
JH		 2402 err = hci_req_run(&req, add_uuid_complete);
2403 if (err < 0) {
2404 if (err != -ENODATA)
2405 goto failed;
80a1e1db 2406
bdb6d971 2407 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2408 hdev->dev_class, 3);
90e70454
JH		 2409 goto failed;
2410 }
2411
2412 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2413 if (!cmd) {
90e70454 2414 err = -ENOMEM;
890ea898
JH		 2415 goto failed;
2416 }
2417
2418 err = 0;
2aeb9a1a
JH		 2419
2420failed:
09fd0de5 2421 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2422 return err;
2423}
2424
24b78d0f
JH		 2425static bool enable_service_cache(struct hci_dev *hdev)
2426{
2427 if (!hdev_is_powered(hdev))
2428 return false;
2429
2430 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2431 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2432 CACHE_TIMEOUT);
24b78d0f
JH		 2433 return true;
2434 }
2435
2436 return false;
2437}
2438
92da6097
JH		 2439static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2440{
2441 BT_DBG("status 0x%02x", status);
2442
2443 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2444}
2445
bdb6d971 2446static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2447 u16 len)
2aeb9a1a 2448{
650f726d 2449 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2450 struct pending_cmd *cmd;
056341c8 2451 struct bt_uuid *match, *tmp;
2aeb9a1a 2452 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2453 struct hci_request req;
2aeb9a1a
JH		 2454 int err, found;
2455
bdb6d971 2456 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2457
09fd0de5 2458 hci_dev_lock(hdev);
2aeb9a1a 2459
0cab9c80 2460 if (pending_eir_or_class(hdev)) {
bdb6d971 2461 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2462 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2463 goto unlock;
2464 }
2465
2aeb9a1a 2466 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2467 hci_uuids_clear(hdev);
4004b6d9 2468
24b78d0f 2469 if (enable_service_cache(hdev)) {
bdb6d971 2470 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2471 0, hdev->dev_class, 3);
24b78d0f
JH		 2472 goto unlock;
2473 }
4004b6d9 2474
9246a869 2475 goto update_class;
2aeb9a1a
JH		 2476 }
2477
2478 found = 0;
2479
056341c8 2480 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2481 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2482 continue;
2483
2484 list_del(&match->list);
482049f7 2485 kfree(match);
2aeb9a1a
JH		 2486 found++;
2487 }
2488
2489 if (found == 0) {
bdb6d971 2490 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2491 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2492 goto unlock;
2493 }
2494
9246a869 2495update_class:
890ea898 2496 hci_req_init(&req, hdev);
1aff6f09 2497
890ea898
JH		 2498 update_class(&req);
2499 update_eir(&req);
2500
92da6097
JH		 2501 err = hci_req_run(&req, remove_uuid_complete);
2502 if (err < 0) {
2503 if (err != -ENODATA)
2504 goto unlock;
80a1e1db 2505
bdb6d971 2506 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2507 hdev->dev_class, 3);
90e70454
JH		 2508 goto unlock;
2509 }
2510
2511 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2512 if (!cmd) {
90e70454 2513 err = -ENOMEM;
890ea898
JH		 2514 goto unlock;
2515 }
2516
2517 err = 0;
2aeb9a1a
JH		 2518
2519unlock:
09fd0de5 2520 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2521 return err;
2522}
2523
92da6097
JH		 2524static void set_class_complete(struct hci_dev *hdev, u8 status)
2525{
2526 BT_DBG("status 0x%02x", status);
2527
2528 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2529}
2530
bdb6d971 2531static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2532 u16 len)
1aff6f09 2533{
650f726d 2534 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2535 struct pending_cmd *cmd;
890ea898 2536 struct hci_request req;
1aff6f09
JH		 2537 int err;
2538
bdb6d971 2539 BT_DBG("request for %s", hdev->name);
1aff6f09 2540
6203fc98 2541 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2542 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2543 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2544
0cab9c80 2545 hci_dev_lock(hdev);
ee98f473 2546
0cab9c80
JH		 2547 if (pending_eir_or_class(hdev)) {
2548 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2549 MGMT_STATUS_BUSY);
2550 goto unlock;
2551 }
c95f0ba7 2552
0cab9c80
JH		 2553 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2554 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2555 MGMT_STATUS_INVALID_PARAMS);
2556 goto unlock;
2557 }
575b3a02 2558
932f5ff5
JH		 2559 hdev->major_class = cp->major;
2560 hdev->minor_class = cp->minor;
2561
b5235a65 2562 if (!hdev_is_powered(hdev)) {
bdb6d971 2563 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2564 hdev->dev_class, 3);
b5235a65
JH		 2565 goto unlock;
2566 }
2567
890ea898
JH		 2568 hci_req_init(&req, hdev);
2569
a8b2d5c2 2570 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2571 hci_dev_unlock(hdev);
2572 cancel_delayed_work_sync(&hdev->service_cache);
2573 hci_dev_lock(hdev);
890ea898 2574 update_eir(&req);
7d78525d 2575 }
14c0b608 2576
890ea898
JH		 2577 update_class(&req);
2578
92da6097
JH		 2579 err = hci_req_run(&req, set_class_complete);
2580 if (err < 0) {
2581 if (err != -ENODATA)
2582 goto unlock;
1aff6f09 2583
bdb6d971 2584 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2585 hdev->dev_class, 3);
90e70454
JH		 2586 goto unlock;
2587 }
2588
2589 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2590 if (!cmd) {
90e70454 2591 err = -ENOMEM;
890ea898
JH		 2592 goto unlock;
2593 }
2594
2595 err = 0;
1aff6f09 2596
b5235a65 2597unlock:
09fd0de5 2598 hci_dev_unlock(hdev);
1aff6f09
JH		 2599 return err;
2600}
2601
bdb6d971 2602static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2603 u16 len)
55ed8ca1 2604{
650f726d 2605 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2606 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2607 sizeof(struct mgmt_link_key_info));
4e51eae9 2608 u16 key_count, expected_len;
b1de97d8 2609 bool changed;
a492cd52 2610 int i;
55ed8ca1 2611
9060d5cf
MH		 2612 BT_DBG("request for %s", hdev->name);
2613
2614 if (!lmp_bredr_capable(hdev))
2615 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2616 MGMT_STATUS_NOT_SUPPORTED);
2617
1f350c87 2618 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2619 if (key_count > max_key_count) {
2620 BT_ERR("load_link_keys: too big key_count value %u",
2621 key_count);
2622 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2623 MGMT_STATUS_INVALID_PARAMS);
2624 }
55ed8ca1 2625
86742e1e
JH		 2626 expected_len = sizeof(*cp) + key_count *
2627 sizeof(struct mgmt_link_key_info);
a492cd52 2628 if (expected_len != len) {
86742e1e 2629 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2630 expected_len, len);
bdb6d971 2631 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2632 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2633 }
2634
4ae14301
JH		 2635 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2636 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2637 MGMT_STATUS_INVALID_PARAMS);
2638
bdb6d971 2639 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2640 key_count);
55ed8ca1 2641
4ee71b20
JH		 2642 for (i = 0; i < key_count; i++) {
2643 struct mgmt_link_key_info *key = &cp->keys[i];
2644
8e991132 2645 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2646 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2647 MGMT_STATUS_INVALID_PARAMS);
2648 }
2649
09fd0de5 2650 hci_dev_lock(hdev);
55ed8ca1
JH		 2651
2652 hci_link_keys_clear(hdev);
2653
55ed8ca1 2654 if (cp->debug_keys)
0663b297
JH		 2655 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2656 &hdev->dev_flags);
55ed8ca1 2657 else
0663b297
JH		 2658 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2659 &hdev->dev_flags);
b1de97d8
MH		 2660
2661 if (changed)
2662 new_settings(hdev, NULL);
55ed8ca1 2663
a492cd52 2664 for (i = 0; i < key_count; i++) {
86742e1e 2665 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2666
58e9293c
JH		 2667 /* Always ignore debug keys and require a new pairing if
2668 * the user wants to use them.
2669 */
2670 if (key->type == HCI_LK_DEBUG_COMBINATION)
2671 continue;
2672
7652ff6a
JH		 2673 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2674 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2675 }
2676
bdb6d971 2677 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2678
09fd0de5 2679 hci_dev_unlock(hdev);
55ed8ca1 2680
a492cd52 2681 return 0;
55ed8ca1
JH		 2682}
2683
b1078ad0 2684static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2685 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2686{
2687 struct mgmt_ev_device_unpaired ev;
2688
2689 bacpy(&ev.addr.bdaddr, bdaddr);
2690 ev.addr.type = addr_type;
2691
2692 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2693 skip_sk);
b1078ad0
JH		 2694}
2695
bdb6d971 2696static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2697 u16 len)
55ed8ca1 2698{
124f6e35
JH		 2699 struct mgmt_cp_unpair_device *cp = data;
2700 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2701 struct hci_cp_disconnect dc;
2702 struct pending_cmd *cmd;
55ed8ca1 2703 struct hci_conn *conn;
55ed8ca1
JH		 2704 int err;
2705
a8a1d19e 2706 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2707 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2708 rp.addr.type = cp->addr.type;
a8a1d19e 2709
4ee71b20
JH		 2710 if (!bdaddr_type_is_valid(cp->addr.type))
2711 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2712 MGMT_STATUS_INVALID_PARAMS,
2713 &rp, sizeof(rp));
2714
118da70b
JH		 2715 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2716 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2717 MGMT_STATUS_INVALID_PARAMS,
2718 &rp, sizeof(rp));
2719
4ee71b20
JH		 2720 hci_dev_lock(hdev);
2721
86a8cfc6 2722 if (!hdev_is_powered(hdev)) {
bdb6d971 2723 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2724 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2725 goto unlock;
2726 }
2727
e0b2b27e 2728 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2729 /* If disconnection is requested, then look up the
2730 * connection. If the remote device is connected, it
2731 * will be later used to terminate the link.
2732 *
2733 * Setting it to NULL explicitly will cause no
2734 * termination of the link.
2735 */
2736 if (cp->disconnect)
2737 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2738 &cp->addr.bdaddr);
2739 else
2740 conn = NULL;
2741
124f6e35 2742 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2743 } else {
2744 u8 addr_type;
2745
89cbb063
AA		 2746 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2747 &cp->addr.bdaddr);
2748 if (conn) {
2749 /* Defer clearing up the connection parameters
2750 * until closing to give a chance of keeping
2751 * them if a repairing happens.
2752 */
2753 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2754
2755 /* If disconnection is not requested, then
2756 * clear the connection variable so that the
2757 * link is not terminated.
2758 */
2759 if (!cp->disconnect)
2760 conn = NULL;
2761 }
2762
e0b2b27e
JH		 2763 if (cp->addr.type == BDADDR_LE_PUBLIC)
2764 addr_type = ADDR_LE_DEV_PUBLIC;
2765 else
2766 addr_type = ADDR_LE_DEV_RANDOM;
2767
a7ec7338
JH		 2768 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2769
e0b2b27e
JH		 2770 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2771 }
b0dbfb46 2772
55ed8ca1 2773 if (err < 0) {
bdb6d971 2774 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2775 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2776 goto unlock;
2777 }
2778
89cbb063
AA		 2779 /* If the connection variable is set, then termination of the
2780 * link is requested.
2781 */
a8a1d19e 2782 if (!conn) {
bdb6d971 2783 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2784 &rp, sizeof(rp));
b1078ad0 2785 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2786 goto unlock;
2787 }
55ed8ca1 2788
124f6e35 2789 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2790 sizeof(*cp));
a8a1d19e
JH		 2791 if (!cmd) {
2792 err = -ENOMEM;
2793 goto unlock;
55ed8ca1
JH		 2794 }
2795
eb55ef07 2796 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2797 dc.reason = 0x13; /* Remote User Terminated Connection */
2798 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2799 if (err < 0)
2800 mgmt_pending_remove(cmd);
2801
55ed8ca1 2802unlock:
09fd0de5 2803 hci_dev_unlock(hdev);
55ed8ca1
JH		 2804 return err;
2805}
2806
bdb6d971 2807static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2808 u16 len)
8962ee74 2809{
650f726d 2810 struct mgmt_cp_disconnect *cp = data;
06a63b19 2811 struct mgmt_rp_disconnect rp;
366a0336 2812 struct pending_cmd *cmd;
8962ee74 2813 struct hci_conn *conn;
8962ee74
JH		 2814 int err;
2815
2816 BT_DBG("");
2817
06a63b19
JH		 2818 memset(&rp, 0, sizeof(rp));
2819 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2820 rp.addr.type = cp->addr.type;
2821
4ee71b20 2822 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2823 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2824 MGMT_STATUS_INVALID_PARAMS,
2825 &rp, sizeof(rp));
4ee71b20 2826
09fd0de5 2827 hci_dev_lock(hdev);
8962ee74
JH		 2828
2829 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2830 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2831 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2832 goto failed;
2833 }
2834
2e58ef3e 2835 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2836 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2837 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2838 goto failed;
2839 }
2840
591f47f3 2841 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2842 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2843 &cp->addr.bdaddr);
88c3df13
JH		 2844 else
2845 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2846
f960727e 2847 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2848 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2849 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2850 goto failed;
2851 }
2852
2e58ef3e 2853 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2854 if (!cmd) {
2855 err = -ENOMEM;
8962ee74 2856 goto failed;
366a0336 2857 }
8962ee74 2858
e3f2f92a 2859 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2860 if (err < 0)
a664b5bc 2861 mgmt_pending_remove(cmd);
8962ee74
JH		 2862
2863failed:
09fd0de5 2864 hci_dev_unlock(hdev);
8962ee74
JH		 2865 return err;
2866}
2867
57c1477c 2868static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2869{
2870 switch (link_type) {
2871 case LE_LINK:
48264f06
JH		 2872 switch (addr_type) {
2873 case ADDR_LE_DEV_PUBLIC:
591f47f3 2874 return BDADDR_LE_PUBLIC;
0ed09148 2875
48264f06 2876 default:
0ed09148 2877 /* Fallback to LE Random address type */
591f47f3 2878 return BDADDR_LE_RANDOM;
48264f06 2879 }
0ed09148 2880
4c659c39 2881 default:
0ed09148 2882 /* Fallback to BR/EDR type */
591f47f3 2883 return BDADDR_BREDR;
4c659c39
JH		 2884 }
2885}
2886
04124681
GP		 2887static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2888 u16 data_len)
2784eb41 2889{
2784eb41 2890 struct mgmt_rp_get_connections *rp;
8035ded4 2891 struct hci_conn *c;
a38528f1 2892 size_t rp_len;
60fc5fb6
JH		 2893 int err;
2894 u16 i;
2784eb41
JH		 2895
2896 BT_DBG("");
2897
09fd0de5 2898 hci_dev_lock(hdev);
2784eb41 2899
5f97c1df 2900 if (!hdev_is_powered(hdev)) {
bdb6d971 2901 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2902 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2903 goto unlock;
2904 }
2905
60fc5fb6 2906 i = 0;
b644ba33
JH		 2907 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2908 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2909 i++;
2784eb41
JH		 2910 }
2911
60fc5fb6 2912 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2913 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2914 if (!rp) {
2784eb41
JH		 2915 err = -ENOMEM;
2916 goto unlock;
2917 }
2918
2784eb41 2919 i = 0;
4c659c39 2920 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2921 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2922 continue;
4c659c39 2923 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2924 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2925 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2926 continue;
2927 i++;
2928 }
2929
eb55ef07 2930 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2931
4c659c39
JH		 2932 /* Recalculate length in case of filtered SCO connections, etc */
2933 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2934
bdb6d971 2935 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2936 rp_len);
2784eb41 2937
a38528f1 2938 kfree(rp);
5f97c1df
JH		 2939
2940unlock:
09fd0de5 2941 hci_dev_unlock(hdev);
2784eb41
JH		 2942 return err;
2943}
2944
bdb6d971 2945static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2946 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2947{
2948 struct pending_cmd *cmd;
2949 int err;
2950
2e58ef3e 2951 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2952 sizeof(*cp));
96d97a67
WR		 2953 if (!cmd)
2954 return -ENOMEM;
2955
d8457698 2956 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2957 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2958 if (err < 0)
2959 mgmt_pending_remove(cmd);
2960
2961 return err;
2962}
2963
bdb6d971 2964static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2965 u16 len)
980e1a53 2966{
96d97a67 2967 struct hci_conn *conn;
650f726d 2968 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2969 struct hci_cp_pin_code_reply reply;
366a0336 2970 struct pending_cmd *cmd;
980e1a53
JH		 2971 int err;
2972
2973 BT_DBG("");
2974
09fd0de5 2975 hci_dev_lock(hdev);
980e1a53 2976
4b34ee78 2977 if (!hdev_is_powered(hdev)) {
bdb6d971 2978 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2979 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2980 goto failed;
2981 }
2982
d8457698 2983 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2984 if (!conn) {
bdb6d971 2985 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2986 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2987 goto failed;
2988 }
2989
2990 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2991 struct mgmt_cp_pin_code_neg_reply ncp;
2992
2993 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2994
2995 BT_ERR("PIN code is not 16 bytes long");
2996
bdb6d971 2997 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2998 if (err >= 0)
bdb6d971 2999 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3000 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3001
3002 goto failed;
3003 }
3004
00abfe44 3005 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3006 if (!cmd) {
3007 err = -ENOMEM;
980e1a53 3008 goto failed;
366a0336 3009 }
980e1a53 3010
d8457698 3011 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3012 reply.pin_len = cp->pin_len;
24718ca5 3013 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3014
3015 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3016 if (err < 0)
a664b5bc 3017 mgmt_pending_remove(cmd);
980e1a53
JH		 3018
3019failed:
09fd0de5 3020 hci_dev_unlock(hdev);
980e1a53
JH		 3021 return err;
3022}
3023
04124681
GP		 3024static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3025 u16 len)
17fa4b9d 3026{
650f726d 3027 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3028
3029 BT_DBG("");
3030
4ec86d4c
JH		 3031 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3032 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3033 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3034
09fd0de5 3035 hci_dev_lock(hdev);
17fa4b9d
JH		 3036
3037 hdev->io_capability = cp->io_capability;
3038
3039 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3040 hdev->io_capability);
17fa4b9d 3041
09fd0de5 3042 hci_dev_unlock(hdev);
17fa4b9d 3043
04124681
GP		 3044 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3045 0);
17fa4b9d
JH		 3046}
3047
6039aa73 3048static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3049{
3050 struct hci_dev *hdev = conn->hdev;
8035ded4 3051 struct pending_cmd *cmd;
e9a416b5 3052
2e58ef3e 3053 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3054 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3055 continue;
3056
e9a416b5
JH		 3057 if (cmd->user_data != conn)
3058 continue;
3059
3060 return cmd;
3061 }
3062
3063 return NULL;
3064}
3065
3066static void pairing_complete(struct pending_cmd *cmd, u8 status)
3067{
3068 struct mgmt_rp_pair_device rp;
3069 struct hci_conn *conn = cmd->user_data;
3070
61b1a7fb
JH		 3071 bacpy(&rp.addr.bdaddr, &conn->dst);
3072 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3073
aee9b218 3074 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 3075 &rp, sizeof(rp));
e9a416b5
JH		 3076
3077 /* So we don't get further callbacks for this connection */
3078 conn->connect_cfm_cb = NULL;
3079 conn->security_cfm_cb = NULL;
3080 conn->disconn_cfm_cb = NULL;
3081
76a68ba0 3082 hci_conn_drop(conn);
f8aaf9b6 3083 hci_conn_put(conn);
e9a416b5 3084
a664b5bc 3085 mgmt_pending_remove(cmd);
89cbb063
AA		 3086
3087 /* The device is paired so there is no need to remove
3088 * its connection parameters anymore.
3089 */
3090 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
e9a416b5
JH		 3091}
3092
f4a407be
JH		 3093void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3094{
3095 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3096 struct pending_cmd *cmd;
3097
3098 cmd = find_pairing(conn);
3099 if (cmd)
3100 pairing_complete(cmd, status);
3101}
3102
e9a416b5
JH		 3103static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3104{
3105 struct pending_cmd *cmd;
3106
3107 BT_DBG("status %u", status);
3108
3109 cmd = find_pairing(conn);
56e5cb86 3110 if (!cmd)
e9a416b5 3111 BT_DBG("Unable to find a pending command");
56e5cb86 3112 else
e211326c 3113 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 3114}
3115
f4a407be 3116static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 3117{
3118 struct pending_cmd *cmd;
3119
3120 BT_DBG("status %u", status);
3121
3122 if (!status)
3123 return;
3124
3125 cmd = find_pairing(conn);
3126 if (!cmd)
3127 BT_DBG("Unable to find a pending command");
3128 else
3129 pairing_complete(cmd, mgmt_status(status));
3130}
3131
bdb6d971 3132static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3133 u16 len)
e9a416b5 3134{
650f726d 3135 struct mgmt_cp_pair_device *cp = data;
1425acb7 3136 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 3137 struct pending_cmd *cmd;
3138 u8 sec_level, auth_type;
3139 struct hci_conn *conn;
e9a416b5
JH		 3140 int err;
3141
3142 BT_DBG("");
3143
f950a30e
SJ		 3144 memset(&rp, 0, sizeof(rp));
3145 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3146 rp.addr.type = cp->addr.type;
3147
4ee71b20
JH		 3148 if (!bdaddr_type_is_valid(cp->addr.type))
3149 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3150 MGMT_STATUS_INVALID_PARAMS,
3151 &rp, sizeof(rp));
3152
4ec86d4c
JH		 3153 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3154 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3155 MGMT_STATUS_INVALID_PARAMS,
3156 &rp, sizeof(rp));
3157
09fd0de5 3158 hci_dev_lock(hdev);
e9a416b5 3159
5f97c1df 3160 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 3161 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3162 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 3163 goto unlock;
3164 }
3165
c908df36 3166 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3167 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3168
6f77d8c7 3169 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3170 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3171 auth_type);
6f77d8c7
AG		 3172 } else {
3173 u8 addr_type;
3174
3175 /* Convert from L2CAP channel address type to HCI address type
3176 */
3177 if (cp->addr.type == BDADDR_LE_PUBLIC)
3178 addr_type = ADDR_LE_DEV_PUBLIC;
3179 else
3180 addr_type = ADDR_LE_DEV_RANDOM;
3181
7c264b10
MH		 3182 /* When pairing a new device, it is expected to remember
3183 * this device for future connections. Adding the connection
3184 * parameter information ahead of time allows tracking
3185 * of the slave preferred values and will speed up any
3186 * further connection establishment.
3187 *
3188 * If connection parameters already exist, then they
3189 * will be kept and this function does nothing.
3190 */
3191 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3192
6f77d8c7 3193 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3194 sec_level, HCI_LE_CONN_TIMEOUT,
3195 HCI_ROLE_MASTER);
6f77d8c7 3196 }
7a512d01 3197
30e76272 3198 if (IS_ERR(conn)) {
489dc48e
AK		 3199 int status;
3200
3201 if (PTR_ERR(conn) == -EBUSY)
3202 status = MGMT_STATUS_BUSY;
3203 else
3204 status = MGMT_STATUS_CONNECT_FAILED;
3205
bdb6d971 3206 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 3207 status, &rp,
04124681 3208 sizeof(rp));
e9a416b5
JH		 3209 goto unlock;
3210 }
3211
3212 if (conn->connect_cfm_cb) {
76a68ba0 3213 hci_conn_drop(conn);
bdb6d971 3214 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 3215 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3216 goto unlock;
3217 }
3218
2e58ef3e 3219 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3220 if (!cmd) {
3221 err = -ENOMEM;
76a68ba0 3222 hci_conn_drop(conn);
e9a416b5
JH		 3223 goto unlock;
3224 }
3225
7a512d01 3226 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3227 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3228 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3229 conn->security_cfm_cb = pairing_complete_cb;
3230 conn->disconn_cfm_cb = pairing_complete_cb;
3231 } else {
3232 conn->connect_cfm_cb = le_pairing_complete_cb;
3233 conn->security_cfm_cb = le_pairing_complete_cb;
3234 conn->disconn_cfm_cb = le_pairing_complete_cb;
3235 }
7a512d01 3236
e9a416b5 3237 conn->io_capability = cp->io_cap;
f8aaf9b6 3238 cmd->user_data = hci_conn_get(conn);
e9a416b5 3239
6f78fd4b 3240 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
e7cafc45 3241 hci_conn_security(conn, sec_level, auth_type, true))
e9a416b5
JH		 3242 pairing_complete(cmd, 0);
3243
3244 err = 0;
3245
3246unlock:
09fd0de5 3247 hci_dev_unlock(hdev);
e9a416b5
JH		 3248 return err;
3249}
3250
04124681
GP		 3251static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3252 u16 len)
28424707 3253{
0f4e68cf 3254 struct mgmt_addr_info *addr = data;
28424707
JH		 3255 struct pending_cmd *cmd;
3256 struct hci_conn *conn;
3257 int err;
3258
3259 BT_DBG("");
3260
28424707
JH		 3261 hci_dev_lock(hdev);
3262
5f97c1df 3263 if (!hdev_is_powered(hdev)) {
bdb6d971 3264 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3265 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3266 goto unlock;
3267 }
3268
28424707
JH		 3269 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3270 if (!cmd) {
bdb6d971 3271 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3272 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3273 goto unlock;
3274 }
3275
3276 conn = cmd->user_data;
3277
3278 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3279 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3280 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3281 goto unlock;
3282 }
3283
3284 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3285
bdb6d971 3286 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3287 addr, sizeof(*addr));
28424707
JH		 3288unlock:
3289 hci_dev_unlock(hdev);
28424707
JH		 3290 return err;
3291}
3292
bdb6d971 3293static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3294 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3295 u16 hci_op, __le32 passkey)
a5c29683 3296{
a5c29683 3297 struct pending_cmd *cmd;
0df4c185 3298 struct hci_conn *conn;
a5c29683
JH		 3299 int err;
3300
09fd0de5 3301 hci_dev_lock(hdev);
08ba5382 3302
4b34ee78 3303 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3304 err = cmd_complete(sk, hdev->id, mgmt_op,
3305 MGMT_STATUS_NOT_POWERED, addr,
3306 sizeof(*addr));
0df4c185 3307 goto done;
a5c29683
JH		 3308 }
3309
1707c60e
JH		 3310 if (addr->type == BDADDR_BREDR)
3311 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3312 else
1707c60e 3313 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3314
3315 if (!conn) {
feb94d3d
JH		 3316 err = cmd_complete(sk, hdev->id, mgmt_op,
3317 MGMT_STATUS_NOT_CONNECTED, addr,
3318 sizeof(*addr));
272d90df
JH		 3319 goto done;
3320 }
47c15e2b 3321
1707c60e 3322 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3323 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3324 if (!err)
feb94d3d
JH		 3325 err = cmd_complete(sk, hdev->id, mgmt_op,
3326 MGMT_STATUS_SUCCESS, addr,
3327 sizeof(*addr));
5fe57d9e 3328 else
feb94d3d
JH		 3329 err = cmd_complete(sk, hdev->id, mgmt_op,
3330 MGMT_STATUS_FAILED, addr,
3331 sizeof(*addr));
47c15e2b 3332
47c15e2b
BG		 3333 goto done;
3334 }
3335
1707c60e 3336 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3337 if (!cmd) {
3338 err = -ENOMEM;
0df4c185 3339 goto done;
a5c29683
JH		 3340 }
3341
0df4c185 3342 /* Continue with pairing via HCI */
604086b7
BG		 3343 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3344 struct hci_cp_user_passkey_reply cp;
3345
1707c60e 3346 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3347 cp.passkey = passkey;
3348 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3349 } else
1707c60e
JH		 3350 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3351 &addr->bdaddr);
604086b7 3352
a664b5bc
JH		 3353 if (err < 0)
3354 mgmt_pending_remove(cmd);
a5c29683 3355
0df4c185 3356done:
09fd0de5 3357 hci_dev_unlock(hdev);
a5c29683
JH		 3358 return err;
3359}
3360
afeb019d
JK		 3361static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3362 void *data, u16 len)
3363{
3364 struct mgmt_cp_pin_code_neg_reply *cp = data;
3365
3366 BT_DBG("");
3367
1707c60e 3368 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3369 MGMT_OP_PIN_CODE_NEG_REPLY,
3370 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3371}
3372
04124681
GP		 3373static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3374 u16 len)
0df4c185 3375{
650f726d 3376 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3377
3378 BT_DBG("");
3379
3380 if (len != sizeof(*cp))
bdb6d971 3381 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3382 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3383
1707c60e 3384 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3385 MGMT_OP_USER_CONFIRM_REPLY,
3386 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3387}
3388
bdb6d971 3389static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3390 void *data, u16 len)
0df4c185 3391{
c9c2659f 3392 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3393
3394 BT_DBG("");
3395
1707c60e 3396 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3397 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3398 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3399}
3400
04124681
GP		 3401static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3402 u16 len)
604086b7 3403{
650f726d 3404 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3405
3406 BT_DBG("");
3407
1707c60e 3408 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3409 MGMT_OP_USER_PASSKEY_REPLY,
3410 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3411}
3412
bdb6d971 3413static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3414 void *data, u16 len)
604086b7 3415{
650f726d 3416 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3417
3418 BT_DBG("");
3419
1707c60e 3420 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3421 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3422 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3423}
3424
13928971 3425static void update_name(struct hci_request *req)
2b4bf397 3426{
13928971 3427 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3428 struct hci_cp_write_local_name cp;
3429
13928971 3430 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3431
890ea898 3432 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3433}
3434
13928971
JH		 3435static void set_name_complete(struct hci_dev *hdev, u8 status)
3436{
3437 struct mgmt_cp_set_local_name *cp;
3438 struct pending_cmd *cmd;
3439
3440 BT_DBG("status 0x%02x", status);
3441
3442 hci_dev_lock(hdev);
3443
3444 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3445 if (!cmd)
3446 goto unlock;
3447
3448 cp = cmd->param;
3449
3450 if (status)
3451 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3452 mgmt_status(status));
3453 else
3454 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3455 cp, sizeof(*cp));
3456
3457 mgmt_pending_remove(cmd);
3458
3459unlock:
3460 hci_dev_unlock(hdev);
3461}
3462
bdb6d971 3463static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3464 u16 len)
b312b161 3465{
2b4bf397 3466 struct mgmt_cp_set_local_name *cp = data;
b312b161 3467 struct pending_cmd *cmd;
890ea898 3468 struct hci_request req;
b312b161
JH		 3469 int err;
3470
3471 BT_DBG("");
3472
09fd0de5 3473 hci_dev_lock(hdev);
b312b161 3474
b3f2ca94
JH		 3475 /* If the old values are the same as the new ones just return a
3476 * direct command complete event.
3477 */
3478 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3479 !memcmp(hdev->short_name, cp->short_name,
3480 sizeof(hdev->short_name))) {
3481 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3482 data, len);
3483 goto failed;
3484 }
3485
2b4bf397 3486 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3487
b5235a65 3488 if (!hdev_is_powered(hdev)) {
2b4bf397 3489 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3490
3491 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3492 data, len);
28cc7bde
JH		 3493 if (err < 0)
3494 goto failed;
3495
3496 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3497 sk);
28cc7bde 3498
b5235a65
JH		 3499 goto failed;
3500 }
3501
28cc7bde 3502 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3503 if (!cmd) {
3504 err = -ENOMEM;
3505 goto failed;
3506 }
3507
13928971
JH		 3508 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3509
890ea898 3510 hci_req_init(&req, hdev);
3f985050
JH		 3511
3512 if (lmp_bredr_capable(hdev)) {
3513 update_name(&req);
3514 update_eir(&req);
3515 }
3516
7a5f4990
MH		 3517 /* The name is stored in the scan response data and so
3518 * no need to udpate the advertising data here.
3519 */
3f985050 3520 if (lmp_le_capable(hdev))
7a5f4990 3521 update_scan_rsp_data(&req);
3f985050 3522
13928971 3523 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3524 if (err < 0)
3525 mgmt_pending_remove(cmd);
3526
3527failed:
09fd0de5 3528 hci_dev_unlock(hdev);
b312b161
JH		 3529 return err;
3530}
3531
0f4e68cf 3532static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3533 void *data, u16 data_len)
c35938b2 3534{
c35938b2
SJ		 3535 struct pending_cmd *cmd;
3536 int err;
3537
bdb6d971 3538 BT_DBG("%s", hdev->name);
c35938b2 3539
09fd0de5 3540 hci_dev_lock(hdev);
c35938b2 3541
4b34ee78 3542 if (!hdev_is_powered(hdev)) {
bdb6d971 3543 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3544 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3545 goto unlock;
3546 }
3547
9a1a1996 3548 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3549 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3550 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3551 goto unlock;
3552 }
3553
2e58ef3e 3554 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3555 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3556 MGMT_STATUS_BUSY);
c35938b2
SJ		 3557 goto unlock;
3558 }
3559
2e58ef3e 3560 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3561 if (!cmd) {
3562 err = -ENOMEM;
3563 goto unlock;
3564 }
3565
710f11c0 3566 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3567 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3568 0, NULL);
3569 else
3570 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3571
c35938b2
SJ		 3572 if (err < 0)
3573 mgmt_pending_remove(cmd);
3574
3575unlock:
09fd0de5 3576 hci_dev_unlock(hdev);
c35938b2
SJ		 3577 return err;
3578}
3579
bdb6d971 3580static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3581 void *data, u16 len)
2763eda6 3582{
2763eda6
SJ		 3583 int err;
3584
bdb6d971 3585 BT_DBG("%s ", hdev->name);
2763eda6 3586
09fd0de5 3587 hci_dev_lock(hdev);
2763eda6 3588
ec109113
MH		 3589 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3590 struct mgmt_cp_add_remote_oob_data *cp = data;
3591 u8 status;
bf1e3541 3592
c19a495c
JH		 3593 if (cp->addr.type != BDADDR_BREDR) {
3594 err = cmd_complete(sk, hdev->id,
3595 MGMT_OP_ADD_REMOTE_OOB_DATA,
3596 MGMT_STATUS_INVALID_PARAMS,
3597 &cp->addr, sizeof(cp->addr));
3598 goto unlock;
3599 }
3600
ec109113 3601 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3602 cp->addr.type, cp->hash,
3603 cp->rand, NULL, NULL);
ec109113
MH		 3604 if (err < 0)
3605 status = MGMT_STATUS_FAILED;
3606 else
3607 status = MGMT_STATUS_SUCCESS;
3608
3609 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3610 status, &cp->addr, sizeof(cp->addr));
3611 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3612 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
86df9200 3613 u8 *rand192, *hash192;
ec109113
MH		 3614 u8 status;
3615
c19a495c
JH		 3616 if (cp->addr.type != BDADDR_BREDR) {
3617 err = cmd_complete(sk, hdev->id,
3618 MGMT_OP_ADD_REMOTE_OOB_DATA,
3619 MGMT_STATUS_INVALID_PARAMS,
3620 &cp->addr, sizeof(cp->addr));
3621 goto unlock;
3622 }
3623
86df9200
JH		 3624 if (bdaddr_type_is_le(cp->addr.type)) {
3625 rand192 = NULL;
3626 hash192 = NULL;
3627 } else {
3628 rand192 = cp->rand192;
3629 hash192 = cp->hash192;
3630 }
3631
81328d5c 3632 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200
JH		 3633 cp->addr.type, hash192, rand192,
3634 cp->hash256, cp->rand256);
ec109113
MH		 3635 if (err < 0)
3636 status = MGMT_STATUS_FAILED;
3637 else
3638 status = MGMT_STATUS_SUCCESS;
3639
3640 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3641 status, &cp->addr, sizeof(cp->addr));
3642 } else {
3643 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3644 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3645 MGMT_STATUS_INVALID_PARAMS);
3646 }
2763eda6 3647
c19a495c 3648unlock:
09fd0de5 3649 hci_dev_unlock(hdev);
2763eda6
SJ		 3650 return err;
3651}
3652
bdb6d971 3653static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3654 void *data, u16 len)
2763eda6 3655{
650f726d 3656 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3657 u8 status;
2763eda6
SJ		 3658 int err;
3659
bdb6d971 3660 BT_DBG("%s", hdev->name);
2763eda6 3661
c19a495c
JH		 3662 if (cp->addr.type != BDADDR_BREDR)
3663 return cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3664 MGMT_STATUS_INVALID_PARAMS,
3665 &cp->addr, sizeof(cp->addr));
3666
09fd0de5 3667 hci_dev_lock(hdev);
2763eda6 3668
eedbd581
JH		 3669 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3670 hci_remote_oob_data_clear(hdev);
3671 status = MGMT_STATUS_SUCCESS;
3672 goto done;
3673 }
3674
6928a924 3675 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3676 if (err < 0)
bf1e3541 3677 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3678 else
a6785be2 3679 status = MGMT_STATUS_SUCCESS;
bf1e3541 3680
eedbd581 3681done:
bdb6d971 3682 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3683 status, &cp->addr, sizeof(cp->addr));
2763eda6 3684
09fd0de5 3685 hci_dev_unlock(hdev);
2763eda6
SJ		 3686 return err;
3687}
3688
41dc2bd6
AG		 3689static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3690{
3691 struct pending_cmd *cmd;
3692 u8 type;
3693 int err;
3694
3695 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3696
3697 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3698 if (!cmd)
3699 return -ENOENT;
3700
3701 type = hdev->discovery.type;
3702
3703 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3704 &type, sizeof(type));
3705 mgmt_pending_remove(cmd);
3706
3707 return err;
3708}
3709
7c307720
AG		 3710static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3711{
ae55f598
LR		 3712 unsigned long timeout = 0;
3713
7c307720
AG		 3714 BT_DBG("status %d", status);
3715
3716 if (status) {
3717 hci_dev_lock(hdev);
3718 mgmt_start_discovery_failed(hdev, status);
3719 hci_dev_unlock(hdev);
3720 return;
3721 }
3722
3723 hci_dev_lock(hdev);
3724 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3725 hci_dev_unlock(hdev);
3726
3727 switch (hdev->discovery.type) {
3728 case DISCOV_TYPE_LE:
3d5a76f0 3729 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3730 break;
3731
3732 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3733 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3734 break;
3735
3736 case DISCOV_TYPE_BREDR:
3737 break;
3738
3739 default:
3740 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3741 }
ae55f598
LR		 3742
3743 if (!timeout)
3744 return;
3745
3746 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3747}
3748
bdb6d971 3749static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3750 void *data, u16 len)
14a53664 3751{
650f726d 3752 struct mgmt_cp_start_discovery *cp = data;
14a53664 3753 struct pending_cmd *cmd;
7c307720
AG		 3754 struct hci_cp_le_set_scan_param param_cp;
3755 struct hci_cp_le_set_scan_enable enable_cp;
3756 struct hci_cp_inquiry inq_cp;
3757 struct hci_request req;
3758 /* General inquiry access code (GIAC) */
3759 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3760 u8 status, own_addr_type;
14a53664
JH		 3761 int err;
3762
bdb6d971 3763 BT_DBG("%s", hdev->name);
14a53664 3764
09fd0de5 3765 hci_dev_lock(hdev);
14a53664 3766
4b34ee78 3767 if (!hdev_is_powered(hdev)) {
a736abc1
SJ		 3768 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3769 MGMT_STATUS_NOT_POWERED,
3770 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3771 goto failed;
3772 }
3773
f5a969f2
MH		 3774 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3775 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
a736abc1
SJ		 3776 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3777 MGMT_STATUS_BUSY, &cp->type,
3778 sizeof(cp->type));
ff9ef578
JH		 3779 goto failed;
3780 }
3781
2e58ef3e 3782 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3783 if (!cmd) {
3784 err = -ENOMEM;
3785 goto failed;
3786 }
3787
4aab14e5
AG		 3788 hdev->discovery.type = cp->type;
3789
7c307720
AG		 3790 hci_req_init(&req, hdev);
3791
4aab14e5 3792 switch (hdev->discovery.type) {
f39799f5 3793 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3794 status = mgmt_bredr_support(hdev);
3795 if (status) {
a736abc1
SJ		 3796 err = cmd_complete(sk, hdev->id,
3797 MGMT_OP_START_DISCOVERY, status,
3798 &cp->type, sizeof(cp->type));
04106755
JH		 3799 mgmt_pending_remove(cmd);
3800 goto failed;
3801 }
3802
7c307720 3803 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
a736abc1
SJ		 3804 err = cmd_complete(sk, hdev->id,
3805 MGMT_OP_START_DISCOVERY,
3806 MGMT_STATUS_BUSY, &cp->type,
3807 sizeof(cp->type));
7c307720
AG		 3808 mgmt_pending_remove(cmd);
3809 goto failed;
3810 }
3811
3812 hci_inquiry_cache_flush(hdev);
3813
3814 memset(&inq_cp, 0, sizeof(inq_cp));
3815 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3816 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3817 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3818 break;
3819
3820 case DISCOV_TYPE_LE:
7c307720 3821 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3822 status = mgmt_le_support(hdev);
3823 if (status) {
a736abc1
SJ		 3824 err = cmd_complete(sk, hdev->id,
3825 MGMT_OP_START_DISCOVERY, status,
3826 &cp->type, sizeof(cp->type));
04106755
JH		 3827 mgmt_pending_remove(cmd);
3828 goto failed;
3829 }
3830
7c307720 3831 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3832 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
a736abc1
SJ		 3833 err = cmd_complete(sk, hdev->id,
3834 MGMT_OP_START_DISCOVERY,
3835 MGMT_STATUS_NOT_SUPPORTED,
3836 &cp->type, sizeof(cp->type));
04106755
JH		 3837 mgmt_pending_remove(cmd);
3838 goto failed;
3839 }
3840
e8bb6b97
JH		 3841 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3842 /* Don't let discovery abort an outgoing
3843 * connection attempt that's using directed
3844 * advertising.
3845 */
3846 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3847 BT_CONNECT)) {
a736abc1
SJ		 3848 err = cmd_complete(sk, hdev->id,
3849 MGMT_OP_START_DISCOVERY,
3850 MGMT_STATUS_REJECTED,
3851 &cp->type,
3852 sizeof(cp->type));
e8bb6b97
JH		 3853 mgmt_pending_remove(cmd);
3854 goto failed;
3855 }
3856
3857 disable_advertising(&req);
7c307720
AG		 3858 }
3859
c54c3860
AG		 3860 /* If controller is scanning, it means the background scanning
3861 * is running. Thus, we should temporarily stop it in order to
3862 * set the discovery scanning parameters.
3863 */
3864 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3865 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3866
3867 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3868
94b1fc92
MH		 3869 /* All active scans will be done with either a resolvable
3870 * private address (when privacy feature has been enabled)
3871 * or unresolvable private address.
3872 */
3873 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943 3874 if (err < 0) {
a736abc1
SJ		 3875 err = cmd_complete(sk, hdev->id,
3876 MGMT_OP_START_DISCOVERY,
3877 MGMT_STATUS_FAILED,
3878 &cp->type, sizeof(cp->type));
d9483943
JH		 3879 mgmt_pending_remove(cmd);
3880 goto failed;
3881 }
3882
7c307720 3883 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3884 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3885 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3886 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3887 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3888 &param_cp);
3889
3890 memset(&enable_cp, 0, sizeof(enable_cp));
3891 enable_cp.enable = LE_SCAN_ENABLE;
3892 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3893 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3894 &enable_cp);
5e0452c0
AG		 3895 break;
3896
f39799f5 3897 default:
a736abc1
SJ		 3898 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3899 MGMT_STATUS_INVALID_PARAMS,
3900 &cp->type, sizeof(cp->type));
04106755
JH		 3901 mgmt_pending_remove(cmd);
3902 goto failed;
f39799f5 3903 }
3fd24153 3904
7c307720 3905 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 3906 if (err < 0) {
14a53664 3907 mgmt_pending_remove(cmd);
f5a969f2
MH		 3908 goto failed;
3909 }
3910
3911 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3912
3913failed:
09fd0de5 3914 hci_dev_unlock(hdev);
14a53664
JH		 3915 return err;
3916}
3917
1183fdca
AG		 3918static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3919{
3920 struct pending_cmd *cmd;
3921 int err;
3922
3923 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3924 if (!cmd)
3925 return -ENOENT;
3926
3927 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3928 &hdev->discovery.type, sizeof(hdev->discovery.type));
3929 mgmt_pending_remove(cmd);
3930
3931 return err;
3932}
3933
0e05bba6
AG		 3934static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3935{
3936 BT_DBG("status %d", status);
3937
3938 hci_dev_lock(hdev);
3939
3940 if (status) {
3941 mgmt_stop_discovery_failed(hdev, status);
3942 goto unlock;
3943 }
3944
3945 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3946
3947unlock:
3948 hci_dev_unlock(hdev);
3949}
3950
bdb6d971 3951static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3952 u16 len)
14a53664 3953{
d930650b 3954 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3955 struct pending_cmd *cmd;
0e05bba6 3956 struct hci_request req;
14a53664
JH		 3957 int err;
3958
bdb6d971 3959 BT_DBG("%s", hdev->name);
14a53664 3960
09fd0de5 3961 hci_dev_lock(hdev);
14a53664 3962
30dc78e1 3963 if (!hci_discovery_active(hdev)) {
bdb6d971 3964 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3965 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3966 sizeof(mgmt_cp->type));
d930650b
JH		 3967 goto unlock;
3968 }
3969
3970 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3971 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3972 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3973 sizeof(mgmt_cp->type));
30dc78e1 3974 goto unlock;
ff9ef578
JH		 3975 }
3976
2e58ef3e 3977 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3978 if (!cmd) {
3979 err = -ENOMEM;
30dc78e1
JH		 3980 goto unlock;
3981 }
3982
0e05bba6
AG		 3983 hci_req_init(&req, hdev);
3984
21a60d30 3985 hci_stop_discovery(&req);
e0d9727e 3986
21a60d30
JH		 3987 err = hci_req_run(&req, stop_discovery_complete);
3988 if (!err) {
3989 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3990 goto unlock;
14a53664
JH		 3991 }
3992
21a60d30
JH		 3993 mgmt_pending_remove(cmd);
3994
3995 /* If no HCI commands were sent we're done */
3996 if (err == -ENODATA) {
3997 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3998 &mgmt_cp->type, sizeof(mgmt_cp->type));
3999 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4000 }
14a53664 4001
30dc78e1 4002unlock:
09fd0de5 4003 hci_dev_unlock(hdev);
14a53664
JH		 4004 return err;
4005}
4006
bdb6d971 4007static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4008 u16 len)
561aafbc 4009{
650f726d 4010 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4011 struct inquiry_entry *e;
561aafbc
JH		 4012 int err;
4013
bdb6d971 4014 BT_DBG("%s", hdev->name);
561aafbc 4015
561aafbc
JH		 4016 hci_dev_lock(hdev);
4017
30dc78e1 4018 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 4019 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4020 MGMT_STATUS_FAILED, &cp->addr,
4021 sizeof(cp->addr));
30dc78e1
JH		 4022 goto failed;
4023 }
4024
a198e7b1 4025 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4026 if (!e) {
d3a2541d
LR		 4027 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4028 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4029 sizeof(cp->addr));
561aafbc
JH		 4030 goto failed;
4031 }
4032
4033 if (cp->name_known) {
4034 e->name_state = NAME_KNOWN;
4035 list_del(&e->list);
4036 } else {
4037 e->name_state = NAME_NEEDED;
a3d4e20a 4038 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4039 }
4040
e384662b
JH		 4041 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
4042 sizeof(cp->addr));
561aafbc
JH		 4043
4044failed:
4045 hci_dev_unlock(hdev);
561aafbc
JH		 4046 return err;
4047}
4048
bdb6d971 4049static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4050 u16 len)
7fbec224 4051{
650f726d 4052 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4053 u8 status;
7fbec224
AJ		 4054 int err;
4055
bdb6d971 4056 BT_DBG("%s", hdev->name);
7fbec224 4057
4ee71b20 4058 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4059 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4060 MGMT_STATUS_INVALID_PARAMS,
4061 &cp->addr, sizeof(cp->addr));
4ee71b20 4062
09fd0de5 4063 hci_dev_lock(hdev);
5e762444 4064
dcc36c16
JH		 4065 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4066 cp->addr.type);
2a8357f2 4067 if (err < 0) {
f0eeea8b 4068 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4069 goto done;
4070 }
4071
4072 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4073 sk);
4074 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4075
2a8357f2 4076done:
bdb6d971 4077 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 4078 &cp->addr, sizeof(cp->addr));
5e762444 4079
09fd0de5 4080 hci_dev_unlock(hdev);
7fbec224
AJ		 4081
4082 return err;
4083}
4084
bdb6d971 4085static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4086 u16 len)
7fbec224 4087{
650f726d 4088 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4089 u8 status;
7fbec224
AJ		 4090 int err;
4091
bdb6d971 4092 BT_DBG("%s", hdev->name);
7fbec224 4093
4ee71b20 4094 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4095 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4096 MGMT_STATUS_INVALID_PARAMS,
4097 &cp->addr, sizeof(cp->addr));
4ee71b20 4098
09fd0de5 4099 hci_dev_lock(hdev);
5e762444 4100
dcc36c16
JH		 4101 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4102 cp->addr.type);
2a8357f2 4103 if (err < 0) {
f0eeea8b 4104 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4105 goto done;
4106 }
4107
4108 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4109 sk);
4110 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4111
2a8357f2 4112done:
bdb6d971 4113 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 4114 &cp->addr, sizeof(cp->addr));
5e762444 4115
09fd0de5 4116 hci_dev_unlock(hdev);
7fbec224
AJ		 4117
4118 return err;
4119}
4120
cdbaccca
MH		 4121static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4122 u16 len)
4123{
4124 struct mgmt_cp_set_device_id *cp = data;
890ea898 4125 struct hci_request req;
cdbaccca 4126 int err;
c72d4b8a 4127 __u16 source;
cdbaccca
MH		 4128
4129 BT_DBG("%s", hdev->name);
4130
c72d4b8a
SJ		 4131 source = __le16_to_cpu(cp->source);
4132
4133 if (source > 0x0002)
4134 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4135 MGMT_STATUS_INVALID_PARAMS);
4136
cdbaccca
MH		 4137 hci_dev_lock(hdev);
4138
c72d4b8a 4139 hdev->devid_source = source;
cdbaccca
MH		 4140 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4141 hdev->devid_product = __le16_to_cpu(cp->product);
4142 hdev->devid_version = __le16_to_cpu(cp->version);
4143
4144 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4145
890ea898
JH		 4146 hci_req_init(&req, hdev);
4147 update_eir(&req);
4148 hci_req_run(&req, NULL);
cdbaccca
MH		 4149
4150 hci_dev_unlock(hdev);
4151
4152 return err;
4153}
4154
4375f103
JH		 4155static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4156{
4157 struct cmd_lookup match = { NULL, hdev };
4158
4159 if (status) {
4160 u8 mgmt_err = mgmt_status(status);
4161
4162 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4163 cmd_status_rsp, &mgmt_err);
4164 return;
4165 }
4166
c93bd150
JH		 4167 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4168 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4169 else
4170 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4171
4375f103
JH		 4172 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4173 &match);
4174
4175 new_settings(hdev, match.sk);
4176
4177 if (match.sk)
4178 sock_put(match.sk);
4179}
4180
21b5187f
MH		 4181static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4182 u16 len)
4375f103
JH		 4183{
4184 struct mgmt_mode *cp = data;
4185 struct pending_cmd *cmd;
4186 struct hci_request req;
e6fe7986 4187 u8 val, enabled, status;
4375f103
JH		 4188 int err;
4189
4190 BT_DBG("request for %s", hdev->name);
4191
e6fe7986
JH		 4192 status = mgmt_le_support(hdev);
4193 if (status)
4375f103 4194 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 4195 status);
4375f103
JH		 4196
4197 if (cp->val != 0x00 && cp->val != 0x01)
4198 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4199 MGMT_STATUS_INVALID_PARAMS);
4200
4201 hci_dev_lock(hdev);
4202
4203 val = !!cp->val;
f3d3444a 4204 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4205
f74ca9b8
JH		 4206 /* The following conditions are ones which mean that we should
4207 * not do any HCI communication but directly send a mgmt
4208 * response to user space (after toggling the flag if
4209 * necessary).
4210 */
4211 if (!hdev_is_powered(hdev) || val == enabled ||
e8bb6b97
JH		 4212 hci_conn_num(hdev, LE_LINK) > 0 ||
4213 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4214 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4375f103
JH		 4215 bool changed = false;
4216
f3d3444a
JH		 4217 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4218 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4219 changed = true;
4220 }
4221
4222 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4223 if (err < 0)
4224 goto unlock;
4225
4226 if (changed)
4227 err = new_settings(hdev, sk);
4228
4229 goto unlock;
4230 }
4231
4232 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4233 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4234 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4235 MGMT_STATUS_BUSY);
4236 goto unlock;
4237 }
4238
4239 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4240 if (!cmd) {
4241 err = -ENOMEM;
4242 goto unlock;
4243 }
4244
4245 hci_req_init(&req, hdev);
4246
bba3aa55
MH		 4247 if (val)
4248 enable_advertising(&req);
4249 else
4250 disable_advertising(&req);
4375f103
JH		 4251
4252 err = hci_req_run(&req, set_advertising_complete);
4253 if (err < 0)
4254 mgmt_pending_remove(cmd);
4255
4256unlock:
4257 hci_dev_unlock(hdev);
4258 return err;
4259}
4260
d13eafce
MH		 4261static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4262 void *data, u16 len)
4263{
4264 struct mgmt_cp_set_static_address *cp = data;
4265 int err;
4266
4267 BT_DBG("%s", hdev->name);
4268
62af4443 4269 if (!lmp_le_capable(hdev))
d13eafce 4270 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 4271 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4272
4273 if (hdev_is_powered(hdev))
4274 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4275 MGMT_STATUS_REJECTED);
4276
4277 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4278 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4279 return cmd_status(sk, hdev->id,
4280 MGMT_OP_SET_STATIC_ADDRESS,
4281 MGMT_STATUS_INVALID_PARAMS);
4282
4283 /* Two most significant bits shall be set */
4284 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4285 return cmd_status(sk, hdev->id,
4286 MGMT_OP_SET_STATIC_ADDRESS,
4287 MGMT_STATUS_INVALID_PARAMS);
4288 }
4289
4290 hci_dev_lock(hdev);
4291
4292 bacpy(&hdev->static_addr, &cp->bdaddr);
4293
4294 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4295
4296 hci_dev_unlock(hdev);
4297
4298 return err;
4299}
4300
14b49b9a
MH		 4301static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4302 void *data, u16 len)
4303{
4304 struct mgmt_cp_set_scan_params *cp = data;
4305 __u16 interval, window;
4306 int err;
4307
4308 BT_DBG("%s", hdev->name);
4309
4310 if (!lmp_le_capable(hdev))
4311 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4312 MGMT_STATUS_NOT_SUPPORTED);
4313
4314 interval = __le16_to_cpu(cp->interval);
4315
4316 if (interval < 0x0004 || interval > 0x4000)
4317 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4318 MGMT_STATUS_INVALID_PARAMS);
4319
4320 window = __le16_to_cpu(cp->window);
4321
4322 if (window < 0x0004 || window > 0x4000)
4323 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4324 MGMT_STATUS_INVALID_PARAMS);
4325
899e1075
MH		 4326 if (window > interval)
4327 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4328 MGMT_STATUS_INVALID_PARAMS);
4329
14b49b9a
MH		 4330 hci_dev_lock(hdev);
4331
4332 hdev->le_scan_interval = interval;
4333 hdev->le_scan_window = window;
4334
4335 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4336
dd2ef8e2
AG		 4337 /* If background scan is running, restart it so new parameters are
4338 * loaded.
4339 */
4340 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4341 hdev->discovery.state == DISCOVERY_STOPPED) {
4342 struct hci_request req;
4343
4344 hci_req_init(&req, hdev);
4345
4346 hci_req_add_le_scan_disable(&req);
4347 hci_req_add_le_passive_scan(&req);
4348
4349 hci_req_run(&req, NULL);
4350 }
4351
14b49b9a
MH		 4352 hci_dev_unlock(hdev);
4353
4354 return err;
4355}
4356
33e38b3e
JH		 4357static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4358{
4359 struct pending_cmd *cmd;
4360
4361 BT_DBG("status 0x%02x", status);
4362
4363 hci_dev_lock(hdev);
4364
4365 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4366 if (!cmd)
4367 goto unlock;
4368
4369 if (status) {
4370 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4371 mgmt_status(status));
4372 } else {
1a4d3c4b
JH		 4373 struct mgmt_mode *cp = cmd->param;
4374
4375 if (cp->val)
4376 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4377 else
4378 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4379
33e38b3e
JH		 4380 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4381 new_settings(hdev, cmd->sk);
4382 }
4383
4384 mgmt_pending_remove(cmd);
4385
4386unlock:
4387 hci_dev_unlock(hdev);
4388}
4389
bdb6d971 4390static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4391 void *data, u16 len)
f6422ec6 4392{
650f726d 4393 struct mgmt_mode *cp = data;
33e38b3e
JH		 4394 struct pending_cmd *cmd;
4395 struct hci_request req;
f6422ec6
AJ		 4396 int err;
4397
bdb6d971 4398 BT_DBG("%s", hdev->name);
f6422ec6 4399
56f87901
JH		 4400 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4401 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4402 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4403 MGMT_STATUS_NOT_SUPPORTED);
4404
a7e80f25
JH		 4405 if (cp->val != 0x00 && cp->val != 0x01)
4406 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4407 MGMT_STATUS_INVALID_PARAMS);
4408
5400c044 4409 if (!hdev_is_powered(hdev))
bdb6d971 4410 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4411 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4412
4413 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4414 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4415 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4416
4417 hci_dev_lock(hdev);
4418
05cbf29f
JH		 4419 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4420 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4421 MGMT_STATUS_BUSY);
4422 goto unlock;
4423 }
4424
1a4d3c4b
JH		 4425 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4426 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4427 hdev);
4428 goto unlock;
4429 }
4430
33e38b3e
JH		 4431 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4432 data, len);
4433 if (!cmd) {
4434 err = -ENOMEM;
4435 goto unlock;
f6422ec6
AJ		 4436 }
4437
33e38b3e
JH		 4438 hci_req_init(&req, hdev);
4439
406d7804 4440 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4441
4442 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4443 if (err < 0) {
bdb6d971 4444 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4445 MGMT_STATUS_FAILED);
33e38b3e 4446 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4447 }
4448
33e38b3e 4449unlock:
f6422ec6 4450 hci_dev_unlock(hdev);
33e38b3e 4451
f6422ec6
AJ		 4452 return err;
4453}
4454
0663ca2a
JH		 4455static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4456{
4457 struct pending_cmd *cmd;
4458
4459 BT_DBG("status 0x%02x", status);
4460
4461 hci_dev_lock(hdev);
4462
4463 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4464 if (!cmd)
4465 goto unlock;
4466
4467 if (status) {
4468 u8 mgmt_err = mgmt_status(status);
4469
4470 /* We need to restore the flag if related HCI commands
4471 * failed.
4472 */
4473 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4474
4475 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4476 } else {
4477 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4478 new_settings(hdev, cmd->sk);
4479 }
4480
4481 mgmt_pending_remove(cmd);
4482
4483unlock:
4484 hci_dev_unlock(hdev);
4485}
4486
4487static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4488{
4489 struct mgmt_mode *cp = data;
4490 struct pending_cmd *cmd;
4491 struct hci_request req;
4492 int err;
4493
4494 BT_DBG("request for %s", hdev->name);
4495
4496 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4497 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4498 MGMT_STATUS_NOT_SUPPORTED);
4499
4500 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4501 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4502 MGMT_STATUS_REJECTED);
4503
4504 if (cp->val != 0x00 && cp->val != 0x01)
4505 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4506 MGMT_STATUS_INVALID_PARAMS);
4507
4508 hci_dev_lock(hdev);
4509
4510 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4511 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4512 goto unlock;
4513 }
4514
4515 if (!hdev_is_powered(hdev)) {
4516 if (!cp->val) {
0663ca2a
JH		 4517 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4518 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4519 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4520 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4521 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4522 }
4523
4524 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4525
4526 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4527 if (err < 0)
4528 goto unlock;
4529
4530 err = new_settings(hdev, sk);
4531 goto unlock;
4532 }
4533
4534 /* Reject disabling when powered on */
4535 if (!cp->val) {
4536 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4537 MGMT_STATUS_REJECTED);
4538 goto unlock;
4539 }
4540
4541 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4542 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4543 MGMT_STATUS_BUSY);
4544 goto unlock;
4545 }
4546
4547 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4548 if (!cmd) {
4549 err = -ENOMEM;
4550 goto unlock;
4551 }
4552
5947f4bc 4553 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4554 * generates the correct flags.
4555 */
4556 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4557
4558 hci_req_init(&req, hdev);
aa8af46e 4559
432df05e
JH		 4560 write_fast_connectable(&req, false);
4561 hci_update_page_scan(hdev, &req);
aa8af46e 4562
f14d8f64
MH		 4563 /* Since only the advertising data flags will change, there
4564 * is no need to update the scan response data.
4565 */
5947f4bc 4566 update_adv_data(&req);
aa8af46e 4567
0663ca2a
JH		 4568 err = hci_req_run(&req, set_bredr_complete);
4569 if (err < 0)
4570 mgmt_pending_remove(cmd);
4571
4572unlock:
4573 hci_dev_unlock(hdev);
4574 return err;
4575}
4576
eac83dc6
MH		 4577static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4578 void *data, u16 len)
4579{
4580 struct mgmt_mode *cp = data;
4581 struct pending_cmd *cmd;
a3209694 4582 u8 val;
eac83dc6
MH		 4583 int err;
4584
4585 BT_DBG("request for %s", hdev->name);
4586
a3209694
JH		 4587 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4588 !lmp_sc_capable(hdev) && !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4589 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4590 MGMT_STATUS_NOT_SUPPORTED);
4591
0ab04a9c 4592 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4593 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4594 MGMT_STATUS_INVALID_PARAMS);
4595
4596 hci_dev_lock(hdev);
4597
a3209694
JH		 4598 if (!hdev_is_powered(hdev) ||
4599 (!lmp_sc_capable(hdev) &&
4600 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags)) ||
4601 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
eac83dc6
MH		 4602 bool changed;
4603
0ab04a9c 4604 if (cp->val) {
eac83dc6
MH		 4605 changed = !test_and_set_bit(HCI_SC_ENABLED,
4606 &hdev->dev_flags);
0ab04a9c
MH		 4607 if (cp->val == 0x02)
4608 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4609 else
4610 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4611 } else {
eac83dc6
MH		 4612 changed = test_and_clear_bit(HCI_SC_ENABLED,
4613 &hdev->dev_flags);
0ab04a9c
MH		 4614 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4615 }
eac83dc6
MH		 4616
4617 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4618 if (err < 0)
4619 goto failed;
4620
4621 if (changed)
4622 err = new_settings(hdev, sk);
4623
4624 goto failed;
4625 }
4626
4627 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4628 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4629 MGMT_STATUS_BUSY);
4630 goto failed;
4631 }
4632
0ab04a9c
MH		 4633 val = !!cp->val;
4634
4635 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4636 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4637 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4638 goto failed;
4639 }
4640
4641 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4642 if (!cmd) {
4643 err = -ENOMEM;
4644 goto failed;
4645 }
4646
0ab04a9c 4647 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4648 if (err < 0) {
4649 mgmt_pending_remove(cmd);
4650 goto failed;
4651 }
4652
0ab04a9c
MH		 4653 if (cp->val == 0x02)
4654 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4655 else
4656 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4657
eac83dc6
MH		 4658failed:
4659 hci_dev_unlock(hdev);
4660 return err;
4661}
4662
4e39ac81
MH		 4663static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4664 void *data, u16 len)
4665{
4666 struct mgmt_mode *cp = data;
b9710979 4667 bool changed, use_changed;
4e39ac81
MH		 4668 int err;
4669
4670 BT_DBG("request for %s", hdev->name);
4671
b9710979 4672 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4673 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4674 MGMT_STATUS_INVALID_PARAMS);
4675
4676 hci_dev_lock(hdev);
4677
4678 if (cp->val)
0663b297
JH		 4679 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4680 &hdev->dev_flags);
4e39ac81 4681 else
0663b297
JH		 4682 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4683 &hdev->dev_flags);
4e39ac81 4684
b9710979
JH		 4685 if (cp->val == 0x02)
4686 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4687 &hdev->dev_flags);
4688 else
4689 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4690 &hdev->dev_flags);
4691
4692 if (hdev_is_powered(hdev) && use_changed &&
4693 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4694 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4695 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4696 sizeof(mode), &mode);
4697 }
4698
4e39ac81
MH		 4699 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4700 if (err < 0)
4701 goto unlock;
4702
4703 if (changed)
4704 err = new_settings(hdev, sk);
4705
4706unlock:
4707 hci_dev_unlock(hdev);
4708 return err;
4709}
4710
62b04cd1
JH		 4711static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4712 u16 len)
4713{
4714 struct mgmt_cp_set_privacy *cp = cp_data;
4715 bool changed;
4716 int err;
4717
4718 BT_DBG("request for %s", hdev->name);
4719
4720 if (!lmp_le_capable(hdev))
4721 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4722 MGMT_STATUS_NOT_SUPPORTED);
4723
4724 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4725 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4726 MGMT_STATUS_INVALID_PARAMS);
4727
4728 if (hdev_is_powered(hdev))
4729 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4730 MGMT_STATUS_REJECTED);
4731
4732 hci_dev_lock(hdev);
4733
c21c0ea0
JH		 4734 /* If user space supports this command it is also expected to
4735 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4736 */
4737 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4738
62b04cd1
JH		 4739 if (cp->privacy) {
4740 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4741 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4742 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4743 } else {
4744 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4745 memset(hdev->irk, 0, sizeof(hdev->irk));
4746 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4747 }
4748
4749 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4750 if (err < 0)
4751 goto unlock;
4752
4753 if (changed)
4754 err = new_settings(hdev, sk);
4755
4756unlock:
4757 hci_dev_unlock(hdev);
4758 return err;
4759}
4760
41edf160
JH		 4761static bool irk_is_valid(struct mgmt_irk_info *irk)
4762{
4763 switch (irk->addr.type) {
4764 case BDADDR_LE_PUBLIC:
4765 return true;
4766
4767 case BDADDR_LE_RANDOM:
4768 /* Two most significant bits shall be set */
4769 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4770 return false;
4771 return true;
4772 }
4773
4774 return false;
4775}
4776
4777static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4778 u16 len)
4779{
4780 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4781 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4782 sizeof(struct mgmt_irk_info));
41edf160
JH		 4783 u16 irk_count, expected_len;
4784 int i, err;
4785
4786 BT_DBG("request for %s", hdev->name);
4787
4788 if (!lmp_le_capable(hdev))
4789 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4790 MGMT_STATUS_NOT_SUPPORTED);
4791
4792 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4793 if (irk_count > max_irk_count) {
4794 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4795 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4796 MGMT_STATUS_INVALID_PARAMS);
4797 }
41edf160
JH		 4798
4799 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4800 if (expected_len != len) {
4801 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4802 expected_len, len);
41edf160
JH		 4803 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4804 MGMT_STATUS_INVALID_PARAMS);
4805 }
4806
4807 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4808
4809 for (i = 0; i < irk_count; i++) {
4810 struct mgmt_irk_info *key = &cp->irks[i];
4811
4812 if (!irk_is_valid(key))
4813 return cmd_status(sk, hdev->id,
4814 MGMT_OP_LOAD_IRKS,
4815 MGMT_STATUS_INVALID_PARAMS);
4816 }
4817
4818 hci_dev_lock(hdev);
4819
4820 hci_smp_irks_clear(hdev);
4821
4822 for (i = 0; i < irk_count; i++) {
4823 struct mgmt_irk_info *irk = &cp->irks[i];
4824 u8 addr_type;
4825
4826 if (irk->addr.type == BDADDR_LE_PUBLIC)
4827 addr_type = ADDR_LE_DEV_PUBLIC;
4828 else
4829 addr_type = ADDR_LE_DEV_RANDOM;
4830
4831 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4832 BDADDR_ANY);
4833 }
4834
4835 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4836
4837 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4838
4839 hci_dev_unlock(hdev);
4840
4841 return err;
4842}
4843
3f706b72
JH		 4844static bool ltk_is_valid(struct mgmt_ltk_info *key)
4845{
4846 if (key->master != 0x00 && key->master != 0x01)
4847 return false;
490cb0b3
MH		 4848
4849 switch (key->addr.type) {
4850 case BDADDR_LE_PUBLIC:
4851 return true;
4852
4853 case BDADDR_LE_RANDOM:
4854 /* Two most significant bits shall be set */
4855 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4856 return false;
4857 return true;
4858 }
4859
4860 return false;
3f706b72
JH		 4861}
4862
bdb6d971 4863static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4864 void *cp_data, u16 len)
346af67b 4865{
346af67b 4866 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4867 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4868 sizeof(struct mgmt_ltk_info));
346af67b 4869 u16 key_count, expected_len;
715a5bf2 4870 int i, err;
346af67b 4871
cf99ba13
MH		 4872 BT_DBG("request for %s", hdev->name);
4873
4874 if (!lmp_le_capable(hdev))
4875 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4876 MGMT_STATUS_NOT_SUPPORTED);
4877
1f350c87 4878 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4879 if (key_count > max_key_count) {
4880 BT_ERR("load_ltks: too big key_count value %u", key_count);
4881 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4882 MGMT_STATUS_INVALID_PARAMS);
4883 }
346af67b
VCG		 4884
4885 expected_len = sizeof(*cp) + key_count *
4886 sizeof(struct mgmt_ltk_info);
4887 if (expected_len != len) {
4888 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4889 expected_len, len);
bdb6d971 4890 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4891 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4892 }
4893
bdb6d971 4894 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4895
54ad6d8a
JH		 4896 for (i = 0; i < key_count; i++) {
4897 struct mgmt_ltk_info *key = &cp->keys[i];
4898
3f706b72 4899 if (!ltk_is_valid(key))
54ad6d8a
JH		 4900 return cmd_status(sk, hdev->id,
4901 MGMT_OP_LOAD_LONG_TERM_KEYS,
4902 MGMT_STATUS_INVALID_PARAMS);
4903 }
4904
346af67b
VCG		 4905 hci_dev_lock(hdev);
4906
4907 hci_smp_ltks_clear(hdev);
4908
4909 for (i = 0; i < key_count; i++) {
4910 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4911 u8 type, addr_type, authenticated;
79d95a19
MH		 4912
4913 if (key->addr.type == BDADDR_LE_PUBLIC)
4914 addr_type = ADDR_LE_DEV_PUBLIC;
4915 else
4916 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 4917
61b43357
JH		 4918 switch (key->type) {
4919 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4920 authenticated = 0x00;
23fb8de3 4921 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 4922 break;
4923 case MGMT_LTK_AUTHENTICATED:
d7b25450 4924 authenticated = 0x01;
23fb8de3
JH		 4925 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4926 break;
4927 case MGMT_LTK_P256_UNAUTH:
4928 authenticated = 0x00;
4929 type = SMP_LTK_P256;
4930 break;
4931 case MGMT_LTK_P256_AUTH:
4932 authenticated = 0x01;
4933 type = SMP_LTK_P256;
61b43357 4934 break;
23fb8de3
JH		 4935 case MGMT_LTK_P256_DEBUG:
4936 authenticated = 0x00;
4937 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 4938 default:
4939 continue;
4940 }
d7b25450 4941
35d70271 4942 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4943 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4944 key->rand);
346af67b
VCG		 4945 }
4946
715a5bf2
JH		 4947 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4948 NULL, 0);
4949
346af67b 4950 hci_dev_unlock(hdev);
346af67b 4951
715a5bf2 4952 return err;
346af67b
VCG		 4953}
4954
dd983808
AK		 4955struct cmd_conn_lookup {
4956 struct hci_conn *conn;
4957 bool valid_tx_power;
4958 u8 mgmt_status;
4959};
4960
4961static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4962{
4963 struct cmd_conn_lookup *match = data;
4964 struct mgmt_cp_get_conn_info *cp;
4965 struct mgmt_rp_get_conn_info rp;
4966 struct hci_conn *conn = cmd->user_data;
4967
4968 if (conn != match->conn)
4969 return;
4970
4971 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4972
4973 memset(&rp, 0, sizeof(rp));
4974 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4975 rp.addr.type = cp->addr.type;
4976
4977 if (!match->mgmt_status) {
4978 rp.rssi = conn->rssi;
4979
eed5daf3 4980 if (match->valid_tx_power) {
dd983808 4981 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4982 rp.max_tx_power = conn->max_tx_power;
4983 } else {
dd983808 4984 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4985 rp.max_tx_power = HCI_TX_POWER_INVALID;
4986 }
dd983808
AK		 4987 }
4988
4989 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4990 match->mgmt_status, &rp, sizeof(rp));
4991
4992 hci_conn_drop(conn);
f8aaf9b6 4993 hci_conn_put(conn);
dd983808
AK		 4994
4995 mgmt_pending_remove(cmd);
4996}
4997
4998static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4999{
5000 struct hci_cp_read_rssi *cp;
5001 struct hci_conn *conn;
5002 struct cmd_conn_lookup match;
5003 u16 handle;
5004
5005 BT_DBG("status 0x%02x", status);
5006
5007 hci_dev_lock(hdev);
5008
5009 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 5010 * otherwise we assume it's not valid. At the moment we assume that
5011 * either both or none of current and max values are valid to keep code
5012 * simple.
dd983808
AK		 5013 */
5014 match.valid_tx_power = !status;
5015
5016 /* Commands sent in request are either Read RSSI or Read Transmit Power
5017 * Level so we check which one was last sent to retrieve connection
5018 * handle. Both commands have handle as first parameter so it's safe to
5019 * cast data on the same command struct.
5020 *
5021 * First command sent is always Read RSSI and we fail only if it fails.
5022 * In other case we simply override error to indicate success as we
5023 * already remembered if TX power value is actually valid.
5024 */
5025 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5026 if (!cp) {
5027 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5028 status = 0;
5029 }
5030
5031 if (!cp) {
5032 BT_ERR("invalid sent_cmd in response");
5033 goto unlock;
5034 }
5035
5036 handle = __le16_to_cpu(cp->handle);
5037 conn = hci_conn_hash_lookup_handle(hdev, handle);
5038 if (!conn) {
5039 BT_ERR("unknown handle (%d) in response", handle);
5040 goto unlock;
5041 }
5042
5043 match.conn = conn;
5044 match.mgmt_status = mgmt_status(status);
5045
5046 /* Cache refresh is complete, now reply for mgmt request for given
5047 * connection only.
5048 */
5049 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
5050 get_conn_info_complete, &match);
5051
5052unlock:
5053 hci_dev_unlock(hdev);
5054}
5055
5056static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5057 u16 len)
5058{
5059 struct mgmt_cp_get_conn_info *cp = data;
5060 struct mgmt_rp_get_conn_info rp;
5061 struct hci_conn *conn;
5062 unsigned long conn_info_age;
5063 int err = 0;
5064
5065 BT_DBG("%s", hdev->name);
5066
5067 memset(&rp, 0, sizeof(rp));
5068 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5069 rp.addr.type = cp->addr.type;
5070
5071 if (!bdaddr_type_is_valid(cp->addr.type))
5072 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5073 MGMT_STATUS_INVALID_PARAMS,
5074 &rp, sizeof(rp));
5075
5076 hci_dev_lock(hdev);
5077
5078 if (!hdev_is_powered(hdev)) {
5079 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5080 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5081 goto unlock;
5082 }
5083
5084 if (cp->addr.type == BDADDR_BREDR)
5085 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5086 &cp->addr.bdaddr);
5087 else
5088 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5089
5090 if (!conn || conn->state != BT_CONNECTED) {
5091 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5092 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
5093 goto unlock;
5094 }
5095
5096 /* To avoid client trying to guess when to poll again for information we
5097 * calculate conn info age as random value between min/max set in hdev.
5098 */
5099 conn_info_age = hdev->conn_info_min_age +
5100 prandom_u32_max(hdev->conn_info_max_age -
5101 hdev->conn_info_min_age);
5102
5103 /* Query controller to refresh cached values if they are too old or were
5104 * never read.
5105 */
f4e2dd53
AK		 5106 if (time_after(jiffies, conn->conn_info_timestamp +
5107 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5108 !conn->conn_info_timestamp) {
5109 struct hci_request req;
5110 struct hci_cp_read_tx_power req_txp_cp;
5111 struct hci_cp_read_rssi req_rssi_cp;
5112 struct pending_cmd *cmd;
5113
5114 hci_req_init(&req, hdev);
5115 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5116 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5117 &req_rssi_cp);
5118
f7faab0c
AK		 5119 /* For LE links TX power does not change thus we don't need to
5120 * query for it once value is known.
5121 */
5122 if (!bdaddr_type_is_le(cp->addr.type) ||
5123 conn->tx_power == HCI_TX_POWER_INVALID) {
5124 req_txp_cp.handle = cpu_to_le16(conn->handle);
5125 req_txp_cp.type = 0x00;
5126 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5127 sizeof(req_txp_cp), &req_txp_cp);
5128 }
dd983808 5129
eed5daf3
AK		 5130 /* Max TX power needs to be read only once per connection */
5131 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5132 req_txp_cp.handle = cpu_to_le16(conn->handle);
5133 req_txp_cp.type = 0x01;
5134 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5135 sizeof(req_txp_cp), &req_txp_cp);
5136 }
5137
dd983808
AK		 5138 err = hci_req_run(&req, conn_info_refresh_complete);
5139 if (err < 0)
5140 goto unlock;
5141
5142 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5143 data, len);
5144 if (!cmd) {
5145 err = -ENOMEM;
5146 goto unlock;
5147 }
5148
5149 hci_conn_hold(conn);
f8aaf9b6 5150 cmd->user_data = hci_conn_get(conn);
dd983808
AK		 5151
5152 conn->conn_info_timestamp = jiffies;
5153 } else {
5154 /* Cache is valid, just reply with values cached in hci_conn */
5155 rp.rssi = conn->rssi;
5156 rp.tx_power = conn->tx_power;
eed5daf3 5157 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 5158
5159 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5160 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5161 }
5162
5163unlock:
5164 hci_dev_unlock(hdev);
5165 return err;
5166}
5167
95868426
JH		 5168static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5169{
5170 struct mgmt_cp_get_clock_info *cp;
5171 struct mgmt_rp_get_clock_info rp;
5172 struct hci_cp_read_clock *hci_cp;
5173 struct pending_cmd *cmd;
5174 struct hci_conn *conn;
5175
5176 BT_DBG("%s status %u", hdev->name, status);
5177
5178 hci_dev_lock(hdev);
5179
5180 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5181 if (!hci_cp)
5182 goto unlock;
5183
5184 if (hci_cp->which) {
5185 u16 handle = __le16_to_cpu(hci_cp->handle);
5186 conn = hci_conn_hash_lookup_handle(hdev, handle);
5187 } else {
5188 conn = NULL;
5189 }
5190
5191 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5192 if (!cmd)
5193 goto unlock;
5194
5195 cp = cmd->param;
5196
5197 memset(&rp, 0, sizeof(rp));
5198 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
5199
5200 if (status)
5201 goto send_rsp;
5202
5203 rp.local_clock = cpu_to_le32(hdev->clock);
5204
5205 if (conn) {
5206 rp.piconet_clock = cpu_to_le32(conn->clock);
5207 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5208 }
5209
5210send_rsp:
5211 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
5212 &rp, sizeof(rp));
5213 mgmt_pending_remove(cmd);
f8aaf9b6 5214 if (conn) {
95868426 5215 hci_conn_drop(conn);
f8aaf9b6
JH		 5216 hci_conn_put(conn);
5217 }
95868426
JH		 5218
5219unlock:
5220 hci_dev_unlock(hdev);
5221}
5222
5223static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5224 u16 len)
5225{
5226 struct mgmt_cp_get_clock_info *cp = data;
5227 struct mgmt_rp_get_clock_info rp;
5228 struct hci_cp_read_clock hci_cp;
5229 struct pending_cmd *cmd;
5230 struct hci_request req;
5231 struct hci_conn *conn;
5232 int err;
5233
5234 BT_DBG("%s", hdev->name);
5235
5236 memset(&rp, 0, sizeof(rp));
5237 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5238 rp.addr.type = cp->addr.type;
5239
5240 if (cp->addr.type != BDADDR_BREDR)
5241 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5242 MGMT_STATUS_INVALID_PARAMS,
5243 &rp, sizeof(rp));
5244
5245 hci_dev_lock(hdev);
5246
5247 if (!hdev_is_powered(hdev)) {
5248 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5249 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5250 goto unlock;
5251 }
5252
5253 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5254 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5255 &cp->addr.bdaddr);
5256 if (!conn || conn->state != BT_CONNECTED) {
5257 err = cmd_complete(sk, hdev->id,
5258 MGMT_OP_GET_CLOCK_INFO,
5259 MGMT_STATUS_NOT_CONNECTED,
5260 &rp, sizeof(rp));
5261 goto unlock;
5262 }
5263 } else {
5264 conn = NULL;
5265 }
5266
5267 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5268 if (!cmd) {
5269 err = -ENOMEM;
5270 goto unlock;
5271 }
5272
5273 hci_req_init(&req, hdev);
5274
5275 memset(&hci_cp, 0, sizeof(hci_cp));
5276 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5277
5278 if (conn) {
5279 hci_conn_hold(conn);
f8aaf9b6 5280 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5281
5282 hci_cp.handle = cpu_to_le16(conn->handle);
5283 hci_cp.which = 0x01; /* Piconet clock */
5284 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5285 }
5286
5287 err = hci_req_run(&req, get_clock_info_complete);
5288 if (err < 0)
5289 mgmt_pending_remove(cmd);
5290
5291unlock:
5292 hci_dev_unlock(hdev);
5293 return err;
5294}
5295
8afef092
MH		 5296static void device_added(struct sock *sk, struct hci_dev *hdev,
5297 bdaddr_t *bdaddr, u8 type, u8 action)
5298{
5299 struct mgmt_ev_device_added ev;
5300
5301 bacpy(&ev.addr.bdaddr, bdaddr);
5302 ev.addr.type = type;
5303 ev.action = action;
5304
5305 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5306}
5307
2faade53
MH		 5308static int add_device(struct sock *sk, struct hci_dev *hdev,
5309 void *data, u16 len)
5310{
5311 struct mgmt_cp_add_device *cp = data;
5312 u8 auto_conn, addr_type;
5313 int err;
5314
5315 BT_DBG("%s", hdev->name);
5316
6659358e 5317 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53
MH		 5318 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5319 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5320 MGMT_STATUS_INVALID_PARAMS,
5321 &cp->addr, sizeof(cp->addr));
5322
4b9e7e75 5323 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2faade53
MH		 5324 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5325 MGMT_STATUS_INVALID_PARAMS,
5326 &cp->addr, sizeof(cp->addr));
5327
5328 hci_dev_lock(hdev);
5329
6659358e 5330 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5331 /* Only incoming connections action is supported for now */
6659358e
JH		 5332 if (cp->action != 0x01) {
5333 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5334 MGMT_STATUS_INVALID_PARAMS,
5335 &cp->addr, sizeof(cp->addr));
5336 goto unlock;
5337 }
5338
5339 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5340 cp->addr.type);
5341 if (err)
5342 goto unlock;
a397407f 5343
432df05e 5344 hci_update_page_scan(hdev, NULL);
a397407f 5345
6659358e
JH		 5346 goto added;
5347 }
5348
2faade53
MH		 5349 if (cp->addr.type == BDADDR_LE_PUBLIC)
5350 addr_type = ADDR_LE_DEV_PUBLIC;
5351 else
5352 addr_type = ADDR_LE_DEV_RANDOM;
5353
4b9e7e75 5354 if (cp->action == 0x02)
2faade53 5355 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5356 else if (cp->action == 0x01)
5357 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5358 else
a3451d27 5359 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5360
bf5b3c8b
MH		 5361 /* If the connection parameters don't exist for this device,
5362 * they will be created and configured with defaults.
5363 */
d06b50ce
MH		 5364 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5365 auto_conn) < 0) {
2faade53
MH		 5366 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5367 MGMT_STATUS_FAILED,
5368 &cp->addr, sizeof(cp->addr));
5369 goto unlock;
5370 }
5371
6659358e 5372added:
8afef092
MH		 5373 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5374
2faade53
MH		 5375 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5376 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5377
5378unlock:
5379 hci_dev_unlock(hdev);
5380 return err;
5381}
5382
8afef092
MH		 5383static void device_removed(struct sock *sk, struct hci_dev *hdev,
5384 bdaddr_t *bdaddr, u8 type)
5385{
5386 struct mgmt_ev_device_removed ev;
5387
5388 bacpy(&ev.addr.bdaddr, bdaddr);
5389 ev.addr.type = type;
5390
5391 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5392}
5393
2faade53
MH		 5394static int remove_device(struct sock *sk, struct hci_dev *hdev,
5395 void *data, u16 len)
5396{
5397 struct mgmt_cp_remove_device *cp = data;
5398 int err;
5399
5400 BT_DBG("%s", hdev->name);
5401
5402 hci_dev_lock(hdev);
5403
5404 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5405 struct hci_conn_params *params;
2faade53
MH		 5406 u8 addr_type;
5407
6659358e 5408 if (!bdaddr_type_is_valid(cp->addr.type)) {
2faade53
MH		 5409 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5410 MGMT_STATUS_INVALID_PARAMS,
5411 &cp->addr, sizeof(cp->addr));
5412 goto unlock;
5413 }
5414
6659358e
JH		 5415 if (cp->addr.type == BDADDR_BREDR) {
5416 err = hci_bdaddr_list_del(&hdev->whitelist,
5417 &cp->addr.bdaddr,
5418 cp->addr.type);
5419 if (err) {
5420 err = cmd_complete(sk, hdev->id,
5421 MGMT_OP_REMOVE_DEVICE,
5422 MGMT_STATUS_INVALID_PARAMS,
5423 &cp->addr, sizeof(cp->addr));
5424 goto unlock;
5425 }
5426
432df05e 5427 hci_update_page_scan(hdev, NULL);
a397407f 5428
6659358e
JH		 5429 device_removed(sk, hdev, &cp->addr.bdaddr,
5430 cp->addr.type);
5431 goto complete;
5432 }
5433
2faade53
MH		 5434 if (cp->addr.type == BDADDR_LE_PUBLIC)
5435 addr_type = ADDR_LE_DEV_PUBLIC;
5436 else
5437 addr_type = ADDR_LE_DEV_RANDOM;
5438
c71593dd
JH		 5439 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5440 addr_type);
5441 if (!params) {
5442 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5443 MGMT_STATUS_INVALID_PARAMS,
5444 &cp->addr, sizeof(cp->addr));
5445 goto unlock;
5446 }
5447
5448 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5449 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5450 MGMT_STATUS_INVALID_PARAMS,
5451 &cp->addr, sizeof(cp->addr));
5452 goto unlock;
5453 }
5454
d1dbf12e 5455 list_del(&params->action);
c71593dd
JH		 5456 list_del(&params->list);
5457 kfree(params);
95305baa 5458 hci_update_background_scan(hdev);
8afef092
MH		 5459
5460 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5461 } else {
19de0825 5462 struct hci_conn_params *p, *tmp;
6659358e 5463 struct bdaddr_list *b, *btmp;
19de0825 5464
2faade53
MH		 5465 if (cp->addr.type) {
5466 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5467 MGMT_STATUS_INVALID_PARAMS,
5468 &cp->addr, sizeof(cp->addr));
5469 goto unlock;
5470 }
5471
6659358e
JH		 5472 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5473 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5474 list_del(&b->list);
5475 kfree(b);
5476 }
5477
432df05e 5478 hci_update_page_scan(hdev, NULL);
a397407f 5479
19de0825
JH		 5480 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5481 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5482 continue;
5483 device_removed(sk, hdev, &p->addr, p->addr_type);
5484 list_del(&p->action);
5485 list_del(&p->list);
5486 kfree(p);
5487 }
5488
5489 BT_DBG("All LE connection parameters were removed");
5490
5491 hci_update_background_scan(hdev);
2faade53
MH		 5492 }
5493
6659358e 5494complete:
2faade53
MH		 5495 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5496 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5497
5498unlock:
5499 hci_dev_unlock(hdev);
5500 return err;
5501}
5502
a26f3dcf
JH		 5503static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5504 u16 len)
5505{
5506 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5507 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5508 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5509 u16 param_count, expected_len;
5510 int i;
5511
5512 if (!lmp_le_capable(hdev))
5513 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5514 MGMT_STATUS_NOT_SUPPORTED);
5515
5516 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5517 if (param_count > max_param_count) {
5518 BT_ERR("load_conn_param: too big param_count value %u",
5519 param_count);
5520 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5521 MGMT_STATUS_INVALID_PARAMS);
5522 }
a26f3dcf
JH		 5523
5524 expected_len = sizeof(*cp) + param_count *
5525 sizeof(struct mgmt_conn_param);
5526 if (expected_len != len) {
5527 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5528 expected_len, len);
5529 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5530 MGMT_STATUS_INVALID_PARAMS);
5531 }
5532
5533 BT_DBG("%s param_count %u", hdev->name, param_count);
5534
5535 hci_dev_lock(hdev);
5536
5537 hci_conn_params_clear_disabled(hdev);
5538
5539 for (i = 0; i < param_count; i++) {
5540 struct mgmt_conn_param *param = &cp->params[i];
5541 struct hci_conn_params *hci_param;
5542 u16 min, max, latency, timeout;
5543 u8 addr_type;
5544
5545 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5546 param->addr.type);
5547
5548 if (param->addr.type == BDADDR_LE_PUBLIC) {
5549 addr_type = ADDR_LE_DEV_PUBLIC;
5550 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5551 addr_type = ADDR_LE_DEV_RANDOM;
5552 } else {
5553 BT_ERR("Ignoring invalid connection parameters");
5554 continue;
5555 }
5556
5557 min = le16_to_cpu(param->min_interval);
5558 max = le16_to_cpu(param->max_interval);
5559 latency = le16_to_cpu(param->latency);
5560 timeout = le16_to_cpu(param->timeout);
5561
5562 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5563 min, max, latency, timeout);
5564
5565 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5566 BT_ERR("Ignoring invalid connection parameters");
5567 continue;
5568 }
5569
5570 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5571 addr_type);
5572 if (!hci_param) {
5573 BT_ERR("Failed to add connection parameters");
5574 continue;
5575 }
5576
5577 hci_param->conn_min_interval = min;
5578 hci_param->conn_max_interval = max;
5579 hci_param->conn_latency = latency;
5580 hci_param->supervision_timeout = timeout;
5581 }
5582
5583 hci_dev_unlock(hdev);
5584
5585 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5586}
5587
dbece37a
MH		 5588static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5589 void *data, u16 len)
5590{
5591 struct mgmt_cp_set_external_config *cp = data;
5592 bool changed;
5593 int err;
5594
5595 BT_DBG("%s", hdev->name);
5596
5597 if (hdev_is_powered(hdev))
5598 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5599 MGMT_STATUS_REJECTED);
5600
5601 if (cp->config != 0x00 && cp->config != 0x01)
5602 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5603 MGMT_STATUS_INVALID_PARAMS);
5604
5605 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5606 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5607 MGMT_STATUS_NOT_SUPPORTED);
5608
5609 hci_dev_lock(hdev);
5610
5611 if (cp->config)
5612 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5613 &hdev->dev_flags);
5614 else
5615 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5616 &hdev->dev_flags);
5617
5618 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5619 if (err < 0)
5620 goto unlock;
5621
5622 if (!changed)
5623 goto unlock;
5624
f4537c04
MH		 5625 err = new_options(hdev, sk);
5626
dbece37a
MH		 5627 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5628 mgmt_index_removed(hdev);
d603b76b
MH		 5629
5630 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5631 set_bit(HCI_CONFIG, &hdev->dev_flags);
5632 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5633
5634 queue_work(hdev->req_workqueue, &hdev->power_on);
5635 } else {
5ea234d3 5636 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5637 mgmt_index_added(hdev);
5638 }
dbece37a
MH		 5639 }
5640
5641unlock:
5642 hci_dev_unlock(hdev);
5643 return err;
5644}
5645
9713c17b
MH		 5646static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5647 void *data, u16 len)
5648{
5649 struct mgmt_cp_set_public_address *cp = data;
5650 bool changed;
5651 int err;
5652
5653 BT_DBG("%s", hdev->name);
5654
5655 if (hdev_is_powered(hdev))
5656 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5657 MGMT_STATUS_REJECTED);
5658
5659 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5660 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5661 MGMT_STATUS_INVALID_PARAMS);
5662
5663 if (!hdev->set_bdaddr)
5664 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5665 MGMT_STATUS_NOT_SUPPORTED);
5666
5667 hci_dev_lock(hdev);
5668
5669 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5670 bacpy(&hdev->public_addr, &cp->bdaddr);
5671
5672 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5673 if (err < 0)
5674 goto unlock;
5675
5676 if (!changed)
5677 goto unlock;
5678
5679 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5680 err = new_options(hdev, sk);
5681
5682 if (is_configured(hdev)) {
5683 mgmt_index_removed(hdev);
5684
5685 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5686
5687 set_bit(HCI_CONFIG, &hdev->dev_flags);
5688 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5689
5690 queue_work(hdev->req_workqueue, &hdev->power_on);
5691 }
5692
5693unlock:
5694 hci_dev_unlock(hdev);
5695 return err;
5696}
5697
2e3c35ea 5698static const struct mgmt_handler {
04124681
GP		 5699 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5700 u16 data_len);
be22b54e
JH		 5701 bool var_len;
5702 size_t data_len;
0f4e68cf
JH		 5703} mgmt_handlers[] = {
5704 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5705 { read_version, false, MGMT_READ_VERSION_SIZE },
5706 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5707 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5708 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5709 { set_powered, false, MGMT_SETTING_SIZE },
5710 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5711 { set_connectable, false, MGMT_SETTING_SIZE },
5712 { set_fast_connectable, false, MGMT_SETTING_SIZE },
b2939475 5713 { set_bondable, false, MGMT_SETTING_SIZE },
be22b54e
JH		 5714 { set_link_security, false, MGMT_SETTING_SIZE },
5715 { set_ssp, false, MGMT_SETTING_SIZE },
5716 { set_hs, false, MGMT_SETTING_SIZE },
5717 { set_le, false, MGMT_SETTING_SIZE },
5718 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5719 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5720 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5721 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5722 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5723 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5724 { disconnect, false, MGMT_DISCONNECT_SIZE },
5725 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5726 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5727 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5728 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5729 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5730 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5731 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5732 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5733 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5734 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5735 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5736 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5737 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5738 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5739 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5740 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5741 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5742 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5743 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5744 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5745 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5746 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5747 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5748 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5749 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5750 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5751 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5752 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5753 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5754 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5755 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5756 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
73d1df2a
MH		 5757 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
5758 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
9fc3bfb6 5759 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
dbece37a 5760 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
9713c17b 5761 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
0f4e68cf
JH		 5762};
5763
0381101f
JH		 5764int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5765{
650f726d
VCG		 5766 void *buf;
5767 u8 *cp;
0381101f 5768 struct mgmt_hdr *hdr;
4e51eae9 5769 u16 opcode, index, len;
bdb6d971 5770 struct hci_dev *hdev = NULL;
2e3c35ea 5771 const struct mgmt_handler *handler;
0381101f
JH		 5772 int err;
5773
5774 BT_DBG("got %zu bytes", msglen);
5775
5776 if (msglen < sizeof(*hdr))
5777 return -EINVAL;
5778
e63a15ec 5779 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5780 if (!buf)
5781 return -ENOMEM;
5782
5783 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5784 err = -EFAULT;
5785 goto done;
5786 }
5787
650f726d 5788 hdr = buf;
1f350c87
MH		 5789 opcode = __le16_to_cpu(hdr->opcode);
5790 index = __le16_to_cpu(hdr->index);
5791 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5792
5793 if (len != msglen - sizeof(*hdr)) {
5794 err = -EINVAL;
5795 goto done;
5796 }
5797
0f4e68cf 5798 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5799 hdev = hci_dev_get(index);
5800 if (!hdev) {
5801 err = cmd_status(sk, index, opcode,
04124681 5802 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5803 goto done;
5804 }
0736cfa8 5805
cebf4cfd 5806 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 5807 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 5808 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 5809 err = cmd_status(sk, index, opcode,
5810 MGMT_STATUS_INVALID_INDEX);
5811 goto done;
5812 }
42a9bc14
MH		 5813
5814 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
dbece37a 5815 opcode != MGMT_OP_READ_CONFIG_INFO &&
9713c17b
MH		 5816 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
5817 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
42a9bc14
MH		 5818 err = cmd_status(sk, index, opcode,
5819 MGMT_STATUS_INVALID_INDEX);
5820 goto done;
5821 }
bdb6d971
JH		 5822 }
5823
0f4e68cf 5824 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5825 mgmt_handlers[opcode].func == NULL) {
0381101f 5826 BT_DBG("Unknown op %u", opcode);
ca69b795 5827 err = cmd_status(sk, index, opcode,
04124681 5828 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5829 goto done;
5830 }
5831
73d1df2a
MH		 5832 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
5833 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5834 err = cmd_status(sk, index, opcode,
5835 MGMT_STATUS_INVALID_INDEX);
5836 goto done;
5837 }
5838
5839 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
5840 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
0f4e68cf 5841 err = cmd_status(sk, index, opcode,
04124681 5842 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5843 goto done;
0381101f
JH		 5844 }
5845
be22b54e
JH		 5846 handler = &mgmt_handlers[opcode];
5847
5848 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5849 (!handler->var_len && len != handler->data_len)) {
be22b54e 5850 err = cmd_status(sk, index, opcode,
04124681 5851 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5852 goto done;
5853 }
5854
0f4e68cf
JH		 5855 if (hdev)
5856 mgmt_init_hdev(sk, hdev);
5857
5858 cp = buf + sizeof(*hdr);
5859
be22b54e 5860 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5861 if (err < 0)
5862 goto done;
5863
0381101f
JH		 5864 err = msglen;
5865
5866done:
bdb6d971
JH		 5867 if (hdev)
5868 hci_dev_put(hdev);
5869
0381101f
JH		 5870 kfree(buf);
5871 return err;
5872}
c71e97bf 5873
bf6b56db 5874void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 5875{
1514b892 5876 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5877 return;
bb4b2a9a 5878
0602a8ad
MH		 5879 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5880 return;
5881
5882 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5883 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
5884 else
5885 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 5886}
5887
bf6b56db 5888void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 5889{
5f159032 5890 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 5891
1514b892 5892 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5893 return;
bb4b2a9a 5894
0602a8ad
MH		 5895 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5896 return;
5897
744cf19e 5898 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 5899
edd3896b
MH		 5900 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5901 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
5902 else
5903 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 5904}
5905
6046dc3e 5906/* This function requires the caller holds hdev->lock */
d7347f3c 5907static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 5908{
5909 struct hci_conn_params *p;
5910
5911 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 5912 /* Needed for AUTO_OFF case where might not "really"
5913 * have been powered off.
5914 */
5915 list_del_init(&p->action);
5916
5917 switch (p->auto_connect) {
4b9e7e75 5918 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 5919 case HCI_AUTO_CONN_ALWAYS:
5920 list_add(&p->action, &hdev->pend_le_conns);
5921 break;
5922 case HCI_AUTO_CONN_REPORT:
5923 list_add(&p->action, &hdev->pend_le_reports);
5924 break;
5925 default:
5926 break;
c83ed19d 5927 }
6046dc3e 5928 }
c83ed19d 5929
c83ed19d 5930 hci_update_background_scan(hdev);
6046dc3e
AG		 5931}
5932
229ab39c
JH		 5933static void powered_complete(struct hci_dev *hdev, u8 status)
5934{
5935 struct cmd_lookup match = { NULL, hdev };
5936
5937 BT_DBG("status 0x%02x", status);
5938
5939 hci_dev_lock(hdev);
5940
d7347f3c 5941 restart_le_actions(hdev);
6046dc3e 5942
229ab39c
JH		 5943 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5944
5945 new_settings(hdev, match.sk);
5946
5947 hci_dev_unlock(hdev);
5948
5949 if (match.sk)
5950 sock_put(match.sk);
5951}
5952
70da6243 5953static int powered_update_hci(struct hci_dev *hdev)
5add6af8 5954{
890ea898 5955 struct hci_request req;
70da6243 5956 u8 link_sec;
5add6af8 5957
890ea898
JH		 5958 hci_req_init(&req, hdev);
5959
70da6243
JH		 5960 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5961 !lmp_host_ssp_capable(hdev)) {
5962 u8 ssp = 1;
5e5282bb 5963
890ea898 5964 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5965 }
5add6af8 5966
c73eee91
JH		 5967 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5968 lmp_bredr_capable(hdev)) {
70da6243 5969 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5970
32226e4f
MH		 5971 cp.le = 0x01;
5972 cp.simul = 0x00;
3d1cbdd6 5973
70da6243
JH		 5974 /* Check first if we already have the right
5975 * host state (host features set)
5976 */
5977 if (cp.le != lmp_host_le_capable(hdev) ||
5978 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5979 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5980 sizeof(cp), &cp);
70da6243 5981 }
3d1cbdd6 5982
d13eafce 5983 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5984 /* Make sure the controller has a good default for
5985 * advertising data. This also applies to the case
5986 * where BR/EDR was toggled during the AUTO_OFF phase.
5987 */
f14d8f64 5988 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5989 update_adv_data(&req);
f14d8f64
MH		 5990 update_scan_rsp_data(&req);
5991 }
441ad2d0 5992
bba3aa55
MH		 5993 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5994 enable_advertising(&req);
eeca6f89
JH		 5995 }
5996
70da6243
JH		 5997 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5998 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5999 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6000 sizeof(link_sec), &link_sec);
562fcc24 6001
70da6243 6002 if (lmp_bredr_capable(hdev)) {
432df05e
JH		 6003 write_fast_connectable(&req, false);
6004 hci_update_page_scan(hdev, &req);
890ea898 6005 update_class(&req);
13928971 6006 update_name(&req);
890ea898 6007 update_eir(&req);
70da6243 6008 }
562fcc24 6009
229ab39c 6010 return hci_req_run(&req, powered_complete);
70da6243 6011}
562fcc24 6012
70da6243
JH		 6013int mgmt_powered(struct hci_dev *hdev, u8 powered)
6014{
6015 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 6016 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
6017 u8 zero_cod[] = { 0, 0, 0 };
70da6243 6018 int err;
f0ff92fb 6019
70da6243
JH		 6020 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
6021 return 0;
6022
70da6243 6023 if (powered) {
229ab39c
JH		 6024 if (powered_update_hci(hdev) == 0)
6025 return 0;
fe038884 6026
229ab39c
JH		 6027 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6028 &match);
6029 goto new_settings;
b24752fe
JH		 6030 }
6031
229ab39c
JH		 6032 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6033 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
6034
6035 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6036 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6037 zero_cod, sizeof(zero_cod), NULL);
6038
6039new_settings:
beadb2bd 6040 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6041
6042 if (match.sk)
6043 sock_put(match.sk);
6044
7bb895d6 6045 return err;
5add6af8 6046}
73f22f62 6047
3eec705e 6048void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 6049{
6050 struct pending_cmd *cmd;
6051 u8 status;
6052
6053 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6054 if (!cmd)
3eec705e 6055 return;
96570ffc
JH		 6056
6057 if (err == -ERFKILL)
6058 status = MGMT_STATUS_RFKILLED;
6059 else
6060 status = MGMT_STATUS_FAILED;
6061
3eec705e 6062 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6063
6064 mgmt_pending_remove(cmd);
96570ffc
JH		 6065}
6066
d1967ff8
MH		 6067void mgmt_discoverable_timeout(struct hci_dev *hdev)
6068{
6069 struct hci_request req;
d1967ff8
MH		 6070
6071 hci_dev_lock(hdev);
6072
6073 /* When discoverable timeout triggers, then just make sure
6074 * the limited discoverable flag is cleared. Even in the case
6075 * of a timeout triggered from general discoverable, it is
6076 * safe to unconditionally clear the flag.
6077 */
6078 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 6079 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 6080
6081 hci_req_init(&req, hdev);
4b580614
JH		 6082 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6083 u8 scan = SCAN_PAGE;
6084 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6085 sizeof(scan), &scan);
6086 }
d1967ff8 6087 update_class(&req);
9a43e25f 6088 update_adv_data(&req);
d1967ff8
MH		 6089 hci_req_run(&req, NULL);
6090
6091 hdev->discov_timeout = 0;
6092
9a43e25f
JH		 6093 new_settings(hdev, NULL);
6094
d1967ff8
MH		 6095 hci_dev_unlock(hdev);
6096}
6097
dc4a5ee2
MH		 6098void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6099 bool persistent)
55ed8ca1 6100{
86742e1e 6101 struct mgmt_ev_new_link_key ev;
55ed8ca1 6102
a492cd52 6103 memset(&ev, 0, sizeof(ev));
55ed8ca1 6104
a492cd52 6105 ev.store_hint = persistent;
d753fdc4 6106 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6107 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6108 ev.key.type = key->type;
9b3b4460 6109 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6110 ev.key.pin_len = key->pin_len;
55ed8ca1 6111
dc4a5ee2 6112 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6113}
f7520543 6114
d7b25450
JH		 6115static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6116{
23fb8de3
JH		 6117 switch (ltk->type) {
6118 case SMP_LTK:
6119 case SMP_LTK_SLAVE:
6120 if (ltk->authenticated)
6121 return MGMT_LTK_AUTHENTICATED;
6122 return MGMT_LTK_UNAUTHENTICATED;
6123 case SMP_LTK_P256:
6124 if (ltk->authenticated)
6125 return MGMT_LTK_P256_AUTH;
6126 return MGMT_LTK_P256_UNAUTH;
6127 case SMP_LTK_P256_DEBUG:
6128 return MGMT_LTK_P256_DEBUG;
6129 }
d7b25450
JH		 6130
6131 return MGMT_LTK_UNAUTHENTICATED;
6132}
6133
53ac6ab6 6134void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6135{
6136 struct mgmt_ev_new_long_term_key ev;
6137
6138 memset(&ev, 0, sizeof(ev));
6139
5192d301
MH		 6140 /* Devices using resolvable or non-resolvable random addresses
6141 * without providing an indentity resolving key don't require
6142 * to store long term keys. Their addresses will change the
6143 * next time around.
6144 *
6145 * Only when a remote device provides an identity address
6146 * make sure the long term key is stored. If the remote
6147 * identity is known, the long term keys are internally
6148 * mapped to the identity address. So allow static random
6149 * and public addresses here.
6150 */
ba74b666
JH		 6151 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6152 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6153 ev.store_hint = 0x00;
6154 else
53ac6ab6 6155 ev.store_hint = persistent;
ba74b666 6156
346af67b 6157 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6158 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6159 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6160 ev.key.enc_size = key->enc_size;
6161 ev.key.ediv = key->ediv;
fe39c7b2 6162 ev.key.rand = key->rand;
346af67b 6163
2ceba539 6164 if (key->type == SMP_LTK)
346af67b
VCG		 6165 ev.key.master = 1;
6166
346af67b
VCG		 6167 memcpy(ev.key.val, key->val, sizeof(key->val));
6168
083368f7 6169 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6170}
6171
95fbac8a
JH		 6172void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6173{
6174 struct mgmt_ev_new_irk ev;
6175
6176 memset(&ev, 0, sizeof(ev));
6177
bab6d1e5
MH		 6178 /* For identity resolving keys from devices that are already
6179 * using a public address or static random address, do not
6180 * ask for storing this key. The identity resolving key really
6181 * is only mandatory for devices using resovlable random
6182 * addresses.
6183 *
6184 * Storing all identity resolving keys has the downside that
6185 * they will be also loaded on next boot of they system. More
6186 * identity resolving keys, means more time during scanning is
6187 * needed to actually resolve these addresses.
6188 */
6189 if (bacmp(&irk->rpa, BDADDR_ANY))
6190 ev.store_hint = 0x01;
6191 else
6192 ev.store_hint = 0x00;
6193
95fbac8a
JH		 6194 bacpy(&ev.rpa, &irk->rpa);
6195 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6196 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6197 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6198
6199 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6200}
6201
53ac6ab6
MH		 6202void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6203 bool persistent)
7ee4ea36
MH		 6204{
6205 struct mgmt_ev_new_csrk ev;
6206
6207 memset(&ev, 0, sizeof(ev));
6208
6209 /* Devices using resolvable or non-resolvable random addresses
6210 * without providing an indentity resolving key don't require
6211 * to store signature resolving keys. Their addresses will change
6212 * the next time around.
6213 *
6214 * Only when a remote device provides an identity address
6215 * make sure the signature resolving key is stored. So allow
6216 * static random and public addresses here.
6217 */
6218 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6219 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6220 ev.store_hint = 0x00;
6221 else
53ac6ab6 6222 ev.store_hint = persistent;
7ee4ea36
MH		 6223
6224 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6225 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6226 ev.key.master = csrk->master;
6227 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6228
6229 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6230}
6231
ffb5a827 6232void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6233 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6234 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6235{
6236 struct mgmt_ev_new_conn_param ev;
6237
c103aea6
JH		 6238 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6239 return;
6240
ffb5a827
AG		 6241 memset(&ev, 0, sizeof(ev));
6242 bacpy(&ev.addr.bdaddr, bdaddr);
6243 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6244 ev.store_hint = store_hint;
ffb5a827
AG		 6245 ev.min_interval = cpu_to_le16(min_interval);
6246 ev.max_interval = cpu_to_le16(max_interval);
6247 ev.latency = cpu_to_le16(latency);
6248 ev.timeout = cpu_to_le16(timeout);
6249
6250 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6251}
6252
94933991
MH		 6253static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6254 u8 data_len)
6255{
6256 eir[eir_len++] = sizeof(type) + data_len;
6257 eir[eir_len++] = type;
6258 memcpy(&eir[eir_len], data, data_len);
6259 eir_len += data_len;
6260
6261 return eir_len;
6262}
6263
48ec92fa
AA		 6264void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6265 u32 flags, u8 *name, u8 name_len)
f7520543 6266{
b644ba33
JH		 6267 char buf[512];
6268 struct mgmt_ev_device_connected *ev = (void *) buf;
6269 u16 eir_len = 0;
f7520543 6270
48ec92fa
AA		 6271 bacpy(&ev->addr.bdaddr, &conn->dst);
6272 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6273
c95f0ba7 6274 ev->flags = __cpu_to_le32(flags);
08c79b61 6275
fd45ada9
AA		 6276 /* We must ensure that the EIR Data fields are ordered and
6277 * unique. Keep it simple for now and avoid the problem by not
6278 * adding any BR/EDR data to the LE adv.
6279 */
6280 if (conn->le_adv_data_len > 0) {
6281 memcpy(&ev->eir[eir_len],
6282 conn->le_adv_data, conn->le_adv_data_len);
6283 eir_len = conn->le_adv_data_len;
6284 } else {
6285 if (name_len > 0)
6286 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6287 name, name_len);
b644ba33 6288
ddbea5cf 6289 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6290 eir_len = eir_append_data(ev->eir, eir_len,
6291 EIR_CLASS_OF_DEV,
6292 conn->dev_class, 3);
6293 }
b644ba33 6294
eb55ef07 6295 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6296
ecd90ae7
MH		 6297 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6298 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6299}
6300
8962ee74
JH		 6301static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6302{
c68fb7ff 6303 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 6304 struct sock **sk = data;
a38528f1 6305 struct mgmt_rp_disconnect rp;
8962ee74 6306
88c3df13
JH		 6307 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6308 rp.addr.type = cp->addr.type;
8962ee74 6309
aee9b218 6310 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 6311 sizeof(rp));
8962ee74
JH		 6312
6313 *sk = cmd->sk;
6314 sock_hold(*sk);
6315
a664b5bc 6316 mgmt_pending_remove(cmd);
8962ee74
JH		 6317}
6318
124f6e35 6319static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 6320{
b1078ad0 6321 struct hci_dev *hdev = data;
124f6e35
JH		 6322 struct mgmt_cp_unpair_device *cp = cmd->param;
6323 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 6324
6325 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 6326 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6327 rp.addr.type = cp->addr.type;
a8a1d19e 6328
b1078ad0
JH		 6329 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6330
aee9b218 6331 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 6332
6333 mgmt_pending_remove(cmd);
6334}
6335
84c61d92
JH		 6336bool mgmt_powering_down(struct hci_dev *hdev)
6337{
6338 struct pending_cmd *cmd;
6339 struct mgmt_mode *cp;
6340
6341 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6342 if (!cmd)
6343 return false;
6344
6345 cp = cmd->param;
6346 if (!cp->val)
6347 return true;
6348
6349 return false;
6350}
6351
9b80ec5e 6352void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6353 u8 link_type, u8 addr_type, u8 reason,
6354 bool mgmt_connected)
f7520543 6355{
f0d6a0ea 6356 struct mgmt_ev_device_disconnected ev;
8962ee74 6357 struct sock *sk = NULL;
8962ee74 6358
84c61d92
JH		 6359 /* The connection is still in hci_conn_hash so test for 1
6360 * instead of 0 to know if this is the last one.
6361 */
6362 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6363 cancel_delayed_work(&hdev->power_off);
6364 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6365 }
6366
12d4a3b2
JH		 6367 if (!mgmt_connected)
6368 return;
6369
57eb776f
AG		 6370 if (link_type != ACL_LINK && link_type != LE_LINK)
6371 return;
6372
744cf19e 6373 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6374
f0d6a0ea
MA		 6375 bacpy(&ev.addr.bdaddr, bdaddr);
6376 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6377 ev.reason = reason;
f7520543 6378
9b80ec5e 6379 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6380
6381 if (sk)
d97dcb66 6382 sock_put(sk);
8962ee74 6383
124f6e35 6384 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6385 hdev);
8962ee74
JH		 6386}
6387
7892924c
MH		 6388void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6389 u8 link_type, u8 addr_type, u8 status)
8962ee74 6390{
3655bba8
AG		 6391 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6392 struct mgmt_cp_disconnect *cp;
88c3df13 6393 struct mgmt_rp_disconnect rp;
8962ee74 6394 struct pending_cmd *cmd;
8962ee74 6395
36a75f1b
JD		 6396 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6397 hdev);
6398
2e58ef3e 6399 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6400 if (!cmd)
7892924c 6401 return;
8962ee74 6402
3655bba8
AG		 6403 cp = cmd->param;
6404
6405 if (bacmp(bdaddr, &cp->addr.bdaddr))
6406 return;
6407
6408 if (cp->addr.type != bdaddr_type)
6409 return;
6410
88c3df13 6411 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 6412 rp.addr.type = bdaddr_type;
37d9ef76 6413
7892924c
MH		 6414 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
6415 mgmt_status(status), &rp, sizeof(rp));
8962ee74 6416
a664b5bc 6417 mgmt_pending_remove(cmd);
f7520543 6418}
17d5c04c 6419
445608d0
MH		 6420void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6421 u8 addr_type, u8 status)
17d5c04c
JH		 6422{
6423 struct mgmt_ev_connect_failed ev;
c9910d0f 6424
84c61d92
JH		 6425 /* The connection is still in hci_conn_hash so test for 1
6426 * instead of 0 to know if this is the last one.
6427 */
6428 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6429 cancel_delayed_work(&hdev->power_off);
6430 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6431 }
17d5c04c 6432
4c659c39 6433 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6434 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6435 ev.status = mgmt_status(status);
17d5c04c 6436
445608d0 6437 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6438}
980e1a53 6439
ce0e4a0d 6440void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6441{
6442 struct mgmt_ev_pin_code_request ev;
6443
d8457698 6444 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6445 ev.addr.type = BDADDR_BREDR;
a770bb5a 6446 ev.secure = secure;
980e1a53 6447
ce0e4a0d 6448 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6449}
6450
e669cf80
MH		 6451void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6452 u8 status)
980e1a53
JH		 6453{
6454 struct pending_cmd *cmd;
ac56fb13 6455 struct mgmt_rp_pin_code_reply rp;
980e1a53 6456
2e58ef3e 6457 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6458 if (!cmd)
e669cf80 6459 return;
980e1a53 6460
d8457698 6461 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6462 rp.addr.type = BDADDR_BREDR;
ac56fb13 6463
e669cf80
MH		 6464 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6465 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6466
a664b5bc 6467 mgmt_pending_remove(cmd);
980e1a53
JH		 6468}
6469
3eb38528
MH		 6470void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6471 u8 status)
980e1a53
JH		 6472{
6473 struct pending_cmd *cmd;
ac56fb13 6474 struct mgmt_rp_pin_code_reply rp;
980e1a53 6475
2e58ef3e 6476 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6477 if (!cmd)
3eb38528 6478 return;
980e1a53 6479
d8457698 6480 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6481 rp.addr.type = BDADDR_BREDR;
ac56fb13 6482
3eb38528
MH		 6483 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6484 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6485
a664b5bc 6486 mgmt_pending_remove(cmd);
980e1a53 6487}
a5c29683 6488
744cf19e 6489int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6490 u8 link_type, u8 addr_type, u32 value,
04124681 6491 u8 confirm_hint)
a5c29683
JH		 6492{
6493 struct mgmt_ev_user_confirm_request ev;
6494
744cf19e 6495 BT_DBG("%s", hdev->name);
a5c29683 6496
272d90df 6497 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6498 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6499 ev.confirm_hint = confirm_hint;
39adbffe 6500 ev.value = cpu_to_le32(value);
a5c29683 6501
744cf19e 6502 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6503 NULL);
a5c29683
JH		 6504}
6505
272d90df 6506int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6507 u8 link_type, u8 addr_type)
604086b7
BG		 6508{
6509 struct mgmt_ev_user_passkey_request ev;
6510
6511 BT_DBG("%s", hdev->name);
6512
272d90df 6513 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6514 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6515
6516 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6517 NULL);
604086b7
BG		 6518}
6519
0df4c185 6520static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6521 u8 link_type, u8 addr_type, u8 status,
6522 u8 opcode)
a5c29683
JH		 6523{
6524 struct pending_cmd *cmd;
6525 struct mgmt_rp_user_confirm_reply rp;
6526 int err;
6527
2e58ef3e 6528 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6529 if (!cmd)
6530 return -ENOENT;
6531
272d90df 6532 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 6533 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 6534 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 6535 &rp, sizeof(rp));
a5c29683 6536
a664b5bc 6537 mgmt_pending_remove(cmd);
a5c29683
JH		 6538
6539 return err;
6540}
6541
744cf19e 6542int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6543 u8 link_type, u8 addr_type, u8 status)
a5c29683 6544{
272d90df 6545 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6546 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6547}
6548
272d90df 6549int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6550 u8 link_type, u8 addr_type, u8 status)
a5c29683 6551{
272d90df 6552 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6553 status,
6554 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6555}
2a611692 6556
604086b7 6557int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6558 u8 link_type, u8 addr_type, u8 status)
604086b7 6559{
272d90df 6560 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6561 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6562}
6563
272d90df 6564int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6565 u8 link_type, u8 addr_type, u8 status)
604086b7 6566{
272d90df 6567 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6568 status,
6569 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6570}
6571
92a25256
JH		 6572int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6573 u8 link_type, u8 addr_type, u32 passkey,
6574 u8 entered)
6575{
6576 struct mgmt_ev_passkey_notify ev;
6577
6578 BT_DBG("%s", hdev->name);
6579
6580 bacpy(&ev.addr.bdaddr, bdaddr);
6581 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6582 ev.passkey = __cpu_to_le32(passkey);
6583 ev.entered = entered;
6584
6585 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6586}
6587
e1e930f5 6588void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 6589{
6590 struct mgmt_ev_auth_failed ev;
e1e930f5
JH		 6591 struct pending_cmd *cmd;
6592 u8 status = mgmt_status(hci_status);
2a611692 6593
e1e930f5
JH		 6594 bacpy(&ev.addr.bdaddr, &conn->dst);
6595 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6596 ev.status = status;
2a611692 6597
e1e930f5
JH		 6598 cmd = find_pairing(conn);
6599
6600 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
6601 cmd ? cmd->sk : NULL);
6602
6603 if (cmd)
6604 pairing_complete(cmd, status);
2a611692 6605}
b312b161 6606
464996ae 6607void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6608{
6609 struct cmd_lookup match = { NULL, hdev };
464996ae 6610 bool changed;
33ef95ed
JH		 6611
6612 if (status) {
6613 u8 mgmt_err = mgmt_status(status);
6614 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6615 cmd_status_rsp, &mgmt_err);
464996ae 6616 return;
33ef95ed
JH		 6617 }
6618
464996ae
MH		 6619 if (test_bit(HCI_AUTH, &hdev->flags))
6620 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6621 &hdev->dev_flags);
6622 else
6623 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6624 &hdev->dev_flags);
47990ea0 6625
33ef95ed 6626 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6627 &match);
33ef95ed 6628
47990ea0 6629 if (changed)
464996ae 6630 new_settings(hdev, match.sk);
33ef95ed
JH		 6631
6632 if (match.sk)
6633 sock_put(match.sk);
33ef95ed
JH		 6634}
6635
890ea898 6636static void clear_eir(struct hci_request *req)
cacaf52f 6637{
890ea898 6638 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6639 struct hci_cp_write_eir cp;
6640
976eb20e 6641 if (!lmp_ext_inq_capable(hdev))
890ea898 6642 return;
cacaf52f 6643
c80da27e
JH		 6644 memset(hdev->eir, 0, sizeof(hdev->eir));
6645
cacaf52f
JH		 6646 memset(&cp, 0, sizeof(cp));
6647
890ea898 6648 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6649}
6650
3e248560 6651void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6652{
6653 struct cmd_lookup match = { NULL, hdev };
890ea898 6654 struct hci_request req;
c0ecddc2 6655 bool changed = false;
ed2c4ee3
JH		 6656
6657 if (status) {
6658 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6659
6660 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6661 &hdev->dev_flags)) {
6662 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6663 new_settings(hdev, NULL);
9ecb3e24 6664 }
c0ecddc2 6665
04124681
GP		 6666 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6667 &mgmt_err);
3e248560 6668 return;
c0ecddc2
JH		 6669 }
6670
6671 if (enable) {
9ecb3e24 6672 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6673 } else {
9ecb3e24
MH		 6674 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6675 if (!changed)
6676 changed = test_and_clear_bit(HCI_HS_ENABLED,
6677 &hdev->dev_flags);
6678 else
6679 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6680 }
6681
6682 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6683
c0ecddc2 6684 if (changed)
3e248560 6685 new_settings(hdev, match.sk);
ed2c4ee3 6686
5fc6ebb1 6687 if (match.sk)
ed2c4ee3
JH		 6688 sock_put(match.sk);
6689
890ea898
JH		 6690 hci_req_init(&req, hdev);
6691
3769972b
JH		 6692 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6693 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6694 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6695 sizeof(enable), &enable);
890ea898 6696 update_eir(&req);
3769972b 6697 } else {
890ea898 6698 clear_eir(&req);
3769972b 6699 }
890ea898
JH		 6700
6701 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6702}
6703
eac83dc6
MH		 6704void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6705{
6706 struct cmd_lookup match = { NULL, hdev };
6707 bool changed = false;
6708
6709 if (status) {
6710 u8 mgmt_err = mgmt_status(status);
6711
0ab04a9c
MH		 6712 if (enable) {
6713 if (test_and_clear_bit(HCI_SC_ENABLED,
6714 &hdev->dev_flags))
6715 new_settings(hdev, NULL);
6716 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6717 }
eac83dc6
MH		 6718
6719 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6720 cmd_status_rsp, &mgmt_err);
6721 return;
6722 }
6723
0ab04a9c 6724 if (enable) {
eac83dc6 6725 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6726 } else {
eac83dc6 6727 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6728 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6729 }
eac83dc6
MH		 6730
6731 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6732 settings_rsp, &match);
6733
6734 if (changed)
6735 new_settings(hdev, match.sk);
6736
6737 if (match.sk)
6738 sock_put(match.sk);
6739}
6740
92da6097 6741static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6742{
6743 struct cmd_lookup *match = data;
6744
90e70454
JH		 6745 if (match->sk == NULL) {
6746 match->sk = cmd->sk;
6747 sock_hold(match->sk);
6748 }
90e70454
JH		 6749}
6750
4e1b0245
MH		 6751void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6752 u8 status)
7f9a903c 6753{
90e70454 6754 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6755
92da6097
JH		 6756 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6757 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6758 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6759
6760 if (!status)
4e1b0245
MH		 6761 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6762 NULL);
90e70454
JH		 6763
6764 if (match.sk)
6765 sock_put(match.sk);
7f9a903c
MH		 6766}
6767
7667da34 6768void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6769{
b312b161 6770 struct mgmt_cp_set_local_name ev;
13928971 6771 struct pending_cmd *cmd;
28cc7bde 6772
13928971 6773 if (status)
7667da34 6774 return;
b312b161
JH		 6775
6776 memset(&ev, 0, sizeof(ev));
6777 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6778 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6779
2e58ef3e 6780 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6781 if (!cmd) {
6782 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6783
13928971
JH		 6784 /* If this is a HCI command related to powering on the
6785 * HCI dev don't send any mgmt signals.
6786 */
6787 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6788 return;
890ea898 6789 }
b312b161 6790
7667da34
MH		 6791 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6792 cmd ? cmd->sk : NULL);
b312b161 6793}
c35938b2 6794
4d2d2796 6795void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 6796 u8 *rand192, u8 *hash256, u8 *rand256,
6797 u8 status)
c35938b2
SJ		 6798{
6799 struct pending_cmd *cmd;
c35938b2 6800
744cf19e 6801 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6802
2e58ef3e 6803 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6804 if (!cmd)
3edaf092 6805 return;
c35938b2
SJ		 6806
6807 if (status) {
3edaf092
MH		 6808 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6809 mgmt_status(status));
c35938b2 6810 } else {
710f11c0 6811 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796
MH		 6812 struct mgmt_rp_read_local_oob_ext_data rp;
6813
6814 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
38da1703 6815 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 6816
4d2d2796 6817 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 6818 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
c35938b2 6819
4d2d2796
MH		 6820 cmd_complete(cmd->sk, hdev->id,
6821 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6822 &rp, sizeof(rp));
6823 } else {
6824 struct mgmt_rp_read_local_oob_data rp;
6825
6826 memcpy(rp.hash, hash192, sizeof(rp.hash));
38da1703 6827 memcpy(rp.rand, rand192, sizeof(rp.rand));
4d2d2796
MH		 6828
6829 cmd_complete(cmd->sk, hdev->id,
6830 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6831 &rp, sizeof(rp));
6832 }
c35938b2
SJ		 6833 }
6834
6835 mgmt_pending_remove(cmd);
c35938b2 6836}
e17acd40 6837
901801b9 6838void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 6839 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6840 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 6841{
e319d2e7
JH		 6842 char buf[512];
6843 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 6844 size_t ev_size;
e17acd40 6845
75ce208c
JH		 6846 /* Don't send events for a non-kernel initiated discovery. With
6847 * LE one exception is if we have pend_le_reports > 0 in which
6848 * case we're doing passive scanning and want these events.
6849 */
6850 if (!hci_discovery_active(hdev)) {
6851 if (link_type == ACL_LINK)
6852 return;
66f8455a 6853 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
75ce208c
JH		 6854 return;
6855 }
12602d0c 6856
5d2e9fad
JH		 6857 /* Make sure that the buffer is big enough. The 5 extra bytes
6858 * are for the potential CoD field.
6859 */
6860 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 6861 return;
7d262f86 6862
1dc06093
JH		 6863 memset(buf, 0, sizeof(buf));
6864
841c5644
JH		 6865 bacpy(&ev->addr.bdaddr, bdaddr);
6866 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 6867 ev->rssi = rssi;
af58925c 6868 ev->flags = cpu_to_le32(flags);
e17acd40 6869
1dc06093 6870 if (eir_len > 0)
e319d2e7 6871 memcpy(ev->eir, eir, eir_len);
e17acd40 6872
1dc06093
JH		 6873 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6874 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 6875 dev_class, 3);
1dc06093 6876
5d2e9fad
JH		 6877 if (scan_rsp_len > 0)
6878 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6879
6880 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6881 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 6882
901801b9 6883 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 6884}
a88a9652 6885
9cf12aee
MH		 6886void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6887 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 6888{
b644ba33
JH		 6889 struct mgmt_ev_device_found *ev;
6890 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6891 u16 eir_len;
a88a9652 6892
b644ba33 6893 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 6894
b644ba33
JH		 6895 memset(buf, 0, sizeof(buf));
6896
6897 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6898 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 6899 ev->rssi = rssi;
6900
6901 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 6902 name_len);
b644ba33 6903
eb55ef07 6904 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 6905
9cf12aee 6906 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 6907}
314b2381 6908
2f1e063b 6909void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 6910{
f963e8e9 6911 struct mgmt_ev_discovering ev;
164a6e78
JH		 6912 struct pending_cmd *cmd;
6913
343fb145
AG		 6914 BT_DBG("%s discovering %u", hdev->name, discovering);
6915
164a6e78 6916 if (discovering)
2e58ef3e 6917 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 6918 else
2e58ef3e 6919 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6920
6921 if (cmd != NULL) {
f808e166
JH		 6922 u8 type = hdev->discovery.type;
6923
04124681
GP		 6924 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6925 sizeof(type));
164a6e78
JH		 6926 mgmt_pending_remove(cmd);
6927 }
6928
f963e8e9
JH		 6929 memset(&ev, 0, sizeof(ev));
6930 ev.type = hdev->discovery.type;
6931 ev.discovering = discovering;
6932
2f1e063b 6933 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6934}
5e762444 6935
5976e608
MH		 6936static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6937{
6938 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 6939}
6940
6941void mgmt_reenable_advertising(struct hci_dev *hdev)
6942{
6943 struct hci_request req;
6944
5976e608
MH		 6945 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6946 return;
6947
6948 hci_req_init(&req, hdev);
6949 enable_advertising(&req);
0ec5ae84 6950 hci_req_run(&req, adv_enable_complete);
5976e608 6951}
Linux kernel - Deliverables
This page took 1.530159 seconds and 5 git commands to generate.